From c3649a2def02c41d837ae1f79dda729ccb91e677 Mon Sep 17 00:00:00 2001 From: Igor Pashev Date: Sun, 25 Nov 2012 14:36:20 +0000 Subject: Imported Upstream version 0.3.9 --- src/Makefile.am | 1 + src/Makefile.in | 566 ++++ src/include/Makefile.am | 43 + src/include/Makefile.in | 530 +++ src/include/auth_mgr.h | 49 + src/include/authsess.h | 59 + src/include/biosem.h | 34 + src/include/capabilities.h | 63 + src/include/daa/anonymity_revocation.h | 62 + src/include/daa/bi.h | 380 +++ src/include/daa/bi_gmp.h | 295 ++ src/include/daa/bi_openssl.h | 352 ++ src/include/daa/daa_parameter.h | 87 + src/include/daa/daa_structs.h | 385 +++ src/include/daa/issuer.h | 71 + src/include/daa/key_correct.h | 31 + src/include/daa/list.h | 40 + src/include/daa/platform.h | 115 + src/include/daa/verifier.h | 110 + src/include/hosttable.h | 43 + src/include/imaem.h | 35 + src/include/linux/tpm.h | 41 + src/include/memmgr.h | 37 + src/include/obj.h | 92 + src/include/obj_context.h | 93 + src/include/obj_daa.h | 51 + src/include/obj_daaarakey.h | 51 + src/include/obj_daacred.h | 51 + src/include/obj_daaissuerkey.h | 52 + src/include/obj_delfamily.h | 64 + src/include/obj_encdata.h | 71 + src/include/obj_hash.h | 53 + src/include/obj_migdata.h | 137 + src/include/obj_nv.h | 97 + src/include/obj_pcrs.h | 67 + src/include/obj_policy.h | 185 ++ src/include/obj_rsakey.h | 129 + src/include/obj_tpm.h | 78 + src/include/req_mgr.h | 26 + src/include/rpc_tcstp.h | 40 + src/include/rpc_tcstp_tcs.h | 406 +++ src/include/rpc_tcstp_tsp.h | 411 +++ src/include/spi_utils.h | 632 ++++ src/include/tcs_aik.h | 16 + src/include/tcs_context.h | 36 + src/include/tcs_int_literals.h | 28 + src/include/tcs_key_ps.h | 29 + src/include/tcs_tsp.h | 98 + src/include/tcs_utils.h | 1203 +++++++ src/include/tcsd.h | 163 + src/include/tcsd_ops.h | 164 + src/include/tcsd_wrap.h | 194 ++ src/include/tcsem.h | 62 + src/include/tcslog.h | 96 + src/include/tcsps.h | 73 + src/include/tddl.h | 39 + src/include/threads.h | 52 + src/include/trousers/trousers.h | 283 ++ src/include/trousers/tss.h | 33 + src/include/trousers_types.h | 128 + src/include/tsp_audit.h | 16 + src/include/tsp_delegate.h | 23 + src/include/tsp_seal.h | 16 + src/include/tsplog.h | 52 + src/include/tspps.h | 59 + src/include/tss/TSP.idl | 762 +++++ src/include/tss/compat11b.h | 200 ++ src/include/tss/platform.h | 46 + src/include/tss/tcpa_defines.h | 7 + src/include/tss/tcpa_error.h | 7 + src/include/tss/tcpa_struct.h | 7 + src/include/tss/tcpa_typedef.h | 7 + src/include/tss/tcs.h | 1129 +++++++ src/include/tss/tcs_defines.h | 28 + src/include/tss/tcs_error.h | 56 + src/include/tss/tcs_structs.h | 40 + src/include/tss/tcs_typedef.h | 32 + src/include/tss/tddl_error.h | 51 + src/include/tss/tddlapi_error.h | 54 + src/include/tss/tddli.h | 94 + src/include/tss/tpm.h | 1663 ++++++++++ src/include/tss/tpm_error.h | 963 ++++++ src/include/tss/tpm_ordinal.h | 151 + src/include/tss/tspi.h | 1198 +++++++ src/include/tss/tss_defines.h | 1288 ++++++++ src/include/tss/tss_error.h | 687 ++++ src/include/tss/tss_error_basics.h | 59 + src/include/tss/tss_structs.h | 653 ++++ src/include/tss/tss_typedef.h | 48 + src/tcs/Makefile.am | 142 + src/tcs/Makefile.in | 2069 ++++++++++++ src/tcs/crypto/openssl/crypto.c | 68 + src/tcs/log.c | 87 + src/tcs/ps/ps_utils.c | 538 ++++ src/tcs/ps/tcsps.c | 784 +++++ src/tcs/rpc/tcstp/rpc.c | 628 ++++ src/tcs/rpc/tcstp/rpc_admin.c | 404 +++ src/tcs/rpc/tcstp/rpc_aik.c | 285 ++ src/tcs/rpc/tcstp/rpc_audit.c | 230 ++ src/tcs/rpc/tcstp/rpc_auth.c | 113 + src/tcs/rpc/tcstp/rpc_bind.c | 105 + src/tcs/rpc/tcstp/rpc_caps.c | 81 + src/tcs/rpc/tcstp/rpc_caps_tpm.c | 220 ++ src/tcs/rpc/tcstp/rpc_certify.c | 120 + src/tcs/rpc/tcstp/rpc_changeauth.c | 158 + src/tcs/rpc/tcstp/rpc_cmk.c | 617 ++++ src/tcs/rpc/tcstp/rpc_context.c | 81 + src/tcs/rpc/tcstp/rpc_counter.c | 231 ++ src/tcs/rpc/tcstp/rpc_daa.c | 238 ++ src/tcs/rpc/tcstp/rpc_delegate.c | 590 ++++ src/tcs/rpc/tcstp/rpc_dir.c | 103 + src/tcs/rpc/tcstp/rpc_ek.c | 324 ++ src/tcs/rpc/tcstp/rpc_evlog.c | 285 ++ src/tcs/rpc/tcstp/rpc_key.c | 476 +++ src/tcs/rpc/tcstp/rpc_maint.c | 283 ++ src/tcs/rpc/tcstp/rpc_migration.c | 321 ++ src/tcs/rpc/tcstp/rpc_nv.c | 344 ++ src/tcs/rpc/tcstp/rpc_oper.c | 57 + src/tcs/rpc/tcstp/rpc_own.c | 170 + src/tcs/rpc/tcstp/rpc_pcr_extend.c | 139 + src/tcs/rpc/tcstp/rpc_ps.c | 510 +++ src/tcs/rpc/tcstp/rpc_quote.c | 126 + src/tcs/rpc/tcstp/rpc_quote2.c | 163 + src/tcs/rpc/tcstp/rpc_random.c | 107 + src/tcs/rpc/tcstp/rpc_seal.c | 251 ++ src/tcs/rpc/tcstp/rpc_selftest.c | 154 + src/tcs/rpc/tcstp/rpc_sign.c | 106 + src/tcs/rpc/tcstp/rpc_tick.c | 138 + src/tcs/rpc/tcstp/rpc_transport.c | 397 +++ src/tcs/tcs_aik.c | 146 + src/tcs/tcs_auth_mgr.c | 584 ++++ src/tcs/tcs_caps.c | 195 ++ src/tcs/tcs_context.c | 320 ++ src/tcs/tcs_context_key.c | 162 + src/tcs/tcs_counter.c | 54 + src/tcs/tcs_evlog.c | 223 ++ src/tcs/tcs_evlog_biosem.c | 298 ++ src/tcs/tcs_evlog_imaem.c | 352 ++ src/tcs/tcs_key.c | 588 ++++ src/tcs/tcs_key_mem_cache.c | 1175 +++++++ src/tcs/tcs_key_ps.c | 367 +++ src/tcs/tcs_migration.c | 51 + src/tcs/tcs_pbg.c | 2201 +++++++++++++ src/tcs/tcs_ps.c | 176 + src/tcs/tcs_quote.c | 101 + src/tcs/tcs_quote2.c | 72 + src/tcs/tcs_req_mgr.c | 83 + src/tcs/tcs_seal.c | 84 + src/tcs/tcs_utils.c | 537 ++++ src/tcs/tcsi_admin.c | 518 +++ src/tcs/tcsi_aik.c | 227 ++ src/tcs/tcsi_audit.c | 159 + src/tcs/tcsi_auth.c | 111 + src/tcs/tcsi_bind.c | 78 + src/tcs/tcsi_caps.c | 269 ++ src/tcs/tcsi_caps_tpm.c | 138 + src/tcs/tcsi_certify.c | 90 + src/tcs/tcsi_changeauth.c | 374 +++ src/tcs/tcsi_cmk.c | 326 ++ src/tcs/tcsi_context.c | 62 + src/tcs/tcsi_counter.c | 212 ++ src/tcs/tcsi_daa.c | 192 ++ src/tcs/tcsi_delegate.c | 366 +++ src/tcs/tcsi_dir.c | 103 + src/tcs/tcsi_ek.c | 226 ++ src/tcs/tcsi_evlog.c | 388 +++ src/tcs/tcsi_key.c | 388 +++ src/tcs/tcsi_maint.c | 197 ++ src/tcs/tcsi_migration.c | 217 ++ src/tcs/tcsi_nv.c | 242 ++ src/tcs/tcsi_oper.c | 49 + src/tcs/tcsi_own.c | 169 + src/tcs/tcsi_pcr.c | 134 + src/tcs/tcsi_ps.c | 636 ++++ src/tcs/tcsi_quote.c | 81 + src/tcs/tcsi_quote2.c | 86 + src/tcs/tcsi_random.c | 147 + src/tcs/tcsi_seal.c | 149 + src/tcs/tcsi_selftest.c | 129 + src/tcs/tcsi_sign.c | 78 + src/tcs/tcsi_tick.c | 119 + src/tcs/tcsi_transport.c | 513 +++ src/tcsd/Makefile.am | 13 + src/tcsd/Makefile.in | 589 ++++ src/tcsd/platform.c | 134 + src/tcsd/svrside.c | 355 ++ src/tcsd/tcsd_conf.c | 852 +++++ src/tcsd/tcsd_threads.c | 457 +++ src/tddl/Makefile.am | 4 + src/tddl/Makefile.in | 547 ++++ src/tddl/tddl.c | 273 ++ src/trspi/Makefile.am | 11 + src/trspi/Makefile.in | 524 +++ src/trspi/crypto/Makefile.am | 1 + src/trspi/crypto/openssl/hash.c | 218 ++ src/trspi/crypto/openssl/rsa.c | 266 ++ src/trspi/crypto/openssl/symmetric.c | 388 +++ src/trspi/trousers.c | 2840 ++++++++++++++++ src/tspi/Makefile.am | 235 ++ src/tspi/Makefile.in | 2030 ++++++++++++ src/tspi/daa/Makefile.am | 31 + src/tspi/daa/big_integer/bi.c | 237 ++ src/tspi/daa/big_integer/bi_gmp.c | 261 ++ src/tspi/daa/big_integer/bi_openssl.c | 181 ++ src/tspi/daa/big_integer/test/Makefile.am | 9 + src/tspi/daa/big_integer/test/multi_exp.c | 29 + src/tspi/daa/big_integer/test/test.c | 296 ++ .../daa_anonymityrevocation/csencryption_result.c | 211 ++ src/tspi/daa/daa_debug.c | 294 ++ src/tspi/daa/daa_debug.h | 66 + src/tspi/daa/daa_issuer/issue_credential.c | 787 +++++ src/tspi/daa/daa_issuer/issuer_init.c | 142 + src/tspi/daa/daa_issuer/issuer_setup.c | 166 + src/tspi/daa/daa_issuer/key_correctness_proof.c | 516 +++ src/tspi/daa/daa_issuer/key_verification.c | 147 + src/tspi/daa/daa_issuer/keypair_generator.c | 397 +++ src/tspi/daa/daa_issuer/prime_gen.c | 327 ++ src/tspi/daa/daa_parameter.c | 184 ++ src/tspi/daa/daa_platform/platform.c | 2644 +++++++++++++++ src/tspi/daa/daa_platform/test.c | 142 + src/tspi/daa/daa_platform/test_join.c | 504 +++ src/tspi/daa/daa_structs.c | 1317 ++++++++ src/tspi/daa/daa_verifier/test/Makefile.am | 7 + src/tspi/daa/daa_verifier/verifier.c | 57 + src/tspi/daa/daa_verifier/verifier_transaction.c | 873 +++++ src/tspi/daa/test_sign.c | 238 ++ src/tspi/daa/utils/list.c | 66 + src/tspi/gtk/callbacks.c | 163 + src/tspi/gtk/callbacks.h | 58 + src/tspi/gtk/interface.c | 299 ++ src/tspi/gtk/interface.h | 30 + src/tspi/gtk/main.c | 117 + src/tspi/gtk/support.c | 157 + src/tspi/gtk/support.h | 81 + src/tspi/log.c | 62 + src/tspi/obj.c | 297 ++ src/tspi/obj_context.c | 1524 +++++++++ src/tspi/obj_daa.c | 151 + src/tspi/obj_delfamily.c | 361 +++ src/tspi/obj_encdata.c | 485 +++ src/tspi/obj_hash.c | 227 ++ src/tspi/obj_migdata.c | 1124 +++++++ src/tspi/obj_nv.c | 746 +++++ src/tspi/obj_pcrs.c | 904 ++++++ src/tspi/obj_policy.c | 1667 ++++++++++ src/tspi/obj_rsakey.c | 2136 +++++++++++++ src/tspi/obj_tpm.c | 531 +++ src/tspi/ps/ps_utils.c | 57 + src/tspi/ps/tspps.c | 1298 ++++++++ src/tspi/rpc/hosttable.c | 182 ++ src/tspi/rpc/tcs_api.c | 3377 ++++++++++++++++++++ src/tspi/rpc/tcstp/rpc.c | 514 +++ src/tspi/rpc/tcstp/rpc_admin.c | 373 +++ src/tspi/rpc/tcstp/rpc_aik.c | 336 ++ src/tspi/rpc/tcstp/rpc_audit.c | 240 ++ src/tspi/rpc/tcstp/rpc_auth.c | 96 + src/tspi/rpc/tcstp/rpc_bind.c | 90 + src/tspi/rpc/tcstp/rpc_caps.c | 76 + src/tspi/rpc/tcstp/rpc_caps_tpm.c | 175 + src/tspi/rpc/tcstp/rpc_certify.c | 131 + src/tspi/rpc/tcstp/rpc_changeauth.c | 173 + src/tspi/rpc/tcstp/rpc_cmk.c | 393 +++ src/tspi/rpc/tcstp/rpc_context.c | 80 + src/tspi/rpc/tcstp/rpc_counter.c | 204 ++ src/tspi/rpc/tcstp/rpc_daa.c | 184 ++ src/tspi/rpc/tcstp/rpc_delegate.c | 452 +++ src/tspi/rpc/tcstp/rpc_dir.c | 89 + src/tspi/rpc/tcstp/rpc_ek.c | 304 ++ src/tspi/rpc/tcstp/rpc_evlog.c | 231 ++ src/tspi/rpc/tcstp/rpc_key.c | 350 ++ src/tspi/rpc/tcstp/rpc_maint.c | 250 ++ src/tspi/rpc/tcstp/rpc_migration.c | 270 ++ src/tspi/rpc/tcstp/rpc_nv.c | 315 ++ src/tspi/rpc/tcstp/rpc_oper.c | 47 + src/tspi/rpc/tcstp/rpc_own.c | 125 + src/tspi/rpc/tcstp/rpc_pcr_extend.c | 113 + src/tspi/rpc/tcstp/rpc_ps.c | 373 +++ src/tspi/rpc/tcstp/rpc_quote.c | 114 + src/tspi/rpc/tcstp/rpc_quote2.c | 149 + src/tspi/rpc/tcstp/rpc_random.c | 94 + src/tspi/rpc/tcstp/rpc_seal.c | 206 ++ src/tspi/rpc/tcstp/rpc_selftest.c | 155 + src/tspi/rpc/tcstp/rpc_sign.c | 93 + src/tspi/rpc/tcstp/rpc_tick.c | 172 + src/tspi/rpc/tcstp/rpc_transport.c | 368 +++ src/tspi/spi_utils.c | 459 +++ src/tspi/ssl_ui.c | 86 + src/tspi/tsp_admin.c | 305 ++ src/tspi/tsp_aik.c | 143 + src/tspi/tsp_asym.c | 117 + src/tspi/tsp_audit.c | 256 ++ src/tspi/tsp_auth.c | 1230 +++++++ src/tspi/tsp_bind.c | 92 + src/tspi/tsp_caps.c | 176 + src/tspi/tsp_caps_tpm.c | 167 + src/tspi/tsp_certify.c | 108 + src/tspi/tsp_changeauth.c | 470 +++ src/tspi/tsp_context_mem.c | 258 ++ src/tspi/tsp_counter.c | 57 + src/tspi/tsp_daa.c | 207 ++ src/tspi/tsp_delegate.c | 865 +++++ src/tspi/tsp_dir.c | 83 + src/tspi/tsp_ek.c | 108 + src/tspi/tsp_get_flags.c | 67 + src/tspi/tsp_key.c | 337 ++ src/tspi/tsp_maint.c | 197 ++ src/tspi/tsp_migration.c | 263 ++ src/tspi/tsp_nv.c | 245 ++ src/tspi/tsp_oper.c | 48 + src/tspi/tsp_own.c | 193 ++ src/tspi/tsp_pcr.c | 148 + src/tspi/tsp_pcr_extend.c | 112 + src/tspi/tsp_policy.c | 123 + src/tspi/tsp_ps.c | 347 ++ src/tspi/tsp_quote.c | 114 + src/tspi/tsp_quote2.c | 133 + src/tspi/tsp_random.c | 89 + src/tspi/tsp_seal.c | 254 ++ src/tspi/tsp_selftest.c | 132 + src/tspi/tsp_sign.c | 92 + src/tspi/tsp_tick.c | 124 + src/tspi/tsp_transport.c | 88 + src/tspi/tspi_admin.c | 362 +++ src/tspi/tspi_aik.c | 579 ++++ src/tspi/tspi_asn1.c | 255 ++ src/tspi/tspi_audit.c | 313 ++ src/tspi/tspi_bind.c | 217 ++ src/tspi/tspi_caps.c | 87 + src/tspi/tspi_caps_tpm.c | 356 +++ src/tspi/tspi_certify.c | 164 + src/tspi/tspi_changeauth.c | 434 +++ src/tspi/tspi_cmk.c | 475 +++ src/tspi/tspi_context.c | 381 +++ src/tspi/tspi_counter.c | 48 + src/tspi/tspi_daa.c | 698 ++++ src/tspi/tspi_delegate.c | 470 +++ src/tspi/tspi_dir.c | 105 + src/tspi/tspi_ek.c | 438 +++ src/tspi/tspi_getset.c | 1168 +++++++ src/tspi/tspi_hash.c | 59 + src/tspi/tspi_key.c | 706 ++++ src/tspi/tspi_maint.c | 269 ++ src/tspi/tspi_migration.c | 400 +++ src/tspi/tspi_nv.c | 527 +++ src/tspi/tspi_oper.c | 52 + src/tspi/tspi_own.c | 163 + src/tspi/tspi_pcr_comp.c | 56 + src/tspi/tspi_pcr_comp12.c | 67 + src/tspi/tspi_pcr_events.c | 120 + src/tspi/tspi_pcr_extend.c | 158 + src/tspi/tspi_policy.c | 115 + src/tspi/tspi_ps.c | 581 ++++ src/tspi/tspi_quote.c | 217 ++ src/tspi/tspi_quote2.c | 286 ++ src/tspi/tspi_random.c | 74 + src/tspi/tspi_seal.c | 327 ++ src/tspi/tspi_selftest.c | 206 ++ src/tspi/tspi_sign.c | 150 + src/tspi/tspi_tick.c | 178 ++ src/tspi/tspi_transport.c | 119 + 360 files changed, 108401 insertions(+) create mode 100644 src/Makefile.am create mode 100644 src/Makefile.in create mode 100644 src/include/Makefile.am create mode 100644 src/include/Makefile.in create mode 100644 src/include/auth_mgr.h create mode 100644 src/include/authsess.h create mode 100644 src/include/biosem.h create mode 100644 src/include/capabilities.h create mode 100644 src/include/daa/anonymity_revocation.h create mode 100644 src/include/daa/bi.h create mode 100644 src/include/daa/bi_gmp.h create mode 100644 src/include/daa/bi_openssl.h create mode 100644 src/include/daa/daa_parameter.h create mode 100644 src/include/daa/daa_structs.h create mode 100644 src/include/daa/issuer.h create mode 100644 src/include/daa/key_correct.h create mode 100644 src/include/daa/list.h create mode 100644 src/include/daa/platform.h create mode 100644 src/include/daa/verifier.h create mode 100644 src/include/hosttable.h create mode 100644 src/include/imaem.h create mode 100644 src/include/linux/tpm.h create mode 100644 src/include/memmgr.h create mode 100644 src/include/obj.h create mode 100644 src/include/obj_context.h create mode 100644 src/include/obj_daa.h create mode 100644 src/include/obj_daaarakey.h create mode 100644 src/include/obj_daacred.h create mode 100644 src/include/obj_daaissuerkey.h create mode 100644 src/include/obj_delfamily.h create mode 100644 src/include/obj_encdata.h create mode 100644 src/include/obj_hash.h create mode 100644 src/include/obj_migdata.h create mode 100644 src/include/obj_nv.h create mode 100644 src/include/obj_pcrs.h create mode 100644 src/include/obj_policy.h create mode 100644 src/include/obj_rsakey.h create mode 100644 src/include/obj_tpm.h create mode 100644 src/include/req_mgr.h create mode 100644 src/include/rpc_tcstp.h create mode 100644 src/include/rpc_tcstp_tcs.h create mode 100644 src/include/rpc_tcstp_tsp.h create mode 100644 src/include/spi_utils.h create mode 100644 src/include/tcs_aik.h create mode 100644 src/include/tcs_context.h create mode 100644 src/include/tcs_int_literals.h create mode 100644 src/include/tcs_key_ps.h create mode 100644 src/include/tcs_tsp.h create mode 100644 src/include/tcs_utils.h create mode 100644 src/include/tcsd.h create mode 100644 src/include/tcsd_ops.h create mode 100644 src/include/tcsd_wrap.h create mode 100644 src/include/tcsem.h create mode 100644 src/include/tcslog.h create mode 100644 src/include/tcsps.h create mode 100644 src/include/tddl.h create mode 100644 src/include/threads.h create mode 100644 src/include/trousers/trousers.h create mode 100644 src/include/trousers/tss.h create mode 100644 src/include/trousers_types.h create mode 100644 src/include/tsp_audit.h create mode 100644 src/include/tsp_delegate.h create mode 100644 src/include/tsp_seal.h create mode 100644 src/include/tsplog.h create mode 100644 src/include/tspps.h create mode 100644 src/include/tss/TSP.idl create mode 100644 src/include/tss/compat11b.h create mode 100644 src/include/tss/platform.h create mode 100644 src/include/tss/tcpa_defines.h create mode 100644 src/include/tss/tcpa_error.h create mode 100644 src/include/tss/tcpa_struct.h create mode 100644 src/include/tss/tcpa_typedef.h create mode 100644 src/include/tss/tcs.h create mode 100644 src/include/tss/tcs_defines.h create mode 100644 src/include/tss/tcs_error.h create mode 100644 src/include/tss/tcs_structs.h create mode 100644 src/include/tss/tcs_typedef.h create mode 100644 src/include/tss/tddl_error.h create mode 100644 src/include/tss/tddlapi_error.h create mode 100644 src/include/tss/tddli.h create mode 100644 src/include/tss/tpm.h create mode 100644 src/include/tss/tpm_error.h create mode 100644 src/include/tss/tpm_ordinal.h create mode 100644 src/include/tss/tspi.h create mode 100644 src/include/tss/tss_defines.h create mode 100644 src/include/tss/tss_error.h create mode 100644 src/include/tss/tss_error_basics.h create mode 100644 src/include/tss/tss_structs.h create mode 100644 src/include/tss/tss_typedef.h create mode 100644 src/tcs/Makefile.am create mode 100644 src/tcs/Makefile.in create mode 100644 src/tcs/crypto/openssl/crypto.c create mode 100644 src/tcs/log.c create mode 100644 src/tcs/ps/ps_utils.c create mode 100644 src/tcs/ps/tcsps.c create mode 100644 src/tcs/rpc/tcstp/rpc.c create mode 100644 src/tcs/rpc/tcstp/rpc_admin.c create mode 100644 src/tcs/rpc/tcstp/rpc_aik.c create mode 100644 src/tcs/rpc/tcstp/rpc_audit.c create mode 100644 src/tcs/rpc/tcstp/rpc_auth.c create mode 100644 src/tcs/rpc/tcstp/rpc_bind.c create mode 100644 src/tcs/rpc/tcstp/rpc_caps.c create mode 100644 src/tcs/rpc/tcstp/rpc_caps_tpm.c create mode 100644 src/tcs/rpc/tcstp/rpc_certify.c create mode 100644 src/tcs/rpc/tcstp/rpc_changeauth.c create mode 100644 src/tcs/rpc/tcstp/rpc_cmk.c create mode 100644 src/tcs/rpc/tcstp/rpc_context.c create mode 100644 src/tcs/rpc/tcstp/rpc_counter.c create mode 100644 src/tcs/rpc/tcstp/rpc_daa.c create mode 100644 src/tcs/rpc/tcstp/rpc_delegate.c create mode 100644 src/tcs/rpc/tcstp/rpc_dir.c create mode 100644 src/tcs/rpc/tcstp/rpc_ek.c create mode 100644 src/tcs/rpc/tcstp/rpc_evlog.c create mode 100644 src/tcs/rpc/tcstp/rpc_key.c create mode 100644 src/tcs/rpc/tcstp/rpc_maint.c create mode 100644 src/tcs/rpc/tcstp/rpc_migration.c create mode 100644 src/tcs/rpc/tcstp/rpc_nv.c create mode 100644 src/tcs/rpc/tcstp/rpc_oper.c create mode 100644 src/tcs/rpc/tcstp/rpc_own.c create mode 100644 src/tcs/rpc/tcstp/rpc_pcr_extend.c create mode 100644 src/tcs/rpc/tcstp/rpc_ps.c create mode 100644 src/tcs/rpc/tcstp/rpc_quote.c create mode 100644 src/tcs/rpc/tcstp/rpc_quote2.c create mode 100644 src/tcs/rpc/tcstp/rpc_random.c create mode 100644 src/tcs/rpc/tcstp/rpc_seal.c create mode 100644 src/tcs/rpc/tcstp/rpc_selftest.c create mode 100644 src/tcs/rpc/tcstp/rpc_sign.c create mode 100644 src/tcs/rpc/tcstp/rpc_tick.c create mode 100644 src/tcs/rpc/tcstp/rpc_transport.c create mode 100644 src/tcs/tcs_aik.c create mode 100644 src/tcs/tcs_auth_mgr.c create mode 100644 src/tcs/tcs_caps.c create mode 100644 src/tcs/tcs_context.c create mode 100644 src/tcs/tcs_context_key.c create mode 100644 src/tcs/tcs_counter.c create mode 100644 src/tcs/tcs_evlog.c create mode 100644 src/tcs/tcs_evlog_biosem.c create mode 100644 src/tcs/tcs_evlog_imaem.c create mode 100644 src/tcs/tcs_key.c create mode 100644 src/tcs/tcs_key_mem_cache.c create mode 100644 src/tcs/tcs_key_ps.c create mode 100644 src/tcs/tcs_migration.c create mode 100644 src/tcs/tcs_pbg.c create mode 100644 src/tcs/tcs_ps.c create mode 100644 src/tcs/tcs_quote.c create mode 100644 src/tcs/tcs_quote2.c create mode 100644 src/tcs/tcs_req_mgr.c create mode 100644 src/tcs/tcs_seal.c create mode 100644 src/tcs/tcs_utils.c create mode 100644 src/tcs/tcsi_admin.c create mode 100644 src/tcs/tcsi_aik.c create mode 100644 src/tcs/tcsi_audit.c create mode 100644 src/tcs/tcsi_auth.c create mode 100644 src/tcs/tcsi_bind.c create mode 100644 src/tcs/tcsi_caps.c create mode 100644 src/tcs/tcsi_caps_tpm.c create mode 100644 src/tcs/tcsi_certify.c create mode 100644 src/tcs/tcsi_changeauth.c create mode 100644 src/tcs/tcsi_cmk.c create mode 100644 src/tcs/tcsi_context.c create mode 100644 src/tcs/tcsi_counter.c create mode 100644 src/tcs/tcsi_daa.c create mode 100644 src/tcs/tcsi_delegate.c create mode 100644 src/tcs/tcsi_dir.c create mode 100644 src/tcs/tcsi_ek.c create mode 100644 src/tcs/tcsi_evlog.c create mode 100644 src/tcs/tcsi_key.c create mode 100644 src/tcs/tcsi_maint.c create mode 100644 src/tcs/tcsi_migration.c create mode 100644 src/tcs/tcsi_nv.c create mode 100644 src/tcs/tcsi_oper.c create mode 100644 src/tcs/tcsi_own.c create mode 100644 src/tcs/tcsi_pcr.c create mode 100644 src/tcs/tcsi_ps.c create mode 100644 src/tcs/tcsi_quote.c create mode 100644 src/tcs/tcsi_quote2.c create mode 100644 src/tcs/tcsi_random.c create mode 100644 src/tcs/tcsi_seal.c create mode 100644 src/tcs/tcsi_selftest.c create mode 100644 src/tcs/tcsi_sign.c create mode 100644 src/tcs/tcsi_tick.c create mode 100644 src/tcs/tcsi_transport.c create mode 100644 src/tcsd/Makefile.am create mode 100644 src/tcsd/Makefile.in create mode 100644 src/tcsd/platform.c create mode 100644 src/tcsd/svrside.c create mode 100644 src/tcsd/tcsd_conf.c create mode 100644 src/tcsd/tcsd_threads.c create mode 100644 src/tddl/Makefile.am create mode 100644 src/tddl/Makefile.in create mode 100644 src/tddl/tddl.c create mode 100644 src/trspi/Makefile.am create mode 100644 src/trspi/Makefile.in create mode 100644 src/trspi/crypto/Makefile.am create mode 100644 src/trspi/crypto/openssl/hash.c create mode 100644 src/trspi/crypto/openssl/rsa.c create mode 100644 src/trspi/crypto/openssl/symmetric.c create mode 100644 src/trspi/trousers.c create mode 100644 src/tspi/Makefile.am create mode 100644 src/tspi/Makefile.in create mode 100644 src/tspi/daa/Makefile.am create mode 100644 src/tspi/daa/big_integer/bi.c create mode 100644 src/tspi/daa/big_integer/bi_gmp.c create mode 100644 src/tspi/daa/big_integer/bi_openssl.c create mode 100644 src/tspi/daa/big_integer/test/Makefile.am create mode 100644 src/tspi/daa/big_integer/test/multi_exp.c create mode 100644 src/tspi/daa/big_integer/test/test.c create mode 100644 src/tspi/daa/daa_anonymityrevocation/csencryption_result.c create mode 100644 src/tspi/daa/daa_debug.c create mode 100644 src/tspi/daa/daa_debug.h create mode 100644 src/tspi/daa/daa_issuer/issue_credential.c create mode 100644 src/tspi/daa/daa_issuer/issuer_init.c create mode 100644 src/tspi/daa/daa_issuer/issuer_setup.c create mode 100644 src/tspi/daa/daa_issuer/key_correctness_proof.c create mode 100644 src/tspi/daa/daa_issuer/key_verification.c create mode 100644 src/tspi/daa/daa_issuer/keypair_generator.c create mode 100644 src/tspi/daa/daa_issuer/prime_gen.c create mode 100644 src/tspi/daa/daa_parameter.c create mode 100644 src/tspi/daa/daa_platform/platform.c create mode 100644 src/tspi/daa/daa_platform/test.c create mode 100644 src/tspi/daa/daa_platform/test_join.c create mode 100644 src/tspi/daa/daa_structs.c create mode 100644 src/tspi/daa/daa_verifier/test/Makefile.am create mode 100644 src/tspi/daa/daa_verifier/verifier.c create mode 100644 src/tspi/daa/daa_verifier/verifier_transaction.c create mode 100644 src/tspi/daa/test_sign.c create mode 100644 src/tspi/daa/utils/list.c create mode 100644 src/tspi/gtk/callbacks.c create mode 100644 src/tspi/gtk/callbacks.h create mode 100644 src/tspi/gtk/interface.c create mode 100644 src/tspi/gtk/interface.h create mode 100644 src/tspi/gtk/main.c create mode 100644 src/tspi/gtk/support.c create mode 100644 src/tspi/gtk/support.h create mode 100644 src/tspi/log.c create mode 100644 src/tspi/obj.c create mode 100644 src/tspi/obj_context.c create mode 100644 src/tspi/obj_daa.c create mode 100644 src/tspi/obj_delfamily.c create mode 100644 src/tspi/obj_encdata.c create mode 100644 src/tspi/obj_hash.c create mode 100644 src/tspi/obj_migdata.c create mode 100644 src/tspi/obj_nv.c create mode 100644 src/tspi/obj_pcrs.c create mode 100644 src/tspi/obj_policy.c create mode 100644 src/tspi/obj_rsakey.c create mode 100644 src/tspi/obj_tpm.c create mode 100644 src/tspi/ps/ps_utils.c create mode 100644 src/tspi/ps/tspps.c create mode 100644 src/tspi/rpc/hosttable.c create mode 100644 src/tspi/rpc/tcs_api.c create mode 100644 src/tspi/rpc/tcstp/rpc.c create mode 100644 src/tspi/rpc/tcstp/rpc_admin.c create mode 100644 src/tspi/rpc/tcstp/rpc_aik.c create mode 100644 src/tspi/rpc/tcstp/rpc_audit.c create mode 100644 src/tspi/rpc/tcstp/rpc_auth.c create mode 100644 src/tspi/rpc/tcstp/rpc_bind.c create mode 100644 src/tspi/rpc/tcstp/rpc_caps.c create mode 100644 src/tspi/rpc/tcstp/rpc_caps_tpm.c create mode 100644 src/tspi/rpc/tcstp/rpc_certify.c create mode 100644 src/tspi/rpc/tcstp/rpc_changeauth.c create mode 100644 src/tspi/rpc/tcstp/rpc_cmk.c create mode 100644 src/tspi/rpc/tcstp/rpc_context.c create mode 100644 src/tspi/rpc/tcstp/rpc_counter.c create mode 100644 src/tspi/rpc/tcstp/rpc_daa.c create mode 100644 src/tspi/rpc/tcstp/rpc_delegate.c create mode 100644 src/tspi/rpc/tcstp/rpc_dir.c create mode 100644 src/tspi/rpc/tcstp/rpc_ek.c create mode 100644 src/tspi/rpc/tcstp/rpc_evlog.c create mode 100644 src/tspi/rpc/tcstp/rpc_key.c create mode 100644 src/tspi/rpc/tcstp/rpc_maint.c create mode 100644 src/tspi/rpc/tcstp/rpc_migration.c create mode 100644 src/tspi/rpc/tcstp/rpc_nv.c create mode 100644 src/tspi/rpc/tcstp/rpc_oper.c create mode 100644 src/tspi/rpc/tcstp/rpc_own.c create mode 100644 src/tspi/rpc/tcstp/rpc_pcr_extend.c create mode 100644 src/tspi/rpc/tcstp/rpc_ps.c create mode 100644 src/tspi/rpc/tcstp/rpc_quote.c create mode 100644 src/tspi/rpc/tcstp/rpc_quote2.c create mode 100644 src/tspi/rpc/tcstp/rpc_random.c create mode 100644 src/tspi/rpc/tcstp/rpc_seal.c create mode 100644 src/tspi/rpc/tcstp/rpc_selftest.c create mode 100644 src/tspi/rpc/tcstp/rpc_sign.c create mode 100644 src/tspi/rpc/tcstp/rpc_tick.c create mode 100644 src/tspi/rpc/tcstp/rpc_transport.c create mode 100644 src/tspi/spi_utils.c create mode 100644 src/tspi/ssl_ui.c create mode 100644 src/tspi/tsp_admin.c create mode 100644 src/tspi/tsp_aik.c create mode 100644 src/tspi/tsp_asym.c create mode 100644 src/tspi/tsp_audit.c create mode 100755 src/tspi/tsp_auth.c create mode 100644 src/tspi/tsp_bind.c create mode 100644 src/tspi/tsp_caps.c create mode 100644 src/tspi/tsp_caps_tpm.c create mode 100644 src/tspi/tsp_certify.c create mode 100644 src/tspi/tsp_changeauth.c create mode 100644 src/tspi/tsp_context_mem.c create mode 100644 src/tspi/tsp_counter.c create mode 100644 src/tspi/tsp_daa.c create mode 100644 src/tspi/tsp_delegate.c create mode 100644 src/tspi/tsp_dir.c create mode 100644 src/tspi/tsp_ek.c create mode 100644 src/tspi/tsp_get_flags.c create mode 100644 src/tspi/tsp_key.c create mode 100644 src/tspi/tsp_maint.c create mode 100644 src/tspi/tsp_migration.c create mode 100644 src/tspi/tsp_nv.c create mode 100644 src/tspi/tsp_oper.c create mode 100644 src/tspi/tsp_own.c create mode 100644 src/tspi/tsp_pcr.c create mode 100644 src/tspi/tsp_pcr_extend.c create mode 100644 src/tspi/tsp_policy.c create mode 100644 src/tspi/tsp_ps.c create mode 100644 src/tspi/tsp_quote.c create mode 100644 src/tspi/tsp_quote2.c create mode 100644 src/tspi/tsp_random.c create mode 100644 src/tspi/tsp_seal.c create mode 100644 src/tspi/tsp_selftest.c create mode 100644 src/tspi/tsp_sign.c create mode 100644 src/tspi/tsp_tick.c create mode 100644 src/tspi/tsp_transport.c create mode 100644 src/tspi/tspi_admin.c create mode 100644 src/tspi/tspi_aik.c create mode 100644 src/tspi/tspi_asn1.c create mode 100644 src/tspi/tspi_audit.c create mode 100644 src/tspi/tspi_bind.c create mode 100644 src/tspi/tspi_caps.c create mode 100644 src/tspi/tspi_caps_tpm.c create mode 100644 src/tspi/tspi_certify.c create mode 100644 src/tspi/tspi_changeauth.c create mode 100644 src/tspi/tspi_cmk.c create mode 100644 src/tspi/tspi_context.c create mode 100644 src/tspi/tspi_counter.c create mode 100644 src/tspi/tspi_daa.c create mode 100644 src/tspi/tspi_delegate.c create mode 100644 src/tspi/tspi_dir.c create mode 100644 src/tspi/tspi_ek.c create mode 100644 src/tspi/tspi_getset.c create mode 100644 src/tspi/tspi_hash.c create mode 100644 src/tspi/tspi_key.c create mode 100644 src/tspi/tspi_maint.c create mode 100644 src/tspi/tspi_migration.c create mode 100644 src/tspi/tspi_nv.c create mode 100644 src/tspi/tspi_oper.c create mode 100644 src/tspi/tspi_own.c create mode 100644 src/tspi/tspi_pcr_comp.c create mode 100644 src/tspi/tspi_pcr_comp12.c create mode 100644 src/tspi/tspi_pcr_events.c create mode 100644 src/tspi/tspi_pcr_extend.c create mode 100644 src/tspi/tspi_policy.c create mode 100644 src/tspi/tspi_ps.c create mode 100644 src/tspi/tspi_quote.c create mode 100644 src/tspi/tspi_quote2.c create mode 100644 src/tspi/tspi_random.c create mode 100644 src/tspi/tspi_seal.c create mode 100644 src/tspi/tspi_selftest.c create mode 100644 src/tspi/tspi_sign.c create mode 100644 src/tspi/tspi_tick.c create mode 100644 src/tspi/tspi_transport.c (limited to 'src') diff --git a/src/Makefile.am b/src/Makefile.am new file mode 100644 index 0000000..85dc2ea --- /dev/null +++ b/src/Makefile.am @@ -0,0 +1 @@ +SUBDIRS = trspi tddl tcs tspi tcsd include diff --git a/src/Makefile.in b/src/Makefile.in new file mode 100644 index 0000000..85eb9e9 --- /dev/null +++ b/src/Makefile.in @@ -0,0 +1,566 @@ +# Makefile.in generated by automake 1.11.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +target_triplet = @target@ +subdir = src +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +SOURCES = +DIST_SOURCES = +RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ + html-recursive info-recursive install-data-recursive \ + install-dvi-recursive install-exec-recursive \ + install-html-recursive install-info-recursive \ + install-pdf-recursive install-ps-recursive install-recursive \ + installcheck-recursive installdirs-recursive pdf-recursive \ + ps-recursive uninstall-recursive +RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ + distclean-recursive maintainer-clean-recursive +AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ + $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ + distdir +ETAGS = etags +CTAGS = ctags +DIST_SUBDIRS = $(SUBDIRS) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CRYPTOLIB = @CRYPTOLIB@ +CRYPTO_PACKAGE = @CRYPTO_PACKAGE@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GREP = @GREP@ +GTK_CFLAGS = @GTK_CFLAGS@ +GTK_LIBS = @GTK_LIBS@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENSSL_LIB_DIR = @OPENSSL_LIB_DIR@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +RANLIB = @RANLIB@ +RPC = @RPC@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +TCSD_DEFAULT_PORT = @TCSD_DEFAULT_PORT@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target = @target@ +target_alias = @target_alias@ +target_cpu = @target_cpu@ +target_os = @target_os@ +target_vendor = @target_vendor@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +SUBDIRS = trspi tddl tcs tspi tcsd include +all: all-recursive + +.SUFFIXES: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign src/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +# This directory's subdirectories are mostly independent; you can cd +# into them and run `make' without going through this Makefile. +# To change the values of `make' variables: instead of editing Makefiles, +# (1) if the variable is set in `config.status', edit `config.status' +# (which will cause the Makefiles to be regenerated when you run `make'); +# (2) otherwise, pass the desired values on the `make' command line. +$(RECURSIVE_TARGETS): + @fail= failcom='exit 1'; \ + for f in x $$MAKEFLAGS; do \ + case $$f in \ + *=* | --[!k]*);; \ + *k*) failcom='fail=yes';; \ + esac; \ + done; \ + dot_seen=no; \ + target=`echo $@ | sed s/-recursive//`; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + dot_seen=yes; \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done; \ + if test "$$dot_seen" = "no"; then \ + $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ + fi; test -z "$$fail" + +$(RECURSIVE_CLEAN_TARGETS): + @fail= failcom='exit 1'; \ + for f in x $$MAKEFLAGS; do \ + case $$f in \ + *=* | --[!k]*);; \ + *k*) failcom='fail=yes';; \ + esac; \ + done; \ + dot_seen=no; \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + rev=''; for subdir in $$list; do \ + if test "$$subdir" = "."; then :; else \ + rev="$$subdir $$rev"; \ + fi; \ + done; \ + rev="$$rev ."; \ + target=`echo $@ | sed s/-recursive//`; \ + for subdir in $$rev; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done && test -z "$$fail" +tags-recursive: + list='$(SUBDIRS)'; for subdir in $$list; do \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ + done +ctags-recursive: + list='$(SUBDIRS)'; for subdir in $$list; do \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ + done + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ + include_option=--etags-include; \ + empty_fix=.; \ + else \ + include_option=--include; \ + empty_fix=; \ + fi; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test ! -f $$subdir/TAGS || \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ + fi; \ + done; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test -d "$(distdir)/$$subdir" \ + || $(MKDIR_P) "$(distdir)/$$subdir" \ + || exit 1; \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ + am__remove_distdir=: \ + am__skip_length_check=: \ + am__skip_mode_fix=: \ + distdir) \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-recursive +all-am: Makefile +installdirs: installdirs-recursive +installdirs-am: +install: install-recursive +install-exec: install-exec-recursive +install-data: install-data-recursive +uninstall: uninstall-recursive + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-recursive +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-recursive + +clean-am: clean-generic clean-libtool mostlyclean-am + +distclean: distclean-recursive + -rm -f Makefile +distclean-am: clean-am distclean-generic distclean-tags + +dvi: dvi-recursive + +dvi-am: + +html: html-recursive + +html-am: + +info: info-recursive + +info-am: + +install-data-am: + +install-dvi: install-dvi-recursive + +install-dvi-am: + +install-exec-am: + +install-html: install-html-recursive + +install-html-am: + +install-info: install-info-recursive + +install-info-am: + +install-man: + +install-pdf: install-pdf-recursive + +install-pdf-am: + +install-ps: install-ps-recursive + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-recursive + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-recursive + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-recursive + +pdf-am: + +ps: ps-recursive + +ps-am: + +uninstall-am: + +.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \ + install-am install-strip tags-recursive + +.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ + all all-am check check-am clean clean-generic clean-libtool \ + ctags ctags-recursive distclean distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs installdirs-am maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \ + uninstall uninstall-am + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/include/Makefile.am b/src/include/Makefile.am new file mode 100644 index 0000000..2adec8a --- /dev/null +++ b/src/include/Makefile.am @@ -0,0 +1,43 @@ +tssincludedir = $(includedir)/tss +trousersincludedir = $(includedir)/trousers + +tssinclude_HEADERS = tss/tcpa_error.h \ + tss/tcs_error.h \ + tss/tcs_defines.h \ + tss/tcs.h \ + tss/tddlapi_error.h \ + tss/tspi.h \ + tss/tss_error.h \ + tss/platform.h \ + tss/tcpa_struct.h \ + tss/tcs_structs.h \ + tss/tddl_error.h \ + tss/tss_defines.h \ + tss/tss_structs.h \ + tss/tcpa_defines.h \ + tss/tcpa_typedef.h \ + tss/tcs_typedef.h \ + tss/tddli.h \ + tss/tss_error_basics.h \ + tss/tss_typedef.h \ + tss/compat11b.h \ + tss/tpm.h \ + tss/tpm_error.h \ + tss/tpm_ordinal.h +trousersinclude_HEADERS = trousers/tss.h trousers/trousers.h + +noinst_HEADERS = auth_mgr.h authsess.h biosem.h capabilities.h \ + hosttable.h imaem.h memmgr.h obj_context.h \ + obj_daaarakey.h obj_daacred.h obj_daa.h \ + obj_daaissuerkey.h obj_delfamily.h obj_encdata.h \ + obj.h obj_hash.h obj_migdata.h obj_nv.h \ + obj_pcrs.h obj_policy.h obj_rsakey.h \ + obj_tpm.h req_mgr.h rpc_tcstp.h rpc_tcstp_tcs.h \ + rpc_tcstp_tsp.h spi_utils.h tcs_aik.h \ + tcs_context.h tcsd.h tcsd_ops.h tcsd_wrap.h \ + tcsem.h tcs_int_literals.h tcs_key_ps.h \ + tcslog.h tcsps.h tcs_tsp.h tcs_utils.h \ + tddl.h threads.h trousers_types.h tsp_audit.h \ + tsp_delegate.h tsplog.h tspps.h tsp_seal.h \ + linux/tpm.h + diff --git a/src/include/Makefile.in b/src/include/Makefile.in new file mode 100644 index 0000000..0b36197 --- /dev/null +++ b/src/include/Makefile.in @@ -0,0 +1,530 @@ +# Makefile.in generated by automake 1.11.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +target_triplet = @target@ +subdir = src/include +DIST_COMMON = $(noinst_HEADERS) $(srcdir)/Makefile.am \ + $(srcdir)/Makefile.in $(trousersinclude_HEADERS) \ + $(tssinclude_HEADERS) +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +SOURCES = +DIST_SOURCES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(trousersincludedir)" \ + "$(DESTDIR)$(tssincludedir)" +HEADERS = $(noinst_HEADERS) $(trousersinclude_HEADERS) \ + $(tssinclude_HEADERS) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CRYPTOLIB = @CRYPTOLIB@ +CRYPTO_PACKAGE = @CRYPTO_PACKAGE@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GREP = @GREP@ +GTK_CFLAGS = @GTK_CFLAGS@ +GTK_LIBS = @GTK_LIBS@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENSSL_LIB_DIR = @OPENSSL_LIB_DIR@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +RANLIB = @RANLIB@ +RPC = @RPC@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +TCSD_DEFAULT_PORT = @TCSD_DEFAULT_PORT@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target = @target@ +target_alias = @target_alias@ +target_cpu = @target_cpu@ +target_os = @target_os@ +target_vendor = @target_vendor@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +tssincludedir = $(includedir)/tss +trousersincludedir = $(includedir)/trousers +tssinclude_HEADERS = tss/tcpa_error.h \ + tss/tcs_error.h \ + tss/tcs_defines.h \ + tss/tcs.h \ + tss/tddlapi_error.h \ + tss/tspi.h \ + tss/tss_error.h \ + tss/platform.h \ + tss/tcpa_struct.h \ + tss/tcs_structs.h \ + tss/tddl_error.h \ + tss/tss_defines.h \ + tss/tss_structs.h \ + tss/tcpa_defines.h \ + tss/tcpa_typedef.h \ + tss/tcs_typedef.h \ + tss/tddli.h \ + tss/tss_error_basics.h \ + tss/tss_typedef.h \ + tss/compat11b.h \ + tss/tpm.h \ + tss/tpm_error.h \ + tss/tpm_ordinal.h + +trousersinclude_HEADERS = trousers/tss.h trousers/trousers.h +noinst_HEADERS = auth_mgr.h authsess.h biosem.h capabilities.h \ + hosttable.h imaem.h memmgr.h obj_context.h \ + obj_daaarakey.h obj_daacred.h obj_daa.h \ + obj_daaissuerkey.h obj_delfamily.h obj_encdata.h \ + obj.h obj_hash.h obj_migdata.h obj_nv.h \ + obj_pcrs.h obj_policy.h obj_rsakey.h \ + obj_tpm.h req_mgr.h rpc_tcstp.h rpc_tcstp_tcs.h \ + rpc_tcstp_tsp.h spi_utils.h tcs_aik.h \ + tcs_context.h tcsd.h tcsd_ops.h tcsd_wrap.h \ + tcsem.h tcs_int_literals.h tcs_key_ps.h \ + tcslog.h tcsps.h tcs_tsp.h tcs_utils.h \ + tddl.h threads.h trousers_types.h tsp_audit.h \ + tsp_delegate.h tsplog.h tspps.h tsp_seal.h \ + linux/tpm.h + +all: all-am + +.SUFFIXES: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/include/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign src/include/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +install-trousersincludeHEADERS: $(trousersinclude_HEADERS) + @$(NORMAL_INSTALL) + test -z "$(trousersincludedir)" || $(MKDIR_P) "$(DESTDIR)$(trousersincludedir)" + @list='$(trousersinclude_HEADERS)'; test -n "$(trousersincludedir)" || list=; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(trousersincludedir)'"; \ + $(INSTALL_HEADER) $$files "$(DESTDIR)$(trousersincludedir)" || exit $$?; \ + done + +uninstall-trousersincludeHEADERS: + @$(NORMAL_UNINSTALL) + @list='$(trousersinclude_HEADERS)'; test -n "$(trousersincludedir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(trousersincludedir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(trousersincludedir)" && rm -f $$files +install-tssincludeHEADERS: $(tssinclude_HEADERS) + @$(NORMAL_INSTALL) + test -z "$(tssincludedir)" || $(MKDIR_P) "$(DESTDIR)$(tssincludedir)" + @list='$(tssinclude_HEADERS)'; test -n "$(tssincludedir)" || list=; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(tssincludedir)'"; \ + $(INSTALL_HEADER) $$files "$(DESTDIR)$(tssincludedir)" || exit $$?; \ + done + +uninstall-tssincludeHEADERS: + @$(NORMAL_UNINSTALL) + @list='$(tssinclude_HEADERS)'; test -n "$(tssincludedir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(tssincludedir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(tssincludedir)" && rm -f $$files + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(HEADERS) +installdirs: + for dir in "$(DESTDIR)$(trousersincludedir)" "$(DESTDIR)$(tssincludedir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-trousersincludeHEADERS \ + install-tssincludeHEADERS + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-trousersincludeHEADERS \ + uninstall-tssincludeHEADERS + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool ctags distclean distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip \ + install-trousersincludeHEADERS install-tssincludeHEADERS \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \ + uninstall-am uninstall-trousersincludeHEADERS \ + uninstall-tssincludeHEADERS + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/include/auth_mgr.h b/src/include/auth_mgr.h new file mode 100644 index 0000000..14ced98 --- /dev/null +++ b/src/include/auth_mgr.h @@ -0,0 +1,49 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + +#ifndef _AUTH_MGR_H_ +#define _AUTH_MGR_H_ + +struct auth_map +{ + TSS_BOOL full; + TPM_AUTHHANDLE tpm_handle; + TCS_CONTEXT_HANDLE tcs_ctx; + BYTE *swap; /* These 'swap' variables manage blobs received from TPM_SaveAuthContext */ + UINT32 swap_size; +}; + +/* + * it appears that there's no way to query a v1.1 TPM for the + * max number of simultaneous auth sessions. We'll make the + * default relatively large and let the TPM return + * TCPA_RESOURCES to tell us when we cross the line. + */ +#define TSS_DEFAULT_AUTH_TABLE_SIZE 16 +#define TSS_DEFAULT_OVERFLOW_AUTHS 16 + +struct _auth_mgr +{ + short max_auth_sessions; + short open_auth_sessions; + UINT32 sleeping_threads; + COND_VAR **overflow; /* queue of TCS contexts waiting for an auth session to become + * available */ + unsigned int of_head, of_tail; /* head and tail of the overflow queue */ + struct auth_map *auth_mapper; /* table of currently tracked auth sessions */ + UINT32 auth_mapper_size, overflow_size; +} auth_mgr; + +MUTEX_DECLARE_INIT(auth_mgr_lock); + +TSS_RESULT TPM_SaveAuthContext(TPM_AUTHHANDLE, UINT32 *, BYTE **); +TSS_RESULT TPM_LoadAuthContext(UINT32, BYTE *, TPM_AUTHHANDLE *); + +#endif diff --git a/src/include/authsess.h b/src/include/authsess.h new file mode 100644 index 0000000..7615015 --- /dev/null +++ b/src/include/authsess.h @@ -0,0 +1,59 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + +#ifndef _AUTHSESS_H_ +#define _AUTHSESS_H_ + +struct authsess { + TPM_AUTH *pAuth; + TPM_AUTH auth; + + /* XOR masks created before each use of an OSAP session */ + TPM_ENCAUTH encAuthUse; + TPM_ENCAUTH encAuthMig; + + TSS_HCONTEXT tspContext; + TPM_COMMAND_CODE command; + + TSS_HOBJECT obj_parent; + TSS_HPOLICY hUsageParent; + UINT32 parentMode; + TPM_SECRET parentSecret; + TSS_CALLBACK cb_xor, cb_hmac, cb_sealx; + + TPM_ENTITY_TYPE entity_type; + UINT32 entityValueSize; + BYTE *entityValue; + + TSS_HOBJECT obj_child; + TSS_HPOLICY hUsageChild, hMigChild; + UINT32 uMode, mMode; + + /* Created during OSAP or DSAP protocol initiation */ + TPM_NONCE nonceOddxSAP; + TPM_NONCE nonceEvenxSAP; + TPM_HMAC sharedSecret; + + //MUTEX_DECLARE(lock); + //struct authsess *next; +}; + +TSS_RESULT authsess_oiap_get(TSS_HOBJECT, TPM_COMMAND_CODE, TPM_DIGEST *, TPM_AUTH *); +TSS_RESULT authsess_oiap_put(TPM_AUTH *, TPM_DIGEST *); + +TSS_RESULT authsess_xsap_init(TSS_HCONTEXT, TSS_HOBJECT, TSS_HOBJECT, TSS_BOOL, TPM_COMMAND_CODE, TPM_ENTITY_TYPE, struct authsess **); +TSS_RESULT authsess_xsap_hmac(struct authsess *, TPM_DIGEST *); +TSS_RESULT authsess_xsap_verify(struct authsess *, TPM_DIGEST *); +void authsess_free(struct authsess *); + +#define TSS_AUTH_POLICY_REQUIRED TRUE +#define TSS_AUTH_POLICY_NOT_REQUIRED FALSE + +#endif diff --git a/src/include/biosem.h b/src/include/biosem.h new file mode 100644 index 0000000..ec6e7f5 --- /dev/null +++ b/src/include/biosem.h @@ -0,0 +1,34 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2006 + * + */ + +#ifndef _BIOSEM_H_ +#define _BIOSEM_H_ + +int bios_open(void *, FILE **); +TSS_RESULT bios_get_entries_by_pcr(FILE *, UINT32, UINT32, UINT32 *, TSS_PCR_EVENT **); +TSS_RESULT bios_get_entry(FILE *, UINT32, UINT32 *, TSS_PCR_EVENT **); +int bios_close(FILE *); + +extern struct ext_log_source bios_source; + +/* this should be large if we're reading out of /proc */ +#define BIOS_READ_SIZE 4096 + +typedef struct { + UINT32 pcrIndex; + UINT32 eventType; + BYTE digest[20]; + UINT32 eventDataSize; + BYTE event[0];/* (eventSize) bytes of event data follows */ +} TCG_PCClientPCREventStruc; + +#define EVLOG_SOURCE_BIOS 1 + +#endif diff --git a/src/include/capabilities.h b/src/include/capabilities.h new file mode 100644 index 0000000..1482956 --- /dev/null +++ b/src/include/capabilities.h @@ -0,0 +1,63 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#ifndef _CAPABILITIES_H_ +#define _CAPABILITIES_H_ + +/* This header has all of the software capabilities that are returned either via + * Tspi_Context_GetCapability or TCS_GetCapability. + */ + +/* TSP */ +/* BOOL */ +#define INTERNAL_CAP_TSP_ALG_RSA TRUE +#define INTERNAL_CAP_TSP_ALG_SHA TRUE +#define INTERNAL_CAP_TSP_ALG_3DES FALSE +#define INTERNAL_CAP_TSP_ALG_DES FALSE +#define INTERNAL_CAP_TSP_ALG_HMAC TRUE +#define INTERNAL_CAP_TSP_ALG_AES TRUE +#define INTERNAL_CAP_TSP_PERSSTORAGE TRUE + +/* UINT32 */ +#define INTERNAL_CAP_TSP_ALG_DEFAULT TSS_ALG_RSA +#define INTERNAL_CAP_TSP_ALG_DEFAULT_SIZE TSS_KEY_SIZEVAL_2048BIT + +/* 1 indicates byte-stream return values, 0 indicates ASN.1 encoded return values */ +#define INTERNAL_CAP_TSP_RETURNVALUE_INFO 1 + +/* 0 is unknown platform version/type. Currently the spec is too vague on possible values for this + * information to define anything here. */ +#define INTERNAL_CAP_TSP_PLATFORM_VERSION 0 +#define INTERNAL_CAP_TSP_PLATFORM_TYPE 0 + +/* TCS */ +/* BOOL */ +#define INTERNAL_CAP_TCS_ALG_RSA FALSE +#define INTERNAL_CAP_TCS_ALG_AES FALSE +#define INTERNAL_CAP_TCS_ALG_3DES FALSE +#define INTERNAL_CAP_TCS_ALG_DES FALSE +#define INTERNAL_CAP_TCS_ALG_SHA TRUE +#define INTERNAL_CAP_TCS_ALG_HMAC FALSE +#define INTERNAL_CAP_TCS_PERSSTORAGE TRUE +#define INTERNAL_CAP_TCS_CACHING_KEYCACHE FALSE +#define INTERNAL_CAP_TCS_CACHING_AUTHCACHE TRUE + +/* UINT32 */ +#define INTERNAL_CAP_TCS_ALG_DEFAULT TSS_ALG_RSA +#define INTERNAL_CAP_TCS_ALG_DEFAULT_SIZE TSS_KEY_SIZEVAL_2048BIT + +/* Common between both TSP and TCS */ +#define INTERNAL_CAP_VERSION { 1, 2, TSS_VER_MAJOR, TSS_VER_MINOR } + +#define INTERNAL_CAP_MANUFACTURER_ID 0x49424D00 +#define INTERNAL_CAP_MANUFACTURER_STR { 'I', 0, 'B', 0, 'M', 0, 0, 0 } +#define INTERNAL_CAP_MANUFACTURER_STR_LEN 8 + +#endif diff --git a/src/include/daa/anonymity_revocation.h b/src/include/daa/anonymity_revocation.h new file mode 100644 index 0000000..383346d --- /dev/null +++ b/src/include/daa/anonymity_revocation.h @@ -0,0 +1,62 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2006 + * + */ + +#ifndef ANONYMITY_REVOCATION_H_ +#define ANONYMITY_REVOCATION_H_ + +#include "bi.h" +#include "daa_structs.h" + +/** + * Cramer Shoup public key (CSPublicKey.java) + */ +typedef struct tdCS_PUBLIC_KEY { + bi_ptr eta; + bi_ptr lambda1; + bi_ptr lambda2; + bi_ptr lambda3; +} CS_PUBLIC_KEY; + +typedef struct tdCS_ENCRYPTION_RESULT { + bi_ptr c1; + bi_ptr c2; + bi_ptr c3; + bi_ptr c4; +} CS_ENCRYPTION_RESULT; + +CS_ENCRYPTION_RESULT *create_CS_ENCRYPTION_RESULT( bi_ptr c1, bi_ptr c2, bi_ptr c3, bi_ptr c4); + +/* + * Cramer-Shoup Encryption Result including randomness. + * + * from com.ibm.zurich.tcg.daa.anonymityrevocationCSEncryptionResultRandomness +*/ +typedef struct tdCS_ENCRYPTION_RESULT_RANDOMNESS { + bi_ptr randomness; + CS_ENCRYPTION_RESULT *result; +} CS_ENCRYPTION_RESULT_RANDOMNESS; + +/* + * Cramer-Shoup EncryptionProof + * from com.ibm.zurich.tcg.daa.anonymityrevocation.CSEncryptionProof + */ +CS_ENCRYPTION_RESULT_RANDOMNESS *compute_ecryption_proof( + const bi_ptr msg, + const bi_ptr delta1, + const bi_ptr delta2, + const bi_ptr delta3, + const bi_ptr randomness, + const CS_PUBLIC_KEY *key, + const struct tdTSS_DAA_PK_internal *daa_key, + const BYTE *condition, + const int conditionLength, + const EVP_MD *messageDigest); + +#endif /*ANONYMITY_REVOCATION_H_*/ diff --git a/src/include/daa/bi.h b/src/include/daa/bi.h new file mode 100644 index 0000000..4d69ed3 --- /dev/null +++ b/src/include/daa/bi.h @@ -0,0 +1,380 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2006 + * + */ + +#ifndef BI_H_ +#define BI_H_ + +#include +#include +#include +// for the BIGNUM definition +#include + +#include "list.h" + +#define INLINE +#undef INLINE_DECL +#define INLINE_DECL static inline + +void * (*bi_alloc)(size_t size); + +// keep the list of allocated memory, usually used for the format functions +extern list_ptr allocs; + +/************************************************************************************ + TYPE DEF +*************************************************************************************/ + +#ifdef BI_GMP +#include "bi_gmp.h" +#endif + +#ifdef BI_OPENSSL +#include "bi_openssl.h" +#endif + +/************************************************************************************ + TYPE DEF +*************************************************************************************/ + +struct _bi_array{ + bi_ptr *array; + int length; +}; + +typedef struct _bi_array bi_array[1]; +typedef struct _bi_array *bi_array_ptr; + +/*********************************************************************************** + CONSTANT +*************************************************************************************/ + +extern bi_t bi_0; +extern bi_t bi_1; +extern bi_t bi_2; + +/*********************************************************************************** + TEMPORARY (WORK) +*************************************************************************************/ + +/* +extern bi_t bi_tmp; +extern bi_t bi_tmp1; +extern bi_t bi_tmp2; +extern bi_t bi_tmp3; +extern bi_t bi_tmp4; +extern bi_t bi_tmp5; +extern bi_t bi_tmp6; +extern bi_t bi_tmp7; +extern bi_t bi_tmp8; +extern bi_t bi_tmp9; +*/ + +/*********************************************************************************** + MACROS +*************************************************************************************/ +#define ALLOC_BI_ARRAY() (bi_array_ptr)malloc( sizeof( bi_array)) + +#if 0 +#define BI_SAVE( a, b) do { bi_save( a, #a, b); } while(0); +#define BI_SAVE_ARRAY( a, b) do { bi_save_array( a, #a, b); } while(0); +#define BI_LOAD( a, b) do { bi_load( a, b); } while(0); +#define BI_LOAD_ARRAY( a, b) do { bi_load_array( a, b); } while(0); +#endif + +#ifdef BI_DEBUG +#define DUMP_BI(field) do { \ + fprintf(stderr, "%s=%s [%ld]\n", #field, bi_2_hex_char( field), bi_nbin_size(field));\ + } while(0); + +#define DUMP_BI_ARRAY(field) do { dump_bi_array( #field, field); } while(0); + +#else +#define DUMP_BI(field) + +#define DUMP_BI_ARRAY(field) +#endif + +/* to free only defines bi_ptr */ +#define FREE_BI(a) do { if( (a) != NULL) bi_free_ptr( a); } while(0); + +/*********************************************************************************** + DUMP LIB +*************************************************************************************/ + +char *dump_byte_array(int len, unsigned char *array); + +/* convert and return it into a byte array of length */ +unsigned char *retrieve_byte_array( int *len, const char *strings); + +/*********************************************************************************** + LIBRARY MANAGEMENT +*************************************************************************************/ +/* + initialize the library + bi_alloc_p allocation function used only for exporting a bi struct, so for bi_2_nbin + if define as NULL, a stdlib malloc() will be used +*/ +void bi_init( void * (*bi_alloc_p)(size_t size)); + +/* release resources used by the library */ +void bi_release(void); + +/* return >0 if the library was initialized */ +int bi_is_initialized(void); + +/* free the list of internally allocated memory, usually used for the format functions */ +void bi_flush_memory(void); + +/*********************************************************************************** + ALLOCATION & BASIC SETTINGS +*************************************************************************************/ + +/* create a big integer */ +bi_ptr bi_new( bi_ptr result); + +/* create a big integer pointer */ +bi_ptr bi_new_ptr(void); + +/* free resources allocated to the big integer */ +void bi_free(const bi_ptr i); + +/* free resources allocated to the big integer pointer */ +void bi_free_ptr(const bi_ptr i); + +/* return the current number of bits of the number */ +long bi_length( const bi_ptr res); + +/* create a array */ +void bi_new_array( bi_array_ptr array, const int length); + +/* create a array */ +void bi_new_array2( bi_array_ptr array, const int length); + +/* free resources allocated to the big integer */ +void bi_free_array(bi_array_ptr array); + +/* copy length pointers from the array to array */ +void bi_copy_array(bi_array_ptr src, + int offset_src, + bi_array_ptr dest, + int offset_dest, + int length); + +// for debugging +void dump_bi_array( char *field, const bi_array_ptr array); + +/*********************************************************************************** + SAFE RANDOM +*************************************************************************************/ + +bi_ptr compute_random_number( bi_ptr result, const bi_ptr element); + +#if 0 +/*********************************************************************************** + SAVE / LOAD +*************************************************************************************/ + +/* load an big integer in the already open ("r") file */ +void bi_load( bi_ptr bi, FILE *file); + +/* load an big integer array in the already open ("r") file */ +void bi_load_array( bi_array_ptr array, FILE *file); + +/* save an big integer array in the already open ("w") file */ +void bi_save_array( const bi_array_ptr array, const char *name, FILE *file); + +/* save an big integer in the already open ("w") file */ +void bi_save( const bi_ptr bi,const char *name, FILE *file); +#endif + +/*********************************************************************************** + CONVERSION +*************************************************************************************/ + +/* dump the big integer as hexadecimal */ +char *bi_2_hex_char(const bi_ptr i); + + /* dump the big integer as decimal */ +char *bi_2_dec_char(const bi_ptr i); + + /* set to the same value as */ + /* := */ +bi_ptr bi_set( bi_ptr i, const bi_ptr value); + +/* set with the value represented by given hexadecimal */ + /* := */ +bi_ptr bi_set_as_hex( bi_ptr i, const char *value); + +/* set with the value represented by given decimal */ + /* := */ +bi_ptr bi_set_as_dec( bi_ptr i, const char *value); + +/* set with the value represented by unsigned int */ + /* := */ +bi_ptr bi_set_as_si( bi_ptr result, const int value); + +/* return (long)bi_t */ +long bi_get_si(const bi_ptr i); + +/* return the size of a network byte order representation of */ +long bi_nbin_size(const bi_ptr i); + +/* return a BYTE * - in network byte order - and update the length */ +/* the result is allocated internally */ +unsigned char *bi_2_nbin( int *length, const bi_ptr i); + +/* return a BYTE * - in network byte order - and update the length */ +/* different from bi_2_nbin: you should reserve enough memory for the storage */ +void bi_2_nbin1( int *length, unsigned char *, const bi_ptr i); + +/* return a bi_ptr that correspond to the big endian encoded BYTE array of length */ +bi_ptr bi_set_as_nbin( const unsigned long length, const unsigned char *buffer); + +/* + convert to a byte array of length result, + the beginning of this buffer is feel with '0' if needed +*/ +void bi_2_byte_array( unsigned char *result, int length, bi_ptr bi); + +/* convert a bi to a openssl BIGNUM struct */ +BIGNUM *bi_2_BIGNUM( const bi_ptr); + + +/*********************************************************************************** + BITS OPERATION +*************************************************************************************/ +/* set the bit to 1 */ +bi_ptr bi_setbit( bi_ptr result, const int bit); + +/* := << */ +bi_ptr bi_shift_left( bi_ptr result, const bi_ptr i, const int n); + +/* := >> */ +bi_ptr bi_shift_right( bi_ptr result, const bi_ptr i, const int n); + +/*********************************************************************************** + NUMBER THEORIE OPERATION +*************************************************************************************/ +/* create a random of length bits */ +/* res := random( length) */ +bi_ptr bi_urandom( bi_ptr res, const long length); + +/* res := mod */ +bi_ptr bi_mod(bi_ptr res, const bi_ptr n, const bi_ptr m); + +/* res := mod */ +bi_ptr bi_mod_si(bi_ptr res, const bi_ptr n, const long m); + +/* generate prime number of bits */ +bi_ptr bi_generate_prime( bi_ptr i, const long length); + +/* +return true (>0, bigger is better, but this is contextual to the plugin) +if is a probably prime +*/ +int bi_is_probable_prime( const bi_ptr i); + +/* result := (inverse of ) mod */ +/* if the inverse exist, return >0, otherwise 0 */ +int bi_invert_mod( bi_ptr result, const bi_ptr i, const bi_ptr m); + +/* generate a safe prime number of bits */ +/* by safe we mean a prime p so that (p-1)/2 is also prime */ +bi_ptr bi_generate_safe_prime( bi_ptr result, const long bit_length); + +/* return in the greatest common divisor of and */ +/* := gcd( , ) */ +bi_ptr bi_gcd( bi_ptr result, bi_ptr a, bi_ptr b); + +/*********************************************************************************** + BASIC MATH OPERATION +*************************************************************************************/ + +/* := result++ */ +bi_ptr bi_inc(bi_ptr result); + +/* := result-- */ +bi_ptr bi_dec(bi_ptr result); + +/* := - */ +bi_ptr bi_negate( bi_ptr result); + +/* set by the multiplication of by the long */ +/* := * */ +bi_ptr bi_mul_si( bi_ptr result, const bi_ptr i, const long n); + +/* := * */ +bi_ptr bi_mul( bi_ptr result, const bi_ptr i, const bi_ptr n); + +/* set by the division of by the long */ +/* := / */ +bi_ptr bi_div_si( bi_ptr result, const bi_ptr i, const long n); + +/* := / */ +bi_ptr bi_div( bi_ptr result, const bi_ptr i, const bi_ptr n); + +/* set by the addition of by the long */ +/* := + */ +bi_ptr bi_add_si( bi_ptr result, const bi_ptr i, const long n); + +/* := + */ +bi_ptr bi_add( bi_ptr result, const bi_ptr i, const bi_ptr n); + +/* := - */ +bi_ptr bi_sub_si( bi_ptr result, const bi_ptr i, const long n); + +/* := - */ +bi_ptr bi_sub( bi_ptr result, const bi_ptr i, const bi_ptr n); + +/* := ( ^ ) mod */ +bi_ptr bi_mod_exp_si( bi_ptr result, const bi_ptr g, const bi_ptr e, const long m); + +/* := ( ^ ) mod */ +bi_ptr bi_mod_exp( bi_ptr result, const bi_ptr g, const bi_ptr e, const bi_ptr m); + +/* +multiple-exponentiation + := mod( Multi( i, i), number of byte ) with 0 <= i <= +bi_t[] is used for commodity (bi-ptr[] need allocation for each bi_ptr, something made +in the stack with bi_t) +*/ +bi_ptr bi_multi_mod_exp( bi_ptr result, + const int n, + const bi_t g[], + const long e[], + const int m); + +/*********************************************************************************** + COMPARAISON +*************************************************************************************/ +/* n1n2 return positive value +*/ +int bi_cmp( const bi_ptr n1, const bi_ptr n2); + +/* n1n2 return positive value +*/ +int bi_cmp_si( const bi_ptr n1, const int n2); + +/* n1 == n2 return 1 (true) + else return 0 +*/ +int bi_equals( const bi_ptr n1, const bi_ptr n2); + +/* n1 == n2 return 1 (true) + else return 0 +*/ +int bi_equals_si( const bi_ptr n1, const int n2); + +#endif /*BI_H_*/ diff --git a/src/include/daa/bi_gmp.h b/src/include/daa/bi_gmp.h new file mode 100644 index 0000000..8e0f611 --- /dev/null +++ b/src/include/daa/bi_gmp.h @@ -0,0 +1,295 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2006 + * + */ + +#ifndef BI_GMP_ +#define BI_GMP_ + +#include +// needed for OPENSSL_free +#include + +typedef mpz_t bi_t; +typedef mpz_ptr bi_ptr; + +extern gmp_randstate_t state; + +/* initialized the given big integer */ +INLINE_DECL bi_ptr bi_new(bi_t i) { + mpz_init( i); + return i; +} + +/* create a big integer pointer */ +INLINE_DECL bi_ptr bi_new_ptr(void) { + mpz_ptr res; + + res = (mpz_ptr)malloc( sizeof( mpz_t)); + if( res == NULL) return NULL; + mpz_init( res); + return res; +} + +/* free resources allocated to the big integer */ +INLINE_DECL void bi_free(const bi_ptr i) { + mpz_clear( i); +} + +/* free resources allocated to the big integer pointer */ +INLINE_DECL void bi_free_ptr(const bi_ptr i) { + mpz_clear( i); + free( i); +} + +/* return the current number of bits of the number */ +INLINE_DECL long bi_length( const bi_ptr res) { + return mpz_sizeinbase( res, 2); +} + +/*********************************************************************************** + CONVERSIONS +*************************************************************************************/ + + +/* return an hex dump of the given big integer */ +INLINE_DECL char *bi_2_hex_char(const bi_ptr i) { + char *ret; + + gmp_asprintf( &ret, "%ZX", i); + list_add( allocs, ret); + return ret; +} + +/* return an hex dump of the given big integer */ +INLINE_DECL char *bi_2_dec_char(const bi_ptr i) { + char *ret; + + gmp_asprintf( &ret, "%Zd", i); + list_add( allocs, ret); + return ret; +} + +/* set to the same value as the big integer */ +INLINE_DECL bi_ptr bi_set( bi_ptr result, const bi_ptr value) { + mpz_set( result, value); + return result; +} + +/* set the initialized variable to the value represented by the given hex format stirng */ +INLINE_DECL bi_ptr bi_set_as_hex( bi_ptr result, const char *value) { + mpz_set_str( result, value, 16); + return result; +} + +/* set the initialized variable to the value represented by the given hex format stirng */ +INLINE_DECL bi_ptr bi_set_as_dec( bi_ptr result, const char *value) { + mpz_set_str( result, value, 10); + return result; +} + +/* set with the value represented by unsigned int */ +/* := */ +INLINE_DECL bi_ptr bi_set_as_si( bi_ptr result, const int value) { + mpz_set_si( result, value); + return result; +} + +/* return (long)bi_t */ +INLINE_DECL long bi_get_si(const bi_ptr i) { + return mpz_get_si( i); +} + +/* convert a bi type to a openssl BIGNUM struct */ +INLINE_DECL BIGNUM *bi_2_BIGNUM( const bi_ptr i) { + BIGNUM *result; + char *value = bi_2_hex_char( i); + + BN_hex2bn( &result, value); + return result; +} + +/* set with the value represented by the given openssl BIGNUM struct */ +INLINE_DECL bi_ptr bi_set_as_BIGNUM( bi_ptr i, BIGNUM *bn) { + char *value = BN_bn2hex( bn); + + if( value == NULL) return NULL; + bi_set_as_hex( i, value); + OPENSSL_free( value); + return i; +} + +/*********************************************************************************** + BASIC MATH OPERATION +*************************************************************************************/ + +/* := result + 1 */ +INLINE_DECL bi_ptr bi_inc(bi_ptr result) { + mpz_add_ui( result, result, 1); + return result; +} + +/* := result - 1 */ +INLINE_DECL bi_ptr bi_dec(bi_ptr result) { + mpz_sub_ui( result, result, 1); + return result; +} + +/* set by the division of by the long */ +/* := / */ +INLINE_DECL bi_ptr bi_div_si( bi_ptr result, const bi_ptr i, const long n) { + mpz_div_ui( result, i, n); + return result; +} + +/* := / */ +INLINE_DECL bi_ptr bi_div( bi_ptr result, const bi_ptr i, const bi_ptr n) { + mpz_div( result, i, n); + return result; +} + +/* := - */ +INLINE_DECL bi_ptr bi_negate( bi_ptr result) { + mpz_neg( result, result); + return result; +} + +/* multiply the given big integer by the give long and return the result in */ +INLINE_DECL bi_ptr bi_mul_si( bi_ptr result, const bi_ptr i, const long n) { + mpz_mul_si( result, i, n); + return result; +} + + /* := * */ +INLINE_DECL bi_ptr bi_mul( bi_ptr result, const bi_ptr i, const bi_ptr n) { + mpz_mul( result, i, n); + return result; +} + +/* := + */ +INLINE_DECL bi_ptr bi_add_si( bi_ptr result, const bi_ptr i, const long n) { + mpz_add_ui( result, i, n); + return result; +} + +/* := + */ +INLINE_DECL bi_ptr bi_add( bi_ptr result, const bi_ptr i, const bi_ptr n) { + mpz_add( result, i, n); + return result; +} + +/* := - */ +INLINE_DECL bi_ptr bi_sub_si( bi_ptr result, const bi_ptr i, const long n) { + // n should be unsigned + mpz_sub_ui( result, i, n); + return result; +} + +/* := - */ +INLINE_DECL bi_ptr bi_sub( bi_ptr result, const bi_ptr i, const bi_ptr n) { + mpz_sub( result, result, n); + return result; +} + +/* := ( ^ ) mod */ +INLINE_DECL bi_ptr bi_mod_exp( bi_ptr result, const bi_ptr g, const bi_ptr e, const bi_ptr m) { + mpz_powm( result, g, e, m); + return result; +} + +/* := ( ^ ) mod */ +INLINE_DECL bi_ptr bi_mod_exp_si( bi_ptr result, const bi_ptr g, const bi_ptr e, const long m) { + mpz_t bi_m; + + mpz_init( bi_m); + mpz_set_si( bi_m, m); + mpz_powm( result, g, e, bi_m); + mpz_clear( bi_m); + return result; +} + +/*********************************************************************************** + BITS OPERATION +*************************************************************************************/ +/* set the bit to 1 */ +INLINE_DECL bi_ptr bi_setbit(bi_ptr result, const int bit) { + mpz_setbit( result, bit); + return result; +} + +/* := << */ +INLINE_DECL bi_ptr bi_shift_left( bi_ptr result, const bi_ptr i, const int n) { + mpz_mul_2exp( result, i, n); + return result; +} + +/* := >> */ +INLINE_DECL bi_ptr bi_shift_right( bi_ptr result, const bi_ptr i, const int n) { + mpz_div_2exp( result, i, n); + return result; +} + +/*********************************************************************************** + COMPARAISON +*************************************************************************************/ +/* n1n2 return positive value +*/ +INLINE_DECL int bi_cmp( const bi_ptr n1, const bi_ptr n2) { + return mpz_cmp( n1, n2); +} + +/* n1n2 return positive value +*/ +INLINE_DECL int bi_cmp_si( const bi_ptr n1, const int n2) { + return mpz_cmp_ui( n1, n2); +} + +/* n1 == n2 return 1 (true) + * else return 0 +*/ +INLINE_DECL int bi_equals( const bi_ptr n1, const bi_ptr n2) { + return mpz_cmp( n1, n2) == 0 ? 1 : 0; +} + +/* n1 == n2 return 1 (true) + * else return 0 +*/ +INLINE_DECL int bi_equals_si( const bi_ptr n1, const int n2) { + return mpz_cmp_ui( n1, n2) == 0 ? 1 : 0; +} + +/* create a random of length bits */ +/* res := random( length) */ +INLINE_DECL bi_ptr bi_urandom( bi_ptr result, const long length) { + mpz_urandomb( result, state, length); + return result; +} + +/* res := mod */ +INLINE_DECL bi_ptr bi_mod_si( bi_ptr result, const bi_ptr n, const long m) { + mpz_mod_ui( result, n, m); + return result; +} + +/* res := mod */ +INLINE_DECL bi_ptr bi_mod( bi_ptr result, const bi_ptr n, const bi_ptr m) { + mpz_mod( result, n, m); + return result; +} + +/* result := (inverse of ) mod */ +/* if the inverse exist, return >0, otherwise 0 */ +INLINE_DECL int bi_invert_mod( bi_ptr result, const bi_ptr i, const bi_ptr m) { + return mpz_invert( result, i, m); +} + +#endif /*BI_GMP_*/ diff --git a/src/include/daa/bi_openssl.h b/src/include/daa/bi_openssl.h new file mode 100644 index 0000000..8bd3f1d --- /dev/null +++ b/src/include/daa/bi_openssl.h @@ -0,0 +1,352 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2006 + * + */ + +#ifndef BI_OPENSSL_ +#define BI_OPENSSL_ + +#include +#include + +typedef struct bignum_st bi_t[1]; + +typedef struct bignum_st *bi_ptr; + +extern BN_CTX *context; + + +INLINE_DECL bi_ptr bi_new(bi_ptr result) { + BN_init( result); + return result; +} + +/* create a big integer pointer */ +INLINE_DECL bi_ptr bi_new_ptr(void) { + return BN_new(); +} + +/* free resources allocated to the big integer */ +INLINE_DECL void bi_free(const bi_ptr i) { + BN_free( i); +} + +/* free resources allocated to the big integer pointer */ +INLINE_DECL void bi_free_ptr(const bi_ptr i) { + BN_free( i); +} + +/* := result++ */ +INLINE_DECL bi_ptr bi_inc(bi_ptr result) { + BN_add_word( result, 1); + return result; +} + +/* := result-- */ +INLINE_DECL bi_ptr bi_dec(bi_ptr result) { + BN_sub_word( result, 1); + return result; +} + +/* return the current number of bits of the number */ +INLINE_DECL long bi_length( const bi_ptr res) { + return BN_num_bits( res); +} + +/*********************************************************************************** + BASIC MATH OPERATION +*************************************************************************************/ +/* := - */ +INLINE_DECL bi_ptr bi_negate( bi_ptr result) { + BIGNUM *n = result; + n->neg = ( n->neg == 0 ? 1 : 0); + return result; +} + +INLINE_DECL bi_ptr bi_mul_si( bi_ptr result, const bi_ptr i, const long n) { + BN_copy( result, i); + BN_mul_word( result, n); + return result; +} + +/* := * */ +INLINE_DECL bi_ptr bi_mul( bi_ptr result, const bi_ptr i, const bi_ptr n) { + BN_mul( result, i, n, context); + return result; +} + +INLINE_DECL bi_ptr bi_add_si( bi_ptr result, const bi_ptr i, const long n) { + BN_copy( result, i); + BN_add_word( result, n); + return result; +} + +/* := + */ +INLINE_DECL bi_ptr bi_add( bi_ptr result, const bi_ptr i, const bi_ptr n) { + BN_add( result, i, n); + return result; +} + +/* := - */ +INLINE_DECL bi_ptr bi_sub_si( bi_ptr result, const bi_ptr i, const long n) { + // n should be unsigned + BN_copy( result, i); // result := i + BN_sub_word( result, n); // result := result - n + return result; +} + +/* := - */ +INLINE_DECL bi_ptr bi_sub( bi_ptr result, const bi_ptr i, const bi_ptr n) { + BN_sub( result, i, n); + return result; +} + +/* := ( ^ ) mod */ +INLINE_DECL bi_ptr bi_mod_exp( bi_ptr result, const bi_ptr g, const bi_ptr e, const bi_ptr m) { + BN_mod_exp( result, g, e, m, context); // result := (g ^ e) mod bi_m + return result; +} + +/* set by the division of by the long */ +/* := / */ +INLINE_DECL bi_ptr bi_div_si( bi_ptr result, const bi_ptr i, const long n) { + BN_copy( result, i); + BN_div_word( result, n); + return result; +} + +/* := / */ +INLINE_DECL bi_ptr bi_div( bi_ptr result, const bi_ptr i, const bi_ptr n) { + BN_div( result, NULL, i, n, context); + return result; +} + +/*********************************************************************************** + COMPARAISON +*************************************************************************************/ +/* n1n2 return positive value +*/ +INLINE_DECL int bi_cmp( const bi_ptr n1, const bi_ptr n2) { + return BN_cmp( n1, n2); +} + +/* n1n2 return positive value +*/ +INLINE_DECL int bi_cmp_si( const bi_ptr n1, const int n2) { + BIGNUM *temp = BN_new(); + BN_set_word( temp, n2); + int res = BN_cmp( n1, temp); + BN_free( temp); + return res; +} + +/* n1 == n2 return 1 (true) + * else return 0 +*/ +INLINE_DECL int bi_equals( const bi_ptr n1, const bi_ptr n2) { + return BN_cmp( n1, n2) == 0 ? 1 :0; +} + +/* n1 == n2 return 1 (true) + * else return 0 +*/ +INLINE_DECL int bi_equals_si( const bi_ptr n1, const int n2) { + return BN_is_word( n1, n2); +} + +/*********************************************************************************** + CONVERSIONS +*************************************************************************************/ + +INLINE_DECL char *bi_2_hex_char(const bi_ptr i) { + char *result = BN_bn2hex( i); + + if( result == NULL) { + return NULL; + } + list_add( allocs, result); + return result; +} + +INLINE_DECL char *bi_2_dec_char(const bi_ptr i) { + char *result = BN_bn2dec( i); + + if( result == NULL) { + return NULL; + } + list_add( allocs, result); + return result; +} + +INLINE_DECL bi_ptr bi_set( bi_ptr result, const bi_ptr value) { + BN_copy( result, value); + return result; +} + +INLINE_DECL bi_ptr bi_set_as_hex( bi_ptr result, const char *value) { + BN_hex2bn( &result, value); + return result; +} + +INLINE_DECL bi_ptr bi_set_as_dec( bi_ptr result, const char *value) { + BN_dec2bn( &result, value); + return result; +} + +/* set with the value represented by unsigned int */ + /* := */ +INLINE_DECL bi_ptr bi_set_as_si( bi_ptr result, const int value) { + if( value < 0) { + BN_set_word( result, -value); + result->neg=1; + } else + BN_set_word( result, value); + return result; +} + +/* return (long)bi_t */ +INLINE_DECL long bi_get_si(const bi_ptr i) { + long result = BN_get_word( i); + + if( i->neg == 1) { + return -result; + } + return result; +} + +/* return the size of a network byte order representation of */ +INLINE_DECL long bi_nbin_size(const bi_ptr i) { + return BN_num_bytes( i); +} + +/* return a BYTE * in network byte order - big endian - and update the length */ +INLINE_DECL unsigned char *bi_2_nbin( int *length, const bi_ptr i) { + unsigned char *ret; + + *length = BN_num_bytes( i); + ret = (unsigned char *)bi_alloc( *length * 2); + if( ret == NULL) return NULL; + BN_bn2bin( i, ret); + return ret; +} + +/* return a BYTE * - in network byte order - and update the length */ +/* different from bi_2_nbin: you should reserve enough memory for the storage */ +INLINE_DECL void bi_2_nbin1( int *length, unsigned char *buffer, const bi_ptr i) { + *length = BN_num_bytes( i); + BN_bn2bin( i, buffer); +} + +/* return a bi_ptr that correspond to the big endian encoded BYTE array of length */ +INLINE_DECL bi_ptr bi_set_as_nbin( const unsigned long length, const unsigned char *buffer) { + bi_ptr ret_bi = bi_new_ptr(); + + if( ret_bi == NULL) return NULL; + if( BN_bin2bn( buffer, length, ret_bi) == NULL) { + bi_free( ret_bi); + return NULL; + } + return ret_bi; +} + +/* convert a bi to a openssl BIGNUM struct */ +INLINE_DECL BIGNUM *bi_2_BIGNUM( const bi_ptr i) { + return i; +} + +/* set with the value represented by the given openssl BIGNUM struct */ +INLINE_DECL bi_ptr bi_set_as_BIGNUM( bi_ptr i, BIGNUM *bn) { + return bi_set( i, bn); +} + +/*********************************************************************************** + BITS OPERATION +*************************************************************************************/ +/* set the bit to 1 */ +INLINE_DECL bi_ptr bi_setbit(bi_ptr result, const int bit) { + BN_set_bit( result, bit); + return result; +} + +/* := << */ +INLINE_DECL bi_ptr bi_shift_left( bi_ptr result, const bi_ptr i, const int n) { + BN_lshift( result, i, n); + return result; +} + +/* := >> */ +INLINE_DECL bi_ptr bi_shift_right( bi_ptr result, const bi_ptr i, const int n) { + BN_rshift( result, i, n); + return result; +} + +/* create a random of length bits */ +/* res := random( length) */ +INLINE_DECL bi_ptr bi_urandom( bi_ptr result, const long length) { + /* + * will be a generated cryptographically strong pseudo-random number of length + * + */ + BN_rand( result, length, -1, 0); + return result; +} + + +/* res := mod */ +INLINE_DECL bi_ptr bi_mod_si( bi_ptr result, const bi_ptr n, const long m) { + BIGNUM *mod = BN_new(); + BN_set_word( mod, m); + BN_mod( result, n, mod, context); + BN_free( mod); + return result; +} + +/* res := mod */ +INLINE_DECL bi_ptr bi_mod( bi_ptr result, const bi_ptr n, const bi_ptr m) { + BN_mod( result, n, m, context); + if( result->neg == 1) { + result->neg=0; + BN_sub( result, m, result); + } + return result; +} + +/* result := (inverse of ) mod */ +/* if the inverse exist, return >0, otherwise 0 */ +INLINE_DECL int bi_invert_mod( bi_ptr result, const bi_ptr i, const bi_ptr m) { + while( ERR_get_error() != 0); + BN_mod_inverse( result, i, m, context); + return ERR_get_error() == 0 ? 1 : 0; +} + +/* generate a prime number of bits */ +INLINE_DECL bi_ptr bi_generate_prime( bi_ptr result, const long bit_length) { + BN_generate_prime(result, bit_length, 0, NULL, NULL, NULL, NULL); + return result; +} + +/* generate a safe prime number of bits */ +/* by safe we mean a prime p so that (p-1)/2 is also prime */ +INLINE_DECL bi_ptr bi_generate_safe_prime( bi_ptr result, const long bit_length) { + BN_generate_prime(result, bit_length, 1, NULL, NULL, NULL, NULL); + return result; +} + +/* return in the greatest common divisor of and */ +/* := gcd( , ) */ +INLINE_DECL bi_ptr bi_gcd( bi_ptr result, bi_ptr a, bi_ptr b) { + BN_gcd( result, a, b, context); + return result; +} + + +#endif /*BI_OPENSSL_*/ diff --git a/src/include/daa/daa_parameter.h b/src/include/daa/daa_parameter.h new file mode 100644 index 0000000..f1f3447 --- /dev/null +++ b/src/include/daa/daa_parameter.h @@ -0,0 +1,87 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2006 + * + */ + +#ifndef DAA_PARAMETER_H_ +#define DAA_PARAMETER_H_ + +// for message digest +//#include +#include "trousers/tss.h" +//#include "spi_internal_types.h" +#include "spi_utils.h" + +#define DAA_PARAM_TSS_VERSION_LENGTH (4) +static const BYTE DAA_PARAM_TSS_VERSION[] = { 1, 2, 0, 0 }; + +#define DAA_PARAM_DEFAULT_CRYPTO_PROVIDER_NAME "BC" + +// Name of default hash function +#define DAA_PARAM_MESSAGE_DIGEST_ALGORITHM "SHA1" + +// Name of hash function used independently in TSS +#define DAA_PARAM_MESSAGE_DIGEST_ALGORITHM_TSS "SHA1" + +// l_n (bits) +#define DAA_PARAM_SIZE_RSA_MODULUS (2048) + +// l_f (bits) +#define DAA_PARAM_SIZE_F_I (104) + +// l_q (2 * SIZE_F_I) +#define DAA_PARAM_SIZE_RHO (208) + +// l_e +#define DAA_PARAM_SIZE_EXPONENT_CERTIFICATE (368) + +// lPrime_e +#define DAA_PARAM_SIZE_INTERVAL_EXPONENT_CERTIFICATE (120) + +// l_zero +#define DAA_PARAM_SAFETY_MARGIN (80) + +// Byte length of TPM message digest (sha-1) +#define DAA_PARAM_LENGTH_MESSAGE_DIGEST (20) + +// Byte length of TSS message digest (sha-256) +#define DAA_PARAM_LENGTH_MESSAGE_DIGEST_TSS (32) + +// l_H depends on the message digest algo +#define DAA_PARAM_SIZE_MESSAGE_DIGEST (160) +// 8 * LENGTH_MESSAGE_DIGEST; + +// l_GAMMA +#define DAA_PARAM_SIZE_MODULUS_GAMMA (1632) + +#define DAA_PARAM_SIZE_SPLIT_EXPONENT (1024) + +// TPM asym key size (bits) +#define DAA_PARAM_KEY_SIZE (2048) + +// Default RSA public key exponent (Fermat 4) +#define DAA_PARAM_LENGTH_MFG1_ANONYMITY_REVOCATION (25) +// (SIZE_RHO-1)/8; + +#define DAA_PARAM_LENGTH_MFG1_GAMMA (214) +// (SIZE_MODULUS_GAMMA + SIZE_SAFETY_MARGIN)/8; + +#define DAA_PARAM_SIZE_RND_VALUE_CERTIFICATE (2536) + +// (bits) +#define DAA_PARAM_SIZE_RANDOMIZED_ATTRIBUTES (DAA_PARAM_SIZE_F_I+DAA_PARAM_SAFETY_MARGIN+DAA_PARAM_SIZE_MESSAGE_DIGEST) + +#define TSS_FLAG_DAA_SIGN_IDENTITY_KEY 0 +#define TSS_FLAG_DAA_SIGN_MESSAGE_HASH 1 + + +extern EVP_MD *DAA_PARAM_get_message_digest(void); + +extern char *err_string(TSS_RESULT r); + +#endif /*DAA_PARAMETER_H_*/ diff --git a/src/include/daa/daa_structs.h b/src/include/daa/daa_structs.h new file mode 100644 index 0000000..5b06762 --- /dev/null +++ b/src/include/daa/daa_structs.h @@ -0,0 +1,385 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2006 + * + */ + +#ifndef DAA_STRUCT_H_ +#define DAA_STRUCT_H_ + +#include +#include +#include + +#include "tss/tcs.h" +#include "bi.h" +#include "arpa/inet.h" + +// for message digest +#include + +#define init_tss_version(b) \ +do {\ + (b)->versionInfo.bMajor = DAA_PARAM_TSS_VERSION[0];\ + (b)->versionInfo.bMinor = DAA_PARAM_TSS_VERSION[1];\ + (b)->versionInfo.bRevMajor = DAA_PARAM_TSS_VERSION[2];\ + (b)->versionInfo.bRevMinor = DAA_PARAM_TSS_VERSION[3];\ +} while(0); + +BYTE *convert_alloc( TCS_CONTEXT_HANDLE tcsContext, + UINT32 length, + BYTE *source); + +BYTE *copy_alloc( TCS_CONTEXT_HANDLE tcsContext, + UINT32 length, + BYTE *source); + +void store_bi( UINT32 *length, + BYTE **buffer, + const bi_ptr i, + void * (*daa_alloc)(size_t size, TSS_HOBJECT object), + TSS_HOBJECT object); + +/* length is in network format: big indian */ +void dump_field( int length, BYTE *buffer); + +/******************************************************************************************** + TSS_DAA_ATTRIB_COMMIT + ********************************************************************************************/ + +typedef struct tdTSS_DAA_ATTRIB_COMMIT_internal { + bi_ptr beta; + bi_ptr sMu; +} TSS_DAA_ATTRIB_COMMIT_internal; + +TSS_DAA_ATTRIB_COMMIT_internal *create_TSS_DAA_ATTRIB_COMMIT( bi_ptr beta, bi_ptr sMu); + +/******************************************************************************************** + * TSS_DAA_SELECTED_ATTRIB + * this struct is used internally and externally, only a call to internal_2_DAA_SELECTED_ATTRIB + * DAA_SELECTED_ATTRIB_2_internal will change the struct to be internal or external + ********************************************************************************************/ + +void i_2_e_TSS_DAA_SELECTED_ATTRIB( TSS_DAA_SELECTED_ATTRIB *selected_attrib); + +void e_2_i_TSS_DAA_SELECTED_ATTRIB( TSS_DAA_SELECTED_ATTRIB *selected_attrib); + +/* work ONLY with internal format */ +BYTE *to_bytes_TSS_DAA_SELECTED_ATTRIB_internal( int *length, TSS_DAA_SELECTED_ATTRIB *selected_attrib); + +/* +create a TSS_DAA_SELECTED_ATTRIB of length with given selected attributes. +example of selections of the second and third attributes upon 5: +create_TSS_DAA_SELECTED_ATTRIB( &selected_attrib, 5, 0, 1, 1, 0, 0); +*/ +void create_TSS_DAA_SELECTED_ATTRIB( TSS_DAA_SELECTED_ATTRIB *attrib, int length, ...); + +/******************************************************************************************** + * DAA PRIVATE KEY + ********************************************************************************************/ + +/** + * DAA private key. Contains p', q' and the product of it, where n = p*q, p = + * 2*p'+1 and q = 2*q'+1. n is part of the public key. + * (from com.ibm.zurich.tcg.daa.issuer.DAAPrivateKey.java) + */ +typedef struct { + bi_ptr p_prime; + bi_ptr q_prime; + bi_ptr productPQprime; +} DAA_PRIVATE_KEY_internal; + +/** + * allocate: ret->p_prime + * ret->q_prime + * ret->productPQprime + */ +DAA_PRIVATE_KEY_internal *create_TSS_DAA_PRIVATE_KEY( + bi_ptr pPrime, + bi_ptr qPrime +); +#if 0 +int save_DAA_PRIVATE_KEY( + FILE *file, + const DAA_PRIVATE_KEY_internal *private_key +); + +DAA_PRIVATE_KEY_internal *load_DAA_PRIVATE_KEY( + FILE *file +); +TSS_DAA_PRIVATE_KEY* i_2_e_TSS_DAA_PRIVATE_KEY( + DAA_PRIVATE_KEY_internal *private_key_internal, + void * (*daa_alloc)(size_t size, TSS_HOBJECT object), + TSS_HOBJECT object +); + +DAA_PRIVATE_KEY_internal *e_2_i_TSS_DAA_PRIVATE_KEY( + TSS_DAA_PRIVATE_KEY *private_key +); + +#endif +/******************************************************************************************** + * TSS_DAA_PK + ********************************************************************************************/ + +typedef struct tdTSS_DAA_PK_internal { + bi_ptr modulus; + bi_ptr capitalS; + bi_ptr capitalZ; + bi_ptr capitalR0; + bi_ptr capitalR1; + bi_ptr gamma; + bi_ptr capitalGamma; + bi_ptr rho; + bi_array_ptr capitalRReceiver; + bi_array_ptr capitalRIssuer; + bi_array_ptr capitalY; + int issuerBaseNameLength; + BYTE *issuerBaseName; + // capitalSprime calculated at each init of this structure as : + // (capitalS ^ ( 1 << DAA_PARAM_SIZE_SPLIT_EXPONENT)) % modulus + bi_ptr capitalSprime; +} TSS_DAA_PK_internal; + +TSS_DAA_PK_internal *create_DAA_PK( + const bi_ptr modulus, + const bi_ptr capitalS, + const bi_ptr capitalZ, + const bi_ptr capitalR0, + const bi_ptr capitalR1, + const bi_ptr gamma, + const bi_ptr capitalGamma, + const bi_ptr rho, + const bi_array_ptr capitalRReceiver, + const bi_array_ptr capitalRIssuer, + int issuerBaseNameLength, + BYTE * const issuerBaseName); + +/* + * create anf feel a TSS_DAA_PK structures + */ +TSS_DAA_PK_internal *e_2_i_TSS_DAA_PK( + TSS_DAA_PK *pk +); + +TSS_DAA_PK *i_2_e_TSS_DAA_PK( + TSS_DAA_PK_internal *pk_internal, + void * (*daa_alloc)(size_t size, TSS_HOBJECT object), + TSS_HOBJECT param_alloc +); +#if 0 + +/* moved to daa_debug.h */ +int save_DAA_PK_internal( + FILE *file, + const TSS_DAA_PK_internal *pk_internal +); + +TSS_DAA_PK_internal *load_DAA_PK_internal( + FILE *file +); + +#endif + +void dump_DAA_PK_internal( + char *name, + TSS_DAA_PK_internal *pk_internal +); + +TPM_DAA_ISSUER *convert2issuer_settings( + TSS_DAA_PK_internal *pk_internal +); + +void free_TSS_DAA_PK_internal( + TSS_DAA_PK_internal *pk_internal +); + +void free_TSS_DAA_PK( TSS_DAA_PK *pk); + +BYTE *issuer_2_byte_array( + TPM_DAA_ISSUER *tpm_daa_issuer, + int *length +); + +/******************************************************************************************** + * TSS_DAA_PK_PROOF + ********************************************************************************************/ + +typedef struct tdTSS_DAA_PK_PROOF_internal { + BYTE *challenge; + int length_challenge; + bi_array_ptr *response; + int length_response; +} TSS_DAA_PK_PROOF_internal; + +TSS_DAA_PK_PROOF_internal *create_DAA_PK_PROOF( + BYTE* const challenge, + const int length_challenge, + bi_array_ptr *response, + int length_reponse); + +/* + * create anf feel a TSS_DAA_PK structures + */ +TSS_DAA_PK *TSS_convert_DAA_PK_PROOF( + TSS_DAA_PK_PROOF_internal *proof +); +#if 0 +int save_DAA_PK_PROOF_internal( + FILE *file, + TSS_DAA_PK_PROOF_internal *pk_internal +); + +TSS_DAA_PK_PROOF_internal *load_DAA_PK_PROOF_internal( + FILE *file +); +#endif +TSS_DAA_PK_PROOF_internal *e_2_i_TSS_DAA_PK_PROOF( + TSS_DAA_PK_PROOF *pk_proof +); + +TSS_DAA_PK_PROOF *i_2_e_TSS_DAA_PK_PROOF( + TSS_DAA_PK_PROOF_internal*pk_internal_proof, + void * (*daa_alloc)(size_t size, TSS_HOBJECT object), + TSS_HOBJECT param_alloc +); + +/* + * Encode the DAA_PK like java.security.Key#getEncoded + */ +BYTE *encoded_DAA_PK_internal( + int *result_length, + const TSS_DAA_PK_internal *pk +); + +/******************************************************************************************** + * KEY PAIR WITH PROOF + ********************************************************************************************/ + +typedef struct tdKEY_PAIR_WITH_PROOF_internal { + TSS_DAA_PK_internal *pk; + DAA_PRIVATE_KEY_internal *private_key; + TSS_DAA_PK_PROOF_internal *proof; +} KEY_PAIR_WITH_PROOF_internal; + +#if 0 + +/* moved to daa_debug.h */ + +int save_KEY_PAIR_WITH_PROOF( + FILE *file, + KEY_PAIR_WITH_PROOF_internal *key_pair_with_proof +); + +KEY_PAIR_WITH_PROOF_internal *load_KEY_PAIR_WITH_PROOF( + FILE *file +); + +#endif + +TSS_DAA_KEY_PAIR *get_TSS_DAA_KEY_PAIR( + KEY_PAIR_WITH_PROOF_internal *key_pair_with_proof, + void * (*daa_alloc)(size_t size, TSS_HOBJECT object), + TSS_HOBJECT param_alloc +); + + +/******************************************************************************************** + * TSS_DAA_PSEUDONYM_PLAIN + ********************************************************************************************/ + +typedef struct { + bi_ptr nV; +} TSS_DAA_PSEUDONYM_PLAIN_internal; + +TSS_DAA_PSEUDONYM_PLAIN_internal *create_TSS_DAA_PSEUDONYM_PLAIN( + bi_ptr nV +); + +/******************************************************************************************** + * TSS_DAA_PSEUDONYM_ENCRYPTED + ********************************************************************************************/ + +typedef struct { + bi_ptr sTau; + struct tdCS_ENCRYPTION_RESULT *cs_enc_result; +} TSS_DAA_PSEUDONYM_ENCRYPTED_internal; + + +/******************************************************************************************** + * TSS_DAA_SIGNATURE + ********************************************************************************************/ + +typedef struct { + bi_ptr zeta; + bi_ptr capitalT; + int challenge_length; + BYTE *challenge; + int nonce_tpm_length; + BYTE *nonce_tpm; + bi_ptr sV; + bi_ptr sF0; + bi_ptr sF1; + bi_ptr sE; + int sA_length; + bi_array_ptr sA; +} TSS_DAA_SIGNATURE_internal; + +TSS_DAA_SIGNATURE_internal *e_2_i_TSS_DAA_SIGNATURE( + TSS_DAA_SIGNATURE*signature +); + +void free_TSS_DAA_SIGNATURE_internal( + TSS_DAA_SIGNATURE_internal *signature +); + +/******************************************************************************************** + * TSS_DAA_JOIN_ISSUER_SESSION + ********************************************************************************************/ + +typedef struct td_TSS_DAA_JOIN_ISSUER_SESSION_internal { + TPM_DAA_ISSUER *issuerAuthKey; + TSS_DAA_PK_PROOF_internal *issuerKeyPair; + TSS_DAA_IDENTITY_PROOF *identityProof; + bi_ptr capitalUprime; + int daaCounter; + int nonceIssuerLength; + BYTE *nonceIssuer; + int nonceEncryptedLength; + BYTE *nonceEncrypted; +} TSS_DAA_JOIN_ISSUER_SESSION_internal; + + +/******************************************************************************************** + TSS_DAA_CRED_ISSUER +********************************************************************************************/ +#if 0 +TSS_DAA_CRED_ISSUER *load_TSS_DAA_CRED_ISSUER( FILE *file); + +int save_TSS_DAA_CRED_ISSUER( FILE *file, TSS_DAA_CRED_ISSUER *credential); + +#endif +/******************************************************************************************** + TSS_DAA_CREDENTIAL +********************************************************************************************/ +#if 0 +TSS_DAA_CREDENTIAL *load_TSS_DAA_CREDENTIAL( FILE *file); + +int save_TSS_DAA_CREDENTIAL( + FILE *file, + TSS_DAA_CREDENTIAL *credential +); + +#endif + +/******************************************************************************************** + TPM_DAA_ISSUER +********************************************************************************************/ + +void free_TPM_DAA_ISSUER( TPM_DAA_ISSUER *tpm_daa_issuer); + +#endif /*DAA_STRUCT_H_*/ diff --git a/src/include/daa/issuer.h b/src/include/daa/issuer.h new file mode 100644 index 0000000..59b6a71 --- /dev/null +++ b/src/include/daa/issuer.h @@ -0,0 +1,71 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2006-2007 + * + */ +#ifndef __ISSUER_H__ +#define __ISSUER_H__ + +#include "daa/daa_structs.h" +#include "daa/daa_parameter.h" +#include "tsplog.h" + + +TSS_RESULT +generate_key_pair(int num_attributes_issuer, + int num_attributes_receiver, + int base_nameLength, + BYTE *base_name, + KEY_PAIR_WITH_PROOF_internal **key_pair_with_proof +); + +TSS_DAA_PK_PROOF_internal *generate_proof( + const bi_ptr product_PQ_prime, + const TSS_DAA_PK_internal *public_key, + const bi_ptr xz, + const bi_ptr x0, + const bi_ptr x1, + bi_array_ptr x); + +#if 0 +TSPICALL +Tspi_DAA_IssueInit_internal( + TSS_HDAA hDAA, // in + TSS_HKEY issuerAuthPK, // in + TSS_HKEY issuerKeyPair, // in + TSS_DAA_IDENTITY_PROOF identityProof, // in + UINT32 capitalUprimeLength, // in + BYTE* capitalUprime, // in + UINT32 daaCounter, // in + UINT32* nonceIssuerLength, // out + BYTE** nonceIssuer, // out + UINT32* authenticationChallengeLength, // out + BYTE** authenticationChallenge, // out + TSS_DAA_JOIN_ISSUER_SESSION* joinSession // out +); + +TSPICALL +Tspi_DAA_IssueCredential_internal( + TSS_HDAA hDAA, // in + UINT32 attributesIssuerLength, // in + BYTE** attributesIssuer, // in + TSS_DAA_CREDENTIAL_REQUEST credentialRequest, // in + TSS_DAA_JOIN_ISSUER_SESSION joinSession, // in + TSS_DAA_CRED_ISSUER* credIssuer // out +); +#endif +TSS_RESULT +compute_join_challenge_issuer( TSS_DAA_PK_internal *pk_intern, + bi_ptr v_prime_prime, + bi_ptr capitalA, + bi_ptr capital_Atilde, + UINT32 nonceReceiverLength, + BYTE *nonceReceiver, + UINT32 *c_primeLength, + BYTE **c_prime); // out allocation + +#endif diff --git a/src/include/daa/key_correct.h b/src/include/daa/key_correct.h new file mode 100644 index 0000000..a6ce7d9 --- /dev/null +++ b/src/include/daa/key_correct.h @@ -0,0 +1,31 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2006 + * + */ + +#ifndef KEY_CORRECT_H_ +#define KEY_CORRECT_H_ + +#include "daa/daa_structs.h" +#include "daa/daa_parameter.h" +#include "tsplog.h" + + /** + * Verifies if the parameters Z,R0,R1,RReceiver and RIssuer of the public key + * were correctly computed. + * + * @param pk + * the public key, which one wants to verfy. + */ +TSS_RESULT +is_pk_correct( TSS_DAA_PK_internal *public_key, + TSS_DAA_PK_PROOF_internal *proof, + int *isCorrect +); + +#endif /*KEY_CORRECTNESS_PROOF_H_*/ diff --git a/src/include/daa/list.h b/src/include/daa/list.h new file mode 100644 index 0000000..27071d5 --- /dev/null +++ b/src/include/daa/list.h @@ -0,0 +1,40 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + +#ifndef LIST_H_ +#define LIST_H_ + +/* simple linked list template */ +struct _list_t { + void *obj; + struct _list_t *next; // pointer to next node +}; + +typedef struct _list_t node_t; // each link is a list "node" + +typedef struct { + node_t *head; // pointer to first node + node_t *current; + node_t *previous; +} list_struct; + +typedef list_struct* list_ptr; +typedef list_struct list_t[1]; + + +list_ptr list_new(); + +void list_add(list_ptr list, void * obj); + +void list_dump(list_ptr list); + +void list_freeall(list_ptr list); + +#endif /*LIST_H_*/ diff --git a/src/include/daa/platform.h b/src/include/daa/platform.h new file mode 100644 index 0000000..e494742 --- /dev/null +++ b/src/include/daa/platform.h @@ -0,0 +1,115 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2006 + * + */ + +#ifndef PLATFORM_H_ +#define PLATFORM_H_ + +#include "bi.h" +#include "daa_structs.h" + +#if 0 +// for RSA key +#include + +TSPICALL +Tspi_TPM_DAA_Sign_internal(TSS_HDAA hDAA, // in + TSS_HTPM hTPM, // in + TSS_HKEY hDaaCredential, // in + TSS_DAA_SELECTED_ATTRIB revealAttributes, // in + UINT32 verifierBaseNameLength, // in + BYTE* verifierBaseName, // in + UINT32 verifierNonceLength, // in + BYTE* verifierNonce, // in + TSS_DAA_SIGN_DATA signData, // in + TSS_DAA_SIGNATURE* daaSignature // out +); + +TSS_RESULT +Tspi_TPM_DAA_JoinInit_internal(TSS_HDAA hDAA, + TSS_HTPM hTPM, + int daa_counter, + TSS_DAA_PK *issuer_pk, + int issuer_authentication_PKLengh, + RSA **issuer_authentication_PK, + int issuer_authentication_PK_signaturesLength, + BYTE **issuer_authentication_PK_signatures, + int *capital_UprimeLength, + BYTE **capital_Uprime, + TSS_DAA_IDENTITY_PROOF *identity_proof, + TSS_DAA_JOIN_SESSION *joinSession +); + +TSPICALL Tspi_TPM_DAA_JoinCreateDaaPubKey_internal +( + TSS_HDAA hDAA, // in + TSS_HTPM hTPM, // in + UINT32 authenticationChallengeLength, // in + BYTE* authenticationChallenge, // in + UINT32 nonceIssuerLength, // in + BYTE* nonceIssuer, // in + UINT32 attributesPlatformLength, // in + BYTE** attributesPlatform, // in + TSS_DAA_JOIN_SESSION* joinSession, // in, out + TSS_DAA_CREDENTIAL_REQUEST* credentialRequest // out +); + +// allocation: endorsementKey as BYTE * +TSS_RESULT get_public_EK( + TSS_HDAA hDAA, + UINT32 *endorsementKeyLength, + BYTE **endorsementKey +); + +#endif + +TSS_RESULT +compute_join_challenge_host(TSS_HDAA_CREDENTIAL,//TSS_HDAA hDAA, + TSS_DAA_PK_internal *pk_internal, + bi_ptr capitalU, + bi_ptr capital_Uprime, + bi_ptr capital_utilde, + bi_ptr capital_utilde_prime, + bi_ptr capital_ni, + bi_ptr capital_ni_tilde, + UINT32 commitments_proofLength, + TSS_DAA_ATTRIB_COMMIT_internal * + commitments_proof, + UINT32 nonceIssuerLength, + BYTE* nonceIssuer, + UINT32 *resultLength, + BYTE **result +); + +#if 0 + +TSPICALL +Tspi_TPM_DAA_JoinStoreCredential_internal(TSS_HDAA hDAA, // in + TSS_HTPM hTPM, // in + TSS_DAA_CRED_ISSUER credIssuer, // in + TSS_DAA_JOIN_SESSION joinSession, // in + TSS_HKEY* hDaaCredential // out +); + +TSPICALL +Tspi_TPM_DAA_Sign_internal(TSS_HDAA hDAA, // in + TSS_HTPM hTPM, // in + TSS_HKEY hDaaCredential, // in + TSS_DAA_SELECTED_ATTRIB revealAttributes, // in + UINT32 verifierBaseNameLength, // in + BYTE* verifierBaseName, // in + UINT32 verifierNonceLength, // in + BYTE* verifierNonce, // in + TSS_DAA_SIGN_DATA signData, // in + TSS_DAA_SIGNATURE* daaSignature // out +); + +#endif + +#endif diff --git a/src/include/daa/verifier.h b/src/include/daa/verifier.h new file mode 100644 index 0000000..f177948 --- /dev/null +++ b/src/include/daa/verifier.h @@ -0,0 +1,110 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2006 + * + */ + +#ifndef VERIFIER_H_ +#define VERIFIER_H_ + +#include "bi.h" +#include "daa_structs.h" +#include "anonymity_revocation.h" +#include "daa_parameter.h" +#include "tsplog.h" + +/* + * Transaction of a DAA Verifier to verify a signature (VerifierTransaction.java) + */ +typedef struct { + BYTE *baseName; + int baseName_length; + EVP_MD *digest; + BYTE *nonce; + int nonce_length; + int is_anonymity_revocation_enabled; // boolean + BYTE *anonymity_revocation_condition; + int anonymity_revocation_condition_length; + CS_PUBLIC_KEY *anonymity_revocator_pk; + // private TssDaaSelectedAttrib[] selectedAttributes2Commit; + TSS_DAA_SELECTED_ATTRIB **selected_attributes2commit; + int selected_attributes2commitLength; +} DAA_VERIFIER_TRANSACTION; + +/* the return (BYTE *) should be free after usage */ +BYTE *compute_bytes( int seedLength, BYTE *seed, int length, const EVP_MD *digest); + +bi_ptr compute_zeta( int nameLength, unsigned char *name, TSS_DAA_PK_internal *issuer_pk); + +bi_ptr project_into_group_gamma( bi_ptr base, TSS_DAA_PK_internal *issuer_pk); +#if 0 +TSPICALL Tspi_DAA_VerifyInit_internal +( + TSS_HDAA hDAA, // in + UINT32* nonceVerifierLength, // out + BYTE** nonceVerifier, // out + UINT32 baseNameLength, // out + BYTE ** baseName // out +); + +TSPICALL Tspi_DAA_VerifySignature_internal +( TSS_HDAA hDAA, // in + TSS_DAA_SIGNATURE signature, // in + TSS_HKEY hPubKeyIssuer, // in + TSS_DAA_SIGN_DATA sign_data, // in + UINT32 attributes_length, // in + BYTE **attributes, // in + UINT32 nonce_verifierLength, // out + BYTE *nonce_verifier, // out + UINT32 base_nameLength, // out + BYTE *base_name, // out + TSS_BOOL *isCorrect // out +); +#else +TSS_RESULT +Tspi_DAA_VerifySignature +( + TSS_HDAA_CREDENTIAL hDAACredential, // in + TSS_HDAA_ISSUER_KEY hIssuerKey, // in + TSS_HDAA_ARA_KEY hARAKey, // in + TSS_HHASH hARACondition, // in + UINT32 attributesLength, // in + UINT32 attributesLength2, // in + BYTE** attributes, // in + UINT32 verifierNonceLength, // in + BYTE* verifierNonce, // in + UINT32 verifierBaseNameLength, // in + BYTE* verifierBaseName, // in + TSS_HOBJECT signData, // in + TSS_DAA_SIGNATURE* daaSignature, // in + TSS_BOOL* isCorrect // out +); + +#endif + +BYTE *compute_sign_challenge_host( + int *result_length, + EVP_MD *digest, + TSS_DAA_PK_internal *issuer_pk, + int nonce_verifierLength, + BYTE *nonce_verifier, + int selected_attributes2commitLength, + TSS_DAA_SELECTED_ATTRIB **selected_attributes2commit, + int is_anonymity_revocation_enabled, + bi_ptr zeta, + bi_ptr capital_t, + bi_ptr capital_tilde, + int attribute_commitmentsLength, + TSS_DAA_ATTRIB_COMMIT_internal **attribute_commitments, + TSS_DAA_ATTRIB_COMMIT_internal **attribute_commitment_proofs, + bi_ptr capital_nv, + bi_ptr capital_tilde_v, + CS_PUBLIC_KEY *anonymity_revocator_pk, + CS_ENCRYPTION_RESULT *encryption_result_rand, + CS_ENCRYPTION_RESULT *encryption_result_proof); + +#endif /*VERIFIER_H_*/ diff --git a/src/include/hosttable.h b/src/include/hosttable.h new file mode 100644 index 0000000..edc820b --- /dev/null +++ b/src/include/hosttable.h @@ -0,0 +1,43 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#ifndef _HOSTTABLE_H_ +#define _HOSTTABLE_H_ + +#include "rpc_tcstp.h" +#include "threads.h" + + +#define CONNECTION_TYPE_TCP_PERSISTANT 1 + +struct host_table_entry { + struct host_table_entry *next; + TSS_HCONTEXT tspContext; + TCS_CONTEXT_HANDLE tcsContext; + BYTE *hostname; + int type; + int socket; + struct tcsd_comm_data comm; + MUTEX_DECLARE(lock); +}; + +struct host_table { + struct host_table_entry *entries; + MUTEX_DECLARE(lock); +}; + +extern struct host_table *ht; +struct host_table_entry *get_table_entry(TCS_CONTEXT_HANDLE); +void put_table_entry(struct host_table_entry *); +TSS_RESULT __tspi_add_table_entry(TSS_HCONTEXT, BYTE *, int, struct host_table_entry **); +void remove_table_entry(TCS_CONTEXT_HANDLE); + + +#endif diff --git a/src/include/imaem.h b/src/include/imaem.h new file mode 100644 index 0000000..1d12128 --- /dev/null +++ b/src/include/imaem.h @@ -0,0 +1,35 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + +#ifndef _IMAEM_H_ +#define _IMAEM_H_ + +int ima_open(void *, FILE **); +TSS_RESULT ima_get_entries_by_pcr(FILE *, UINT32, UINT32, UINT32 *, TSS_PCR_EVENT **); +TSS_RESULT ima_get_entry(FILE *, UINT32, UINT32 *, TSS_PCR_EVENT **); +int ima_close(FILE *); + +extern struct ext_log_source ima_source; + +/* 4 bytes binary [PCR value] + * 20 bytes binary [SHA1 value] + * 4 bytes binary [event type] + * 255 bytes of ascii (MAX) [event name] + * 1 byte -> '\0' [separator ] + */ +#define IMA_MIN_EVENT_SIZE 29 +#define IMA_MAX_EVENT_SIZE 284 + +/* this should be large if we're reading out of /proc */ +#define IMA_READ_SIZE (4096 + IMA_MAX_EVENT_SIZE) + +#define EVLOG_SOURCE_IMA 1 + +#endif diff --git a/src/include/linux/tpm.h b/src/include/linux/tpm.h new file mode 100644 index 0000000..ee32c4d --- /dev/null +++ b/src/include/linux/tpm.h @@ -0,0 +1,41 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + +/* + * include/linux/tpm.h + * + * Device driver for TCPA TPM (trusted platform module). + */ +#ifndef _TPM_H_ +#define _TPM_H_ + +#if (defined (__linux) || defined (linux)) +#include +#elif (defined (__OpenBSD__) || defined (__FreeBSD__)) +#include +#endif + +/* ioctl commands */ +#define TPMIOC_CANCEL _IO('T', 0x00) +#define TPMIOC_TRANSMIT _IO('T', 0x01) + +#if defined(__KERNEL__) +extern ssize_t tpm_transmit(const char *buf, size_t bufsiz); +extern ssize_t tpm_extend(int index, u8 *digest); +extern ssize_t tpm_pcrread(int index, u8 *hash); +extern ssize_t tpm_dirread(int index, u8 *hash); +extern ssize_t tpm_cap_version(int *maj, int *min, int *ver, int *rev); +extern ssize_t tpm_cap_pcr(int *pcrs); +extern ssize_t tpm_cap_dir(int *dirs); +extern ssize_t tpm_cap_manufacturer(int *manufacturer); +extern ssize_t tpm_cap_slot(int *slots); +#endif /* __KERNEL__ */ + +#endif diff --git a/src/include/memmgr.h b/src/include/memmgr.h new file mode 100644 index 0000000..f78395f --- /dev/null +++ b/src/include/memmgr.h @@ -0,0 +1,37 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + +#ifndef _MEMMGR_H_ +#define _MEMMGR_H_ + +/* + * For each TSP context, there is one memTable, which holds a list of memEntry's, + * each of which holds a pointer to some malloc'd memory that's been returned to + * the user. The memTable also can point to other memTable's which would be + * created if multiple TSP contexts were opened. + * + */ + +struct memEntry { + void *memPointer; + struct memEntry *nextEntry; +}; + +struct memTable { + TSS_HCONTEXT tspContext; + struct memEntry *entries; + struct memTable *nextTable; +}; + +MUTEX_DECLARE_INIT(memtable_lock); + +struct memTable *SpiMemoryTable = NULL; + +#endif diff --git a/src/include/obj.h b/src/include/obj.h new file mode 100644 index 0000000..109a1ae --- /dev/null +++ b/src/include/obj.h @@ -0,0 +1,92 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#ifndef _OBJ_H_ +#define _OBJ_H_ + +#include "threads.h" + +/* definitions */ + +/* When TRUE, the object has PCRs associated with it */ +#define TSS_OBJ_FLAG_PCRS 0x00000001 +/* When TRUE, the object has a usage auth secret associated with it */ +#define TSS_OBJ_FLAG_USAGEAUTH 0x00000002 +/* When TRUE, the object has a migration auth secret associated with it */ +#define TSS_OBJ_FLAG_MIGAUTH 0x00000004 +/* When TRUE, the object has previously been registered in USER PS */ +#define TSS_OBJ_FLAG_USER_PS 0x00000008 +/* When TRUE, the object has previously been registered in SYSTEM PS */ +#define TSS_OBJ_FLAG_SYSTEM_PS 0x00000010 +/* When TRUE, the key has been created and cannot be altered */ +#define TSS_OBJ_FLAG_KEY_SET 0x00000020 + +/* structures */ +struct tsp_object { + UINT32 handle; + UINT32 tspContext; + TSS_FLAG flags; + void *data; + struct tsp_object *next; +}; + +struct obj_list { + struct tsp_object *head; + MUTEX_DECLARE(lock); +}; + +/* prototypes */ +TSS_RESULT obj_getTpmObject(UINT32, TSS_HOBJECT *); +TSS_HOBJECT obj_GetPolicyOfObject(UINT32, UINT32); +void __tspi_obj_list_init(); +TSS_HOBJECT obj_get_next_handle(); +TSS_RESULT obj_list_add(struct obj_list *, UINT32, TSS_FLAG, void *, TSS_HOBJECT *); +TSS_RESULT obj_list_remove(struct obj_list *, void (*)(void *), TSS_HOBJECT, TSS_HCONTEXT); +void obj_list_put(struct obj_list *); +struct tsp_object *obj_list_get_obj(struct obj_list *, UINT32); +struct tsp_object *obj_list_get_tspcontext(struct obj_list *, UINT32); +void obj_list_close(struct obj_list *, void (*)(void *), TSS_HCONTEXT); +void obj_connectContext(TSS_HCONTEXT, TCS_CONTEXT_HANDLE); +void obj_close_context(TSS_HCONTEXT); +void obj_lists_remove_policy_refs(TSS_HPOLICY, TSS_HCONTEXT); + +/* prototypes for functions that may traverse more than one list */ +TSS_RESULT obj_tcskey_get_pubkeyhash(TCS_KEY_HANDLE, BYTE *); + +#include "obj_tpm.h" +#include "obj_context.h" +#include "obj_hash.h" +#include "obj_pcrs.h" +#include "obj_policy.h" +#include "obj_rsakey.h" +#include "obj_encdata.h" +#include "obj_daacred.h" +#include "obj_daaarakey.h" +#include "obj_daaissuerkey.h" +#include "obj_nv.h" +#include "obj_delfamily.h" +#include "obj_migdata.h" + + +TPM_LIST_DECLARE_EXTERN; +CONTEXT_LIST_DECLARE_EXTERN; +HASH_LIST_DECLARE_EXTERN; +PCRS_LIST_DECLARE_EXTERN; +POLICY_LIST_DECLARE_EXTERN; +RSAKEY_LIST_DECLARE_EXTERN; +ENCDATA_LIST_DECLARE_EXTERN; +DAACRED_LIST_DECLARE_EXTERN; +DAAARAKEY_LIST_DECLARE_EXTERN; +DAAISSUERKEY_LIST_DECLARE_EXTERN; +NVSTORE_LIST_DECLARE_EXTERN; +DELFAMILY_LIST_DECLARE_EXTERN; +MIGDATA_LIST_DECLARE_EXTERN; + +#endif diff --git a/src/include/obj_context.h b/src/include/obj_context.h new file mode 100644 index 0000000..855e7d4 --- /dev/null +++ b/src/include/obj_context.h @@ -0,0 +1,93 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#ifndef _OBJ_CONTEXT_H_ +#define _OBJ_CONTEXT_H_ + +#define TSS_CONTEXT_FLAGS_TRANSPORT_ENABLED 0x01 +#define TSS_CONTEXT_FLAGS_TRANSPORT_DEFAULT_ENCRYPT 0x02 +#define TSS_CONTEXT_FLAGS_TRANSPORT_AUTHENTIC 0x04 +#define TSS_CONTEXT_FLAGS_TRANSPORT_EXCLUSIVE 0x08 +#define TSS_CONTEXT_FLAGS_TRANSPORT_STATIC_AUTH 0x10 +#define TSS_CONTEXT_FLAGS_TRANSPORT_ESTABLISHED 0x20 +#define TSS_CONTEXT_FLAGS_TRANSPORT_MASK 0x3f + +#define TSS_CONTEXT_FLAGS_TPM_VERSION_1 0x40 +#define TSS_CONTEXT_FLAGS_TPM_VERSION_2 0x80 +#define TSS_CONTEXT_FLAGS_TPM_VERSION_MASK 0xc0 + +/* structures */ +struct tr_context_obj { + TSS_FLAG silentMode, flags; + UINT32 hashMode; + TSS_HPOLICY policy; + BYTE *machineName; + UINT32 machineNameLength; + UINT32 connection_policy, current_connection; + struct tcs_api_table *tcs_api; +#ifdef TSS_BUILD_TRANSPORT + /* transport session support */ + TSS_HKEY transKey; + TPM_TRANSPORT_PUBLIC transPub; + TPM_MODIFIER_INDICATOR transMod; + TPM_TRANSPORT_AUTH transSecret; + TPM_AUTH transAuth; + TPM_TRANSPORT_LOG_IN transLogIn; + TPM_TRANSPORT_LOG_OUT transLogOut; + TPM_DIGEST transLogDigest; +#endif +}; + +/* obj_context.c */ +void __tspi_obj_context_free(void *data); +TSS_BOOL obj_is_context(TSS_HOBJECT); +TSS_RESULT obj_context_get_policy(TSS_HCONTEXT, UINT32, TSS_HPOLICY *); +TSS_BOOL obj_context_is_silent(TSS_HCONTEXT); +TSS_RESULT obj_context_get_machine_name(TSS_HCONTEXT, UINT32 *, BYTE **); +TSS_RESULT obj_context_get_machine_name_attrib(TSS_HCONTEXT, UINT32 *, BYTE **); +TSS_RESULT obj_context_set_machine_name(TSS_HCONTEXT, BYTE *, UINT32); +TSS_RESULT obj_context_add(TSS_HOBJECT *); +TSS_RESULT obj_context_set_mode(TSS_HCONTEXT, UINT32); +TSS_RESULT obj_context_get_mode(TSS_HCONTEXT, UINT32 *); +TSS_BOOL obj_context_has_popups(TSS_HCONTEXT); +TSS_RESULT obj_context_get_hash_mode(TSS_HCONTEXT, UINT32 *); +TSS_RESULT obj_context_set_hash_mode(TSS_HCONTEXT, UINT32); +TSS_RESULT obj_context_get_connection_version(TSS_HCONTEXT, UINT32 *); +TSS_RESULT obj_context_set_connection_policy(TSS_HCONTEXT, UINT32); +#ifdef TSS_BUILD_TRANSPORT +TSS_RESULT obj_context_set_transport_key(TSS_HCONTEXT, TSS_HKEY); +TSS_RESULT obj_context_transport_get_control(TSS_HCONTEXT, UINT32, UINT32 *); +TSS_RESULT obj_context_transport_set_control(TSS_HCONTEXT, UINT32); +TSS_RESULT obj_context_transport_get_mode(TSS_HCONTEXT, UINT32, UINT32 *); +TSS_RESULT obj_context_transport_set_mode(TSS_HCONTEXT, UINT32); +TSS_RESULT obj_context_transport_init(TSS_HCONTEXT); +TSS_RESULT obj_context_transport_establish(TSS_HCONTEXT, struct tr_context_obj *); +TSS_RESULT obj_context_transport_execute(TSS_HCONTEXT, TPM_COMMAND_CODE, UINT32, BYTE*, TPM_DIGEST*, + UINT32*, TCS_HANDLE**, TPM_AUTH*, TPM_AUTH*, UINT32*, + BYTE**); +TSS_RESULT obj_context_transport_close(TSS_HCONTEXT, TSS_HKEY, TSS_HPOLICY, TSS_BOOL, + TPM_SIGN_INFO*, UINT32*, BYTE**); +#endif +TSS_RESULT obj_context_set_tpm_version(TSS_HCONTEXT, UINT32); +TSS_RESULT obj_context_get_tpm_version(TSS_HCONTEXT, UINT32 *); +TSS_RESULT obj_context_get_loadkey_ordinal(TSS_HCONTEXT, TPM_COMMAND_CODE *); +void obj_context_close(TSS_HCONTEXT); + +struct tcs_api_table *obj_context_get_tcs_api(TSS_HCONTEXT); +#define TCS_API(c) obj_context_get_tcs_api(c) + + +#define CONTEXT_LIST_DECLARE struct obj_list context_list +#define CONTEXT_LIST_DECLARE_EXTERN extern struct obj_list context_list +#define CONTEXT_LIST_INIT() list_init(&context_list) +#define CONTEXT_LIST_CONNECT(a,b) obj_connectContext_list(&context_list, a, b) +#define CONTEXT_LIST_CLOSE(a) obj_list_close(&context_list, &__tspi_obj_context_free, a) + +#endif diff --git a/src/include/obj_daa.h b/src/include/obj_daa.h new file mode 100644 index 0000000..d7e21a9 --- /dev/null +++ b/src/include/obj_daa.h @@ -0,0 +1,51 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#ifndef _OBJ_DAA_H_ +#define _OBJ_DAA_H_ + +#ifdef TSS_BUILD_DAA + +/* structures */ +struct tr_daa_obj { + UINT32 session_handle; // set by [join|sign] stage 0. + TPM_HANDLE tpm_handle; +}; + +/* obj_daa.c */ +void daa_free(void *data); +TSS_RESULT obj_daa_add(TSS_HCONTEXT tspContext, TSS_HOBJECT *phObject); +TSS_RESULT obj_daa_remove(TSS_HOBJECT, TSS_HCONTEXT); +TSS_BOOL obj_is_daa(TSS_HOBJECT); +TSS_RESULT obj_daa_get_tsp_context(TSS_HDAA, TSS_HCONTEXT *); +TSS_RESULT obj_daa_get_handle_tpm(TSS_HDAA, TPM_HANDLE *); +TSS_RESULT obj_daa_set_handle_tpm(TSS_HDAA, TPM_HANDLE); +TSS_RESULT obj_daa_get_session_handle(TSS_HDAA, UINT32 *); +TSS_RESULT obj_daa_set_session_handle(TSS_HDAA, UINT32); + +#define DAA_LIST_DECLARE struct obj_list daa_list +#define DAA_LIST_DECLARE_EXTERN extern struct obj_list daa_list +#define DAA_LIST_INIT() list_init(&daa_list) +#define DAA_LIST_CONNECT(a,b) obj_connectContext_list(&daa_list, a, b) +#define DAA_LIST_CLOSE(a) obj_list_close(&daa_list, &daa_free, a) + +#else + +#define obj_is_daa(a) FALSE + +#define DAA_LIST_DECLARE +#define DAA_LIST_DECLARE_EXTERN +#define DAA_LIST_INIT() +#define DAA_LIST_CONNECT(a,b) +#define DAA_LIST_CLOSE(a) + +#endif + +#endif diff --git a/src/include/obj_daaarakey.h b/src/include/obj_daaarakey.h new file mode 100644 index 0000000..9997f09 --- /dev/null +++ b/src/include/obj_daaarakey.h @@ -0,0 +1,51 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#ifndef _OBJ_DAAARAKEY_H_ +#define _OBJ_DAAARAKEY_H_ + +#ifdef TSS_BUILD_DAA + +/* structures */ +struct tr_daaarakey_obj { + UINT32 session_handle; + TPM_HANDLE tpm_handle; +}; + +/* prototypes */ +void daaarakey_free(void *data); +TSS_RESULT obj_daaarakey_add(TSS_HCONTEXT tspContext, TSS_HOBJECT *phObject); +TSS_RESULT obj_daaarakey_remove(TSS_HDAA_ISSUER_KEY, TSS_HCONTEXT); +TSS_BOOL obj_is_daaarakey(TSS_HDAA_ISSUER_KEY); +TSS_RESULT obj_daaarakey_get_tsp_context(TSS_HDAA_ISSUER_KEY, TSS_HCONTEXT *); +TSS_RESULT obj_daaarakey_get_handle_tpm(TSS_HDAA_ISSUER_KEY, TPM_HANDLE *); +TSS_RESULT obj_daaarakey_set_handle_tpm(TSS_HDAA_ISSUER_KEY, TPM_HANDLE); +TSS_RESULT obj_daaarakey_get_session_handle(TSS_HDAA_ISSUER_KEY, UINT32 *); +TSS_RESULT obj_daaarakey_set_session_handle(TSS_HDAA_ISSUER_KEY, UINT32); + +#define DAAARAKEY_LIST_DECLARE struct obj_list daaarakey_list +#define DAAARAKEY_LIST_DECLARE_EXTERN extern struct obj_list daaarakey_list +#define DAAARAKEY_LIST_INIT() list_init(&daaarakey_list) +#define DAAARAKEY_LIST_CONNECT(a,b) obj_connectContext_list(&daaarakey_list, a, b) +#define DAAARAKEY_LIST_CLOSE(a) obj_list_close(&daaarakey_list, &daaarakey_free, a) + +#else + +#define obj_is_daaarakey(a) FALSE + +#define DAAARAKEY_LIST_DECLARE +#define DAAARAKEY_LIST_DECLARE_EXTERN +#define DAAARAKEY_LIST_INIT() +#define DAAARAKEY_LIST_CONNECT(a,b) +#define DAAARAKEY_LIST_CLOSE(a) + +#endif + +#endif diff --git a/src/include/obj_daacred.h b/src/include/obj_daacred.h new file mode 100644 index 0000000..4e1aa17 --- /dev/null +++ b/src/include/obj_daacred.h @@ -0,0 +1,51 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#ifndef _OBJ_DAACRED_H_ +#define _OBJ_DAACRED_H_ + +#ifdef TSS_BUILD_DAA + +/* structures */ +struct tr_daacred_obj { + UINT32 session_handle; // set by [join|sign] stage 0. + TPM_HANDLE tpm_handle; +}; + +/* prototypes */ +void daacred_free(void *data); +TSS_RESULT obj_daacred_add(TSS_HCONTEXT tspContext, TSS_HOBJECT *phObject); +TSS_RESULT obj_daacred_remove(TSS_HDAA_CREDENTIAL, TSS_HCONTEXT); +TSS_BOOL obj_is_daacred(TSS_HDAA_CREDENTIAL); +TSS_RESULT obj_daacred_get_tsp_context(TSS_HDAA_CREDENTIAL, TSS_HCONTEXT *); +TSS_RESULT obj_daacred_get_handle_tpm(TSS_HDAA_CREDENTIAL, TPM_HANDLE *); +TSS_RESULT obj_daacred_set_handle_tpm(TSS_HDAA_CREDENTIAL, TPM_HANDLE); +TSS_RESULT obj_daacred_get_session_handle(TSS_HDAA_CREDENTIAL, UINT32 *); +TSS_RESULT obj_daacred_set_session_handle(TSS_HDAA_CREDENTIAL, UINT32); + +#define DAACRED_LIST_DECLARE struct obj_list daacred_list +#define DAACRED_LIST_DECLARE_EXTERN extern struct obj_list daacred_list +#define DAACRED_LIST_INIT() list_init(&daacred_list) +#define DAACRED_LIST_CONNECT(a,b) obj_connectContext_list(&daacred_list, a, b) +#define DAACRED_LIST_CLOSE(a) obj_list_close(&daacred_list, &daacred_free, a) + +#else + +#define obj_is_daacred(a) FALSE + +#define DAACRED_LIST_DECLARE +#define DAACRED_LIST_DECLARE_EXTERN +#define DAACRED_LIST_INIT() +#define DAACRED_LIST_CONNECT(a,b) +#define DAACRED_LIST_CLOSE(a) + +#endif + +#endif diff --git a/src/include/obj_daaissuerkey.h b/src/include/obj_daaissuerkey.h new file mode 100644 index 0000000..5a1e5ab --- /dev/null +++ b/src/include/obj_daaissuerkey.h @@ -0,0 +1,52 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#ifndef _OBJ_DAAISSUERKEY_H_ +#define _OBJ_DAAISSUERKEY_H_ + +#ifdef TSS_BUILD_DAA + +/* structures */ +struct tr_daaissuerkey_obj { + UINT32 session_handle; + TPM_HANDLE tpm_handle; +}; + +/* prototypes */ +void daaissuerkey_free(void *data); +TSS_RESULT obj_daaissuerkey_add(TSS_HCONTEXT tspContext, TSS_HOBJECT *phObject); +TSS_RESULT obj_daaissuerkey_remove(TSS_HDAA_ISSUER_KEY, TSS_HCONTEXT); +TSS_BOOL obj_is_daaissuerkey(TSS_HDAA_ISSUER_KEY); +TSS_RESULT obj_daaissuerkey_get_tsp_context(TSS_HDAA_ISSUER_KEY, TSS_HCONTEXT *); +TSS_RESULT obj_daaissuerkey_get_handle_tpm(TSS_HDAA_ISSUER_KEY, TPM_HANDLE *); +TSS_RESULT obj_daaissuerkey_set_handle_tpm(TSS_HDAA_ISSUER_KEY, TPM_HANDLE); +TSS_RESULT obj_daaissuerkey_get_session_handle(TSS_HDAA_ISSUER_KEY, UINT32 *); +TSS_RESULT obj_daaissuerkey_set_session_handle(TSS_HDAA_ISSUER_KEY, UINT32); + +#define DAAISSUERKEY_LIST_DECLARE struct obj_list daaissuerkey_list +#define DAAISSUERKEY_LIST_DECLARE_EXTERN extern struct obj_list daaissuerkey_list +#define DAAISSUERKEY_LIST_INIT() list_init(&daaissuerkey_list) +#define DAAISSUERKEY_LIST_CONNECT(a,b) obj_connectContext_list(&daaissuerkey_list, a, b) +#define DAAISSUERKEY_LIST_CLOSE(a) obj_list_close(&daaissuerkey_list, \ + &daaissuerkey_free, a) + +#else + +#define obj_is_daaissuerkey(a) FALSE + +#define DAAISSUERKEY_LIST_DECLARE +#define DAAISSUERKEY_LIST_DECLARE_EXTERN +#define DAAISSUERKEY_LIST_INIT() +#define DAAISSUERKEY_LIST_CONNECT(a,b) +#define DAAISSUERKEY_LIST_CLOSE(a) + +#endif + +#endif diff --git a/src/include/obj_delfamily.h b/src/include/obj_delfamily.h new file mode 100644 index 0000000..238bd56 --- /dev/null +++ b/src/include/obj_delfamily.h @@ -0,0 +1,64 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + +#ifndef _OBJ_DELFAMILY_H_ +#define _OBJ_DELFAMILY_H_ + +#ifdef TSS_BUILD_DELEGATION + +#define TSS_DELFAMILY_FLAGS_STATE_ENABLED (((UINT32)1)<<0) +#define TSS_DELFAMILY_FLAGS_STATE_LOCKED (((UINT32)1)<<1) + +/* structures */ +struct tr_delfamily_obj { + UINT32 stateFlags; + UINT32 verCount; + UINT32 familyID; + BYTE label; +}; + +/* obj_delfamily.c */ +void delfamily_free(void *data); +TSS_BOOL obj_is_delfamily(TSS_HOBJECT); +TSS_RESULT obj_delfamily_add(TSS_HCONTEXT, TSS_HOBJECT *); +TSS_RESULT obj_delfamily_remove(TSS_HDELFAMILY, TSS_HOBJECT); +void obj_delfamily_find_by_familyid(TSS_HOBJECT, UINT32, TSS_HDELFAMILY *); +TSS_RESULT obj_delfamily_get_tsp_context(TSS_HDELFAMILY, TSS_HCONTEXT *); +TSS_RESULT obj_delfamily_set_locked(TSS_HDELFAMILY, TSS_BOOL, TSS_BOOL); +TSS_RESULT obj_delfamily_get_locked(TSS_HDELFAMILY, TSS_BOOL *); +TSS_RESULT obj_delfamily_set_enabled(TSS_HDELFAMILY, TSS_BOOL, TSS_BOOL); +TSS_RESULT obj_delfamily_get_enabled(TSS_HDELFAMILY, TSS_BOOL *); +TSS_RESULT obj_delfamily_set_vercount(TSS_HDELFAMILY, UINT32); +TSS_RESULT obj_delfamily_get_vercount(TSS_HDELFAMILY, UINT32 *); +TSS_RESULT obj_delfamily_set_familyid(TSS_HDELFAMILY, UINT32); +TSS_RESULT obj_delfamily_get_familyid(TSS_HDELFAMILY, UINT32 *); +TSS_RESULT obj_delfamily_set_label(TSS_HDELFAMILY, BYTE); +TSS_RESULT obj_delfamily_get_label(TSS_HDELFAMILY, BYTE *); + + +#define DELFAMILY_LIST_DECLARE struct obj_list delfamily_list +#define DELFAMILY_LIST_DECLARE_EXTERN extern struct obj_list delfamily_list +#define DELFAMILY_LIST_INIT() list_init(&delfamily_list) +#define DELFAMILY_LIST_CONNECT(a,b) obj_connectContext_list(&delfamily_list, a, b) +#define DELFAMILY_LIST_CLOSE(a) obj_list_close(&delfamily_list, &delfamily_free, a) + +#else + +#define obj_is_delfamily(a) FALSE + +#define DELFAMILY_LIST_DECLARE +#define DELFAMILY_LIST_DECLARE_EXTERN +#define DELFAMILY_LIST_INIT() +#define DELFAMILY_LIST_CONNECT(a,b) +#define DELFAMILY_LIST_CLOSE(a) + +#endif + +#endif diff --git a/src/include/obj_encdata.h b/src/include/obj_encdata.h new file mode 100644 index 0000000..922a07a --- /dev/null +++ b/src/include/obj_encdata.h @@ -0,0 +1,71 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#ifndef _OBJ_ENCDATA_H_ +#define _OBJ_ENCDATA_H_ + +#ifdef TSS_BUILD_ENCDATA_LIST + +/* structures */ +struct tr_encdata_obj { + TSS_HPOLICY usagePolicy; + UINT32 encryptedDataLength; + BYTE *encryptedData; + union { + TPM_PCR_INFO info11; + TPM_PCR_INFO_LONG infolong; + } pcrInfo; + UINT32 pcrInfoType; + UINT32 type; +#ifdef TSS_BUILD_SEALX + UINT32 protectMode; +#endif +}; + +/* obj_encdata.c */ +void encdata_free(void *data); +TSS_BOOL obj_is_encdata(TSS_HOBJECT); +TSS_RESULT obj_encdata_set_policy(TSS_HKEY, TSS_HPOLICY); +TSS_RESULT obj_encdata_set_data(TSS_HENCDATA, UINT32, BYTE *); +TSS_RESULT obj_encdata_remove(TSS_HOBJECT, TSS_HCONTEXT); +TSS_RESULT obj_encdata_get_tsp_context(TSS_HENCDATA, TSS_HCONTEXT *); +TSS_RESULT obj_encdata_add(TSS_HCONTEXT, UINT32, TSS_HOBJECT *); +TSS_RESULT obj_encdata_get_data(TSS_HENCDATA, UINT32 *, BYTE **); +TSS_RESULT obj_encdata_get_pcr_selection(TSS_HENCDATA, TSS_FLAG, TSS_FLAG, UINT32 *, BYTE **); +TSS_RESULT obj_encdata_get_pcr_locality(TSS_HENCDATA, TSS_FLAG, UINT32 *); +TSS_RESULT obj_encdata_get_pcr_digest(TSS_HENCDATA, TSS_FLAG, TSS_FLAG, UINT32 *, BYTE **); +TSS_RESULT obj_encdata_set_pcr_info(TSS_HENCDATA, UINT32, BYTE *); +TSS_RESULT obj_encdata_get_policy(TSS_HENCDATA, UINT32, TSS_HPOLICY *); +void obj_encdata_remove_policy_refs(TSS_HPOLICY, TSS_HCONTEXT); +#ifdef TSS_BUILD_SEALX +TSS_RESULT obj_encdata_set_seal_protect_mode(TSS_HENCDATA, UINT32); +TSS_RESULT obj_encdata_get_seal_protect_mode(TSS_HENCDATA, UINT32 *); +#endif + + +#define ENCDATA_LIST_DECLARE struct obj_list encdata_list +#define ENCDATA_LIST_DECLARE_EXTERN extern struct obj_list encdata_list +#define ENCDATA_LIST_INIT() list_init(&encdata_list) +#define ENCDATA_LIST_CONNECT(a,b) obj_connectContext_list(&encdata_list, a, b) +#define ENCDATA_LIST_CLOSE(a) obj_list_close(&encdata_list, &encdata_free, a) + +#else + +#define obj_is_encdata(a) FALSE + +#define ENCDATA_LIST_DECLARE +#define ENCDATA_LIST_DECLARE_EXTERN +#define ENCDATA_LIST_INIT() +#define ENCDATA_LIST_CONNECT(a,b) +#define ENCDATA_LIST_CLOSE(a) + +#endif + +#endif diff --git a/src/include/obj_hash.h b/src/include/obj_hash.h new file mode 100644 index 0000000..a835f7a --- /dev/null +++ b/src/include/obj_hash.h @@ -0,0 +1,53 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#ifndef _OBJ_HASH_H_ +#define _OBJ_HASH_H_ + +#ifdef TSS_BUILD_HASH_LIST + +/* structures */ +struct tr_hash_obj { + UINT32 type; + BYTE *hashData; + UINT32 hashSize; + UINT32 hashUpdateSize; + BYTE *hashUpdateBuffer; +}; + +/* obj_hash.c */ +void __tspi_hash_free(void *data); +TSS_RESULT obj_hash_add(TSS_HCONTEXT, UINT32, TSS_HOBJECT *); +TSS_BOOL obj_is_hash(TSS_HOBJECT); +TSS_RESULT obj_hash_remove(TSS_HOBJECT, TSS_HCONTEXT); +TSS_RESULT obj_hash_get_tsp_context(TSS_HHASH, TSS_HCONTEXT *); +TSS_RESULT obj_hash_set_value(TSS_HHASH, UINT32, BYTE *); +TSS_RESULT obj_hash_get_value(TSS_HHASH, UINT32 *, BYTE **); +TSS_RESULT obj_hash_update_value(TSS_HHASH, UINT32, BYTE *); + +#define HASH_LIST_DECLARE struct obj_list hash_list +#define HASH_LIST_DECLARE_EXTERN extern struct obj_list hash_list +#define HASH_LIST_INIT() list_init(&hash_list) +#define HASH_LIST_CONNECT(a,b) obj_connectContext_list(&hash_list, a, b) +#define HASH_LIST_CLOSE(a) obj_list_close(&hash_list, &__tspi_hash_free, a) + +#else + +#define obj_is_hash(a) FALSE + +#define HASH_LIST_DECLARE +#define HASH_LIST_DECLARE_EXTERN +#define HASH_LIST_INIT() +#define HASH_LIST_CONNECT(a,b) +#define HASH_LIST_CLOSE(a) + +#endif + +#endif diff --git a/src/include/obj_migdata.h b/src/include/obj_migdata.h new file mode 100644 index 0000000..2432797 --- /dev/null +++ b/src/include/obj_migdata.h @@ -0,0 +1,137 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + +#ifndef _OBJ_MIGDATA_H_ +#define _OBJ_MIGDATA_H_ + +#ifdef TSS_BUILD_CMK + +/* structures */ +struct tr_migdata_obj { + /* TSS_MIGATTRIB_MIGRATIONTICKET (from AuthorizeMigrationTicket) */ + UINT32 migTicketSize; + BYTE *migTicket; + + /* TSS_MIGATTRIB_AUTHORITY_DATA/TSS_MIGATTRIB_AUTHORITY_MSALIST + - Recalculate the msaDigest + or + TSS_MIGATTRIB_MIGRATIONBLOB/TSS_MIGATTRIB_MIG_MSALIST_PUBKEY_BLOB + - Create a digest from the pubkey blob and append to the list + - Recalculate the msaDigest */ + TPM_MSA_COMPOSITE msaList; + /* TSS_MIGATTRIB_AUTHORITY_DATA/TSS_MIGATTRIB_AUTHORITY_DIGEST */ + TPM_DIGEST msaDigest; + /* TSS_MIGATTRIB_AUTHORITY_DATA/TSS_MIGATTRIB_AUTHORITY_APPROVAL_HMAC */ + TPM_HMAC msaHmac; + + /* TSS_MIGATTRIB_MIG_AUTH_DATA/TSS_MIGATTRIB_MIG_AUTH_AUTHORITY_DIGEST + or + TSS_MIGATTRIB_MIGRATIONBLOB/TSS_MIGATTRIB_MIG_AUTHORITY_PUBKEY_BLOB + - Create a digest from the pubkey blob */ + TPM_DIGEST maDigest; + /* TSS_MIGATTRIB_MIG_AUTH_DATA/TSS_MIGATTRIB_MIG_AUTH_DESTINATION_DIGEST + or + TSS_MIGATTRIB_MIGRATIONBLOB/TSS_MIGATTRIB_MIG_DESTINATION_PUBKEY_BLOB + - Create a digest from the pubkey blob */ + TPM_DIGEST destDigest; + /* TSS_MIGATTRIB_MIG_AUTH_DATA/TSS_MIGATTRIB_MIG_AUTH_SOURCE_DIGEST + or + TSS_MIGATTRIB_MIGRATIONBLOB/TSS_MIGATTRIB_MIG_SOURCE_PUBKEY_BLOB + - Create a digest from the pubkey blob */ + TPM_DIGEST srcDigest; + + /* TSS_MIGATTRIB_TICKET_DATA/TSS_MIGATTRIB_TICKET_SIG_DIGEST */ + TPM_DIGEST sigData; + /* TSS_MIGATTRIB_TICKET_DATA/TSS_MIGATTRIB_TICKET_SIG_VALUE */ + UINT32 sigValueSize; + BYTE *sigValue; + /* TSS_MIGATTRIB_TICKET_DATA/TSS_MIGATTRIB_TICKET_SIG_TICKET */ + TPM_HMAC sigTicket; + + /* TSS_MIGATTRIB_MIGRATIONBLOB/TSS_MIGATTRIB_MIGRATION_XOR_BLOB */ + UINT32 blobSize; + BYTE *blob; +}; + +/* obj_migdata.c */ +void migdata_free(void *data); +TSS_BOOL obj_is_migdata(TSS_HOBJECT); +TSS_RESULT obj_migdata_add(TSS_HCONTEXT, TSS_HOBJECT *); +TSS_RESULT obj_migdata_remove(TSS_HMIGDATA, TSS_HOBJECT); +TSS_RESULT obj_migdata_get_tsp_context(TSS_HMIGDATA, TSS_HCONTEXT *); + +TSS_RESULT obj_migdata_set_migrationblob(TSS_HMIGDATA, UINT32, UINT32, BYTE *); +TSS_RESULT obj_migdata_get_migrationblob(TSS_HMIGDATA, UINT32, UINT32 *, BYTE **); +TSS_RESULT obj_migdata_set_authoritydata(TSS_HMIGDATA, UINT32, UINT32, BYTE *); +TSS_RESULT obj_migdata_get_authoritydata(TSS_HMIGDATA, UINT32, UINT32 *, BYTE **); +TSS_RESULT obj_migdata_set_migauthdata(TSS_HMIGDATA, UINT32, UINT32, BYTE *); +TSS_RESULT obj_migdata_get_migauthdata(TSS_HMIGDATA, UINT32, UINT32 *, BYTE **); +TSS_RESULT obj_migdata_set_ticketdata(TSS_HMIGDATA, UINT32, UINT32, BYTE *); +TSS_RESULT obj_migdata_get_ticketdata(TSS_HMIGDATA, UINT32, UINT32 *, BYTE **); + +TSS_RESULT obj_migdata_set_ticket_blob(TSS_HMIGDATA, UINT32, BYTE *); +TSS_RESULT obj_migdata_get_ticket_blob(TSS_HMIGDATA, UINT32 *, BYTE **); + +TSS_RESULT obj_migdata_set_msa_list(TSS_HMIGDATA, UINT32, BYTE *); +TSS_RESULT obj_migdata_get_msa_list(TSS_HMIGDATA, UINT32 *, BYTE **); +TSS_RESULT obj_migdata_set_msa_pubkey(TSS_HMIGDATA, UINT32, BYTE *); +TSS_RESULT obj_migdata_set_msa_digest(TSS_HMIGDATA, UINT32, BYTE *); +TSS_RESULT obj_migdata_get_msa_digest(TSS_HMIGDATA, UINT32 *, BYTE **); +TSS_RESULT obj_migdata_get_msa_list_blob(TSS_HMIGDATA, UINT32 *, BYTE **); + +TSS_RESULT obj_migdata_set_msa_hmac(TSS_HMIGDATA, UINT32, BYTE *); +TSS_RESULT obj_migdata_get_msa_hmac(TSS_HMIGDATA, UINT32 *, BYTE **); + +TSS_RESULT obj_migdata_set_ma_pubkey(TSS_HMIGDATA, UINT32, BYTE *); +TSS_RESULT obj_migdata_set_ma_digest(TSS_HMIGDATA, UINT32, BYTE *); +TSS_RESULT obj_migdata_get_ma_digest(TSS_HMIGDATA, UINT32 *, BYTE **); +TSS_RESULT obj_migdata_set_dest_pubkey(TSS_HMIGDATA, UINT32, BYTE *); +TSS_RESULT obj_migdata_set_dest_digest(TSS_HMIGDATA, UINT32, BYTE *); +TSS_RESULT obj_migdata_get_dest_digest(TSS_HMIGDATA, UINT32 *, BYTE **); +TSS_RESULT obj_migdata_set_src_pubkey(TSS_HMIGDATA, UINT32, BYTE *); +TSS_RESULT obj_migdata_set_src_digest(TSS_HMIGDATA, UINT32, BYTE *); +TSS_RESULT obj_migdata_get_src_digest(TSS_HMIGDATA, UINT32 *, BYTE **); +TSS_RESULT obj_migdata_set_cmk_auth(TSS_HMIGDATA, UINT32, BYTE *); +TSS_RESULT obj_migdata_get_cmk_auth(TSS_HMIGDATA, TPM_CMK_AUTH *); +TSS_RESULT obj_migdata_get_cmk_auth_blob(TSS_HMIGDATA, UINT32 *, BYTE **); + +TSS_RESULT obj_migdata_set_sig_data(TSS_HMIGDATA, UINT32, BYTE *); +TSS_RESULT obj_migdata_get_sig_data(TSS_HMIGDATA, UINT32 *, BYTE **); +TSS_RESULT obj_migdata_set_sig_value(TSS_HMIGDATA, UINT32, BYTE *); +TSS_RESULT obj_migdata_get_sig_value(TSS_HMIGDATA, UINT32 *, BYTE **); +TSS_RESULT obj_migdata_set_sig_ticket(TSS_HMIGDATA, UINT32, BYTE *); +TSS_RESULT obj_migdata_get_sig_ticket(TSS_HMIGDATA, UINT32 *, BYTE **); + +TSS_RESULT obj_migdata_set_blob(TSS_HMIGDATA, UINT32, BYTE *); +TSS_RESULT obj_migdata_get_blob(TSS_HMIGDATA, UINT32 *, BYTE **); + +TSS_RESULT obj_migdata_calc_pubkey_digest(UINT32, BYTE *, TPM_DIGEST *); +TSS_RESULT obj_migdata_calc_msa_digest(struct tr_migdata_obj *); +TSS_RESULT obj_migdata_calc_sig_data_digest(struct tr_migdata_obj *); + +#define MIGDATA_LIST_DECLARE struct obj_list migdata_list +#define MIGDATA_LIST_DECLARE_EXTERN extern struct obj_list migdata_list +#define MIGDATA_LIST_INIT() list_init(&migdata_list) +#define MIGDATA_LIST_CONNECT(a,b) obj_connectContext_list(&migdata_list, a, b) +#define MIGDATA_LIST_CLOSE(a) obj_list_close(&migdata_list, &migdata_free, a) + +#else + +#define obj_is_migdata(a) FALSE + +#define MIGDATA_LIST_DECLARE +#define MIGDATA_LIST_DECLARE_EXTERN +#define MIGDATA_LIST_INIT() +#define MIGDATA_LIST_CONNECT(a,b) +#define MIGDATA_LIST_CLOSE(a) + +#endif + +#endif diff --git a/src/include/obj_nv.h b/src/include/obj_nv.h new file mode 100644 index 0000000..53e6665 --- /dev/null +++ b/src/include/obj_nv.h @@ -0,0 +1,97 @@ +/* + * The Initial Developer of the Original Code is Intel Corporation. + * Portions created by Intel Corporation are Copyright (C) 2007 Intel Corporation. + * All Rights Reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the Common Public License as published by + * IBM Corporation; either version 1 of the License, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * Common Public License for more details. + * + * You should have received a copy of the Common Public License + * along with this program; if not, a copy can be viewed at + * http://www.opensource.org/licenses/cpl1.0.php. + * + * trousers - An open source TCG Software Stack + * + * Author: james.xu@intel.com Rossey.liu@intel.com + * + */ + +#ifndef _OBJ_NVSTORE_H_ +#define _OBJ_NVSTORE_H_ + +#ifdef TSS_BUILD_NV + +#define MAX_PUBLIC_DATA_SIZE 1024 +#define TSS_LOCALITY_MASK 0x1f + +typedef struct objNV_DATA_PUBLIC +{ + TPM_STRUCTURE_TAG tag; + TPM_NV_INDEX nvIndex; + TPM_NV_ATTRIBUTES permission; + TPM_BOOL bReadSTClear; + TPM_BOOL bWriteSTClear; + TPM_BOOL bWriteDefine; + UINT32 dataSize; +}NV_DATA_PUBLIC; + +/* structures */ +struct tr_nvstore_obj { + TPM_STRUCTURE_TAG tag; + TPM_NV_INDEX nvIndex; + TPM_NV_ATTRIBUTES permission; + TPM_BOOL bReadSTClear; + TPM_BOOL bWriteSTClear; + TPM_BOOL bWriteDefine; + UINT32 dataSize; + TSS_HPOLICY policy; +}; + +/* obj_nv.c */ +void nvstore_free(void *data); +TSS_RESULT obj_nvstore_add(TSS_HCONTEXT, TSS_HOBJECT *); +TSS_BOOL obj_is_nvstore(TSS_HOBJECT tspContext); +TSS_RESULT obj_nvstore_remove(TSS_HOBJECT, TSS_HCONTEXT); +TSS_RESULT obj_nvstore_get_tsp_context(TSS_HNVSTORE, TSS_HCONTEXT *); +TSS_RESULT obj_nvstore_set_index(TSS_HNVSTORE, UINT32); +TSS_RESULT obj_nvstore_get_index(TSS_HNVSTORE, UINT32 *); +TSS_RESULT obj_nvstore_set_datasize(TSS_HNVSTORE, UINT32); +TSS_RESULT obj_nvstore_get_datasize(TSS_HNVSTORE, UINT32 *); +TSS_RESULT obj_nvstore_set_permission(TSS_HNVSTORE, UINT32); +TSS_RESULT obj_nvstore_get_permission_from_tpm(TSS_HNVSTORE hNvstore, UINT32 * permission); +TSS_RESULT obj_nvstore_get_permission(TSS_HNVSTORE, UINT32 *); +TSS_RESULT obj_nvstore_set_policy(TSS_HNVSTORE, TSS_HPOLICY); +TSS_RESULT obj_nvstore_get_policy(TSS_HNVSTORE, UINT32, TSS_HPOLICY *); +TSS_RESULT obj_nvstore_get_datapublic(TSS_HNVSTORE, UINT32 *, BYTE *); +TSS_RESULT obj_nvstore_get_readdigestatrelease(TSS_HNVSTORE, UINT32 *, BYTE **); +TSS_RESULT obj_nvstore_get_readpcrselection(TSS_HNVSTORE, UINT32 *, BYTE **); +TSS_RESULT obj_nvstore_get_writedigestatrelease(TSS_HNVSTORE, UINT32 *, BYTE **); +TSS_RESULT obj_nvstore_get_writepcrselection(TSS_HNVSTORE, UINT32 *, BYTE **); +TSS_RESULT obj_nvstore_get_state_readstclear(TSS_HNVSTORE, UINT32 *); +TSS_RESULT obj_nvstore_get_state_writedefine(TSS_HNVSTORE, UINT32 *); +TSS_RESULT obj_nvstore_get_state_writestclear(TSS_HNVSTORE, UINT32 *); +TSS_RESULT obj_nvstore_get_readlocalityatrelease(TSS_HNVSTORE, UINT32 *); +TSS_RESULT obj_nvstore_get_writelocalityatrelease(TSS_HNVSTORE, UINT32 *); +TSS_RESULT obj_nvstore_create_pcrshortinfo(TSS_HNVSTORE, TSS_HPCRS, UINT32 *, BYTE **); + +#define NVSTORE_LIST_DECLARE struct obj_list nvstore_list +#define NVSTORE_LIST_DECLARE_EXTERN extern struct obj_list nvstore_list +#define NVSTORE_LIST_INIT() list_init(&nvstore_list) +#define NVSTORE_LIST_CONNECT(a,b) obj_connectContext_list(&nvstore_list, a, b) +#define NVSTORE_LIST_CLOSE(a) obj_list_close(&nvstore_list, &nvstore_free, a) +#else +#define NVSTORE_LIST_DECLARE +#define NVSTORE_LIST_DECLARE_EXTERN +#define NVSTORE_LIST_INIT() +#define NVSTORE_LIST_CONNECT(a,b) +#define NVSTORE_LIST_CLOSE(a) +#endif +#endif + diff --git a/src/include/obj_pcrs.h b/src/include/obj_pcrs.h new file mode 100644 index 0000000..f6cc081 --- /dev/null +++ b/src/include/obj_pcrs.h @@ -0,0 +1,67 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#ifndef _OBJ_PCRS_H_ +#define _OBJ_PCRS_H_ + +#ifdef TSS_BUILD_PCRS_LIST + +/* structures */ +struct tr_pcrs_obj { + UINT32 type; + union { + TPM_PCR_INFO info11; + TPM_PCR_INFO_SHORT infoshort; + TPM_PCR_INFO_LONG infolong; + } info; + TPM_PCRVALUE *pcrs; +}; + +/* obj_pcrs.c */ +void pcrs_free(void *data); +TSS_BOOL obj_is_pcrs(TSS_HOBJECT); +TSS_RESULT obj_pcrs_get_tsp_context(TSS_HPCRS, TSS_HCONTEXT *); +TSS_RESULT obj_pcrs_add(TSS_HCONTEXT, UINT32, TSS_HOBJECT *); +TSS_RESULT obj_pcrs_remove(TSS_HOBJECT, TSS_HCONTEXT); +TSS_RESULT obj_pcrs_get_type(TSS_HPCRS, UINT32 *); +TSS_RESULT obj_pcrs_select_index(TSS_HPCRS, UINT32); +TSS_RESULT obj_pcrs_select_index_ex(TSS_HPCRS, UINT32, UINT32); +TSS_RESULT obj_pcrs_get_value(TSS_HPCRS, UINT32, UINT32 *, BYTE **); +TSS_RESULT obj_pcrs_set_value(TSS_HPCRS, UINT32, UINT32, BYTE *); +TSS_RESULT obj_pcrs_set_values(TSS_HPCRS hPcrs, TCPA_PCR_COMPOSITE *); +TSS_RESULT obj_pcrs_get_selection(TSS_HPCRS, UINT32 *, BYTE *); +TSS_RESULT obj_pcrs_get_digest_at_release(TSS_HPCRS, UINT32 *, BYTE **); +TSS_RESULT obj_pcrs_set_digest_at_release(TSS_HPCRS, TPM_COMPOSITE_HASH); +TSS_RESULT obj_pcrs_create_info_type(TSS_HPCRS, UINT32 *, UINT32 *, BYTE **); +TSS_RESULT obj_pcrs_create_info(TSS_HPCRS, UINT32 *, BYTE **); +TSS_RESULT obj_pcrs_create_info_long(TSS_HPCRS, UINT32 *, BYTE **); +TSS_RESULT obj_pcrs_create_info_short(TSS_HPCRS, UINT32 *, BYTE **); +TSS_RESULT obj_pcrs_get_locality(TSS_HPCRS, UINT32 *); +TSS_RESULT obj_pcrs_set_locality(TSS_HPCRS, UINT32); + +#define PCRS_LIST_DECLARE struct obj_list pcrs_list +#define PCRS_LIST_DECLARE_EXTERN extern struct obj_list pcrs_list +#define PCRS_LIST_INIT() list_init(&pcrs_list) +#define PCRS_LIST_CONNECT(a,b) obj_connectContext_list(&pcrs_list, a, b) +#define PCRS_LIST_CLOSE(a) obj_list_close(&pcrs_list, &pcrs_free, a) + +#else + +#define obj_is_pcrs(a) FALSE + +#define PCRS_LIST_DECLARE +#define PCRS_LIST_DECLARE_EXTERN +#define PCRS_LIST_INIT() +#define PCRS_LIST_CONNECT(a,b) +#define PCRS_LIST_CLOSE(a) + +#endif + +#endif diff --git a/src/include/obj_policy.h b/src/include/obj_policy.h new file mode 100644 index 0000000..9686275 --- /dev/null +++ b/src/include/obj_policy.h @@ -0,0 +1,185 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#ifndef _OBJ_POLICY_H_ +#define _OBJ_POLICY_H_ + +/* structures */ +struct tr_policy_obj { + BYTE SecretLifetime; + TSS_BOOL SecretSet; + UINT32 SecretMode; + UINT32 SecretCounter; + UINT32 SecretTimeStamp; + UINT32 SecretSize; + BYTE Secret[20]; + UINT32 type; + BYTE *popupString; + UINT32 popupStringLength; + UINT32 hashMode; + TSS_ALGORITHM_ID hmacAlg; + TSS_ALGORITHM_ID xorAlg; + TSS_ALGORITHM_ID takeownerAlg; + TSS_ALGORITHM_ID changeauthAlg; +#ifdef TSS_BUILD_SEALX + TSS_ALGORITHM_ID sealxAlg; +#endif + PVOID hmacAppData; + PVOID xorAppData; + PVOID takeownerAppData; + PVOID changeauthAppData; +#ifdef TSS_BUILD_SEALX + PVOID sealxAppData; +#endif +#ifdef TSS_BUILD_DELEGATION + /* The per1 and per2 are only used when creating a delegation. + After that, the blob or index is used to retrieve the information */ + UINT32 delegationPer1; + UINT32 delegationPer2; + + UINT32 delegationType; + TSS_BOOL delegationIndexSet; /* Since 0 is a valid index value */ + UINT32 delegationIndex; + UINT32 delegationBlobLength; + BYTE *delegationBlob; +#endif + TSS_RESULT (*Tspicb_CallbackHMACAuth)( + PVOID lpAppData, + TSS_HOBJECT hAuthorizedObject, + TSS_BOOL ReturnOrVerify, + UINT32 ulPendingFunction, + TSS_BOOL ContinueUse, + UINT32 ulSizeNonces, + BYTE *rgbNonceEven, + BYTE *rgbNonceOdd, + BYTE *rgbNonceEvenOSAP, + BYTE *rgbNonceOddOSAP, + UINT32 ulSizeDigestHmac, + BYTE *rgbParamDigest, + BYTE *rgbHmacData); + TSS_RESULT (*Tspicb_CallbackXorEnc)( + PVOID lpAppData, + TSS_HOBJECT hOSAPObject, + TSS_HOBJECT hObject, + TSS_FLAG PurposeSecret, + UINT32 ulSizeNonces, + BYTE *rgbNonceEven, + BYTE *rgbNonceOdd, + BYTE *rgbNonceEvenOSAP, + BYTE *rgbNonceOddOSAP, + UINT32 ulSizeEncAuth, + BYTE *rgbEncAuthUsage, + BYTE *rgbEncAuthMigration); + TSS_RESULT (*Tspicb_CallbackTakeOwnership)( + PVOID lpAppData, + TSS_HOBJECT hObject, + TSS_HKEY hObjectPubKey, + UINT32 ulSizeEncAuth, + BYTE *rgbEncAuth); + TSS_RESULT (*Tspicb_CallbackChangeAuthAsym)( + PVOID lpAppData, + TSS_HOBJECT hObject, + TSS_HKEY hObjectPubKey, + UINT32 ulSizeEncAuth, + UINT32 ulSizeAithLink, + BYTE *rgbEncAuth, + BYTE *rgbAuthLink); +#ifdef TSS_BUILD_SEALX + TSS_RESULT (*Tspicb_CallbackSealxMask)( + PVOID lpAppData, + TSS_HKEY hKey, + TSS_HENCDATA hEncData, + TSS_ALGORITHM_ID algID, + UINT32 ulSizeNonces, + BYTE *rgbNonceEven, + BYTE *rgbNonceOdd, + BYTE *rgbNonceEvenOSAP, + BYTE *rgbNonceOddOSAP, + UINT32 ulDataLength, + BYTE *rgbDataToMask, + BYTE *rgbMaskedData); +#endif +}; + +/* obj_policy.c */ +void __tspi_policy_free(void *data); +TSS_BOOL anyPopupPolicies(TSS_HCONTEXT); +TSS_BOOL obj_is_policy(TSS_HOBJECT); +TSS_RESULT obj_policy_get_tsp_context(TSS_HPOLICY, TSS_HCONTEXT *); +/* One of these 2 flags should be passed to obj_policy_get_secret so that if a popup must + * be executed to get the secret, we know whether or not the new dialog should be displayed, + * which will ask for confirmation */ +#define TR_SECRET_CTX_NEW TRUE +#define TR_SECRET_CTX_NOT_NEW FALSE +TSS_RESULT obj_policy_get_secret(TSS_HPOLICY, TSS_BOOL, TCPA_SECRET *); +TSS_RESULT obj_policy_flush_secret(TSS_HPOLICY); +TSS_RESULT obj_policy_set_secret_object(TSS_HPOLICY, TSS_FLAG, UINT32, + TCPA_DIGEST *, TSS_BOOL); +TSS_RESULT obj_policy_set_secret(TSS_HPOLICY, TSS_FLAG, UINT32, BYTE *); +TSS_RESULT obj_policy_get_type(TSS_HPOLICY, UINT32 *); +TSS_RESULT obj_policy_remove(TSS_HOBJECT, TSS_HCONTEXT); +TSS_RESULT obj_policy_add(TSS_HCONTEXT, UINT32, TSS_HOBJECT *); +TSS_RESULT obj_policy_set_type(TSS_HPOLICY, UINT32); +TSS_RESULT obj_policy_set_cb12(TSS_HPOLICY, TSS_FLAG, BYTE *); +TSS_RESULT obj_policy_get_cb12(TSS_HPOLICY, TSS_FLAG, UINT32 *, BYTE **); +TSS_RESULT obj_policy_set_cb11(TSS_HPOLICY, TSS_FLAG, TSS_FLAG, UINT32); +TSS_RESULT obj_policy_get_cb11(TSS_HPOLICY, TSS_FLAG, UINT32 *); +TSS_RESULT obj_policy_get_lifetime(TSS_HPOLICY, UINT32 *); +TSS_RESULT obj_policy_set_lifetime(TSS_HPOLICY, UINT32, UINT32); +TSS_RESULT obj_policy_get_counter(TSS_HPOLICY, UINT32 *); +TSS_RESULT obj_policy_get_string(TSS_HPOLICY, UINT32 *size, BYTE **); +TSS_RESULT obj_policy_set_string(TSS_HPOLICY, UINT32 size, BYTE *); +TSS_RESULT obj_policy_get_secs_until_expired(TSS_HPOLICY, UINT32 *); +TSS_RESULT obj_policy_has_expired(TSS_HPOLICY, TSS_BOOL *); +TSS_RESULT obj_policy_get_mode(TSS_HPOLICY, UINT32 *); +TSS_RESULT obj_policy_dec_counter(TSS_HPOLICY); +TSS_RESULT obj_policy_do_hmac(TSS_HPOLICY, TSS_HOBJECT, TSS_BOOL, UINT32, + TSS_BOOL, UINT32, BYTE *, BYTE *, BYTE *, BYTE *, + UINT32, BYTE *, BYTE *); +TSS_RESULT obj_policy_do_xor(TSS_HPOLICY, TSS_HOBJECT, TSS_HOBJECT, TSS_FLAG, + UINT32, BYTE *, BYTE *, BYTE *, BYTE *, UINT32, BYTE *, BYTE *); +TSS_RESULT obj_policy_do_takeowner(TSS_HPOLICY, TSS_HOBJECT, TSS_HKEY, UINT32, BYTE *); +TSS_RESULT obj_policy_validate_auth_oiap(TSS_HPOLICY, TCPA_DIGEST *, TPM_AUTH *); +TSS_RESULT obj_policy_get_hash_mode(TSS_HPOLICY, UINT32 *); +TSS_RESULT obj_policy_set_hash_mode(TSS_HPOLICY, UINT32); +TSS_RESULT obj_policy_get_xsap_params(TSS_HPOLICY, TPM_COMMAND_CODE, TPM_ENTITY_TYPE *, UINT32 *, + BYTE **, BYTE *, TSS_CALLBACK *, TSS_CALLBACK *, + TSS_CALLBACK *, UINT32 *, TSS_BOOL); +TSS_RESULT obj_policy_is_secret_set(TSS_HPOLICY, TSS_BOOL *); +#ifdef TSS_BUILD_DELEGATION +TSS_RESULT obj_policy_set_delegation_type(TSS_HPOLICY, UINT32); +TSS_RESULT obj_policy_get_delegation_type(TSS_HPOLICY, UINT32 *); +TSS_RESULT obj_policy_set_delegation_index(TSS_HPOLICY, UINT32); +TSS_RESULT obj_policy_get_delegation_index(TSS_HPOLICY, UINT32 *); +TSS_RESULT obj_policy_set_delegation_per1(TSS_HPOLICY, UINT32); +TSS_RESULT obj_policy_get_delegation_per1(TSS_HPOLICY, UINT32 *); +TSS_RESULT obj_policy_set_delegation_per2(TSS_HPOLICY, UINT32); +TSS_RESULT obj_policy_get_delegation_per2(TSS_HPOLICY, UINT32 *); +TSS_RESULT obj_policy_set_delegation_blob(TSS_HPOLICY, UINT32, UINT32, BYTE *); +TSS_RESULT obj_policy_get_delegation_blob(TSS_HPOLICY, UINT32, UINT32 *, BYTE **); +TSS_RESULT obj_policy_get_delegation_label(TSS_HPOLICY, BYTE *); +TSS_RESULT obj_policy_get_delegation_familyid(TSS_HPOLICY, UINT32 *); +TSS_RESULT obj_policy_get_delegation_vercount(TSS_HPOLICY, UINT32 *); +TSS_RESULT obj_policy_get_delegation_pcr_locality(TSS_HPOLICY, UINT32 *); +TSS_RESULT obj_policy_get_delegation_pcr_digest(TSS_HPOLICY, UINT32 *, BYTE **); +TSS_RESULT obj_policy_get_delegation_pcr_selection(TSS_HPOLICY, UINT32 *, BYTE **); +TSS_RESULT obj_policy_is_delegation_index_set(TSS_HPOLICY, TSS_BOOL *); + +void obj_policy_clear_delegation(struct tr_policy_obj *); +TSS_RESULT obj_policy_get_delegate_public(struct tsp_object *, TPM_DELEGATE_PUBLIC *); +#endif + +#define POLICY_LIST_DECLARE struct obj_list policy_list +#define POLICY_LIST_DECLARE_EXTERN extern struct obj_list policy_list +#define POLICY_LIST_INIT() list_init(&policy_list) +#define POLICY_LIST_CONNECT(a,b) obj_connectContext_list(&policy_list, a, b) +#define POLICY_LIST_CLOSE(a) obj_list_close(&policy_list, &__tspi_policy_free, a) + +#endif diff --git a/src/include/obj_rsakey.h b/src/include/obj_rsakey.h new file mode 100644 index 0000000..48c0931 --- /dev/null +++ b/src/include/obj_rsakey.h @@ -0,0 +1,129 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#ifndef _OBJ_RSAKEY_H_ +#define _OBJ_RSAKEY_H_ + +#ifdef TSS_BUILD_RSAKEY_LIST + +/* rsakey specific flags */ +#define TSS_RSAKEY_FLAG_OWNEREVICT (0x00000001) + +/* structures */ +struct tr_rsakey_obj { + int type; + TSS_KEY key; + TSS_FLAG flags; + TSS_HPOLICY usagePolicy; + TSS_HPOLICY migPolicy; + TSS_UUID uuid; + TCS_KEY_HANDLE tcsHandle; +#ifdef TSS_BUILD_CMK + TPM_HMAC msaApproval; + TPM_DIGEST msaDigest; +#endif + union { + TPM_PCR_INFO info11; + TPM_PCR_INFO_LONG infolong; + } pcrInfo; + UINT32 pcrInfoType; +}; + +/* obj_rsakey.c */ +void __tspi_rsakey_free(void *data); +TSS_BOOL obj_is_rsakey(TSS_HOBJECT); +TSS_RESULT obj_rsakey_add(TSS_HCONTEXT, TSS_FLAG, TSS_HOBJECT *); +TSS_RESULT obj_rsakey_add_by_key(TSS_HCONTEXT, TSS_UUID *, BYTE *, TSS_FLAG, TSS_HKEY *); +TSS_RESULT obj_rsakey_set_policy(TSS_HKEY, TSS_HPOLICY); +TSS_RESULT obj_rsakey_remove(TSS_HOBJECT, TSS_HCONTEXT); +TSS_RESULT obj_rsakey_get_tsp_context(TSS_HKEY, TSS_HCONTEXT *); +TSS_RESULT obj_rsakey_set_pstype(TSS_HKEY, UINT32); +TSS_RESULT obj_rsakey_get_pstype(TSS_HKEY, UINT32 *); +TSS_RESULT obj_rsakey_get_usage(TSS_HKEY, UINT32 *); +TSS_RESULT obj_rsakey_set_usage(TSS_HKEY, UINT32); +TSS_RESULT obj_rsakey_set_migratable(TSS_HKEY, UINT32); +TSS_RESULT obj_rsakey_set_redirected(TSS_HKEY, UINT32); +TSS_RESULT obj_rsakey_set_volatile(TSS_HKEY, UINT32); +TSS_RESULT obj_rsakey_get_authdata_usage(TSS_HKEY, UINT32 *); +TSS_RESULT obj_rsakey_set_authdata_usage(TSS_HKEY, UINT32); +TSS_RESULT obj_rsakey_get_alg(TSS_HKEY, UINT32 *); +TSS_RESULT obj_rsakey_set_alg(TSS_HKEY, UINT32); +TSS_RESULT obj_rsakey_get_es(TSS_HKEY, UINT32 *); +TSS_RESULT obj_rsakey_set_es(TSS_HKEY, UINT32); +TSS_RESULT obj_rsakey_get_ss(TSS_HKEY, UINT32 *); +TSS_RESULT obj_rsakey_set_ss(TSS_HKEY, UINT32); +TSS_RESULT obj_rsakey_set_num_primes(TSS_HKEY, UINT32); +TSS_RESULT obj_rsakey_get_num_primes(TSS_HKEY, UINT32 *); +TSS_RESULT obj_rsakey_set_flags(TSS_HKEY, UINT32); +TSS_RESULT obj_rsakey_get_flags(TSS_HKEY, UINT32 *); +TSS_RESULT obj_rsakey_set_size(TSS_HKEY, UINT32); +TSS_RESULT obj_rsakey_get_size(TSS_HKEY, UINT32 *); +TSS_BOOL obj_rsakey_is_migratable(TSS_HKEY); +TSS_BOOL obj_rsakey_is_redirected(TSS_HKEY); +TSS_BOOL obj_rsakey_is_volatile(TSS_HKEY); +TSS_RESULT obj_rsakey_get_policy(TSS_HKEY, UINT32, TSS_HPOLICY *, TSS_BOOL *); +TSS_RESULT obj_rsakey_get_policies(TSS_HKEY, TSS_HPOLICY *, TSS_HPOLICY *, TSS_BOOL *); +TSS_RESULT obj_rsakey_get_blob(TSS_HKEY, UINT32 *, BYTE **); +TSS_RESULT obj_rsakey_get_priv_blob(TSS_HKEY, UINT32 *, BYTE **); +TSS_RESULT obj_rsakey_get_pub_blob(TSS_HKEY, UINT32 *, BYTE **); +TSS_RESULT obj_rsakey_get_version(TSS_HKEY, UINT32 *, BYTE **); +TSS_RESULT obj_rsakey_get_exponent(TSS_HKEY, UINT32 *, BYTE **); +TSS_RESULT obj_rsakey_set_exponent(TSS_HKEY, UINT32, BYTE *); +TSS_RESULT obj_rsakey_get_modulus(TSS_HKEY, UINT32 *, BYTE **); +TSS_RESULT obj_rsakey_set_modulus(TSS_HKEY, UINT32, BYTE *); +TSS_RESULT obj_rsakey_get_uuid(TSS_HKEY, UINT32 *, BYTE **); +TSS_RESULT obj_rsakey_get_parent_uuid(TSS_HKEY, TSS_FLAG *, TSS_UUID *); +TSS_RESULT obj_rsakey_set_uuids(TSS_HKEY, TSS_FLAG, TSS_UUID *, TSS_FLAG, TSS_UUID *); +TSS_RESULT obj_rsakey_set_uuid(TSS_HKEY, TSS_FLAG, TSS_UUID *); +TSS_RESULT obj_rsakey_set_tcpakey(TSS_HKEY, UINT32 , BYTE *); +TSS_RESULT obj_rsakey_get_pcr_digest(TSS_HKEY, UINT32, TSS_FLAG, UINT32 *, BYTE **); +TSS_RESULT obj_rsakey_get_pcr_selection(TSS_HKEY, UINT32, TSS_FLAG, UINT32 *, BYTE **); +TSS_RESULT obj_rsakey_get_pcr_locality(TSS_HKEY, TSS_FLAG, UINT32 *); +TSS_RESULT obj_rsakey_set_pubkey(TSS_HKEY, UINT32, BYTE *); +TSS_RESULT obj_rsakey_set_privkey(TSS_HKEY, UINT32, UINT32, BYTE *); +TSS_RESULT obj_rsakey_set_pcr_data(TSS_HKEY, TSS_HPOLICY); +TSS_RESULT obj_rsakey_set_key_parms(TSS_HKEY, TCPA_KEY_PARMS *); +TSS_RESULT obj_rsakey_get_by_uuid(TSS_UUID *, TSS_HKEY *); +TSS_RESULT obj_rsakey_get_by_pub(UINT32, BYTE *, TSS_HKEY *); +TSS_RESULT obj_rsakey_get_tcs_handle(TSS_HKEY, TCS_KEY_HANDLE *); +TSS_RESULT obj_rsakey_set_tcs_handle(TSS_HKEY, TCS_KEY_HANDLE); +void obj_rsakey_remove_policy_refs(TSS_HPOLICY, TSS_HCONTEXT); +TSS_RESULT obj_rsakey_get_transport_attribs(TSS_HKEY, TCS_KEY_HANDLE *, TPM_DIGEST *); +#ifdef TSS_BUILD_CMK +TSS_BOOL obj_rsakey_is_cmk(TSS_HKEY); +TSS_RESULT obj_rsakey_set_cmk(TSS_HKEY, UINT32); +TSS_RESULT obj_rsakey_set_msa_approval(TSS_HKEY, UINT32, BYTE *); +TSS_RESULT obj_rsakey_get_msa_approval(TSS_HKEY, UINT32 *, BYTE **); +TSS_RESULT obj_rsakey_set_msa_digest(TSS_HKEY, UINT32, BYTE *); +TSS_RESULT obj_rsakey_get_msa_digest(TSS_HKEY, UINT32 *, BYTE **); +#endif +TSS_RESULT obj_rsakey_get_ownerevict(TSS_HKEY, UINT32 *); +TSS_RESULT obj_rsakey_set_ownerevict(TSS_HKEY, TSS_BOOL); +TSS_RESULT obj_rsakey_set_srk_pubkey(BYTE *); + +#define RSAKEY_LIST_DECLARE struct obj_list rsakey_list +#define RSAKEY_LIST_DECLARE_EXTERN extern struct obj_list rsakey_list +#define RSAKEY_LIST_INIT() list_init(&rsakey_list) +#define RSAKEY_LIST_CONNECT(a,b) obj_connectContext_list(&rsakey_list, a, b) +#define RSAKEY_LIST_CLOSE(a) obj_list_close(&rsakey_list, &__tspi_rsakey_free, a) + +#else + +#define obj_is_rsakey(a) FALSE + +#define RSAKEY_LIST_DECLARE +#define RSAKEY_LIST_DECLARE_EXTERN +#define RSAKEY_LIST_INIT() +#define RSAKEY_LIST_CONNECT(a,b) +#define RSAKEY_LIST_CLOSE(a) + +#endif + +#endif diff --git a/src/include/obj_tpm.h b/src/include/obj_tpm.h new file mode 100644 index 0000000..9eb1db7 --- /dev/null +++ b/src/include/obj_tpm.h @@ -0,0 +1,78 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#ifndef _OBJ_TPM_H_ +#define _OBJ_TPM_H_ + +/* structures */ +struct tr_tpm_obj { + TSS_HPOLICY policy; +#ifdef TSS_BUILD_TSS12 + TSS_HPOLICY operatorPolicy; +#endif + TSS_ALGORITHM_ID collateAlg; + TSS_ALGORITHM_ID activateAlg; + PVOID collateAppData; + PVOID activateAppData; + TSS_RESULT (*Tspicb_CollateIdentity)( + PVOID lpAppData, + UINT32 ulTCPAPlainIdentityProofLength, + BYTE *rgbTCPAPlainIdentityProof, + TSS_ALGORITHM_ID algID, + UINT32* ulSessionKeyLength, + BYTE *rgbSessionKey, + UINT32 *pulTCPAIdentityProofLength, + BYTE *rgbTCPAIdentityProof); + TSS_RESULT (*Tspicb_ActivateIdentity)( + PVOID lpAppData, + UINT32 ulSessionKeyLength, + BYTE *rgbSessionKey, + UINT32 ulSymCAAttestationBlobLength, + BYTE *rgbSymCAAttestationBlob, + UINT32 *pulCredentialLength, + BYTE *rgbCredential); + TSS_COUNTER_ID ctr_id; + UINT32 EndorsementCredSize; + BYTE *EndorsementCred; + UINT32 PlatformCredSize; + BYTE *PlatformCred; + UINT32 PlatformConfCredSize; + BYTE *PlatformConfCred; + UINT32 ConformanceCredSize; + BYTE *ConformanceCred; +}; + +/* prototypes */ +TSS_RESULT obj_getTpmObject(UINT32, TSS_HOBJECT *); + +/* obj_tpm.c */ +void tpm_free(void *); +TSS_BOOL obj_is_tpm(TSS_HOBJECT); +TSS_RESULT obj_tpm_get_tsp_context(TSS_HTPM, TSS_HCONTEXT *); +TSS_RESULT obj_tpm_get(TSS_HCONTEXT, TSS_HTPM *); +TSS_RESULT obj_tpm_set_policy(TSS_HTPM, TSS_HPOLICY); +TSS_RESULT obj_tpm_add(TSS_HCONTEXT, TSS_HOBJECT *); +TSS_RESULT obj_tpm_get_policy(TSS_HTPM, UINT32, TSS_HPOLICY *); +TSS_RESULT obj_tpm_set_cb12(TSS_HTPM, TSS_FLAG, BYTE *); +TSS_RESULT obj_tpm_get_cb12(TSS_HTPM, TSS_FLAG, UINT32 *, BYTE **); +TSS_RESULT obj_tpm_set_cb11(TSS_HTPM, TSS_FLAG, TSS_FLAG, UINT32); +TSS_RESULT obj_tpm_get_cb11(TSS_HTPM, TSS_FLAG, UINT32 *); +void obj_tpm_remove_policy_refs(TSS_HPOLICY, TSS_HCONTEXT); +TSS_RESULT obj_tpm_get_current_counter(TSS_HTPM, TSS_COUNTER_ID *); +TSS_RESULT obj_tpm_set_cred(TSS_HTPM, TSS_FLAG, UINT32, BYTE *); +TSS_RESULT obj_tpm_get_cred(TSS_HTPM, TSS_FLAG, UINT32 *, BYTE **); + +#define TPM_LIST_DECLARE struct obj_list tpm_list +#define TPM_LIST_DECLARE_EXTERN extern struct obj_list tpm_list +#define TPM_LIST_INIT() list_init(&tpm_list) +#define TPM_LIST_CONNECT(a,b) obj_connectContext_list(&tpm_list, a, b) +#define TPM_LIST_CLOSE(a) obj_list_close(&tpm_list, &tpm_free, a) + +#endif diff --git a/src/include/req_mgr.h b/src/include/req_mgr.h new file mode 100644 index 0000000..3804896 --- /dev/null +++ b/src/include/req_mgr.h @@ -0,0 +1,26 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + + +#ifndef _REQ_MGR_H_ +#define _REQ_MGR_H_ + +#include "threads.h" + +struct tpm_req_mgr +{ + MUTEX_DECLARE(queue_lock); +}; + +TSS_RESULT req_mgr_init(); +TSS_RESULT req_mgr_final(); +TSS_RESULT req_mgr_submit_req(BYTE *); + +#endif diff --git a/src/include/rpc_tcstp.h b/src/include/rpc_tcstp.h new file mode 100644 index 0000000..50859e2 --- /dev/null +++ b/src/include/rpc_tcstp.h @@ -0,0 +1,40 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#ifndef _RPC_TCSTP_H_ +#define _RPC_TCSTP_H_ + +#include "tcs_tsp.h" + +typedef unsigned char TCSD_PACKET_TYPE; + +/* Packet header used for TCSD communication */ +struct tcsd_packet_hdr { + UINT32 packet_size; + union { + UINT32 ordinal; + UINT32 result; + } u; + UINT32 num_parms; + UINT32 type_size; + UINT32 type_offset; + UINT32 parm_size; + UINT32 parm_offset; +} STRUCTURE_PACKING_ATTRIBUTE; + +struct tcsd_comm_data { + BYTE *buf; + UINT32 buf_size; + struct tcsd_packet_hdr hdr; +} STRUCTURE_PACKING_ATTRIBUTE; + +#define TCSD_INIT_TXBUF_SIZE 1024 + +#endif diff --git a/src/include/rpc_tcstp_tcs.h b/src/include/rpc_tcstp_tcs.h new file mode 100644 index 0000000..57eab27 --- /dev/null +++ b/src/include/rpc_tcstp_tcs.h @@ -0,0 +1,406 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#ifndef _RPC_TCSTP_TCS_H_ +#define _RPC_TCSTP_TCS_H_ + +#include "rpc_tcstp.h" + +#define DECLARE_TCSTP_FUNC(x) \ + TSS_RESULT tcs_wrap_##x(struct tcsd_thread_data *) +/* Auth session, context and TPM caps support are always compiled in. TPM caps + * are necessary so that the TCSD can know what type of TPM its talking to */ +DECLARE_TCSTP_FUNC(OpenContext); +DECLARE_TCSTP_FUNC(CloseContext); +DECLARE_TCSTP_FUNC(OIAP); +DECLARE_TCSTP_FUNC(OSAP); +DECLARE_TCSTP_FUNC(GetCapability); +DECLARE_TCSTP_FUNC(GetCapabilityOwner); +DECLARE_TCSTP_FUNC(SetCapability); + +#ifdef TSS_BUILD_RANDOM +DECLARE_TCSTP_FUNC(GetRandom); +DECLARE_TCSTP_FUNC(StirRandom); +#else +#define tcs_wrap_GetRandom tcs_wrap_Error +#define tcs_wrap_StirRandom tcs_wrap_Error +#endif + +#ifdef TSS_BUILD_EK +DECLARE_TCSTP_FUNC(CreateEndorsementKeyPair); +DECLARE_TCSTP_FUNC(ReadPubek); +DECLARE_TCSTP_FUNC(OwnerReadPubek); +DECLARE_TCSTP_FUNC(DisablePubekRead); +#ifdef TSS_BUILD_TSS12 +DECLARE_TCSTP_FUNC(CreateRevocableEndorsementKeyPair); +DECLARE_TCSTP_FUNC(RevokeEndorsementKeyPair); +#else +#define tcs_wrap_CreateRevocableEndorsementKeyPair tcs_wrap_Error +#define tcs_wrap_RevokeEndorsementKeyPair tcs_wrap_Error +#endif +#else +#define tcs_wrap_CreateEndorsementKeyPair tcs_wrap_Error +#define tcs_wrap_ReadPubek tcs_wrap_Error +#define tcs_wrap_OwnerReadPubek tcs_wrap_Error +#define tcs_wrap_DisablePubekRead tcs_wrap_Error +#define tcs_wrap_CreateRevocableEndorsementKeyPair tcs_wrap_Error +#define tcs_wrap_RevokeEndorsementKeyPair tcs_wrap_Error +#endif + +#ifdef TSS_BUILD_KEY +DECLARE_TCSTP_FUNC(EvictKey); +DECLARE_TCSTP_FUNC(GetPubkey); +DECLARE_TCSTP_FUNC(TerminateHandle); +DECLARE_TCSTP_FUNC(LoadKeyByBlob); +DECLARE_TCSTP_FUNC(CreateWrapKey); +#ifdef TSS_BUILD_TSS12 +DECLARE_TCSTP_FUNC(KeyControlOwner); +DECLARE_TCSTP_FUNC(OwnerReadInternalPub); +#else +#define tcs_wrap_KeyControlOwner tcs_wrap_Error +#define tcs_wrap_OwnerReadInternalPub tcs_wrap_Error +#endif +#else +#define tcs_wrap_EvictKey tcs_wrap_Error +#define tcs_wrap_GetPubkey tcs_wrap_Error +#define tcs_wrap_TerminateHandle tcs_wrap_Error +#define tcs_wrap_LoadKeyByBlob tcs_wrap_Error +#define tcs_wrap_CreateWrapKey tcs_wrap_Error +#define tcs_wrap_KeyControlOwner tcs_wrap_Error + +#endif + +#ifdef TSS_BUILD_PCR_EXTEND +DECLARE_TCSTP_FUNC(Extend); +DECLARE_TCSTP_FUNC(PcrRead); +DECLARE_TCSTP_FUNC(PcrReset); +#else +#define tcs_wrap_Extend tcs_wrap_Error +#define tcs_wrap_PcrRead tcs_wrap_Error +#define tcs_wrap_PcrReset tcs_wrap_Error +#endif + +#ifdef TSS_BUILD_CAPS +DECLARE_TCSTP_FUNC(TCSGetCapability); +#else +#define tcs_wrap_TCSGetCapability tcs_wrap_Error +#endif + +#ifdef TSS_BUILD_OWN +DECLARE_TCSTP_FUNC(TakeOwnership); +DECLARE_TCSTP_FUNC(OwnerClear); +#else +#define tcs_wrap_TakeOwnership tcs_wrap_Error +#define tcs_wrap_OwnerClear tcs_wrap_Error +#endif + +#ifdef TSS_BUILD_PS +DECLARE_TCSTP_FUNC(RegisterKey); +DECLARE_TCSTP_FUNC(UnregisterKey); +DECLARE_TCSTP_FUNC(GetRegisteredKeyBlob); +DECLARE_TCSTP_FUNC(LoadKeyByUUID); +DECLARE_TCSTP_FUNC(GetRegisteredKeyByPublicInfo); +DECLARE_TCSTP_FUNC(EnumRegisteredKeys); +DECLARE_TCSTP_FUNC(EnumRegisteredKeys2); +#else +#define tcs_wrap_RegisterKey tcs_wrap_Error +#define tcs_wrap_UnregisterKey tcs_wrap_Error +#define tcs_wrap_GetRegisteredKeyBlob tcs_wrap_Error +#define tcs_wrap_LoadKeyByUUID tcs_wrap_Error +#define tcs_wrap_GetRegisteredKeyByPublicInfo tcs_wrap_Error +#define tcs_wrap_EnumRegisteredKeys tcs_wrap_Error +#define tcs_wrap_EnumRegisteredKeys2 tcs_wrap_Error +#endif + +#ifdef TSS_BUILD_SIGN +DECLARE_TCSTP_FUNC(Sign); +#else +#define tcs_wrap_Sign tcs_wrap_Error +#endif + +#ifdef TSS_BUILD_DIR +DECLARE_TCSTP_FUNC(DirWriteAuth); +DECLARE_TCSTP_FUNC(DirRead); +#else +#define tcs_wrap_DirWriteAuth tcs_wrap_Error +#define tcs_wrap_DirRead tcs_wrap_Error +#endif + +#ifdef TSS_BUILD_SEAL +DECLARE_TCSTP_FUNC(Seal); +DECLARE_TCSTP_FUNC(UnSeal); +#else +#define tcs_wrap_Seal tcs_wrap_Error +#define tcs_wrap_UnSeal tcs_wrap_Error +#endif + +#ifdef TSS_BUILD_SEALX +DECLARE_TCSTP_FUNC(Sealx); +#else +#define tcs_wrap_Sealx tcs_wrap_Error +#endif + +#ifdef TSS_BUILD_BIND +DECLARE_TCSTP_FUNC(UnBind); +#else +#define tcs_wrap_UnBind tcs_wrap_Error +#endif + +#ifdef TSS_BUILD_CHANGEAUTH +DECLARE_TCSTP_FUNC(ChangeAuth); +DECLARE_TCSTP_FUNC(ChangeAuthOwner); +#else +#define tcs_wrap_ChangeAuth tcs_wrap_Error +#define tcs_wrap_ChangeAuthOwner tcs_wrap_Error +#endif + +#ifdef TSS_BUILD_QUOTE +DECLARE_TCSTP_FUNC(Quote); +#else +#define tcs_wrap_Quote tcs_wrap_Error +#endif + +#ifdef TSS_BUILD_QUOTE2 +DECLARE_TCSTP_FUNC(Quote2); +#else +#define tcs_wrap_Quote2 tcs_wrap_Error +#endif + +#ifdef TSS_BUILD_PCR_EVENTS +DECLARE_TCSTP_FUNC(LogPcrEvent); +DECLARE_TCSTP_FUNC(GetPcrEvent); +DECLARE_TCSTP_FUNC(GetPcrEventsByPcr); +DECLARE_TCSTP_FUNC(GetPcrEventLog); +#else +#define tcs_wrap_LogPcrEvent tcs_wrap_Error +#define tcs_wrap_GetPcrEvent tcs_wrap_Error +#define tcs_wrap_GetPcrEventsByPcr tcs_wrap_Error +#define tcs_wrap_GetPcrEventLog tcs_wrap_Error +#endif + +#ifdef TSS_BUILD_SELFTEST +DECLARE_TCSTP_FUNC(SelfTestFull); +DECLARE_TCSTP_FUNC(CertifySelfTest); +DECLARE_TCSTP_FUNC(GetTestResult); +#else +#define tcs_wrap_SelfTestFull tcs_wrap_Error +#define tcs_wrap_CertifySelfTest tcs_wrap_Error +#define tcs_wrap_GetTestResult tcs_wrap_Error +#endif + +#ifdef TSS_BUILD_ADMIN +DECLARE_TCSTP_FUNC(DisableOwnerClear); +DECLARE_TCSTP_FUNC(ForceClear); +DECLARE_TCSTP_FUNC(DisableForceClear); +DECLARE_TCSTP_FUNC(PhysicalEnable); +DECLARE_TCSTP_FUNC(PhysicalSetDeactivated); +DECLARE_TCSTP_FUNC(SetOwnerInstall); +DECLARE_TCSTP_FUNC(OwnerSetDisable); +DECLARE_TCSTP_FUNC(PhysicalDisable); +DECLARE_TCSTP_FUNC(PhysicalPresence); +DECLARE_TCSTP_FUNC(SetTempDeactivated); +#ifdef TSS_BUILD_TSS12 +DECLARE_TCSTP_FUNC(SetTempDeactivated2); +DECLARE_TCSTP_FUNC(ResetLockValue); +#else +#define tcs_wrap_SetTempDeactivated2 tcs_wrap_Error +#define tcs_wrap_ResetLockValue tcs_wrap_Error +#endif +#else +#define tcs_wrap_DisableOwnerClear tcs_wrap_Error +#define tcs_wrap_ForceClear tcs_wrap_Error +#define tcs_wrap_DisableForceClear tcs_wrap_Error +#define tcs_wrap_PhysicalEnable tcs_wrap_Error +#define tcs_wrap_PhysicalSetDeactivated tcs_wrap_Error +#define tcs_wrap_SetOwnerInstall tcs_wrap_Error +#define tcs_wrap_OwnerSetDisable tcs_wrap_Error +#define tcs_wrap_PhysicalDisable tcs_wrap_Error +#define tcs_wrap_PhysicalPresence tcs_wrap_Error +#define tcs_wrap_SetTempDeactivated tcs_wrap_Error +#define tcs_wrap_SetTempDeactivated2 tcs_wrap_Error +#define tcs_wrap_ResetLockValue tcs_wrap_Error +#endif + +#ifdef TSS_BUILD_CERTIFY +DECLARE_TCSTP_FUNC(CertifyKey); +#else +#define tcs_wrap_CertifyKey tcs_wrap_Error +#endif + +#ifdef TSS_BUILD_AIK +DECLARE_TCSTP_FUNC(MakeIdentity); +DECLARE_TCSTP_FUNC(ActivateIdentity); +#ifdef TSS_BUILD_TSS12 +DECLARE_TCSTP_FUNC(GetCredential); +#else +#define tcs_wrap_GetCredential tcs_wrap_Error +#endif +#else +#define tcs_wrap_MakeIdentity tcs_wrap_Error +#define tcs_wrap_ActivateIdentity tcs_wrap_Error +#define tcs_wrap_GetCredential tcs_wrap_Error +#endif + +#ifdef TSS_BUILD_MIGRATION +DECLARE_TCSTP_FUNC(CreateMigrationBlob); +DECLARE_TCSTP_FUNC(ConvertMigrationBlob); +DECLARE_TCSTP_FUNC(AuthorizeMigrationKey); +#else +#define tcs_wrap_CreateMigrationBlob tcs_wrap_Error +#define tcs_wrap_ConvertMigrationBlob tcs_wrap_Error +#define tcs_wrap_AuthorizeMigrationKey tcs_wrap_Error +#endif + +#ifdef TSS_BUILD_MAINT +DECLARE_TCSTP_FUNC(KillMaintenanceFeature); +DECLARE_TCSTP_FUNC(CreateMaintenanceArchive); +DECLARE_TCSTP_FUNC(LoadMaintenanceArchive); +DECLARE_TCSTP_FUNC(LoadManuMaintPub); +DECLARE_TCSTP_FUNC(ReadManuMaintPub); +#else +#define tcs_wrap_KillMaintenanceFeature tcs_wrap_Error +#define tcs_wrap_CreateMaintenanceArchive tcs_wrap_Error +#define tcs_wrap_LoadMaintenanceArchive tcs_wrap_Error +#define tcs_wrap_LoadManuMaintPub tcs_wrap_Error +#define tcs_wrap_ReadManuMaintPub tcs_wrap_Error +#endif + +#ifdef TSS_BUILD_DAA +DECLARE_TCSTP_FUNC(DaaJoin); +DECLARE_TCSTP_FUNC(DaaSign); +#else +#define tcs_wrap_DaaJoin tcs_wrap_Error +#define tcs_wrap_DaaSign tcs_wrap_Error +#endif + +#ifdef TSS_BUILD_NV +DECLARE_TCSTP_FUNC(NV_DefineOrReleaseSpace); +DECLARE_TCSTP_FUNC(NV_WriteValue); +DECLARE_TCSTP_FUNC(NV_WriteValueAuth); +DECLARE_TCSTP_FUNC(NV_ReadValue); +DECLARE_TCSTP_FUNC(NV_ReadValueAuth); +#else +#define tcs_wrap_NV_DefineOrReleaseSpace tcs_wrap_Error +#define tcs_wrap_NV_WriteValue tcs_wrap_Error +#define tcs_wrap_NV_WriteValueAuth tcs_wrap_Error +#define tcs_wrap_NV_ReadValue tcs_wrap_Error +#define tcs_wrap_NV_ReadValueAuth tcs_wrap_Error +#endif + +#ifdef TSS_BUILD_COUNTER +DECLARE_TCSTP_FUNC(ReadCounter); +DECLARE_TCSTP_FUNC(CreateCounter); +DECLARE_TCSTP_FUNC(IncrementCounter); +DECLARE_TCSTP_FUNC(ReleaseCounter); +DECLARE_TCSTP_FUNC(ReleaseCounterOwner); +#else +#define tcs_wrap_ReadCounter tcs_wrap_Error +#define tcs_wrap_CreateCounter tcs_wrap_Error +#define tcs_wrap_IncrementCounter tcs_wrap_Error +#define tcs_wrap_ReleaseCounter tcs_wrap_Error +#define tcs_wrap_ReleaseCounterOwner tcs_wrap_Error +#endif + +#ifdef TSS_BUILD_TICK +DECLARE_TCSTP_FUNC(ReadCurrentTicks); +DECLARE_TCSTP_FUNC(TickStampBlob); +#else +#define tcs_wrap_ReadCurrentTicks tcs_wrap_Error +#define tcs_wrap_TickStampBlob tcs_wrap_Error +#endif + +#ifdef TSS_BUILD_TRANSPORT +DECLARE_TCSTP_FUNC(EstablishTransport); +DECLARE_TCSTP_FUNC(ExecuteTransport); +DECLARE_TCSTP_FUNC(ReleaseTransportSigned); +#else +#define tcs_wrap_EstablishTransport tcs_wrap_Error +#define tcs_wrap_ExecuteTransport tcs_wrap_Error +#define tcs_wrap_ReleaseTransportSigned tcs_wrap_Error +#endif + +#ifdef TSS_BUILD_AUDIT +DECLARE_TCSTP_FUNC(SetOrdinalAuditStatus); +DECLARE_TCSTP_FUNC(GetAuditDigest); +DECLARE_TCSTP_FUNC(GetAuditDigestSigned); +#else +#define tcs_wrap_SetOrdinalAuditStatus tcs_wrap_Error +#define tcs_wrap_GetAuditDigest tcs_wrap_Error +#define tcs_wrap_GetAuditDigestSigned tcs_wrap_Error +#endif + +#ifdef TSS_BUILD_TSS12 +DECLARE_TCSTP_FUNC(SetOperatorAuth); +DECLARE_TCSTP_FUNC(FlushSpecific); +#else +#define tcs_wrap_SetOperatorAuth tcs_wrap_Error +#define tcs_wrap_FlushSpecific tcs_wrap_Error +#endif + +#ifdef TSS_BUILD_DELEGATION +DECLARE_TCSTP_FUNC(Delegate_Manage); +DECLARE_TCSTP_FUNC(Delegate_CreateKeyDelegation); +DECLARE_TCSTP_FUNC(Delegate_CreateOwnerDelegation); +DECLARE_TCSTP_FUNC(Delegate_LoadOwnerDelegation); +DECLARE_TCSTP_FUNC(Delegate_ReadTable); +DECLARE_TCSTP_FUNC(Delegate_UpdateVerificationCount); +DECLARE_TCSTP_FUNC(Delegate_VerifyDelegation); +DECLARE_TCSTP_FUNC(DSAP); +#else +#define tcs_wrap_Delegate_Manage tcs_wrap_Error +#define tcs_wrap_Delegate_CreateKeyDelegation tcs_wrap_Error +#define tcs_wrap_Delegate_CreateOwnerDelegation tcs_wrap_Error +#define tcs_wrap_Delegate_LoadOwnerDelegation tcs_wrap_Error +#define tcs_wrap_Delegate_ReadTable tcs_wrap_Error +#define tcs_wrap_Delegate_UpdateVerificationCount tcs_wrap_Error +#define tcs_wrap_Delegate_VerifyDelegation tcs_wrap_Error +#define tcs_wrap_DSAP tcs_wrap_Error +#endif + +#ifdef TSS_BUILD_CMK +DECLARE_TCSTP_FUNC(CMK_SetRestrictions); +DECLARE_TCSTP_FUNC(CMK_ApproveMA); +DECLARE_TCSTP_FUNC(CMK_CreateKey); +DECLARE_TCSTP_FUNC(CMK_CreateTicket); +DECLARE_TCSTP_FUNC(CMK_CreateBlob); +DECLARE_TCSTP_FUNC(CMK_ConvertMigration); +#else +#define tcs_wrap_CMK_SetRestrictions tcs_wrap_Error +#define tcs_wrap_CMK_ApproveMA tcs_wrap_Error +#define tcs_wrap_CMK_CreateKey tcs_wrap_Error +#define tcs_wrap_CMK_CreateTicket tcs_wrap_Error +#define tcs_wrap_CMK_CreateBlob tcs_wrap_Error +#define tcs_wrap_CMK_ConvertMigration tcs_wrap_Error +#endif + +DECLARE_TCSTP_FUNC(dispatchCommand); + +void LoadBlob_Auth_Special(UINT64 *, BYTE *, TPM_AUTH *); +void UnloadBlob_Auth_Special(UINT64 *, BYTE *, TPM_AUTH *); +void LoadBlob_KM_KEYINFO(UINT64 *, BYTE *, TSS_KM_KEYINFO *); +void LoadBlob_KM_KEYINFO2(UINT64 *, BYTE *, TSS_KM_KEYINFO2 *); +void UnloadBlob_KM_KEYINFO(UINT64 *, BYTE *, TSS_KM_KEYINFO *); +void UnloadBlob_KM_KEYINFO2(UINT64 *, BYTE *, TSS_KM_KEYINFO2 *); +void LoadBlob_LOADKEY_INFO(UINT64 *, BYTE *, TCS_LOADKEY_INFO *); +void UnloadBlob_LOADKEY_INFO(UINT64 *, BYTE *, TCS_LOADKEY_INFO *); +void LoadBlob_PCR_EVENT(UINT64 *, BYTE *, TSS_PCR_EVENT *); +TSS_RESULT UnloadBlob_PCR_EVENT(UINT64 *, BYTE *, TSS_PCR_EVENT *); +int setData(TCSD_PACKET_TYPE, unsigned int, void *, int, struct tcsd_comm_data *); +UINT32 getData(TCSD_PACKET_TYPE, unsigned int, void *, int, struct tcsd_comm_data *); +void initData(struct tcsd_comm_data *, int); +int recv_from_socket(int, void *, int); +int send_to_socket(int, void *, int); +TSS_RESULT getTCSDPacket(struct tcsd_thread_data *); + +MUTEX_DECLARE_EXTERN(tcsp_lock); + +#endif + + diff --git a/src/include/rpc_tcstp_tsp.h b/src/include/rpc_tcstp_tsp.h new file mode 100644 index 0000000..79f5e9f --- /dev/null +++ b/src/include/rpc_tcstp_tsp.h @@ -0,0 +1,411 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#ifndef _RPC_TCSTP_TSP_H_ +#define _RPC_TCSTP_TSP_H_ + +#include "hosttable.h" +#include "rpc_tcstp.h" +#include "tcsd_wrap.h" +#include "tcsd.h" + +int setData(TCSD_PACKET_TYPE,int,void *,int,struct tcsd_comm_data *); +UINT32 getData(TCSD_PACKET_TYPE,int,void *,int,struct tcsd_comm_data *); +void initData(struct tcsd_comm_data *, int); +TSS_RESULT sendTCSDPacket(struct host_table_entry *); +TSS_RESULT send_init(struct host_table_entry *); +TSS_RESULT tcs_sendit(struct host_table_entry *); +short get_port(); + +/* Context commands always included */ +TSS_RESULT RPC_OpenContext_TP(struct host_table_entry *, UINT32 *, TCS_CONTEXT_HANDLE *); +TSS_RESULT RPC_CloseContext_TP(struct host_table_entry *); +TSS_RESULT RPC_FreeMemory_TP(struct host_table_entry *,BYTE *); + +#ifdef TSS_BUILD_AUTH +TSS_RESULT RPC_OIAP_TP(struct host_table_entry *,TCS_AUTHHANDLE *,TCPA_NONCE *); +TSS_RESULT RPC_OSAP_TP(struct host_table_entry *,TCPA_ENTITY_TYPE,UINT32,TCPA_NONCE*,TCS_AUTHHANDLE *,TCPA_NONCE *,TCPA_NONCE *); +#else +#define RPC_OIAP_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_OSAP_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#endif + +#ifdef TSS_BUILD_PCR_EVENTS +TSS_RESULT RPC_LogPcrEvent_TP(struct host_table_entry *,TSS_PCR_EVENT,UINT32 *); +TSS_RESULT RPC_GetPcrEvent_TP(struct host_table_entry *,UINT32,UINT32 *,TSS_PCR_EVENT **); +TSS_RESULT RPC_GetPcrEventLog_TP(struct host_table_entry *,UINT32 *,TSS_PCR_EVENT **); +TSS_RESULT RPC_GetPcrEventsByPcr_TP(struct host_table_entry *,UINT32,UINT32,UINT32 *,TSS_PCR_EVENT **); +#else +#define RPC_LogPcrEvent_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_GetPcrEvent_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_GetPcrEventLog_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_GetPcrEventsByPcr_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#endif + +#ifdef TSS_BUILD_PS +TSS_RESULT RPC_GetRegisteredKeyByPublicInfo_TP(struct host_table_entry * tcsContext,TCPA_ALGORITHM_ID algID,UINT32,BYTE *,UINT32 *,BYTE **); +TSS_RESULT RPC_RegisterKey_TP(struct host_table_entry *,TSS_UUID,TSS_UUID,UINT32,BYTE *,UINT32,BYTE *); +TSS_RESULT RPC_UnregisterKey_TP(struct host_table_entry *,TSS_UUID); +TSS_RESULT RPC_EnumRegisteredKeys_TP(struct host_table_entry *,TSS_UUID *,UINT32 *,TSS_KM_KEYINFO **); +TSS_RESULT RPC_EnumRegisteredKeys2_TP(struct host_table_entry *,TSS_UUID *,UINT32 *,TSS_KM_KEYINFO2 **); +TSS_RESULT RPC_GetRegisteredKey_TP(struct host_table_entry *,TSS_UUID,TSS_KM_KEYINFO **); +TSS_RESULT RPC_GetRegisteredKeyBlob_TP(struct host_table_entry *,TSS_UUID,UINT32 *,BYTE **); +TSS_RESULT RPC_LoadKeyByUUID_TP(struct host_table_entry *,TSS_UUID,TCS_LOADKEY_INFO *,TCS_KEY_HANDLE *); +#else +#define RPC_GetRegisteredKeyByPublicInfo_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_RegisterKey_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_UnregisterKey_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_EnumRegisteredKeys_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_EnumRegisteredKeys2_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_GetRegisteredKey_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_GetRegisteredKeyBlob_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_LoadKeyByUUID_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#endif + +#ifdef TSS_BUILD_KEY +TSS_RESULT RPC_LoadKeyByBlob_TP(struct host_table_entry *,TCS_KEY_HANDLE,UINT32,BYTE *,TPM_AUTH *,TCS_KEY_HANDLE *,TCS_KEY_HANDLE *); +TSS_RESULT RPC_EvictKey_TP(struct host_table_entry *,TCS_KEY_HANDLE); +TSS_RESULT RPC_CreateWrapKey_TP(struct host_table_entry *,TCS_KEY_HANDLE,TCPA_ENCAUTH *,TCPA_ENCAUTH *,UINT32,BYTE *,UINT32 *,BYTE **,TPM_AUTH *); +TSS_RESULT RPC_GetPubKey_TP(struct host_table_entry *,TCS_KEY_HANDLE,TPM_AUTH *,UINT32 *,BYTE **); +TSS_RESULT RPC_TerminateHandle_TP(struct host_table_entry *,TCS_AUTHHANDLE); +TSS_RESULT RPC_OwnerReadInternalPub_TP(struct host_table_entry *, TCS_KEY_HANDLE, TPM_AUTH *, UINT32 *, BYTE **); +#ifdef TSS_BUILD_TSS12 +TSS_RESULT RPC_KeyControlOwner_TP(struct host_table_entry *, TCS_KEY_HANDLE, UINT32, BYTE *, UINT32, TSS_BOOL, TPM_AUTH *, TSS_UUID *); +#else +#define RPC_KeyControlOwner_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#endif +#else +#define RPC_LoadKeyByBlob_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_EvictKey_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_CreateWrapKey_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_GetPubKey_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_TerminateHandle_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_OwnerReadInternalPub_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_KeyControlOwner_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#endif + +#ifdef TSS_BUILD_AIK +TSS_RESULT RPC_MakeIdentity_TP(struct host_table_entry *,TCPA_ENCAUTH,TCPA_CHOSENID_HASH,UINT32,BYTE *,TPM_AUTH *,TPM_AUTH *,UINT32 *,BYTE **,UINT32 *,BYTE **,UINT32 *,BYTE **,UINT32 *,BYTE **,UINT32 *,BYTE **); +TSS_RESULT RPC_GetCredential_TP(struct host_table_entry *,UINT32 ,UINT32 ,UINT32 *,BYTE **); +TSS_RESULT RPC_ActivateTPMIdentity_TP(struct host_table_entry *,TCS_KEY_HANDLE,UINT32,BYTE *,TPM_AUTH *,TPM_AUTH *,UINT32 *,BYTE **); +#else +#define RPC_MakeIdentity_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_GetCredential_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_ActivateTPMIdentity_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#endif + +#ifdef TSS_BUILD_ADMIN +TSS_RESULT RPC_SetOwnerInstall_TP(struct host_table_entry *,TSS_BOOL); +TSS_RESULT RPC_DisableOwnerClear_TP(struct host_table_entry *,TPM_AUTH *); +TSS_RESULT RPC_ForceClear_TP(struct host_table_entry * hContext); +TSS_RESULT RPC_DisableForceClear_TP(struct host_table_entry * hContext); +TSS_RESULT RPC_PhysicalDisable_TP(struct host_table_entry * hContext); +TSS_RESULT RPC_PhysicalEnable_TP(struct host_table_entry * hContext); +TSS_RESULT RPC_PhysicalSetDeactivated_TP(struct host_table_entry *,TSS_BOOL); +TSS_RESULT RPC_PhysicalPresence_TP(struct host_table_entry *,TCPA_PHYSICAL_PRESENCE); +TSS_RESULT RPC_SetTempDeactivated_TP(struct host_table_entry * hContext); +#ifdef TSS_BUILD_TSS12 +TSS_RESULT RPC_SetTempDeactivated2_TP(struct host_table_entry *, TPM_AUTH *); +#else +#define RPC_SetTempDeactivated2_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#endif +TSS_RESULT RPC_FieldUpgrade_TP(struct host_table_entry *,UINT32,BYTE *,UINT32 *,BYTE **,TPM_AUTH *); +TSS_RESULT RPC_SetRedirection_TP(struct host_table_entry *,TCS_KEY_HANDLE,UINT32,UINT32,TPM_AUTH *); +TSS_RESULT RPC_OwnerSetDisable_TP(struct host_table_entry *,TSS_BOOL,TPM_AUTH *); +TSS_RESULT RPC_ResetLockValue_TP(struct host_table_entry *, TPM_AUTH *); +#else +#define RPC_SetOwnerInstall_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_DisableOwnerClear_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_ForceClear_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_DisableForceClear_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_PhysicalDisable_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_PhysicalEnable_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_PhysicalSetDeactivated_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_PhysicalPresence_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_SetTempDeactivated_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_SetTempDeactivated2_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_FieldUpgrade_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_SetRedirection_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_OwnerSetDisable_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_ResetLockValue_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#endif + +#ifdef TSS_BUILD_OWN +TSS_RESULT RPC_TakeOwnership_TP(struct host_table_entry *,UINT16,UINT32,BYTE *,UINT32,BYTE *,UINT32,BYTE *,TPM_AUTH *,UINT32 *,BYTE **); +TSS_RESULT RPC_OwnerClear_TP(struct host_table_entry *,TPM_AUTH *); +#else +#define RPC_TakeOwnership_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_OwnerClear_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#endif + +#ifdef TSS_BUILD_CHANGEAUTH +TSS_RESULT RPC_ChangeAuth_TP(struct host_table_entry *,TCS_KEY_HANDLE,TCPA_PROTOCOL_ID,TCPA_ENCAUTH *,TCPA_ENTITY_TYPE,UINT32,BYTE *,TPM_AUTH *,TPM_AUTH *,UINT32 *,BYTE **); +TSS_RESULT RPC_ChangeAuthOwner_TP(struct host_table_entry *,TCPA_PROTOCOL_ID,TCPA_ENCAUTH *,TCPA_ENTITY_TYPE,TPM_AUTH *); +TSS_RESULT RPC_ChangeAuthAsymStart_TP(struct host_table_entry *,TCS_KEY_HANDLE,TCPA_NONCE,UINT32,BYTE *,TPM_AUTH *,UINT32 *,BYTE **,UINT32 *,BYTE **,UINT32 *,BYTE **,TCS_KEY_HANDLE *); +TSS_RESULT RPC_ChangeAuthAsymFinish_TP(struct host_table_entry *,TCS_KEY_HANDLE,TCS_KEY_HANDLE,TCPA_ENTITY_TYPE,TCPA_HMAC,UINT32,BYTE *,UINT32,BYTE *,TPM_AUTH *,UINT32 *,BYTE **,TCPA_SALT_NONCE *,TCPA_DIGEST *); +#else +#define RPC_ChangeAuth_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_ChangeAuthOwner_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_ChangeAuthAsymStart_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_ChangeAuthAsymFinish_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#endif + +#ifdef TSS_BUILD_PCR_EXTEND +TSS_RESULT RPC_Extend_TP(struct host_table_entry *,TCPA_PCRINDEX,TCPA_DIGEST,TCPA_PCRVALUE *); +TSS_RESULT RPC_PcrRead_TP(struct host_table_entry *,TCPA_PCRINDEX,TCPA_PCRVALUE *); +TSS_RESULT RPC_PcrReset_TP(struct host_table_entry *,UINT32,BYTE *); +#else +#define RPC_Extend_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_PcrRead_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_PcrReset_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#endif + +#ifdef TSS_BUILD_QUOTE +TSS_RESULT RPC_Quote_TP(struct host_table_entry *,TCS_KEY_HANDLE,TCPA_NONCE *,UINT32,BYTE *,TPM_AUTH *,UINT32 *,BYTE **,UINT32 *,BYTE **); +#else +#define RPC_Quote_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#endif + +#ifdef TSS_BUILD_QUOTE2 +TSS_RESULT RPC_Quote2_TP(struct host_table_entry *,TCS_KEY_HANDLE,TCPA_NONCE *,UINT32,BYTE *,TSS_BOOL,TPM_AUTH *,UINT32 *,BYTE **,UINT32 *,BYTE **,UINT32 *,BYTE **); +#else +#define RPC_Quote2_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#endif + +#ifdef TSS_BUILD_DIR +TSS_RESULT RPC_DirWriteAuth_TP(struct host_table_entry *,TCPA_DIRINDEX,TCPA_DIRVALUE *,TPM_AUTH *); +TSS_RESULT RPC_DirRead_TP(struct host_table_entry *,TCPA_DIRINDEX,TCPA_DIRVALUE *); +#else +#define RPC_DirWriteAuth_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_DirRead_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#endif + +#ifdef TSS_BUILD_SEAL +TSS_RESULT RPC_Seal_TP(struct host_table_entry *,TCS_KEY_HANDLE,TCPA_ENCAUTH *,UINT32,BYTE *,UINT32,BYTE *,TPM_AUTH *,UINT32 *,BYTE **); +TSS_RESULT RPC_Unseal_TP(struct host_table_entry *,TCS_KEY_HANDLE,UINT32,BYTE *,TPM_AUTH *,TPM_AUTH *,UINT32 *,BYTE **); +#else +#define RPC_Seal_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_Unseal_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#endif + +#ifdef TSS_BUILD_SEALX +TSS_RESULT RPC_Sealx_TP(struct host_table_entry *,TCS_KEY_HANDLE,TCPA_ENCAUTH *,UINT32,BYTE *,UINT32,BYTE *,TPM_AUTH *,UINT32 *,BYTE **); +#else +#define RPC_Sealx_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#endif + +#ifdef TSS_BUILD_BIND +TSS_RESULT RPC_UnBind_TP(struct host_table_entry *,TCS_KEY_HANDLE,UINT32,BYTE *,TPM_AUTH *,UINT32 *,BYTE **); +#else +#define RPC_UnBind_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#endif + +#ifdef TSS_BUILD_MIGRATION +TSS_RESULT RPC_CreateMigrationBlob_TP(struct host_table_entry *,TCS_KEY_HANDLE,TCPA_MIGRATE_SCHEME,UINT32,BYTE *,UINT32,BYTE *,TPM_AUTH *,TPM_AUTH *,UINT32 *,BYTE **,UINT32 *,BYTE **); +TSS_RESULT RPC_ConvertMigrationBlob_TP(struct host_table_entry *,TCS_KEY_HANDLE,UINT32,BYTE *,UINT32,BYTE *,TPM_AUTH *,UINT32 *,BYTE **); +TSS_RESULT RPC_AuthorizeMigrationKey_TP(struct host_table_entry *,TCPA_MIGRATE_SCHEME,UINT32,BYTE *,TPM_AUTH *,UINT32 *,BYTE **); +#else +#define RPC_CreateMigrationBlob_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_ConvertMigrationBlob_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_AuthorizeMigrationKey_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#endif + +#ifdef TSS_BUILD_CERTIFY +TSS_RESULT RPC_CertifyKey_TP(struct host_table_entry *,TCS_KEY_HANDLE,TCS_KEY_HANDLE,TPM_NONCE *,TPM_AUTH *,TPM_AUTH *,UINT32 *,BYTE **,UINT32 *,BYTE **); +#else +#define RPC_CertifyKey_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#endif + +#ifdef TSS_BUILD_SIGN +TSS_RESULT RPC_Sign_TP(struct host_table_entry *,TCS_KEY_HANDLE,UINT32,BYTE *,TPM_AUTH *,UINT32 *,BYTE **); +#else +#define RPC_Sign_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#endif + +#ifdef TSS_BUILD_RANDOM +TSS_RESULT RPC_GetRandom_TP(struct host_table_entry *,UINT32,BYTE **); +TSS_RESULT RPC_StirRandom_TP(struct host_table_entry *,UINT32,BYTE *); +#else +#define RPC_GetRandom_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_StirRandom_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#endif + +#ifdef TSS_BUILD_CAPS_TPM +TSS_RESULT RPC_GetTPMCapability_TP(struct host_table_entry *,TCPA_CAPABILITY_AREA,UINT32,BYTE *,UINT32 *,BYTE **); +TSS_RESULT RPC_GetCapabilitySigned_TP(struct host_table_entry *,TCS_KEY_HANDLE,TCPA_NONCE,TCPA_CAPABILITY_AREA,UINT32,BYTE *,TPM_AUTH *,TCPA_VERSION *,UINT32 *,BYTE **,UINT32 *,BYTE **); +TSS_RESULT RPC_GetCapabilityOwner_TP(struct host_table_entry *,TPM_AUTH *,TCPA_VERSION *,UINT32 *,UINT32 *); +TSS_RESULT RPC_SetCapability_TP(struct host_table_entry *,TCPA_CAPABILITY_AREA,UINT32,BYTE *,UINT32,BYTE *,TPM_AUTH *); +#else +#define RPC_GetTPMCapability_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_GetCapabilitySigned_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_GetCapabilityOwner_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_SetCapability_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#endif + +#ifdef TSS_BUILD_CAPS +TSS_RESULT RPC_GetCapability_TP(struct host_table_entry *,TCPA_CAPABILITY_AREA,UINT32,BYTE *,UINT32 *,BYTE **); +#else +#define RPC_GetCapability_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#endif + +#ifdef TSS_BUILD_EK +TSS_RESULT RPC_CreateEndorsementKeyPair_TP(struct host_table_entry *,TCPA_NONCE,UINT32,BYTE *,UINT32 *,BYTE **,TCPA_DIGEST *); +TSS_RESULT RPC_ReadPubek_TP(struct host_table_entry *,TCPA_NONCE,UINT32 *,BYTE **,TCPA_DIGEST *); +TSS_RESULT RPC_OwnerReadPubek_TP(struct host_table_entry *,TPM_AUTH *,UINT32 *,BYTE **); +TSS_RESULT RPC_DisablePubekRead_TP(struct host_table_entry *,TPM_AUTH *); +#ifdef TSS_BUILD_TSS12 +TSS_RESULT RPC_CreateRevocableEndorsementKeyPair_TP(struct host_table_entry *,TPM_NONCE,UINT32,BYTE *,TSS_BOOL,TPM_DIGEST *,UINT32 *,BYTE **,TPM_DIGEST *); +TSS_RESULT RPC_RevokeEndorsementKeyPair_TP(struct host_table_entry *,TPM_DIGEST *); +#else +#define RPC_CreateRevocableEndorsementKeyPair_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_RevokeEndorsementKeyPair_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#endif +#else +#define RPC_DisablePubekRead_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_CreateEndorsementKeyPair_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_ReadPubek_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_OwnerReadPubek_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_CreateRevocableEndorsementKeyPair_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_RevokeEndorsementKeyPair_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#endif + +#ifdef TSS_BUILD_SELFTEST +TSS_RESULT RPC_SelfTestFull_TP(struct host_table_entry * hContext); +TSS_RESULT RPC_CertifySelfTest_TP(struct host_table_entry *,TCS_KEY_HANDLE,TCPA_NONCE,TPM_AUTH *,UINT32 *,BYTE **); +TSS_RESULT RPC_GetTestResult_TP(struct host_table_entry *,UINT32 *,BYTE **); +#else +#define RPC_SelfTestFull_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_CertifySelfTest_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_GetTestResult_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#endif + +#ifdef TSS_BUILD_MAINT +TSS_RESULT RPC_CreateMaintenanceArchive_TP(struct host_table_entry *,TSS_BOOL,TPM_AUTH *,UINT32 *,BYTE **,UINT32 *,BYTE **); +TSS_RESULT RPC_LoadMaintenanceArchive_TP(struct host_table_entry *,UINT32,BYTE *,TPM_AUTH *,UINT32 *,BYTE **); +TSS_RESULT RPC_KillMaintenanceFeature_TP(struct host_table_entry *,TPM_AUTH *); +TSS_RESULT RPC_LoadManuMaintPub_TP(struct host_table_entry *,TCPA_NONCE,UINT32,BYTE *,TCPA_DIGEST *); +TSS_RESULT RPC_ReadManuMaintPub_TP(struct host_table_entry *,TCPA_NONCE,TCPA_DIGEST *); +#else +#define RPC_CreateMaintenanceArchive_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_LoadMaintenanceArchive_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_KillMaintenanceFeature_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_LoadManuMaintPub_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_ReadManuMaintPub_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#endif + +#ifdef TSS_BUILD_DAA +TSS_RESULT RPC_DaaJoin_TP(struct host_table_entry *,TPM_HANDLE,BYTE,UINT32,BYTE *,UINT32,BYTE *,TPM_AUTH *,UINT32 *,BYTE **); +TSS_RESULT RPC_DaaSign_TP(struct host_table_entry *,TPM_HANDLE,BYTE,UINT32,BYTE *,UINT32,BYTE *,TPM_AUTH *,UINT32 *,BYTE **); +#else +#define RPC_DaaJoin_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_DaaSign_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#endif + +#ifdef TSS_BUILD_COUNTER +TSS_RESULT RPC_ReadCounter_TP(struct host_table_entry *,TSS_COUNTER_ID,TPM_COUNTER_VALUE *); +TSS_RESULT RPC_CreateCounter_TP(struct host_table_entry *,UINT32,BYTE *,TPM_ENCAUTH,TPM_AUTH *,TSS_COUNTER_ID *,TPM_COUNTER_VALUE *); +TSS_RESULT RPC_IncrementCounter_TP(struct host_table_entry *,TSS_COUNTER_ID,TPM_AUTH *,TPM_COUNTER_VALUE *); +TSS_RESULT RPC_ReleaseCounter_TP(struct host_table_entry *,TSS_COUNTER_ID,TPM_AUTH *); +TSS_RESULT RPC_ReleaseCounterOwner_TP(struct host_table_entry *,TSS_COUNTER_ID,TPM_AUTH *); +#else +#define RPC_ReadCounter_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_CreateCounter_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_IncrementCounter_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_ReleaseCounter_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_ReleaseCounterOwner_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#endif + +#ifdef TSS_BUILD_TICK +TSS_RESULT RPC_ReadCurrentTicks_TP(struct host_table_entry *,UINT32 *,BYTE **); +TSS_RESULT RPC_TickStampBlob_TP(struct host_table_entry *,TCS_KEY_HANDLE,TPM_NONCE *,TPM_DIGEST *,TPM_AUTH *,UINT32 *,BYTE **,UINT32 *,BYTE **); +#else +#define RPC_ReadCurrentTicks_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_TickStampBlob_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#endif + +#ifdef TSS_BUILD_TRANSPORT +TSS_RESULT RPC_EstablishTransport_TP(struct host_table_entry *, UINT32, TCS_KEY_HANDLE, UINT32, BYTE*, UINT32, BYTE*, TPM_AUTH*, TPM_MODIFIER_INDICATOR*, TCS_HANDLE*, UINT32*, BYTE**, TPM_NONCE*); +TSS_RESULT RPC_ExecuteTransport_TP(struct host_table_entry *,TPM_COMMAND_CODE, UINT32, BYTE*, UINT32*, TCS_HANDLE**, TPM_AUTH*, TPM_AUTH*, TPM_AUTH*, UINT64*, TPM_MODIFIER_INDICATOR*, TPM_RESULT*, UINT32*, BYTE**); +TSS_RESULT RPC_ReleaseTransportSigned_TP(struct host_table_entry *, TCS_KEY_HANDLE, TPM_NONCE *, TPM_AUTH*, TPM_AUTH*, TPM_MODIFIER_INDICATOR*, UINT32*, BYTE**, UINT32*, BYTE**); +#else +#define RPC_EstablishTransport_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_ExecuteTransport_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_ReleaseTransportSigned_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#endif + +#ifdef TSS_BUILD_NV +TSS_RESULT RPC_NV_DefineOrReleaseSpace_TP(struct host_table_entry *hte, UINT32, BYTE *, TCPA_ENCAUTH, TPM_AUTH *); +TSS_RESULT RPC_NV_WriteValue_TP(struct host_table_entry *hte, TSS_NV_INDEX, UINT32, UINT32, BYTE *, TPM_AUTH *); +TSS_RESULT RPC_NV_WriteValueAuth_TP(struct host_table_entry *hte, TSS_NV_INDEX, UINT32, UINT32, BYTE *, TPM_AUTH *); +TSS_RESULT RPC_NV_ReadValue_TP(struct host_table_entry *hte, TSS_NV_INDEX, UINT32, UINT32 *, TPM_AUTH *, BYTE **); +TSS_RESULT RPC_NV_ReadValueAuth_TP(struct host_table_entry *hte, TSS_NV_INDEX, UINT32, UINT32 *, TPM_AUTH *, BYTE **); +#else +#define RPC_NV_DefineOrReleaseSpace_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_NV_WriteValue_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_NV_WriteValueAuth_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_NV_ReadValue_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_NV_ReadValueAuth_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#endif + +#ifdef TSS_BUILD_AUDIT +TSS_RESULT RPC_SetOrdinalAuditStatus_TP(struct host_table_entry *hte, TPM_AUTH *, UINT32, TSS_BOOL); +TSS_RESULT RPC_GetAuditDigest_TP(struct host_table_entry *hte, UINT32, TPM_DIGEST *, UINT32 *, BYTE **, TSS_BOOL *, UINT32 *, UINT32 **); +TSS_RESULT RPC_GetAuditDigestSigned_TP(struct host_table_entry *hte, TCS_KEY_HANDLE, TSS_BOOL, TPM_NONCE *, TPM_AUTH *, UINT32 *, BYTE **, TPM_DIGEST *, TPM_DIGEST *, UINT32 *, BYTE **); +#else +#define RPC_SetOrdinalAuditStatus_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_GetAuditDigest_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_GetAuditDigestSigned_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#endif + +#ifdef TSS_BUILD_TSS12 +TSS_RESULT RPC_SetOperatorAuth_TP(struct host_table_entry *hte, TCPA_SECRET *); +TSS_RESULT RPC_FlushSpecific_TP(struct host_table_entry *hte, TCS_HANDLE, TPM_RESOURCE_TYPE); +#else +#define RPC_SetOperatorAuth_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_FlushSpecific_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#endif + +#ifdef TSS_BUILD_DELEGATION +TSS_RESULT RPC_Delegate_Manage_TP(struct host_table_entry *hte, TPM_FAMILY_ID, TPM_FAMILY_OPERATION, UINT32, BYTE *, TPM_AUTH *, UINT32 *, BYTE **); +TSS_RESULT RPC_Delegate_CreateKeyDelegation_TP(struct host_table_entry *hte, TCS_KEY_HANDLE, UINT32, BYTE *, TPM_ENCAUTH *, TPM_AUTH *, UINT32 *, BYTE **); +TSS_RESULT RPC_Delegate_CreateOwnerDelegation_TP(struct host_table_entry *hte, TSS_BOOL, UINT32, BYTE *, TPM_ENCAUTH *, TPM_AUTH *, UINT32 *, BYTE **); +TSS_RESULT RPC_Delegate_LoadOwnerDelegation_TP(struct host_table_entry *hte, TPM_DELEGATE_INDEX, UINT32, BYTE *, TPM_AUTH *); +TSS_RESULT RPC_Delegate_ReadTable_TP(struct host_table_entry *hte, UINT32 *, BYTE **, UINT32 *, BYTE **); +TSS_RESULT RPC_Delegate_UpdateVerificationCount_TP(struct host_table_entry *hte, UINT32, BYTE *, TPM_AUTH *, UINT32 *, BYTE **); +TSS_RESULT RPC_Delegate_VerifyDelegation_TP(struct host_table_entry *hte, UINT32, BYTE *); +TSS_RESULT RPC_DSAP_TP(struct host_table_entry *hte, TPM_ENTITY_TYPE, TCS_KEY_HANDLE, TPM_NONCE *, UINT32, BYTE *, TCS_AUTHHANDLE *, TPM_NONCE *, TPM_NONCE *); +#else +#define RPC_Delegate_Manage_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_Delegate_CreateKeyDelegation_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_Delegate_CreateOwnerDelegation_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_Delegate_LoadOwnerDelegation_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_Delegate_ReadTable_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_Delegate_UpdateVerificationCount_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_Delegate_VerifyDelegation_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_DSAP_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#endif + +#ifdef TSS_BUILD_CMK +TSS_RESULT RPC_CMK_SetRestrictions_TP(struct host_table_entry *hte, TSS_CMK_DELEGATE, TPM_AUTH *); +TSS_RESULT RPC_CMK_ApproveMA_TP(struct host_table_entry *hte, TPM_DIGEST, TPM_AUTH *, TPM_HMAC *); +TSS_RESULT RPC_CMK_CreateKey_TP(struct host_table_entry *hte, TCS_KEY_HANDLE, TPM_ENCAUTH *, TPM_HMAC *, TPM_DIGEST *, UINT32 *, BYTE **, TPM_AUTH *); +TSS_RESULT RPC_CMK_CreateTicket_TP(struct host_table_entry *hte, UINT32, BYTE *, TPM_DIGEST, UINT32, BYTE *, TPM_AUTH *, TPM_HMAC *); +TSS_RESULT RPC_CMK_CreateBlob_TP(struct host_table_entry *hte, TCS_KEY_HANDLE, TSS_MIGRATE_SCHEME, UINT32, BYTE *, TPM_DIGEST, UINT32, BYTE *, UINT32, BYTE *, UINT32, BYTE *, UINT32, BYTE *, TPM_AUTH *, UINT32 *, BYTE **, UINT32 *, BYTE **); +TSS_RESULT RPC_CMK_ConvertMigration_TP(struct host_table_entry *hte, TCS_KEY_HANDLE, TPM_CMK_AUTH, TPM_HMAC, UINT32, BYTE *, UINT32, BYTE *, UINT32, BYTE *, TPM_AUTH *, UINT32 *, BYTE **); +#else +#define RPC_CMK_SetRestrictions_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_CMK_ApproveMA_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_CMK_CreateKey_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_CMK_CreateTicket_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_CMK_CreateBlob_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#define RPC_CMK_ConvertMigration_TP(...) TSPERR(TSS_E_INTERNAL_ERROR) +#endif + +#endif diff --git a/src/include/spi_utils.h b/src/include/spi_utils.h new file mode 100644 index 0000000..f93e877 --- /dev/null +++ b/src/include/spi_utils.h @@ -0,0 +1,632 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004, 2007 + * + */ + + +#ifndef _SPI_UTILS_H_ +#define _SPI_UTILS_H_ + +#include "threads.h" +#include // for endian routines + +#include "trousers_types.h" +#include "trousers/trousers.h" + +struct key_mem_cache +{ + TCS_KEY_HANDLE tcs_handle; + TSS_HKEY tsp_handle; + UINT16 flags; + UINT32 time_stamp; + TSS_UUID uuid; + TSS_UUID p_uuid; + TSS_KEY *blob; + struct key_mem_cache *parent; + struct key_mem_cache *next; +}; + +extern struct key_mem_cache *key_mem_cache_head; +MUTEX_DECLARE_EXTERN(mem_cache_lock); + +#ifndef MIN +#define MIN(a,b) ((a) < (b) ? (a) : (b)) +#endif + +#define BOOL(x) ((x) == 0) ? FALSE : TRUE +#define INVBOOL(x) ((x) == 0) ? TRUE : FALSE + +#define TSS_PSFILE_INCREMENT_NUM_KEYS 1 +#define TSS_PSFILE_DECREMENT_NUM_KEYS 0 + +void *calloc_tspi(TSS_HCONTEXT, UINT32); +TSS_RESULT free_tspi(TSS_HCONTEXT, void *); +TSS_RESULT __tspi_add_mem_entry(TSS_HCONTEXT, void *); + +/* secrets.c */ + +TSS_RESULT policy_UsesAuth(TSS_HPOLICY, TSS_BOOL *); + +TSS_RESULT secret_PerformAuth_OIAP(TSS_HOBJECT, UINT32, TSS_HPOLICY, TSS_BOOL, TCPA_DIGEST *, + TPM_AUTH *); +#if 0 +TSS_RESULT secret_PerformXOR_OSAP(TSS_HPOLICY, TSS_HPOLICY, TSS_HPOLICY, TSS_HOBJECT, + UINT16, UINT32, TCPA_ENCAUTH *, TCPA_ENCAUTH *, + BYTE *, TPM_AUTH *, TCPA_NONCE *); +TSS_RESULT secret_PerformAuth_OSAP(TSS_HOBJECT, UINT32, TSS_HPOLICY, + TSS_HPOLICY, TSS_HPOLICY, BYTE *, + TPM_AUTH *, BYTE *, TCPA_NONCE *); + +TSS_RESULT secret_ValidateAuth_OSAP(TSS_HOBJECT, UINT32, TSS_HPOLICY, + TSS_HPOLICY, TSS_HPOLICY, BYTE *, + TPM_AUTH *, BYTE *, TCPA_NONCE *); +#endif +TSS_RESULT secret_TakeOwnership(TSS_HKEY, TSS_HTPM, TSS_HKEY, TPM_AUTH *, + UINT32 *, BYTE *, UINT32 *, BYTE *); + +TSS_RESULT changeauth_owner(TSS_HCONTEXT, TSS_HOBJECT, TSS_HOBJECT, TSS_HPOLICY); +TSS_RESULT changeauth_srk(TSS_HCONTEXT, TSS_HOBJECT, TSS_HOBJECT, TSS_HPOLICY); +TSS_RESULT changeauth_key(TSS_HCONTEXT, TSS_HOBJECT, TSS_HOBJECT, TSS_HPOLICY); +TSS_RESULT changeauth_encdata(TSS_HCONTEXT, TSS_HOBJECT, TSS_HOBJECT, TSS_HPOLICY); + +TSS_RESULT sealx_mask_cb(PVOID, TSS_HKEY, TSS_HENCDATA, TSS_ALGORITHM_ID, UINT32, BYTE *, BYTE *, + BYTE *, BYTE *, UINT32, BYTE *, BYTE *); + +TSS_RESULT __tspi_free_resource(TSS_HCONTEXT, UINT32, UINT32); +TSS_RESULT owner_get_pubek(TSS_HCONTEXT, TSS_HTPM, TSS_HKEY *); + +#define next( x ) x = x->next + +/* spi_utils.c */ + +UINT16 get_num_pcrs(TSS_HCONTEXT); +void free_key_refs(TSS_KEY *); + +#define UI_MAX_SECRET_STRING_LENGTH 256 +#define UI_MAX_POPUP_STRING_LENGTH 256 + +#ifdef TSS_NO_GUI +#define DisplayPINWindow(a,b,c) \ + do { \ + *(b) = 0; \ + } while (0) +#define DisplayNewPINWindow(a,b,c) \ + do { \ + *(b) = 0; \ + } while (0) +#else +TSS_RESULT DisplayPINWindow(BYTE *, UINT32 *, BYTE *); +TSS_RESULT DisplayNewPINWindow(BYTE *, UINT32 *, BYTE *); +#endif + +TSS_RESULT merge_key_hierarchies(TSS_HCONTEXT, UINT32, TSS_KM_KEYINFO *, UINT32, TSS_KM_KEYINFO *, + UINT32 *, TSS_KM_KEYINFO **); +TSS_RESULT merge_key_hierarchies2(TSS_HCONTEXT, UINT32, TSS_KM_KEYINFO2 *, UINT32, TSS_KM_KEYINFO2 *, + UINT32 *, TSS_KM_KEYINFO2 **); + + +int pin_mem(void *, size_t); +int unpin_mem(void *, size_t); + + +#define TSS_MAX_SYM_BLOCK_SIZE 16 + +TSS_RESULT internal_GetCap(TSS_HCONTEXT, TSS_FLAG, UINT32, UINT32 *, BYTE **); + +/* For an unconnected context that wants to do PCR operations, assume that + * the TPM has TSS_DEFAULT_NUM_PCRS pcrs */ +#define TSS_DEFAULT_NUM_PCRS 16 +#define TSS_LOCAL_RANDOM_DEVICE "/dev/urandom" +#define TSS_LOCALHOST_STRING "localhost" +TSS_RESULT get_local_random(TSS_HCONTEXT, TSS_BOOL, UINT32, BYTE **); + +#define AUTH_RETRY_NANOSECS 500000000 +#define AUTH_RETRY_COUNT 5 +#define TPM_AUTH_RQU_SIZE (sizeof(TPM_AUTHHANDLE) + sizeof(TPM_NONCE) \ + + sizeof(TPM_BOOL) + sizeof(TPM_AUTHDATA)) +#define TPM_AUTH_RSP_SIZE (sizeof(TPM_NONCE) + sizeof(TPM_BOOL) + sizeof(TPM_AUTHDATA)) + +#define endian32(x) htonl(x) +#define endian16(x) htons(x) + +extern TSS_VERSION VERSION_1_1; + +TSS_RESULT __tspi_rsa_encrypt(TSS_HKEY, UINT32, BYTE*, UINT32*, BYTE*); +TSS_RESULT __tspi_rsa_verify(TSS_HKEY, UINT32, UINT32, BYTE*, UINT32, BYTE*); + +TSS_RESULT Init_AuthNonce(TCS_CONTEXT_HANDLE, TSS_BOOL, TPM_AUTH *); +TSS_BOOL validateReturnAuth(BYTE *, BYTE *, TPM_AUTH *); +void HMAC_Auth(BYTE *, BYTE *, TPM_AUTH *); +TSS_RESULT OSAP_Calc(TCS_CONTEXT_HANDLE, UINT16, UINT32, BYTE *, BYTE *, BYTE *, + TCPA_ENCAUTH *, TCPA_ENCAUTH *, BYTE *, TPM_AUTH *); + +void UINT64ToArray(UINT64, BYTE *); +void UINT32ToArray(UINT32, BYTE *); +void UINT16ToArray(UINT16, BYTE *); +UINT16 Decode_UINT16(BYTE *); +UINT32 Decode_UINT32(BYTE *); +UINT64 Decode_UINT64(BYTE *); + +TSS_RESULT popup_GetSecret(UINT32, UINT32, BYTE *, void *); + +TSS_RESULT get_tpm_flags(TSS_HCONTEXT, TSS_HTPM, UINT32 *, UINT32 *); +TSS_RESULT pcrs_calc_composite(TCPA_PCR_SELECTION *, TCPA_PCRVALUE *, TCPA_DIGEST *); +struct tr_pcrs_obj; +TSS_RESULT pcrs_sanity_check_selection(TCS_CONTEXT_HANDLE, struct tr_pcrs_obj *, TPM_PCR_SELECTION *); + +void LoadBlob_AUTH(UINT64 *, BYTE *, TPM_AUTH *); +void UnloadBlob_AUTH(UINT64 *, BYTE *, TPM_AUTH *); +void LoadBlob_LOADKEY_INFO(UINT64 *, BYTE *, TCS_LOADKEY_INFO *); +void UnloadBlob_LOADKEY_INFO(UINT64 *, BYTE *, TCS_LOADKEY_INFO *); +void LoadBlob_TSS_KEY(UINT64 *, BYTE *, TSS_KEY *); +TSS_RESULT UnloadBlob_TSS_KEY(UINT64 *, BYTE *, TSS_KEY *); +TSS_RESULT Hash_TSS_KEY(Trspi_HashCtx *, TSS_KEY *); +void LoadBlob_TSS_PRIVKEY_DIGEST(UINT64 *, BYTE *, TSS_KEY *); +TSS_RESULT Hash_TSS_PRIVKEY_DIGEST(Trspi_HashCtx *, TSS_KEY *); + +TSS_RESULT TSP_SetCapability(TSS_HCONTEXT, TSS_HTPM, TSS_HPOLICY, TPM_CAPABILITY_AREA, + UINT32, TSS_BOOL); + +TSS_RESULT RPC_OpenContext(TSS_HCONTEXT, BYTE *, int); +TSS_RESULT RPC_FreeMemory(TSS_HCONTEXT, BYTE *); +TSS_RESULT RPC_GetRegisteredKeyByPublicInfo(TSS_HCONTEXT, TCPA_ALGORITHM_ID, UINT32, + BYTE *, UINT32 *, BYTE **); +TSS_RESULT RPC_CloseContext(TSS_HCONTEXT); +TSS_RESULT RPC_GetCapability(TSS_HCONTEXT, TCPA_CAPABILITY_AREA, UINT32, BYTE *, UINT32 *, BYTE **); +TSS_RESULT RPC_GetTPMCapability(TSS_HCONTEXT, TCPA_CAPABILITY_AREA, UINT32, BYTE *, UINT32 *, BYTE **); +TSS_RESULT Transport_GetTPMCapability(TSS_HCONTEXT, TCPA_CAPABILITY_AREA, UINT32, BYTE *, UINT32 *, BYTE **); +TSS_RESULT RPC_SetCapability(TSS_HCONTEXT, TCPA_CAPABILITY_AREA, UINT32, BYTE *, UINT32, BYTE *, TPM_AUTH *); +TSS_RESULT Transport_SetCapability(TSS_HCONTEXT, TCPA_CAPABILITY_AREA, UINT32, BYTE *, UINT32, + BYTE *, TPM_AUTH *); +TSS_RESULT RPC_LoadKeyByBlob(TSS_HCONTEXT, TCS_KEY_HANDLE, UINT32, BYTE *, TPM_AUTH *, + TCS_KEY_HANDLE *, TCS_KEY_HANDLE *); +TSS_RESULT Transport_LoadKeyByBlob(TSS_HCONTEXT, TSS_HKEY, UINT32, BYTE *, + TPM_AUTH *, TCS_KEY_HANDLE *, TPM_KEY_HANDLE *); +TSS_RESULT RPC_LoadKeyByUUID(TSS_HCONTEXT, TSS_UUID, TCS_LOADKEY_INFO *, TCS_KEY_HANDLE *); +TSS_RESULT RPC_GetRegisteredKey(TSS_HCONTEXT, TSS_UUID, TSS_KM_KEYINFO **); +TSS_RESULT RPC_GetRegisteredKeyBlob(TSS_HCONTEXT, TSS_UUID, UINT32 *, BYTE **); +TSS_RESULT RPC_RegisterKey(TSS_HCONTEXT, TSS_UUID, TSS_UUID, UINT32, BYTE *, UINT32, BYTE *); +TSS_RESULT RPC_UnregisterKey(TSS_HCONTEXT, TSS_UUID); +TSS_RESULT RPC_EnumRegisteredKeys(TSS_HCONTEXT, TSS_UUID *, UINT32 *, TSS_KM_KEYINFO **); +TSS_RESULT RPC_EnumRegisteredKeys2(TSS_HCONTEXT, TSS_UUID *, UINT32 *, TSS_KM_KEYINFO2 **); +TSS_RESULT RPC_ChangeAuth(TSS_HCONTEXT, TCS_KEY_HANDLE, TCPA_PROTOCOL_ID, TCPA_ENCAUTH *, + TCPA_ENTITY_TYPE, UINT32, BYTE *, TPM_AUTH *, TPM_AUTH *, + UINT32 *, BYTE **); +TSS_RESULT Transport_ChangeAuth(TSS_HCONTEXT, TCS_KEY_HANDLE, TCPA_PROTOCOL_ID, TCPA_ENCAUTH *, + TCPA_ENTITY_TYPE, UINT32, BYTE *, TPM_AUTH *, TPM_AUTH *, + UINT32 *, BYTE **); +TSS_RESULT RPC_ChangeAuthOwner(TSS_HCONTEXT, TCPA_PROTOCOL_ID, TCPA_ENCAUTH *, TCPA_ENTITY_TYPE, + TPM_AUTH *); +TSS_RESULT Transport_ChangeAuthOwner(TSS_HCONTEXT, TCPA_PROTOCOL_ID, TCPA_ENCAUTH *, TCPA_ENTITY_TYPE, + TPM_AUTH *); +TSS_RESULT RPC_TerminateHandle(TSS_HCONTEXT, TCS_AUTHHANDLE); +TSS_RESULT Transport_TerminateHandle(TSS_HCONTEXT, TCS_AUTHHANDLE); +TSS_RESULT RPC_GetRandom(TSS_HCONTEXT, UINT32, BYTE **); +TSS_RESULT Transport_GetRandom(TSS_HCONTEXT, UINT32, BYTE **); +TSS_RESULT RPC_ChangeAuthAsymStart(TSS_HCONTEXT, TCS_KEY_HANDLE, TCPA_NONCE, UINT32, BYTE *, + TPM_AUTH *, UINT32 *, BYTE **, UINT32 *, BYTE **, UINT32 *, + BYTE **, TCS_KEY_HANDLE *); +TSS_RESULT RPC_ChangeAuthAsymFinish(TSS_HCONTEXT, TCS_KEY_HANDLE, TCS_KEY_HANDLE, + TCPA_ENTITY_TYPE, TCPA_HMAC, UINT32, BYTE *, UINT32, + BYTE *, TPM_AUTH *, UINT32 *, BYTE **, TCPA_SALT_NONCE *, + TCPA_DIGEST *); +TSS_RESULT RPC_GetPubKey(TSS_HCONTEXT, TCS_KEY_HANDLE, TPM_AUTH *, UINT32 *, BYTE **); +TSS_RESULT Transport_GetPubKey(TSS_HCONTEXT, TCS_KEY_HANDLE, TPM_AUTH *, UINT32 *, BYTE **); +TSS_RESULT RPC_CreateWrapKey(TSS_HCONTEXT, TCS_KEY_HANDLE, TCPA_ENCAUTH *, TCPA_ENCAUTH *, + UINT32, BYTE *, UINT32 *, BYTE **, TPM_AUTH *); +TSS_RESULT Transport_CreateWrapKey(TSS_HCONTEXT, TCS_KEY_HANDLE, TCPA_ENCAUTH *, TCPA_ENCAUTH *, + UINT32, BYTE *, UINT32 *, BYTE **, TPM_AUTH *); +TSS_RESULT RPC_CertifyKey(TSS_HCONTEXT, TCS_KEY_HANDLE, TCS_KEY_HANDLE, TPM_NONCE *, TPM_AUTH *, + TPM_AUTH *, UINT32 *, BYTE **, UINT32 *, BYTE **); +TSS_RESULT Transport_CertifyKey(TSS_HCONTEXT, TCS_KEY_HANDLE, TCS_KEY_HANDLE, TPM_NONCE *, + TPM_AUTH *, TPM_AUTH *, UINT32 *, BYTE **, UINT32 *, BYTE **); +TSS_RESULT RPC_CreateMigrationBlob(TSS_HCONTEXT, TCS_KEY_HANDLE, TCPA_MIGRATE_SCHEME, UINT32, + BYTE *, UINT32, BYTE *, TPM_AUTH *, TPM_AUTH *, UINT32 *, + BYTE **, UINT32 *, BYTE **); +TSS_RESULT Transport_CreateMigrationBlob(TSS_HCONTEXT, TCS_KEY_HANDLE, TCPA_MIGRATE_SCHEME, UINT32, + BYTE *, UINT32, BYTE *, TPM_AUTH *, TPM_AUTH *, UINT32 *, + BYTE **, UINT32 *, BYTE **); +TSS_RESULT RPC_ConvertMigrationBlob(TSS_HCONTEXT, TCS_KEY_HANDLE, UINT32, BYTE *, UINT32, + BYTE *, TPM_AUTH *, UINT32 *, BYTE **); +TSS_RESULT Transport_ConvertMigrationBlob(TSS_HCONTEXT, TCS_KEY_HANDLE, UINT32, BYTE *, UINT32, + BYTE *, TPM_AUTH *, UINT32 *, BYTE **); +TSS_RESULT RPC_PcrRead(TSS_HCONTEXT, TCPA_PCRINDEX, TCPA_PCRVALUE *); +TSS_RESULT Transport_PcrRead(TSS_HCONTEXT, TCPA_PCRINDEX, TCPA_PCRVALUE *); +TSS_RESULT RPC_PcrReset(TSS_HCONTEXT, UINT32, BYTE *); +TSS_RESULT Transport_PcrReset(TSS_HCONTEXT, UINT32, BYTE *); +TSS_RESULT RPC_OSAP(TSS_HCONTEXT, TCPA_ENTITY_TYPE, UINT32, TPM_NONCE *, TCS_AUTHHANDLE *, + TCPA_NONCE *, TCPA_NONCE *); +TSS_RESULT Transport_OSAP(TSS_HCONTEXT, TCPA_ENTITY_TYPE, UINT32, TPM_NONCE *, TCS_AUTHHANDLE *, + TCPA_NONCE *, TCPA_NONCE *); +TSS_RESULT RPC_GetCapabilityOwner(TSS_HCONTEXT, TPM_AUTH *, TCPA_VERSION *, UINT32 *, UINT32 *); +TSS_RESULT Transport_GetCapabilityOwner(TSS_HCONTEXT, TPM_AUTH *, TCPA_VERSION *, UINT32 *, UINT32 *); +TSS_RESULT RPC_OIAP(TSS_HCONTEXT, TCS_AUTHHANDLE *, TCPA_NONCE *); +TSS_RESULT Transport_OIAP(TSS_HCONTEXT, TCS_AUTHHANDLE *, TCPA_NONCE *); +TSS_RESULT RPC_Seal(TSS_HCONTEXT, TCS_KEY_HANDLE, TCPA_ENCAUTH *, UINT32, BYTE *, UINT32, BYTE *, + TPM_AUTH *, UINT32 *, BYTE **); +TSS_RESULT Transport_Seal(TSS_HCONTEXT, TCS_KEY_HANDLE, TCPA_ENCAUTH *, UINT32, BYTE *, UINT32, + BYTE *, TPM_AUTH *, UINT32 *, BYTE **); +TSS_RESULT RPC_Sealx(TSS_HCONTEXT, TCS_KEY_HANDLE, TCPA_ENCAUTH *, UINT32, BYTE *, UINT32, BYTE *, + TPM_AUTH *, UINT32 *, BYTE **); +TSS_RESULT Transport_Sealx(TSS_HCONTEXT, TCS_KEY_HANDLE, TCPA_ENCAUTH *, UINT32, BYTE *, UINT32, + BYTE *, TPM_AUTH *, UINT32 *, BYTE **); +TSS_RESULT RPC_Unseal(TSS_HCONTEXT, TCS_KEY_HANDLE, UINT32, BYTE *, TPM_AUTH *, TPM_AUTH *, + UINT32 *, BYTE **); +TSS_RESULT Transport_Unseal(TSS_HCONTEXT, TCS_KEY_HANDLE, UINT32, BYTE *, TPM_AUTH *, TPM_AUTH *, + UINT32 *, BYTE **); +TSS_RESULT RPC_UnBind(TSS_HCONTEXT, TCS_KEY_HANDLE, UINT32, BYTE *, TPM_AUTH *, UINT32 *, + BYTE **); +TSS_RESULT Transport_UnBind(TSS_HCONTEXT, TCS_KEY_HANDLE, UINT32, BYTE *, TPM_AUTH *, UINT32 *, + BYTE **); +TSS_RESULT RPC_Sign(TSS_HCONTEXT, TCS_KEY_HANDLE, UINT32, BYTE *, TPM_AUTH *, UINT32 *, BYTE **); +TSS_RESULT Transport_Sign(TSS_HCONTEXT, TCS_KEY_HANDLE, UINT32, BYTE *, TPM_AUTH *, UINT32 *, BYTE **); +TSS_RESULT RPC_CreateEndorsementKeyPair(TSS_HCONTEXT, TCPA_NONCE, UINT32, BYTE *, UINT32 *, + BYTE **, TCPA_DIGEST *); +TSS_RESULT RPC_ReadPubek(TSS_HCONTEXT, TCPA_NONCE, UINT32 *, BYTE **, TCPA_DIGEST *); +TSS_RESULT RPC_OwnerReadPubek(TSS_HCONTEXT, TPM_AUTH *, UINT32 *, BYTE **); +TSS_RESULT RPC_TakeOwnership(TSS_HCONTEXT, UINT16, UINT32, BYTE *, UINT32, BYTE *, UINT32, BYTE *, TPM_AUTH *, UINT32 *, BYTE **); +TSS_RESULT RPC_CreateRevocableEndorsementKeyPair(TSS_HCONTEXT, TPM_NONCE, UINT32, BYTE *, TSS_BOOL, TPM_DIGEST *, UINT32 *, BYTE **, TPM_DIGEST *); +TSS_RESULT RPC_RevokeEndorsementKeyPair(TSS_HCONTEXT, TPM_DIGEST *); +TSS_RESULT RPC_MakeIdentity(TSS_HCONTEXT, TCPA_ENCAUTH, TCPA_CHOSENID_HASH, UINT32, BYTE *, + TPM_AUTH *, TPM_AUTH *, UINT32 *, BYTE **, UINT32 *, BYTE **, UINT32 *, + BYTE **, UINT32 *, BYTE **, UINT32 *, BYTE **); +TSS_RESULT Transport_MakeIdentity2(TSS_HCONTEXT, TCPA_ENCAUTH, TCPA_CHOSENID_HASH, UINT32, BYTE *, TPM_AUTH *, TPM_AUTH *, UINT32 *, BYTE **, UINT32 *, BYTE **); +TSS_RESULT RPC_ActivateTPMIdentity(TSS_HCONTEXT, TCS_KEY_HANDLE, UINT32, BYTE *, TPM_AUTH *, + TPM_AUTH *, UINT32 *, BYTE **); +TSS_RESULT Transport_ActivateTPMIdentity(TSS_HCONTEXT, TCS_KEY_HANDLE, UINT32, BYTE *, TPM_AUTH *, + TPM_AUTH *, UINT32 *, BYTE **); +TSS_RESULT RPC_OwnerClear(TSS_HCONTEXT, TPM_AUTH *); +TSS_RESULT Transport_OwnerClear(TSS_HCONTEXT, TPM_AUTH *); +TSS_RESULT RPC_ForceClear(TSS_HCONTEXT); +TSS_RESULT Transport_ForceClear(TSS_HCONTEXT); +TSS_RESULT RPC_DisableOwnerClear(TSS_HCONTEXT, TPM_AUTH *); +TSS_RESULT Transport_DisableOwnerClear(TSS_HCONTEXT, TPM_AUTH *); +TSS_RESULT RPC_DisableForceClear(TSS_HCONTEXT); +TSS_RESULT Transport_DisableForceClear(TSS_HCONTEXT); +TSS_RESULT RPC_PhysicalDisable(TSS_HCONTEXT); +TSS_RESULT Transport_PhysicalDisable(TSS_HCONTEXT); +TSS_RESULT RPC_PhysicalEnable(TSS_HCONTEXT); +TSS_RESULT Transport_PhysicalEnable(TSS_HCONTEXT); +TSS_RESULT RPC_PhysicalSetDeactivated(TSS_HCONTEXT, TSS_BOOL); +TSS_RESULT Transport_PhysicalSetDeactivated(TSS_HCONTEXT, TSS_BOOL); +TSS_RESULT RPC_PhysicalPresence(TSS_HCONTEXT, TCPA_PHYSICAL_PRESENCE); +TSS_RESULT Transport_PhysicalPresence(TSS_HCONTEXT, TCPA_PHYSICAL_PRESENCE); +TSS_RESULT RPC_SetTempDeactivated(TSS_HCONTEXT); +TSS_RESULT Transport_SetTempDeactivated(TSS_HCONTEXT); +TSS_RESULT RPC_SetTempDeactivated2(TSS_HCONTEXT, TPM_AUTH *); +TSS_RESULT Transport_SetTempDeactivated2(TSS_HCONTEXT, TPM_AUTH *); +TSS_RESULT RPC_OwnerSetDisable(TSS_HCONTEXT, TSS_BOOL, TPM_AUTH *); +TSS_RESULT Transport_OwnerSetDisable(TSS_HCONTEXT, TSS_BOOL, TPM_AUTH *); +TSS_RESULT RPC_ResetLockValue(TSS_HCONTEXT, TPM_AUTH *); +TSS_RESULT Transport_ResetLockValue(TSS_HCONTEXT, TPM_AUTH *); +TSS_RESULT RPC_SetOwnerInstall(TSS_HCONTEXT, TSS_BOOL); +TSS_RESULT Transport_SetOwnerInstall(TSS_HCONTEXT, TSS_BOOL); +TSS_RESULT RPC_DisablePubekRead(TSS_HCONTEXT, TPM_AUTH *); +TSS_RESULT Transport_DisablePubekRead(TSS_HCONTEXT, TPM_AUTH *); +TSS_RESULT RPC_SelfTestFull(TSS_HCONTEXT); +TSS_RESULT Transport_SelfTestFull(TSS_HCONTEXT); +TSS_RESULT RPC_CertifySelfTest(TSS_HCONTEXT, TCS_KEY_HANDLE, TCPA_NONCE, TPM_AUTH *, UINT32 *, + BYTE **); +TSS_RESULT Transport_CertifySelfTest(TSS_HCONTEXT, TCS_KEY_HANDLE, TCPA_NONCE, TPM_AUTH *, UINT32 *, + BYTE **); +TSS_RESULT RPC_GetTestResult(TSS_HCONTEXT, UINT32 *, BYTE **); +TSS_RESULT Transport_GetTestResult(TSS_HCONTEXT, UINT32 *, BYTE **); +TSS_RESULT RPC_StirRandom(TSS_HCONTEXT, UINT32, BYTE *); +TSS_RESULT Transport_StirRandom(TSS_HCONTEXT, UINT32, BYTE *); +TSS_RESULT RPC_AuthorizeMigrationKey(TSS_HCONTEXT, TCPA_MIGRATE_SCHEME, UINT32, BYTE *, + TPM_AUTH *, UINT32 *, BYTE **); +TSS_RESULT Transport_AuthorizeMigrationKey(TSS_HCONTEXT, TCPA_MIGRATE_SCHEME, UINT32, BYTE *, + TPM_AUTH *, UINT32 *, BYTE **); +TSS_RESULT RPC_GetPcrEvent(TSS_HCONTEXT, UINT32, UINT32 *, TSS_PCR_EVENT **); +TSS_RESULT RPC_GetPcrEventsByPcr(TSS_HCONTEXT, UINT32, UINT32, UINT32 *, TSS_PCR_EVENT **); +TSS_RESULT RPC_GetPcrEventLog(TSS_HCONTEXT, UINT32 *, TSS_PCR_EVENT **); +TSS_RESULT RPC_Quote(TSS_HCONTEXT, TCS_KEY_HANDLE, TCPA_NONCE *, UINT32, BYTE *, TPM_AUTH *, + UINT32 *, BYTE **, UINT32 *, BYTE **); +TSS_RESULT Transport_Quote(TSS_HCONTEXT, TCS_KEY_HANDLE, TCPA_NONCE *, UINT32, BYTE *, TPM_AUTH *, + UINT32 *, BYTE **, UINT32 *, BYTE **); +TSS_RESULT RPC_Quote2(TSS_HCONTEXT, TCS_KEY_HANDLE, TCPA_NONCE *, UINT32, BYTE *, TSS_BOOL, TPM_AUTH *, + UINT32 *, BYTE **, UINT32 *, BYTE **, UINT32 *, BYTE **); +TSS_RESULT Transport_Quote2(TSS_HCONTEXT, TCS_KEY_HANDLE, TCPA_NONCE *, UINT32, BYTE *, TSS_BOOL, + TPM_AUTH *, UINT32 *, BYTE **, UINT32 *, BYTE **, UINT32 *, BYTE **); +TSS_RESULT RPC_Extend(TSS_HCONTEXT, TCPA_PCRINDEX, TCPA_DIGEST, TCPA_PCRVALUE *); +TSS_RESULT Transport_Extend(TSS_HCONTEXT, TCPA_PCRINDEX, TCPA_DIGEST, TCPA_PCRVALUE *); +TSS_RESULT RPC_DirWriteAuth(TSS_HCONTEXT, TCPA_DIRINDEX, TCPA_DIRVALUE *, TPM_AUTH *); +TSS_RESULT Transport_DirWriteAuth(TSS_HCONTEXT, TCPA_DIRINDEX, TCPA_DIRVALUE *, TPM_AUTH *); +TSS_RESULT RPC_DirRead(TSS_HCONTEXT, TCPA_DIRINDEX, TCPA_DIRVALUE *); +TSS_RESULT Transport_DirRead(TSS_HCONTEXT, TCPA_DIRINDEX, TCPA_DIRVALUE *); +TSS_RESULT RPC_LogPcrEvent(TSS_HCONTEXT, TSS_PCR_EVENT, UINT32 *); +TSS_RESULT RPC_EvictKey(TSS_HCONTEXT, TCS_KEY_HANDLE); +TSS_RESULT Transport_EvictKey(TSS_HCONTEXT, TCS_KEY_HANDLE); +TSS_RESULT RPC_CreateMaintenanceArchive(TSS_HCONTEXT, TSS_BOOL, TPM_AUTH *, UINT32 *, BYTE **, UINT32 *, BYTE **); +TSS_RESULT Transport_CreateMaintenanceArchive(TSS_HCONTEXT, TSS_BOOL, TPM_AUTH *, UINT32 *, BYTE **, UINT32 *, BYTE **); +TSS_RESULT RPC_KillMaintenanceFeature(TSS_HCONTEXT, TPM_AUTH *); +TSS_RESULT Transport_KillMaintenanceFeature(TSS_HCONTEXT, TPM_AUTH *); +TSS_RESULT RPC_LoadMaintenanceArchive(TSS_HCONTEXT, UINT32, BYTE *, TPM_AUTH *, UINT32 *, BYTE **); +TSS_RESULT Transport_LoadMaintenanceArchive(TSS_HCONTEXT, UINT32, BYTE *, TPM_AUTH *, UINT32 *, BYTE **); +TSS_RESULT RPC_LoadManuMaintPub(TSS_HCONTEXT, TCPA_NONCE, UINT32, BYTE *, TCPA_DIGEST *); +TSS_RESULT Transport_LoadManuMaintPub(TSS_HCONTEXT, TCPA_NONCE, UINT32, BYTE *, TCPA_DIGEST *); +TSS_RESULT RPC_ReadManuMaintPub(TSS_HCONTEXT, TCPA_NONCE, TCPA_DIGEST *); +TSS_RESULT Transport_ReadManuMaintPub(TSS_HCONTEXT, TCPA_NONCE, TCPA_DIGEST *); +TSS_RESULT RPC_DaaJoin(TSS_HCONTEXT, TPM_HANDLE, BYTE, UINT32, BYTE *, UINT32, BYTE *, + TPM_AUTH *, UINT32 *, BYTE **); +TSS_RESULT RPC_DaaSign(TSS_HCONTEXT, TPM_HANDLE, BYTE, UINT32, BYTE *, UINT32, BYTE *, + TPM_AUTH *, UINT32 *, BYTE **); +TSS_RESULT RPC_ReadCounter(TSS_HCONTEXT, TSS_COUNTER_ID, TPM_COUNTER_VALUE *); +TSS_RESULT Transport_ReadCounter(TSS_HCONTEXT, TSS_COUNTER_ID, TPM_COUNTER_VALUE *); +TSS_RESULT RPC_CreateCounter(TSS_HCONTEXT, UINT32, BYTE *, TPM_ENCAUTH, TPM_AUTH *, + TSS_COUNTER_ID *, TPM_COUNTER_VALUE *); +TSS_RESULT RPC_IncrementCounter(TSS_HCONTEXT, TSS_COUNTER_ID, TPM_AUTH *, TPM_COUNTER_VALUE *); +TSS_RESULT RPC_ReleaseCounter(TSS_HCONTEXT, TSS_COUNTER_ID, TPM_AUTH *); +TSS_RESULT RPC_ReleaseCounterOwner(TSS_HCONTEXT, TSS_COUNTER_ID, TPM_AUTH *); +TSS_RESULT RPC_ReadCurrentTicks(TSS_HCONTEXT, UINT32 *, BYTE **); +TSS_RESULT Transport_ReadCurrentTicks(TSS_HCONTEXT, UINT32 *, BYTE **); +TSS_RESULT RPC_TickStampBlob(TSS_HCONTEXT, TCS_KEY_HANDLE, TPM_NONCE *, TPM_DIGEST *, TPM_AUTH *, UINT32 *, BYTE **, UINT32 *, BYTE **); +TSS_RESULT Transport_TickStampBlob(TSS_HCONTEXT, TCS_KEY_HANDLE, TPM_NONCE *, TPM_DIGEST *, TPM_AUTH *, UINT32 *, BYTE **, UINT32 *, BYTE **); +TSS_RESULT RPC_EstablishTransport(TSS_HCONTEXT, UINT32, TCS_KEY_HANDLE, UINT32, BYTE *, UINT32, BYTE *, TPM_AUTH *, TPM_MODIFIER_INDICATOR *, TCS_HANDLE *, UINT32 *, BYTE **, TPM_NONCE *); +TSS_RESULT RPC_ExecuteTransport(TSS_HCONTEXT, TPM_COMMAND_CODE, UINT32, BYTE *, UINT32 *, TCS_HANDLE **, TPM_AUTH *, TPM_AUTH *, TPM_AUTH *, UINT64 *, TPM_MODIFIER_INDICATOR *, TPM_RESULT *, UINT32 *, BYTE **); +TSS_RESULT RPC_ReleaseTransportSigned(TSS_HCONTEXT, TCS_KEY_HANDLE, TPM_NONCE *, TPM_AUTH *, TPM_AUTH *, TPM_MODIFIER_INDICATOR *, UINT32 *, BYTE **, UINT32 *, BYTE **); +TSS_RESULT RPC_NV_DefineOrReleaseSpace(TSS_HCONTEXT, UINT32, BYTE *, TCPA_ENCAUTH, TPM_AUTH *); +TSS_RESULT Transport_NV_DefineOrReleaseSpace(TSS_HCONTEXT, UINT32, BYTE *, TCPA_ENCAUTH, TPM_AUTH *); +TSS_RESULT RPC_NV_WriteValue(TSS_HCONTEXT, TSS_NV_INDEX, UINT32, UINT32, BYTE *, TPM_AUTH *); +TSS_RESULT Transport_NV_WriteValue(TSS_HCONTEXT, TSS_NV_INDEX, UINT32, UINT32, BYTE *, TPM_AUTH *); +TSS_RESULT RPC_NV_WriteValueAuth(TSS_HCONTEXT, TSS_NV_INDEX, UINT32, UINT32, BYTE *, TPM_AUTH *); +TSS_RESULT Transport_NV_WriteValueAuth(TSS_HCONTEXT, TSS_NV_INDEX, UINT32, UINT32, BYTE *, TPM_AUTH *); +TSS_RESULT RPC_NV_ReadValue(TSS_HCONTEXT, TSS_NV_INDEX, UINT32, UINT32 *, TPM_AUTH *, BYTE **); +TSS_RESULT Transport_NV_ReadValue(TSS_HCONTEXT, TSS_NV_INDEX, UINT32, UINT32 *, TPM_AUTH *, BYTE **); +TSS_RESULT RPC_NV_ReadValueAuth(TSS_HCONTEXT, TSS_NV_INDEX, UINT32, UINT32 *, TPM_AUTH *, BYTE **); +TSS_RESULT Transport_NV_ReadValueAuth(TSS_HCONTEXT, TSS_NV_INDEX, UINT32, UINT32 *, TPM_AUTH *, BYTE **); +TSS_RESULT RPC_SetOrdinalAuditStatus(TSS_HCONTEXT, TPM_AUTH *, UINT32, TSS_BOOL); +TSS_RESULT Transport_SetOrdinalAuditStatus(TSS_HCONTEXT, TPM_AUTH *, UINT32, TSS_BOOL); +TSS_RESULT RPC_GetAuditDigest(TSS_HCONTEXT, UINT32, TPM_DIGEST *, UINT32 *, BYTE **, TSS_BOOL *, UINT32 *, UINT32 **); +TSS_RESULT Transport_GetAuditDigest(TSS_HCONTEXT, UINT32, TPM_DIGEST *, UINT32 *, BYTE **, TSS_BOOL *, UINT32 *, UINT32 **); +TSS_RESULT RPC_GetAuditDigestSigned(TSS_HCONTEXT, TCS_KEY_HANDLE, TSS_BOOL, TPM_NONCE *, + TPM_AUTH *, UINT32 *, BYTE **, TPM_DIGEST *, TPM_DIGEST *, + UINT32 *, BYTE **); +TSS_RESULT Transport_GetAuditDigestSigned(TSS_HCONTEXT, TCS_KEY_HANDLE, TSS_BOOL, TPM_NONCE *, + TPM_AUTH *, UINT32 *, BYTE **, TPM_DIGEST *, TPM_DIGEST *, + UINT32 *, BYTE **); +TSS_RESULT RPC_SetOperatorAuth(TSS_HCONTEXT, TCPA_SECRET *); +TSS_RESULT Transport_SetOperatorAuth(TSS_HCONTEXT, TCPA_SECRET *); +TSS_RESULT RPC_OwnerReadInternalPub(TSS_HCONTEXT, TCS_KEY_HANDLE, TPM_AUTH *, UINT32 *, BYTE **); +TSS_RESULT Transport_OwnerReadInternalPub(TSS_HCONTEXT, TCS_KEY_HANDLE, TPM_AUTH *, UINT32 *, BYTE **); +TSS_RESULT RPC_KeyControlOwner(TCS_CONTEXT_HANDLE, TCS_KEY_HANDLE, UINT32, BYTE *, UINT32, TSS_BOOL, TPM_AUTH *, TSS_UUID *); +TSS_RESULT RPC_GetCredential(TSS_HCONTEXT, UINT32, UINT32, UINT32 *, BYTE **); +TSS_RESULT RPC_GetCapabilitySigned(TSS_HCONTEXT, TCS_KEY_HANDLE, TCPA_NONCE, TCPA_CAPABILITY_AREA, UINT32, BYTE *, TPM_AUTH *, TCPA_VERSION *, UINT32 *, BYTE **, UINT32 *, BYTE **); +TSS_RESULT RPC_FieldUpgrade(TSS_HCONTEXT, UINT32, BYTE *, UINT32 *, BYTE **, TPM_AUTH *); +TSS_RESULT RPC_SetRedirection(TSS_HCONTEXT, TCS_KEY_HANDLE, UINT32, UINT32, TPM_AUTH *); +TSS_RESULT RPC_Delegate_Manage(TSS_HCONTEXT, TPM_FAMILY_ID, TPM_FAMILY_OPERATION, UINT32, BYTE *, TPM_AUTH *, UINT32 *, BYTE **); +TSS_RESULT Transport_Delegate_Manage(TSS_HCONTEXT, TPM_FAMILY_ID, TPM_FAMILY_OPERATION, UINT32, BYTE *, TPM_AUTH *, UINT32 *, BYTE **); +TSS_RESULT RPC_Delegate_CreateKeyDelegation(TSS_HCONTEXT, TCS_KEY_HANDLE, UINT32, BYTE *, TPM_ENCAUTH *, TPM_AUTH *, UINT32 *, BYTE **); +TSS_RESULT Transport_Delegate_CreateKeyDelegation(TSS_HCONTEXT, TCS_KEY_HANDLE, UINT32, BYTE *, TPM_ENCAUTH *, TPM_AUTH *, UINT32 *, BYTE **); +TSS_RESULT RPC_Delegate_CreateOwnerDelegation(TSS_HCONTEXT, TSS_BOOL, UINT32, BYTE *, TPM_ENCAUTH *, TPM_AUTH *, UINT32 *, BYTE **); +TSS_RESULT Transport_Delegate_CreateOwnerDelegation(TSS_HCONTEXT, TSS_BOOL, UINT32, BYTE *, TPM_ENCAUTH *, TPM_AUTH *, UINT32 *, BYTE **); +TSS_RESULT RPC_Delegate_LoadOwnerDelegation(TSS_HCONTEXT, TPM_DELEGATE_INDEX, UINT32, BYTE *, TPM_AUTH *); +TSS_RESULT Transport_Delegate_LoadOwnerDelegation(TSS_HCONTEXT, TPM_DELEGATE_INDEX, UINT32, BYTE *, TPM_AUTH *); +TSS_RESULT RPC_Delegate_ReadTable(TSS_HCONTEXT, UINT32 *, BYTE **, UINT32 *, BYTE **); +TSS_RESULT Transport_Delegate_ReadTable(TSS_HCONTEXT, UINT32 *, BYTE **, UINT32 *, BYTE **); +TSS_RESULT RPC_Delegate_UpdateVerificationCount(TSS_HCONTEXT, UINT32, BYTE *, TPM_AUTH *, UINT32 *, BYTE **); +TSS_RESULT Transport_Delegate_UpdateVerificationCount(TSS_HCONTEXT, UINT32, BYTE *, TPM_AUTH *, UINT32 *, BYTE **); +TSS_RESULT RPC_Delegate_VerifyDelegation(TSS_HCONTEXT, UINT32, BYTE *); +TSS_RESULT Transport_Delegate_VerifyDelegation(TSS_HCONTEXT, UINT32, BYTE *); +TSS_RESULT RPC_DSAP(TSS_HCONTEXT, TPM_ENTITY_TYPE, TCS_KEY_HANDLE, TPM_NONCE *, UINT32, BYTE *, TCS_AUTHHANDLE *, TPM_NONCE *, TPM_NONCE *); +TSS_RESULT Transport_DSAP(TSS_HCONTEXT, TPM_ENTITY_TYPE, TCS_KEY_HANDLE, TPM_NONCE *, UINT32, BYTE *, TCS_AUTHHANDLE *, TPM_NONCE *, TPM_NONCE *); +TSS_RESULT RPC_CMK_SetRestrictions(TSS_HCONTEXT, TSS_CMK_DELEGATE, TPM_AUTH *); +TSS_RESULT Transport_CMK_SetRestrictions(TSS_HCONTEXT, TSS_CMK_DELEGATE, TPM_AUTH *); +TSS_RESULT RPC_CMK_ApproveMA(TSS_HCONTEXT, TPM_DIGEST, TPM_AUTH *, TPM_HMAC *); +TSS_RESULT Transport_CMK_ApproveMA(TSS_HCONTEXT, TPM_DIGEST, TPM_AUTH *, TPM_HMAC *); +TSS_RESULT RPC_CMK_CreateKey(TSS_HCONTEXT, TCS_KEY_HANDLE, TPM_ENCAUTH *, TPM_HMAC *, TPM_DIGEST *, UINT32 *, BYTE **, TPM_AUTH *); +TSS_RESULT Transport_CMK_CreateKey(TSS_HCONTEXT, TCS_KEY_HANDLE, TPM_ENCAUTH, TPM_HMAC, TPM_DIGEST, UINT32 *, BYTE **, TPM_AUTH *); +TSS_RESULT RPC_CMK_CreateTicket(TSS_HCONTEXT, UINT32, BYTE *, TPM_DIGEST, UINT32, BYTE *, TPM_AUTH *, TPM_HMAC *); +TSS_RESULT Transport_CMK_CreateTicket(TSS_HCONTEXT, UINT32, BYTE *, TPM_DIGEST, UINT32, BYTE *, TPM_AUTH *, TPM_HMAC *); +TSS_RESULT RPC_CMK_CreateBlob(TSS_HCONTEXT, TCS_KEY_HANDLE, TSS_MIGRATE_SCHEME, UINT32, BYTE *, TPM_DIGEST, UINT32, BYTE *, UINT32, BYTE *, UINT32, BYTE *, UINT32, BYTE *, TPM_AUTH *, UINT32 *, BYTE **, UINT32 *, BYTE **); +TSS_RESULT Transport_CMK_CreateBlob(TSS_HCONTEXT, TCS_KEY_HANDLE, TSS_MIGRATE_SCHEME, UINT32, BYTE *, TPM_DIGEST, UINT32, BYTE *, UINT32, BYTE *, UINT32, BYTE *, UINT32, BYTE *, TPM_AUTH *, UINT32 *, BYTE **, UINT32 *, BYTE **); +TSS_RESULT RPC_CMK_ConvertMigration(TSS_HCONTEXT, TCS_KEY_HANDLE, TPM_CMK_AUTH, TPM_HMAC, UINT32, BYTE *, UINT32, BYTE *, UINT32, BYTE *, TPM_AUTH *, UINT32 *, BYTE **); +TSS_RESULT Transport_CMK_ConvertMigration(TSS_HCONTEXT, TCS_KEY_HANDLE, TPM_CMK_AUTH, TPM_HMAC, UINT32, BYTE *, UINT32, BYTE *, UINT32, BYTE *, TPM_AUTH *, UINT32 *, BYTE **); +TSS_RESULT RPC_FlushSpecific(TSS_HCONTEXT, TCS_HANDLE, TPM_RESOURCE_TYPE); +TSS_RESULT Transport_FlushSpecific(TSS_HCONTEXT, TCS_HANDLE, TPM_RESOURCE_TYPE); + +TSS_RESULT RPC_Error(TSS_HCONTEXT, ...); + +struct tcs_api_table { +#ifdef TSS_BUILD_KEY + TSS_RESULT (*LoadKeyByBlob)(TSS_HCONTEXT, TCS_KEY_HANDLE, UINT32, BYTE *, TPM_AUTH *, + TCS_KEY_HANDLE *, TCS_KEY_HANDLE *); + TSS_RESULT (*EvictKey)(TSS_HCONTEXT, TCS_KEY_HANDLE); + TSS_RESULT (*CreateWrapKey)(TSS_HCONTEXT, TCS_KEY_HANDLE, TCPA_ENCAUTH *, TCPA_ENCAUTH *, + UINT32, BYTE *, UINT32 *, BYTE **, TPM_AUTH *); + TSS_RESULT (*GetPubKey)(TSS_HCONTEXT, TCS_KEY_HANDLE, TPM_AUTH *, UINT32 *, BYTE **); + TSS_RESULT (*OwnerReadInternalPub)(TSS_HCONTEXT, TCS_KEY_HANDLE, TPM_AUTH*, UINT32*, + BYTE**); +#ifdef TSS_BUILD_CERTIFY + TSS_RESULT (*CertifyKey)(TSS_HCONTEXT, TCS_KEY_HANDLE, TCS_KEY_HANDLE, TPM_NONCE *, + TPM_AUTH *, TPM_AUTH *, UINT32 *, BYTE **, UINT32 *, BYTE **); +#endif +#endif +#ifdef TSS_BUILD_OWN + TSS_RESULT (*OwnerClear)(TSS_HCONTEXT, TPM_AUTH *); + TSS_RESULT (*ForceClear)(TSS_HCONTEXT); +#endif +#ifdef TSS_BUILD_AUTH + TSS_RESULT (*OIAP)(TSS_HCONTEXT, TCS_AUTHHANDLE *, TCPA_NONCE *); + TSS_RESULT (*OSAP)(TSS_HCONTEXT, TCPA_ENTITY_TYPE, UINT32, TPM_NONCE *, TCS_AUTHHANDLE *, + TCPA_NONCE *, TCPA_NONCE *); + TSS_RESULT (*TerminateHandle)(TSS_HCONTEXT, TCS_AUTHHANDLE); +#endif +#ifdef TSS_BUILD_CHANGEAUTH + TSS_RESULT (*ChangeAuth)(TSS_HCONTEXT, TCS_KEY_HANDLE, TCPA_PROTOCOL_ID, TCPA_ENCAUTH *, + TCPA_ENTITY_TYPE, UINT32, BYTE *, TPM_AUTH *, TPM_AUTH *, UINT32 *, + BYTE **); + TSS_RESULT (*ChangeAuthOwner)(TSS_HCONTEXT, TCPA_PROTOCOL_ID, TCPA_ENCAUTH *, + TCPA_ENTITY_TYPE, TPM_AUTH *); + TSS_RESULT (*ChangeAuthAsymStart)(TSS_HCONTEXT, TCS_KEY_HANDLE, TCPA_NONCE, UINT32, BYTE *, + TPM_AUTH *, UINT32 *, BYTE **, UINT32 *, BYTE **, + UINT32 *, BYTE **, TCS_KEY_HANDLE *); + TSS_RESULT (*ChangeAuthAsymFinish)(TSS_HCONTEXT, TCS_KEY_HANDLE, TCS_KEY_HANDLE, + TCPA_ENTITY_TYPE, TCPA_HMAC, UINT32, BYTE *, UINT32, + BYTE *, TPM_AUTH *, UINT32 *, BYTE **, TPM_NONCE *, + TCPA_DIGEST *); +#endif +#ifdef TSS_BUILD_AIK + TSS_RESULT (*ActivateTPMIdentity)(TSS_HCONTEXT, TCS_KEY_HANDLE, UINT32, BYTE *, TPM_AUTH *, + TPM_AUTH *, UINT32 *, BYTE **); +#endif +#ifdef TSS_BUILD_PCR_EXTEND + TSS_RESULT (*Extend)(TSS_HCONTEXT, TCPA_PCRINDEX, TCPA_DIGEST, TCPA_PCRVALUE *); + TSS_RESULT (*PcrRead)(TSS_HCONTEXT, TCPA_PCRINDEX, TCPA_PCRVALUE *); + TSS_RESULT (*PcrReset)(TSS_HCONTEXT, UINT32, BYTE *); +#endif +#ifdef TSS_BUILD_QUOTE + TSS_RESULT (*Quote)(TSS_HCONTEXT, TCS_KEY_HANDLE, TCPA_NONCE *, UINT32, BYTE *, TPM_AUTH *, + UINT32 *, BYTE **, UINT32 *, BYTE **); +#endif +#ifdef TSS_BUILD_QUOTE2 + TSS_RESULT (*Quote2)(TSS_HCONTEXT, TCS_KEY_HANDLE, TCPA_NONCE *, UINT32, BYTE *, TSS_BOOL, + TPM_AUTH *, UINT32 *, BYTE **, UINT32 *, BYTE **, UINT32 *, BYTE **); +#endif +#ifdef TSS_BUILD_DIR + TSS_RESULT (*DirWriteAuth)(TSS_HCONTEXT, TCPA_DIRINDEX, TCPA_DIRVALUE *, TPM_AUTH *); + TSS_RESULT (*DirRead)(TSS_HCONTEXT, TCPA_DIRINDEX, TCPA_DIRVALUE *); +#endif +#ifdef TSS_BUILD_SEAL + TSS_RESULT (*Seal)(TSS_HCONTEXT, TCS_KEY_HANDLE, TCPA_ENCAUTH *, UINT32, BYTE *, UINT32, + BYTE *, TPM_AUTH *, UINT32 *, BYTE **); + TSS_RESULT (*Sealx)(TSS_HCONTEXT, TCS_KEY_HANDLE, TCPA_ENCAUTH *, UINT32, BYTE *, UINT32, + BYTE *, TPM_AUTH *, UINT32 *, BYTE **); + TSS_RESULT (*Unseal)(TSS_HCONTEXT, TCS_KEY_HANDLE, UINT32, BYTE *, TPM_AUTH *, TPM_AUTH *, + UINT32 *, BYTE **); +#endif +#ifdef TSS_BUILD_BIND + TSS_RESULT (*UnBind)(TSS_HCONTEXT, TCS_KEY_HANDLE, UINT32, BYTE *, TPM_AUTH *, UINT32 *, + BYTE **); +#endif +#ifdef TSS_BUILD_MIGRATION + TSS_RESULT (*CreateMigrationBlob)(TSS_HCONTEXT, TCS_KEY_HANDLE, TCPA_MIGRATE_SCHEME, + UINT32, BYTE *, UINT32, BYTE *, TPM_AUTH *, TPM_AUTH *, + UINT32 *, BYTE **, UINT32 *, BYTE **); + TSS_RESULT (*ConvertMigrationBlob)(TSS_HCONTEXT, TCS_KEY_HANDLE, UINT32, BYTE *, UINT32, + BYTE *, TPM_AUTH *, UINT32 *, BYTE **); + TSS_RESULT (*AuthorizeMigrationKey)(TSS_HCONTEXT, TCPA_MIGRATE_SCHEME, UINT32, BYTE *, + TPM_AUTH *, UINT32 *, BYTE **); +#endif +#ifdef TSS_BUILD_SIGN + TSS_RESULT (*Sign)(TSS_HCONTEXT, TCS_KEY_HANDLE, UINT32, BYTE *, TPM_AUTH *, UINT32 *, + BYTE **); +#endif +#ifdef TSS_BUILD_RANDOM + TSS_RESULT (*GetRandom)(TSS_HCONTEXT, UINT32, BYTE **); + TSS_RESULT (*StirRandom)(TSS_HCONTEXT, UINT32, BYTE *); +#endif +#ifdef TSS_BUILD_CAPS_TPM + TSS_RESULT (*GetTPMCapability)(TSS_HCONTEXT, TCPA_CAPABILITY_AREA, UINT32, BYTE *, UINT32 *, + BYTE **); + TSS_RESULT (*SetCapability)(TSS_HCONTEXT, TCPA_CAPABILITY_AREA, UINT32, BYTE *, UINT32, + BYTE *, TPM_AUTH *); + TSS_RESULT (*GetCapabilityOwner)(TSS_HCONTEXT, TPM_AUTH *, TCPA_VERSION *, UINT32 *, + UINT32 *); +#endif +#ifdef TSS_BUILD_EK + TSS_RESULT (*CreateEndorsementKeyPair)(TSS_HCONTEXT, TCPA_NONCE, UINT32, BYTE *, UINT32 *, + BYTE **, TCPA_DIGEST *); + TSS_RESULT (*ReadPubek)(TSS_HCONTEXT, TCPA_NONCE, UINT32 *, BYTE **, TCPA_DIGEST *); + TSS_RESULT (*OwnerReadPubek)(TSS_HCONTEXT, TPM_AUTH *, UINT32 *, BYTE **); +#endif +#ifdef TSS_BUILD_SELFTEST + TSS_RESULT (*SelfTestFull)(TSS_HCONTEXT); + TSS_RESULT (*CertifySelfTest)(TSS_HCONTEXT, TCS_KEY_HANDLE, TCPA_NONCE, TPM_AUTH *, + UINT32 *, BYTE **); + TSS_RESULT (*GetTestResult)(TSS_HCONTEXT, UINT32 *, BYTE **); +#endif +#ifdef TSS_BUILD_ADMIN + TSS_RESULT (*DisablePubekRead)(TSS_HCONTEXT, TPM_AUTH *); + TSS_RESULT (*SetOwnerInstall)(TSS_HCONTEXT, TSS_BOOL); + TSS_RESULT (*OwnerSetDisable)(TSS_HCONTEXT, TSS_BOOL, TPM_AUTH *); + TSS_RESULT (*ResetLockValue)(TSS_HCONTEXT, TPM_AUTH *); + TSS_RESULT (*DisableOwnerClear)(TSS_HCONTEXT, TPM_AUTH *); + TSS_RESULT (*DisableForceClear)(TSS_HCONTEXT); + TSS_RESULT (*PhysicalDisable)(TSS_HCONTEXT); + TSS_RESULT (*PhysicalEnable)(TSS_HCONTEXT); + TSS_RESULT (*PhysicalSetDeactivated)(TSS_HCONTEXT, TSS_BOOL); + TSS_RESULT (*PhysicalPresence)(TSS_HCONTEXT, TCPA_PHYSICAL_PRESENCE); + TSS_RESULT (*SetTempDeactivated)(TSS_HCONTEXT); + TSS_RESULT (*SetTempDeactivated2)(TSS_HCONTEXT, TPM_AUTH *); +#endif +#ifdef TSS_BUILD_MAINT + TSS_RESULT (*CreateMaintenanceArchive)(TSS_HCONTEXT, TSS_BOOL, TPM_AUTH *, UINT32 *, + BYTE **, UINT32 *, BYTE **); + TSS_RESULT (*LoadMaintenanceArchive)(TSS_HCONTEXT, UINT32, BYTE *, TPM_AUTH *, UINT32 *, + BYTE **); + TSS_RESULT (*KillMaintenanceFeature)(TSS_HCONTEXT, TPM_AUTH *); + TSS_RESULT (*LoadManuMaintPub)(TSS_HCONTEXT, TCPA_NONCE, UINT32, BYTE *, TCPA_DIGEST *); + TSS_RESULT (*ReadManuMaintPub)(TSS_HCONTEXT, TCPA_NONCE, TCPA_DIGEST *); +#endif +#ifdef TSS_BUILD_DAA + TSS_RESULT (*DaaJoin)(TSS_HCONTEXT, TPM_HANDLE, BYTE, UINT32, BYTE*, UINT32, BYTE*, + TPM_AUTH*, UINT32*, BYTE**); + TSS_RESULT (*DaaSign)(TSS_HCONTEXT, TPM_HANDLE, BYTE, UINT32, BYTE*, UINT32, BYTE*, + TPM_AUTH*, UINT32*, BYTE**); +#endif +#ifdef TSS_BUILD_COUNTER + TSS_RESULT (*ReadCounter)(TSS_HCONTEXT, TSS_COUNTER_ID, TPM_COUNTER_VALUE*); + TSS_RESULT (*CreateCounter)(TSS_HCONTEXT, UINT32, BYTE*, TPM_ENCAUTH, TPM_AUTH*, + TSS_COUNTER_ID*, TPM_COUNTER_VALUE*); + TSS_RESULT (*IncrementCounter)(TSS_HCONTEXT, TSS_COUNTER_ID, TPM_AUTH*, TPM_COUNTER_VALUE*); + TSS_RESULT (*ReleaseCounter)(TSS_HCONTEXT, TSS_COUNTER_ID, TPM_AUTH*); + TSS_RESULT (*ReleaseCounterOwner)(TSS_HCONTEXT, TSS_COUNTER_ID, TPM_AUTH*); +#endif +#ifdef TSS_BUILD_TICK + TSS_RESULT (*ReadCurrentTicks)(TSS_HCONTEXT, UINT32*, BYTE**); + TSS_RESULT (*TickStampBlob)(TSS_HCONTEXT, TCS_KEY_HANDLE, TPM_NONCE*, TPM_DIGEST*, + TPM_AUTH*, UINT32*, BYTE**,UINT32*, BYTE**); +#endif +#ifdef TSS_BUILD_NV + TSS_RESULT (*NV_DefineOrReleaseSpace)(TSS_HCONTEXT, UINT32, BYTE*, TCPA_ENCAUTH, TPM_AUTH*); + TSS_RESULT (*NV_WriteValue)(TSS_HCONTEXT, TSS_NV_INDEX, UINT32, UINT32, BYTE*, TPM_AUTH*); + TSS_RESULT (*NV_WriteValueAuth)(TSS_HCONTEXT, TSS_NV_INDEX, UINT32, UINT32, BYTE*, + TPM_AUTH*); + TSS_RESULT (*NV_ReadValue)(TSS_HCONTEXT, TSS_NV_INDEX, UINT32, UINT32*, TPM_AUTH*, BYTE**); + TSS_RESULT (*NV_ReadValueAuth)(TSS_HCONTEXT, TSS_NV_INDEX, UINT32, UINT32*, TPM_AUTH*, + BYTE**); +#endif +#ifdef TSS_BUILD_AUDIT + TSS_RESULT (*SetOrdinalAuditStatus)(TSS_HCONTEXT, TPM_AUTH *, UINT32, TSS_BOOL); + TSS_RESULT (*GetAuditDigest)(TSS_HCONTEXT, UINT32, TPM_DIGEST *, UINT32 *, BYTE **, + TSS_BOOL *, UINT32 *, UINT32 **); + TSS_RESULT (*GetAuditDigestSigned)(TSS_HCONTEXT, TCS_KEY_HANDLE, TSS_BOOL, TPM_NONCE *, + TPM_AUTH *, UINT32 *, BYTE **, TPM_DIGEST *, + TPM_DIGEST *, UINT32 *, BYTE **); +#endif +#ifdef TSS_BUILD_TSS12 + TSS_RESULT (*SetOperatorAuth)(TSS_HCONTEXT, TPM_SECRET *); + TSS_RESULT (*FlushSpecific)(TSS_HCONTEXT, TCS_HANDLE, TPM_RESOURCE_TYPE); +#endif +#ifdef TSS_BUILD_DELEGATION + TSS_RESULT (*Delegate_Manage)(TSS_HCONTEXT, TPM_FAMILY_ID, TPM_FAMILY_OPERATION, UINT32, + BYTE *, TPM_AUTH *, UINT32 *, BYTE **); + TSS_RESULT (*Delegate_CreateKeyDelegation)(TSS_HCONTEXT, TCS_KEY_HANDLE, UINT32, BYTE *, + TPM_ENCAUTH *, TPM_AUTH *, UINT32 *, BYTE **); + TSS_RESULT (*Delegate_CreateOwnerDelegation)(TSS_HCONTEXT, TSS_BOOL, UINT32, BYTE *, + TPM_ENCAUTH *, TPM_AUTH *, UINT32 *, BYTE **); + TSS_RESULT (*Delegate_LoadOwnerDelegation)(TSS_HCONTEXT, TPM_DELEGATE_INDEX, UINT32, BYTE *, + TPM_AUTH *); + TSS_RESULT (*Delegate_ReadTable)(TSS_HCONTEXT, UINT32 *, BYTE **, UINT32 *, BYTE **); + TSS_RESULT (*Delegate_UpdateVerificationCount)(TSS_HCONTEXT, UINT32, BYTE *, TPM_AUTH *, + UINT32 *, BYTE **); + TSS_RESULT (*Delegate_VerifyDelegation)(TSS_HCONTEXT, UINT32, BYTE *); + TSS_RESULT (*DSAP)(TSS_HCONTEXT, TPM_ENTITY_TYPE, TCS_KEY_HANDLE, TPM_NONCE *, UINT32, + BYTE *, TCS_AUTHHANDLE *, TPM_NONCE *, TPM_NONCE *); +#endif + TSS_RESULT (*FieldUpgrade)(TSS_HCONTEXT, UINT32, BYTE *, UINT32 *, BYTE **, TPM_AUTH *); + TSS_RESULT (*SetRedirection)(TSS_HCONTEXT, TCS_KEY_HANDLE, UINT32, UINT32, TPM_AUTH *); +}; + +extern struct tcs_api_table tcs_normal_api; +#ifdef TSS_BUILD_TRANSPORT +extern struct tcs_api_table tcs_transport_api; +#endif + +#endif diff --git a/src/include/tcs_aik.h b/src/include/tcs_aik.h new file mode 100644 index 0000000..af49eae --- /dev/null +++ b/src/include/tcs_aik.h @@ -0,0 +1,16 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2006-2007 + * + */ + +#ifndef _TCS_AIK_H_ +#define _TCS_AIK_H_ + +void get_credential(UINT32, UINT32 *, BYTE **); + +#endif diff --git a/src/include/tcs_context.h b/src/include/tcs_context.h new file mode 100644 index 0000000..c72944f --- /dev/null +++ b/src/include/tcs_context.h @@ -0,0 +1,36 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + +#ifndef _TCS_CONTEXT_H_ +#define _TCS_CONTEXT_H_ + +#include "threads.h" + +struct keys_loaded +{ + TCS_KEY_HANDLE key_handle; + struct keys_loaded *next; +}; + +#define TSS_CONTEXT_FLAG_TRANSPORT_EXCLUSIVE 0x1 +#define TSS_CONTEXT_FLAG_TRANSPORT_ENCRYPTED 0x2 +#define TSS_CONTEXT_FLAG_TRANSPORT_ENABLED 0x4 + +struct tcs_context { + TSS_FLAG flags; + TPM_TRANSHANDLE transHandle; + TCS_CONTEXT_HANDLE handle; + COND_VAR cond; /* used in waiting for an auth ctx to become available */ + struct keys_loaded *keys; + struct tcs_context *next; +}; + +#endif + diff --git a/src/include/tcs_int_literals.h b/src/include/tcs_int_literals.h new file mode 100644 index 0000000..8f06432 --- /dev/null +++ b/src/include/tcs_int_literals.h @@ -0,0 +1,28 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + +#ifndef _TCS_INT_LITERALS_H_ +#define _TCS_INT_LITERALS_H_ + +#define TPM_VENDOR_UNKNOWN 0 +#define TPM_VENDOR_ATMEL 1 +#define TPM_VENDOR_IFX 2 +#define TPM_VENDOR_NATL 3 + +#define TPM_PARAMSIZE_OFFSET 0x02 + +#define NULL_TPM_HANDLE ((TCPA_KEY_HANDLE)-1) +#define NULL_TCS_HANDLE ((TCS_KEY_HANDLE)-1) +#define SRK_TPM_HANDLE (0x40000000) +#define EK_TPM_HANDLE (0x40000001) + +#define FIXED_TCS_MANUFACTURER "IBM " + +#endif diff --git a/src/include/tcs_key_ps.h b/src/include/tcs_key_ps.h new file mode 100644 index 0000000..42cba89 --- /dev/null +++ b/src/include/tcs_key_ps.h @@ -0,0 +1,29 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#ifndef _TCS_KEY_PS_H_ +#define _TCS_KEY_PS_H_ + +TSS_RESULT ps_init_disk_cache(); +void ps_close_disk_cache(); +TSS_BOOL ps_is_key_registered(TCPA_STORE_PUBKEY *); +TSS_RESULT getParentUUIDByUUID(TSS_UUID *, TSS_UUID *); +TSS_RESULT isUUIDRegistered(TSS_UUID *, TSS_BOOL *); +void disk_cache_shift(struct key_disk_cache *); +TSS_RESULT ps_remove_key(TSS_UUID *); +TSS_RESULT clean_disk_cache(int); +TSS_RESULT ps_get_key_by_uuid(TSS_UUID *, BYTE *, UINT16 *); +TSS_RESULT ps_get_key_by_cache_entry(struct key_disk_cache *, BYTE *, UINT16 *); +TSS_RESULT ps_is_pub_registered(TCPA_STORE_PUBKEY *); +TSS_RESULT ps_get_uuid_by_pub(TCPA_STORE_PUBKEY *, TSS_UUID **); +TSS_RESULT ps_get_key_by_pub(TCPA_STORE_PUBKEY *, UINT32 *, BYTE **); +TSS_RESULT ps_write_key(TSS_UUID *, TSS_UUID *, BYTE *, UINT32, BYTE *, UINT32); + +#endif diff --git a/src/include/tcs_tsp.h b/src/include/tcs_tsp.h new file mode 100644 index 0000000..fdca21e --- /dev/null +++ b/src/include/tcs_tsp.h @@ -0,0 +1,98 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + + +#ifndef _TCS_TSP_H_ +#define _TCS_TSP_H_ + +/* Structures and defines needed to be known by the + * TSP layer and the TCS layer. + */ + +/* + * disk store format: + * + * [type name ] cached? + * -------------------------------------- + * [BYTE TrouSerS PS version] no + * [UINT32 num_keys_on_disk ] no + * [TSS_UUID uuid0 ] yes + * [TSS_UUID uuid_parent0 ] yes + * [UINT16 pub_data_size0 ] yes + * [UINT16 blob_size0 ] yes + * [UINT32 vendor_data_size0 ] yes + * [UINT16 cache_flags0 ] yes + * [BYTE[] pub_data0 ] no + * [BYTE[] blob0 ] no + * [BYTE[] vendor_data0 ] no + * [...] + * + */ + + +/* + * PS disk cache flags + */ +/* A key may be written to disk, in cache and yet be invalid if it has + * since been unregistered. */ +#define CACHE_FLAG_VALID 0x0001 +/* set if the key's parent is stored in system PS */ +#define CACHE_FLAG_PARENT_PS_SYSTEM 0x0002 + +/* the structure that makes up the in-memory PS disk cache */ +struct key_disk_cache +{ + unsigned int offset; + UINT16 pub_data_size; + UINT16 blob_size; + UINT16 flags; + UINT32 vendor_data_size; + TSS_UUID uuid; + TSS_UUID parent_uuid; + struct key_disk_cache *next; +}; + +/* The current PS version */ +#define TSSPS_VERSION 1 + +/* offsets into each key on disk. These should be passed a (struct key_disk_cache *) */ +#define TSSPS_VERSION_OFFSET (0) +#define TSSPS_NUM_KEYS_OFFSET (TSSPS_VERSION_OFFSET + sizeof(BYTE)) +#define TSSPS_KEYS_OFFSET (TSSPS_NUM_KEYS_OFFSET + sizeof(UINT32)) +#define TSSPS_UUID_OFFSET(c) ((c)->offset) +#define TSSPS_PARENT_UUID_OFFSET(c) ((c)->offset + sizeof(TSS_UUID)) +#define TSSPS_PUB_DATA_SIZE_OFFSET(c) ((c)->offset + (2 * sizeof(TSS_UUID))) +#define TSSPS_BLOB_SIZE_OFFSET(c) ((c)->offset + (2 * sizeof(TSS_UUID)) + sizeof(UINT16)) +#define TSSPS_VENDOR_SIZE_OFFSET(c) ((c)->offset + (2 * sizeof(TSS_UUID)) + (2 * sizeof(UINT16))) +#define TSSPS_CACHE_FLAGS_OFFSET(c) ((c)->offset + (2 * sizeof(TSS_UUID)) + (2 * sizeof(UINT16)) + sizeof(UINT32)) +#define TSSPS_PUB_DATA_OFFSET(c) ((c)->offset + (2 * sizeof(TSS_UUID)) + (3 * sizeof(UINT16)) + sizeof(UINT32)) +#define TSSPS_BLOB_DATA_OFFSET(c) ((c)->offset + (2 * sizeof(TSS_UUID)) + (3 * sizeof(UINT16)) + sizeof(UINT32) + (c)->pub_data_size) +#define TSSPS_VENDOR_DATA_OFFSET(c) ((c)->offset + (2 * sizeof(TSS_UUID)) + (3 * sizeof(UINT16)) + sizeof(UINT32) + (c)->pub_data_size + (c)->blob_size) + +/* XXX Get rid of this, there's no reason to set an arbitrary limit */ +#define MAX_KEY_CHILDREN 10 + +#define STRUCTURE_PACKING_ATTRIBUTE __attribute__((packed)) + +#ifdef TSS_DEBUG +#define DBG_ASSERT(x) assert(x) +#else +#define DBG_ASSERT(x) +#endif + +/* needed by execute transport in the TSP */ +#define TSS_TPM_TXBLOB_HDR_LEN (sizeof(UINT16) + (2 * sizeof(UINT32))) + +#define TSS_TPM_TXBLOB_SIZE (4096) +#define TSS_TXBLOB_WRAPPEDCMD_OFFSET (TSS_TPM_TXBLOB_HDR_LEN + sizeof(UINT32)) +#define TSS_MAX_AUTHS_CAP (1024) +#define TSS_REQ_MGR_MAX_RETRIES (5) + +#endif diff --git a/src/include/tcs_utils.h b/src/include/tcs_utils.h new file mode 100644 index 0000000..0f0f4ce --- /dev/null +++ b/src/include/tcs_utils.h @@ -0,0 +1,1203 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#ifndef _TCS_UTILS_H_ +#define _TCS_UTILS_H_ + +#include + +#include "threads.h" +#include "tcs_context.h" +#include "tcs_tsp.h" +#include "trousers_types.h" + +struct key_mem_cache +{ + TCPA_KEY_HANDLE tpm_handle; + TCS_KEY_HANDLE tcs_handle; + UINT16 flags; + int ref_cnt; + UINT32 time_stamp; + TSS_UUID uuid; + TSS_UUID p_uuid; + TSS_KEY *blob; + struct key_mem_cache *parent; + struct key_mem_cache *next, *prev; +}; + +extern struct key_mem_cache *key_mem_cache_head; +MUTEX_DECLARE_EXTERN(mem_cache_lock); + +struct tpm_properties +{ + UINT32 num_pcrs; + UINT32 num_dirs; + UINT32 num_keys; + UINT32 num_auths; + TSS_BOOL authctx_swap; + TSS_BOOL keyctx_swap; + TPM_VERSION version; + BYTE manufacturer[16]; +}; + +extern struct tpm_properties tpm_metrics; + +#define TPM_VERSION_IS(maj, min) \ + ((tpm_metrics.version.major == maj) && (tpm_metrics.version.minor == min)) + +#define TSS_UUID_IS_OWNEREVICT(uuid) \ + ((!uuid->ulTimeLow) && (!uuid->usTimeMid) && (!uuid->usTimeHigh) && \ + (!uuid->bClockSeqHigh) && (!uuid->bClockSeqLow) && (!uuid->rgbNode[0]) && \ + (!uuid->rgbNode[1]) && (!uuid->rgbNode[2]) && (!uuid->rgbNode[3]) && \ + (uuid->rgbNode[4] == 1)) + +#ifndef MIN +#define MIN(a,b) ((a) < (b) ? (a) : (b)) +#endif +#ifndef MAX +#define MAX(a,b) ((a) > (b) ? (a) : (b)) +#endif + +TSS_RESULT get_tpm_metrics(struct tpm_properties *); + +TSS_RESULT auth_mgr_init(); +TSS_RESULT auth_mgr_final(); +TSS_RESULT auth_mgr_check(TCS_CONTEXT_HANDLE, TPM_AUTHHANDLE *); +TSS_RESULT auth_mgr_release_auth_handle(TCS_AUTHHANDLE, TCS_CONTEXT_HANDLE, TSS_BOOL); +void auth_mgr_release_auth(TPM_AUTH *, TPM_AUTH *, TCS_CONTEXT_HANDLE); +TSS_RESULT auth_mgr_oiap(TCS_CONTEXT_HANDLE, TCS_AUTHHANDLE *, TCPA_NONCE *); +TSS_RESULT auth_mgr_osap(TCS_CONTEXT_HANDLE, TCPA_ENTITY_TYPE, UINT32, TCPA_NONCE, + TCS_AUTHHANDLE *, TCPA_NONCE *, TCPA_NONCE *); +TSS_RESULT auth_mgr_close_context(TCS_CONTEXT_HANDLE); +TSS_RESULT auth_mgr_swap_out(TCS_CONTEXT_HANDLE); +TSS_BOOL auth_mgr_req_new(TCS_CONTEXT_HANDLE); +TSS_RESULT auth_mgr_add(TCS_CONTEXT_HANDLE, TPM_AUTHHANDLE); + +TSS_RESULT event_log_init(); +TSS_RESULT event_log_final(); +TSS_RESULT owner_evict_init(); + +#ifdef TSS_BUILD_PCR_EVENTS +#define EVENT_LOG_init() event_log_init() +#define EVENT_LOG_final() event_log_final() +#else +#define EVENT_LOG_init() (TSS_SUCCESS) +#define EVENT_LOG_final() +#endif + +#define next( x ) x = x->next + +TSS_RESULT key_mgr_dec_ref_count(TCS_KEY_HANDLE); +TSS_RESULT key_mgr_inc_ref_count(TCS_KEY_HANDLE); +void key_mgr_ref_count(); +TSS_RESULT key_mgr_load_by_uuid(TCS_CONTEXT_HANDLE, TSS_UUID *, TCS_LOADKEY_INFO *, + TCS_KEY_HANDLE *); +TSS_RESULT key_mgr_load_by_blob(TCS_CONTEXT_HANDLE, TCS_KEY_HANDLE, UINT32, BYTE *, + TPM_AUTH *, TCS_KEY_HANDLE *, TCS_KEY_HANDLE *); +TSS_RESULT key_mgr_evict(TCS_CONTEXT_HANDLE, TCS_KEY_HANDLE); + + +extern TCS_CONTEXT_HANDLE InternalContext; + +TSS_RESULT mc_update_time_stamp(TCPA_KEY_HANDLE); +TCS_KEY_HANDLE getNextTcsKeyHandle(); +TCPA_STORE_PUBKEY *getParentPubBySlot(TCPA_KEY_HANDLE slot); +TCPA_STORE_PUBKEY *mc_get_pub_by_slot(TCPA_KEY_HANDLE); +TCPA_STORE_PUBKEY *mc_get_pub_by_handle(TCS_KEY_HANDLE); +TSS_UUID *mc_get_uuid_by_pub(TCPA_STORE_PUBKEY *); +TSS_RESULT mc_get_handles_by_uuid(TSS_UUID *, TCS_KEY_HANDLE *, TCPA_KEY_HANDLE *); +TCS_KEY_HANDLE mc_get_handle_by_encdata(BYTE *); +TSS_RESULT mc_update_encdata(BYTE *, BYTE *); +TSS_RESULT mc_find_next_ownerevict_uuid(TSS_UUID *); +TSS_RESULT mc_set_uuid(TCS_KEY_HANDLE, TSS_UUID *); + +TSS_RESULT initDiskCache(void); +void replaceEncData_PS(TSS_UUID, BYTE *encData, BYTE *newEncData); + +TSS_RESULT mc_add_entry(TCS_KEY_HANDLE, TCPA_KEY_HANDLE, TSS_KEY *); +TSS_RESULT mc_add_entry_init(TCS_KEY_HANDLE, TCPA_KEY_HANDLE, TSS_KEY *, TSS_UUID *); +TSS_RESULT mc_remove_entry(TCS_KEY_HANDLE); +TSS_RESULT mc_set_slot_by_slot(TCPA_KEY_HANDLE, TCPA_KEY_HANDLE); +TSS_RESULT mc_set_slot_by_handle(TCS_KEY_HANDLE, TCPA_KEY_HANDLE); +TCPA_KEY_HANDLE mc_get_slot_by_handle(TCS_KEY_HANDLE); +TCPA_KEY_HANDLE mc_get_slot_by_handle_lock(TCS_KEY_HANDLE); +TCPA_KEY_HANDLE mc_get_slot_by_pub(TCPA_STORE_PUBKEY *); +TCS_KEY_HANDLE mc_get_handle_by_pub(TCPA_STORE_PUBKEY *, TCS_KEY_HANDLE); +TCPA_STORE_PUBKEY *mc_get_parent_pub_by_pub(TCPA_STORE_PUBKEY *); +TSS_BOOL isKeyRegistered(TCPA_STORE_PUBKEY *); +TSS_RESULT mc_get_blob_by_pub(TCPA_STORE_PUBKEY *, TSS_KEY **); +TSS_RESULT evictFirstKey(TCS_KEY_HANDLE); +TSS_RESULT getParentUUIDByUUID(TSS_UUID *, TSS_UUID *); +TSS_RESULT getRegisteredKeyByUUID(TSS_UUID *, BYTE *, UINT16 *); +TSS_RESULT isPubRegistered(TCPA_STORE_PUBKEY *); +TSS_RESULT getRegisteredUuidByPub(TCPA_STORE_PUBKEY *, TSS_UUID **); +TSS_RESULT getRegisteredKeyByPub(TCPA_STORE_PUBKEY *, UINT32 *, BYTE **); +TSS_BOOL isKeyLoaded(TCPA_KEY_HANDLE); +TSS_RESULT LoadKeyShim(TCS_CONTEXT_HANDLE, TCPA_STORE_PUBKEY *, TSS_UUID *,TCPA_KEY_HANDLE *); +TSS_RESULT mc_set_parent_by_handle(TCS_KEY_HANDLE, TCS_KEY_HANDLE); +TSS_RESULT isUUIDRegistered(TSS_UUID *, TSS_BOOL *); +void destroy_key_refs(TSS_KEY *); + +/* cxt.c */ +TSS_RESULT context_close_auth(TCS_CONTEXT_HANDLE); +TSS_RESULT checkContextForAuth(TCS_CONTEXT_HANDLE, TCS_AUTHHANDLE); +TSS_RESULT addContextForAuth(TCS_CONTEXT_HANDLE, TCS_AUTHHANDLE); +TSS_RESULT ctx_verify_context(TCS_CONTEXT_HANDLE); +COND_VAR *ctx_get_cond_var(TCS_CONTEXT_HANDLE); +TSS_RESULT ctx_mark_key_loaded(TCS_CONTEXT_HANDLE, TCS_KEY_HANDLE); +TSS_RESULT ctx_remove_key_loaded(TCS_CONTEXT_HANDLE, TCS_KEY_HANDLE); +TSS_BOOL ctx_has_key_loaded(TCS_CONTEXT_HANDLE, TCS_KEY_HANDLE); +void ctx_ref_count_keys(struct tcs_context *); +struct tcs_context *get_context(TCS_CONTEXT_HANDLE); +TSS_RESULT ctx_req_exclusive_transport(TCS_CONTEXT_HANDLE); +TSS_RESULT ctx_set_transport_enabled(TCS_CONTEXT_HANDLE, TPM_TRANSHANDLE); +TSS_RESULT ctx_set_transport_disabled(TCS_CONTEXT_HANDLE, TCS_HANDLE *); + +#ifdef TSS_BUILD_KEY +#define CTX_ref_count_keys(c) ctx_ref_count_keys(c) +#define KEY_MGR_ref_count() key_mgr_ref_count() +TSS_RESULT ensureKeyIsLoaded(TCS_CONTEXT_HANDLE, TCS_KEY_HANDLE, TCPA_KEY_HANDLE *); +#else +#define CTX_ref_count_keys(c) +#define KEY_MGR_ref_count() +#define ensureKeyIsLoaded(...) (1 /* XXX non-zero return will indicate failure */) +#endif + + +TCS_CONTEXT_HANDLE make_context(); +void destroy_context(TCS_CONTEXT_HANDLE); + +/* tcs_utils.c */ +TSS_RESULT get_current_version(TPM_VERSION *); +void LogData(char *string, UINT32 data); +void LogResult(char *string, TSS_RESULT result); +TSS_RESULT canILoadThisKey(TCPA_KEY_PARMS *parms, TSS_BOOL *); +TSS_RESULT internal_EvictByKeySlot(TCPA_KEY_HANDLE slot); + +TSS_RESULT clearKeysFromChip(TCS_CONTEXT_HANDLE hContext); +TSS_RESULT clearUnknownKeys(TCS_CONTEXT_HANDLE, UINT32 *); + +void UINT64ToArray(UINT64, BYTE *); +void UINT32ToArray(UINT32, BYTE *); +void UINT16ToArray(UINT16, BYTE *); +UINT64 Decode_UINT64(BYTE *); +UINT32 Decode_UINT32(BYTE *); +UINT16 Decode_UINT16(BYTE *); +void LoadBlob_UINT64(UINT64 *, UINT64, BYTE *); +void LoadBlob_UINT32(UINT64 *, UINT32, BYTE *); +void LoadBlob_UINT16(UINT64 *, UINT16, BYTE *); +void UnloadBlob_UINT64(UINT64 *, UINT64 *, BYTE *); +void UnloadBlob_UINT32(UINT64 *, UINT32 *, BYTE *); +void UnloadBlob_UINT16(UINT64 *, UINT16 *, BYTE *); +void LoadBlob_BYTE(UINT64 *, BYTE, BYTE *); +void UnloadBlob_BYTE(UINT64 *, BYTE *, BYTE *); +void LoadBlob_BOOL(UINT64 *, TSS_BOOL, BYTE *); +void UnloadBlob_BOOL(UINT64 *, TSS_BOOL *, BYTE *); +void LoadBlob(UINT64 *, UINT32, BYTE *, BYTE *); +void UnloadBlob(UINT64 *, UINT32, BYTE *, BYTE *); +void LoadBlob_Header(UINT16, UINT32, UINT32, BYTE *); +#ifdef TSS_DEBUG +#define UnloadBlob_Header(b,u) LogUnloadBlob_Header(b,u, __FILE__, __LINE__) +TSS_RESULT LogUnloadBlob_Header(BYTE *, UINT32 *, char *, int); +#else +TSS_RESULT UnloadBlob_Header(BYTE *, UINT32 *); +#endif +TSS_RESULT UnloadBlob_MIGRATIONKEYAUTH(UINT64 *, BYTE *, TCPA_MIGRATIONKEYAUTH *); +void LoadBlob_Auth(UINT64 *, BYTE *, TPM_AUTH *); +void UnloadBlob_Auth(UINT64 *, BYTE *, TPM_AUTH *); +void LoadBlob_KEY_PARMS(UINT64 *, BYTE *, TCPA_KEY_PARMS *); +TSS_RESULT UnloadBlob_KEY_PARMS(UINT64 *, BYTE *, TCPA_KEY_PARMS *); +TSS_RESULT UnloadBlob_STORE_PUBKEY(UINT64 *, BYTE *, TCPA_STORE_PUBKEY *); +void LoadBlob_STORE_PUBKEY(UINT64 *, BYTE *, TCPA_STORE_PUBKEY *); +void UnloadBlob_VERSION(UINT64 *, BYTE *, TPM_VERSION *); +void LoadBlob_VERSION(UINT64 *, BYTE *, TPM_VERSION *); +void UnloadBlob_TCPA_VERSION(UINT64 *, BYTE *, TCPA_VERSION *); +void LoadBlob_TCPA_VERSION(UINT64 *, BYTE *, TCPA_VERSION *); +TSS_RESULT UnloadBlob_TSS_KEY(UINT64 *, BYTE *, TSS_KEY *); +void LoadBlob_TSS_KEY(UINT64 *, BYTE *, TSS_KEY *); +void LoadBlob_PUBKEY(UINT64 *, BYTE *, TCPA_PUBKEY *); +TSS_RESULT UnloadBlob_PUBKEY(UINT64 *, BYTE *, TCPA_PUBKEY *); +void LoadBlob_SYMMETRIC_KEY(UINT64 *, BYTE *, TCPA_SYMMETRIC_KEY *); +TSS_RESULT UnloadBlob_SYMMETRIC_KEY(UINT64 *, BYTE *, TCPA_SYMMETRIC_KEY *); +TSS_RESULT UnloadBlob_PCR_SELECTION(UINT64 *, BYTE *, TCPA_PCR_SELECTION *); +void LoadBlob_PCR_SELECTION(UINT64 *, BYTE *, TCPA_PCR_SELECTION); +TSS_RESULT UnloadBlob_PCR_COMPOSITE(UINT64 *, BYTE *, TCPA_PCR_COMPOSITE *); +void LoadBlob_PCR_INFO(UINT64 *, BYTE *, TCPA_PCR_INFO *); +TSS_RESULT UnloadBlob_PCR_INFO(UINT64 *, BYTE *, TCPA_PCR_INFO *); +TSS_RESULT UnloadBlob_STORED_DATA(UINT64 *, BYTE *, TCPA_STORED_DATA *); +void LoadBlob_STORED_DATA(UINT64 *, BYTE *, TCPA_STORED_DATA *); +void LoadBlob_KEY_FLAGS(UINT64 *, BYTE *, TCPA_KEY_FLAGS *); +void UnloadBlob_KEY_FLAGS(UINT64 *, BYTE *, TCPA_KEY_FLAGS *); +TSS_RESULT UnloadBlob_CERTIFY_INFO(UINT64 *, BYTE *, TCPA_CERTIFY_INFO *); +TSS_RESULT UnloadBlob_KEY_HANDLE_LIST(UINT64 *, BYTE *, TCPA_KEY_HANDLE_LIST *); +void LoadBlob_UUID(UINT64 *, BYTE *, TSS_UUID); +void UnloadBlob_UUID(UINT64 *, BYTE *, TSS_UUID *); +void LoadBlob_COUNTER_VALUE(UINT64 *, BYTE *, TPM_COUNTER_VALUE *); +void UnloadBlob_COUNTER_VALUE(UINT64 *, BYTE *, TPM_COUNTER_VALUE *); +void LoadBlob_DIGEST(UINT64 *, BYTE *, TPM_DIGEST *); +void UnloadBlob_DIGEST(UINT64 *, BYTE *, TPM_DIGEST *); +void LoadBlob_NONCE(UINT64 *, BYTE *, TPM_NONCE *); +void UnloadBlob_NONCE(UINT64 *, BYTE *, TPM_NONCE *); +void LoadBlob_AUTHDATA(UINT64 *, BYTE *, TPM_AUTHDATA *); +void UnloadBlob_AUTHDATA(UINT64 *, BYTE *, TPM_AUTHDATA *); +#define LoadBlob_ENCAUTH(a, b, c) LoadBlob_AUTHDATA(a, b, c) +#define UnloadBlob_ENCAUTH(a, b, c) UnloadBlob_AUTHDATA(a, b, c) + +void UnloadBlob_CURRENT_TICKS(UINT64 *, BYTE *, TPM_CURRENT_TICKS *); +TSS_RESULT UnloadBlob_PCR_INFO_SHORT(UINT64 *, BYTE *, TPM_PCR_INFO_SHORT *); + +TSS_RESULT Hash(UINT32, UINT32, BYTE *, BYTE *); +void free_external_events(UINT32, TSS_PCR_EVENT *); + +TSS_RESULT internal_TerminateHandle(TCS_AUTHHANDLE handle); +UINT32 get_pcr_event_size(TSS_PCR_EVENT *); +TSS_RESULT fill_key_info(struct key_disk_cache *, struct key_mem_cache *, TSS_KM_KEYINFO *); +TSS_RESULT fill_key_info2(struct key_disk_cache *, struct key_mem_cache *, TSS_KM_KEYINFO2 *); + +char platform_get_runlevel(); +TSS_RESULT tpm_rsp_parse(TPM_COMMAND_CODE, BYTE *, UINT32, ...); +TSS_RESULT tpm_rqu_build(TPM_COMMAND_CODE, UINT64 *, BYTE *, ...); +TSS_RESULT tpm_preload_check(TCS_CONTEXT_HANDLE, TPM_COMMAND_CODE ordinal, ...); +TSS_RESULT getKeyByCacheEntry(struct key_disk_cache *, BYTE *, UINT16 *); +TSS_RESULT add_cache_entry(TCS_CONTEXT_HANDLE, BYTE *, TCS_KEY_HANDLE, TPM_KEY_HANDLE, TCS_KEY_HANDLE *); +TSS_RESULT get_slot(TCS_CONTEXT_HANDLE, TCS_KEY_HANDLE, TPM_KEY_HANDLE *); +TSS_RESULT get_slot_lite(TCS_CONTEXT_HANDLE, TCS_KEY_HANDLE, TPM_KEY_HANDLE *); +TSS_RESULT load_key_init(TPM_COMMAND_CODE, TCS_CONTEXT_HANDLE, TCS_KEY_HANDLE, UINT32, BYTE*, TSS_BOOL, TPM_AUTH*, TSS_BOOL*, UINT64*, BYTE*, TCS_KEY_HANDLE*, TPM_KEY_HANDLE*); +TSS_RESULT load_key_final(TCS_CONTEXT_HANDLE, TCS_KEY_HANDLE, TCS_KEY_HANDLE *, BYTE *, TPM_KEY_HANDLE); +TSS_RESULT LoadKeyByBlob_Internal(UINT32,TCS_CONTEXT_HANDLE,TCS_KEY_HANDLE,UINT32,BYTE *,TPM_AUTH *, + TCS_KEY_HANDLE *,TCS_KEY_HANDLE *); +TSS_RESULT TSC_PhysicalPresence_Internal(UINT16 physPres); +TSS_RESULT TCSP_FlushSpecific_Common(UINT32, TPM_RESOURCE_TYPE); + + TSS_RESULT TCSP_GetRegisteredKeyByPublicInfo_Internal(TCS_CONTEXT_HANDLE tcsContext, TCPA_ALGORITHM_ID algID, /* in */ + UINT32 ulPublicInfoLength, /* in */ + BYTE * rgbPublicInfo, /* in */ + UINT32 * keySize, BYTE ** keyBlob); + + TSS_RESULT TCS_OpenContext_Internal(TCS_CONTEXT_HANDLE * hContext /* out */ + ); + + TSS_RESULT TCS_CloseContext_Internal(TCS_CONTEXT_HANDLE hContext /* in */ + ); + + TSS_RESULT TCS_FreeMemory_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + BYTE * pMemory /* in */ + ); + + TSS_RESULT TCS_LogPcrEvent_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TSS_PCR_EVENT Event, /* in */ + UINT32 * pNumber /* out */ + ); + + TSS_RESULT TCS_GetPcrEvent_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 PcrIndex, /* in */ + UINT32 * pNumber, /* in, out */ + TSS_PCR_EVENT ** ppEvent /* out */ + ); + + TSS_RESULT TCS_GetPcrEventsByPcr_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 PcrIndex, /* in */ + UINT32 FirstEvent, /* in */ + UINT32 * pEventCount, /* in,out */ + TSS_PCR_EVENT ** ppEvents /* out */ + ); + + TSS_RESULT TCS_GetPcrEventLog_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 * pEventCount, /* out */ + TSS_PCR_EVENT ** ppEvents /* out */ + ); + + TSS_RESULT TCS_RegisterKey_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TSS_UUID *WrappingKeyUUID, /* in */ + TSS_UUID *KeyUUID, /* in */ + UINT32 cKeySize, /* in */ + BYTE * rgbKey, /* in */ + UINT32 cVendorData, /* in */ + BYTE * gbVendorData /* in */ + ); + + TSS_RESULT TCS_UnregisterKey_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TSS_UUID KeyUUID /* in */ + ); + + TSS_RESULT TCS_EnumRegisteredKeys_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TSS_UUID * pKeyUUID, /* in */ + UINT32 * pcKeyHierarchySize, /* out */ + TSS_KM_KEYINFO ** ppKeyHierarchy /* out */ + ); + + TSS_RESULT TCS_EnumRegisteredKeys_Internal2(TCS_CONTEXT_HANDLE hContext, /* in */ + TSS_UUID * pKeyUUID, /* in */ + UINT32 * pcKeyHierarchySize, /* out */ + TSS_KM_KEYINFO2 ** ppKeyHierarchy /* out */ + ); + + TSS_RESULT TCS_GetRegisteredKey_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TSS_UUID *KeyUUID, /* in */ + TSS_KM_KEYINFO ** ppKeyInfo /* out */ + ); + + TSS_RESULT TCS_GetRegisteredKeyBlob_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TSS_UUID *KeyUUID, /* in */ + UINT32 * pcKeySize, /* out */ + BYTE ** prgbKey /* out */ + ); + + TSS_RESULT TCSP_LoadKeyByBlob_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE hUnwrappingKey, /* in */ + UINT32 cWrappedKeyBlobSize, /* in */ + BYTE * rgbWrappedKeyBlob, /* in */ + TPM_AUTH * pAuth, /* in, out */ + TCS_KEY_HANDLE * phKeyTCSI, /* out */ + TCS_KEY_HANDLE * phKeyHMAC /* out */ + ); + + TSS_RESULT TCSP_LoadKey2ByBlob_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE hUnwrappingKey, /* in */ + UINT32 cWrappedKeyBlobSize, /* in */ + BYTE * rgbWrappedKeyBlob, /* in */ + TPM_AUTH * pAuth, /* in, out */ + TCS_KEY_HANDLE * phKeyTCSI /* out */ + ); + + TSS_RESULT TCSP_LoadKeyByUUID_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TSS_UUID *KeyUUID, /* in */ + TCS_LOADKEY_INFO * pLoadKeyInfo, /* in, out */ + TCS_KEY_HANDLE * phKeyTCSI /* out */ + ); + + TSS_RESULT TCSP_EvictKey_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE hKey /* in */ + ); + + TSS_RESULT TCSP_CreateWrapKey_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE hWrappingKey, /* in */ + TCPA_ENCAUTH KeyUsageAuth, /* in */ + TCPA_ENCAUTH KeyMigrationAuth, /* in */ + UINT32 keyInfoSize, /* in */ + BYTE * keyInfo, /* in */ + UINT32 * keyDataSize, /* out */ + BYTE ** keyData, /* out */ + TPM_AUTH * pAuth /* in, out */ + ); + + TSS_RESULT TCSP_GetPubKey_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE hKey, /* in */ + TPM_AUTH * pAuth, /* in, out */ + UINT32 * pcPubKeySize, /* out */ + BYTE ** prgbPubKey /* out */ + ); + TSS_RESULT TCSP_MakeIdentity_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_ENCAUTH identityAuth, /* in */ + TCPA_CHOSENID_HASH IDLabel_PrivCAHash, /* in */ + UINT32 idKeyInfoSize, /*in */ + BYTE * idKeyInfo, /*in */ + TPM_AUTH * pSrkAuth, /* in, out */ + TPM_AUTH * pOwnerAuth, /* in, out */ + UINT32 * idKeySize, /* out */ + BYTE ** idKey, /* out */ + UINT32 * pcIdentityBindingSize, /* out */ + BYTE ** prgbIdentityBinding, /* out */ + UINT32 * pcEndorsementCredentialSize, /* out */ + BYTE ** prgbEndorsementCredential, /* out */ + UINT32 * pcPlatformCredentialSize, /* out */ + BYTE ** prgbPlatformCredential, /* out */ + UINT32 * pcConformanceCredentialSize, /* out */ + BYTE ** prgbConformanceCredential /* out */ + ); + + TSS_RESULT TCSP_MakeIdentity2_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_ENCAUTH identityAuth, /* in */ + TCPA_CHOSENID_HASH IDLabel_PrivCAHash, /* in */ + UINT32 idKeyInfoSize, /*in */ + BYTE * idKeyInfo, /*in */ + TPM_AUTH * pSrkAuth, /* in, out */ + TPM_AUTH * pOwnerAuth, /* in, out */ + UINT32 * idKeySize, /* out */ + BYTE ** idKey, /* out */ + UINT32 * pcIdentityBindingSize, /* out */ + BYTE ** prgbIdentityBinding /* out */ + ); + + TSS_RESULT TCS_GetCredential_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 ulCredentialType, /* in */ + UINT32 ulCredentialAccessMode, /* in */ + UINT32 * pulCredentialSize, /* out */ + BYTE ** prgbCredentialData /* out */ + ); + + TSS_RESULT TCSP_SetOwnerInstall_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TSS_BOOL state /* in */ + ); + + TSS_RESULT TCSP_TakeOwnership_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT16 protocolID, /* in */ + UINT32 encOwnerAuthSize, /* in */ + BYTE * encOwnerAuth, /* in */ + UINT32 encSrkAuthSize, /* in */ + BYTE * encSrkAuth, /* in */ + UINT32 srkInfoSize, /*in */ + BYTE * srkInfo, /*in */ + TPM_AUTH * ownerAuth, /* in, out */ + UINT32 * srkKeySize, /*out */ + BYTE ** srkKey /*out */ + ); + + TSS_RESULT TCSP_OIAP_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_AUTHHANDLE * authHandle, /* out */ + TCPA_NONCE * nonce0 /* out */ + ); + + TSS_RESULT TCSP_OSAP_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_ENTITY_TYPE entityType, /* in */ + UINT32 entityValue, /* in */ + TCPA_NONCE nonceOddOSAP, /* in */ + TCS_AUTHHANDLE * authHandle, /* out */ + TCPA_NONCE * nonceEven, /* out */ + TCPA_NONCE * nonceEvenOSAP /* out */ + ); + + TSS_RESULT TCSP_ChangeAuth_Internal(TCS_CONTEXT_HANDLE contextHandle, /* in */ + TCS_KEY_HANDLE parentHandle, /* in */ + TCPA_PROTOCOL_ID protocolID, /* in */ + TCPA_ENCAUTH newAuth, /* in */ + TCPA_ENTITY_TYPE entityType, /* in */ + UINT32 encDataSize, /* in */ + BYTE * encData, /* in */ + TPM_AUTH * ownerAuth, /* in, out */ + TPM_AUTH * entityAuth, /* in, out */ + UINT32 * outDataSize, /* out */ + BYTE ** outData /* out */ + ); + + TSS_RESULT TCSP_ChangeAuthOwner_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_PROTOCOL_ID protocolID, /* in */ + TCPA_ENCAUTH newAuth, /* in */ + TCPA_ENTITY_TYPE entityType, /* in */ + TPM_AUTH * ownerAuth /* in, out */ + ); + + TSS_RESULT TCSP_ChangeAuthAsymStart_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE idHandle, /* in */ + TCPA_NONCE antiReplay, /* in */ + UINT32 KeySizeIn, /* in */ + BYTE * KeyDataIn, /* in */ + TPM_AUTH * pAuth, /* in, out */ + UINT32 * KeySizeOut, /* out */ + BYTE ** KeyDataOut, /* out */ + UINT32 * CertifyInfoSize, /* out */ + BYTE ** CertifyInfo, /* out */ + UINT32 * sigSize, /* out */ + BYTE ** sig, /* out */ + TCS_KEY_HANDLE * ephHandle /* out */ + ); + + TSS_RESULT TCSP_ChangeAuthAsymFinish_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE parentHandle, /* in */ + TCS_KEY_HANDLE ephHandle, /* in */ + TCPA_ENTITY_TYPE entityType, /* in */ + TCPA_HMAC newAuthLink, /* in */ + UINT32 newAuthSize, /* in */ + BYTE * encNewAuth, /* in */ + UINT32 encDataSizeIn, /* in */ + BYTE * encDataIn, /* in */ + TPM_AUTH * ownerAuth, /* in, out */ + UINT32 * encDataSizeOut, /* out */ + BYTE ** encDataOut, /* out */ + TCPA_NONCE * saltNonce, /* out */ + TCPA_DIGEST * changeProof /* out */ + ); + + TSS_RESULT TCSP_TerminateHandle_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_AUTHHANDLE handle /* in */ + ); + + TSS_RESULT TCSP_ActivateTPMIdentity_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE idKey, /* in */ + UINT32 blobSize, /* in */ + BYTE * blob, /* in */ + TPM_AUTH * idKeyAuth, /* in, out */ + TPM_AUTH * ownerAuth, /* in, out */ + UINT32 * SymmetricKeySize, /* out */ + BYTE ** SymmetricKey /* out */ + ); + + TSS_RESULT TCSP_Extend_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_PCRINDEX pcrNum, /* in */ + TCPA_DIGEST inDigest, /* in */ + TCPA_PCRVALUE * outDigest /* out */ + ); + + TSS_RESULT TCSP_PcrRead_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_PCRINDEX pcrNum, /* in */ + TCPA_PCRVALUE * outDigest /* out */ + ); + + TSS_RESULT TCSP_PcrReset_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 pcrDataSizeIn, /* in */ + BYTE * pcrData /* in */ + ); + + TSS_RESULT TCSP_Quote_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + TCPA_NONCE antiReplay, /* in */ + UINT32 pcrDataSizeIn, /* in */ + BYTE * pcrDataIn, /* in */ + TPM_AUTH * privAuth, /* in, out */ + UINT32 * pcrDataSizeOut, /* out */ + BYTE ** pcrDataOut, /* out */ + UINT32 * sigSize, /* out */ + BYTE ** sig /* out */ + ); + + TSS_RESULT TCSP_Quote2_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + TCPA_NONCE antiReplay, /* in */ + UINT32 pcrDataSizeIn, /* in */ + BYTE * pcrDataIn, /* in */ + TSS_BOOL addVersion, /* in */ + TPM_AUTH * privAuth, /* in, out */ + UINT32 * pcrDataSizeOut, /* out */ + BYTE ** pcrDataOut, /* out */ + UINT32 * versionInfoSize, /* out */ + BYTE ** versionInfo, /* out */ + UINT32 * sigSize, /* out */ + BYTE ** sig /* out */ + ); + + TSS_RESULT TCSP_DirWriteAuth_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_DIRINDEX dirIndex, /* in */ + TCPA_DIRVALUE newContents, /* in */ + TPM_AUTH * ownerAuth /* in, out */ + ); + + TSS_RESULT TCSP_DirRead_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_DIRINDEX dirIndex, /* in */ + TCPA_DIRVALUE * dirValue /* out */ + ); + + /* Since only the ordinal differs between Seal and Sealx (from an API point of view), + use a common Seal function specifying the ordinal to be sent to the TPM. */ + TSS_RESULT TCSP_Seal_Internal(UINT32 sealOrdinal, /* in */ + TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + TCPA_ENCAUTH encAuth, /* in */ + UINT32 pcrInfoSize, /* in */ + BYTE * PcrInfo, /* in */ + UINT32 inDataSize, /* in */ + BYTE * inData, /* in */ + TPM_AUTH * pubAuth, /* in, out */ + UINT32 * SealedDataSize, /* out */ + BYTE ** SealedData /* out */ + ); + + TSS_RESULT TCSP_Unseal_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE parentHandle, /* in */ + UINT32 SealedDataSize, /* in */ + BYTE * SealedData, /* in */ + TPM_AUTH * parentAuth, /* in, out */ + TPM_AUTH * dataAuth, /* in, out */ + UINT32 * DataSize, /* out */ + BYTE ** Data /* out */ + ); + + TSS_RESULT TCSP_UnBind_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + UINT32 inDataSize, /* in */ + BYTE * inData, /* in */ + TPM_AUTH * privAuth, /* in, out */ + UINT32 * outDataSize, /* out */ + BYTE ** outData /* out */ + ); + TSS_RESULT TCSP_CreateMigrationBlob_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE parentHandle, /* in */ + TCPA_MIGRATE_SCHEME migrationType, /* in */ + UINT32 MigrationKeyAuthSize, /* in */ + BYTE * MigrationKeyAuth, /* in */ + UINT32 encDataSize, /* in */ + BYTE * encData, /* in */ + TPM_AUTH * parentAuth, /* in, out */ + TPM_AUTH * entityAuth, /* in, out */ + UINT32 * randomSize, /* out */ + BYTE ** random, /* out */ + UINT32 * outDataSize, /* out */ + BYTE ** outData /* out */ + ); + + TSS_RESULT TCSP_ConvertMigrationBlob_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE parentHandle, /* in */ + UINT32 inDataSize, /* in */ + BYTE * inData, /* in */ + UINT32 randomSize, /* in */ + BYTE * random, /* in */ + TPM_AUTH * parentAuth, /* in, out */ + UINT32 * outDataSize, /* out */ + BYTE ** outData /* out */ + ); + + TSS_RESULT TCSP_AuthorizeMigrationKey_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_MIGRATE_SCHEME migrateScheme, /* in */ + UINT32 MigrationKeySize, /* in */ + BYTE * MigrationKey, /* in */ + TPM_AUTH * ownerAuth, /* in, out */ + UINT32 * MigrationKeyAuthSize, /* out */ + BYTE ** MigrationKeyAuth /* out */ + ); + + TSS_RESULT TCSP_CertifyKey_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE certHandle, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + TCPA_NONCE antiReplay, /* in */ + TPM_AUTH * certAuth, /* in, out */ + TPM_AUTH * keyAuth, /* in, out */ + UINT32 * CertifyInfoSize, /* out */ + BYTE ** CertifyInfo, /* out */ + UINT32 * outDataSize, /* out */ + BYTE ** outData /* out */ + ); + + TSS_RESULT TCSP_Sign_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + UINT32 areaToSignSize, /* in */ + BYTE * areaToSign, /* in */ + TPM_AUTH * privAuth, /* in, out */ + UINT32 * sigSize, /* out */ + BYTE ** sig /* out */ + ); + + TSS_RESULT TCSP_GetRandom_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 * bytesRequested, /* in, out */ + BYTE ** randomBytes /* out */ + ); + + TSS_RESULT TCSP_StirRandom_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 inDataSize, /* in */ + BYTE * inData /* in */ + ); + + TSS_RESULT TCS_GetCapability_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_CAPABILITY_AREA capArea, /* in */ + UINT32 subCapSize, /* in */ + BYTE * subCap, /* in */ + UINT32 * respSize, /* out */ + BYTE ** resp /* out */ + ); + + TSS_RESULT TCSP_GetCapability_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_CAPABILITY_AREA capArea, /* in */ + UINT32 subCapSize, /* in */ + BYTE * subCap, /* in */ + UINT32 * respSize, /* out */ + BYTE ** resp /* out */ + ); + TSS_RESULT TCSP_SetCapability_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_CAPABILITY_AREA capArea, /* in */ + UINT32 subCapSize, /* in */ + BYTE * subCap, /* in */ + UINT32 valueSize, /* in */ + BYTE * value, /* in */ + TPM_AUTH * pOwnerAuth /* in, out */ + ); + TSS_RESULT TCSP_GetCapabilityOwner_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TPM_AUTH * pOwnerAuth, /* out */ + TCPA_VERSION * pVersion, /* out */ + UINT32 * pNonVolatileFlags, /* out */ + UINT32 * pVolatileFlags /* out */ + ); + + TSS_RESULT TCSP_CreateEndorsementKeyPair_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_NONCE antiReplay, /* in */ + UINT32 endorsementKeyInfoSize, /* in */ + BYTE * endorsementKeyInfo, /* in */ + UINT32 * endorsementKeySize, /* out */ + BYTE ** endorsementKey, /* out */ + TCPA_DIGEST * checksum /* out */ + ); + + TSS_RESULT TCSP_ReadPubek_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_NONCE antiReplay, /* in */ + UINT32 * pubEndorsementKeySize, /* out */ + BYTE ** pubEndorsementKey, /* out */ + TCPA_DIGEST * checksum /* out */ + ); + + TSS_RESULT TCSP_DisablePubekRead_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TPM_AUTH * ownerAuth /* in, out */ + ); + + TSS_RESULT TCSP_OwnerReadPubek_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TPM_AUTH * ownerAuth, /* in, out */ + UINT32 * pubEndorsementKeySize, /* out */ + BYTE ** pubEndorsementKey /* out */ + ); + + TSS_RESULT TCSP_CreateRevocableEndorsementKeyPair_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TPM_NONCE antiReplay, /* in */ + UINT32 endorsementKeyInfoSize, /* in */ + BYTE * endorsementKeyInfo, /* in */ + TSS_BOOL genResetAuth, /* in */ + TPM_DIGEST * eKResetAuth, /* in, out */ + UINT32 * endorsementKeySize, /* out */ + BYTE ** endorsementKey, /* out */ + TPM_DIGEST * checksum /* out */ + ); + + TSS_RESULT TCSP_RevokeEndorsementKeyPair_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TPM_DIGEST EKResetAuth /* in */ + ); + + TSS_RESULT TCSP_SelfTestFull_Internal(TCS_CONTEXT_HANDLE hContext /* in */ + ); + + TSS_RESULT TCSP_CertifySelfTest_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + TCPA_NONCE antiReplay, /* in */ + TPM_AUTH * privAuth, /* in, out */ + UINT32 * sigSize, /* out */ + BYTE ** sig /* out */ + ); + + TSS_RESULT TCSP_GetTestResult_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 * outDataSize, /* out */ + BYTE ** outData /* out */ + ); + + TSS_RESULT TCSP_OwnerSetDisable_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TSS_BOOL disableState, /* in */ + TPM_AUTH * ownerAuth /* in, out */ + ); + + TSS_RESULT TCSP_ResetLockValue_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TPM_AUTH * ownerAuth /* in, out */ + ); + + TSS_RESULT TCSP_OwnerClear_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TPM_AUTH * ownerAuth /* in, out */ + ); + + TSS_RESULT TCSP_DisableOwnerClear_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TPM_AUTH * ownerAuth /* in, out */ + ); + + TSS_RESULT TCSP_ForceClear_Internal(TCS_CONTEXT_HANDLE hContext /* in */ + ); + + TSS_RESULT TCSP_DisableForceClear_Internal(TCS_CONTEXT_HANDLE hContext /* in */ + ); + + TSS_RESULT TCSP_PhysicalPresence_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_PHYSICAL_PRESENCE fPhysicalPresence /* in */ + ); + + TSS_RESULT TCSP_PhysicalDisable_Internal(TCS_CONTEXT_HANDLE hContext /* in */ + ); + + TSS_RESULT TCSP_PhysicalEnable_Internal(TCS_CONTEXT_HANDLE hContext /* in */ + ); + + TSS_RESULT TCSP_PhysicalSetDeactivated_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TSS_BOOL state /* in */ + ); + + TSS_RESULT TCSP_SetTempDeactivated_Internal(TCS_CONTEXT_HANDLE hContext /* in */ + ); + + TSS_RESULT TCSP_SetTempDeactivated2_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TPM_AUTH * operatorAuth /* in, out */ + ); + + TSS_RESULT TCSP_FieldUpgrade_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 dataInSize, /* in */ + BYTE * dataIn, /* in */ + UINT32 * dataOutSize, /* out */ + BYTE ** dataOut, /* out */ + TPM_AUTH * ownerAuth /* in, out */ + ); + + TSS_RESULT TCSP_SetRedirection_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + UINT32 c1, /* in */ + UINT32 c2, /* in */ + TPM_AUTH * privAuth /* in, out */ + ); + + TSS_RESULT TCSP_CreateMaintenanceArchive_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TSS_BOOL generateRandom, /* in */ + TPM_AUTH * ownerAuth, /* in, out */ + UINT32 * randomSize, /* out */ + BYTE ** random, /* out */ + UINT32 * archiveSize, /* out */ + BYTE ** archive /* out */ + ); + + TSS_RESULT TCSP_LoadMaintenanceArchive_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 dataInSize, /* in */ + BYTE * dataIn, /* in */ + TPM_AUTH * ownerAuth, /* in, out */ + UINT32 * dataOutSize, /* out */ + BYTE ** dataOut /* out */ + ); + + TSS_RESULT TCSP_KillMaintenanceFeature_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TPM_AUTH * ownerAuth /* in, out */ + ); + + TSS_RESULT TCSP_LoadManuMaintPub_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_NONCE antiReplay, /* in */ + UINT32 PubKeySize, /* in */ + BYTE * PubKey, /* in */ + TCPA_DIGEST * checksum /* out */ + ); + + TSS_RESULT TCSP_ReadManuMaintPub_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_NONCE antiReplay, /* in */ + TCPA_DIGEST * checksum /* out */ + ); + TSS_RESULT TCSP_Reset_Internal(TCS_CONTEXT_HANDLE hContext + ); + TSS_RESULT TCSP_DaaJoin_internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TPM_HANDLE handle, /* in */ + BYTE stage, /* in */ + UINT32 inputSize0, /* in */ + BYTE *inputData0, /* in */ + UINT32 inputSize1, /* in */ + BYTE *inputData1, /* in */ + TPM_AUTH * ownerAuth, /* in, out */ + UINT32 *outputSize, /* out */ + BYTE **outputData /* out */ + ); + + TSS_RESULT TCSP_DaaSign_internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TPM_HANDLE handle, /* in */ + BYTE stage, /* in */ + UINT32 inputSize0, /* in */ + BYTE *inputData0, /* in */ + UINT32 inputSize1, /* in */ + BYTE *inputData1, /* in */ + TPM_AUTH * ownerAuth, /* in, out */ + UINT32 *outputSize, /* out */ + BYTE **outputData /* out */ + ); + + + TSS_RESULT TCSP_ReadCounter_Internal(TCS_CONTEXT_HANDLE hContext, + TSS_COUNTER_ID idCounter, + TPM_COUNTER_VALUE* counterValue + ); + + TSS_RESULT TCSP_CreateCounter_Internal(TCS_CONTEXT_HANDLE hContext, + UINT32 LabelSize, + BYTE* pLabel, + TPM_ENCAUTH CounterAuth, + TPM_AUTH* pOwnerAuth, + TSS_COUNTER_ID* idCounter, + TPM_COUNTER_VALUE* counterValue + ); + + TSS_RESULT TCSP_IncrementCounter_Internal(TCS_CONTEXT_HANDLE hContext, + TSS_COUNTER_ID idCounter, + TPM_AUTH* pCounterAuth, + TPM_COUNTER_VALUE* counterValue + ); + + TSS_RESULT TCSP_ReleaseCounter_Internal(TCS_CONTEXT_HANDLE hContext, + TSS_COUNTER_ID idCounter, + TPM_AUTH* pCounterAuth + ); + + TSS_RESULT TCSP_ReleaseCounterOwner_Internal(TCS_CONTEXT_HANDLE hContext, + TSS_COUNTER_ID idCounter, + TPM_AUTH* pOwnerAuth + ); + TSS_RESULT TCSP_ReadCurrentTicks_Internal(TCS_CONTEXT_HANDLE hContext, + UINT32* pulCurrentTime, + BYTE** prgbCurrentTime + ); + TSS_RESULT TCSP_TickStampBlob_Internal(TCS_CONTEXT_HANDLE hContext, + TCS_KEY_HANDLE hKey, + TPM_NONCE* antiReplay, + TPM_DIGEST* digestToStamp, + TPM_AUTH* privAuth, + UINT32* pulSignatureLength, + BYTE** prgbSignature, + UINT32* pulTickCountLength, + BYTE** prgbTickCount + ); + TSS_RESULT TCSP_EstablishTransport_Internal(TCS_CONTEXT_HANDLE hContext, + UINT32 ulTransControlFlags, + TCS_KEY_HANDLE hEncKey, + UINT32 ulTransSessionInfoSize, + BYTE* rgbTransSessionInfo, + UINT32 ulSecretSize, + BYTE* rgbSecret, + TPM_AUTH* pEncKeyAuth, + TPM_MODIFIER_INDICATOR* pbLocality, + TCS_HANDLE* hTransSession, + UINT32* ulCurrentTicksSize, + BYTE** prgbCurrentTicks, + TPM_NONCE* pTransNonce + ); + + TSS_RESULT TCSP_ExecuteTransport_Internal(TCS_CONTEXT_HANDLE hContext, + TPM_COMMAND_CODE unWrappedCommandOrdinal, + UINT32 ulWrappedCmdParamInSize, + BYTE* rgbWrappedCmdParamIn, + UINT32* pulHandleListSize, + TCS_HANDLE** rghHandles, + TPM_AUTH* pWrappedCmdAuth1, + TPM_AUTH* pWrappedCmdAuth2, + TPM_AUTH* pTransAuth, + UINT64* punCurrentTicks, + TPM_MODIFIER_INDICATOR* pbLocality, + TPM_RESULT* pulWrappedCmdReturnCode, + UINT32* ulWrappedCmdParamOutSize, + BYTE** rgbWrappedCmdParamOut + ); + TSS_RESULT TCSP_ReleaseTransportSigned_Internal(TCS_CONTEXT_HANDLE hContext, + TCS_KEY_HANDLE hSignatureKey, + TPM_NONCE* AntiReplayNonce, + TPM_AUTH* pKeyAuth, + TPM_AUTH* pTransAuth, + TPM_MODIFIER_INDICATOR* pbLocality, + UINT32* pulCurrentTicksSize, + BYTE** prgbCurrentTicks, + UINT32* pulSignatureSize, + BYTE** prgbSignature + ); + + TSS_RESULT TCSP_NV_DefineOrReleaseSpace_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 cPubInfoSize, /* in */ + BYTE* pPubInfo, /* in */ + TPM_ENCAUTH encAuth, /* in */ + TPM_AUTH* pAuth /* in, out */ + ); + + TSS_RESULT TCSP_NV_WriteValue_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TSS_NV_INDEX hNVStore, /* in */ + UINT32 offset, /* in */ + UINT32 ulDataLength, /* in */ + BYTE* rgbDataToWrite, /* in */ + TPM_AUTH* privAuth /* in, out */ + ); + + TSS_RESULT TCSP_NV_WriteValueAuth_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TSS_NV_INDEX hNVStore, /* in */ + UINT32 offset, /* in */ + UINT32 ulDataLength, /* in */ + BYTE* rgbDataToWrite, /* in */ + TPM_AUTH* NVAuth /* in, out */ + ); + + TSS_RESULT TCSP_NV_ReadValue_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TSS_NV_INDEX hNVStore, /* in */ + UINT32 offset, /* in */ + UINT32* pulDataLength, /* in, out */ + TPM_AUTH* privAuth, /* in, out */ + BYTE** rgbDataRead /* out */ + ); + + TSS_RESULT TCSP_NV_ReadValueAuth_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TSS_NV_INDEX hNVStore, /* in */ + UINT32 offset, /* in */ + UINT32* pulDataLength, /* in, out */ + TPM_AUTH* NVAuth, /* in, out */ + BYTE** rgbDataRead /* out */ + ); + + TSS_RESULT TCSP_SetOrdinalAuditStatus_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TPM_AUTH* ownerAuth, /* in, out */ + UINT32 ulOrdinal, /* in */ + TSS_BOOL bAuditState /* in */ + ); + + TSS_RESULT TCSP_GetAuditDigest_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 startOrdinal, /* in */ + TPM_DIGEST* auditDigest, /* out */ + UINT32* counterValueSize, /* out */ + BYTE** counterValue, /* out */ + TSS_BOOL* more, /* out */ + UINT32* ordSize, /* out */ + UINT32** ordList /* out */ + ); + + TSS_RESULT TCSP_GetAuditDigestSigned_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + TSS_BOOL closeAudit, /* in */ + TPM_NONCE antiReplay, /* in */ + TPM_AUTH* privAuth, /* in, out */ + UINT32* counterValueSize, /* out */ + BYTE** counterValue, /* out */ + TPM_DIGEST* auditDigest, /* out */ + TPM_DIGEST* ordinalDigest, /* out */ + UINT32* sigSize, /* out */ + BYTE** sig /* out */ + ); + + TSS_RESULT TCSP_SetOperatorAuth_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_SECRET* operatorAuth /* in */ + ); + + TSS_RESULT TCSP_OwnerReadInternalPub_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE hKey, /* in */ + TPM_AUTH* pOwnerAuth, /*in, out*/ + UINT32* punPubKeySize, /* out */ + BYTE** ppbPubKeyData /* out */ + ); + + TSS_RESULT TCSP_Delegate_Manage_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TPM_FAMILY_ID familyID, /* in */ + TPM_FAMILY_OPERATION opFlag, /* in */ + UINT32 opDataSize, /* in */ + BYTE* opData, /* in */ + TPM_AUTH* ownerAuth, /* in, out */ + UINT32* retDataSize, /* out */ + BYTE** retData /* out */ + ); + + TSS_RESULT TCSP_Delegate_CreateKeyDelegation_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE hKey, /* in */ + UINT32 publicInfoSize, /* in */ + BYTE* publicInfo, /* in */ + TPM_ENCAUTH* encDelAuth, /* in */ + TPM_AUTH* keyAuth, /* in, out */ + UINT32* blobSize, /* out */ + BYTE** blob /* out */ + ); + + TSS_RESULT TCSP_Delegate_CreateOwnerDelegation_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TSS_BOOL increment, /* in */ + UINT32 publicInfoSize, /* in */ + BYTE* publicInfo, /* in */ + TPM_ENCAUTH* encDelAuth, /* in */ + TPM_AUTH* ownerAuth, /* in, out */ + UINT32* blobSize, /* out */ + BYTE** blob /* out */ + ); + + TSS_RESULT TCSP_Delegate_LoadOwnerDelegation_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TPM_DELEGATE_INDEX index, /* in */ + UINT32 blobSize, /* in */ + BYTE* blob, /* in */ + TPM_AUTH* ownerAuth /* in, out */ + ); + + TSS_RESULT TCSP_Delegate_ReadTable_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32* pulFamilyTableSize, /* out */ + BYTE** ppFamilyTable, /* out */ + UINT32* pulDelegateTableSize, /* out */ + BYTE** ppDelegateTable /* out */ + ); + + TSS_RESULT TCSP_Delegate_UpdateVerificationCount_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 inputSize, /* in */ + BYTE* input, /* in */ + TPM_AUTH* ownerAuth, /* in, out */ + UINT32* outputSize, /* out */ + BYTE** output /* out */ + ); + + TSS_RESULT TCSP_Delegate_VerifyDelegation_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 delegateSize, /* in */ + BYTE* delegate /* in */ + ); + + TSS_RESULT TCSP_CMK_SetRestrictions_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TSS_CMK_DELEGATE Restriction, /* in */ + TPM_AUTH* ownerAuth /* in */ + ); + + TSS_RESULT TCSP_CMK_ApproveMA_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TPM_DIGEST migAuthorityDigest, /* in */ + TPM_AUTH* ownerAuth, /* in, out */ + TPM_HMAC* HmacMigAuthDigest /* out */ + ); + + TSS_RESULT TCSP_CMK_CreateKey_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE hWrappingKey, /* in */ + TPM_ENCAUTH KeyUsageAuth, /* in */ + TPM_HMAC MigAuthApproval, /* in */ + TPM_DIGEST MigAuthorityDigest, /* in */ + UINT32* keyDataSize, /* in, out */ + BYTE** prgbKeyData, /* in, out */ + TPM_AUTH* pAuth /* in, out */ + ); + + TSS_RESULT TCSP_CMK_CreateTicket_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 PublicVerifyKeySize, /* in */ + BYTE* PublicVerifyKey, /* in */ + TPM_DIGEST SignedData, /* in */ + UINT32 SigValueSize, /* in */ + BYTE* SigValue, /* in */ + TPM_AUTH* pOwnerAuth, /* in, out */ + TPM_HMAC* SigTicket /* out */ + ); + + TSS_RESULT TCSP_CMK_CreateBlob_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE parentHandle, /* in */ + TSS_MIGRATE_SCHEME migrationType, /* in */ + UINT32 MigrationKeyAuthSize, /* in */ + BYTE* MigrationKeyAuth, /* in */ + TPM_DIGEST PubSourceKeyDigest, /* in */ + UINT32 msaListSize, /* in */ + BYTE* msaList, /* in */ + UINT32 restrictTicketSize, /* in */ + BYTE* restrictTicket, /* in */ + UINT32 sigTicketSize, /* in */ + BYTE* sigTicket, /* in */ + UINT32 encDataSize, /* in */ + BYTE* encData, /* in */ + TPM_AUTH* parentAuth, /* in, out */ + UINT32* randomSize, /* out */ + BYTE** random, /* out */ + UINT32* outDataSize, /* out */ + BYTE** outData /* out */ + ); + + TSS_RESULT TCSP_CMK_ConvertMigration_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE parentHandle, /* in */ + TPM_CMK_AUTH restrictTicket, /* in */ + TPM_HMAC sigTicket, /* in */ + UINT32 keyDataSize, /* in */ + BYTE* prgbKeyData, /* in */ + UINT32 msaListSize, /* in */ + BYTE* msaList, /* in */ + UINT32 randomSize, /* in */ + BYTE* random, /* in */ + TPM_AUTH* parentAuth, /* in, out */ + UINT32* outDataSize, /* out */ + BYTE** outData /* out */ + ); + TSS_RESULT TCSP_FlushSpecific_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_HANDLE hResHandle, /* in */ + TPM_RESOURCE_TYPE resourceType /* in */ + ); + + TSS_RESULT TCSP_KeyControlOwner_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE hKey, /* in */ + UINT32 ulPubKeyLength, /* in */ + BYTE* rgbPubKey, /* in */ + UINT32 attribName, /* in */ + TSS_BOOL attribValue, /* in */ + TPM_AUTH* pOwnerAuth, /* in,out */ + TSS_UUID* pUuidData /* out */ + ); + + TSS_RESULT TCSP_DSAP_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TPM_ENTITY_TYPE entityType, /* in */ + TCS_KEY_HANDLE hKey, /* in */ + TPM_NONCE *nonceOddDSAP, /* in */ + UINT32 entityValueSize, /* in */ + BYTE* entityValue, /* in */ + TCS_AUTHHANDLE *authHandle, /* out */ + TPM_NONCE *nonceEven, /* out */ + TPM_NONCE *nonceEvenDSAP /* out */ + ); + +#endif /*_TCS_UTILS_H_ */ diff --git a/src/include/tcsd.h b/src/include/tcsd.h new file mode 100644 index 0000000..e5a8852 --- /dev/null +++ b/src/include/tcsd.h @@ -0,0 +1,163 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + + +#ifndef _TCSD_H_ +#define _TCSD_H_ + +#include + +#include "rpc_tcstp.h" + +/* Platform Class structures */ +struct platform_class +{ + unsigned int simpleID; /* Platform specific spec identifier */ + unsigned int classURISize; /* Size of the classURI */ + char *classURI; /* Specific spec. Can be NULL */ + struct platform_class *next; +}; + +/* config structures */ +struct tcsd_config +{ + int port; /* port the TCSD will listen on */ + unsigned int num_threads; /* max number of threads the TCSD allows simultaneously */ + char *system_ps_dir; /* the directory the system PS file sits in */ + char *system_ps_file; /* the name of the system PS file */ + char *firmware_log_file;/* the name of the firmware PCR event file */ + char *kernel_log_file; /* the name of the kernel PCR event file */ + unsigned int kernel_pcrs; /* bitmask of PCRs the kernel controls */ + unsigned int firmware_pcrs; /* bitmask of PCRs the firmware controls */ + char *platform_cred; /* location of the platform credential */ + char *conformance_cred; /* location of the conformance credential */ + char *endorsement_cred; /* location of the endorsement credential */ + int remote_ops[TCSD_MAX_NUM_ORDS]; /* array of ordinals executable by remote hosts */ + unsigned int unset; /* bitmask of options which are still unset */ + int exclusive_transport; /* allow applications to open exclusive transport sessions with + the TPM and enforce their exclusivity (possible DOS issue) */ + struct platform_class *host_platform_class; /* Host platform class of this TCS System */ + struct platform_class *all_platform_classes; /* List of platform classes + of this TCS System */ +}; + +#define TCSD_DEFAULT_CONFIG_FILE ETC_PREFIX "/tcsd.conf" +extern char *tcsd_config_file; + +#define TSS_USER_NAME "tss" +#define TSS_GROUP_NAME "tss" + +#define TCSD_DEFAULT_MAX_THREADS 10 +#define TCSD_DEFAULT_SYSTEM_PS_FILE VAR_PREFIX "/lib/tpm/system.data" +#define TCSD_DEFAULT_SYSTEM_PS_DIR VAR_PREFIX "/lib/tpm" +#define TCSD_DEFAULT_FIRMWARE_LOG_FILE "/sys/kernel/security/tpm0/binary_bios_measurements" +#define TCSD_DEFAULT_KERNEL_LOG_FILE "/sys/kernel/security/ima/binary_runtime_measurements" +#define TCSD_DEFAULT_FIRMWARE_PCRS 0x00000000 +#define TCSD_DEFAULT_KERNEL_PCRS 0x00000000 + +/* This will change when a system with more than 32 PCR's exists */ +#define TCSD_MAX_PCRS 32 + +/* this is the 2nd param passed to the listen() system call */ +#define TCSD_MAX_SOCKETS_QUEUED 50 +#define TCSD_TXBUF_SIZE 1024 + +/* The Available Tcs Platform Classes */ +struct tcg_platform_spec { + char *name; + TPM_PLATFORM_SPECIFIC specNo; + char *specURI; +}; + +/* The Specific URI's for the platforms specs on TCG website */ +#define TPM_PS_PC_11_URI "https://www.trustedcomputinggroup.org/groups/pc_client/TCG_PCSpecificSpecification_v1_1.pdf" +#define TPM_PS_PC_12_URI "https://www.trustedcomputinggroup.org/specs/PCClient/TCG_PCClientImplementationforBIOS_1-20_1-00.pdf" +#define TPM_PS_PDA_12_URI "https://www.trustedcomputinggroup.org/specs/mobilephone/tcg-mobile-reference-architecture-1.0.pdf" +#define TPM_PS_Server_12_URI "https://www.trustedcomputinggroup.org/specs/Server/TCG_Generic_Server_Specification_v1_0_rev0_8.pdf" +#define TPM_PS_Mobile_12_URI "https://www.trustedcomputinggroup.org/specs/mobilephone/tcg-mobile-reference-architecture-1.0.pdf" + +/* for detecting whether an option has been set */ +#define TCSD_OPTION_PORT 0x0001 +#define TCSD_OPTION_MAX_THREADS 0x0002 +#define TCSD_OPTION_FIRMWARE_PCRS 0x0004 +#define TCSD_OPTION_KERNEL_PCRS 0x0008 +#define TCSD_OPTION_SYSTEM_PSFILE 0x0010 +#define TCSD_OPTION_KERNEL_LOGFILE 0x0020 +#define TCSD_OPTION_FIRMWARE_LOGFILE 0x0040 +#define TCSD_OPTION_PLATFORM_CRED 0x0080 +#define TCSD_OPTION_CONFORMANCE_CRED 0x0100 +#define TCSD_OPTION_ENDORSEMENT_CRED 0x0200 +#define TCSD_OPTION_REMOTE_OPS 0x0400 +#define TCSD_OPTION_EXCLUSIVE_TRANSPORT 0x0800 +#define TCSD_OPTION_HOST_PLATFORM_CLASS 0x1000 + +#define TSS_TCP_RPC_MAX_DATA_LEN 1048576 +#define TSS_TCP_RPC_BAD_PACKET_TYPE 0x10000000 + +enum tcsd_config_option_code { + opt_port = 1, + opt_max_threads, + opt_system_ps_file, + opt_firmware_log, + opt_kernel_log, + opt_firmware_pcrs, + opt_kernel_pcrs, + opt_platform_cred, + opt_conformance_cred, + opt_endorsement_cred, + opt_remote_ops, + opt_exclusive_transport, + opt_host_platform_class, + opt_all_platform_classes +}; + +struct tcsd_config_options { + char *name; + enum tcsd_config_option_code option; +}; + +extern struct tcsd_config tcsd_options; + +TSS_RESULT conf_file_init(struct tcsd_config *); +void conf_file_final(struct tcsd_config *); +TSS_RESULT ps_dirs_init(); +void tcsd_signal_handler(int); + +/* threading structures */ +struct tcsd_thread_data +{ + int sock; + UINT32 context; + THREAD_TYPE *thread_id; + char *hostname; + struct tcsd_comm_data comm; +}; + +struct tcsd_thread_mgr +{ + MUTEX_DECLARE(lock); + struct tcsd_thread_data *thread_data; + + int shutdown; + UINT32 num_active_threads; + UINT32 max_threads; +}; + +TSS_RESULT tcsd_threads_init(); +TSS_RESULT tcsd_threads_final(); +TSS_RESULT tcsd_thread_create(int, char *); +void *tcsd_thread_run(void *); +void thread_signal_init(); + +/* signal handling */ +struct sigaction tcsd_sa_int; +struct sigaction tcsd_sa_chld; + +#endif diff --git a/src/include/tcsd_ops.h b/src/include/tcsd_ops.h new file mode 100644 index 0000000..82df484 --- /dev/null +++ b/src/include/tcsd_ops.h @@ -0,0 +1,164 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2005, 2007 + * + */ + + +#ifndef _TCSD_COMMANDS_H_ +#define _TCSD_COMMANDS_H_ + +#include "tcsd_wrap.h" + +#define OPENCONTEXT TCSD_ORD_OPENCONTEXT +#define CLOSECONTEXT TCSD_ORD_CLOSECONTEXT +#define FREEMEMORY TCSD_ORD_FREEMEMORY +#define TCSGETCAPABILITY TCSD_ORD_TCSGETCAPABILITY +#define REGISTERKEY TCSD_ORD_REGISTERKEY +#define UNREGISTERKEY TCSD_ORD_UNREGISTERKEY +#define GETREGISTEREDKEYBLOB TCSD_ORD_GETREGISTEREDKEYBLOB +#define GETREGISTEREDKEYBYPUBLICINFO TCSD_ORD_GETREGISTEREDKEYBYPUBLICINFO +#define GETPUBKEY TCSD_ORD_GETPUBKEY +#define LOADKEYBYBLOB TCSD_ORD_LOADKEYBYBLOB +#define LOADKEYBYUUID TCSD_ORD_LOADKEYBYUUID +#define CREATEWRAPKEY TCSD_ORD_CREATEWRAPKEY +#define GETPCREVENTLOG TCSD_ORD_GETPCREVENTLOG +#define OIAP TCSD_ORD_OIAP +#define OSAP TCSD_ORD_OSAP +#define TERMINATEHANDLE TCSD_ORD_TERMINATEHANDLE +#define PCRREAD TCSD_ORD_PCRREAD +#define PCRRESET TCSD_ORD_PCRRESET +#define QUOTE TCSD_ORD_QUOTE +#define SEAL TCSD_ORD_SEAL +#define UNSEAL TCSD_ORD_UNSEAL +#define UNBIND TCSD_ORD_UNBIND +#define CERTIFYKEY TCSD_ORD_CERTIFYKEY +#define SIGN TCSD_ORD_SIGN +#define GETRANDOM TCSD_ORD_GETRANDOM +#define STIRRANDOM TCSD_ORD_STIRRANDOM +#define GETCAPABILITY TCSD_ORD_GETCAPABILITY +#define READPUBEK TCSD_ORD_READPUBEK +#define SELFTESTFULL TCSD_ORD_SELFTESTFULL +#define CERTIFYSELFTEST TCSD_ORD_CERTIFYSELFTEST +#define CONTINUESELFTEST TCSD_ORD_CONTINUESELFTEST +#define GETTESTRESULT TCSD_ORD_GETTESTRESULT +/* below this line are ordinals that probably shouldn't be allowed for non-localhosts */ +#if 0 +#define OWNERREADPUBEK TCSD_ORD_OWNERREADPUBEK +#define GETPCREVENT TCSD_ORD_GETPCREVENT +#define GETPCREVENTBYPCR TCSD_ORD_GETPCREVENTBYPCR +#define GETCAPABILITYSIGNED TCSD_ORD_GETCAPABILITYSIGNED +#define ENUMREGISTEREDKEYS TCSD_ORD_ENUMREGISTEREDKEYS +#define ENUMREGISTEREDKEYS2 TCSD_ORD_ENUMREGISTEREDKEYS2 +#define GETREGISTEREDKEY TCSD_ORD_GETREGISTEREDKEY +#define EXTEND TCSD_ORD_EXTEND +#define LOGPCREVENT TCSD_ORD_LOGPCREVENT +#define EVICTKEY TCSD_ORD_EVICTKEY +#define DISABLEPUBEKREAD TCSD_ORD_DISABLEPUBEKREAD +#define SETOWNERINSTALL TCSD_ORD_SETOWNERINSTALL +#define MAKEIDENTITY TCSD_ORD_MAKEIDENTITY +#define MAKEIDENTITY2 TCSD_ORD_MAKEIDENTITY2 +#define TAKEOWNERSHIP TCSD_ORD_TAKEOWNERSHIP +#define CREATEENDORSEMENTKEYPAIR TCSD_ORD_CREATEENDORSEMENTKEYPAIR +#define GETCAPABILITYOWNER TCSD_ORD_GETCAPABILITYOWNER +#define ACTIVATETPMIDENTITY TCSD_ORD_ACTIVATETPMIDENTITY +#define AUTHORIZEMIGRATIONKEY TCSD_ORD_AUTHORIZEMIGRATIONKEY +#define CHANGEAUTH TCSD_ORD_CHANGEAUTH +#define CHANGEAUTHOWNER TCSD_ORD_CHANGEAUTHOWNER +#define CHANGEAUTHASYMSTART TCSD_ORD_CHANGEAUTHASYMSTART +#define CHANGEAUTHASYMFINISH TCSD_ORD_CHANGEAUTHASYMFINISH +#define DIRREAD TCSD_ORD_DIRREAD +#define DIRWRITEAUTH TCSD_ORD_DIRWRITEAUTH +#define CREATEMIGRATIONBLOB TCSD_ORD_CREATEMIGRATIONBLOB +#define CONVERTMIGRATIONBLOB TCSD_ORD_CONVERTMIGRATIONBLOB +#define OWNERSETDISABLE TCSD_ORD_OWNERSETDISABLE +#define OWNERCLEAR TCSD_ORD_OWNERCLEAR +#define DISABLEOWNERCLEAR TCSD_ORD_DISABLEOWNERCLEAR +#define FORCECLEAR TCSD_ORD_FORCECLEAR +#define DISABLEFORCECLEAR TCSD_ORD_DISABLEFORCECLEAR +#define PHYSICALDISABLE TCSD_ORD_PHYSICALDISABLE +#define PHYSICALENABLE TCSD_ORD_PHYSICALENABLE +#define PHYSICALSETDEACTIVATED TCSD_ORD_PHYSICALSETDEACTIVATED +#define SETTEMPDEACTIVATED TCSD_ORD_SETTEMPDEACTIVATED +#define PHYSICALPRESENCE TCSD_ORD_PHYSICALPRESENCE +#define FIELDUPGRADE TCSD_ORD_FIELDUPGRADE +#define SETRIDIRECTION TCSD_ORD_SETRIDIRECTION +#define CREATEMAINTENANCEARCHIVE TCSD_ORD_CREATEMAINTENANCEARCHIVE +#define LOADMAINTENANCEARCHIVE TCSD_ORD_LOADMAINTENANCEARCHIVE +#define KILLMAINTENANCEFEATURE TCSD_ORD_KILLMAINTENANCEFEATURE +#define LOADMANUFECTURERMAINTENANCEPUB TCSD_ORD_LOADMANUFECTURERMAINTENANCEPUB +#define READMANUFECTURERMAINTENANCEPUB TCSD_ORD_READMANUFECTURERMAINTENANCEPUB +#define SETTEMPDEACTIVATED2 TCSD_ORD_SETTEMPDEACTIVATED2 +#endif + +/* TCSD ordinal sub-command sets */ +#define SUBOP_CONTEXT OPENCONTEXT, CLOSECONTEXT +#define SUBOP_RANDOM STIRRANDOM, GETRANDOM +#define SUBOP_AUTHSESS OIAP, OSAP, TERMINATEHANDLE +#define SUBOP_LOADKEYBYUUID LOADKEYBYUUID, GETREGISTEREDKEYBLOB, FREEMEMORY +#define SUBOP_SELFTEST SELFTESTFULL, CERTIFYSELFTEST, CONTINUESELFTEST, GETTESTRESULT + +/* Top level TCSD operations which can be enabled to be used by remote hosts. Each of these + * should have a corresponding on/off switch in the tcsd.conf file + */ +#define TCSD_OP_SEAL SEAL, SUBOP_LOADKEYBYUUID, SUBOP_RANDOM, SUBOP_AUTHSESS, SUBOP_CONTEXT, 0 +#define TCSD_OP_UNSEAL UNSEAL, SUBOP_LOADKEYBYUUID, SUBOP_RANDOM, SUBOP_AUTHSESS, SUBOP_CONTEXT, 0 +#define TCSD_OP_GETREGISTEREDKEYBYPUBLICINFO GETREGISTEREDKEYBYPUBLICINFO, SUBOP_CONTEXT, 0 +#define TCSD_OP_GETPUBKEY GETPUBKEY, SUBOP_RANDOM, SUBOP_AUTHSESS, SUBOP_CONTEXT, 0 +#define TCSD_OP_LOADKEY LOADKEYBYBLOB, SUBOP_LOADKEYBYUUID, SUBOP_CONTEXT, SUBOP_AUTHSESS, SUBOP_RANDOM, 0 +#define TCSD_OP_REGISTERKEY REGISTERKEY, SUBOP_CONTEXT, SUBOP_LOADKEYBYUUID, LOADKEYBYBLOB, 0 +#define TCSD_OP_UNREGISTERKEY UNREGISTERKEY, SUBOP_CONTEXT, 0 +#define TCSD_OP_CREATEKEY CREATEWRAPKEY, SUBOP_CONTEXT, SUBOP_AUTHSESS, SUBOP_LOADKEYBYUUID, SUBOP_RANDOM, 0 +#define TCSD_OP_SIGN SIGN, SUBOP_CONTEXT, SUBOP_AUTHSESS, SUBOP_RANDOM, FREEMEMORY, 0 +#define TCSD_OP_RANDOM SUBOP_RANDOM, SUBOP_CONTEXT, FREEMEMORY, 0 +#define TCSD_OP_GETCAPABILITY GETCAPABILITY, TCSGETCAPABILITY, SUBOP_CONTEXT, FREEMEMORY, 0 +#define TCSD_OP_UNBIND UNBIND, SUBOP_CONTEXT, SUBOP_AUTHSESS, SUBOP_RANDOM, 0 +#define TCSD_OP_QUOTE QUOTE, SUBOP_CONTEXT, SUBOP_AUTHSESS, SUBOP_RANDOM, 0 +#define TCSD_OP_READPUBEK READPUBEK, SUBOP_CONTEXT, SUBOP_AUTHSESS, SUBOP_RANDOM, 0 +#define TCSD_OP_SELFTEST SUBOP_SELFTEST, SUBOP_CONTEXT, FREEMEMORY, 0 + +struct tcsd_op { + char *name; + int op[]; +}; + +struct tcsd_op tcsd_op_seal = {"seal", {TCSD_OP_SEAL}}; +struct tcsd_op tcsd_op_unseal = {"unseal", {TCSD_OP_UNSEAL}}; +struct tcsd_op tcsd_op_registerkey = {"registerkey", {TCSD_OP_REGISTERKEY}}; +struct tcsd_op tcsd_op_unregisterkey = {"unregisterkey", {TCSD_OP_UNREGISTERKEY}}; +struct tcsd_op tcsd_op_getregisteredkeybypublicinfo = {"getregisteredkeybypublicinfo", {TCSD_OP_GETREGISTEREDKEYBYPUBLICINFO}}; +struct tcsd_op tcsd_op_getpubkey = {"getpubkey", {TCSD_OP_GETPUBKEY}}; +struct tcsd_op tcsd_op_loadkey = {"loadkey", {TCSD_OP_LOADKEY}}; +struct tcsd_op tcsd_op_createkey = {"createkey", {TCSD_OP_CREATEKEY}}; +struct tcsd_op tcsd_op_sign = {"sign", {TCSD_OP_SIGN}}; +struct tcsd_op tcsd_op_random = {"random", {TCSD_OP_RANDOM}}; +struct tcsd_op tcsd_op_getcapability = {"getcapability", {TCSD_OP_GETCAPABILITY}}; +struct tcsd_op tcsd_op_unbind = {"unbind", {TCSD_OP_UNBIND}}; +struct tcsd_op tcsd_op_quote = {"quote", {TCSD_OP_QUOTE}}; +struct tcsd_op tcsd_op_readpubek = {"readpubek", {TCSD_OP_READPUBEK}}; +struct tcsd_op tcsd_op_selftest = {"selftest", {TCSD_OP_SELFTEST}}; + +struct tcsd_op *tcsd_ops[] = { + &tcsd_op_seal, + &tcsd_op_unseal, + &tcsd_op_registerkey, + &tcsd_op_unregisterkey, + &tcsd_op_getregisteredkeybypublicinfo, + &tcsd_op_getpubkey, + &tcsd_op_loadkey, + &tcsd_op_createkey, + &tcsd_op_sign, + &tcsd_op_random, + &tcsd_op_getcapability, + &tcsd_op_unbind, + &tcsd_op_quote, + &tcsd_op_readpubek, + &tcsd_op_selftest, + NULL +}; + +#endif diff --git a/src/include/tcsd_wrap.h b/src/include/tcsd_wrap.h new file mode 100644 index 0000000..b320d74 --- /dev/null +++ b/src/include/tcsd_wrap.h @@ -0,0 +1,194 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#ifndef _TCSD_WRAP_H_ +#define _TCSD_WRAP_H_ + +#include "tcs_tsp.h" + +enum TCSP_PACKET_TYPE { + TCSD_PACKET_TYPE_BYTE, + TCSD_PACKET_TYPE_BOOL, + TCSD_PACKET_TYPE_UINT16, + TCSD_PACKET_TYPE_UINT32, + TCSD_PACKET_TYPE_PBYTE, + TCSD_PACKET_TYPE_KEY, + TCSD_PACKET_TYPE_NONCE, + TCSD_PACKET_TYPE_AUTH, + TCSD_PACKET_TYPE_DIGEST, + TCSD_PACKET_TYPE_UUID, + TCSD_PACKET_TYPE_ENCAUTH, + TCSD_PACKET_TYPE_VERSION, + /*2004-05-12 Seiji Munetoh added */ + TCSD_PACKET_TYPE_KM_KEYINFO, + TCSD_PACKET_TYPE_KM_KEYINFO2, + TCSD_PACKET_TYPE_LOADKEY_INFO, + TCSD_PACKET_TYPE_PCR_EVENT, + TCSD_PACKET_TYPE_COUNTER_VALUE, + TCSD_PACKET_TYPE_UINT64, + TCSD_PACKET_TYPE_SECRET +}; + +enum TCSD_ORD { + TCSD_ORD_ERROR = 0, + /* 4.5 TCS Contest Manager */ + TCSD_ORD_OPENCONTEXT = 1, + TCSD_ORD_CLOSECONTEXT = 2, + TCSD_ORD_FREEMEMORY = 3, + TCSD_ORD_TCSGETCAPABILITY = 4, /* Tcsi_GatCapability */ + /* 4.6 TCS Key Credential Manager */ + TCSD_ORD_REGISTERKEY = 5, + TCSD_ORD_UNREGISTERKEY = 6, + TCSD_ORD_ENUMREGISTEREDKEYS = 7, + TCSD_ORD_GETREGISTEREDKEY = 8, + TCSD_ORD_GETREGISTEREDKEYBLOB = 9, + TCSD_ORD_GETREGISTEREDKEYBYPUBLICINFO = 10, + TCSD_ORD_LOADKEYBYBLOB = 11, + TCSD_ORD_LOADKEYBYUUID = 12, + TCSD_ORD_EVICTKEY = 13, + TCSD_ORD_CREATEWRAPKEY = 14, + TCSD_ORD_GETPUBKEY = 15, + TCSD_ORD_MAKEIDENTITY = 16, + /* 4.7 TCS Event Manager */ + TCSD_ORD_LOGPCREVENT = 17, + TCSD_ORD_GETPCREVENT = 18, + TCSD_ORD_GETPCREVENTBYPCR = 19, + TCSD_ORD_GETPCREVENTLOG = 20, + /* 4.8 TCS Audit Manager */ + /* 4.9 TCS TPM Parametor Block Generator */ + TCSD_ORD_SETOWNERINSTALL = 21, + TCSD_ORD_TAKEOWNERSHIP = 22, + TCSD_ORD_OIAP = 23, + TCSD_ORD_OSAP = 24, + TCSD_ORD_CHANGEAUTH = 25, + TCSD_ORD_CHANGEAUTHOWNER = 26, + TCSD_ORD_CHANGEAUTHASYMSTART = 27, + TCSD_ORD_CHANGEAUTHASYMFINISH = 28, + TCSD_ORD_TERMINATEHANDLE = 29, + TCSD_ORD_ACTIVATETPMIDENTITY = 30, + + TCSD_ORD_EXTEND = 31, + TCSD_ORD_PCRREAD= 32, + TCSD_ORD_QUOTE = 33, + TCSD_ORD_DIRWRITEAUTH = 34, + TCSD_ORD_DIRREAD = 35, + TCSD_ORD_SEAL = 36, + TCSD_ORD_UNSEAL = 37, + TCSD_ORD_UNBIND = 38, + TCSD_ORD_CREATEMIGRATIONBLOB = 39, + TCSD_ORD_CONVERTMIGRATIONBLOB = 40, + TCSD_ORD_AUTHORIZEMIGRATIONKEY = 41, + + TCSD_ORD_CERTIFYKEY = 42, + TCSD_ORD_SIGN = 43, + TCSD_ORD_GETRANDOM =44, + TCSD_ORD_STIRRANDOM =45, + TCSD_ORD_GETCAPABILITY =46, /* Tcsip_GatCapability */ + TCSD_ORD_GETCAPABILITYSIGNED = 47, + TCSD_ORD_GETCAPABILITYOWNER = 48, + + TCSD_ORD_CREATEENDORSEMENTKEYPAIR = 49, + TCSD_ORD_READPUBEK = 50, + TCSD_ORD_DISABLEPUBEKREAD = 51, + TCSD_ORD_OWNERREADPUBEK =52, + + TCSD_ORD_SELFTESTFULL = 53, + TCSD_ORD_CERTIFYSELFTEST = 54, + TCSD_ORD_CONTINUESELFTEST = 55, + TCSD_ORD_GETTESTRESULT = 56, + TCSD_ORD_OWNERSETDISABLE = 57, + TCSD_ORD_OWNERCLEAR = 58, + TCSD_ORD_DISABLEOWNERCLEAR = 59, + TCSD_ORD_FORCECLEAR = 60, + TCSD_ORD_DISABLEFORCECLEAR = 61, + TCSD_ORD_PHYSICALDISABLE = 62, + TCSD_ORD_PHYSICALENABLE = 63, + TCSD_ORD_PHYSICALSETDEACTIVATED = 64, + TCSD_ORD_SETTEMPDEACTIVATED = 65, + TCSD_ORD_PHYSICALPRESENCE = 66, + TCSD_ORD_FIELDUPGRADE = 67, + TCSD_ORD_SETRIDIRECTION = 68, + + TCSD_ORD_CREATEMAINTENANCEARCHIVE = 69, + TCSD_ORD_LOADMAINTENANCEARCHIVE = 70, + TCSD_ORD_KILLMAINTENANCEFEATURE = 71, + TCSD_ORD_LOADMANUFACTURERMAINTENANCEPUB = 72, + TCSD_ORD_READMANUFACTURERMAINTENANCEPUB = 73, + /* DAA */ + TCSD_ORD_DAAJOIN = 74, + TCSD_ORD_DAASIGN = 75, + TCSD_ORD_SETCAPABILITY = 76, + TCSD_ORD_RESETLOCKVALUE = 77, + + TCSD_ORD_PCRRESET = 78, + TCSD_ORD_READCOUNTER = 79, + TCSD_ORD_CREATECOUNTER = 80, + TCSD_ORD_INCREMENTCOUNTER = 81, + TCSD_ORD_RELEASECOUNTER = 82, + TCSD_ORD_RELEASECOUNTEROWNER = 83, + TCSD_ORD_READCURRENTTICKS = 84, + TCSD_ORD_TICKSTAMPBLOB = 85, + TCSD_ORD_GETCREDENTIAL = 86, + /* NV */ + TCSD_ORD_NVDEFINEORRELEASESPACE = 87, + TCSD_ORD_NVWRITEVALUE = 88, + TCSD_ORD_NVWRITEVALUEAUTH = 89, + TCSD_ORD_NVREADVALUE = 90, + TCSD_ORD_NVREADVALUEAUTH = 91, + + TCSD_ORD_ESTABLISHTRANSPORT = 92, + TCSD_ORD_EXECUTETRANSPORT = 93, + TCSD_ORD_RELEASETRANSPORTSIGNED = 94, + /* Audit */ + TCSD_ORD_SETORDINALAUDITSTATUS = 95, + TCSD_ORD_GETAUDITDIGEST = 96, + TCSD_ORD_GETAUDITDIGESTSIGNED = 97, + TCSD_ORD_SEALX = 98, + + TCSD_ORD_SETOPERATORAUTH = 99, + TCSD_ORD_OWNERREADINTERNALPUB = 100, + TCSD_ORD_ENUMREGISTEREDKEYS2 = 101, + TCSD_ORD_SETTEMPDEACTIVATED2 = 102, + + /* Delegation */ + TCSD_ORD_DELEGATE_MANAGE = 103, + TCSD_ORD_DELEGATE_CREATEKEYDELEGATION = 104, + TCSD_ORD_DELEGATE_CREATEOWNERDELEGATION = 105, + TCSD_ORD_DELEGATE_LOADOWNERDELEGATION = 106, + TCSD_ORD_DELEGATE_READTABLE = 107, + TCSD_ORD_DELEGATE_UPDATEVERIFICATIONCOUNT = 108, + TCSD_ORD_DELEGATE_VERIFYDELEGATION = 109, + + TCSD_ORD_CREATEREVOCABLEENDORSEMENTKEYPAIR = 110, + TCSD_ORD_REVOKEENDORSEMENTKEYPAIR = 111, + + TCSD_ORD_MAKEIDENTITY2 = 112, + TCSD_ORD_QUOTE2 = 113, + + /* CMK */ + TCSD_ORD_CMK_SETRESTRICTIONS = 114, + TCSD_ORD_CMK_APPROVEMA = 115, + TCSD_ORD_CMK_CREATEKEY = 116, + TCSD_ORD_CMK_CREATETICKET = 117, + TCSD_ORD_CMK_CREATEBLOB = 118, + TCSD_ORD_CMK_CONVERTMIGRATION = 119, + + TCSD_ORD_FLUSHSPECIFIC = 120, + TCSD_ORD_KEYCONTROLOWNER = 121, + TCSD_ORD_DSAP = 122, + + /* Last */ + TCSD_LAST_ORD = 123 +}; +#define TCSD_MAX_NUM_ORDS TCSD_LAST_ORD + +#include "tcsd.h" + +#endif diff --git a/src/include/tcsem.h b/src/include/tcsem.h new file mode 100644 index 0000000..4b1f215 --- /dev/null +++ b/src/include/tcsem.h @@ -0,0 +1,62 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#ifndef _TCSEM_H_ +#define _TCSEM_H_ + +struct ext_log_source { + int (*open)(void *, FILE **); + TSS_RESULT (*get_entries_by_pcr)(FILE *, UINT32, UINT32, UINT32 *, TSS_PCR_EVENT **); + TSS_RESULT (*get_entry)(FILE *, UINT32, UINT32 *, TSS_PCR_EVENT **); + int (*close)(FILE *); +}; + +struct event_wrapper { + TSS_PCR_EVENT event; + struct event_wrapper *next; +}; + +struct event_log { + MUTEX_DECLARE(lock); + struct ext_log_source *firmware_source; + struct ext_log_source *kernel_source; + struct event_wrapper **lists; +}; + +/* include the compiled-in log sources and struct references here */ +#include "imaem.h" +#include "biosem.h" + +#ifdef EVLOG_SOURCE_IMA +#define EVLOG_IMA_SOURCE &ima_source +#else +#define EVLOG_IMA_SOURCE NULL +#endif + +#ifdef EVLOG_SOURCE_BIOS +#define EVLOG_BIOS_SOURCE &bios_source +#else +#define EVLOG_BIOS_SOURCE NULL +#endif + + +TSS_RESULT event_log_init(); +TSS_RESULT event_log_final(); +TSS_RESULT copy_pcr_event(TSS_PCR_EVENT *, TSS_PCR_EVENT *); +TSS_RESULT event_log_add(TSS_PCR_EVENT *, UINT32 *); +TSS_PCR_EVENT *get_pcr_event(UINT32, UINT32); +UINT32 get_num_events(UINT32); +TSS_PCR_EVENT *concat_pcr_events(TSS_PCR_EVENT **, UINT32, TSS_PCR_EVENT *, UINT32); +UINT32 get_pcr_event_size(TSS_PCR_EVENT *); +void free_external_events(UINT32, TSS_PCR_EVENT *); + +extern struct event_log *tcs_event_log; + +#endif diff --git a/src/include/tcslog.h b/src/include/tcslog.h new file mode 100644 index 0000000..36fdce0 --- /dev/null +++ b/src/include/tcslog.h @@ -0,0 +1,96 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + + +#ifndef _TCSLOG_H_ +#define _TCSLOG_H_ + +#include +#include + +/* log to syslog -- change your syslog destination here */ +#define TSS_SYSLOG_LVL LOG_LOCAL5 + +#ifndef __FUNCTION__ +#define __FUNCTION__ __func__ +#endif + +#define LogMessage(dest, priority, layer, fmt, ...) \ + do { \ + if (getenv("TCSD_FOREGROUND") != NULL) { \ + fprintf(dest, "%s " fmt "\n", layer, ## __VA_ARGS__); \ + } else { \ + openlog(layer, LOG_NDELAY|LOG_PID, TSS_SYSLOG_LVL); \ + syslog(priority, "TrouSerS " fmt "\n", ## __VA_ARGS__); \ + } \ + } while (0) + +/* Debug logging */ +#ifdef TSS_DEBUG +#define LogDebug(fmt, ...) LogMessage(stdout, LOG_DEBUG, APPID, "%s:%d " fmt, __FILE__, __LINE__, ##__VA_ARGS__) +#define LogDebugFn(fmt, ...) LogMessage(stdout, LOG_DEBUG, APPID, "%s:%d %s: " fmt, __FILE__, __LINE__, __FUNCTION__, ##__VA_ARGS__) +#define LogBlob(sz,blb) LogBlobData(APPID, sz, blb) +#define LogDebugKey(k) \ + do { \ + if (k.hdr.key12.tag == TPM_TAG_KEY12) \ + LogDebugFn("Tag: %hu", k.hdr.key12.tag); \ + else \ + LogDebugFn("Version: %hhu.%hhu.%hhu.%hhu", \ + k.hdr.key11.ver.major, k.hdr.key11.ver.minor, \ + k.hdr.key11.ver.revMajor, k.hdr.key11.ver.revMinor); \ + LogDebugFn("keyUsage: 0x%hx", k.keyUsage); \ + LogDebugFn("keyFlags: 0x%x", k.keyFlags); \ + LogDebugFn("authDatausage: %hhu", k.authDataUsage); \ + LogDebugFn("pcrInfosize: %u", k.PCRInfoSize); \ + LogDebugFn("encDataSize: %u", k.encSize); \ + } while (0) +#define LogDebugUnrollKey(b) \ + do { \ + TSS_KEY tmpkey; \ + UINT64 offset = 0; \ + if (!UnloadBlob_TSS_KEY(&offset, b, &tmpkey)) { \ + LogDebugKey(tmpkey); \ + destroy_key_refs(&tmpkey); \ + } else { \ + LogDebugFn("*** ERROR UNLOADING DEBUGGING KEY BLOB ***"); \ + } \ + } while (0) + +#define LogError(fmt, ...) LogMessage(stderr, LOG_ERR, APPID, "ERROR: %s:%d " fmt, __FILE__, __LINE__, ##__VA_ARGS__) +#define LogWarn(fmt, ...) LogMessage(stdout, LOG_WARNING, APPID, "%s:%d " fmt, __FILE__, __LINE__, ##__VA_ARGS__) +#define LogInfo(fmt, ...) LogMessage(stdout, LOG_INFO, APPID, "%s:%d " fmt, __FILE__, __LINE__, ##__VA_ARGS__) + +/* Return Value logging */ +TSS_RESULT LogTCSERR(TSS_RESULT, char *, int); +TSS_RESULT LogTDDLERR(TSS_RESULT, char *, int); +void LogTPMERR(TSS_RESULT, char *, int); + +#else +#define LogDebug(fmt, ...) +#define LogDebugFn(fmt, ...) +#define LogBlob(sz,blb) +#define LogDebugKey(s) +#define LogDebugUnrollKey(b) + +/* Error logging */ +#define LogError(fmt, ...) LogMessage(stderr, LOG_ERR, APPID, "ERROR: " fmt, ##__VA_ARGS__) + +/* Warn logging */ +#define LogWarn(fmt, ...) LogMessage(stdout, LOG_WARNING, APPID, fmt, ##__VA_ARGS__) + +/* Info Logging */ +#define LogInfo(fmt, ...) LogMessage(stdout, LOG_INFO, APPID, fmt, ##__VA_ARGS__) + +#define LogTPMERR(a,b,c) +#endif + +void LogBlobData(char *appid, unsigned long sizeOfBlob, unsigned char *blob); + +#endif diff --git a/src/include/tcsps.h b/src/include/tcsps.h new file mode 100644 index 0000000..8754296 --- /dev/null +++ b/src/include/tcsps.h @@ -0,0 +1,73 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + +#ifndef _TCSPS_H_ +#define _TCSPS_H_ + +#include "threads.h" + +extern struct key_disk_cache *key_disk_cache_head; +/* file handles for the persistent stores */ +extern int system_ps_fd; +/* The lock that surrounds all manipulations of the disk cache */ +MUTEX_DECLARE_EXTERN(disk_cache_lock); + +int get_file(); +int put_file(int); +void close_file(int); +void ps_destroy(); +#ifdef SOLARIS +TSS_RESULT read_data(int, void *, UINT32); +TSS_RESULT write_data(int, void *, UINT32); +#else +inline TSS_RESULT read_data(int, void *, UINT32); +inline TSS_RESULT write_data(int, void *, UINT32); +#endif +int write_key_init(int, UINT32, UINT32, UINT32); +TSS_RESULT cache_key(UINT32, UINT16, TSS_UUID *, TSS_UUID *, UINT16, UINT32, UINT32); +TSS_RESULT UnloadBlob_KEY_PS(UINT16 *, BYTE *, TSS_KEY *); +TSS_RESULT psfile_get_parent_uuid_by_uuid(int, TSS_UUID *, TSS_UUID *); +TSS_RESULT psfile_remove_key_by_uuid(int, TSS_UUID *); +TSS_RESULT psfile_get_key_by_uuid(int, TSS_UUID *, BYTE *, UINT16 *); +TSS_RESULT psfile_get_key_by_cache_entry(int, struct key_disk_cache *, BYTE *, UINT16 *); +TSS_RESULT psfile_get_ps_type_by_uuid(int, TSS_UUID *, UINT32 *); +TSS_RESULT psfile_get_vendor_data(int, struct key_disk_cache *, UINT32 *, BYTE **); +TSS_RESULT psfile_is_pub_registered(int, TCPA_STORE_PUBKEY *, TSS_BOOL *); +TSS_RESULT psfile_get_uuid_by_pub(int, TCPA_STORE_PUBKEY *, TSS_UUID **); +TSS_RESULT psfile_write_key(int, TSS_UUID *, TSS_UUID *, UINT32 *, BYTE *, UINT32, BYTE *, UINT16); +TSS_RESULT psfile_remove_key(int, struct key_disk_cache *); +TCPA_STORE_PUBKEY *psfile_get_pub_by_tpm_handle(int, TCPA_KEY_HANDLE); +TSS_RESULT psfile_get_tpm_handle_by_pub(int, TCPA_STORE_PUBKEY *, TCPA_KEY_HANDLE *); +TSS_RESULT psfile_get_tcs_handle_by_pub(int, TCPA_STORE_PUBKEY *, TCS_KEY_HANDLE *); +TSS_RESULT psfile_get_parent_tcs_handle_by_pub(int, TCPA_STORE_PUBKEY *, TCS_KEY_HANDLE *); +TCPA_STORE_PUBKEY *psfile_get_pub_by_tcs_handle(int, TCS_KEY_HANDLE); +TSS_RESULT psfile_get_key_by_pub(int, TCPA_STORE_PUBKEY *, UINT32 *, BYTE **); +TSS_RESULT ps_remove_key(TSS_UUID *); +int init_disk_cache(int); +int close_disk_cache(int); +TSS_RESULT clean_disk_cache(int); + +TSS_RESULT ps_write_key(TSS_UUID *, TSS_UUID *, BYTE *, UINT32, BYTE *, UINT32); +TSS_RESULT ps_get_key_by_uuid(TSS_UUID *, BYTE *, UINT16 *); +TSS_RESULT ps_get_key_by_cache_entry(struct key_disk_cache *, BYTE *, UINT16 *); +TSS_RESULT ps_get_vendor_data(struct key_disk_cache *, UINT32 *, BYTE **); +TSS_RESULT ps_init_disk_cache(); +void ps_close_disk_cache(); +TSS_RESULT ps_get_key_by_pub(TCPA_STORE_PUBKEY *, UINT32 *, BYTE **); + +#ifdef TSS_BUILD_PS +#define PS_init_disk_cache() ps_init_disk_cache() +#define PS_close_disk_cache() ps_close_disk_cache() +#else +#define PS_init_disk_cache() (TSS_SUCCESS) +#define PS_close_disk_cache() +#endif + +#endif diff --git a/src/include/tddl.h b/src/include/tddl.h new file mode 100644 index 0000000..cf5bb3a --- /dev/null +++ b/src/include/tddl.h @@ -0,0 +1,39 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004, 2005 + * + */ + + +#ifndef _TDDL_H_ +#define _TDDL_H_ + +#include +#include "tcsd_wrap.h" +#include "tcsd.h" + +struct tpm_device_node { + char *path; +#define TDDL_TRANSMIT_IOCTL 1 +#define TDDL_TRANSMIT_RW 2 + int transmit; + int fd; +}; + +#define TDDL_TXBUF_SIZE 2048 +#define TDDL_UNDEF -1 + +TSS_RESULT Tddli_Open(void); + +TSS_RESULT Tddli_TransmitData(BYTE *pTransmitBuf, + UINT32 TransmitBufLen, + BYTE *pReceiveBuf, + UINT32 *pReceiveBufLen); + +TSS_RESULT Tddli_Close(void); + +#endif diff --git a/src/include/threads.h b/src/include/threads.h new file mode 100644 index 0000000..3c57144 --- /dev/null +++ b/src/include/threads.h @@ -0,0 +1,52 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2006 + * + */ + +#ifndef __THREADS_H__ +#define __THREADS_H__ + +#ifdef HAVE_PTHREAD_H + +#include + +/* mutex abstractions */ +#define MUTEX_INIT(m) pthread_mutex_init(&m, NULL) +#define MUTEX_LOCK(m) pthread_mutex_lock(&m) +#define MUTEX_UNLOCK(m) pthread_mutex_unlock(&m) +#define MUTEX_DECLARE(m) pthread_mutex_t m +#define MUTEX_DECLARE_INIT(m) pthread_mutex_t m = PTHREAD_MUTEX_INITIALIZER +#define MUTEX_DECLARE_EXTERN(m) extern pthread_mutex_t m + +/* condition variable abstractions */ +#define COND_DECLARE(c) pthread_cond_t c +#define COND_INIT(c) pthread_cond_init(&c, NULL) +#define COND_VAR pthread_cond_t +#define COND_WAIT(c,m) pthread_cond_wait(c,m) +#define COND_SIGNAL(c) pthread_cond_signal(c) + +/* thread abstractions */ +#define THREAD_ID ((THREAD_TYPE)pthread_self()) +#define THREAD_TYPE pthread_t +#define THREAD_JOIN pthread_join +#define THREAD_DETACH pthread_detach +#define THREAD_ATTR_DECLARE(a) pthread_attr_t a +#define THREAD_ATTR_INIT(a) pthread_attr_init(&a) +#define THREAD_ATTR_SETJOINABLE(a) pthread_attr_setdetachstate(&a, PTHREAD_CREATE_JOINABLE) +#define THREAD_EXIT pthread_exit +#define THREAD_CREATE(a,b,c,d) pthread_create(a,b,c,d) +#define THREAD_SET_SIGNAL_MASK pthread_sigmask +#define THREAD_NULL (THREAD_TYPE *)0 + +#else + +#error No threading library defined! (Cannot find pthread.h) + +#endif + +#endif diff --git a/src/include/trousers/trousers.h b/src/include/trousers/trousers.h new file mode 100644 index 0000000..10136d5 --- /dev/null +++ b/src/include/trousers/trousers.h @@ -0,0 +1,283 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#ifndef _TROUSERS_H_ +#define _TROUSERS_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * Utility functions offered by trousers for use in your TSS app. + * + * All functions listed here are specific to the trousers TSS and should not be + * used in applications that are intended to be portable. + * + */ + +/* Blob unloading functions */ +void Trspi_UnloadBlob(UINT64 *offset, size_t size, BYTE *container, BYTE *object); +void Trspi_UnloadBlob_BYTE(UINT64 *offset, BYTE *dataOut, BYTE *blob); +void Trspi_UnloadBlob_BOOL(UINT64 *offset, TSS_BOOL *dataOut, BYTE *blob); +void Trspi_UnloadBlob_UINT64(UINT64 *offset, UINT64 *out, BYTE *blob); +void Trspi_UnloadBlob_UINT32(UINT64 *offset, UINT32 *out, BYTE *blob); +void Trspi_UnloadBlob_UINT16(UINT64 *offset, UINT16 *out, BYTE *blob); +void Trspi_UnloadBlob_TSS_VERSION(UINT64 *offset, BYTE *blob, TSS_VERSION *out); +void Trspi_UnloadBlob_TCPA_VERSION(UINT64 *offset, BYTE *blob, TCPA_VERSION *out); +TSS_RESULT Trspi_UnloadBlob_PCR_INFO(UINT64 *offset, BYTE *blob, TCPA_PCR_INFO *pcr); +TSS_RESULT Trspi_UnloadBlob_PCR_INFO_LONG(UINT64 *offset, BYTE *blob, TPM_PCR_INFO_LONG *pcr); +TSS_RESULT Trspi_UnloadBlob_PCR_INFO_SHORT(UINT64 *offset, BYTE *blob, TPM_PCR_INFO_SHORT *pcr); +TSS_RESULT Trspi_UnloadBlob_PCR_SELECTION(UINT64 *offset, BYTE *blob, TCPA_PCR_SELECTION *pcr); +TSS_RESULT Trspi_UnloadBlob_PCR_COMPOSITE(UINT64 *offset, BYTE *blob, TCPA_PCR_COMPOSITE *out); +TSS_RESULT Trspi_UnloadBlob_STORED_DATA(UINT64 *offset, BYTE *blob, TCPA_STORED_DATA *data); +void Trspi_UnloadBlob_KEY_FLAGS(UINT64 *offset, BYTE *blob, TCPA_KEY_FLAGS *flags); +TSS_RESULT Trspi_UnloadBlob_KEY_PARMS(UINT64 *offset, BYTE *blob, TCPA_KEY_PARMS *keyParms); +void Trspi_UnloadBlob_UUID(UINT64 *offset, BYTE *blob, TSS_UUID *uuid); +TSS_RESULT Trspi_UnloadBlob_STORE_PUBKEY(UINT64 *, BYTE *, TCPA_STORE_PUBKEY *); +void Trspi_UnloadBlob_DIGEST(UINT64 *offset, BYTE *blob, TPM_DIGEST *digest); +TSS_RESULT Trspi_UnloadBlob_PUBKEY(UINT64 *offset, BYTE *blob, TCPA_PUBKEY *pubKey); +TSS_RESULT Trspi_UnloadBlob_KEY(UINT64 *offset, BYTE *blob, TCPA_KEY *key); +TSS_RESULT Trspi_UnloadBlob_KEY12(UINT64 *offset, BYTE *blob, TPM_KEY12 *key); +TSS_RESULT Trspi_UnloadBlob_MIGRATIONKEYAUTH(UINT64 *offset, BYTE *blob, TPM_MIGRATIONKEYAUTH *migAuth); +TSS_RESULT Trspi_UnloadBlob_PCR_EVENT(UINT64 *offset, BYTE *blob, TSS_PCR_EVENT *event); +TSS_RESULT Trspi_UnloadBlob_KM_KEYINFO(UINT64 *offset, BYTE *blob, TSS_KM_KEYINFO *info); +TSS_RESULT Trspi_UnloadBlob_KM_KEYINFO2(UINT64 *offset, BYTE *blob, TSS_KM_KEYINFO2 *info); +TSS_RESULT Trspi_UnloadBlob_SYMMETRIC_KEY(UINT64 *offset, BYTE *blob, TCPA_SYMMETRIC_KEY *key); +TSS_RESULT Trspi_UnloadBlob_SYM_CA_ATTESTATION(UINT64 *offset, BYTE *blob, TCPA_SYM_CA_ATTESTATION *sym); +TSS_RESULT Trspi_UnloadBlob_ASYM_CA_CONTENTS(UINT64 *offset, BYTE *blob, TCPA_ASYM_CA_CONTENTS *asym); +TSS_RESULT Trspi_UnloadBlob_IDENTITY_REQ(UINT64 *offset, BYTE *blob, TCPA_IDENTITY_REQ *req); +TSS_RESULT Trspi_UnloadBlob_IDENTITY_PROOF(UINT64 *offset, BYTE *blob, TCPA_IDENTITY_PROOF *proof); +void Trspi_UnloadBlob_COUNTER_VALUE(UINT64 *offset, BYTE *blob, TPM_COUNTER_VALUE *ctr); +void Trspi_UnloadBlob_CURRENT_TICKS(UINT64 *offset, BYTE *blob, TPM_CURRENT_TICKS *ticks); +void Trspi_UnloadBlob_TRANSPORT_PUBLIC(UINT64 *offset, BYTE *blob, TPM_TRANSPORT_PUBLIC *t); +void Trspi_UnloadBlob_NONCE(UINT64 *offset, BYTE* blob, TPM_NONCE *n); +TSS_RESULT Trspi_UnloadBlob_CERTIFY_INFO(UINT64 *offset, BYTE* blob, TPM_CERTIFY_INFO *c); +void Trspi_UnloadBlob_TPM_FAMILY_LABEL(UINT64 *offset, BYTE *blob, TPM_FAMILY_LABEL *label); +void Trspi_UnloadBlob_TPM_FAMILY_TABLE_ENTRY(UINT64 *offset, BYTE *blob, TPM_FAMILY_TABLE_ENTRY *entry); +void Trspi_UnloadBlob_TPM_DELEGATE_LABEL(UINT64 *offset, BYTE *blob, TPM_DELEGATE_LABEL *label); +void Trspi_UnloadBlob_TPM_DELEGATIONS(UINT64 *offset, BYTE *blob, TPM_DELEGATIONS *delegations); +TSS_RESULT Trspi_UnloadBlob_TPM_DELEGATE_PUBLIC(UINT64 *offset, BYTE *blob, TPM_DELEGATE_PUBLIC *pub); +TSS_RESULT Trspi_UnloadBlob_TPM_DELEGATE_OWNER_BLOB(UINT64 *offset, BYTE *blob, TPM_DELEGATE_OWNER_BLOB *owner); +TSS_RESULT Trspi_UnloadBlob_TPM_DELEGATE_KEY_BLOB(UINT64 *offset, BYTE *blob, TPM_DELEGATE_KEY_BLOB *key); +void Trspi_UnloadBlob_TSS_FAMILY_TABLE_ENTRY(UINT64 *offset, BYTE *blob, TSS_FAMILY_TABLE_ENTRY *entry); +TSS_RESULT Trspi_UnloadBlob_TSS_PCR_INFO_SHORT(UINT64 *offset, BYTE *blob, TSS_PCR_INFO_SHORT *pcr); +TSS_RESULT Trspi_UnloadBlob_TSS_DELEGATION_TABLE_ENTRY(UINT64 *offset, BYTE *blob, TSS_DELEGATION_TABLE_ENTRY *entry); +TSS_RESULT Trspi_UnloadBlob_TSS_PLATFORM_CLASS(UINT64 *offset, BYTE *blob, TSS_PLATFORM_CLASS *platClass); +TSS_RESULT Trspi_UnloadBlob_CAP_VERSION_INFO(UINT64 *offset, BYTE *blob, TPM_CAP_VERSION_INFO *v); +TSS_RESULT Trspi_UnloadBlob_NV_INDEX(UINT64 *offset, BYTE *blob, TPM_NV_INDEX *v); +TSS_RESULT Trspi_UnloadBlob_NV_ATTRIBUTES(UINT64 *offset, BYTE *blob, TPM_NV_ATTRIBUTES *v); +TSS_RESULT Trspi_UnloadBlob_NV_DATA_PUBLIC(UINT64 *offset, BYTE *blob, TPM_NV_DATA_PUBLIC *v); + +/* Blob loading functions */ +void Trspi_LoadBlob_BOUND_DATA(UINT64 *, TCPA_BOUND_DATA, UINT32, BYTE *); +void Trspi_LoadBlob_CHANGEAUTH_VALIDATE(UINT64 *, BYTE *, TPM_CHANGEAUTH_VALIDATE *); +void Trspi_LoadBlob(UINT64 *offset, size_t size, BYTE *to, BYTE *from); +void Trspi_LoadBlob_UINT32(UINT64 *offset, UINT32 in, BYTE *blob); +void Trspi_LoadBlob_UINT16(UINT64 *offset, UINT16 in, BYTE *blob); +void Trspi_LoadBlob_BYTE(UINT64 *offset, BYTE data, BYTE *blob); +void Trspi_LoadBlob_BOOL(UINT64 *offset, TSS_BOOL data, BYTE *blob); +void Trspi_LoadBlob_RSA_KEY_PARMS(UINT64 *offset, BYTE *blob, TCPA_RSA_KEY_PARMS *parms); +void Trspi_LoadBlob_TSS_VERSION(UINT64 *offset, BYTE *blob, TSS_VERSION version); +void Trspi_LoadBlob_TCPA_VERSION(UINT64 *offset, BYTE *blob, TCPA_VERSION version); +void Trspi_LoadBlob_PCR_INFO(UINT64 *offset, BYTE *blob, TCPA_PCR_INFO *pcr); +void Trspi_LoadBlob_PCR_INFO_LONG(UINT64 *offset, BYTE *blob, TPM_PCR_INFO_LONG *pcr); +void Trspi_LoadBlob_PCR_INFO_SHORT(UINT64 *offset, BYTE *blob, TPM_PCR_INFO_SHORT *pcr); +void Trspi_LoadBlob_PCR_SELECTION(UINT64 *offset, BYTE *blob, TCPA_PCR_SELECTION *pcr); +void Trspi_LoadBlob_STORED_DATA(UINT64 *offset, BYTE *blob, TCPA_STORED_DATA *data); +void Trspi_LoadBlob_PUBKEY(UINT64 *offset, BYTE *blob, TCPA_PUBKEY *pubKey); +void Trspi_LoadBlob_KEY(UINT64 *offset, BYTE *blob, TCPA_KEY *key); +void Trspi_LoadBlob_KEY12(UINT64 *offset, BYTE *blob, TPM_KEY12 *key); +void Trspi_LoadBlob_KEY_FLAGS(UINT64 *offset, BYTE *blob, TCPA_KEY_FLAGS *flags); +void Trspi_LoadBlob_KEY_PARMS(UINT64 *offset, BYTE *blob, TCPA_KEY_PARMS *keyInfo); +void Trspi_LoadBlob_STORE_PUBKEY(UINT64 *offset, BYTE *blob, TCPA_STORE_PUBKEY *store); +void Trspi_LoadBlob_UUID(UINT64 *offset, BYTE *blob, TSS_UUID uuid); +void Trspi_LoadBlob_CERTIFY_INFO(UINT64 *offset, BYTE *blob, TCPA_CERTIFY_INFO *certify); +void Trspi_LoadBlob_STORE_ASYMKEY(UINT64 *offset, BYTE *blob, TCPA_STORE_ASYMKEY *store); +void Trspi_LoadBlob_PCR_EVENT(UINT64 *offset, BYTE *blob, TSS_PCR_EVENT *event); +void Trspi_LoadBlob_PRIVKEY_DIGEST(UINT64 *offset, BYTE *blob, TCPA_KEY *key); +void Trspi_LoadBlob_PRIVKEY_DIGEST12(UINT64 *offset, BYTE *blob, TPM_KEY12 *key); +void Trspi_LoadBlob_SYMMETRIC_KEY(UINT64 *offset, BYTE *blob, TCPA_SYMMETRIC_KEY *key); +void Trspi_LoadBlob_SYM_CA_ATTESTATION(UINT64 *offset, BYTE *blob, TCPA_SYM_CA_ATTESTATION *sym); +void Trspi_LoadBlob_ASYM_CA_CONTENTS(UINT64 *offset, BYTE *blob, TCPA_ASYM_CA_CONTENTS *asym); +void Trspi_LoadBlob_IDENTITY_REQ(UINT64 *offset, BYTE *blob, TCPA_IDENTITY_REQ *req); +void Trspi_LoadBlob_COUNTER_VALUE(UINT64 *offset, BYTE *blob, TPM_COUNTER_VALUE *ctr); +void Trspi_LoadBlob_TRANSPORT_PUBLIC(UINT64 *offset, BYTE *blob, TPM_TRANSPORT_PUBLIC *t); +void Trspi_LoadBlob_TRANSPORT_AUTH(UINT64 *offset, BYTE *blob, TPM_TRANSPORT_AUTH *t); +void Trspi_LoadBlob_SIGN_INFO(UINT64 *offset, BYTE *blob, TPM_SIGN_INFO *s); +void Trspi_LoadBlob_DIGEST(UINT64 *offset, BYTE *blob, TPM_DIGEST *digest); +void Trspi_LoadBlob_NONCE(UINT64 *offset, BYTE *blob, TPM_NONCE *n); +void Trspi_LoadBlob_TPM_FAMILY_LABEL(UINT64 *offset, BYTE *blob, TPM_FAMILY_LABEL *label); +void Trspi_LoadBlob_TPM_FAMILY_TABLE_ENTRY(UINT64 *offset, BYTE *blob, TPM_FAMILY_TABLE_ENTRY *entry); +void Trspi_LoadBlob_TPM_DELEGATE_LABEL(UINT64 *offset, BYTE *blob, TPM_DELEGATE_LABEL *label); +void Trspi_LoadBlob_TPM_DELEGATIONS(UINT64 *offset, BYTE *blob, TPM_DELEGATIONS *delegations); +void Trspi_LoadBlob_TPM_DELEGATE_PUBLIC(UINT64 *offset, BYTE *blob, TPM_DELEGATE_PUBLIC *pub); +void Trspi_LoadBlob_TPM_DELEGATE_OWNER_BLOB(UINT64 *offset, BYTE *blob, TPM_DELEGATE_OWNER_BLOB *owner); +void Trspi_LoadBlob_TPM_DELEGATE_KEY_BLOB(UINT64 *offset, BYTE *blob, TPM_DELEGATE_KEY_BLOB *key); +void Trspi_LoadBlob_TSS_FAMILY_TABLE_ENTRY(UINT64 *offset, BYTE *blob, TSS_FAMILY_TABLE_ENTRY *entry); +void Trspi_LoadBlob_TSS_PCR_INFO_SHORT(UINT64 *offset, BYTE *blob, TSS_PCR_INFO_SHORT *pcr); +void Trspi_LoadBlob_TSS_DELEGATION_TABLE_ENTRY(UINT64 *offset, BYTE *blob, TSS_DELEGATION_TABLE_ENTRY *entry); +void Trspi_LoadBlob_MIGRATIONKEYAUTH(UINT64 *offset, BYTE *blob, TPM_MIGRATIONKEYAUTH *migAuth); +void Trspi_LoadBlob_MSA_COMPOSITE(UINT64 *offset, BYTE *blob, TPM_MSA_COMPOSITE *msaComp); +void Trspi_LoadBlob_CMK_AUTH(UINT64 *offset, BYTE *blob, TPM_CMK_AUTH *cmkAuth); +void Trspi_LoadBlob_CAP_VERSION_INFO(UINT64 *offset, BYTE *blob, TPM_CAP_VERSION_INFO *v); + +/* Cryptographic Functions */ + +/* Hash @BufSize bytes at location @Buf using the algorithm @HashType. Currently only + * TSS_HASH_SHA1 is a suported type, so 20 bytes will be written to @Digest */ +TSS_RESULT Trspi_Hash(UINT32 HashType, UINT32 BufSize, BYTE *Buf, BYTE *Digest); + +typedef struct _Trspi_HashCtx { + void *ctx; +} Trspi_HashCtx; + +TSS_RESULT Trspi_HashInit(Trspi_HashCtx *c, UINT32 type); +TSS_RESULT Trspi_HashUpdate(Trspi_HashCtx *c, UINT32 size, BYTE *data); +TSS_RESULT Trspi_HashFinal(Trspi_HashCtx *c, BYTE *out_digest); + +/* Functions to support incremental hashing */ +TSS_RESULT Trspi_Hash_UINT16(Trspi_HashCtx *c, UINT16 i); +TSS_RESULT Trspi_Hash_UINT32(Trspi_HashCtx *c, UINT32 i); +TSS_RESULT Trspi_Hash_UINT64(Trspi_HashCtx *c, UINT64 i); +TSS_RESULT Trspi_Hash_DAA_PK(Trspi_HashCtx *c, TSS_DAA_PK *pk); +TSS_RESULT Trspi_Hash_PUBKEY(Trspi_HashCtx *c, TCPA_PUBKEY *pubKey); +TSS_RESULT Trspi_Hash_BYTE(Trspi_HashCtx *c, BYTE data); +TSS_RESULT Trspi_Hash_BOOL(Trspi_HashCtx *c, TSS_BOOL data); +TSS_RESULT Trspi_Hash_RSA_KEY_PARMS(Trspi_HashCtx *c, TCPA_RSA_KEY_PARMS *parms); +TSS_RESULT Trspi_Hash_VERSION(Trspi_HashCtx *c, TSS_VERSION *version); +TSS_RESULT Trspi_Hash_STORED_DATA(Trspi_HashCtx *c, TCPA_STORED_DATA *data); +TSS_RESULT Trspi_Hash_PCR_SELECTION(Trspi_HashCtx *c, TCPA_PCR_SELECTION *pcr); +TSS_RESULT Trspi_Hash_KEY(Trspi_HashCtx *c, TCPA_KEY *key); +TSS_RESULT Trspi_Hash_KEY12(Trspi_HashCtx *c, TPM_KEY12 *key); +TSS_RESULT Trspi_Hash_KEY_FLAGS(Trspi_HashCtx *c, TCPA_KEY_FLAGS *flags); +TSS_RESULT Trspi_Hash_KEY_PARMS(Trspi_HashCtx *c, TCPA_KEY_PARMS *keyInfo); +TSS_RESULT Trspi_Hash_STORE_PUBKEY(Trspi_HashCtx *c, TCPA_STORE_PUBKEY *store); +TSS_RESULT Trspi_Hash_UUID(Trspi_HashCtx *c, TSS_UUID uuid); +TSS_RESULT Trspi_Hash_PCR_EVENT(Trspi_HashCtx *c, TSS_PCR_EVENT *event); +TSS_RESULT Trspi_Hash_PRIVKEY_DIGEST(Trspi_HashCtx *c, TCPA_KEY *key); +TSS_RESULT Trspi_Hash_PRIVKEY_DIGEST12(Trspi_HashCtx *c, TPM_KEY12 *key); +TSS_RESULT Trspi_Hash_SYMMETRIC_KEY(Trspi_HashCtx *c, TCPA_SYMMETRIC_KEY *key); +TSS_RESULT Trspi_Hash_IDENTITY_REQ(Trspi_HashCtx *c, TCPA_IDENTITY_REQ *req); +TSS_RESULT Trspi_Hash_CHANGEAUTH_VALIDATE(Trspi_HashCtx *c, TPM_CHANGEAUTH_VALIDATE *caValidate); +TSS_RESULT Trspi_Hash_SYM_CA_ATTESTATION(Trspi_HashCtx *c, TCPA_SYM_CA_ATTESTATION *sym); +TSS_RESULT Trspi_Hash_ASYM_CA_CONTENTS(Trspi_HashCtx *c, TCPA_ASYM_CA_CONTENTS *asym); +TSS_RESULT Trspi_Hash_BOUND_DATA(Trspi_HashCtx *c, TCPA_BOUND_DATA *bd, UINT32 payloadLength); +TSS_RESULT Trspi_Hash_TRANSPORT_AUTH(Trspi_HashCtx *c, TPM_TRANSPORT_AUTH *a); +TSS_RESULT Trspi_Hash_TRANSPORT_LOG_IN(Trspi_HashCtx *c, TPM_TRANSPORT_LOG_IN *l); +TSS_RESULT Trspi_Hash_TRANSPORT_LOG_OUT(Trspi_HashCtx *c, TPM_TRANSPORT_LOG_OUT *l); +TSS_RESULT Trspi_Hash_CURRENT_TICKS(Trspi_HashCtx *c, TPM_CURRENT_TICKS *t); +TSS_RESULT Trspi_Hash_SIGN_INFO(Trspi_HashCtx *c, TPM_SIGN_INFO *s); +TSS_RESULT Trspi_Hash_MSA_COMPOSITE(Trspi_HashCtx *c, TPM_MSA_COMPOSITE *m); +#define Trspi_Hash_DIGEST(c, d) Trspi_HashUpdate(c, TPM_SHA1_160_HASH_LEN, d) +#define Trspi_Hash_NONCE(c, d) Trspi_HashUpdate(c, TPM_SHA1_160_HASH_LEN, d) +#define Trspi_Hash_ENCAUTH(c, d) Trspi_HashUpdate(c, TPM_SHA1_160_HASH_LEN, d) +#define Trspi_Hash_HMAC(c, d) Trspi_HashUpdate(c, TPM_SHA1_160_HASH_LEN, d) +#define Trspi_Hash_SECRET(c, d) Trspi_HashUpdate(c, TPM_SHA1_160_HASH_LEN, d) + + +UINT32 Trspi_HMAC(UINT32 HashType, UINT32 SecretSize, BYTE*Secret, UINT32 BufSize, BYTE*Buf, BYTE*hmacOut); + +/* RSA encrypt @dataToEncryptLen bytes at location @dataToEncrypt using public key + * @publicKey of size @keysize. This data will be encrypted using OAEP padding in + * the openssl library using the OAEP padding parameter "TCPA". This will allow + * data encrypted with this function to be decrypted by a TPM using non-legacy keys */ +int Trspi_RSA_Encrypt(unsigned char *dataToEncrypt, + unsigned int dataToEncryptLen, + unsigned char *encryptedData, + unsigned int *encryptedDataLen, + unsigned char *publicKey, + unsigned int keysize); + +TSS_RESULT Trspi_Verify(UINT32 HashType, BYTE *pHash, UINT32 iHashLength, + unsigned char *pModulus, int iKeyLength, + BYTE *pSignature, UINT32 sig_len); + +int Trspi_RSA_Public_Encrypt(unsigned char *in, unsigned int inlen, + unsigned char *out, unsigned int *outlen, + unsigned char *pubkey, unsigned int pubsize, + unsigned int e, int padding); + +#define TR_RSA_PKCS1_PADDING 1 +#define TR_RSA_PKCS1_OAEP_PADDING 2 +#define TR_RSA_NO_PADDING 3 + +#define Trspi_RSA_PKCS15_Encrypt(in,inlen,out,outlen,pubKey,pubSize) \ + Trspi_RSA_Public_Encrypt(in,inlen,out,outlen,pubKey,pubSize,65537,TR_RSA_PKCS1_PADDING) + +#define Trspi_RSA_OAEP_Encrypt(in,inlen,out,outlen,pubKey,pubSize) \ + Trspi_RSA_Public_Encrypt(in,inlen,out,outlen,pubKey,pubSize,65537, \ + TR_RSA_PKCS1_OAEP_PADDING) + +#define Trspi_TPM_RSA_OAEP_Encrypt(in,inlen,out,outlen,pubKey,pubSize) \ + Trspi_RSA_Encrypt(in,inlen,out,outlen,pubKey,pubSize) + +/* Symmetric Encryption */ + +TSS_RESULT Trspi_Encrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, + BYTE *out, UINT32 *out_len); +TSS_RESULT Trspi_Decrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, + BYTE *out, UINT32 *out_len); + +#define TR_SYM_MODE_ECB 1 +#define TR_SYM_MODE_CBC 2 +#define TR_SYM_MODE_CTR 3 +#define TR_SYM_MODE_OFB 4 + +TSS_RESULT Trspi_SymEncrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32 in_len, + BYTE *out, UINT32 *out_len); +TSS_RESULT Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32 in_len, + BYTE *out, UINT32 *out_len); + +TSS_RESULT Trspi_MGF1(UINT32 alg, UINT32 seedLen, BYTE *seed, UINT32 outLen, BYTE *out); + +/* String Functions */ + +/* Below UNICODE is in reference to the TSS type of that name, which is + * actually UTF-16. */ + +/* Convert @string to a UNICODE string. On error, NULL is returned. If len + * is non-NULL, *len will be set to the size of the returned buffer. */ +BYTE *Trspi_Native_To_UNICODE(BYTE *string, unsigned *len); + +/* convert UNICODE @string to a string from the current codeset. If len + * is non-NULL, *len will be set to the size of the returned buffer. */ +BYTE *Trspi_UNICODE_To_Native(BYTE *string, unsigned *len); + +/* Error Functions */ + +/* return a human readable string based on the result */ +char *Trspi_Error_String(TSS_RESULT); + +/* return a human readable error layer ( "tpm", "tddl", etc...) */ +char *Trspi_Error_Layer(TSS_RESULT); + +/* return just the error code bits of the result */ +TSS_RESULT Trspi_Error_Code(TSS_RESULT); + +#ifdef __cplusplus +} +#endif + +/* masks */ +#define TSS_KEY_SIZE_MASK 0x00000F00 +#define TSS_KEY_TYPE_MASK 0x000000F0 +#define TSS_ENCDATA_TYPE_MASK 0x0000000F + +/* These should be passed an TSS_FLAG parameter as to + * Tspi_Context_CreateObject + */ +#define TSS_KEY_SIZE(x) (x & TSS_KEY_SIZE_MASK) +#define TSS_KEY_TYPE(x) (x & TSS_KEY_TYPE_MASK) +#define TSS_ENCDATA_TYPE(x) (x & TSS_ENCDATA_TYPE_MASK) + +#define TSS_LOCALITY_ALL (TPM_LOC_ZERO|TPM_LOC_ONE|TPM_LOC_TWO|TPM_LOC_THREE|TPM_LOC_FOUR) + +#endif diff --git a/src/include/trousers/tss.h b/src/include/trousers/tss.h new file mode 100644 index 0000000..d0897af --- /dev/null +++ b/src/include/trousers/tss.h @@ -0,0 +1,33 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#ifndef _TSS_H_ +#define _TSS_H_ + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +#endif diff --git a/src/include/trousers_types.h b/src/include/trousers_types.h new file mode 100644 index 0000000..1c1d79f --- /dev/null +++ b/src/include/trousers_types.h @@ -0,0 +1,128 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004, 2005, 2007 + * + */ + +#ifndef _TROUSERS_TYPES_H_ +#define _TROUSERS_TYPES_H_ + +#define TCPA_NONCE_SIZE sizeof(TCPA_NONCE) +#define TCPA_DIGEST_SIZE sizeof(TCPA_DIGEST) +#define TCPA_ENCAUTH_SIZE sizeof(TCPA_ENCAUTH) +#define TCPA_DIRVALUE_SIZE sizeof(TCPA_DIRVALUE) +#define TCPA_AUTHDATA_SIZE sizeof(TCPA_AUTHDATA) +#define TPM_NONCE_SIZE TCPA_NONCE_SIZE +#define TPM_DIGEST_SIZE TCPA_DIGEST_SIZE +#define TPM_ENCAUTH_SIZE TCPA_ENCAUTH_SIZE +#define TPM_DIRVALUE_SIZE TCPA_DIRVALUE_SIZE +#define TPM_AUTHDATA_SIZE TCPA_AUTHDATA_SIZE + +#define TSS_FLAG_MIGRATABLE (migratable) +#define TSS_FLAG_VOLATILE (volatileKey) +#define TSS_FLAG_REDIRECTION (redirection) + +/* return codes */ +#define TCPA_E_INAPPROPRIATE_ENC TCPA_E_NEED_SELFTEST + +#define TSS_ERROR_LAYER(x) (x & 0x3000) +#define TSS_ERROR_CODE(x) (x & TSS_MAX_ERROR) + +#ifdef TSS_DEBUG +#define TSPERR(x) LogTSPERR(x, __FILE__, __LINE__) +#define TCSERR(x) LogTCSERR(x, __FILE__, __LINE__) +#define TDDLERR(x) LogTDDLERR(x, __FILE__, __LINE__) +#else +#define TSPERR(x) (x | TSS_LAYER_TSP) +#define TCSERR(x) (x | TSS_LAYER_TCS) +#define TDDLERR(x) (x | TSS_LAYER_TDDL) +#endif + +extern TSS_UUID NULL_UUID; +extern TSS_UUID SRK_UUID; + +#define NULL_HOBJECT 0 +#define NULL_HCONTEXT NULL_HOBJECT +#define NULL_HPCRS NULL_HOBJECT +#define NULL_HENCDATA NULL_HOBJECT +#define NULL_HKEY NULL_HOBJECT +#define NULL_HTPM NULL_HOBJECT +#define NULL_HHASH NULL_HOBJECT +#define NULL_HPOLICY NULL_HOBJECT +#define NULL_HDELFAMILY NULL_HOBJECT +#define NULL_HMIGDATA NULL_HOBJECT + +#define TSS_OBJECT_TYPE_CONTEXT (0x0e) +#define TSS_OBJECT_TYPE_TPM (0x0f) + +#define TSS_PS_TYPE_NO (0) + +/* Derived Types */ +#define TSS_MIGRATION_SCHEME TSS_MIGRATE_SCHEME + +// The TPM's non-volatile flags (TPM_PERMANENT_FLAGS) +#define TSS_TPM_PF_DISABLE_BIT (1 << (TPM_PF_DISABLE - 1)) +#define TSS_TPM_PF_OWNERSHIP_BIT (1 << (TPM_PF_OWNERSHIP - 1)) +#define TSS_TPM_PF_DEACTIVATED_BIT (1 << (TPM_PF_DEACTIVATED - 1)) +#define TSS_TPM_PF_READPUBEK_BIT (1 << (TPM_PF_READPUBEK - 1)) +#define TSS_TPM_PF_DISABLEOWNERCLEAR_BIT (1 << (TPM_PF_DISABLEOWNERCLEAR - 1)) +#define TSS_TPM_PF_ALLOWMAINTENANCE_BIT (1 << (TPM_PF_ALLOWMAINTENANCE - 1)) +#define TSS_TPM_PF_PHYSICALPRESENCELIFETIMELOCK_BIT (1 << (TPM_PF_PHYSICALPRESENCELIFETIMELOCK - 1)) +#define TSS_TPM_PF_PHYSICALPRESENCEHWENABLE_BIT (1 << (TPM_PF_PHYSICALPRESENCEHWENABLE - 1)) +#define TSS_TPM_PF_PHYSICALPRESENCECMDENABLE_BIT (1 << (TPM_PF_PHYSICALPRESENCECMDENABLE - 1)) +#define TSS_TPM_PF_CEKPUSED_BIT (1 << (TPM_PF_CEKPUSED - 1)) +#define TSS_TPM_PF_TPMPOST_BIT (1 << (TPM_PF_TPMPOST - 1)) +#define TSS_TPM_PF_TPMPOSTLOCK_BIT (1 << (TPM_PF_TPMPOSTLOCK - 1)) +#define TSS_TPM_PF_FIPS_BIT (1 << (TPM_PF_FIPS - 1)) +#define TSS_TPM_PF_OPERATOR_BIT (1 << (TPM_PF_OPERATOR - 1)) +#define TSS_TPM_PF_ENABLEREVOKEEK_BIT (1 << (TPM_PF_ENABLEREVOKEEK - 1)) +#define TSS_TPM_PF_NV_LOCKED_BIT (1 << (TPM_PF_NV_LOCKED - 1)) +#define TSS_TPM_PF_READSRKPUB_BIT (1 << (TPM_PF_READSRKPUB - 1)) +#define TSS_TPM_PF_RESETESTABLISHMENTBIT_BIT (1 << (TPM_PF_RESETESTABLISHMENTBIT - 1)) +#define TSS_TPM_PF_MAINTENANCEDONE_BIT (1 << (TPM_PF_MAINTENANCEDONE - 1)) + +// The TPM's volatile flags (TPM_STCLEAR_FLAGS) +#define TSS_TPM_SF_DEACTIVATED_BIT (1 << (TPM_SF_DEACTIVATED - 1)) +#define TSS_TPM_SF_DISABLEFORCECLEAR_BIT (1 << (TPM_SF_DISABLEFORCECLEAR - 1)) +#define TSS_TPM_SF_PHYSICALPRESENCE_BIT (1 << (TPM_SF_PHYSICALPRESENCE - 1)) +#define TSS_TPM_SF_PHYSICALPRESENCELOCK_BIT (1 << (TPM_SF_PHYSICALPRESENCELOCK - 1)) +#define TSS_TPM_SF_GLOBALLOCK_BIT (1 << (TPM_SF_GLOBALLOCK - 1)) + +// Trousers key formats to ease use of the different TPM_KEY structs +typedef struct tdTSS_KEY11_HDR { + TPM_STRUCT_VER ver; +} TSS_KEY11_HDR; + +typedef struct tdTSS_KEY12_HDR { + TPM_STRUCTURE_TAG tag; + UINT16 fill; +} __attribute__((packed)) TSS_KEY12_HDR; + +typedef struct tdTSS_KEY { + union { + TSS_KEY11_HDR key11; + TSS_KEY12_HDR key12; + } hdr; + TPM_KEY_USAGE keyUsage; + TPM_KEY_FLAGS keyFlags; + TPM_AUTH_DATA_USAGE authDataUsage; + TPM_KEY_PARMS algorithmParms; + UINT32 PCRInfoSize; + BYTE *PCRInfo; + TPM_STORE_PUBKEY pubKey; + UINT32 encSize; + BYTE *encData; +} TSS_KEY; + +#if (defined (__linux) || defined (linux) || defined (SOLARIS) || defined (__GLIBC__)) +#define BSD_CONST +#elif (defined (__OpenBSD__) || defined (__FreeBSD__)) +#define BSD_CONST const +#endif + + +#endif diff --git a/src/include/tsp_audit.h b/src/include/tsp_audit.h new file mode 100644 index 0000000..71bf8c4 --- /dev/null +++ b/src/include/tsp_audit.h @@ -0,0 +1,16 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + +#ifndef _TSP_AUDIT_H_ +#define _TSP_AUDIT_H_ + +TSS_RESULT __tspi_audit_set_ordinal_audit_status(TSS_HTPM, TSS_FLAG, TSS_FLAG, UINT32); + +#endif diff --git a/src/include/tsp_delegate.h b/src/include/tsp_delegate.h new file mode 100644 index 0000000..ce93d2d --- /dev/null +++ b/src/include/tsp_delegate.h @@ -0,0 +1,23 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + +#ifndef _TSP_DELEGATE_H_ +#define _TSP_DELEGATE_H_ + +TSS_RESULT do_delegate_manage(TSS_HTPM hTpm, UINT32 familyID, UINT32 opFlag, + UINT32 opDataSize, BYTE *opData, UINT32 *outDataSize, BYTE **outData); +TSS_RESULT create_key_delegation(TSS_HKEY, BYTE, UINT32, TSS_HPCRS, TSS_HDELFAMILY, TSS_HPOLICY); +TSS_RESULT create_owner_delegation(TSS_HTPM, BYTE, UINT32, TSS_HPCRS, TSS_HDELFAMILY, TSS_HPOLICY); + +TSS_RESULT update_delfamily_object(TSS_HTPM, UINT32); +TSS_RESULT get_delegate_index(TSS_HCONTEXT, UINT32, TPM_DELEGATE_PUBLIC *); +TSS_RESULT __tspi_build_delegate_public_info(BYTE, TSS_HPCRS, TSS_HDELFAMILY, TSS_HPOLICY, UINT32 *, BYTE **); + +#endif diff --git a/src/include/tsp_seal.h b/src/include/tsp_seal.h new file mode 100644 index 0000000..05956c1 --- /dev/null +++ b/src/include/tsp_seal.h @@ -0,0 +1,16 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + +#ifndef _TSP_SEAL_H_ +#define _TSP_SEAL_H_ + +TSS_RESULT sealx_mask_cb(UINT32, BYTE *, UINT32, BYTE *, BYTE *, UINT32, BYTE *, BYTE *); + +#endif diff --git a/src/include/tsplog.h b/src/include/tsplog.h new file mode 100644 index 0000000..bb2fa6b --- /dev/null +++ b/src/include/tsplog.h @@ -0,0 +1,52 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + + +#ifndef _TSPLOG_H_ +#define _TSPLOG_H_ + +#include +#include +#include + +/* Debug logging */ +#ifdef TSS_DEBUG +/* log to stdout */ +#define LogMessage(dest, priority, layer, fmt, ...) \ + do { \ + if (getenv("TSS_DEBUG_OFF") == NULL) { \ + fprintf(dest, "%s %s %s:%d " fmt "\n", priority, layer, __FILE__, __LINE__, ## __VA_ARGS__); \ + } \ + } while (0) + +#define LogDebug(fmt, ...) LogMessage(stdout, "LOG_DEBUG", APPID, fmt, ##__VA_ARGS__) +#define LogDebugFn(fmt, ...) LogMessage(stdout, "LOG_DEBUG", APPID, "%s: " fmt, __FUNCTION__, ##__VA_ARGS__) +#define LogDebugData(sz,blb) LogBlobData(APPID, sz, blb) + +/* Error logging */ +#define LogError(fmt, ...) LogMessage(stderr, "LOG_ERR", APPID, "ERROR: " fmt, ##__VA_ARGS__) +/* Warn logging */ +#define LogWarn(fmt, ...) LogMessage(stdout, "LOG_WARNING", APPID, "WARNING: " fmt, ##__VA_ARGS__) +/* Info Logging */ +#define LogInfo(fmt, ...) LogMessage(stdout, "LOG_INFO", APPID, fmt, ##__VA_ARGS__) +/* Return Value logging */ +extern TSS_RESULT LogTSPERR(TSS_RESULT, char *, int); +#else +#define LogDebug(fmt, ...) +#define LogDebugFn(fmt, ...) +#define LogDebugData(sz,blb) +#define LogError(fmt, ...) +#define LogWarn(fmt, ...) +#define LogInfo(fmt, ...) +#endif + +void LogBlobData(char *appid, unsigned long sizeOfBlob, unsigned char *blob); + +#endif diff --git a/src/include/tspps.h b/src/include/tspps.h new file mode 100644 index 0000000..17b0aab --- /dev/null +++ b/src/include/tspps.h @@ -0,0 +1,59 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2006 + * + */ + +#ifndef _TSPPS_H_ +#define _TSPPS_H_ + +#define PASSWD_BUFSIZE 4096 + +#define TSS_USER_PS_DIR ".trousers" +#define TSS_USER_PS_FILE "user.data" + +TSS_RESULT get_file(int *); +int put_file(int); +inline TSS_RESULT read_data(int, void *, UINT32); +inline TSS_RESULT write_data(int, void *, UINT32); +UINT32 psfile_get_num_keys(int); +TSS_RESULT psfile_get_parent_uuid_by_uuid(int, TSS_UUID *, TSS_UUID *); +TSS_RESULT psfile_remove_key_by_uuid(int, TSS_UUID *); +TSS_RESULT psfile_get_key_by_uuid(int, TSS_UUID *, BYTE *); +TSS_RESULT psfile_get_ps_type_by_uuid(int, TSS_UUID *, UINT32 *); +TSS_RESULT psfile_is_pub_registered(int, TCPA_STORE_PUBKEY *, TSS_BOOL *); +TSS_RESULT psfile_is_key_registered(int, TSS_UUID *, TSS_BOOL *); +TSS_RESULT psfile_get_uuid_by_pub(int, UINT32, BYTE *, TSS_UUID *); +TSS_RESULT psfile_write_key(int, TSS_UUID *, TSS_UUID *, UINT32, BYTE *, UINT16); +TSS_RESULT psfile_get_key_by_pub(int, TSS_UUID *, UINT32, BYTE *, BYTE *); +TSS_RESULT psfile_get_registered_keys(int, TSS_UUID *, TSS_UUID *, UINT32 *, TSS_KM_KEYINFO **); +TSS_RESULT psfile_get_registered_keys2(int, TSS_UUID *, TSS_UUID *, UINT32 *, TSS_KM_KEYINFO2 **); +TSS_RESULT psfile_remove_key(int, TSS_UUID *); +TSS_RESULT psfile_get_parent_ps_type(int, TSS_UUID *, UINT32 *); +TSS_RESULT psfile_get_cache_entry_by_uuid(int, TSS_UUID *, struct key_disk_cache *); +TSS_RESULT psfile_get_cache_entry_by_pub(int, UINT32, BYTE *, struct key_disk_cache *); +void psfile_close(int); + +TSS_RESULT ps_remove_key(TSS_UUID *); +TSS_RESULT ps_write_key(TSS_UUID *, TSS_UUID *, UINT32, UINT32, BYTE *); +TSS_RESULT ps_get_key_by_uuid(TSS_HCONTEXT, TSS_UUID *, TSS_HKEY *); +TSS_RESULT ps_init_disk_cache(); +TSS_RESULT ps_close(); +TSS_RESULT ps_get_key_by_pub(TSS_HCONTEXT, UINT32, BYTE *, TSS_HKEY *); +TSS_RESULT ps_get_parent_uuid_by_uuid(TSS_UUID *, TSS_UUID *); +TSS_RESULT ps_get_parent_ps_type_by_uuid(TSS_UUID *, UINT32 *); +TSS_RESULT ps_is_key_registered(TSS_UUID *, TSS_BOOL *); +TSS_RESULT ps_get_registered_keys(TSS_UUID *uuid, TSS_UUID *, UINT32 *size, TSS_KM_KEYINFO **); +TSS_RESULT ps_get_registered_keys2(TSS_UUID *uuid, TSS_UUID *, UINT32 *size, TSS_KM_KEYINFO2 **); + +#ifdef TSS_BUILD_PS +#define PS_close() ps_close() +#else +#define PS_close() +#endif + +#endif diff --git a/src/include/tss/TSP.idl b/src/include/tss/TSP.idl new file mode 100644 index 0000000..40f95b7 --- /dev/null +++ b/src/include/tss/TSP.idl @@ -0,0 +1,762 @@ +/*++ + ++++TSP.idl + + Interface declarations for the TSS Service Provider + - COM interface for Windows based platforms + +--*/ +import "oaidl.idl"; // include ODL base types +import "ocidl.idl"; + +//import the header files from TSS v1.2 +import "tss_typedef.h"; +import "tss_structs.h"; + +// forward declaration +interface ITCPAPolicy; +interface ITCPAKey; + +/* +Missing: +TSS_RESULT Tspi_Context_Create +TSS_RESULT Tspi_Context_Close +TSS_RESULT Tspi_Context_FreeMemory +*/ + + //ITCPAAttrib Interface + [ + local, + object, + uuid(FBCD9C2E-72CB-47BB-99DD-2317551491DE), + + helpstring("ITCPAAttrib Interface"), + pointer_default(unique) + ] + interface ITCPAAttrib : IUnknown + { + [helpstring("method SetAttribUint32")] + HRESULT SetAttribUint32([in] TSS_FLAG attribFlag, + [in] TSS_FLAG subFlags, + [in] UINT32 ulAttrib); + + [helpstring("method GetAttribUint32")] + HRESULT GetAttribUint32([in] TSS_FLAG attribFlag, + [in] TSS_FLAG subFlags, + [out] UINT32* pulAttrib); + + [helpstring("method SetAttribData")] + HRESULT SetAttribData([in] TSS_FLAG attribFlag, + [in] TSS_FLAG subFlags, + [in] UINT32 ulAttribDataSize, + [in, ptr, size_is(ulAttribDataSize)] BYTE* pbAttribData); + + [helpstring("method GetAttribData")] + HRESULT GetAttribData([in] TSS_FLAG attribFlag, + [in] TSS_FLAG subFlags, + [out] UINT32* pulAttribDataSize, + [out, size_is(, *pulAttribDataSize)] BYTE** ppbAttribData); + } + + //ITCPAAuth Interface + [ + local, + object, + uuid(FBCD9C2F-72CB-47BB-99DD-2317551491DE), + + helpstring("ITCPAAuth Interface"), + pointer_default(unique) + ] + interface ITCPAAuth : IUnknown + { + [helpstring("method GetPolicyObject")] + HRESULT GetPolicyObject([in] TSS_FLAG PolicyType, + [out] ITCPAPolicy** ppPolicyObject); + + [helpstring("method ChangeAuth")] + HRESULT ChangeAuth([in] IUnknown* PpParentObject, + [in] ITCPAPolicy* PpNewPolicy); + +// HRESULT ChangeAuthAsym + + }; + + [ + object, + uuid(FBCD9C2D-72CB-47BB-99DD-2317551491DE), + helpstring("ITCPAPcrs Interface"), + pointer_default(unique) + ] + interface ITCPAPcrs : IUnknown + { + [helpstring("method SetPcrValue")] + HRESULT SetPcrValue([in] UINT32 ulPCRIndex, + [in] UINT32 ulPcrValueLength, + [in, size_is(ulPcrValueLength)] BYTE* pbPcrValue); + + [helpstring("method GetPcrValue")] + HRESULT GetPcrValue([in] UINT32 ulPCRIndex, + [out] UINT32* pulPcrValueLength, + [out, size_is(, *pulPcrValueLength)] BYTE** ppbPcrValue); + + [helpstring("method SelectPcrIndex")] + HRESULT SelectPcrIndex([in] UINT32 ulPCRIndex); + + }; + + //ITCPAKey Interface + [ + object, + uuid(FBCD9C27-72CB-47BB-99DD-2317551491DE), + + helpstring("ITCPAKey Interface"), + pointer_default(unique) + ] + interface ITCPAKey : IUnknown + { + [helpstring("method LoadKey")] + HRESULT LoadKey([in] ITCPAKey* pUnwrappingKey); + + [helpstring("method CreateKey")] + HRESULT CreateKey([in] ITCPAKey* pUnwrappingKey, + [in] ITCPAPcrs* pPcrComosite); + + [helpstring("method WrapKey")] + HRESULT WrapKey([in] ITCPAKey* pWrappinKey, + [in] ITCPAPcrs* pPcrComposite); + + [helpstring("method CertifyKey")] + HRESULT CertifyKey([in] ITCPAKey* pCertifyingKey, + [in, out, ptr] TSS_VALIDATION* pValidation); + + [helpstring("method GetPubKey")] + HRESULT GetPubKey([out] UINT32* pulPubKeyLength, + [out, size_is(, *pulPubKeyLength)] BYTE** ppbPubKey); + + [helpstring("method UnLoadKey")] + HRESULT UnLoadKey(); + }; + + // ITCPAMigration + [ + local, + object, + uuid(FBCD9C30-72CB-47BB-99DD-2317551491DE), + + helpstring("ITCPAMigration Interface"), + pointer_default(unique) + ] + interface ITCPAMigration : IUnknown + { + [helpstring("method CreateMigrationBlob")] + HRESULT CreateMigrationBlob([in] ITCPAKey *pParentKey, + [in] UINT32 ulMigTicketLength, + [in, size_is(ulMigTicketLength)] BYTE* rgbMigTicket, + [out] UINT32 *pulRandomLength, + [out, size_is(, *pulRandomLength)] BYTE **prgbRandom, + [out] UINT32 *pulMigrationBlobLength, + [out, size_is(, *pulMigrationBlobLength)] BYTE **prgbMigBlob); + + [helpstring("method ConvertMigrationBlob")] + HRESULT ConvertMigrationBlob([in] ITCPAKey *pParentKey, + [in] UINT32 ulRandomLength, + [in, size_is(ulRandomLength)] BYTE *rgbRandom, + [in] UINT32 ulMigrationBlobLength, + [in, size_is(ulMigrationBlobLength)] BYTE *rgbMigBlob); + }; + + //ITCPAEncData Interface + [ + uuid(FBCD9C29-72CB-47BB-99DD-2317551491DE), + + helpstring("ITCPAEncData Interface"), + pointer_default(unique) + ] + interface ITCPAEncData : IUnknown + { + [helpstring("method Seal")] + HRESULT Seal([in] ITCPAKey* pEncKey, + [in] UINT32 ulDataLength, + [in, size_is(ulDataLength)] BYTE* pbData, + [in] ITCPAPcrs* pPcrComposite); + + [helpstring("method Unseal")] + HRESULT Unseal([in] ITCPAKey* pKey, + [out] UINT32* pulUnsealedDataLength, + [out, size_is(, *pulUnsealedDataLength)] BYTE** ppbData); + + [helpstring("method Bind")] + HRESULT Bind([in] ITCPAKey* pEncKey, + [in] UINT32 ulDataLength, + [in, size_is(ulDataLength)] BYTE* pbData); + + [helpstring("method Unbind")] + HRESULT Unbind([in] ITCPAKey* pKey, + [out] UINT32* pulUnboundDataLength, + [out, size_is(, *pulUnboundDataLength)] BYTE** ppbData); + + }; + + //ITCPAHash Interface + [ + local, + object, + uuid(FBCD9C2B-72CB-47BB-99DD-2317551491DE), + + helpstring("ITCPAHash Interface"), + pointer_default(unique) + ] + interface ITCPAHash : IUnknown + { + [helpstring("method SetHashValue")] + HRESULT SetHashValue([in] UINT32 ulHashValueLength, + [in, size_is(ulHashValueLength)] BYTE* pbHash); + + [helpstring("method GetHashValue")] + HRESULT GetHashValue([out] UINT32* pulHashValueLength, + [out, size_is(, *pulHashValueLength)] BYTE** ppbHash); + + [helpstring("method UpdateHashValue")] + HRESULT UpdateHashValue([in] UINT32 ulDataLength, + [in, size_is(ulDataLength)] BYTE* pbData); + + [helpstring("method Sign")] + HRESULT Sign([in] ITCPAKey* pKey, + [out] UINT32* pulSignatureLength, + [out, size_is(, *pulSignatureLength)] BYTE** ppbSignature); + + [helpstring("method VerifySignature")] + HRESULT VerifySignature([in] ITCPAKey* pKey, + [in] UINT32 ulSignatureLength, + [in, size_is(ulSignatureLength)] BYTE* pbSignature); + + }; + + //ITCPAPolicy Interface + [ + uuid(FBCD9C1E-72CB-47BB-99DD-2317551491DE), + + helpstring("ITCPAPolicy Interface"), + pointer_default(unique) + ] + interface ITCPAPolicy : IUnknown + { + [helpstring("method SetSecret")] + HRESULT SetSecret([in] TSS_FLAG SecretMode, + [in] UINT32 ulSecretLength, + [in, ptr, size_is(ulSecretLength)] BYTE* pbSecret); + + [helpstring("method FlushSecret")] + HRESULT FlushSecret(); + + [helpstring("method AssignToObject")] + HRESULT AssignToObject([in] IUnknown* pUnkObject); + + }; + + //ITCPAAdministration Interface + [ + local, + object, + uuid(FBCD9C24-72CB-47BB-99DD-2317551491DE), + + helpstring("ITCPAAdministration Interface"), + pointer_default(unique) + ] + interface ITCPAAdministration : IUnknown + { + [helpstring("method SelfTestFull")] + HRESULT SelfTestFull(); + + [helpstring("method GetTestResult")] + HRESULT GetTestResult([out] UINT32* pulTestResultLength, + [out, size_is(, *pulTestResultLength)] BYTE** ppbTestResult); + + [helpstring("method CertifySelfTest")] + HRESULT CertifySelfTest([in] ITCPAKey* phKey, + [in, out, ptr] TSS_VALIDATION* pValidationData); + + [helpstring("method CreateEndorsementKey")] + HRESULT CreateEndorsementKey([in] ITCPAKey* pEndorsementKey, + [in, out, ptr] TSS_VALIDATION* pValidation); + + [helpstring("method GetPubEndorsementKey")] + HRESULT GetPubEndorsementKey([in] BOOL fOwnerAuthorized, + [in, out, ptr] TSS_VALIDATION* pValidation, + [out] ITCPAKey** ppEndorsementKey); + + [helpstring("method TakeOwnerShip")] + HRESULT TakeOwnerShip([in] ITCPAKey* pKeySRK, + [in] ITCPAKey* pEndorsementKeyPubKey); + + [helpstring("method ClearOwner")] + HRESULT ClearOwner([in] BOOL fForcedClear); + + [helpstring("method SetStatus")] + HRESULT SetStatus([in] TSS_FLAG statusFlag, + [in] BOOL fTpmState); + + [helpstring("method GetStatus")] + HRESULT GetStatus([in] TSS_FLAG statusFlag, + [out] BOOL* pfTpmState); + + [helpstring("method AuthorizeMigrationTicket")] + HRESULT AuthorizeMigrationTicket([in] ITCPAKey* pMigrationKey, + [in] UINT32 MigrationScheme, + [out] UINT32* pulMigTicketLength, + [out, size_is(, *pulMigTicketLength)] BYTE** ppbMigTicket); + } + + //ITCPAIntegrity Interface + [ + local, + object, + uuid(FBCD9C22-72CB-47BB-99DD-2317551491DE), + + helpstring("ITCPAIntegrity Interface"), + pointer_default(unique) + ] + interface ITCPAIntegrity : IUnknown + { + [helpstring("method PcrExtend")] + HRESULT PcrExtend([in] UINT32 ulPcrIndex, + [in] UINT32 ulPcrDataLength, + [in, size_is(ulPcrDataLength)] BYTE* pbPcrData, + [in, ptr] TSS_PCR_EVENT* pEventInfo, + [out] UINT32* pulPcrValueLength, + [out, size_is(, *pulPcrValueLength)] BYTE** ppbPcrValue); + + [helpstring("method PcrRead")] + HRESULT PcrRead([in] UINT32 ulPcrIndex, + [out] UINT32* pulPcrValueLength, + [out, size_is(, *pulPcrValueLength)] BYTE** ppbPcrValue); + + [helpstring("method DirWrite")] + HRESULT DirWrite([in] UINT32 ulDirIndex, + [in] UINT32 ulDirDataLength, + [in, size_is(ulDirDataLength)] BYTE* pbDirData); + + [helpstring("method DirRead")] + HRESULT DirRead([in] UINT32 ulDirIndex, + [out] UINT32* pulDirDataLength, + [out, size_is(, *pulDirDataLength)] BYTE** pbDirData); + + [helpstring("method Quote")] + HRESULT Quote([in] ITCPAKey* pIdentKey, + [in] ITCPAPcrs* pPcrComposite, + [in, out, ptr] TSS_VALIDATION* pValidation); + }; + + //ITCPAIdentityCreation Interface + [ + object, + uuid(FBCD9C23-72CB-47BB-99DD-2317551491DE), + + helpstring("ITCPAIdentityCreation Interface"), + pointer_default(unique) + ] + interface ITCPAIdentityCreation: IUnknown + { + [helpstring("method CollateIdentityRequest")] + HRESULT CollateIdentityRequest([in] ITCPAKey* pKeySRK, + [in] ITCPAKey* pCAPubKey, + [in] UINT32 ulIdentityLabelLength, + [in, size_is(ulIdentityLabelLength)] BYTE* rgbIdentityLabelData, + [in] ITCPAKey* pIdentityKey, + [in] TSS_ALGORITHM_ID algID, + [out] UINT32* pulTCPAIdentityReqLength, + [out, size_is(, *pulTCPAIdentityReqLength)] BYTE** prgbTCPAIdentityReq); + + [helpstring("method ActivateIdentity")] + HRESULT ActivateIdentity([in] ITCPAKey* pIdentityKey, + [in] UINT32 ulAsymCAContentsBlobLength, + [in, size_is(ulAsymCAContentsBlobLength)] BYTE* rgbAsymCAContentsBlob, + [in] UINT32 ulSymCAAttestationBlobLength, + [in, size_is(ulSymCAAttestationBlobLength)] BYTE* rgbSymCAAttestationBlob, + [out] UINT32* pulCredentialLength, + [out, size_is(, *pulCredentialLength)] BYTE** prgbCredential); + + }; // end of ITCPAIdentityCreation + + //ITCPAMaintenance Interface + [ + local, + object, + uuid(FBCD9C25-72CB-47BB-99DD-2317551491DE), + + helpstring("ITCPAMaintenance Interface"), + pointer_default(unique) + ] + interface ITCPAMaintenance: IUnknown + { + +// HRESULT CreateMaintenanceArchive +// HRESULT KillMaintenanceFeature +// HRESULT LoadMaintenancePubKey +// HRESULT CheckMaintenancePubKey + + }; + + //ITCPATpm Interface + [ + uuid(FBCD9C21-72CB-47BB-99DD-2317551491DE), + + helpstring("ITCPATpm Interface"), + pointer_default(unique) + ] + interface ITCPATpm : IUnknown + { + [helpstring("method GetRandom")] + HRESULT GetRandom([in] UINT32 ulRandomDataLength, + [out, size_is(, ulRandomDataLength)] BYTE** ppbData); + + [helpstring("method StirRandom")] + HRESULT StirRandom([in] UINT32 ulEntropyDataLength, + [in, size_is(ulEntropyDataLength)] BYTE* pbData); + + [helpstring("method GetCapability")] + HRESULT GetCapability([in] TSS_FLAG CapArea, + [in] UINT32 ulSubCapLength, + [in, ptr, size_is(ulSubCapLength)] BYTE* pbSubCap, + [out] UINT32* pulRespDataLength, + [out, size_is(, *pulRespDataLength)] BYTE** ppbRespData); + + [helpstring("method GetCapabilitySigned")] + HRESULT GetCapabilitySigned([in] ITCPAKey* pKey, + [in] TSS_FLAG CapArea, + [in] UINT32 ulSubCapLength, + [in, ptr, size_is(ulSubCapLength)] BYTE* pbSubCap, + [in, out, ptr] TSS_VALIDATION *pValidation, + [out] UINT32* pulRespDataLength, + [out, size_is(, *pulRespDataLength)] BYTE** ppbRespData); + +// HRESULT GetEvent +// HRESULT GetEvents +// HRESULT GetEventLog + + }; + + //ITCPAPersistentStorage Interface + [ + local, + object, + uuid(FBCD9C1C-72CB-47BB-99DD-2317551491DE), + + helpstring("ITCPAPersistentStorage Interface"), + pointer_default(unique) + ] + interface ITCPAPersistentStorage: IUnknown + { + [helpstring("method LoadKeyByUUID")] + HRESULT LoadKeyByUUID([in] TSS_FLAG persistentStorageType, + [in] TSS_UUID uuidData, + [out] ITCPAKey** ppKey); + + [helpstring("method RegisterKey")] + HRESULT RegisterKey([in] ITCPAKey* pKey, + [in] TSS_FLAG persistentStorageType, + [in] TSS_UUID uuidKey, + [in] TSS_FLAG persistentStorageTypeParent, + [in] TSS_UUID uuidParentKey); + + [helpstring("method UnregisterKey")] + HRESULT UnregisterKey([in] TSS_FLAG persistentStorageType, + [in] TSS_UUID uuidKey, + [out] ITCPAKey** ppKey); + + [helpstring("method DeleteKeyByUUID")] + HRESULT DeleteKeyByUUID([in] TSS_FLAG persistentStorageType, + [in] TSS_UUID uuidData); + + [helpstring("method GetKeyByUUID")] + HRESULT GetKeyByUUID([in] TSS_FLAG persistentStorageType, + [in] TSS_UUID uuidData, + [out] ITCPAKey** ppKey); + + [helpstring("method GetKeyByPublicInfo")] + HRESULT GetKeyByPublicInfo([in] TSS_FLAG persistentStorageType, + [in] TSS_ALGORITHM_ID ulAlgId, + [in] UINT32 ulPublicInfoLength, + [in, size_is(ulPublicInfoLength)] BYTE* pbPublicInfo, + [out] ITCPAKey** ppKey); + + [helpstring("method GetRegisteredKeysByUUID")] + HRESULT GetRegisteredKeysByUUID([in] TSS_FLAG ulPersistentStorageType, + [in] LPOLESTR wszKeyGuid, + [out] UINT32* pulKeyHierarchySize, + [out, size_is(, *pulKeyHierarchySize)] TSS_KM_KEYINFO** ppKeyHierarchy); + } + + //ITCPAContext Interface + [ + local, + object, + uuid(FBCD9C1B-72CB-47BB-99DD-2317551491DE), + + helpstring("ITCPAContext Interface"), + pointer_default(unique) + ] + interface ITCPAContext : IUnknown + { + [helpstring("method Connect")] + HRESULT Connect([in, ptr] LPOLESTR wszRemoteMachine); + + [helpstring("method CreateObject")] + HRESULT CreateObject([in] UINT32 ulObjectType, + [in] UINT32 ulInitFlags, + [out] IUnknown** ppUnkObject); + +// HRESULT CloseObject + + + [helpstring("method LoadKeyByBlob")] + HRESULT LoadKeyByBlob([in] ITCPAKey* pUnwrappingKey, + [in] UINT32 ulBlobLength, + [in, size_is(ulBlobLength)] BYTE* pbBlobData, + [out] ITCPAKey** ppKey); + + [helpstring("method GetTPMObject")] + HRESULT GetTPMObject([out] ITCPATpm** ppTPMObject); + + [helpstring("method GetDefaultPolicy")] + HRESULT GetDefaultPolicy([out] ITCPAPolicy** ppPolicyObject); + + [helpstring("method GetCapability")] + HRESULT GetCapability([in] TSS_FLAG ulCapArea, + [in] UINT32 ulSubCapLength, + [in, ptr, size_is(ulSubCapLength)] BYTE* pbSubCap, + [out] UINT32* pulRespDataLength, + [out, size_is(, *pulRespDataLength)] BYTE** ppbRespData); + }; + + //ITCPANonVolatileStorage Interface + [ + object, + uuid(4730c51b-8998-43f6-993b-80befea1d404), + + helpstring("ITCPANonVolatileStorage Interface"), + pointer_default(unique) + ] + interface ITCPANonVolatileStorage : IUnknown + { + [helpstring("method DefineSpace")] + HRESULT DefineSpace([in] ITCPAPcrs* pPCRsRead, + [in] ITCPAPcrs* pPCRsWrite); + + [helpstring("method ReleaseSpace")] + HRESULT ReleaseSpace(); + + [helpstring("method WriteValue")] + HRESULT WriteValue([in] UINT32 ulOffset, + [in] UINT32 ulDataLength, + [in, size_is(ulDataLength)] BYTE* rgbData); + + [helpstring("method ReadValue")] + HRESULT ReadValue([in] UINT32 ulOffset, + [in, out] UINT32* pulDataLength, + [out, size_is(, *pulDataLength)] BYTE** prgbData); + }; + + //ITCPATransport Interface + [ + object, + uuid(4730c51d-8998-43f6-993b-80befea1d404), + + helpstring("ITCPATransport Interface"), + pointer_default(unique) + ] + interface ITCPATransport : IUnknown + { + [helpstring("method SetTransEncryptionKey")] + HRESULT SetTransEncryptionKey([in] ITCPAKey* pKey); + + [helpstring("method CloseSignTransport")] + HRESULT CloseSignTransport([in] ITCPAKey* pSigningKey, + [in, out, ptr] TSS_VALIDATION* pValidationData); + }; + +[ + uuid(FBCD9C19-72CB-47BB-99DD-2317551491DE), + version(1.0), + helpstring("TSS Service Provider 1.0 Type Library") +] +library TSPLib +{ + importlib("stdole32.tlb"); + importlib("stdole2.tlb"); + + interface ITCPAContext; + //TCPAContext Class + [ + uuid(FBCD9C1A-72CB-47BB-99DD-2317551491DE), + helpstring("TCPAContext Class") + ] + coclass TCPAContext + { + [default] interface ITCPAContext; + interface ITCPAAttrib; + interface ITCPAPersistentStorage; + }; + + //TCPAContext2 Class extensions for TSS v1.2 + [ + uuid(4730C51E-8998-43F6-993B-80BEFEA1D404), + helpstring("TCPAContext2 Class") + ] + coclass TCPAContext2 + { + [default] interface ITCPAContext; + interface ITCPAAttrib; + interface ITCPAPersistentStorage; + interface ITCPATransport; + }; + + // _ITCPACallback Interface for TCPAPolicy Class + [ + uuid(FBCD9C1F-72CB-47BB-99DD-2317551491DE), + helpstring("_ITCPACallback Interface"), + pointer_default(unique) + ] + interface _ITCPACallback : IUnknown + { + [helpstring("method Tspicb_CallbackHMACAuth"), callback] + HRESULT Tspicb_CallbackHMACAuth([in] UINT32 PulAppData, + [in] IUnknown *PpAuthorizedObject, + [in] BOOL PfReturnOrVerify, + [in] UINT32 PulPendingFunction, + [in] BOOL PfContinueUse, + [in] UINT32 PulSizeNonces, + [in, size_is(PulSizeNonces)] BYTE* PrgbNonceEven, + [in, size_is(PulSizeNonces)] BYTE* PrgbNonceOdd, + [in, size_is(PulSizeNonces)] BYTE* PrgbNonceEvenOSAP, + [in, size_is(PulSizeNonces)] BYTE* PrgbNonceOddOSAP, + [in] UINT32 PulSizeDigestHmac, + [in, size_is(PulSizeDigestHmac)] BYTE* PrgbParamDigest, + [in, out, size_is(PulSizeDigestHmac)] BYTE* PrgbHmacData); + + [helpstring("method Tspicb_CallbackXorEnc"), callback] + HRESULT Tspicb_CallbackXorEnc([in] UINT32 PulAppData, + [in] IUnknown *PpOSAPObject, + [in] IUnknown *PpObject, + [in] BOOL PfPurposeSecret, + [in] UINT32 PulSizeNonces, + [in, size_is(PulSizeNonces)] BYTE* PrgbNonceEven, + [in, size_is(PulSizeNonces)] BYTE* PrgbNonceOdd, + [in, size_is(PulSizeNonces)] BYTE* PrgbNonceEvenOSAP, + [in, size_is(PulSizeNonces)] BYTE* PrgbNonceOddOSAP, + [in] UINT32 PulSizeEncAuth, + [out, size_is(PulSizeEncAuth)] BYTE* PrgbEncAuthUsage, + [out, size_is(PulSizeEncAuth)] BYTE* PrgbEncAuthMigration); + + [helpstring("method Tspicb_CallbackTakeOwnership"), callback] + HRESULT Tspicb_CallbackTakeOwnership([in] UINT32 PulAppData, + [in] IUnknown *PpObject, + [in] IUnknown *PpObjectPubKey, + [in] UINT32 PulSizeEncAuth, + [out, size_is(PulSizeEncAuth)] BYTE* PrgbEncAuth ); + + [helpstring("method Tspicb_CallbackChangeAuthAsym"), callback] + HRESULT Tspicb_CallbackChangeAuthAsym([in] UINT32 PulAppData, + [in] IUnknown *PpObject, + [in] IUnknown *PpObjectPubKey, + [in] UINT32 PulSizeEncAuth, + [in] UINT32 PulSizeAuthLink, + [out, size_is(PulSizeEncAuth)] BYTE* PrgbEncAuth, + [out, size_is(PulSizeAuthLink)] BYTE* PrgbAuthLink); + }; // end of _ITCPACallback + + //TCPAPolicy Class + [ + uuid(FBCD9C1D-72CB-47BB-99DD-2317551491DE), + helpstring("TCPAPolicy Class"), + noncreatable + ] + + coclass TCPAPolicy + { + [default] interface ITCPAPolicy; + interface ITCPAAttrib; + [default, source] interface _ITCPACallback; + }; + + //TCPATpm Class + [ + uuid(FBCD9C20-72CB-47BB-99DD-2317551491DE), + helpstring("TCPATpm Class"), + noncreatable + ] + coclass TCPATpm + { + [default] interface ITCPATpm; + interface ITCPAAttrib; + interface ITCPAAuth; + interface ITCPAIntegrity; + interface ITCPAAdministration; + interface ITCPAIdentityCreation; + interface ITCPAMaintenance; + }; + + //TCPAKey Class + [ + uuid(FBCD9C26-72CB-47BB-99DD-2317551491DE), + helpstring("TCPAKey Class"), + noncreatable + ] + coclass TCPAKey + { + [default] interface ITCPAKey; + interface ITCPAAttrib; + interface ITCPAAuth; + interface ITCPAMigration; + }; + + //TCPAEncData Class + [ + uuid(FBCD9C28-72CB-47BB-99DD-2317551491DE), + helpstring("TCPAEncData Class"), + noncreatable + ] + coclass TCPAEncData + { + [default] interface ITCPAEncData; + interface ITCPAAttrib; + interface ITCPAAuth; + }; + + //TCPAHash Class + [ + uuid(FBCD9C2A-72CB-47BB-99DD-2317551491DE), + helpstring("TCPAHash Class"), + noncreatable + ] + coclass TCPAHash + { + [default] interface ITCPAHash; + interface ITCPAAttrib; + }; + + //TCPAPcrs Class + [ + uuid(FBCD9C2C-72CB-47BB-99DD-2317551491DE), + helpstring("TCPAPcrs Class"), + noncreatable + ] + coclass TCPAPcrs + { + [default] interface ITCPAPcrs; + }; + + //TCPANonVolatileStorage Class + [ + uuid(4730c51c-8998-43f6-993b-80befea1d404), + helpstring("TCPANonVolatileStorage Class"), + noncreatable + ] + coclass TCPANonVolatileStorage + { + [default] interface ITCPANonVolatileStorage; + interface ITCPAAttrib; + interface ITCPAAuth; + }; + +}; // end of library TSPLib diff --git a/src/include/tss/compat11b.h b/src/include/tss/compat11b.h new file mode 100644 index 0000000..28c7304 --- /dev/null +++ b/src/include/tss/compat11b.h @@ -0,0 +1,200 @@ + +#ifndef __COMPAT11B_H__ +#define __COMPAT11B_H__ + +#include + +#define TCPA_Vendor_Specific32 TPM_Vendor_Specific32 +#define TCPA_Vendor_Specific8 TPM_Vendor_Specific8 + +typedef TSS_UNICODE UNICODE; +typedef TPM_DIGEST TCPA_DIGEST; +typedef TPM_NONCE TCPA_NONCE; +typedef TPM_NONCE TCPA_SALT_NONCE; +typedef TPM_PUBKEY TCPA_PUBKEY; +typedef TPM_SECRET TCPA_SECRET; +typedef TPM_KEY TCPA_KEY; +typedef TPM_DIRVALUE TCPA_DIRVALUE; +typedef TPM_COMMAND_CODE TCPA_COMMAND_CODE; +typedef TPM_BOUND_DATA TCPA_BOUND_DATA; +typedef TPM_STRUCT_VER TCPA_VERSION; +typedef TPM_RESULT TCPA_RESULT; +typedef TPM_PAYLOAD_TYPE TCPA_PAYLOAD_TYPE; +typedef TPM_STORE_PRIVKEY TCPA_STORE_PRIVKEY; +typedef TPM_CHOSENID_HASH TCPA_CHOSENID_HASH; +typedef TPM_SYMMETRIC_KEY TCPA_SYMMETRIC_KEY; +typedef TPM_PCR_INFO TCPA_PCR_INFO; +typedef TPM_PCR_SELECTION TCPA_PCR_SELECTION; +typedef TPM_STORED_DATA TCPA_STORED_DATA; +typedef TPM_SEALED_DATA TCPA_SEALED_DATA; +typedef TPM_KEY_FLAGS TCPA_KEY_FLAGS; +typedef TPM_KEY_PARMS TCPA_KEY_PARMS; +typedef TPM_STORE_PUBKEY TCPA_STORE_PUBKEY; +typedef TPM_MIGRATIONKEYAUTH TCPA_MIGRATIONKEYAUTH; +typedef TPM_RSA_KEY_PARMS TCPA_RSA_KEY_PARMS; +typedef TPM_CERTIFY_INFO TCPA_CERTIFY_INFO; +typedef TPM_STORE_ASYMKEY TCPA_STORE_ASYMKEY; +typedef TPM_ENCAUTH TCPA_ENCAUTH; +typedef TPM_PCRINDEX TCPA_PCRINDEX; +typedef TPM_PCRVALUE TCPA_PCRVALUE; +typedef TPM_DIRINDEX TCPA_DIRINDEX; +typedef TPM_PROTOCOL_ID TCPA_PROTOCOL_ID; +typedef TPM_ALGORITHM_ID TCPA_ALGORITHM_ID; +typedef TPM_ENTITY_TYPE TCPA_ENTITY_TYPE; +typedef TPM_CAPABILITY_AREA TCPA_CAPABILITY_AREA; +typedef TPM_HMAC TCPA_HMAC; +typedef TPM_MIGRATE_SCHEME TCPA_MIGRATE_SCHEME; +typedef TPM_PHYSICAL_PRESENCE TCPA_PHYSICAL_PRESENCE; +typedef TPM_KEY_HANDLE TCPA_KEY_HANDLE; +typedef TPM_KEY_HANDLE_LIST TCPA_KEY_HANDLE_LIST; +typedef TPM_PCR_COMPOSITE TCPA_PCR_COMPOSITE; +typedef TPM_AUTH_DATA_USAGE TCPA_AUTH_DATA_USAGE; +typedef TPM_AUTHDATA TCPA_AUTHDATA; +typedef TPM_KEY_USAGE TCPA_KEY_USAGE; +typedef TPM_COMPOSITE_HASH TCPA_COMPOSITE_HASH; +typedef TPM_QUOTE_INFO TCPA_QUOTE_INFO; +typedef TPM_TAG TCPA_TAG; +typedef TPM_ENC_SCHEME TCPA_ENC_SCHEME; +typedef TPM_SIG_SCHEME TCPA_SIG_SCHEME; +typedef TPM_STARTUP_TYPE TCPA_STARTUP_TYPE; +typedef TPM_AUTHHANDLE TCPA_AUTHHANDLE; +typedef TPM_SYM_CA_ATTESTATION TCPA_SYM_CA_ATTESTATION; +typedef TPM_ASYM_CA_CONTENTS TCPA_ASYM_CA_CONTENTS; +typedef TPM_IDENTITY_REQ TCPA_IDENTITY_REQ; +typedef TPM_IDENTITY_PROOF TCPA_IDENTITY_PROOF; + +// These were removed from the 1.2 TPM spec +typedef UINT32 TCPA_ENCHANDLE; +typedef UINT32 TCPA_EVENTTYPE; +typedef struct tdTCPA_AUDIT_EVENT { + TCPA_COMMAND_CODE ordinal; + TCPA_RESULT returncode; +} TCPA_AUDIT_EVENT; + +#define TCPA_SHA1_160_HASH_LEN TPM_SHA1_160_HASH_LEN +#define TCPA_SHA1BASED_NONCE_LEN TPM_SHA1BASED_NONCE_LEN + +#define redirection TSS_KEYFLAG_REDIRECTION +#define migratable TSS_KEYFLAG_MIGRATABLE +#define volatileKey TSS_KEYFLAG_VOLATILEKEY + +#define TCPA_ET_KEYHANDLE TPM_ET_KEYHANDLE +#define TCPA_ET_KEY TPM_ET_KEY +#define TCPA_ET_OWNER TPM_ET_OWNER +#define TCPA_ET_SRK TPM_ET_SRK +#define TCPA_ET_DATA TPM_ET_DATA + +#define TCPA_PID_OIAP TPM_PID_OIAP +#define TCPA_PID_OSAP TPM_PID_OSAP +#define TCPA_PID_ADIP TPM_PID_ADIP +#define TCPA_PID_ADCP TPM_PID_ADCP +#define TCPA_PID_OWNER TPM_PID_OWNER + +#define TCPA_PT_ASYM TPM_PT_ASYM +#define TCPA_PT_BIND TPM_PT_BIND +#define TCPA_PT_MIGRATE TPM_PT_MIGRATE +#define TCPA_PT_MAINT TPM_PT_MAINT +#define TCPA_PT_SEAL TPM_PT_SEAL + +#define TCPA_CAP_ALG TPM_CAP_ALG +#define TCPA_CAP_ORD TPM_CAP_ORD +#define TCPA_CAP_PID TPM_CAP_PID +#define TCPA_CAP_FLAG TPM_CAP_FLAG +#define TCPA_CAP_VERSION TPM_CAP_VERSION +#define TCPA_CAP_PROPERTY TPM_CAP_PROPERTY +#define TCPA_CAP_KEY_HANDLE TPM_CAP_KEY_HANDLE +#define TCPA_CAP_CHECK_LOADED TPM_CAP_CHECK_LOADED + +#define TCPA_ALG_RSA TPM_ALG_RSA +#define TCPA_ALG_DES TPM_ALG_DES +#define TCPA_ALG_3DES TPM_ALG_3DES +#define TCPA_ALG_SHA TPM_ALG_SHA +#define TCPA_ALG_HMAC TPM_ALG_HMAC +#define TCPA_ALG_AES TPM_ALG_AES + +#define TCPA_PROTECTED_ORDINAL TPM_PROTECTED_ORDINAL +#define TCPA_UNPROTECTED_ORDINAL TPM_UNPROTECTED_ORDINAL +#define TCPA_CONNECTION_ORDINAL TPM_CONNECTION_ORDINAL + +#define TCPA_PROTECTED_COMMAND TPM_PROTECTED_COMMAND +#define TCPA_UNPROTECTED_COMMAND TPM_UNPROTECTED_COMMAND +#define TCPA_CONNECTION_COMMAND TPM_CONNECTION_COMMAND +#define TCPA_VENDOR_COMMAND TPM_VENDOR_COMMAND + +#define TCPA_MAIN TPM_MAIN +#define TCPA_PC TPM_PC +#define TCPA_PDA TPM_PDA +#define TCPA_CELL_PHONE TPM_CELL_PHONE + +#define TCPA_MS_MIGRATE TPM_MS_MIGRATE +#define TCPA_MS_REWRAP TPM_MS_REWRAP +#define TCPA_MS_MAINT TPM_MS_MAINT + +#define TCPA_ES_NONE TPM_ES_NONE +#define TCPA_ES_RSAESPKCSv15 TPM_ES_RSAESPKCSv15 +#define TCPA_ES_RSAESOAEP_SHA1_MGF1 TPM_ES_RSAESOAEP_SHA1_MGF1 + +#define TCPA_SS_NONE TPM_SS_NONE +#define TCPA_SS_RSASSAPKCS1v15_SHA1 TPM_SS_RSASSAPKCS1v15_SHA1 +#define TCPA_SS_RSASSAPKCS1v15_DER TPM_SS_RSASSAPKCS1v15_DER +#define TCPA_SS_RSASSAPKCS1v15_INFO TPM_SS_RSASSAPKCS1v15_INFO + +#define TCPA_PHYSICAL_PRESENCE_LIFETIME_LOCK TPM_PHYSICAL_PRESENCE_LIFETIME_LOCK +#define TCPA_PHYSICAL_PRESENCE_HW_ENABLE TPM_PHYSICAL_PRESENCE_HW_ENABLE +#define TCPA_PHYSICAL_PRESENCE_CMD_ENABLE TPM_PHYSICAL_PRESENCE_CMD_ENABLE +#define TCPA_PHYSICAL_PRESENCE_LOCK TPM_PHYSICAL_PRESENCE_LOCK +#define TCPA_PHYSICAL_PRESENCE_PRESENT TPM_PHYSICAL_PRESENCE_PRESENT +#define TCPA_PHYSICAL_PRESENCE_NOTPRESENT TPM_PHYSICAL_PRESENCE_NOTPRESENT + +#define TCPA_SUCCESS TPM_SUCCESS +#define TCPA_E_BASE TPM_E_BASE +#define TCPA_E_NON_FATAL TPM_E_NON_FATAL +#define TCPA_E_AUTHFAIL TPM_E_AUTHFAIL +#define TCPA_E_BAD_PARAMETER TPM_E_BAD_PARAMETER +#define TCPA_E_BADINDEX TPM_E_BADINDEX +#define TCPA_E_AUDITFAILURE TPM_E_AUDITFAILURE +#define TCPA_E_CLEAR_DISABLED TPM_E_CLEAR_DISABLED +#define TCPA_E_DEACTIVATED TPM_E_DEACTIVATED +#define TCPA_E_DISABLED TPM_E_DISABLED +#define TCPA_E_DISABLED_CMD TPM_E_DISABLED_CMD +#define TCPA_E_FAIL TPM_E_FAIL +#define TCPA_E_INACTIVE TPM_E_BAD_ORDINAL +#define TCPA_E_INSTALL_DISABLED TPM_E_INSTALL_DISABLED +#define TCPA_E_INVALID_KEYHANDLE TPM_E_INVALID_KEYHANDLE +#define TCPA_E_KEYNOTFOUND TPM_E_KEYNOTFOUND +#define TCPA_E_NEED_SELFTEST TPM_E_INAPPROPRIATE_ENC +#define TCPA_E_MIGRATEFAIL TPM_E_MIGRATEFAIL +#define TCPA_E_NO_PCR_INFO TPM_E_INVALID_PCR_INFO +#define TCPA_E_NOSPACE TPM_E_NOSPACE +#define TCPA_E_NOSRK TPM_E_NOSRK +#define TCPA_E_NOTSEALED_BLOB TPM_E_NOTSEALED_BLOB +#define TCPA_E_OWNER_SET TPM_E_OWNER_SET +#define TCPA_E_RESOURCES TPM_E_RESOURCES +#define TCPA_E_SHORTRANDOM TPM_E_SHORTRANDOM +#define TCPA_E_SIZE TPM_E_SIZE +#define TCPA_E_WRONGPCRVAL TPM_E_WRONGPCRVAL +#define TCPA_E_BAD_PARAM_SIZE TPM_E_BAD_PARAM_SIZE +#define TCPA_E_SHA_THREAD TPM_E_SHA_THREAD +#define TCPA_E_SHA_ERROR TPM_E_SHA_ERROR +#define TCPA_E_FAILEDSELFTEST TPM_E_FAILEDSELFTEST +#define TCPA_E_AUTH2FAIL TPM_E_AUTH2FAIL +#define TCPA_E_BADTAG TPM_E_BADTAG +#define TCPA_E_IOERROR TPM_E_IOERROR +#define TCPA_E_ENCRYPT_ERROR TPM_E_ENCRYPT_ERROR +#define TCPA_E_DECRYPT_ERROR TPM_E_DECRYPT_ERROR +#define TCPA_E_INVALID_AUTHHANDLE TPM_E_INVALID_AUTHHANDLE +#define TCPA_E_NO_ENDORSEMENT TPM_E_NO_ENDORSEMENT +#define TCPA_E_INVALID_KEYUSAGE TPM_E_INVALID_KEYUSAGE +#define TCPA_E_WRONG_ENTITYTYPE TPM_E_WRONG_ENTITYTYPE +#define TCPA_E_INVALID_POSTINIT TPM_E_INVALID_POSTINIT +#define TCPA_E_INAPPROPRIATE_SIG TPM_E_INAPPROPRIATE_SIG +#define TCPA_E_BAD_KEY_PROPERTY TPM_E_BAD_KEY_PROPERTY +#define TCPA_E_BAD_MIGRATION TPM_E_BAD_MIGRATION +#define TCPA_E_BAD_SCHEME TPM_E_BAD_SCHEME +#define TCPA_E_BAD_DATASIZE TPM_E_BAD_DATASIZE +#define TCPA_E_BAD_MODE TPM_E_BAD_MODE +#define TCPA_E_BAD_PRESENCE TPM_E_BAD_PRESENCE +#define TCPA_E_BAD_VERSION TPM_E_BAD_VERSION +#define TCPA_E_RETRY TPM_E_RETRY + +#endif diff --git a/src/include/tss/platform.h b/src/include/tss/platform.h new file mode 100644 index 0000000..495afc7 --- /dev/null +++ b/src/include/tss/platform.h @@ -0,0 +1,46 @@ +/*++ + +There are platform dependent and general defines. + +--*/ + +#ifndef TSS_PLATFORM_H +#define TSS_PLATFORM_H + + +/* The default implementation is to use stdint.h, a part of the C99 standard. + * Systems that don't support this are handled on a case-by-case basis. + */ + +#if !defined(WIN32) +#include + typedef uint8_t BYTE; + typedef int8_t TSS_BOOL; + typedef uint16_t UINT16; + typedef uint32_t UINT32; + typedef uint64_t UINT64; + + typedef uint16_t TSS_UNICODE; + typedef void* PVOID; + +#elif defined(WIN32) +#include + typedef unsigned char BYTE; + typedef signed char TSS_BOOL; +#ifndef _BASETSD_H_ + // basetsd.h provides definitions of UINT16, UINT32 and UINT64. + typedef unsigned short UINT16; + typedef unsigned long UINT32; + typedef unsigned __int64 UINT64; +#endif + typedef unsigned short TSS_UNICODE; + typedef void* PVOID; +#endif + + +/* Include this so that applications that use names as defined in the + * 1.1 TSS specification can still compile + */ +#include + +#endif // TSS_PLATFORM_H diff --git a/src/include/tss/tcpa_defines.h b/src/include/tss/tcpa_defines.h new file mode 100644 index 0000000..ea0a994 --- /dev/null +++ b/src/include/tss/tcpa_defines.h @@ -0,0 +1,7 @@ + +#ifndef __TCPA_DEFINES_H__ +#define __TCPA_DEFINES_H__ + +#warning including deprecated header file tcpa_defines.h + +#endif diff --git a/src/include/tss/tcpa_error.h b/src/include/tss/tcpa_error.h new file mode 100644 index 0000000..6391227 --- /dev/null +++ b/src/include/tss/tcpa_error.h @@ -0,0 +1,7 @@ + +#ifndef __TCPA_ERROR_H__ +#define __TCPA_ERROR_H__ + +#warning including deprecated header file tcpa_error.h + +#endif diff --git a/src/include/tss/tcpa_struct.h b/src/include/tss/tcpa_struct.h new file mode 100644 index 0000000..8ba7db7 --- /dev/null +++ b/src/include/tss/tcpa_struct.h @@ -0,0 +1,7 @@ + +#ifndef __TCPA_STRUCT_H__ +#define __TCPA_STRUCT_H__ + +#warning including deprecated header file tcpa_struct.h + +#endif diff --git a/src/include/tss/tcpa_typedef.h b/src/include/tss/tcpa_typedef.h new file mode 100644 index 0000000..9bcac88 --- /dev/null +++ b/src/include/tss/tcpa_typedef.h @@ -0,0 +1,7 @@ + +#ifndef __TCPA_TYPEDEF_H__ +#define __TCPA_TYPEDEF_H__ + +#warning including deprecated header file tcpa_typedef.h + +#endif diff --git a/src/include/tss/tcs.h b/src/include/tss/tcs.h new file mode 100644 index 0000000..f2ec7f4 --- /dev/null +++ b/src/include/tss/tcs.h @@ -0,0 +1,1129 @@ +#ifndef TCS_H +#define TCS_H +#include +#include +#include +#include +#include +#include +#include + +#if defined __cplusplus +extern "C" { +#endif + +extern TSS_RESULT Tcsi_OpenContext +( + TCS_CONTEXT_HANDLE* hContext // out +); +extern TSS_RESULT Tcsi_CloseContext +( + TCS_CONTEXT_HANDLE hContext // in +); +extern TSS_RESULT Tcsi_FreeMemory +( + TCS_CONTEXT_HANDLE hContext, // in + BYTE* pMemory // in +); +extern TSS_RESULT Tcsi_GetCapability +( + TCS_CONTEXT_HANDLE hContext, // in + TPM_CAPABILITY_AREA capArea, // in + UINT32 subCapSize, // in + BYTE* subCap, // in + UINT32* respSize, // out + BYTE** resp // out +); +extern TSS_RESULT Tcsi_RegisterKey +( + TCS_CONTEXT_HANDLE hContext, // in + TSS_UUID WrappingKeyUUID, // in + TSS_UUID KeyUUID, // in + UINT32 cKeySize, // in + BYTE* rgbKey, // in + UINT32 cVendorDataSize, // in + BYTE* gbVendorData // in +); +extern TSS_RESULT Tcsip_UnregisterKey +( + TCS_CONTEXT_HANDLE hContext, // in + TSS_UUID KeyUUID // in +); +extern TSS_RESULT Tcsip_KeyControlOwner +( + TCS_CONTEXT_HANDLE hContext, // in + TCS_KEY_HANDLE hKey, // in + UINT32 ulPubKeyLength, // in + BYTE* prgbPubKey, // in + UINT32 attribName, // in + TSS_BOOL attribValue, // in + TPM_AUTH* pOwnerAuth, // in, out + TSS_UUID* pUuidData // out +); +extern TSS_RESULT Tcsi_EnumRegisteredKeys +( + TCS_CONTEXT_HANDLE hContext, // in + TSS_UUID* pKeyUUID, // in + UINT32* pcKeyHierarchySize, // out + TSS_KM_KEYINFO** ppKeyHierarchy // out +); +extern TSS_RESULT Tcsi_GetRegisteredKey +( + TCS_CONTEXT_HANDLE hContext, // in + TSS_UUID KeyUUID, // in + TSS_KM_KEYINFO** ppKeyInfo // out +); +extern TSS_RESULT Tcsi_GetRegisteredKeyBlob +( + TCS_CONTEXT_HANDLE hContext, // in + TSS_UUID KeyUUID, // in + UINT32* pcKeySize, // out + BYTE** prgbKey // out +); +extern TSS_RESULT Tcsip_GetRegisteredKeyByPublicInfo +( + TCS_CONTEXT_HANDLE hContext, // in + TSS_ALGORITHM_ID algID, // in + UINT32 ulPublicInfoLength, // in + BYTE* rgbPublicInfo, // in + UINT32* keySize, // out + BYTE** keyBlob // out +); +extern TSS_RESULT Tcsip_LoadKeyByBlob +( + TCS_CONTEXT_HANDLE hContext, // in + TCS_KEY_HANDLE hUnwrappingKey, // in + UINT32 cWrappedKeyBlobSize, // in + BYTE* rgbWrappedKeyBlob, // in + TPM_AUTH* pAuth, // in, out + TCS_KEY_HANDLE* phKeyTCSI, // out + TCS_KEY_HANDLE* phKeyHMAC // out +); +extern TSS_RESULT Tcsip_LoadKeyByUUID +( + TCS_CONTEXT_HANDLE hContext, // in + TSS_UUID KeyUUID, // in + TCS_LOADKEY_INFO* pLoadKeyInfo, // in, out + TCS_KEY_HANDLE* phKeyTCSI // out +); +extern TSS_RESULT Tcsip_EvictKey +( + TCS_CONTEXT_HANDLE hContext, // in + TCS_KEY_HANDLE hKey // in +); +extern TSS_RESULT Tcsip_CreateWrapKey +( + TCS_CONTEXT_HANDLE hContext, // in + TCS_KEY_HANDLE hWrappingKey, // in + TPM_ENCAUTH KeyUsageAuth, // in + TPM_ENCAUTH KeyMigrationAuth, // in + UINT32 keyInfoSize, // in + BYTE* keyInfo, // in + TPM_AUTH* pAuth, // in, out + UINT32* keyDataSize, // out + BYTE** keyData // out +); +extern TSS_RESULT Tcsip_GetPubKey +( + TCS_CONTEXT_HANDLE hContext, // in + TCS_KEY_HANDLE hKey, // in + TPM_AUTH* pAuth, // in, out + UINT32* pcPubKeySize, // out + BYTE** prgbPubKey // out +); +extern TSS_RESULT Tcsip_MakeIdentity +( + TCS_CONTEXT_HANDLE hContext, // in + TPM_ENCAUTH identityAuth, // in + TPM_CHOSENID_HASH IDLabel_PrivCAHash, // in + UINT32 idIdentityKeyInfoSize, // in + BYTE* idIdentityKeyInfo, // in + TPM_AUTH* pSrkAuth, // in, out + TPM_AUTH* pOwnerAuth, // in, out + UINT32* idIdentityKeySize, // out + BYTE** idIdentityKey, // out + UINT32* pcIdentityBindingSize, // out + BYTE** prgbIdentityBinding, // out + UINT32* pcEndorsementCredentialSize, // out + BYTE** prgbEndorsementCredential, // out + UINT32* pcPlatformCredentialSize, // out + BYTE** prgbPlatformCredential, // out + UINT32* pcConformanceCredentialSize, // out + BYTE** prgbConformanceCredential // out +); +extern TSS_RESULT Tcsip_MakeIdentity2 +( + TCS_CONTEXT_HANDLE hContext, // in + TPM_ENCAUTH identityAuth, // in + TPM_CHOSENID_HASH IDLabel_PrivCAHash, // in + UINT32 idIdentityKeyInfoSize, // in + BYTE* idIdentityKeyInfo, // in + TPM_AUTH* pSrkAuth, // in, out + TPM_AUTH* pOwnerAuth, // in, out + UINT32* idIdentityKeySize, // out + BYTE** idIdentityKey, // out + UINT32* pcIdentityBindingSize, // out + BYTE** prgbIdentityBinding // out +); +extern TSS_RESULT Tcsi_LogPcrEvent +( + TCS_CONTEXT_HANDLE hContext, // in + TSS_PCR_EVENT Event, // in + UINT32* pNumber // out +); +extern TSS_RESULT Tcsi_GetPcrEvent +( + TCS_CONTEXT_HANDLE hContext, // in + UINT32 PcrIndex, // in + UINT32* pNumber, // in, out + TSS_PCR_EVENT** ppEvent // out +); +extern TSS_RESULT Tcsi_GetPcrEventsByPcr +( + TCS_CONTEXT_HANDLE hContext, // in + UINT32 PcrIndex, // in + UINT32 FirstEvent, // in + UINT32* pEventCount, // in, out + TSS_PCR_EVENT** ppEvents // out +); +extern TSS_RESULT Tcsi_GetPcrEventLog +( + TCS_CONTEXT_HANDLE hContext, // in + UINT32* pEventCount, // out + TSS_PCR_EVENT** ppEvents // out +); +extern TSS_RESULT Tcsip_SetOwnerInstall +( + TCS_CONTEXT_HANDLE hContext, // in + TSS_BOOL state // in +); +extern TSS_RESULT Tcsip_TakeOwnership +( + TCS_CONTEXT_HANDLE hContext, // in + UINT16 protocolID, // in + UINT32 encOwnerAuthSize, // in + BYTE* encOwnerAuth, // in + UINT32 encSrkAuthSize, // in + BYTE* encSrkAuth, // in + UINT32 srkKeyInfoSize, // in + BYTE* srkKeyInfo, // in + TPM_AUTH* ownerAuth, // in, out + UINT32* srkKeyDataSize, // out + BYTE** srkKeyData // out +); +extern TSS_RESULT Tcsip_SetOperatorAuth +( + TCS_CONTEXT_HANDLE hContext, // in + TPM_SECRET operatorAuth // in +); +extern TSS_RESULT Tcsip_OIAP +( + TCS_CONTEXT_HANDLE hContext, // in + TCS_AUTHHANDLE* authHandle, // out + TPM_NONCE* nonce0 // out +); +extern TSS_RESULT Tcsip_OSAP +( + TCS_CONTEXT_HANDLE hContext, // in + TPM_ENTITY_TYPE entityType, // in + UINT32 entityValue, // in + TPM_NONCE nonceOddOSAP, // in + TCS_AUTHHANDLE* authHandle, // out + TPM_NONCE* nonceEven, // out + TPM_NONCE* nonceEvenOSAP // out +); +extern TSS_RESULT Tcsip_ChangeAuth +( + TCS_CONTEXT_HANDLE hContext, // in + TCS_KEY_HANDLE parentHandle, // in + TPM_PROTOCOL_ID protocolID, // in + TPM_ENCAUTH newAuth, // in + TPM_ENTITY_TYPE entityType, // in + UINT32 encDataSize, // in + BYTE* encData, // in + TPM_AUTH* ownerAuth, // in, out + TPM_AUTH* entityAuth, // in, out + UINT32* outDataSize, // out + BYTE** outData // out +); +extern TSS_RESULT Tcsip_ChangeAuthOwner +( + TCS_CONTEXT_HANDLE hContext, // in + TPM_PROTOCOL_ID protocolID, // in + TPM_ENCAUTH newAuth, // in + TPM_ENTITY_TYPE entityType, // in + TPM_AUTH* ownerAuth // in, out +); +extern TSS_RESULT Tcsip_ChangeAuthAsymStart +( + TCS_CONTEXT_HANDLE hContext, // in + TCS_KEY_HANDLE idHandle, // in + TPM_NONCE antiReplay, // in + UINT32 TempKeyInfoSize, // in + BYTE* TempKeyInfoData, // in + TPM_AUTH* pAuth, // in, out + UINT32* TempKeySize, // out + BYTE** TempKeyData, // out + UINT32* CertifyInfoSize, // out + BYTE** CertifyInfo, // out + UINT32* sigSize, // out + BYTE** sig, // out + TCS_KEY_HANDLE* ephHandle // out +); +extern TSS_RESULT Tcsip_ChangeAuthAsymFinish +( + TCS_CONTEXT_HANDLE hContext, // in + TCS_KEY_HANDLE parentHandle, // in + TCS_KEY_HANDLE ephHandle, // in + TPM_ENTITY_TYPE entityType, // in + TPM_HMAC newAuthLink, // in + UINT32 newAuthSize, // in + BYTE* encNewAuth, // in + UINT32 encDataSizeIn, // in + BYTE* encDataIn, // in + TPM_AUTH* ownerAuth, // in, out + UINT32* encDataSizeOut, // out + BYTE** encDataOut, // out + TPM_NONCE* saltNonce, // out + TPM_DIGEST* changeProof // out +); +extern TSS_RESULT Tcsip_TerminateHandle +( + TCS_CONTEXT_HANDLE hContext, // in + TCS_AUTHHANDLE handle // in +); +extern TSS_RESULT Tcsip_ActivateTPMIdentity +( + TCS_CONTEXT_HANDLE hContext, // in + TCS_KEY_HANDLE idKey, // in + UINT32 blobSize, // in + BYTE* blob, // in + TPM_AUTH* idKeyAuth, // in, out + TPM_AUTH* ownerAuth, // in, out + UINT32* SymmetricKeySize, // out + BYTE** SymmetricKey // out +); +extern TSS_RESULT Tcsip_EstablishTransport +( + TCS_CONTEXT_HANDLE hContext, // in + UINT32 ulTransControlFlags, // in + TCS_KEY_HANDLE hEncKey, // in + UINT32 ulTransSessionInfoSize, // in + BYTE* rgbTransSessionInfo, // in + UINT32 ulSecretSize, // in + BYTE* rgbSecret, // in + TPM_AUTH* pEncKeyAuth, // in, out + TPM_MODIFIER_INDICATOR* pbLocality, // out + TCS_HANDLE* hTransSession, // out + UINT32* ulCurrentTicksSize, // out + BYTE** prgbCurrentTicks, // out + TPM_NONCE* pTransNonce // out +); +extern TSS_RESULT Tcsip_ExecuteTransport +( + TCS_CONTEXT_HANDLE hContext, // in + TPM_COMMAND_CODE unWrappedCommandOrdinal, // in + UINT32 ulWrappedCmdParamInSize, // in + BYTE* rgbWrappedCmdParamIn, // in + UINT32* pulHandleListSize, // in, out + TCS_HANDLE** rghHandles, // in, out + TPM_AUTH* pWrappedCmdAuth1, // in, out + TPM_AUTH* pWrappedCmdAuth2, // in, out + TPM_AUTH* pTransAuth, // in, out + UINT64* punCurrentTicks, // out + TPM_MODIFIER_INDICATOR* pbLocality, // out + TPM_RESULT* pulWrappedCmdReturnCode, // out + UINT32* ulWrappedCmdParamOutSize, // out + BYTE** rgbWrappedCmdParamOut // out +); +extern TSS_RESULT Tcsip_ReleaseTransportSigned +( + TCS_CONTEXT_HANDLE hContext, // in + TCS_KEY_HANDLE hSignatureKey, // in + TPM_NONCE AntiReplayNonce, // in + TPM_AUTH* pKeyAuth, // in, out + TPM_AUTH* pTransAuth, // in, out + TPM_MODIFIER_INDICATOR* pbLocality, // out + UINT32* pulCurrentTicksSize, // out + BYTE** prgbCurrentTicks, // out + UINT32* pulSignatureSize, // out + BYTE** prgbSignature // out +); +extern TSS_RESULT Tcsip_Extend +( + TCS_CONTEXT_HANDLE hContext, // in + TPM_PCRINDEX pcrNum, // in + TPM_DIGEST inDigest, // in + TPM_PCRVALUE* outDigest // out +); +extern TSS_RESULT Tcsip_PcrRead +( + TCS_CONTEXT_HANDLE hContext, // in + TPM_PCRINDEX pcrNum, // in + TPM_PCRVALUE* outDigest // out +); +extern TSS_RESULT Tcsip_Quote +( + TCS_CONTEXT_HANDLE hContext, // in + TCS_KEY_HANDLE keyHandle, // in + TPM_NONCE antiReplay, // in + UINT32 pcrTargetSize, // in + BYTE* pcrTarget, // in + TPM_AUTH* privAuth, // in, out + UINT32* pcrDataSize, // out + BYTE** pcrData, // out + UINT32* sigSize, // out + BYTE** sig // out +); +extern TSS_RESULT Tcsip_Quote2 +( + TCS_CONTEXT_HANDLE hContext, // in + TCS_KEY_HANDLE keyHandle, // in + TPM_NONCE antiReplay, // in + UINT32 pcrTargetSize, // in + BYTE* pcrTarget, // in + TSS_BOOL addVersion, // in + TPM_AUTH* privAuth, // in, out + UINT32* pcrDataSize, // out + BYTE** pcrData, // out + UINT32* versionInfoSize, // out + BYTE** versionInfo, // out + UINT32* sigSize, // out + BYTE** sig // out +); +extern TSS_RESULT Tcsip_DirWriteAuth +( + TCS_CONTEXT_HANDLE hContext, // in + TPM_DIRINDEX dirIndex, // in + TPM_DIRVALUE newContents, // in + TPM_AUTH* ownerAuth // in, out +); +extern TSS_RESULT Tcsip_DirRead +( + TCS_CONTEXT_HANDLE hContext, // in + TPM_DIRINDEX dirIndex, // in + TPM_DIRVALUE* dirValue // out +); +extern TSS_RESULT Tcsip_Seal +( + TCS_CONTEXT_HANDLE hContext, // in + TCS_KEY_HANDLE keyHandle, // in + TPM_ENCAUTH encAuth, // in + UINT32 pcrInfoSize, // in + BYTE* PcrInfo, // in + UINT32 inDataSize, // in + BYTE* inData, // in + TPM_AUTH* pubAuth, // in, out + UINT32* SealedDataSize, // out + BYTE** SealedData // out +); +extern TSS_RESULT Tcsip_Unseal +( + TCS_CONTEXT_HANDLE hContext, // in + TCS_KEY_HANDLE keyHandle, // in + UINT32 SealedDataSize, // in + BYTE* SealedData, // in + TPM_AUTH* keyAuth, // in, out + TPM_AUTH* dataAuth, // in, out + UINT32* DataSize, // out + BYTE** Data // out +); +extern TSS_RESULT Tcsip_UnBind +( + TCS_CONTEXT_HANDLE hContext, // in + TCS_KEY_HANDLE keyHandle, // in + UINT32 inDataSize, // in + BYTE* inData, // in + TPM_AUTH* privAuth, // in, out + UINT32* outDataSize, // out + BYTE** outData // out +); +extern TSS_RESULT Tcsip_Sealx +( + TCS_CONTEXT_HANDLE hContext, // in + TCS_KEY_HANDLE keyHandle, // in + TPM_ENCAUTH encAuth, // in + UINT32 pcrInfoSize, // in + BYTE* PcrInfo, // in + UINT32 inDataSize, // in + BYTE* inData, // in + TPM_AUTH* pubAuth, // in, out + UINT32* SealedDataSize, // out + BYTE** SealedData // out +); +extern TSS_RESULT Tcsip_LoadKey2ByBlob +( + TCS_CONTEXT_HANDLE hContext, // in + TCS_KEY_HANDLE hUnwrappingKey, // in + UINT32 cWrappedKeyBlobSize, // in + BYTE* rgbWrappedKeyBlob, // in + TPM_AUTH* pAuth, // in, out + TCS_KEY_HANDLE* phKeyTCSI // out +); +extern TSS_RESULT Tcsip_CreateMigrationBlob +( + TCS_CONTEXT_HANDLE hContext, // in + TCS_KEY_HANDLE parentHandle, // in + TSS_MIGRATE_SCHEME migrationType, // in + UINT32 MigrationKeyAuthSize, // in + BYTE* MigrationKeyAuth, // in + UINT32 encDataSize, // in + BYTE* encData, // in + TPM_AUTH* parentAuth, // in, out + TPM_AUTH* entityAuth, // in, out + UINT32* randomSize, // out + BYTE** random, // out + UINT32* outDataSize, // out + BYTE** outData // out +); +extern TSS_RESULT Tcsip_ConvertMigrationBlob +( + TCS_CONTEXT_HANDLE hContext, // in + TCS_KEY_HANDLE parentHandle, // in + UINT32 inDataSize, // in + BYTE* inData, // in + UINT32 randomSize, // in + BYTE* random, // in + TPM_AUTH* parentAuth, // in, out + UINT32* outDataSize, // out + BYTE** outData // out +); +extern TSS_RESULT Tcsip_AuthorizeMigrationKey +( + TCS_CONTEXT_HANDLE hContext, // in + TSS_MIGRATE_SCHEME migrateScheme, // in + UINT32 MigrationKeySize, // in + BYTE* MigrationKey, // in + TPM_AUTH* ownerAuth, // in, out + UINT32* MigrationKeyAuthSize, // out + BYTE** MigrationKeyAuth // out +); +extern TSS_RESULT Tcsip_CertifyKey +( + TCS_CONTEXT_HANDLE hContext, // in + TCS_KEY_HANDLE certHandle, // in + TCS_KEY_HANDLE keyHandle, // in + TPM_NONCE antiReplay, // in + TPM_AUTH* certAuth, // in, out + TPM_AUTH* keyAuth, // in, out + UINT32* CertifyInfoSize, // out + BYTE** CertifyInfo, // out + UINT32* outDataSize, // out + BYTE** outData // out +); +extern TSS_RESULT Tcsip_CertifyKey2 +( + TCS_CONTEXT_HANDLE hContext, // in + TCS_KEY_HANDLE certHandle, // in + TCS_KEY_HANDLE keyHandle, // in + TPM_DIGEST MSAdigest, // in + TPM_NONCE antiReplay, // in + TPM_AUTH* certAuth, // in, out + TPM_AUTH* keyAuth, // in, out + UINT32* CertifyInfoSize, // out + BYTE** CertifyInfo, // out + UINT32* outDataSize, // out + BYTE** outData // out +); +extern TSS_RESULT Tcsip_Sign +( + TCS_CONTEXT_HANDLE hContext, // in + TCS_KEY_HANDLE keyHandle, // in + UINT32 areaToSignSize, // in + BYTE* areaToSign, // in + TPM_AUTH* privAuth, // in, out + UINT32* sigSize, // out + BYTE** sig // out +); +extern TSS_RESULT Tcsip_GetRandom +( + TCS_CONTEXT_HANDLE hContext, // in + UINT32* bytesRequested, // in, out + BYTE** randomBytes // out +); +extern TSS_RESULT Tcsip_StirRandom +( + TCS_CONTEXT_HANDLE hContext, // in + UINT32 inDataSize, // in + BYTE* inData // in +); +extern TSS_RESULT Tcsip_GetCapability +( + TCS_CONTEXT_HANDLE hContext, // in + TPM_CAPABILITY_AREA capArea, // in + UINT32 subCapSize, // in + BYTE* subCap, // in + UINT32* respSize, // out + BYTE** resp // out +); +extern TSS_RESULT Tcsip_GetCapabilitySigned +( + TCS_CONTEXT_HANDLE hContext, // in + TCS_KEY_HANDLE keyHandle, // in + TPM_NONCE antiReplay, // in + TPM_CAPABILITY_AREA capArea, // in + UINT32 subCapSize, // in + BYTE* subCap, // in + TPM_AUTH* privAuth, // in, out + TPM_VERSION* Version, // out + UINT32* respSize, // out + BYTE** resp, // out + UINT32* sigSize, // out + BYTE** sig // out +); +extern TSS_RESULT Tcsip_GetCapabilityOwner +( + TCS_CONTEXT_HANDLE hContext, // in + TPM_AUTH* pOwnerAuth, // in, out + TPM_VERSION* pVersion, // out + UINT32* pNonVolatileFlags, // out + UINT32* pVolatileFlags // out +); +extern TSS_RESULT Tcsip_CreateEndorsementKeyPair +( + TCS_CONTEXT_HANDLE hContext, // in + TPM_NONCE antiReplay, // in + UINT32 endorsementKeyInfoSize, // in + BYTE* endorsementKeyInfo, // in + UINT32* endorsementKeySize, // out + BYTE** endorsementKey, // out + TPM_DIGEST* checksum // out +); +extern TSS_RESULT Tcsip_ReadPubek +( + TCS_CONTEXT_HANDLE hContext, // in + TPM_NONCE antiReplay, // in + UINT32* pubEndorsementKeySize, // out + BYTE** pubEndorsementKey, // out + TPM_DIGEST* checksum // out +); +extern TSS_RESULT Tcsip_DisablePubekRead +( + TCS_CONTEXT_HANDLE hContext, // in + TPM_AUTH* ownerAuth // in, out +); +extern TSS_RESULT Tcsip_OwnerReadPubek +( + TCS_CONTEXT_HANDLE hContext, // in + TPM_AUTH* ownerAuth, // in, out + UINT32* pubEndorsementKeySize, // out + BYTE** pubEndorsementKey // out +); +extern TSS_RESULT Tcsip_SelfTestFull +( + TCS_CONTEXT_HANDLE hContext // in +); +extern TSS_RESULT Tcsip_CertifySelfTest +( + TCS_CONTEXT_HANDLE hContext, // in + TCS_KEY_HANDLE keyHandle, // in + TPM_NONCE antiReplay, // in + TPM_AUTH* privAuth, // in, out + UINT32* sigSize, // out + BYTE** sig // out +); +extern TSS_RESULT Tcsip_ContinueSelfTest +( + TCS_CONTEXT_HANDLE hContext // in +); +extern TSS_RESULT Tcsip_GetTestResult +( + TCS_CONTEXT_HANDLE hContext, // in + UINT32* outDataSize, // out + BYTE** outData // out +); +extern TSS_RESULT Tcsip_OwnerSetDisable +( + TCS_CONTEXT_HANDLE hContext, // in + TSS_BOOL disableState, // in + TPM_AUTH* ownerAuth // in, out +); +extern TSS_RESULT Tcsip_OwnerClear +( + TCS_CONTEXT_HANDLE hContext, // in + TPM_AUTH* ownerAuth // in, out +); +extern TSS_RESULT Tcsip_DisableOwnerClear +( + TCS_CONTEXT_HANDLE hContext, // in + TPM_AUTH* ownerAuth // in, out +); +extern TSS_RESULT Tcsip_ForceClear +( + TCS_CONTEXT_HANDLE hContext // in +); +extern TSS_RESULT Tcsip_DisableForceClear +( + TCS_CONTEXT_HANDLE hContext // in +); +extern TSS_RESULT Tcsip_PhysicalDisable +( + TCS_CONTEXT_HANDLE hContext // in +); +extern TSS_RESULT Tcsip_PhysicalEnable +( + TCS_CONTEXT_HANDLE hContext // in +); +extern TSS_RESULT Tcsip_PhysicalSetDeactivated +( + TCS_CONTEXT_HANDLE hContext, // in + TSS_BOOL state // in +); +extern TSS_RESULT Tcsip_SetTempDeactivated +( + TCS_CONTEXT_HANDLE hContext // in +); +extern TSS_RESULT Tcsip_SetTempDeactivated2 +( + TCS_CONTEXT_HANDLE hContext, // in + TPM_AUTH* pOperatorAuth // in, out +); +extern TSS_RESULT Tcsip_OwnerReadInternalPub +( + TCS_CONTEXT_HANDLE hContext, // in + TCS_KEY_HANDLE hKey, // in + TPM_AUTH* pOwnerAuth, // in, out + UINT32* punPubKeySize, // out + BYTE** ppbPubKeyData // out +); +extern TSS_RESULT Tcsip_PhysicalPresence +( + TCS_CONTEXT_HANDLE hContext, // in + TPM_PHYSICAL_PRESENCE fPhysicalPresence // in +); +extern TSS_RESULT Tcsip_FieldUpgrade +( + TCS_CONTEXT_HANDLE hContext, // in + UINT32 dataInSize, // in + BYTE* dataIn, // in + TPM_AUTH* ownerAuth, // in, out + UINT32* dataOutSize, // out + BYTE** dataOut // out +); +extern TSS_RESULT Tcsip_ResetLockValue +( + TCS_CONTEXT_HANDLE hContext, // in + TPM_AUTH* ownerAuth // in, out +); +extern TSS_RESULT Tcsip_FlushSpecific +( + TCS_CONTEXT_HANDLE hContext, // in + TCS_HANDLE hResHandle, // in + TPM_RESOURCE_TYPE resourceType // in +); +extern TSS_RESULT Tcsip_SetRedirection +( + TCS_CONTEXT_HANDLE hContext, // in + TCS_KEY_HANDLE keyHandle, // in + UINT32 c1, // in + UINT32 c2, // in + TPM_AUTH* privAuth // in, out +); +extern TSS_RESULT Tcsip_DSAP +( + TCS_CONTEXT_HANDLE hContext, // in + TPM_ENTITY_TYPE entityType, // in + TCS_KEY_HANDLE keyHandle, // in + TPM_NONCE nonceOddDSAP, // in + UINT32 entityValueSize, // in + BYTE* entityValue, // in + TCS_AUTHHANDLE* authHandle, // out + TPM_NONCE* nonceEven, // out + TPM_NONCE* nonceEvenDSAP // out +); +extern TSS_RESULT Tcsip_Delegate_Manage +( + TCS_CONTEXT_HANDLE hContext, // in + TPM_FAMILY_ID familyID, // in + TPM_FAMILY_OPERATION opFlag, // in + UINT32 opDataSize, // in + BYTE* opData, // in + TPM_AUTH* ownerAuth, // in, out + UINT32* retDataSize, // out + BYTE** retData // out +); +extern TSS_RESULT Tcsip_Delegate_CreateKeyDelegation +( + TCS_CONTEXT_HANDLE hContext, // in + TCS_KEY_HANDLE hKey, // in + UINT32 publicInfoSize, // in + BYTE* publicInfo, // in + TPM_ENCAUTH encDelAuth, // in + TPM_AUTH* keyAuth, // in, out + UINT32* blobSize, // out + BYTE** blob // out +); +extern TSS_RESULT Tcsip_Delegate_CreateOwnerDelegation +( + TCS_CONTEXT_HANDLE hContext, // in + TSS_BOOL increment, // in + UINT32 publicInfoSize, // in + BYTE* publicInfo, // in + TPM_ENCAUTH encDelAuth, // in + TPM_AUTH* ownerAuth, // in, out + UINT32* blobSize, // out + BYTE** blob // out +); +extern TSS_RESULT Tcsip_Delegate_LoadOwnerDelegation +( + TCS_CONTEXT_HANDLE hContext, // in + TPM_DELEGATE_INDEX index, // in + UINT32 blobSize, // in + BYTE* blob, // in + TPM_AUTH* ownerAuth // in, out +); +extern TSS_RESULT Tcsip_Delegate_UpdateVerificationCount +( + TCS_CONTEXT_HANDLE hContext, // in + UINT32 inputSize, // in + BYTE* input, // in + TPM_AUTH* ownerAuth, // in, out + UINT32* outputSize, // out + BYTE** output // out +); +extern TSS_RESULT Tcsip_Delegate_VerifyDelegation +( + TCS_CONTEXT_HANDLE hContext, // in + UINT32 delegateSize, // in + BYTE* delegate // in +); +extern TSS_RESULT Tcsip_Delegate_ReadTable +( + TCS_CONTEXT_HANDLE hContext, // in + UINT32* pulFamilyTableSize, // out + BYTE** ppFamilyTable, // out + UINT32* pulDelegateTableSize, // out + BYTE** ppDelegateTable // out +); +extern TSS_RESULT Tcsip_NV_DefineOrReleaseSpace +( + TCS_CONTEXT_HANDLE hContext, // in + UINT32 cPubInfoSize, // in + BYTE* pPubInfo, // in + TPM_ENCAUTH encAuth, // in + TPM_AUTH* pAuth // in, out +); +extern TSS_RESULT Tcsip_NV_WriteValue +( + TCS_CONTEXT_HANDLE hContext, // in + TSS_NV_INDEX hNVStore, // in + UINT32 offset, // in + UINT32 ulDataLength, // in + BYTE* rgbDataToWrite, // in + TPM_AUTH* privAuth // in, out +); +extern TSS_RESULT Tcsip_NV_WriteValueAuth +( + TCS_CONTEXT_HANDLE hContext, // in + TSS_NV_INDEX hNVStore, // in + UINT32 offset, // in + UINT32 ulDataLength, // in + BYTE* rgbDataToWrite, // in + TPM_AUTH* NVAuth // in, out +); +extern TSS_RESULT Tcsip_NV_ReadValue +( + TCS_CONTEXT_HANDLE hContext, // in + TSS_NV_INDEX hNVStore, // in + UINT32 offset, // in + UINT32* pulDataLength, // in, out + TPM_AUTH* privAuth, // in, out + BYTE** rgbDataRead // out +); +extern TSS_RESULT Tcsip_NV_ReadValueAuth +( + TCS_CONTEXT_HANDLE hContext, // in + TSS_NV_INDEX hNVStore, // in + UINT32 offset, // in + UINT32* pulDataLength, // in, out + TPM_AUTH* NVAuth, // in, out + BYTE** rgbDataRead // out +); +extern TSS_RESULT Tcsip_CreateMaintenanceArchive +( + TCS_CONTEXT_HANDLE hContext, // in + TSS_BOOL generateRandom, // in + TPM_AUTH* ownerAuth, // in, out + UINT32* randomSize, // out + BYTE** random, // out + UINT32* archiveSize, // out + BYTE** archive // out +); +extern TSS_RESULT Tcsip_LoadMaintenanceArchive +( + TCS_CONTEXT_HANDLE hContext, // in + UINT32 dataInSize, // in + BYTE* dataIn, // in + TPM_AUTH* ownerAuth, // in, out + UINT32* dataOutSize, // out + BYTE** dataOut // out +); +extern TSS_RESULT Tcsip_KillMaintenanceFeature +( + TCS_CONTEXT_HANDLE hContext, // in + TPM_AUTH* ownerAuth // in, out +); +extern TSS_RESULT Tcsip_LoadManuMaintPub +( + TCS_CONTEXT_HANDLE hContext, // in + TPM_NONCE antiReplay, // in + UINT32 PubKeySize, // in + BYTE* PubKey, // in + TPM_DIGEST* checksum // out +); +extern TSS_RESULT Tcsip_ReadManuMaintPub +( + TCS_CONTEXT_HANDLE hContext, // in + TPM_NONCE antiReplay, // in + TPM_DIGEST* checksum // out +); +extern TSS_RESULT Tcsip_CreateRevocableEndorsementKeyPair +( + TCS_CONTEXT_HANDLE hContext, // in + TPM_NONCE antiReplay, // in + UINT32 endorsementKeyInfoSize, // in + BYTE* endorsementKeyInfo, // in + TSS_BOOL GenResetAuth, // in + TPM_DIGEST* EKResetAuth, // in, out + UINT32* endorsementKeySize, // out + BYTE** endorsementKey, // out + TPM_DIGEST* checksum // out +); +extern TSS_RESULT Tcsip_RevokeEndorsementKeyPair +( + TCS_CONTEXT_HANDLE hContext, // in + TPM_DIGEST EKResetAuth // in +); +extern TSS_RESULT Tcsip_PcrReset +( + TCS_CONTEXT_HANDLE hContext, // in + UINT32 pcrTargetSize, // in + BYTE* pcrTarget // in +); +extern TSS_RESULT Tcsip_ReadCounter +( + TCS_CONTEXT_HANDLE hContext, // in + TSS_COUNTER_ID idCounter, // in + TPM_COUNTER_VALUE* counterValue // out +); +extern TSS_RESULT Tcsip_CreateCounter +( + TCS_CONTEXT_HANDLE hContext, // in + UINT32 LabelSize, // in (=4) + BYTE* pLabel, // in + TPM_ENCAUTH CounterAuth, // in + TPM_AUTH* pOwnerAuth, // in, out + TSS_COUNTER_ID* idCounter, // out + TPM_COUNTER_VALUE* counterValue // out +); +extern TSS_RESULT Tcsip_IncrementCounter +( + TCS_CONTEXT_HANDLE hContext, // in + TSS_COUNTER_ID idCounter, // in + TPM_AUTH* pCounterAuth, // in, out + TPM_COUNTER_VALUE* counterValue // out +); +extern TSS_RESULT Tcsip_ReleaseCounter +( + TCS_CONTEXT_HANDLE hContext, // in + TSS_COUNTER_ID idCounter, // in + TPM_AUTH* pCounterAuth // in, out +); +extern TSS_RESULT Tcsip_ReleaseCounterOwner +( + TCS_CONTEXT_HANDLE hContext, // in + TSS_COUNTER_ID idCounter, // in + TPM_AUTH* pOwnerAuth // in, out +); +extern TSS_RESULT Tcsip_ReadCurrentTicks +( + TCS_CONTEXT_HANDLE hContext, // in + UINT32* pulCurrentTimeSize, // out + BYTE** prgbCurrentTime // out +); +extern TSS_RESULT Tcsip_TickStampBlob +( + TCS_CONTEXT_HANDLE hContext, // in + TCS_KEY_HANDLE hKey, // in + TPM_NONCE antiReplay, // in + TPM_DIGEST digestToStamp, // in + TPM_AUTH* privAuth, // in, out + UINT32* pulSignatureLength, // out + BYTE** prgbSignature, // out + UINT32* pulTickCountSize, // out + BYTE** prgbTickCount // out +); +extern TSS_RESULT Tcsip_TPM_DAA_Join +( + TCS_CONTEXT_HANDLE hContext, // in + TPM_HANDLE handle, // in + BYTE stage, // in + UINT32 inputSize0, // in + BYTE* inputData0, // in + UINT32 inputSize1, // in + BYTE* inputData1, // in + TPM_AUTH* ownerAuth, // in, out + UINT32* outputSize, // out + BYTE** outputData // out +); +extern TSS_RESULT Tcsip_TPM_DAA_Sign +( + TCS_CONTEXT_HANDLE hContext, // in + TPM_HANDLE handle, // in + BYTE stage, // in + UINT32 inputSize0, // in + BYTE* inputData0, // in + UINT32 inputSize1, // in + BYTE* inputData1, // in + TPM_AUTH* ownerAuth, // in, out + UINT32* outputSize, // out + BYTE** outputData // out +); +extern TSS_RESULT Tcsip_MigrateKey +( + TCS_CONTEXT_HANDLE hContext, // in + TCS_KEY_HANDLE hMaKey, // in + UINT32 PublicKeySize, // in + BYTE* PublicKey, // in + UINT32 inDataSize, // in + BYTE* inData, // in + TPM_AUTH* ownerAuth, // in, out + UINT32* outDataSize, // out + BYTE** outData // out +); +extern TSS_RESULT Tcsip_CMK_SetRestrictions +( + TCS_CONTEXT_HANDLE hContext, // in + TSS_CMK_DELEGATE Restriction, // in + TPM_AUTH* ownerAuth // in, out +); +extern TSS_RESULT Tcsip_CMK_ApproveMA +( + TCS_CONTEXT_HANDLE hContext, // in + TPM_DIGEST migAuthorityDigest, // in + TPM_AUTH* ownerAuth, // in, out + TPM_HMAC* HmacMigAuthDigest // out +); +extern TSS_RESULT Tcsip_CMK_CreateKey +( + TCS_CONTEXT_HANDLE hContext, // in + TCS_KEY_HANDLE hWrappingKey, // in + TPM_ENCAUTH KeyUsageAuth, // in + TPM_HMAC MigAuthApproval, // in + TPM_DIGEST MigAuthorityDigest, // in + UINT32* keyDataSize, // in, out + BYTE** prgbKeyData, // in, out + TPM_AUTH* pAuth // in, out +); +extern TSS_RESULT Tcsip_CMK_CreateTicket +( + TCS_CONTEXT_HANDLE hContext, // in + UINT32 PublicVerifyKeySize, // in + BYTE* PublicVerifyKey, // in + TPM_DIGEST SignedData, // in + UINT32 SigValueSize, // in + BYTE* SigValue, // in + TPM_AUTH* pOwnerAuth, // in, out + TPM_HMAC* SigTicket // out +); +extern TSS_RESULT Tcsip_CMK_CreateBlob +( + TCS_CONTEXT_HANDLE hContext, // in + TCS_KEY_HANDLE parentHandle, // in + TSS_MIGRATE_SCHEME migrationType, // in + UINT32 MigrationKeyAuthSize, // in + BYTE* MigrationKeyAuth, // in + TPM_DIGEST PubSourceKeyDigest, // in + UINT32 msaListSize, // in + BYTE* msaList, // in + UINT32 restrictTicketSize, // in + BYTE* restrictTicket, // in + UINT32 sigTicketSize, // in + BYTE* sigTicket, // in + UINT32 encDataSize, // in + BYTE* encData, // in + TPM_AUTH* parentAuth, // in, out + UINT32* randomSize, // out + BYTE** random, // out + UINT32* outDataSize, // out + BYTE** outData // out +); +extern TSS_RESULT Tcsip_CMK_ConvertMigration +( + TCS_CONTEXT_HANDLE hContext, // in + TCS_KEY_HANDLE parentHandle, // in + TPM_CMK_AUTH restrictTicket, // in + TPM_HMAC sigTicket, // in + UINT32 keyDataSize, // in + BYTE* prgbKeyData, // in + UINT32 msaListSize, // in + BYTE* msaList, // in + UINT32 randomSize, // in + BYTE* random, // in + TPM_AUTH* parentAuth, // in, out + UINT32* outDataSize, // out + BYTE** outData // out +); +extern TSS_RESULT Tcsip_SetCapability +( + TCS_CONTEXT_HANDLE hContext, // in + TPM_CAPABILITY_AREA capArea, // in + UINT32 subCapSize, // in + BYTE* subCap, // in + UINT32 valueSize, // in + BYTE* value, // in + TPM_AUTH* ownerAuth // in, out +); +extern TSS_RESULT Tcsip_GetAuditDigest +( + TCS_CONTEXT_HANDLE hContext, // in + UINT32 startOrdinal, // in + TPM_DIGEST* auditDigest, // out + UINT32* counterValueSize, // out + BYTE** counterValue, // out + TSS_BOOL* more, // out + UINT32* ordSize, // out + UINT32** ordList // out +); +extern TSS_RESULT Tcsip_GetAuditDigestSigned +( + TCS_CONTEXT_HANDLE hContext, // in + TCS_KEY_HANDLE keyHandle, // in + TSS_BOOL closeAudit, // in + TPM_NONCE antiReplay, // in + TPM_AUTH* privAuth, // in, out + UINT32* counterValueSize, // out + BYTE** counterValue, // out + TPM_DIGEST* auditDigest, // out + TPM_DIGEST* ordinalDigest, // out + UINT32* sigSize, // out + BYTE** sig // out +); +extern TSS_RESULT Tcsip_SetOrdinalAuditStatus +( + TCS_CONTEXT_HANDLE hContext, // in + UINT32 ordinalToAudit, // in + TSS_BOOL auditState, // in + TPM_AUTH* ownerAuth // in, out +); +extern TSS_RESULT Tcsi_Admin_TSS_SessionsPerLocality +( + TCS_CONTEXT_HANDLE hContext, // in + UINT32 ulLocality, // in + UINT32 ulSessions, // in + TPM_AUTH* pOwnerAuth // in, out +); +extern TSS_RESULT Tcsi_GetCredential +( + TCS_CONTEXT_HANDLE hContext, // in + UINT32 ulCredentialType, // in + UINT32 ulCredentialAccessMode, // in + UINT32* pulCredentialSize, // out + BYTE** prgbCredentialData // out +); + +#if defined __cplusplus +} // extern "C" +#endif + +#endif /* TCS_H */ diff --git a/src/include/tss/tcs_defines.h b/src/include/tss/tcs_defines.h new file mode 100644 index 0000000..5b0d192 --- /dev/null +++ b/src/include/tss/tcs_defines.h @@ -0,0 +1,28 @@ +/*++ + +TSS Core Service structures + +*/ + +#ifndef __TCS_DEFINES_H__ +#define __TCS_DEFINES_H__ + +#define TSS_TCSATTRIB_TRANSPORT_DEFAULT ((UINT32)(0x00000000)) +#define TSS_TCSATTRIB_TRANSPORT_EXCLUSIVE ((UINT32)(0x00000001)) + + +// Values for the ulCredentialType parameter to Tcsi_GetCredential +#define TSS_TCS_CREDENTIAL_EKCERT ((UINT32)0x00000001) +#define TSS_TCS_CREDENTIAL_TPM_CC ((UINT32)0x00000002) +#define TSS_TCS_CREDENTIAL_PLATFORMCERT ((UINT32)0x00000003) + + +// Values for the ulCredentialAccessMode parameter to Tcsi_GetCredential +// TSS_TCS_CERT_ACCESS_AUTO triggers the default behavior. +// Values with TSS_TCS_CERT_VENDOR_SPECIFIC_BIT set trigger +// vendor specific behavior. +#define TSS_TCS_CERT_ACCESS_AUTO ((UINT32)0x00000001) + +#define TSS_TCS_CERT_VENDOR_SPECIFIC_BIT ((UINT32)0x80000000) + +#endif // __TCS_DEFINES_H__ diff --git a/src/include/tss/tcs_error.h b/src/include/tss/tcs_error.h new file mode 100644 index 0000000..2a64c34 --- /dev/null +++ b/src/include/tss/tcs_error.h @@ -0,0 +1,56 @@ +/*++ + +TSS Core Service error return codes + +--*/ + +#ifndef __TCS_ERROR_H__ +#define __TCS_ERROR_H__ + + +#ifndef TSS_E_BASE +#define TSS_E_BASE 0x00000000L +#endif // TSS_E_BASE + +// The context handle supplied is invalid. +#define TCS_E_INVALID_CONTEXTHANDLE (UINT32)(TSS_E_BASE + 0x0C1L) + +// The key handle supplied is invalid. +#define TCS_E_INVALID_KEYHANDLE (UINT32)(TSS_E_BASE + 0x0C2L) + +// The authorization session handle supplied is invalid. +#define TCS_E_INVALID_AUTHHANDLE (UINT32)(TSS_E_BASE + 0x0C3L) + +// the auth session has been closed by the TPM +#define TCS_E_INVALID_AUTHSESSION (UINT32)(TSS_E_BASE + 0x0C4L) + +// the key has been unloaded +#define TCS_E_INVALID_KEY (UINT32)(TSS_E_BASE + 0x0C5L) + +// Key addressed by the application key handle does not match the key addressed +// by the given UUID. +#define TCS_E_KEY_MISMATCH (UINT32)(TSS_E_BASE + 0x0C8L) + +// Key adressed by Key's UUID cannot be loaded because one of the required +// parent keys needs authorization. +#define TCS_E_KM_LOADFAILED (UINT32)(TSS_E_BASE + 0x0CAL) + +// The Key Cache Manager could not reload the key into the TPM. +#define TCS_E_KEY_CONTEXT_RELOAD (UINT32)(TSS_E_BASE + 0x0CCL) + +// Bad memory index +#define TCS_E_BAD_INDEX (UINT32)(TSS_E_BASE + 0x0CDL) + + +// These TCS_E_ macros are defined by name in the TSS spec, however +// they are defined to have the same values as the TSS_E_ equivalents. +#define TCS_SUCCESS TSS_SUCCESS +#define TCS_E_KEY_ALREADY_REGISTERED TSS_E_KEY_ALREADY_REGISTERED +#define TCS_E_KEY_NOT_REGISTERED TSS_E_KEY_NOT_REGISTERED +#define TCS_E_BAD_PARAMETER TSS_E_BAD_PARAMETER +#define TCS_E_OUTOFMEMORY TSS_E_OUTOFMEMORY +#define TCS_E_SIZE TSS_E_SIZE +#define TCS_E_NOTIMPL TSS_E_NOTIMPL +#define TCS_E_INTERNAL_ERROR TSS_E_INTERNAL_ERROR + +#endif // __TCS_ERROR_H__ diff --git a/src/include/tss/tcs_structs.h b/src/include/tss/tcs_structs.h new file mode 100644 index 0000000..30b3fb9 --- /dev/null +++ b/src/include/tss/tcs_structs.h @@ -0,0 +1,40 @@ +/*++ + +TSS Core Service structures + +*/ + +#ifndef __TCS_STRUCT_H__ +#define __TCS_STRUCT_H__ + +#include +#include +#include + +typedef struct tdTCS_AUTH +{ + TCS_AUTHHANDLE AuthHandle; + TPM_NONCE NonceOdd; // system + TPM_NONCE NonceEven; // TPM + TSS_BOOL fContinueAuthSession; + TPM_AUTHDATA HMAC; +} TCS_AUTH; + +// This is kept for legacy compatibility +typedef TCS_AUTH TPM_AUTH; + + +typedef struct tdTCS_LOADKEY_INFO +{ + TSS_UUID keyUUID; + TSS_UUID parentKeyUUID; + TPM_DIGEST paramDigest; // SHA1 digest of the TPM_LoadKey + // Command input parameters + // As defined in TPM Main Specification + TPM_AUTH authData; // Data regarding a valid auth + // Session including the + // HMAC digest +} TCS_LOADKEY_INFO; + +#endif // __TCS_STRUCT_H__ + diff --git a/src/include/tss/tcs_typedef.h b/src/include/tss/tcs_typedef.h new file mode 100644 index 0000000..0c89839 --- /dev/null +++ b/src/include/tss/tcs_typedef.h @@ -0,0 +1,32 @@ +/*++ + +Global typedefs for TSS Core Service + +*/ + +#ifndef __TCS_TYPEDEF_H__ +#define __TCS_TYPEDEF_H__ + +#include +#include + +typedef UINT32 TCS_AUTHHANDLE; +typedef UINT32 TCS_CONTEXT_HANDLE; +typedef UINT32 TCS_KEY_HANDLE; +typedef UINT32 TCS_HANDLE; + + +// Substitution definitions for TCS-IDL +typedef TPM_ENCAUTH TCG_ENCAUTH; +typedef TPM_NONCE TCG_NONCE; +typedef TPM_ENTITY_TYPE TCG_ENTITY_TYPE; +typedef TPM_PCRINDEX TCG_PCRINDEX; +typedef TPM_DIGEST TCG_DIGEST; +typedef TPM_PCRVALUE TCG_PCRVALUE; +typedef TPM_DIRVALUE TCG_DIRVALUE; +typedef TPM_DIRINDEX TCG_DIRINDEX; + + + +#endif // __TCS_TYPEDEF_H__ + diff --git a/src/include/tss/tddl_error.h b/src/include/tss/tddl_error.h new file mode 100644 index 0000000..b63ca11 --- /dev/null +++ b/src/include/tss/tddl_error.h @@ -0,0 +1,51 @@ +/*++ + +TPM Device Driver Library error return codes + +--*/ + +#ifndef __TDDL_ERROR_H__ +#define __TDDL_ERROR_H__ + +#include +#include + + +#ifndef TSS_E_BASE +#define TSS_E_BASE 0x00000000L +#endif // TSS_E_BASE + + +// +// specific error codes returned by the TPM device driver library +// offset TSS_TDDL_OFFSET +// +#define TDDL_E_FAIL TSS_E_FAIL +#define TDDL_E_TIMEOUT TSS_E_TIMEOUT + +// The connection was already established. +#define TDDL_E_ALREADY_OPENED (UINT32)(TSS_E_BASE + 0x081L) + +// The device was not connected. +#define TDDL_E_ALREADY_CLOSED (UINT32)(TSS_E_BASE + 0x082L) + +// The receive buffer is too small. +#define TDDL_E_INSUFFICIENT_BUFFER (UINT32)(TSS_E_BASE + 0x083L) + +// The command has already completed. +#define TDDL_E_COMMAND_COMPLETED (UINT32)(TSS_E_BASE + 0x084L) + +// TPM aborted processing of command. +#define TDDL_E_COMMAND_ABORTED (UINT32)(TSS_E_BASE + 0x085L) + +// The request could not be performed because of an I/O device error. +#define TDDL_E_IOERROR (UINT32)(TSS_E_BASE + 0x087L) + +// Unsupported TAG is requested +#define TDDL_E_BADTAG (UINT32)(TSS_E_BASE + 0x088L) + +// the requested TPM component was not found +#define TDDL_E_COMPONENT_NOT_FOUND (UINT32)(TSS_E_BASE + 0x089L) + +#endif // __TDDL_ERROR_H__ + diff --git a/src/include/tss/tddlapi_error.h b/src/include/tss/tddlapi_error.h new file mode 100644 index 0000000..f021150 --- /dev/null +++ b/src/include/tss/tddlapi_error.h @@ -0,0 +1,54 @@ +/*++ + +TDDL error return codes for the TPM Device Driver Library Interface (TDDLI) + +--*/ + +#ifndef __TDDLAPI_ERROR_H__ +#define __TDDLAPI_ERROR_H__ + + +// +// error coding scheme for a Microsoft Windows platform - +// refer to the TSS Specification Parts +// +// Values are 32 bit values layed out as follows: +// +// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 +// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 +// +---+-+-+-----------------------+-------+-----------------------+ +// |Lev|C|R| Facility | Layer | Code | +// +---+-+-+-----------------------+-------+-----------------------+ +// | Platform specific coding | TSS error coding system | +// +---+-+-+-----------------------+-------+-----------------------+ +// +// Lev - is the Level code +// +// 00 - Success +// 01 - Informational +// 10 - Warning +// 11 - Error +// +// C - is the Customer code flag (must actually be set) +// +// R - is a reserved bit (unused) +// +// Facility - is the facility code: TCPA: proposal 0x028 +// +// Code - is the facility's status code +// + + +// no macros are used below intentionally +// for a better error code recognition by the reader + +// note that the values of TPM_E_BASE and TSS_E_BASE, TSS_W_BASE and TSS_I_BASE +// have to be adjusted for a platform other than Windows + +// +// TPM specific error codes (layer nibble set to TPM layer TSS_LAYER_TPM) +// + + +#endif // __TDDLAPI_ERROR_H__ + diff --git a/src/include/tss/tddli.h b/src/include/tss/tddli.h new file mode 100644 index 0000000..bfd6045 --- /dev/null +++ b/src/include/tss/tddli.h @@ -0,0 +1,94 @@ +/*++ + +TPM Device Driver Library interface + +--*/ + +#ifndef __TDDLI_H__ +#define __TDDLI_H__ + +#include +#include + +#if !defined(TDDLI) +#ifdef WIN32 +// --- This should be used on Windows platforms +#ifdef TDDLI_EXPORTS +#define TDDLI __declspec(dllexport) +#else +#define TDDLI __declspec(dllimport) +#endif +#else +#define TDDLI +#endif +#endif /* !defined(TDDLI) */ + + +#define TDDL_CAP_VERSION 0x0100 +#define TDDL_CAP_VER_DRV 0x0101 +#define TDDL_CAP_VER_FW 0x0102 +#define TDDL_CAP_VER_FW_DATE 0x0103 + +#define TDDL_CAP_PROPERTY 0x0200 +#define TDDL_CAP_PROP_MANUFACTURER 0x0201 +#define TDDL_CAP_PROP_MODULE_TYPE 0x0202 +#define TDDL_CAP_PROP_GLOBAL_STATE 0x0203 + + +//-------------------------------------------------------------------- +// TDDL specific helper redefinitions + +#ifdef __cplusplus +extern "C" { +#endif + + //establish a connection to the TPM device driver + TDDLI TSS_RESULT Tddli_Open(void); + + //close a open connection to the TPM device driver + TDDLI TSS_RESULT Tddli_Close(void); + + //cancels the last outstanding TPM command + TDDLI TSS_RESULT Tddli_Cancel(void); + + // read the attributes returned by the TPM HW/FW + TDDLI TSS_RESULT Tddli_GetCapability( + UINT32 CapArea, + UINT32 SubCap, + BYTE *pCapBuf, + UINT32 *puntCapBufLen); + + // set parameters to the TPM HW/FW + TDDLI TSS_RESULT Tddli_SetCapability( + UINT32 CapArea, + UINT32 SubCap, + BYTE *pCapBuf, + UINT32 puntCapBufLen); + + // get status of the TPM driver and device + TDDLI TSS_RESULT Tddli_GetStatus( + UINT32 ReqStatusType, + UINT32 *puntStatus); + + // send any data to the TPM module + TDDLI TSS_RESULT Tddli_TransmitData( + BYTE *pTransmitBuf, + UINT32 TransmitBufLen, + BYTE *pReceiveBuf, + UINT32 *puntReceiveBufLen); + + TDDLI TSS_RESULT Tddli_SetPowerManagement( + TSS_BOOL SendSaveStateCommand, // in + UINT32 *QuerySetNewTPMPowerState); // in, out + + TDDLI TSS_RESULT Tddli_PowerManagementControl( + TSS_BOOL SendPowerManager, // in + UINT32 *DriverManagesPowerStates); // out + + +#ifdef __cplusplus +} +#endif + +#endif // __TDDLI_H__ + diff --git a/src/include/tss/tpm.h b/src/include/tss/tpm.h new file mode 100644 index 0000000..a9057f3 --- /dev/null +++ b/src/include/tss/tpm.h @@ -0,0 +1,1663 @@ +/*++ + * + * TPM structures extracted from the TPM specification 1.2, + * Part 2 (Structures), rev 85. + * + * Errata: + * + * *) The individual bits of TPM_STARTUP_EFFECTS were not given names in + * the TPM spec so they are not defined in tpm.h. + * + * *) A few typedefs not present in the TPM 1.2 specification have been + * added. This was generally done when the TPM 1.2 spec defined a set of + * related values (either bitmasks or enumeration values) but did not + * define an associated type to hold these values. The typedefs have been + * added and structure fields that were to hold those values have been + * switched from generic UINT* types to the more specific types. This was + * done to highlight exactly where those #defined values were to be used. + * The types that have been added are: + * TPM_NV_PER_ATTRIBUTES + * TPM_DELEGATE_TYPE + * + * *) The layout of bitfields within a structure are compiler-dependent + * and the use of structure bitfields has been avoided where possible. In + * cases where a value is a collection of independent bits the type is + * given a name (typedeffed to UINT16 or UINT32 as appropriate) and masks + * are #defined to access the individual bits. This is not possible for + * TPM_VERSION_BYTE because the fields are 4-bit values. A best attempt + * has been made to make this compiler independent but it has only been + * checked on GCC and Visual C++ on little-endian machines. + * + * *) The TPM_DELEGATIONS per1 and per2 fields field are a bitmask but + * are defined as a UINT32 because the bitfields have different meaning + * based on the type of delegation blob. + * + * *) The definitions of TPM_PERMANENT_DATA, TPM_STCLEAR_DATA, + * TPM_STANY_DATA, and TPM_DELEGATE_TABLE_ROW are commented out. These + * structures are internal to the TPM and are not directly accessible by + * external software so this should not be a problem. + * + * *) The definitions of TPM_FAMILY_TABLE and TPM_DELEGATE_TABLE are + * commented out because they are variable length arrays internal to the + * TPM. As above they are not directly accessible by external software + * so this should not be a problem. + */ + +#ifndef __TPM_H__ +#define __TPM_H__ + +#ifdef __midl +#define SIZEIS(x) [size_is(x)] +#else +#define SIZEIS(x) +#endif + +#include + +//------------------------------------------------------------------- +// Part 2, section 2.1: Basic data types +typedef BYTE TPM_BOOL; +#ifndef FALSE +#define FALSE 0x00 +#define TRUE 0x01 +#endif /* ifndef FALSE */ + +//------------------------------------------------------------------- +// Part 2, section 2.3: Helper Redefinitions +// Many of the helper redefinitions appear later in this file +// so that they are declared next to the list of valid values +// they may hold. +typedef BYTE TPM_LOCALITY_MODIFIER; +typedef UINT32 TPM_COMMAND_CODE; /* 1.1b */ +typedef UINT32 TPM_COUNT_ID; +typedef UINT32 TPM_REDIT_COMMAND; +typedef UINT32 TPM_HANDLE; +typedef UINT32 TPM_AUTHHANDLE; +typedef UINT32 TPM_TRANSHANDLE; +typedef UINT32 TPM_KEYHANDLE; +typedef UINT32 TPM_DIRINDEX; +typedef UINT32 TPM_PCRINDEX; +typedef UINT32 TPM_RESULT; +typedef UINT32 TPM_MODIFIER_INDICATOR; + + + +//------------------------------------------------------------------- +// Part 2, section 2.2.4: Vendor Specific +#define TPM_Vendor_Specific32 0x00000400 +#define TPM_Vendor_Specific8 0x80 + + +//------------------------------------------------------------------- +// Part 2, section 3: Structure Tags +typedef UINT16 TPM_STRUCTURE_TAG; +#define TPM_TAG_CONTEXTBLOB ((UINT16)0x0001) +#define TPM_TAG_CONTEXT_SENSITIVE ((UINT16)0x0002) +#define TPM_TAG_CONTEXTPOINTER ((UINT16)0x0003) +#define TPM_TAG_CONTEXTLIST ((UINT16)0x0004) +#define TPM_TAG_SIGNINFO ((UINT16)0x0005) +#define TPM_TAG_PCR_INFO_LONG ((UINT16)0x0006) +#define TPM_TAG_PERSISTENT_FLAGS ((UINT16)0x0007) +#define TPM_TAG_VOLATILE_FLAGS ((UINT16)0x0008) +#define TPM_TAG_PERSISTENT_DATA ((UINT16)0x0009) +#define TPM_TAG_VOLATILE_DATA ((UINT16)0x000a) +#define TPM_TAG_SV_DATA ((UINT16)0x000b) +#define TPM_TAG_EK_BLOB ((UINT16)0x000c) +#define TPM_TAG_EK_BLOB_AUTH ((UINT16)0x000d) +#define TPM_TAG_COUNTER_VALUE ((UINT16)0x000e) +#define TPM_TAG_TRANSPORT_INTERNAL ((UINT16)0x000f) +#define TPM_TAG_TRANSPORT_LOG_IN ((UINT16)0x0010) +#define TPM_TAG_TRANSPORT_LOG_OUT ((UINT16)0x0011) +#define TPM_TAG_AUDIT_EVENT_IN ((UINT16)0x0012) +#define TPM_TAG_AUDIT_EVENT_OUT ((UINT16)0x0013) +#define TPM_TAG_CURRENT_TICKS ((UINT16)0x0014) +#define TPM_TAG_KEY ((UINT16)0x0015) +#define TPM_TAG_STORED_DATA12 ((UINT16)0x0016) +#define TPM_TAG_NV_ATTRIBUTES ((UINT16)0x0017) +#define TPM_TAG_NV_DATA_PUBLIC ((UINT16)0x0018) +#define TPM_TAG_NV_DATA_SENSITIVE ((UINT16)0x0019) +#define TPM_TAG_DELEGATIONS ((UINT16)0x001a) +#define TPM_TAG_DELEGATE_PUBLIC ((UINT16)0x001b) +#define TPM_TAG_DELEGATE_TABLE_ROW ((UINT16)0x001c) +#define TPM_TAG_TRANSPORT_AUTH ((UINT16)0x001d) +#define TPM_TAG_TRANSPORT_PUBLIC ((UINT16)0x001e) +#define TPM_TAG_PERMANENT_FLAGS ((UINT16)0x001f) +#define TPM_TAG_STCLEAR_FLAGS ((UINT16)0x0020) +#define TPM_TAG_STANY_FLAGS ((UINT16)0x0021) +#define TPM_TAG_PERMANENT_DATA ((UINT16)0x0022) +#define TPM_TAG_STCLEAR_DATA ((UINT16)0x0023) +#define TPM_TAG_STANY_DATA ((UINT16)0x0024) +#define TPM_TAG_FAMILY_TABLE_ENTRY ((UINT16)0x0025) +#define TPM_TAG_DELEGATE_SENSITIVE ((UINT16)0x0026) +#define TPM_TAG_DELG_KEY_BLOB ((UINT16)0x0027) +#define TPM_TAG_KEY12 ((UINT16)0x0028) +#define TPM_TAG_CERTIFY_INFO2 ((UINT16)0x0029) +#define TPM_TAG_DELEGATE_OWNER_BLOB ((UINT16)0x002a) +#define TPM_TAG_EK_BLOB_ACTIVATE ((UINT16)0x002b) +#define TPM_TAG_DAA_BLOB ((UINT16)0x002c) +#define TPM_TAG_DAA_CONTEXT ((UINT16)0x002d) +#define TPM_TAG_DAA_ENFORCE ((UINT16)0x002e) +#define TPM_TAG_DAA_ISSUER ((UINT16)0x002f) +#define TPM_TAG_CAP_VERSION_INFO ((UINT16)0x0030) +#define TPM_TAG_DAA_SENSITIVE ((UINT16)0x0031) +#define TPM_TAG_DAA_TPM ((UINT16)0x0032) +#define TPM_TAG_CMK_MIGAUTH ((UINT16)0x0033) +#define TPM_TAG_CMK_SIGTICKET ((UINT16)0x0034) +#define TPM_TAG_CMK_MA_APPROVAL ((UINT16)0x0035) +#define TPM_TAG_QUOTE_INFO2 ((UINT16)0x0036) +#define TPM_TAG_DA_INFO ((UINT16)0x0037) +#define TPM_TAG_DA_INFO_LIMITED ((UINT16)0x0038) +#define TPM_TAG_DA_ACTION_TYPE ((UINT16)0x0039) + + +//------------------------------------------------------------------- +// Part 2, section 4: Types +typedef UINT32 TPM_RESOURCE_TYPE; +#define TPM_RT_KEY ((UINT32)0x00000001) +#define TPM_RT_AUTH ((UINT32)0x00000002) +#define TPM_RT_HASH ((UINT32)0x00000003) +#define TPM_RT_TRANS ((UINT32)0x00000004) +#define TPM_RT_CONTEXT ((UINT32)0x00000005) +#define TPM_RT_COUNTER ((UINT32)0x00000006) +#define TPM_RT_DELEGATE ((UINT32)0x00000007) +#define TPM_RT_DAA_TPM ((UINT32)0x00000008) +#define TPM_RT_DAA_V0 ((UINT32)0x00000009) +#define TPM_RT_DAA_V1 ((UINT32)0x0000000a) + + +typedef BYTE TPM_PAYLOAD_TYPE; /* 1.1b */ +#define TPM_PT_ASYM ((BYTE)0x01) /* 1.1b */ +#define TPM_PT_BIND ((BYTE)0x02) /* 1.1b */ +#define TPM_PT_MIGRATE ((BYTE)0x03) /* 1.1b */ +#define TPM_PT_MAINT ((BYTE)0x04) /* 1.1b */ +#define TPM_PT_SEAL ((BYTE)0x05) /* 1.1b */ +#define TPM_PT_MIGRATE_RESTRICTED ((BYTE)0x06) +#define TPM_PT_MIGRATE_EXTERNAL ((BYTE)0x07) +#define TPM_PT_CMK_MIGRATE ((BYTE)0x08) + + +typedef UINT16 TPM_ENTITY_TYPE; /* 1.1b */ +#define TPM_ET_KEYHANDLE ((UINT16)0x0001) /* 1.1b */ +#define TPM_ET_OWNER ((UINT16)0x0002) /* 1.1b */ +#define TPM_ET_DATA ((UINT16)0x0003) /* 1.1b */ +#define TPM_ET_SRK ((UINT16)0x0004) /* 1.1b */ +#define TPM_ET_KEY ((UINT16)0x0005) /* 1.1b */ +#define TPM_ET_REVOKE ((UINT16)0x0006) +#define TPM_ET_DEL_OWNER_BLOB ((UINT16)0x0007) +#define TPM_ET_DEL_ROW ((UINT16)0x0008) +#define TPM_ET_DEL_KEY_BLOB ((UINT16)0x0009) +#define TPM_ET_COUNTER ((UINT16)0x000a) +#define TPM_ET_NV ((UINT16)0x000b) +#define TPM_ET_OPERATOR ((UINT16)0x000c) +#define TPM_ET_RESERVED_HANDLE ((UINT16)0x0040) + +/* The following values may be ORed into the MSB of the TPM_ENTITY_TYPE + * to indicate particular encryption scheme + */ +#define TPM_ET_XOR ((BYTE)0x00) +#define TPM_ET_AES ((BYTE)0x06) + +typedef UINT32 TPM_KEY_HANDLE; /* 1.1b */ +#define TPM_KH_SRK ((UINT32)0x40000000) +#define TPM_KH_OWNER ((UINT32)0x40000001) +#define TPM_KH_REVOKE ((UINT32)0x40000002) +#define TPM_KH_TRANSPORT ((UINT32)0x40000003) +#define TPM_KH_OPERATOR ((UINT32)0x40000004) +#define TPM_KH_ADMIN ((UINT32)0x40000005) +#define TPM_KH_EK ((UINT32)0x40000006) +/* 1.1b used different names, but the same values */ +#define TPM_KEYHND_SRK (TPM_KH_SRK) /* 1.1b */ +#define TPM_KEYHND_OWNER (TPM_KH_OWNER) /* 1.1b */ + + +typedef UINT16 TPM_STARTUP_TYPE; /* 1.1b */ +#define TPM_ST_CLEAR ((UINT16)0x0001) /* 1.1b */ +#define TPM_ST_STATE ((UINT16)0x0002) /* 1.1b */ +#define TPM_ST_DEACTIVATED ((UINT16)0x0003) /* 1.1b */ + + +//typedef UINT32 TPM_STARTUP_EFFECTS; +// 32-bit mask, see spec for meaning. Names not currently defined. +// bits 0-8 have meaning + +typedef UINT16 TPM_PROTOCOL_ID; /* 1.1b */ +#define TPM_PID_OIAP ((UINT16)0x0001) /* 1.1b */ +#define TPM_PID_OSAP ((UINT16)0x0002) /* 1.1b */ +#define TPM_PID_ADIP ((UINT16)0x0003) /* 1.1b */ +#define TPM_PID_ADCP ((UINT16)0x0004) /* 1.1b */ +#define TPM_PID_OWNER ((UINT16)0x0005) /* 1.1b */ +#define TPM_PID_DSAP ((UINT16)0x0006) +#define TPM_PID_TRANSPORT ((UINT16)0x0007) + + +// Note in 1.2 rev 104, DES and 3DES are eliminated +typedef UINT32 TPM_ALGORITHM_ID; /* 1.1b */ +#define TPM_ALG_RSA ((UINT32)0x00000001) /* 1.1b */ +#define TPM_ALG_DES ((UINT32)0x00000002) /* 1.1b */ +#define TPM_ALG_3DES ((UINT32)0x00000003) /* 1.1b */ +#define TPM_ALG_SHA ((UINT32)0x00000004) /* 1.1b */ +#define TPM_ALG_HMAC ((UINT32)0x00000005) /* 1.1b */ +#define TPM_ALG_AES ((UINT32)0x00000006) /* 1.1b */ +#define TPM_ALG_AES128 (TPM_ALG_AES) +#define TPM_ALG_MGF1 ((UINT32)0x00000007) +#define TPM_ALG_AES192 ((UINT32)0x00000008) +#define TPM_ALG_AES256 ((UINT32)0x00000009) +#define TPM_ALG_XOR ((UINT32)0x0000000a) + + +typedef UINT16 TPM_PHYSICAL_PRESENCE; /* 1.1b */ +#define TPM_PHYSICAL_PRESENCE_LOCK ((UINT16)0x0004) /* 1.1b */ +#define TPM_PHYSICAL_PRESENCE_PRESENT ((UINT16)0x0008) /* 1.1b */ +#define TPM_PHYSICAL_PRESENCE_NOTPRESENT ((UINT16)0x0010) /* 1.1b */ +#define TPM_PHYSICAL_PRESENCE_CMD_ENABLE ((UINT16)0x0020) /* 1.1b */ +#define TPM_PHYSICAL_PRESENCE_HW_ENABLE ((UINT16)0x0040) /* 1.1b */ +#define TPM_PHYSICAL_PRESENCE_LIFETIME_LOCK ((UINT16)0x0080) /* 1.1b */ +#define TPM_PHYSICAL_PRESENCE_CMD_DISABLE ((UINT16)0x0100) +#define TPM_PHYSICAL_PRESENCE_HW_DISABLE ((UINT16)0x0200) + + +typedef UINT16 TPM_MIGRATE_SCHEME; /* 1.1b */ +#define TPM_MS_MIGRATE ((UINT16)0x0001) /* 1.1b */ +#define TPM_MS_REWRAP ((UINT16)0x0002) /* 1.1b */ +#define TPM_MS_MAINT ((UINT16)0x0003) /* 1.1b */ +#define TPM_MS_RESTRICT_MIGRATE ((UINT16)0x0004) +#define TPM_MS_RESTRICT_APPROVE_DOUBLE ((UINT16)0x0005) + + +typedef UINT16 TPM_EK_TYPE; +#define TPM_EK_TYPE_ACTIVATE ((UINT16)0x0001) +#define TPM_EK_TYPE_AUTH ((UINT16)0x0002) + + +typedef UINT16 TPM_PLATFORM_SPECIFIC; +#define TPM_PS_PC_11 ((UINT16)0x0001) +#define TPM_PS_PC_12 ((UINT16)0x0002) +#define TPM_PS_PDA_12 ((UINT16)0x0003) +#define TPM_PS_Server_12 ((UINT16)0x0004) +#define TPM_PS_Mobile_12 ((UINT16)0x0005) + +//------------------------------------------------------------------- +// Part 2, section 5: Basic Structures + +typedef struct tdTPM_STRUCT_VER +{ + BYTE major; + BYTE minor; + BYTE revMajor; + BYTE revMinor; +} TPM_STRUCT_VER; + +typedef struct tdTPM_VERSION_BYTE +{ + // This needs to be made compiler-independent. + int leastSigVer : 4; // least significant 4 bits + int mostSigVer : 4; // most significant 4 bits +} TPM_VERSION_BYTE; + +typedef struct tdTPM_VERSION +{ + BYTE major; // Should really be a TPM_VERSION_BYTE + BYTE minor; // Should really be a TPM_VERSION_BYTE + BYTE revMajor; + BYTE revMinor; +} TPM_VERSION; + + +// Put this in the right place: +// byte size definition for 160 bit SHA1 hash value +#define TPM_SHA1_160_HASH_LEN 0x14 +#define TPM_SHA1BASED_NONCE_LEN TPM_SHA1_160_HASH_LEN + +typedef struct tdTPM_DIGEST +{ + BYTE digest[TPM_SHA1_160_HASH_LEN]; +} TPM_DIGEST; + +typedef TPM_DIGEST TPM_CHOSENID_HASH; +typedef TPM_DIGEST TPM_COMPOSITE_HASH; +typedef TPM_DIGEST TPM_DIRVALUE; +typedef TPM_DIGEST TPM_HMAC; +typedef TPM_DIGEST TPM_PCRVALUE; +typedef TPM_DIGEST TPM_AUDITDIGEST; + +typedef struct tdTPM_NONCE /* 1.1b */ +{ + BYTE nonce[TPM_SHA1BASED_NONCE_LEN]; +} TPM_NONCE; + +typedef TPM_NONCE TPM_DAA_TPM_SEED; +typedef TPM_NONCE TPM_DAA_CONTEXT_SEED; + +typedef struct tdTPM_AUTHDATA /* 1.1b */ +{ + BYTE authdata[TPM_SHA1_160_HASH_LEN]; +} TPM_AUTHDATA; + +typedef TPM_AUTHDATA TPM_SECRET; +typedef TPM_AUTHDATA TPM_ENCAUTH; + + +typedef struct tdTPM_KEY_HANDLE_LIST /* 1.1b */ +{ + UINT16 loaded; + SIZEIS(loaded) + TPM_KEY_HANDLE *handle; +} TPM_KEY_HANDLE_LIST; + + +//------------------------------------------------------------------- +// Part 2, section 5.8: Key usage values + +typedef UINT16 TPM_KEY_USAGE; /* 1.1b */ +#define TPM_KEY_SIGNING ((UINT16)0x0010) /* 1.1b */ +#define TPM_KEY_STORAGE ((UINT16)0x0011) /* 1.1b */ +#define TPM_KEY_IDENTITY ((UINT16)0x0012) /* 1.1b */ +#define TPM_KEY_AUTHCHANGE ((UINT16)0x0013) /* 1.1b */ +#define TPM_KEY_BIND ((UINT16)0x0014) /* 1.1b */ +#define TPM_KEY_LEGACY ((UINT16)0x0015) /* 1.1b */ +#define TPM_KEY_MIGRATE ((UINT16)0x0016) + +typedef UINT16 TPM_SIG_SCHEME; /* 1.1b */ +#define TPM_SS_NONE ((UINT16)0x0001) /* 1.1b */ +#define TPM_SS_RSASSAPKCS1v15_SHA1 ((UINT16)0x0002) /* 1.1b */ +#define TPM_SS_RSASSAPKCS1v15_DER ((UINT16)0x0003) /* 1.1b */ +#define TPM_SS_RSASSAPKCS1v15_INFO ((UINT16)0x0004) + +typedef UINT16 TPM_ENC_SCHEME; /* 1.1b */ +#define TPM_ES_NONE ((UINT16)0x0001) /* 1.1b */ +#define TPM_ES_RSAESPKCSv15 ((UINT16)0x0002) /* 1.1b */ +#define TPM_ES_RSAESOAEP_SHA1_MGF1 ((UINT16)0x0003) /* 1.1b */ +#define TPM_ES_SYM_CNT ((UINT16)0x0004) +#define TPM_ES_SYM_CTR TPM_ES_SYM_CNT +#define TPM_ES_SYM_OFB ((UINT16)0x0005) +#define TPM_ES_SYM_CBC_PKCS5PAD ((UINT16)0x00ff) + +//------------------------------------------------------------------- +// Part 2, section 5.9: TPM_AUTH_DATA_USAGE values + +typedef BYTE TPM_AUTH_DATA_USAGE; /* 1.1b */ +#define TPM_AUTH_NEVER ((BYTE)0x00) /* 1.1b */ +#define TPM_AUTH_ALWAYS ((BYTE)0x01) /* 1.1b */ +#define TPM_AUTH_PRIV_USE_ONLY ((BYTE)0x11) + + +//------------------------------------------------------------------- +// Part 2, section 5.10: TPM_KEY_FLAGS flags + +typedef UINT32 TPM_KEY_FLAGS; /* 1.1b */ +#define TPM_REDIRECTION ((UINT32)0x00000001) /* 1.1b */ +#define TPM_MIGRATABLE ((UINT32)0x00000002) /* 1.1b */ +#define TPM_VOLATILE ((UINT32)0x00000004) /* 1.1b */ +#define TPM_PCRIGNOREDONREAD ((UINT32)0x00000008) +#define TPM_MIGRATEAUTHORITY ((UINT32)0x00000010) + + +//------------------------------------------------------------------- +// Part 2, section 5.11: TPM_CHANGEAUTH_VALIDATE + +typedef struct tdTPM_CHANGEAUTH_VALIDATE +{ + TPM_SECRET newAuthSecret; + TPM_NONCE n1; +} TPM_CHANGEAUTH_VALIDATE; + +//------------------------------------------------------------------- +// Part 2, section 5.12: TPM_MIGRATIONKEYAUTH +// declared after section 10 to catch declaration of TPM_PUBKEY + +//------------------------------------------------------------------- +// Part 2, section 5.13: TPM_COUNTER_VALUE; + +typedef UINT32 TPM_ACTUAL_COUNT; +typedef struct tdTPM_COUNTER_VALUE +{ + TPM_STRUCTURE_TAG tag; + BYTE label[4]; + TPM_ACTUAL_COUNT counter; +} TPM_COUNTER_VALUE; + +//------------------------------------------------------------------- +// Part 2, section 5.14: TPM_SIGN_INFO structure + +typedef struct tdTPM_SIGN_INFO +{ + TPM_STRUCTURE_TAG tag; + BYTE fixed[4]; + TPM_NONCE replay; + UINT32 dataLen; + SIZEIS(dataLen) + BYTE *data; +} TPM_SIGN_INFO; + +//------------------------------------------------------------------- +// Part 2, section 5.15: TPM_MSA_COMPOSITE + +typedef struct tdTPM_MSA_COMPOSITE +{ + UINT32 MSAlist; + SIZEIS(MSAlist) + TPM_DIGEST *migAuthDigest; +} TPM_MSA_COMPOSITE; + +//------------------------------------------------------------------- +// Part 2, section 5.16: TPM_CMK_AUTH + +typedef struct tdTPM_CMK_AUTH +{ + TPM_DIGEST migrationAuthorityDigest; + TPM_DIGEST destinationKeyDigest; + TPM_DIGEST sourceKeyDigest; +} TPM_CMK_AUTH; + +//------------------------------------------------------------------- +// Part 2, section 5.17: TPM_CMK_DELEGATE + +typedef UINT32 TPM_CMK_DELEGATE; +#define TPM_CMK_DELEGATE_SIGNING (((UINT32)1)<<31) +#define TPM_CMK_DELEGATE_STORAGE (((UINT32)1)<<30) +#define TPM_CMK_DELEGATE_BIND (((UINT32)1)<<29) +#define TPM_CMK_DELEGATE_LEGACY (((UINT32)1)<<28) +#define TPM_CMK_DELEGATE_MIGRATE (((UINT32)1)<<27) + +//------------------------------------------------------------------- +// Part 2, section 5.18: TPM_SELECT_SIZE + +typedef struct tdTPM_SELECT_SIZE +{ + BYTE major; + BYTE minor; + UINT16 reqSize; +} TPM_SELECT_SIZE; + +//------------------------------------------------------------------- +// Part 2, section 5.19: TPM_CMK_MIGAUTH + +typedef struct tdTPM_CMK_MIGAUTH +{ + TPM_STRUCTURE_TAG tag; + TPM_DIGEST msaDigest; + TPM_DIGEST pubKeyDigest; +} TPM_CMK_MIGAUTH; + +//------------------------------------------------------------------- +// Part 2, section 5.20: TPM_CMK_SIGTICKET + +typedef struct tdTPM_CMK_SIGTICKET +{ + TPM_STRUCTURE_TAG tag; + TPM_DIGEST verKeyDigest; + TPM_DIGEST signedData; +} TPM_CMK_SIGTICKET; + +//------------------------------------------------------------------- +// Part 2, section 5.21: TPM_CMK_MA_APPROVAL + +typedef struct tdTPM_CMK_MA_APPROVAL +{ + TPM_STRUCTURE_TAG tag; + TPM_DIGEST migrationAuthorityDigest; +} TPM_CMK_MA_APPROVAL; + + +//------------------------------------------------------------------- +// Part 2, section 6: Command Tags + +typedef UINT16 TPM_TAG; /* 1.1b */ +#define TPM_TAG_RQU_COMMAND ((UINT16)0x00c1) +#define TPM_TAG_RQU_AUTH1_COMMAND ((UINT16)0x00c2) +#define TPM_TAG_RQU_AUTH2_COMMAND ((UINT16)0x00c3) +#define TPM_TAG_RSP_COMMAND ((UINT16)0x00c4) +#define TPM_TAG_RSP_AUTH1_COMMAND ((UINT16)0x00c5) +#define TPM_TAG_RSP_AUTH2_COMMAND ((UINT16)0x00c6) + + +//------------------------------------------------------------------- +// Part 2, section 7.1: TPM_PERMANENT_FLAGS + +typedef struct tdTPM_PERMANENT_FLAGS +{ + TPM_STRUCTURE_TAG tag; + TSS_BOOL disable; + TSS_BOOL ownership; + TSS_BOOL deactivated; + TSS_BOOL readPubek; + TSS_BOOL disableOwnerClear; + TSS_BOOL allowMaintenance; + TSS_BOOL physicalPresenceLifetimeLock; + TSS_BOOL physicalPresenceHWEnable; + TSS_BOOL physicalPresenceCMDEnable; + TSS_BOOL CEKPUsed; + TSS_BOOL TPMpost; + TSS_BOOL TPMpostLock; + TSS_BOOL FIPS; + TSS_BOOL Operator; + TSS_BOOL enableRevokeEK; + TSS_BOOL nvLocked; + TSS_BOOL readSRKPub; + TSS_BOOL tpmEstablished; + TSS_BOOL maintenanceDone; + TSS_BOOL disableFullDALogicInfo; +} TPM_PERMANENT_FLAGS; + +#define TPM_PF_DISABLE ((UINT32)0x00000001) +#define TPM_PF_OWNERSHIP ((UINT32)0x00000002) +#define TPM_PF_DEACTIVATED ((UINT32)0x00000003) +#define TPM_PF_READPUBEK ((UINT32)0x00000004) +#define TPM_PF_DISABLEOWNERCLEAR ((UINT32)0x00000005) +#define TPM_PF_ALLOWMAINTENANCE ((UINT32)0x00000006) +#define TPM_PF_PHYSICALPRESENCELIFETIMELOCK ((UINT32)0x00000007) +#define TPM_PF_PHYSICALPRESENCEHWENABLE ((UINT32)0x00000008) +#define TPM_PF_PHYSICALPRESENCECMDENABLE ((UINT32)0x00000009) +#define TPM_PF_CEKPUSED ((UINT32)0x0000000A) +#define TPM_PF_TPMPOST ((UINT32)0x0000000B) +#define TPM_PF_TPMPOSTLOCK ((UINT32)0x0000000C) +#define TPM_PF_FIPS ((UINT32)0x0000000D) +#define TPM_PF_OPERATOR ((UINT32)0x0000000E) +#define TPM_PF_ENABLEREVOKEEK ((UINT32)0x0000000F) +#define TPM_PF_NV_LOCKED ((UINT32)0x00000010) +#define TPM_PF_READSRKPUB ((UINT32)0x00000011) +#define TPM_PF_RESETESTABLISHMENTBIT ((UINT32)0x00000012) +#define TPM_PF_MAINTENANCEDONE ((UINT32)0x00000013) +#define TPM_PF_DISABLEFULLDALOGICINFO ((UINT32)0x00000014) + + +//------------------------------------------------------------------- +// Part 2, section 7.2: TPM_STCLEAR_FLAGS + +typedef struct tdTPM_STCLEAR_FLAGS +{ + TPM_STRUCTURE_TAG tag; + TSS_BOOL deactivated; + TSS_BOOL disableForceClear; + TSS_BOOL physicalPresence; + TSS_BOOL physicalPresenceLock; + TSS_BOOL bGlobalLock; +} TPM_STCLEAR_FLAGS; + +#define TPM_SF_DEACTIVATED ((UINT32)0x00000001) +#define TPM_SF_DISABLEFORCECLEAR ((UINT32)0x00000002) +#define TPM_SF_PHYSICALPRESENCE ((UINT32)0x00000003) +#define TPM_SF_PHYSICALPRESENCELOCK ((UINT32)0x00000004) +#define TPM_SF_GLOBALLOCK ((UINT32)0x00000005) + + +//------------------------------------------------------------------- +// Part 2, section 7.3: TPM_STANY_FLAGS + +typedef struct tdTPM_STANY_FLAGS +{ + TPM_STRUCTURE_TAG tag; + TSS_BOOL postInitialise; + TPM_MODIFIER_INDICATOR localityModifier; + TSS_BOOL transportExclusive; + TSS_BOOL TOSPresent; +} TPM_STANY_FLAGS; + +#define TPM_AF_POSTINITIALIZE ((UINT32)0x00000001) +#define TPM_AF_LOCALITYMODIFIER ((UINT32)0x00000002) +#define TPM_AF_TRANSPORTEXCLUSIVE ((UINT32)0x00000003) +#define TPM_AF_TOSPRESENT ((UINT32)0x00000004) + + +//------------------------------------------------------------------- +// Part 2, section 7.4: TPM_PERMANENT_DATA +// available inside TPM only +// +//#define TPM_MIN_COUNTERS 4 +//#define TPM_NUM_PCR 16 +//#define TPM_MAX_NV_WRITE_NOOWNER 64 +// +//typedef struct tdTPM_PERMANENT_DATA +//{ +// TPM_STRUCTURE_TAG tag; +// BYTE revMajor; +// BYTE revMinor; +// TPM_NONCE tpmProof; +// TPM_NONCE ekReset; +// TPM_SECRET ownerAuth; +// TPM_SECRET operatorAuth; +// TPM_DIRVALUE authDIR[1]; +// TPM_PUBKEY manuMaintPub; +// TPM_KEY endorsementKey; +// TPM_KEY srk; +// TPM_KEY contextKey; +// TPM_KEY delegateKey; +// TPM_COUNTER_VALUE auditMonotonicCounter; +// TPM_COUNTER_VALUE monitonicCounter[TPM_MIN_COUNTERS]; +// TPM_PCR_ATTRIBUTES pcrAttrib[TPM_NUM_PCR]; +// BYTE ordinalAuditStatus[]; +// BYTE *rngState; +// TPM_FAMILY_TABLE familyTable; +// TPM_DELEGATE_TABLE delegateTable; +// UINT32 maxNVBufSize; +// UINT32 lastFamilyID; +// UINT32 noOwnerNVWrite; +// TPM_CMK_DELEGATE restrictDelegate; +// TPM_DAA_TPM_SEED tpmDAASeed; +// TPM_NONCE daaProof; +// TPM_NONCE daaBlobKey; +//} TPM_PERMANENT_DATA; + + +//------------------------------------------------------------------- +// Part 2, section 7.5: TPM_STCLEAR_DATA +// available inside TPM only +// +//typedef struct tdTPM_STCLEAR_DATA +//{ +// TPM_STRUCTURE_TAG tag; +// TPM_NONCE contextNonceKey; +// TPM_COUNT_ID countID; +// UINT32 ownerReference; +// TPM_BOOL disableResetLock; +// TPM_PCRVALUE PCR[TPM_NUM_PCR]; +// UINT32 deferredPhysicalPresence; +//} TPM_STCLEAR_DATA; + + + +//------------------------------------------------------------------- +// Part 2, section 7.5: TPM_STANY_DATA +// available inside TPM only +// +//typedef struct tdTPM_STANY_DATA +//{ +// TPM_STRUCTURE_TAG tag; +// TPM_NONCE contextNonceSession; +// TPM_DIGEST auditDigest; +// TPM_CURRENT_TICKS currentTicks; +// UINT32 contextCount; +// UINT32 contextList[TPM_MIN_SESSION_LIST]; +// TPM_SESSION_DATA sessions[TPM_MIN_SESSIONS]; +// // The following appear in section 22.6 but not in 7.5 +// TPM_DAA_ISSUER DAA_issuerSettings; +// TPM_DAA_TPM DAA_tpmSpecific; +// TPM_DAA_CONTEXT DAA_session; +// TPM_DAA_JOINDATA DAA_joinSession; +//} TPM_STANY_DATA; + + + +//------------------------------------------------------------------- +// Part 2, section 8: PCR Structures + +typedef BYTE TPM_LOCALITY_SELECTION; +#define TPM_LOC_FOUR (((UINT32)1)<<4) +#define TPM_LOC_THREE (((UINT32)1)<<3) +#define TPM_LOC_TWO (((UINT32)1)<<2) +#define TPM_LOC_ONE (((UINT32)1)<<1) +#define TPM_LOC_ZERO (((UINT32)1)<<0) + +typedef struct tdTPM_PCR_SELECTION /* 1.1b */ +{ + UINT16 sizeOfSelect; + SIZEIS(sizeOfSelect) + BYTE *pcrSelect; +} TPM_PCR_SELECTION; + +typedef struct tdTPM_PCR_COMPOSITE /* 1.1b */ +{ + TPM_PCR_SELECTION select; + UINT32 valueSize; + SIZEIS(valueSize) + TPM_PCRVALUE *pcrValue; +} TPM_PCR_COMPOSITE; + +typedef struct tdTPM_PCR_INFO /* 1.1b */ +{ + TPM_PCR_SELECTION pcrSelection; + TPM_COMPOSITE_HASH digestAtRelease; + TPM_COMPOSITE_HASH digestAtCreation; +} TPM_PCR_INFO; + +typedef struct tdTPM_PCR_INFO_LONG +{ + TPM_STRUCTURE_TAG tag; + TPM_LOCALITY_SELECTION localityAtCreation; + TPM_LOCALITY_SELECTION localityAtRelease; + TPM_PCR_SELECTION creationPCRSelection; + TPM_PCR_SELECTION releasePCRSelection; + TPM_COMPOSITE_HASH digestAtCreation; + TPM_COMPOSITE_HASH digestAtRelease; +} TPM_PCR_INFO_LONG; + +typedef struct tdTPM_PCR_INFO_SHORT +{ + TPM_PCR_SELECTION pcrSelection; + TPM_LOCALITY_SELECTION localityAtRelease; + TPM_COMPOSITE_HASH digestAtRelease; +} TPM_PCR_INFO_SHORT; + +typedef struct tdTPM_PCR_ATTRIBUTES +{ + BYTE pcrReset; + TPM_LOCALITY_SELECTION pcrExtendLocal; + TPM_LOCALITY_SELECTION pcrResetLocal; +} TPM_PCR_ATTRIBUTES; + + + +//------------------------------------------------------------------- +// Part 2, section 9: + +typedef struct tdTPM_STORED_DATA /* 1.1b */ +{ + TPM_STRUCT_VER ver; + UINT32 sealInfoSize; + SIZEIS(sealInfoSize) + BYTE *sealInfo; + UINT32 encDataSize; + SIZEIS(encDataSize) + BYTE *encData; +} TPM_STORED_DATA; + +typedef struct tdTPM_STORED_DATA12 +{ + TPM_STRUCTURE_TAG tag; + TPM_ENTITY_TYPE et; + UINT32 sealInfoSize; + SIZEIS(sealInfoSize) + BYTE *sealInfo; + UINT32 encDataSize; + SIZEIS(encDataSize) + BYTE *encData; +} TPM_STORED_DATA12; + +typedef struct tdTPM_SEALED_DATA /* 1.1b */ +{ + TPM_PAYLOAD_TYPE payload; + TPM_SECRET authData; + TPM_NONCE tpmProof; + TPM_DIGEST storedDigest; + UINT32 dataSize; + SIZEIS(dataSize) + BYTE *data; +} TPM_SEALED_DATA; + +typedef struct tdTPM_SYMMETRIC_KEY /* 1.1b */ +{ + TPM_ALGORITHM_ID algId; + TPM_ENC_SCHEME encScheme; + UINT16 size; + SIZEIS(size) + BYTE *data; +} TPM_SYMMETRIC_KEY; + +typedef struct tdTPM_BOUND_DATA +{ + TPM_STRUCT_VER ver; + TPM_PAYLOAD_TYPE payload; + BYTE *payloadData; // length is implied +} TPM_BOUND_DATA; + + +//------------------------------------------------------------------- +// Part 2, section 10: TPM_KEY complex + +typedef struct tdTPM_KEY_PARMS /* 1.1b */ +{ + TPM_ALGORITHM_ID algorithmID; + TPM_ENC_SCHEME encScheme; + TPM_SIG_SCHEME sigScheme; + UINT32 parmSize; + SIZEIS(parmSize) + BYTE *parms; +} TPM_KEY_PARMS; + +typedef struct tdTPM_RSA_KEY_PARMS /* 1.1b */ +{ + UINT32 keyLength; + UINT32 numPrimes; + UINT32 exponentSize; + SIZEIS(exponentSize) + BYTE *exponent; +} TPM_RSA_KEY_PARMS; + +typedef struct tdTPM_SYMMETRIC_KEY_PARMS +{ + UINT32 keyLength; + UINT32 blockSize; + UINT32 ivSize; + SIZEIS(ivSize) + BYTE *IV; +} TPM_SYMMETRIC_KEY_PARMS; + +typedef struct tdTPM_STORE_PUBKEY /* 1.1b */ +{ + UINT32 keyLength; + SIZEIS(keyLength) + BYTE *key; +} TPM_STORE_PUBKEY; + +typedef struct tdTPM_PUBKEY /* 1.1b */ +{ + TPM_KEY_PARMS algorithmParms; + TPM_STORE_PUBKEY pubKey; +} TPM_PUBKEY; + +typedef struct tdTPM_STORE_PRIVKEY /* 1.1b */ +{ + UINT32 keyLength; + SIZEIS(keyLength) + BYTE *key; +} TPM_STORE_PRIVKEY; + +typedef struct tdTPM_STORE_ASYMKEY /* 1.1b */ +{ + TPM_PAYLOAD_TYPE payload; + TPM_SECRET usageAuth; + TPM_SECRET migrationAuth; + TPM_DIGEST pubDataDigest; + TPM_STORE_PRIVKEY privKey; +} TPM_STORE_ASYMKEY; + +typedef struct tdTPM_KEY /* 1.1b */ +{ + TPM_STRUCT_VER ver; + TPM_KEY_USAGE keyUsage; + TPM_KEY_FLAGS keyFlags; + TPM_AUTH_DATA_USAGE authDataUsage; + TPM_KEY_PARMS algorithmParms; + UINT32 PCRInfoSize; + SIZEIS(PCRInfoSize) + BYTE *PCRInfo; + TPM_STORE_PUBKEY pubKey; + UINT32 encSize; + SIZEIS(encSize) + BYTE *encData; +} TPM_KEY; + +typedef struct tdTPM_KEY12 +{ + TPM_STRUCTURE_TAG tag; + UINT16 fill; + TPM_KEY_USAGE keyUsage; + TPM_KEY_FLAGS keyFlags; + TPM_AUTH_DATA_USAGE authDataUsage; + TPM_KEY_PARMS algorithmParms; + UINT32 PCRInfoSize; + SIZEIS(PCRInfoSize) + BYTE *PCRInfo; + TPM_STORE_PUBKEY pubKey; + UINT32 encSize; + SIZEIS(encSize) + BYTE *encData; +} TPM_KEY12; + +typedef struct tdTPM_MIGRATE_ASYMKEY +{ + TPM_PAYLOAD_TYPE payload; + TPM_SECRET usageAuth; + TPM_DIGEST pubDataDigest; + UINT32 partPrivKeyLen; + SIZEIS(partPrivKeyLen) + BYTE *partPrivKey; +} TPM_MIGRATE_ASYMKEY; + + +typedef UINT32 TPM_KEY_CONTROL; +#define TPM_KEY_CONTROL_OWNER_EVICT ((UINT32)0x00000001) + + +//------------------------------------------------------------------- +// Part 2, section 5.12: TPM_MIGRATIONKEYAUTH + +typedef struct tdTPM_MIGRATIONKEYAUTH /* 1.1b */ +{ + TPM_PUBKEY migrationKey; + TPM_MIGRATE_SCHEME migrationScheme; + TPM_DIGEST digest; +} TPM_MIGRATIONKEYAUTH; + + +//------------------------------------------------------------------- +// Part 2, section 11: Signed Structures + +typedef struct tdTPM_CERTIFY_INFO /* 1.1b */ +{ + TPM_STRUCT_VER version; + TPM_KEY_USAGE keyUsage; + TPM_KEY_FLAGS keyFlags; + TPM_AUTH_DATA_USAGE authDataUsage; + TPM_KEY_PARMS algorithmParms; + TPM_DIGEST pubkeyDigest; + TPM_NONCE data; + TPM_BOOL parentPCRStatus; + UINT32 PCRInfoSize; + SIZEIS(PCRInfoSize) + BYTE *PCRInfo; +} TPM_CERTIFY_INFO; + +typedef struct tdTPM_CERTIFY_INFO2 +{ + TPM_STRUCTURE_TAG tag; + BYTE fill; + TPM_PAYLOAD_TYPE payloadType; + TPM_KEY_USAGE keyUsage; + TPM_KEY_FLAGS keyFlags; + TPM_AUTH_DATA_USAGE authDataUsage; + TPM_KEY_PARMS algorithmParms; + TPM_DIGEST pubkeyDigest; + TPM_NONCE data; + TPM_BOOL parentPCRStatus; + UINT32 PCRInfoSize; + SIZEIS(PCRInfoSize) + BYTE *PCRInfo; + UINT32 migrationAuthoritySize; + SIZEIS(migrationAuthoritySize) + BYTE *migrationAuthority; +} TPM_CERTIFY_INFO2; + +typedef struct tdTPM_QUOTE_INFO /* 1.1b */ +{ + TPM_STRUCT_VER version; + BYTE fixed[4]; + TPM_COMPOSITE_HASH compositeHash; /* in 1.2 TPM spec, named digestValue */ + TPM_NONCE externalData; +} TPM_QUOTE_INFO; + +typedef struct tdTPM_QUOTE_INFO2 +{ + TPM_STRUCTURE_TAG tag; + BYTE fixed[4]; + TPM_NONCE externalData; + TPM_PCR_INFO_SHORT infoShort; +} TPM_QUOTE_INFO2; + + + +//------------------------------------------------------------------- +// Part 2, section 12: Identity Structures + + +typedef struct tdTPM_EK_BLOB +{ + TPM_STRUCTURE_TAG tag; + TPM_EK_TYPE ekType; + UINT32 blobSize; + SIZEIS(blobSize) + BYTE *blob; +} TPM_EK_BLOB; + +typedef struct tdTPM_EK_BLOB_ACTIVATE +{ + TPM_STRUCTURE_TAG tag; + TPM_SYMMETRIC_KEY sessionKey; + TPM_DIGEST idDigest; + TPM_PCR_INFO_SHORT pcrInfo; +} TPM_EK_BLOB_ACTIVATE; + +typedef struct tdTPM_EK_BLOB_AUTH +{ + TPM_STRUCTURE_TAG tag; + TPM_SECRET authValue; +} TPM_EK_BLOB_AUTH; + + +typedef struct tdTPM_IDENTITY_CONTENTS +{ + TPM_STRUCT_VER ver; + UINT32 ordinal; + TPM_CHOSENID_HASH labelPrivCADigest; + TPM_PUBKEY identityPubKey; +} TPM_IDENTITY_CONTENTS; + +typedef struct tdTPM_IDENTITY_REQ /* 1.1b */ +{ + UINT32 asymSize; + UINT32 symSize; + TPM_KEY_PARMS asymAlgorithm; + TPM_KEY_PARMS symAlgorithm; + SIZEIS(asymSize) + BYTE *asymBlob; + SIZEIS(symSize) + BYTE *symBlob; +} TPM_IDENTITY_REQ; + +typedef struct tdTPM_IDENTITY_PROOF /* 1.1b */ +{ + TPM_STRUCT_VER ver; + UINT32 labelSize; + UINT32 identityBindingSize; + UINT32 endorsementSize; + UINT32 platformSize; + UINT32 conformanceSize; + TPM_PUBKEY identityKey; + SIZEIS(labelSize) + BYTE *labelArea; + SIZEIS(identityBindingSize) + BYTE *identityBinding; + SIZEIS(endorsementSize) + BYTE *endorsementCredential; + SIZEIS(platformSize) + BYTE *platformCredential; + SIZEIS(conformanceSize) + BYTE *conformanceCredential; +} TPM_IDENTITY_PROOF; + +typedef struct tdTPM_ASYM_CA_CONTENTS /* 1.1b */ +{ + TPM_SYMMETRIC_KEY sessionKey; + TPM_DIGEST idDigest; +} TPM_ASYM_CA_CONTENTS; + +typedef struct tdTPM_SYM_CA_ATTESTATION +{ + UINT32 credSize; + TPM_KEY_PARMS algorithm; + SIZEIS(credSize) + BYTE *credential; +} TPM_SYM_CA_ATTESTATION; + + + +//------------------------------------------------------------------- +// Part 2, section 15: Tick Structures +// Placed here out of order because definitions are used in section 13. + +typedef struct tdTPM_CURRENT_TICKS +{ + TPM_STRUCTURE_TAG tag; + UINT64 currentTicks; + UINT16 tickRate; + TPM_NONCE tickNonce; +} TPM_CURRENT_TICKS; + + + +//------------------------------------------------------------------- +// Part 2, section 13: Transport structures + +typedef UINT32 TPM_TRANSPORT_ATTRIBUTES; +#define TPM_TRANSPORT_ENCRYPT ((UINT32)0x00000001) +#define TPM_TRANSPORT_LOG ((UINT32)0x00000002) +#define TPM_TRANSPORT_EXCLUSIVE ((UINT32)0x00000004) + +typedef struct tdTPM_TRANSPORT_PUBLIC +{ + TPM_STRUCTURE_TAG tag; + TPM_TRANSPORT_ATTRIBUTES transAttributes; + TPM_ALGORITHM_ID algId; + TPM_ENC_SCHEME encScheme; +} TPM_TRANSPORT_PUBLIC; + +typedef struct tdTPM_TRANSPORT_INTERNAL +{ + TPM_STRUCTURE_TAG tag; + TPM_AUTHDATA authData; + TPM_TRANSPORT_PUBLIC transPublic; + TPM_TRANSHANDLE transHandle; + TPM_NONCE transNonceEven; + TPM_DIGEST transDigest; +} TPM_TRANSPORT_INTERNAL; + +typedef struct tdTPM_TRANSPORT_LOG_IN +{ + TPM_STRUCTURE_TAG tag; + TPM_DIGEST parameters; + TPM_DIGEST pubKeyHash; +} TPM_TRANSPORT_LOG_IN; + +typedef struct tdTPM_TRANSPORT_LOG_OUT +{ + TPM_STRUCTURE_TAG tag; + TPM_CURRENT_TICKS currentTicks; + TPM_DIGEST parameters; + TPM_MODIFIER_INDICATOR locality; +} TPM_TRANSPORT_LOG_OUT; + +typedef struct tdTPM_TRANSPORT_AUTH +{ + TPM_STRUCTURE_TAG tag; + TPM_AUTHDATA authData; +} TPM_TRANSPORT_AUTH; + + + +//------------------------------------------------------------------- +// Part 2, section 14: Audit Structures + +typedef struct tdTPM_AUDIT_EVENT_IN +{ + TPM_STRUCTURE_TAG tag; + TPM_DIGEST inputParms; + TPM_COUNTER_VALUE auditCount; +} TPM_AUDIT_EVENT_IN; + +typedef struct tdTPM_AUDIT_EVENT_OUT +{ + TPM_STRUCTURE_TAG tag; + TPM_COMMAND_CODE ordinal; + TPM_DIGEST outputParms; + TPM_COUNTER_VALUE auditCount; + TPM_RESULT returnCode; +} TPM_AUDIT_EVENT_OUT; + + + +//------------------------------------------------------------------- +// Part 2, section 16: Return codes + +#include + + +//------------------------------------------------------------------- +// Part 2, section 17: Ordinals + +#include + +//------------------------------------------------------------------- +// Part 2, section 18: Context structures + +typedef struct tdTPM_CONTEXT_BLOB +{ + TPM_STRUCTURE_TAG tag; + TPM_RESOURCE_TYPE resourceType; + TPM_HANDLE handle; + BYTE label[16]; + UINT32 contextCount; + TPM_DIGEST integrityDigest; + UINT32 additionalSize; + SIZEIS(additionalSize) + BYTE *additionalData; + UINT32 sensitiveSize; + SIZEIS(sensitiveSize) + BYTE *sensitiveData; +} TPM_CONTEXT_BLOB; + +typedef struct tdTPM_CONTEXT_SENSITIVE +{ + TPM_STRUCTURE_TAG tag; + TPM_NONCE contextNonce; + UINT32 internalSize; + SIZEIS(internalSize) + BYTE *internalData; +} TPM_CONTEXT_SENSITIVE; + +//------------------------------------------------------------------- +// Part 2, section 19: NV Structures + +typedef UINT32 TPM_NV_INDEX; +#define TPM_NV_INDEX_LOCK ((UINT32)0xffffffff) +#define TPM_NV_INDEX0 ((UINT32)0x00000000) +#define TPM_NV_INDEX_DIR ((UINT32)0x10000001) +#define TPM_NV_INDEX_EKCert ((UINT32)0x0000f000) +#define TPM_NV_INDEX_TPM_CC ((UINT32)0x0000f001) +#define TPM_NV_INDEX_PlatformCert ((UINT32)0x0000f002) +#define TPM_NV_INDEX_Platform_CC ((UINT32)0x0000f003) +// The following define ranges of reserved indices. +#define TPM_NV_INDEX_TSS_BASE ((UINT32)0x00011100) +#define TPM_NV_INDEX_PC_BASE ((UINT32)0x00011200) +#define TPM_NV_INDEX_SERVER_BASE ((UINT32)0x00011300) +#define TPM_NV_INDEX_MOBILE_BASE ((UINT32)0x00011400) +#define TPM_NV_INDEX_PERIPHERAL_BASE ((UINT32)0x00011500) +#define TPM_NV_INDEX_GROUP_RESV_BASE ((UINT32)0x00010000) + + +typedef UINT32 TPM_NV_PER_ATTRIBUTES; +#define TPM_NV_PER_READ_STCLEAR (((UINT32)1)<<31) +#define TPM_NV_PER_AUTHREAD (((UINT32)1)<<18) +#define TPM_NV_PER_OWNERREAD (((UINT32)1)<<17) +#define TPM_NV_PER_PPREAD (((UINT32)1)<<16) +#define TPM_NV_PER_GLOBALLOCK (((UINT32)1)<<15) +#define TPM_NV_PER_WRITE_STCLEAR (((UINT32)1)<<14) +#define TPM_NV_PER_WRITEDEFINE (((UINT32)1)<<13) +#define TPM_NV_PER_WRITEALL (((UINT32)1)<<12) +#define TPM_NV_PER_AUTHWRITE (((UINT32)1)<<2) +#define TPM_NV_PER_OWNERWRITE (((UINT32)1)<<1) +#define TPM_NV_PER_PPWRITE (((UINT32)1)<<0) + +typedef struct tdTPM_NV_ATTRIBUTES +{ + TPM_STRUCTURE_TAG tag; + TPM_NV_PER_ATTRIBUTES attributes; +} TPM_NV_ATTRIBUTES; + + +typedef struct tdTPM_NV_DATA_PUBLIC +{ + TPM_STRUCTURE_TAG tag; + TPM_NV_INDEX nvIndex; + TPM_PCR_INFO_SHORT pcrInfoRead; + TPM_PCR_INFO_SHORT pcrInfoWrite; + TPM_NV_ATTRIBUTES permission; + TPM_BOOL bReadSTClear; + TPM_BOOL bWriteSTClear; + TPM_BOOL bWriteDefine; + UINT32 dataSize; +} TPM_NV_DATA_PUBLIC; + + +#if 0 +// Internal to TPM: +typedef struct tdTPM_NV_DATA_SENSITIVE +{ + TPM_STRUCTURE_TAG tag; + TPM_NV_DATA_PUBLIC pubInfo; + TPM_AUTHDATA authValue; + SIZEIS(pubInfo.dataSize) + BYTE *data; +} TPM_NV_DATA_SENSITIVE; +#endif + + +//------------------------------------------------------------------- +// Part 2, section 20: Delegation + +//------------------------------------------------------------------- +// Part 2, section 20.3: Owner Permissions Settings for per1 bits +#define TPM_DELEGATE_SetOrdinalAuditStatus (((UINT32)1)<<30) +#define TPM_DELEGATE_DirWriteAuth (((UINT32)1)<<29) +#define TPM_DELEGATE_CMK_ApproveMA (((UINT32)1)<<28) +#define TPM_DELEGATE_NV_WriteValue (((UINT32)1)<<27) +#define TPM_DELEGATE_CMK_CreateTicket (((UINT32)1)<<26) +#define TPM_DELEGATE_NV_ReadValue (((UINT32)1)<<25) +#define TPM_DELEGATE_Delegate_LoadOwnerDelegation (((UINT32)1)<<24) +#define TPM_DELEGATE_DAA_Join (((UINT32)1)<<23) +#define TPM_DELEGATE_AuthorizeMigrationKey (((UINT32)1)<<22) +#define TPM_DELEGATE_CreateMaintenanceArchive (((UINT32)1)<<21) +#define TPM_DELEGATE_LoadMaintenanceArchive (((UINT32)1)<<20) +#define TPM_DELEGATE_KillMaintenanceFeature (((UINT32)1)<<19) +#define TPM_DELEGATE_OwnerReadInternalPub (((UINT32)1)<<18) +#define TPM_DELEGATE_ResetLockValue (((UINT32)1)<<17) +#define TPM_DELEGATE_OwnerClear (((UINT32)1)<<16) +#define TPM_DELEGATE_DisableOwnerClear (((UINT32)1)<<15) +#define TPM_DELEGATE_NV_DefineSpace (((UINT32)1)<<14) +#define TPM_DELEGATE_OwnerSetDisable (((UINT32)1)<<13) +#define TPM_DELEGATE_SetCapability (((UINT32)1)<<12) +#define TPM_DELEGATE_MakeIdentity (((UINT32)1)<<11) +#define TPM_DELEGATE_ActivateIdentity (((UINT32)1)<<10) +#define TPM_DELEGATE_OwnerReadPubek (((UINT32)1)<<9) +#define TPM_DELEGATE_DisablePubekRead (((UINT32)1)<<8) +#define TPM_DELEGATE_SetRedirection (((UINT32)1)<<7) +#define TPM_DELEGATE_FieldUpgrade (((UINT32)1)<<6) +#define TPM_DELEGATE_Delegate_UpdateVerification (((UINT32)1)<<5) +#define TPM_DELEGATE_CreateCounter (((UINT32)1)<<4) +#define TPM_DELEGATE_ReleaseCounterOwner (((UINT32)1)<<3) +#define TPM_DELEGATE_DelegateManage (((UINT32)1)<<2) +#define TPM_DELEGATE_Delegate_CreateOwnerDelegation (((UINT32)1)<<1) +#define TPM_DELEGATE_DAA_Sign (((UINT32)1)<<0) + +//------------------------------------------------------------------- +// Part 2, section 20.3: Key Permissions Settings for per1 bits +#define TPM_KEY_DELEGATE_CMK_ConvertMigration (((UINT32)1)<<28) +#define TPM_KEY_DELEGATE_TickStampBlob (((UINT32)1)<<27) +#define TPM_KEY_DELEGATE_ChangeAuthAsymStart (((UINT32)1)<<26) +#define TPM_KEY_DELEGATE_ChangeAuthAsymFinish (((UINT32)1)<<25) +#define TPM_KEY_DELEGATE_CMK_CreateKey (((UINT32)1)<<24) +#define TPM_KEY_DELEGATE_MigrateKey (((UINT32)1)<<23) +#define TPM_KEY_DELEGATE_LoadKey2 (((UINT32)1)<<22) +#define TPM_KEY_DELEGATE_EstablishTransport (((UINT32)1)<<21) +#define TPM_KEY_DELEGATE_ReleaseTransportSigned (((UINT32)1)<<20) +#define TPM_KEY_DELEGATE_Quote2 (((UINT32)1)<<19) +#define TPM_KEY_DELEGATE_Sealx (((UINT32)1)<<18) +#define TPM_KEY_DELEGATE_MakeIdentity (((UINT32)1)<<17) +#define TPM_KEY_DELEGATE_ActivateIdentity (((UINT32)1)<<16) +#define TPM_KEY_DELEGATE_GetAuditDigestSigned (((UINT32)1)<<15) +#define TPM_KEY_DELEGATE_Sign (((UINT32)1)<<14) +#define TPM_KEY_DELEGATE_CertifyKey2 (((UINT32)1)<<13) +#define TPM_KEY_DELEGATE_CertifyKey (((UINT32)1)<<12) +#define TPM_KEY_DELEGATE_CreateWrapKey (((UINT32)1)<<11) +#define TPM_KEY_DELEGATE_CMK_CreateBlob (((UINT32)1)<<10) +#define TPM_KEY_DELEGATE_CreateMigrationBlob (((UINT32)1)<<9) +#define TPM_KEY_DELEGATE_ConvertMigrationBlob (((UINT32)1)<<8) +#define TPM_KEY_DELEGATE_CreateKeyDelegation (((UINT32)1)<<7) +#define TPM_KEY_DELEGATE_ChangeAuth (((UINT32)1)<<6) +#define TPM_KEY_DELEGATE_GetPubKey (((UINT32)1)<<5) +#define TPM_KEY_DELEGATE_UnBind (((UINT32)1)<<4) +#define TPM_KEY_DELEGATE_Quote (((UINT32)1)<<3) +#define TPM_KEY_DELEGATE_Unseal (((UINT32)1)<<2) +#define TPM_KEY_DELEGATE_Seal (((UINT32)1)<<1) +#define TPM_KEY_DELEGATE_LoadKey (((UINT32)1)<<0) + +typedef UINT32 TPM_FAMILY_VERIFICATION; + +typedef UINT32 TPM_FAMILY_ID; + +typedef UINT32 TPM_DELEGATE_INDEX; + +typedef UINT32 TPM_FAMILY_OPERATION; +#define TPM_FAMILY_CREATE ((UINT32)0x00000001) +#define TPM_FAMILY_ENABLE ((UINT32)0x00000002) +#define TPM_FAMILY_ADMIN ((UINT32)0x00000003) +#define TPM_FAMILY_INVALIDATE ((UINT32)0x00000004) + +typedef UINT32 TPM_FAMILY_FLAGS; +#define TPM_FAMFLAG_DELEGATE_ADMIN_LOCK (((UINT32)1)<<1) +#define TPM_FAMFLAG_ENABLE (((UINT32)1)<<0) + +typedef struct tdTPM_FAMILY_LABEL +{ + BYTE label; +} TPM_FAMILY_LABEL; + +typedef struct tdTPM_FAMILY_TABLE_ENTRY +{ + TPM_STRUCTURE_TAG tag; + TPM_FAMILY_LABEL label; + TPM_FAMILY_ID familyID; + TPM_FAMILY_VERIFICATION verificationCount; + TPM_FAMILY_FLAGS flags; +} TPM_FAMILY_TABLE_ENTRY; + + +#define TPM_FAMILY_TABLE_ENTRY_MIN 8 +//typedef struct tdTPM_FAMILY_TABLE +//{ +// TPM_FAMILY_TABLE_ENTRY FamTableRow[TPM_NUM_FAMILY_TABLE_ENTRY_MIN]; +//} TPM_FAMILY_TABLE; + + +typedef struct tdTPM_DELEGATE_LABEL +{ + BYTE label; +} TPM_DELEGATE_LABEL; + + +typedef UINT32 TPM_DELEGATE_TYPE; +#define TPM_DEL_OWNER_BITS ((UINT32)0x00000001) +#define TPM_DEL_KEY_BITS ((UINT32)0x00000002) + +typedef struct tdTPM_DELEGATIONS +{ + TPM_STRUCTURE_TAG tag; + TPM_DELEGATE_TYPE delegateType; + UINT32 per1; + UINT32 per2; +} TPM_DELEGATIONS; + +typedef struct tdTPM_DELEGATE_PUBLIC +{ + TPM_STRUCTURE_TAG tag; + TPM_DELEGATE_LABEL label; + TPM_PCR_INFO_SHORT pcrInfo; + TPM_DELEGATIONS permissions; + TPM_FAMILY_ID familyID; + TPM_FAMILY_VERIFICATION verificationCount; +} TPM_DELEGATE_PUBLIC; + +typedef struct tdTPM_DELEGATE_TABLE_ROW +{ + TPM_STRUCTURE_TAG tag; + TPM_DELEGATE_PUBLIC pub; + TPM_SECRET authValue; +} TPM_DELEGATE_TABLE_ROW; + + +#define TPM_NUM_DELEGATE_TABLE_ENTRY_MIN 2 +//typedef struct tdTPM_DELEGATE_TABLE +//{ +// TPM_DELEGATE_TABLE_ROW delRow[TPM_NUM_DELEGATE_TABLE_ENTRY_MIN]; +//} TPM_DELEGATE_TABLE; + +typedef struct tdTPM_DELEGATE_SENSITIVE +{ + TPM_STRUCTURE_TAG tag; + TPM_SECRET authValue; +} TPM_DELEGATE_SENSITIVE; + +typedef struct tdTPM_DELEGATE_OWNER_BLOB +{ + TPM_STRUCTURE_TAG tag; + TPM_DELEGATE_PUBLIC pub; + TPM_DIGEST integrityDigest; + UINT32 additionalSize; + SIZEIS(additionalSize) + BYTE *additionalArea; + UINT32 sensitiveSize; + SIZEIS(sensitiveSize) + BYTE *sensitiveArea; +} TPM_DELEGATE_OWNER_BLOB; + +typedef struct tdTPM_DELEGATE_KEY_BLOB +{ + TPM_STRUCTURE_TAG tag; + TPM_DELEGATE_PUBLIC pub; + TPM_DIGEST integrityDigest; + TPM_DIGEST pubKeyDigest; + UINT32 additionalSize; + SIZEIS(additionalSize) + BYTE *additionalArea; + UINT32 sensitiveSize; + SIZEIS(sensitiveSize) + BYTE *sensitiveArea; +} TPM_DELEGATE_KEY_BLOB; + + +//------------------------------------------------------------------- +// Part 2, section 21.1: TPM_CAPABILITY_AREA + +typedef UINT32 TPM_CAPABILITY_AREA; /* 1.1b */ +#define TPM_CAP_ORD ((UINT32)0x00000001) /* 1.1b */ +#define TPM_CAP_ALG ((UINT32)0x00000002) /* 1.1b */ +#define TPM_CAP_PID ((UINT32)0x00000003) /* 1.1b */ +#define TPM_CAP_FLAG ((UINT32)0x00000004) /* 1.1b */ +#define TPM_CAP_PROPERTY ((UINT32)0x00000005) /* 1.1b */ +#define TPM_CAP_VERSION ((UINT32)0x00000006) /* 1.1b */ +#define TPM_CAP_KEY_HANDLE ((UINT32)0x00000007) /* 1.1b */ +#define TPM_CAP_CHECK_LOADED ((UINT32)0x00000008) /* 1.1b */ +#define TPM_CAP_SYM_MODE ((UINT32)0x00000009) +#define TPM_CAP_KEY_STATUS ((UINT32)0x0000000C) +#define TPM_CAP_NV_LIST ((UINT32)0x0000000D) +#define TPM_CAP_MFR ((UINT32)0x00000010) +#define TPM_CAP_NV_INDEX ((UINT32)0x00000011) +#define TPM_CAP_TRANS_ALG ((UINT32)0x00000012) +#define TPM_CAP_HANDLE ((UINT32)0x00000014) +#define TPM_CAP_TRANS_ES ((UINT32)0x00000015) +#define TPM_CAP_AUTH_ENCRYPT ((UINT32)0x00000017) +#define TPM_CAP_SELECT_SIZE ((UINT32)0x00000018) +#define TPM_CAP_DA_LOGIC ((UINT32)0x00000019) +#define TPM_CAP_VERSION_VAL ((UINT32)0x0000001A) + +// Part 2, section 21.1: Subcap values for CAP_FLAG +#define TPM_CAP_FLAG_PERMANENT ((UINT32)0x00000108) +#define TPM_CAP_FLAG_VOLATILE ((UINT32)0x00000109) + +//------------------------------------------------------------------- +// Part 2, section 21.2: Subcap values for CAP_PROPERTY + +#define TPM_CAP_PROP_PCR ((UINT32)0x00000101) /* 1.1b */ +#define TPM_CAP_PROP_DIR ((UINT32)0x00000102) /* 1.1b */ +#define TPM_CAP_PROP_MANUFACTURER ((UINT32)0x00000103) /* 1.1b */ +#define TPM_CAP_PROP_KEYS ((UINT32)0x00000104) +#define TPM_CAP_PROP_SLOTS (TPM_CAP_PROP_KEYS) +#define TPM_CAP_PROP_MIN_COUNTER ((UINT32)0x00000107) +#define TPM_CAP_PROP_AUTHSESS ((UINT32)0x0000010A) +#define TPM_CAP_PROP_TRANSSESS ((UINT32)0x0000010B) +#define TPM_CAP_PROP_COUNTERS ((UINT32)0x0000010C) +#define TPM_CAP_PROP_MAX_AUTHSESS ((UINT32)0x0000010D) +#define TPM_CAP_PROP_MAX_TRANSSESS ((UINT32)0x0000010E) +#define TPM_CAP_PROP_MAX_COUNTERS ((UINT32)0x0000010F) +#define TPM_CAP_PROP_MAX_KEYS ((UINT32)0x00000110) +#define TPM_CAP_PROP_OWNER ((UINT32)0x00000111) +#define TPM_CAP_PROP_CONTEXT ((UINT32)0x00000112) +#define TPM_CAP_PROP_MAX_CONTEXT ((UINT32)0x00000113) +#define TPM_CAP_PROP_FAMILYROWS ((UINT32)0x00000114) +#define TPM_CAP_PROP_TIS_TIMEOUT ((UINT32)0x00000115) +#define TPM_CAP_PROP_STARTUP_EFFECT ((UINT32)0x00000116) +#define TPM_CAP_PROP_DELEGATE_ROW ((UINT32)0x00000117) +#define TPM_CAP_PROP_MAX_DAASESS ((UINT32)0x00000119) +#define TPM_CAP_PROP_DAA_MAX TPM_CAP_PROP_MAX_DAASESS +#define TPM_CAP_PROP_DAASESS ((UINT32)0x0000011A) +#define TPM_CAP_PROP_SESSION_DAA TPM_CAP_PROP_DAASESS +#define TPM_CAP_PROP_CONTEXT_DIST ((UINT32)0x0000011B) +#define TPM_CAP_PROP_DAA_INTERRUPT ((UINT32)0x0000011C) +#define TPM_CAP_PROP_SESSIONS ((UINT32)0x0000011D) +#define TPM_CAP_PROP_MAX_SESSIONS ((UINT32)0x0000011E) +#define TPM_CAP_PROP_CMK_RESTRICTION ((UINT32)0x0000011F) +#define TPM_CAP_PROP_DURATION ((UINT32)0x00000120) +#define TPM_CAP_PROP_ACTIVE_COUNTER ((UINT32)0x00000122) +#define TPM_CAP_PROP_NV_AVAILABLE ((UINT32)0x00000123) +#define TPM_CAP_PROP_INPUT_BUFFER ((UINT32)0x00000124) + + +// Part 2, section 21.4: SetCapability Values +#define TPM_SET_PERM_FLAGS ((UINT32)0x00000001) +#define TPM_SET_PERM_DATA ((UINT32)0x00000002) +#define TPM_SET_STCLEAR_FLAGS ((UINT32)0x00000003) +#define TPM_SET_STCLEAR_DATA ((UINT32)0x00000004) +#define TPM_SET_STANY_FLAGS ((UINT32)0x00000005) +#define TPM_SET_STANY_DATA ((UINT32)0x00000006) +#define TPM_SET_VENDOR ((UINT32)0x00000007) + + +// Part 2, section 21.6: TPM_CAP_VERSION_INFO +typedef struct tdTPM_CAP_VERSION_INFO +{ + TPM_STRUCTURE_TAG tag; + TPM_VERSION version; + UINT16 specLevel; + BYTE errataRev; + BYTE tpmVendorID[4]; + UINT16 vendorSpecificSize; + SIZEIS(vendorSpecificSize) + BYTE *vendorSpecific; +} TPM_CAP_VERSION_INFO; + + +// Part 2, section 21.9: TPM_DA_STATE +// out of order to make it available for structure definitions +typedef BYTE TPM_DA_STATE; +#define TPM_DA_STATE_INACTIVE (0x00) +#define TPM_DA_STATE_ACTIVE (0x01) + +// Part 2, section 21.10: TPM_DA_ACTION_TYPE +typedef struct tdTPM_DA_ACTION_TYPE +{ + TPM_STRUCTURE_TAG tag; + UINT32 actions; +} TPM_DA_ACTION_TYPE; +#define TPM_DA_ACTION_TIMEOUT ((UINT32)0x00000001) +#define TPM_DA_ACTION_DISABLE ((UINT32)0x00000002) +#define TPM_DA_ACTION_DEACTIVATE ((UINT32)0x00000004) +#define TPM_DA_ACTION_FAILURE_MODE ((UINT32)0x00000008) + +// Part 2, section 21.7: TPM_DA_INFO +typedef struct tdTPM_DA_INFO +{ + TPM_STRUCTURE_TAG tag; + TPM_DA_STATE state; + UINT16 currentCount; + UINT16 threshholdCount; + TPM_DA_ACTION_TYPE actionAtThreshold; + UINT32 actionDependValue; + UINT32 vendorDataSize; + SIZEIS(vendorDataSize) + BYTE *vendorData; +} TPM_DA_INFO; + +// Part 2, section 21.8: TPM_DA_INFO_LIMITED +typedef struct tdTPM_DA_INFO_LIMITED +{ + TPM_STRUCTURE_TAG tag; + TPM_DA_STATE state; + TPM_DA_ACTION_TYPE actionAtThreshold; + UINT32 vendorDataSize; + SIZEIS(vendorDataSize) + BYTE *vendorData; +} TPM_DA_INFO_LIMITED; + + + +//------------------------------------------------------------------- +// Part 2, section 22: DAA Structures + +#define TPM_DAA_SIZE_r0 (43) +#define TPM_DAA_SIZE_r1 (43) +#define TPM_DAA_SIZE_r2 (128) +#define TPM_DAA_SIZE_r3 (168) +#define TPM_DAA_SIZE_r4 (219) +#define TPM_DAA_SIZE_NT (20) +#define TPM_DAA_SIZE_v0 (128) +#define TPM_DAA_SIZE_v1 (192) +#define TPM_DAA_SIZE_NE (256) +#define TPM_DAA_SIZE_w (256) +#define TPM_DAA_SIZE_issuerModulus (256) +#define TPM_DAA_power0 (104) +#define TPM_DAA_power1 (1024) + +typedef struct tdTPM_DAA_ISSUER +{ + TPM_STRUCTURE_TAG tag; + TPM_DIGEST DAA_digest_R0; + TPM_DIGEST DAA_digest_R1; + TPM_DIGEST DAA_digest_S0; + TPM_DIGEST DAA_digest_S1; + TPM_DIGEST DAA_digest_n; + TPM_DIGEST DAA_digest_gamma; + BYTE DAA_generic_q[26]; +} TPM_DAA_ISSUER; + + +typedef struct tdTPM_DAA_TPM +{ + TPM_STRUCTURE_TAG tag; + TPM_DIGEST DAA_digestIssuer; + TPM_DIGEST DAA_digest_v0; + TPM_DIGEST DAA_digest_v1; + TPM_DIGEST DAA_rekey; + UINT32 DAA_count; +} TPM_DAA_TPM; + +typedef struct tdTPM_DAA_CONTEXT +{ + TPM_STRUCTURE_TAG tag; + TPM_DIGEST DAA_digestContext; + TPM_DIGEST DAA_digest; + TPM_DAA_CONTEXT_SEED DAA_contextSeed; + BYTE DAA_scratch[256]; + BYTE DAA_stage; +} TPM_DAA_CONTEXT; + +typedef struct tdTPM_DAA_JOINDATA +{ + BYTE DAA_join_u0[128]; + BYTE DAA_join_u1[138]; + TPM_DIGEST DAA_digest_n0; +} TPM_DAA_JOINDATA; + +typedef struct tdTPM_DAA_BLOB +{ + TPM_STRUCTURE_TAG tag; + TPM_RESOURCE_TYPE resourceType; + BYTE label[16]; + TPM_DIGEST blobIntegrity; + UINT32 additionalSize; + SIZEIS(additionalSize) + BYTE *additionalData; + UINT32 sensitiveSize; + SIZEIS(sensitiveSize) + BYTE *sensitiveData; +} TPM_DAA_BLOB; + +typedef struct tdTPM_DAA_SENSITIVE +{ + TPM_STRUCTURE_TAG tag; + UINT32 internalSize; + SIZEIS(internalSize) + BYTE *internalData; +} TPM_DAA_SENSITIVE; + + + +//------------------------------------------------------------------- +// Part 2, section 23: Redirection + +// This section of the TPM spec defines exactly one value but does not +// give it a name. The definition of TPM_SetRedirection in Part3 +// refers to exactly one name but does not give its value. We join +// them here. +#define TPM_REDIR_GPIO (0x00000001) + + +//------------------------------------------------------------------- +// Part 2, section 24.6: TPM_SYM_MODE +// Deprecated by TPM 1.2 spec + +typedef UINT32 TPM_SYM_MODE; +#define TPM_SYM_MODE_ECB (0x00000001) +#define TPM_SYM_MODE_CBC (0x00000002) +#define TPM_SYM_MODE_CFB (0x00000003) + +#endif // __TPM_H__ + diff --git a/src/include/tss/tpm_error.h b/src/include/tss/tpm_error.h new file mode 100644 index 0000000..ccd4af4 --- /dev/null +++ b/src/include/tss/tpm_error.h @@ -0,0 +1,963 @@ +/* + * The TPM error codes extracted from the TPM main specification + * version 1.2 revision 85. + */ + +#ifndef __TPM_ERROR_H__ +#define __TPM_ERROR_H__ + + +#ifndef TPM_E_BASE +#define TPM_E_BASE ((UINT32)0) +#endif + +#ifndef TPM_E_NON_FATAL +#define TPM_E_NON_FATAL ((UINT32)0x00000800) +#endif + + +// Successful completion of the TPM operation. +#define TPM_SUCCESS TPM_E_BASE + +// +// MessageId: TPM_E_AUTHFAIL +// +// MessageText: +// +// Authentication failed +// +#define TPM_E_AUTHFAIL ((UINT32)(TPM_E_BASE + 0x00000001)) + +// +// MessageId: TPM_E_BADINDEX +// +// MessageText: +// +// The index to a PCR, DIR or other register is incorrect +// +#define TPM_E_BADINDEX ((UINT32)(TPM_E_BASE + 0x00000002)) + +// +// MessageId: TPM_E_BAD_PARAMETER +// +// MessageText: +// +// One or more parameter is bad +// +#define TPM_E_BAD_PARAMETER ((UINT32)(TPM_E_BASE + 0x00000003)) + +// +// MessageId: TPM_E_AUDITFAILURE +// +// MessageText: +// +// An operation completed successfully but the auditing of that +// operation failed. +// +#define TPM_E_AUDITFAILURE ((UINT32)(TPM_E_BASE + 0x00000004)) + +// +// MessageId: TPM_E_CLEAR_DISABLED +// +// MessageText: +// +// The clear disable flag is set and all clear operations now require +// physical access +// +#define TPM_E_CLEAR_DISABLED ((UINT32)(TPM_E_BASE + 0x00000005)) + +// +// MessageId: TPM_E_DEACTIVATED +// +// MessageText: +// +// The TPM is deactivated +// +#define TPM_E_DEACTIVATED ((UINT32)(TPM_E_BASE + 0x00000006)) + +// +// MessageId: TPM_E_DISABLED +// +// MessageText: +// +// The TPM is disabled +// +#define TPM_E_DISABLED ((UINT32)(TPM_E_BASE + 0x00000007)) + +// +// MessageId: TPM_E_DISABLED_CMD +// +// MessageText: +// +// The target command has been disabled +// +#define TPM_E_DISABLED_CMD ((UINT32)(TPM_E_BASE + 0x00000008)) + +// +// MessageId: TPM_E_FAIL +// +// MessageText: +// +// The operation failed +// +#define TPM_E_FAIL ((UINT32)(TPM_E_BASE + 0x00000009)) + +// +// MessageId: TPM_E_BAD_ORDINAL +// +// MessageText: +// +// The ordinal was unknown or inconsistent +// +#define TPM_E_BAD_ORDINAL ((UINT32)(TPM_E_BASE + 0x0000000a)) + +// +// MessageId: TPM_E_INSTALL_DISABLED +// +// MessageText: +// +// The ability to install an owner is disabled +// +#define TPM_E_INSTALL_DISABLED ((UINT32)(TPM_E_BASE + 0x0000000b)) + +// +// MessageId: TPM_E_INVALID_KEYHANDLE +// +// MessageText: +// +// The key handle can not be interpreted +// +#define TPM_E_INVALID_KEYHANDLE ((UINT32)(TPM_E_BASE + 0x0000000c)) + +// +// MessageId: TPM_E_KEYNOTFOUND +// +// MessageText: +// +// The key handle points to an invalid key +// +#define TPM_E_KEYNOTFOUND ((UINT32)(TPM_E_BASE + 0x0000000d)) + +// +// MessageId: TPM_E_INAPPROPRIATE_ENC +// +// MessageText: +// +// Unacceptable encryption scheme +// +#define TPM_E_INAPPROPRIATE_ENC ((UINT32)(TPM_E_BASE + 0x0000000e)) + +// +// MessageId: TPM_E_MIGRATEFAIL +// +// MessageText: +// +// Migration authorization failed +// +#define TPM_E_MIGRATEFAIL ((UINT32)(TPM_E_BASE + 0x0000000f)) + +// +// MessageId: TPM_E_INVALID_PCR_INFO +// +// MessageText: +// +// PCR information could not be interpreted +// +#define TPM_E_INVALID_PCR_INFO ((UINT32)(TPM_E_BASE + 0x00000010)) + +// +// MessageId: TPM_E_NOSPACE +// +// MessageText: +// +// No room to load key. +// +#define TPM_E_NOSPACE ((UINT32)(TPM_E_BASE + 0x00000011)) + +// +// MessageId: TPM_E_NOSRK +// +// MessageText: +// +// There is no SRK set +// +#define TPM_E_NOSRK ((UINT32)(TPM_E_BASE + 0x00000012)) + +// +// MessageId: TPM_E_NOTSEALED_BLOB +// +// MessageText: +// +// An encrypted blob is invalid or was not created by this TPM +// +#define TPM_E_NOTSEALED_BLOB ((UINT32)(TPM_E_BASE + 0x00000013)) + +// +// MessageId: TPM_E_OWNER_SET +// +// MessageText: +// +// There is already an Owner +// +#define TPM_E_OWNER_SET ((UINT32)(TPM_E_BASE + 0x00000014)) + +// +// MessageId: TPM_E_RESOURCES +// +// MessageText: +// +// The TPM has insufficient internal resources to perform the +// requested action. +// +#define TPM_E_RESOURCES ((UINT32)(TPM_E_BASE + 0x00000015)) + +// +// MessageId: TPM_E_SHORTRANDOM +// +// MessageText: +// +// A random string was too short +// +#define TPM_E_SHORTRANDOM ((UINT32)(TPM_E_BASE + 0x00000016)) + +// +// MessageId: TPM_E_SIZE +// +// MessageText: +// +// The TPM does not have the space to perform the operation. +// +#define TPM_E_SIZE ((UINT32)(TPM_E_BASE + 0x00000017)) + +// +// MessageId: TPM_E_WRONGPCRVAL +// +// MessageText: +// +// The named PCR value does not match the current PCR value. +// +#define TPM_E_WRONGPCRVAL ((UINT32)(TPM_E_BASE + 0x00000018)) + +// +// MessageId: TPM_E_BAD_PARAM_SIZE +// +// MessageText: +// +// The paramSize argument to the command has the incorrect value +// +#define TPM_E_BAD_PARAM_SIZE ((UINT32)(TPM_E_BASE + 0x00000019)) + +// +// MessageId: TPM_E_SHA_THREAD +// +// MessageText: +// +// There is no existing SHA-1 thread. +// +#define TPM_E_SHA_THREAD ((UINT32)(TPM_E_BASE + 0x0000001a)) + +// +// MessageId: TPM_E_SHA_ERROR +// +// MessageText: +// +// The calculation is unable to proceed because the existing SHA-1 +// thread has already encountered an error. +// +#define TPM_E_SHA_ERROR ((UINT32)(TPM_E_BASE + 0x0000001b)) + +// +// MessageId: TPM_E_FAILEDSELFTEST +// +// MessageText: +// +// Self-test has failed and the TPM has shutdown. +// +#define TPM_E_FAILEDSELFTEST ((UINT32)(TPM_E_BASE + 0x0000001c)) + +// +// MessageId: TPM_E_AUTH2FAIL +// +// MessageText: +// +// The authorization for the second key in a 2 key function failed +// authorization +// +#define TPM_E_AUTH2FAIL ((UINT32)(TPM_E_BASE + 0x0000001d)) + +// +// MessageId: TPM_E_BADTAG +// +// MessageText: +// +// The tag value sent to for a command is invalid +// +#define TPM_E_BADTAG ((UINT32)(TPM_E_BASE + 0x0000001e)) + +// +// MessageId: TPM_E_IOERROR +// +// MessageText: +// +// An IO error occurred transmitting information to the TPM +// +#define TPM_E_IOERROR ((UINT32)(TPM_E_BASE + 0x0000001f)) + +// +// MessageId: TPM_E_ENCRYPT_ERROR +// +// MessageText: +// +// The encryption process had a problem. +// +#define TPM_E_ENCRYPT_ERROR ((UINT32)(TPM_E_BASE + 0x00000020)) + +// +// MessageId: TPM_E_DECRYPT_ERROR +// +// MessageText: +// +// The decryption process did not complete. +// +#define TPM_E_DECRYPT_ERROR ((UINT32)(TPM_E_BASE + 0x00000021)) + +// +// MessageId: TPM_E_INVALID_AUTHHANDLE +// +// MessageText: +// +// An invalid handle was used. +// +#define TPM_E_INVALID_AUTHHANDLE ((UINT32)(TPM_E_BASE + 0x00000022)) + +// +// MessageId: TPM_E_NO_ENDORSEMENT +// +// MessageText: +// +// The TPM does not a EK installed +// +#define TPM_E_NO_ENDORSEMENT ((UINT32)(TPM_E_BASE + 0x00000023)) + +// +// MessageId: TPM_E_INVALID_KEYUSAGE +// +// MessageText: +// +// The usage of a key is not allowed +// +#define TPM_E_INVALID_KEYUSAGE ((UINT32)(TPM_E_BASE + 0x00000024)) + +// +// MessageId: TPM_E_WRONG_ENTITYTYPE +// +// MessageText: +// +// The submitted entity type is not allowed +// +#define TPM_E_WRONG_ENTITYTYPE ((UINT32)(TPM_E_BASE + 0x00000025)) + +// +// MessageId: TPM_E_INVALID_POSTINIT +// +// MessageText: +// +// The command was received in the wrong sequence relative to TPM_Init +// and a subsequent TPM_Startup +// +#define TPM_E_INVALID_POSTINIT ((UINT32)(TPM_E_BASE + 0x00000026)) + +// +// MessageId: TPM_E_INAPPROPRIATE_SIG +// +// MessageText: +// +// Signed data cannot include additional DER information +// +#define TPM_E_INAPPROPRIATE_SIG ((UINT32)(TPM_E_BASE + 0x00000027)) + +// +// MessageId: TPM_E_BAD_KEY_PROPERTY +// +// MessageText: +// +// The key properties in TPM_KEY_PARMs are not supported by this TPM +// +#define TPM_E_BAD_KEY_PROPERTY ((UINT32)(TPM_E_BASE + 0x00000028)) + +// +// MessageId: TPM_E_BAD_MIGRATION +// +// MessageText: +// +// The migration properties of this key are incorrect. +// +#define TPM_E_BAD_MIGRATION ((UINT32)(TPM_E_BASE + 0x00000029)) + +// +// MessageId: TPM_E_BAD_SCHEME +// +// MessageText: +// +// The signature or encryption scheme for this key is incorrect or not +// permitted in this situation. +// +#define TPM_E_BAD_SCHEME ((UINT32)(TPM_E_BASE + 0x0000002a)) + +// +// MessageId: TPM_E_BAD_DATASIZE +// +// MessageText: +// +// The size of the data (or blob) parameter is bad or inconsistent +// with the referenced key +// +#define TPM_E_BAD_DATASIZE ((UINT32)(TPM_E_BASE + 0x0000002b)) + +// +// MessageId: TPM_E_BAD_MODE +// +// MessageText: +// +// A mode parameter is bad, such as capArea or subCapArea for +// TPM_GetCapability, physicalPresence parameter for +// TPM_PhysicalPresence, or migrationType for TPM_CreateMigrationBlob. +// +#define TPM_E_BAD_MODE ((UINT32)(TPM_E_BASE + 0x0000002c)) + +// +// MessageId: TPM_E_BAD_PRESENCE +// +// MessageText: +// +// Either the physicalPresence or physicalPresenceLock bits have the +// wrong value +// +#define TPM_E_BAD_PRESENCE ((UINT32)(TPM_E_BASE + 0x0000002d)) + +// +// MessageId: TPM_E_BAD_VERSION +// +// MessageText: +// +// The TPM cannot perform this version of the capability +// +#define TPM_E_BAD_VERSION ((UINT32)(TPM_E_BASE + 0x0000002e)) + +// +// MessageId: TPM_E_NO_WRAP_TRANSPORT +// +// MessageText: +// +// The TPM does not allow for wrapped transport sessions +// +#define TPM_E_NO_WRAP_TRANSPORT ((UINT32)(TPM_E_BASE + 0x0000002f)) + +// +// MessageId: TPM_E_AUDITFAIL_UNSUCCESSFUL +// +// MessageText: +// +// TPM audit construction failed and the underlying command was +// returning a failure code also +// +#define TPM_E_AUDITFAIL_UNSUCCESSFUL ((UINT32)(TPM_E_BASE + 0x00000030)) + +// +// MessageId: TPM_E_AUDITFAIL_SUCCESSFUL +// +// MessageText: +// +// TPM audit construction failed and the underlying command was +// returning success +// +#define TPM_E_AUDITFAIL_SUCCESSFUL ((UINT32)(TPM_E_BASE + 0x00000031)) + +// +// MessageId: TPM_E_NOTRESETABLE +// +// MessageText: +// +// Attempt to reset a PCR register that does not have the resettable +// attribute +// +#define TPM_E_NOTRESETABLE ((UINT32)(TPM_E_BASE + 0x00000032)) + +// +// MessageId: TPM_E_NOTLOCAL +// +// MessageText: +// +// Attempt to reset a PCR register that requires locality and locality +// modifier not part of command transport +// +#define TPM_E_NOTLOCAL ((UINT32)(TPM_E_BASE + 0x00000033)) + +// +// MessageId: TPM_E_BAD_TYPE +// +// MessageText: +// +// Make identity blob not properly typed +// +#define TPM_E_BAD_TYPE ((UINT32)(TPM_E_BASE + 0x00000034)) + +// +// MessageId: TPM_E_INVALID_RESOURCE +// +// MessageText: +// +// When saving context identified resource type does not match actual +// resource +// +#define TPM_E_INVALID_RESOURCE ((UINT32)(TPM_E_BASE + 0x00000035)) + +// +// MessageId: TPM_E_NOTFIPS +// +// MessageText: +// +// The TPM is attempting to execute a command only available when in +// FIPS mode +// +#define TPM_E_NOTFIPS ((UINT32)(TPM_E_BASE + 0x00000036)) + +// +// MessageId: TPM_E_INVALID_FAMILY +// +// MessageText: +// +// The command is attempting to use an invalid family ID +// +#define TPM_E_INVALID_FAMILY ((UINT32)(TPM_E_BASE + 0x00000037)) + +// +// MessageId: TPM_E_NO_NV_PERMISSION +// +// MessageText: +// +// The permission to manipulate the NV storage is not available +// +#define TPM_E_NO_NV_PERMISSION ((UINT32)(TPM_E_BASE + 0x00000038)) + +// +// MessageId: TPM_E_REQUIRES_SIGN +// +// MessageText: +// +// The operation requires a signed command +// +#define TPM_E_REQUIRES_SIGN ((UINT32)(TPM_E_BASE + 0x00000039)) + +// +// MessageId: TPM_E_KEY_NOTSUPPORTED +// +// MessageText: +// +// Wrong operation to load an NV key +// +#define TPM_E_KEY_NOTSUPPORTED ((UINT32)(TPM_E_BASE + 0x0000003a)) + +// +// MessageId: TPM_E_AUTH_CONFLICT +// +// MessageText: +// +// NV_LoadKey blob requires both owner and blob authorization +// +#define TPM_E_AUTH_CONFLICT ((UINT32)(TPM_E_BASE + 0x0000003b)) + +// +// MessageId: TPM_E_AREA_LOCKED +// +// MessageText: +// +// The NV area is locked and not writable +// +#define TPM_E_AREA_LOCKED ((UINT32)(TPM_E_BASE + 0x0000003c)) + +// +// MessageId: TPM_E_BAD_LOCALITY +// +// MessageText: +// +// The locality is incorrect for the attempted operation +// +#define TPM_E_BAD_LOCALITY ((UINT32)(TPM_E_BASE + 0x0000003d)) + +// +// MessageId: TPM_E_READ_ONLY +// +// MessageText: +// +// The NV area is read only and can't be written to +// +#define TPM_E_READ_ONLY ((UINT32)(TPM_E_BASE + 0x0000003e)) + +// +// MessageId: TPM_E_PER_NOWRITE +// +// MessageText: +// +// There is no protection on the write to the NV area +// +#define TPM_E_PER_NOWRITE ((UINT32)(TPM_E_BASE + 0x0000003f)) + +// +// MessageId: TPM_E_FAMILYCOUNT +// +// MessageText: +// +// The family count value does not match +// +#define TPM_E_FAMILYCOUNT ((UINT32)(TPM_E_BASE + 0x00000040)) + +// +// MessageId: TPM_E_WRITE_LOCKED +// +// MessageText: +// +// The NV area has already been written to +// +#define TPM_E_WRITE_LOCKED ((UINT32)(TPM_E_BASE + 0x00000041)) + +// +// MessageId: TPM_E_BAD_ATTRIBUTES +// +// MessageText: +// +// The NV area attributes conflict +// +#define TPM_E_BAD_ATTRIBUTES ((UINT32)(TPM_E_BASE + 0x00000042)) + +// +// MessageId: TPM_E_INVALID_STRUCTURE +// +// MessageText: +// +// The structure tag and version are invalid or inconsistent +// +#define TPM_E_INVALID_STRUCTURE ((UINT32)(TPM_E_BASE + 0x00000043)) + +// +// MessageId: TPM_E_KEY_OWNER_CONTROL +// +// MessageText: +// +// The key is under control of the TPM Owner and can only be evicted +// by the TPM Owner. +// +#define TPM_E_KEY_OWNER_CONTROL ((UINT32)(TPM_E_BASE + 0x00000044)) + +// +// MessageId: TPM_E_BAD_COUNTER +// +// MessageText: +// +// The counter handle is incorrect +// +#define TPM_E_BAD_COUNTER ((UINT32)(TPM_E_BASE + 0x00000045)) + +// +// MessageId: TPM_E_NOT_FULLWRITE +// +// MessageText: +// +// The write is not a complete write of the area +// +#define TPM_E_NOT_FULLWRITE ((UINT32)(TPM_E_BASE + 0x00000046)) + +// +// MessageId: TPM_E_CONTEXT_GAP +// +// MessageText: +// +// The gap between saved context counts is too large +// +#define TPM_E_CONTEXT_GAP ((UINT32)(TPM_E_BASE + 0x00000047)) + +// +// MessageId: TPM_E_MAXNVWRITES +// +// MessageText: +// +// The maximum number of NV writes without an owner has been exceeded +// +#define TPM_E_MAXNVWRITES ((UINT32)(TPM_E_BASE + 0x00000048)) + +// +// MessageId: TPM_E_NOOPERATOR +// +// MessageText: +// +// No operator AuthData value is set +// +#define TPM_E_NOOPERATOR ((UINT32)(TPM_E_BASE + 0x00000049)) + +// +// MessageId: TPM_E_RESOURCEMISSING +// +// MessageText: +// +// The resource pointed to by context is not loaded +// +#define TPM_E_RESOURCEMISSING ((UINT32)(TPM_E_BASE + 0x0000004a)) + +// +// MessageId: TPM_E_DELEGATE_LOCK +// +// MessageText: +// +// The delegate administration is locked +// +#define TPM_E_DELEGATE_LOCK ((UINT32)(TPM_E_BASE + 0x0000004b)) + +// +// MessageId: TPM_E_DELEGATE_FAMILY +// +// MessageText: +// +// Attempt to manage a family other then the delegated family +// +#define TPM_E_DELEGATE_FAMILY ((UINT32)(TPM_E_BASE + 0x0000004c)) + +// +// MessageId: TPM_E_DELEGATE_ADMIN +// +// MessageText: +// +// Delegation table management not enabled +// +#define TPM_E_DELEGATE_ADMIN ((UINT32)(TPM_E_BASE + 0x0000004d)) + +// +// MessageId: TPM_E_TRANSPORT_NOTEXCLUSIVE +// +// MessageText: +// +// There was a command executed outside of an exclusive transport session +// +#define TPM_E_TRANSPORT_NOTEXCLUSIVE ((UINT32)(TPM_E_BASE + 0x0000004e)) + +// +// MessageId: TPM_E_OWNER_CONTROL +// +// MessageText: +// +// Attempt to context save a owner evict controlled key +// +#define TPM_E_OWNER_CONTROL ((UINT32)(TPM_E_BASE + 0x0000004f)) + +// +// MessageId: TPM_E_DAA_RESOURCES +// +// MessageText: +// +// The DAA command has no resources available to execute the command +// +#define TPM_E_DAA_RESOURCES ((UINT32)(TPM_E_BASE + 0x00000050)) + +// +// MessageId: TPM_E_DAA_INPUT_DATA0 +// +// MessageText: +// +// The consistency check on DAA parameter inputData0 has failed. +// +#define TPM_E_DAA_INPUT_DATA0 ((UINT32)(TPM_E_BASE + 0x00000051)) + +// +// MessageId: TPM_E_DAA_INPUT_DATA1 +// +// MessageText: +// +// The consistency check on DAA parameter inputData1 has failed. +// +#define TPM_E_DAA_INPUT_DATA1 ((UINT32)(TPM_E_BASE + 0x00000052)) + +// +// MessageId: TPM_E_DAA_ISSUER_SETTINGS +// +// MessageText: +// +// The consistency check on DAA_issuerSettings has failed. +// +#define TPM_E_DAA_ISSUER_SETTINGS ((UINT32)(TPM_E_BASE + 0x00000053)) + +// +// MessageId: TPM_E_DAA_TPM_SETTINGS +// +// MessageText: +// +// The consistency check on DAA_tpmSpecific has failed. +// +#define TPM_E_DAA_TPM_SETTINGS ((UINT32)(TPM_E_BASE + 0x00000054)) + +// +// MessageId: TPM_E_DAA_STAGE +// +// MessageText: +// +// The atomic process indicated by the submitted DAA command is not +// the expected process. +// +#define TPM_E_DAA_STAGE ((UINT32)(TPM_E_BASE + 0x00000055)) + +// +// MessageId: TPM_E_DAA_ISSUER_VALIDITY +// +// MessageText: +// +// The issuer's validity check has detected an inconsistency +// +#define TPM_E_DAA_ISSUER_VALIDITY ((UINT32)(TPM_E_BASE + 0x00000056)) + +// +// MessageId: TPM_E_DAA_WRONG_W +// +// MessageText: +// +// The consistency check on w has failed. +// +#define TPM_E_DAA_WRONG_W ((UINT32)(TPM_E_BASE + 0x00000057)) + +// +// MessageId: TPM_E_BAD_HANDLE +// +// MessageText: +// +// The handle is incorrect +// +#define TPM_E_BAD_HANDLE ((UINT32)(TPM_E_BASE + 0x00000058)) + +// +// MessageId: TPM_E_BAD_DELEGATE +// +// MessageText: +// +// Delegation is not correct +// +#define TPM_E_BAD_DELEGATE ((UINT32)(TPM_E_BASE + 0x00000059)) + +// +// MessageId: TPM_E_BADCONTEXT +// +// MessageText: +// +// The context blob is invalid +// +#define TPM_E_BADCONTEXT ((UINT32)(TPM_E_BASE + 0x0000005a)) + +// +// MessageId: TPM_E_TOOMANYCONTEXTS +// +// MessageText: +// +// Too many contexts held by the TPM +// +#define TPM_E_TOOMANYCONTEXTS ((UINT32)(TPM_E_BASE + 0x0000005b)) + +// +// MessageId: TPM_E_MA_TICKET_SIGNATURE +// +// MessageText: +// +// Migration authority signature validation failure +// +#define TPM_E_MA_TICKET_SIGNATURE ((UINT32)(TPM_E_BASE + 0x0000005c)) + +// +// MessageId: TPM_E_MA_DESTINATION +// +// MessageText: +// +// Migration destination not authenticated +// +#define TPM_E_MA_DESTINATION ((UINT32)(TPM_E_BASE + 0x0000005d)) + +// +// MessageId: TPM_E_MA_SOURCE +// +// MessageText: +// +// Migration source incorrect +// +#define TPM_E_MA_SOURCE ((UINT32)(TPM_E_BASE + 0x0000005e)) + +// +// MessageId: TPM_E_MA_AUTHORITY +// +// MessageText: +// +// Incorrect migration authority +// +#define TPM_E_MA_AUTHORITY ((UINT32)(TPM_E_BASE + 0x0000005f)) + +// +// MessageId: TPM_E_PERMANENTEK +// +// MessageText: +// +// Attempt to revoke the EK and the EK is not revocable +// +#define TPM_E_PERMANENTEK ((UINT32)(TPM_E_BASE + 0x00000061)) + +// +// MessageId: TPM_E_BAD_SIGNATURE +// +// MessageText: +// +// Bad signature of CMK ticket +// +#define TPM_E_BAD_SIGNATURE ((UINT32)(TPM_E_BASE + 0x00000062)) + +// +// MessageId: TPM_E_NOCONTEXTSPACE +// +// MessageText: +// +// There is no room in the context list for additional contexts +// +#define TPM_E_NOCONTEXTSPACE ((UINT32)(TPM_E_BASE + 0x00000063)) + + +// +// MessageId: TPM_E_RETRY +// +// MessageText: +// +// The TPM is too busy to respond to the command immediately, but the +// command could be resubmitted at a later time. The TPM MAY return +// TPM_Retry for any command at any time. +// +#define TPM_E_RETRY ((UINT32)(TPM_E_BASE + TPM_E_NON_FATAL)) + +// +// MessageId: TPM_E_NEEDS_SELFTEST +// +// MessageText: +// +// SelfTestFull has not been run +// +#define TPM_E_NEEDS_SELFTEST ((UINT32)(TPM_E_BASE + TPM_E_NON_FATAL + 1)) + +// +// MessageId: TPM_E_DOING_SELFTEST +// +// MessageText: +// +// The TPM is currently executing a full selftest +// +#define TPM_E_DOING_SELFTEST ((UINT32)(TPM_E_BASE + TPM_E_NON_FATAL + 2)) + +// +// MessageId: TPM_E_DEFEND_LOCK_RUNNING +// +// MessageText: +// +// The TPM is defending against dictionary attacks and is in some +// time-out period. +// +#define TPM_E_DEFEND_LOCK_RUNNING ((UINT32)(TPM_E_BASE + TPM_E_NON_FATAL + 3)) + +#endif /* __TPM_ERROR_H__ */ diff --git a/src/include/tss/tpm_ordinal.h b/src/include/tss/tpm_ordinal.h new file mode 100644 index 0000000..9df9959 --- /dev/null +++ b/src/include/tss/tpm_ordinal.h @@ -0,0 +1,151 @@ +/* + * TPM Ordinal definitions extracted from the TPM 1.2 specification, rev 85. + */ + +#ifndef __TPM_ORDINAL_H__ +#define __TPM_ORDINAL_H__ + +#define TPM_PROTECTED_COMMAND ((UINT32)(0x00000000)) +#define TPM_UNPROTECTED_COMMAND ((UINT32)(0x80000000)) +#define TPM_CONNECTION_COMMAND ((UINT32)(0x40000000)) +#define TPM_VENDOR_COMMAND ((UINT32)(0x20000000)) + +#define TPM_MAIN ((UINT16)(0x0000)) +#define TPM_PC ((UINT16)(0x0001)) +#define TPM_PDA ((UINT16)(0x0002)) +#define TPM_CELL_PHONE ((UINT16)(0x0003)) +#define TPM_SERVER ((UINT16)(0x0004)) + +#define TPM_PROTECTED_ORDINAL (TPM_MAIN | TPM_PROTECTED_COMMAND) +#define TPM_UNPROTECTED_ORDINAL (TPM_MAIN | TPM_UNPROTECTED_COMMAND) +#define TPM_CONNECTION_ORDINAL (TPM_MAIN | TPM_CONNECTION_COMMAND) + + +#define TPM_ORD_OIAP ((UINT32)0x0000000A) +#define TPM_ORD_OSAP ((UINT32)0x0000000B) +#define TPM_ORD_ChangeAuth ((UINT32)0x0000000C) +#define TPM_ORD_TakeOwnership ((UINT32)0x0000000D) +#define TPM_ORD_ChangeAuthAsymStart ((UINT32)0x0000000E) +#define TPM_ORD_ChangeAuthAsymFinish ((UINT32)0x0000000F) +#define TPM_ORD_ChangeAuthOwner ((UINT32)0x00000010) +#define TPM_ORD_DSAP ((UINT32)0x00000011) +#define TPM_ORD_CMK_CreateTicket ((UINT32)0x00000012) +#define TPM_ORD_CMK_CreateKey ((UINT32)0x00000013) +#define TPM_ORD_Extend ((UINT32)0x00000014) +#define TPM_ORD_PcrRead ((UINT32)0x00000015) +#define TPM_ORD_Quote ((UINT32)0x00000016) +#define TPM_ORD_Seal ((UINT32)0x00000017) +#define TPM_ORD_Unseal ((UINT32)0x00000018) +#define TPM_ORD_DirWriteAuth ((UINT32)0x00000019) +#define TPM_ORD_DirRead ((UINT32)0x0000001A) +#define TPM_ORD_CMK_CreateBlob ((UINT32)0x0000001B) +#define TPM_ORD_CMK_SetRestrictions ((UINT32)0x0000001C) +#define TPM_ORD_CMK_ApproveMA ((UINT32)0x0000001D) +#define TPM_ORD_UnBind ((UINT32)0x0000001E) +#define TPM_ORD_CreateWrapKey ((UINT32)0x0000001F) +#define TPM_ORD_LoadKey ((UINT32)0x00000020) +#define TPM_ORD_GetPubKey ((UINT32)0x00000021) +#define TPM_ORD_EvictKey ((UINT32)0x00000022) +#define TPM_ORD_KeyControlOwner ((UINT32)0x00000023) +#define TPM_ORD_CMK_ConvertMigration ((UINT32)0x00000024) +#define TPM_ORD_MigrateKey ((UINT32)0x00000025) +#define TPM_ORD_CreateMigrationBlob ((UINT32)0x00000028) +#define TPM_ORD_DAA_Join ((UINT32)0x00000029) +#define TPM_ORD_ConvertMigrationBlob ((UINT32)0x0000002A) +#define TPM_ORD_AuthorizeMigrationKey ((UINT32)0x0000002B) +#define TPM_ORD_CreateMaintenanceArchive ((UINT32)0x0000002C) +#define TPM_ORD_LoadMaintenanceArchive ((UINT32)0x0000002D) +#define TPM_ORD_KillMaintenanceFeature ((UINT32)0x0000002E) +#define TPM_ORD_LoadManuMaintPub ((UINT32)0x0000002F) +#define TPM_ORD_ReadManuMaintPub ((UINT32)0x00000030) +#define TPM_ORD_DAA_Sign ((UINT32)0x00000031) +#define TPM_ORD_CertifyKey ((UINT32)0x00000032) +#define TPM_ORD_CertifyKey2 ((UINT32)0x00000033) +#define TPM_ORD_Sign ((UINT32)0x0000003C) +#define TPM_ORD_Sealx ((UINT32)0x0000003D) +#define TPM_ORD_Quote2 ((UINT32)0x0000003E) +#define TPM_ORD_SetCapability ((UINT32)0x0000003F) +#define TPM_ORD_ResetLockValue ((UINT32)0x00000040) +#define TPM_ORD_LoadKey2 ((UINT32)0x00000041) +#define TPM_ORD_GetRandom ((UINT32)0x00000046) +#define TPM_ORD_StirRandom ((UINT32)0x00000047) +#define TPM_ORD_SelfTestFull ((UINT32)0x00000050) +#define TPM_ORD_CertifySelfTest ((UINT32)0x00000052) +#define TPM_ORD_ContinueSelfTest ((UINT32)0x00000053) +#define TPM_ORD_GetTestResult ((UINT32)0x00000054) +#define TPM_ORD_Reset ((UINT32)0x0000005A) +#define TPM_ORD_OwnerClear ((UINT32)0x0000005B) +#define TPM_ORD_DisableOwnerClear ((UINT32)0x0000005C) +#define TPM_ORD_ForceClear ((UINT32)0x0000005D) +#define TPM_ORD_DisableForceClear ((UINT32)0x0000005E) +#define TPM_ORD_GetCapabilitySigned ((UINT32)0x00000064) +#define TPM_ORD_GetCapability ((UINT32)0x00000065) +#define TPM_ORD_GetCapabilityOwner ((UINT32)0x00000066) +#define TPM_ORD_OwnerSetDisable ((UINT32)0x0000006E) +#define TPM_ORD_PhysicalEnable ((UINT32)0x0000006F) +#define TPM_ORD_PhysicalDisable ((UINT32)0x00000070) +#define TPM_ORD_SetOwnerInstall ((UINT32)0x00000071) +#define TPM_ORD_PhysicalSetDeactivated ((UINT32)0x00000072) +#define TPM_ORD_SetTempDeactivated ((UINT32)0x00000073) +#define TPM_ORD_SetOperatorAuth ((UINT32)0x00000074) +#define TPM_ORD_SetOwnerPointer ((UINT32)0x00000075) +#define TPM_ORD_CreateEndorsementKeyPair ((UINT32)0x00000078) +#define TPM_ORD_MakeIdentity ((UINT32)0x00000079) +#define TPM_ORD_ActivateIdentity ((UINT32)0x0000007A) +#define TPM_ORD_ReadPubek ((UINT32)0x0000007C) +#define TPM_ORD_OwnerReadPubek ((UINT32)0x0000007D) +#define TPM_ORD_DisablePubekRead ((UINT32)0x0000007E) +#define TPM_ORD_CreateRevocableEK ((UINT32)0x0000007F) +#define TPM_ORD_RevokeTrust ((UINT32)0x00000080) +#define TPM_ORD_OwnerReadInternalPub ((UINT32)0x00000081) +#define TPM_ORD_GetAuditEvent ((UINT32)0x00000082) +#define TPM_ORD_GetAuditEventSigned ((UINT32)0x00000083) +#define TPM_ORD_GetAuditDigest ((UINT32)0x00000085) +#define TPM_ORD_GetAuditDigestSigned ((UINT32)0x00000086) +#define TPM_ORD_GetOrdinalAuditStatus ((UINT32)0x0000008C) +#define TPM_ORD_SetOrdinalAuditStatus ((UINT32)0x0000008D) +#define TPM_ORD_Terminate_Handle ((UINT32)0x00000096) +#define TPM_ORD_Init ((UINT32)0x00000097) +#define TPM_ORD_SaveState ((UINT32)0x00000098) +#define TPM_ORD_Startup ((UINT32)0x00000099) +#define TPM_ORD_SetRedirection ((UINT32)0x0000009A) +#define TPM_ORD_SHA1Start ((UINT32)0x000000A0) +#define TPM_ORD_SHA1Update ((UINT32)0x000000A1) +#define TPM_ORD_SHA1Complete ((UINT32)0x000000A2) +#define TPM_ORD_SHA1CompleteExtend ((UINT32)0x000000A3) +#define TPM_ORD_FieldUpgrade ((UINT32)0x000000AA) +#define TPM_ORD_SaveKeyContext ((UINT32)0x000000B4) +#define TPM_ORD_LoadKeyContext ((UINT32)0x000000B5) +#define TPM_ORD_SaveAuthContext ((UINT32)0x000000B6) +#define TPM_ORD_LoadAuthContext ((UINT32)0x000000B7) +#define TPM_ORD_SaveContext ((UINT32)0x000000B8) +#define TPM_ORD_LoadContext ((UINT32)0x000000B9) +#define TPM_ORD_FlushSpecific ((UINT32)0x000000BA) +#define TPM_ORD_PCR_Reset ((UINT32)0x000000C8) +#define TPM_ORD_NV_DefineSpace ((UINT32)0x000000CC) +#define TPM_ORD_NV_WriteValue ((UINT32)0x000000CD) +#define TPM_ORD_NV_WriteValueAuth ((UINT32)0x000000CE) +#define TPM_ORD_NV_ReadValue ((UINT32)0x000000CF) +#define TPM_ORD_NV_ReadValueAuth ((UINT32)0x000000D0) +#define TPM_ORD_Delegate_UpdateVerification ((UINT32)0x000000D1) +#define TPM_ORD_Delegate_Manage ((UINT32)0x000000D2) +#define TPM_ORD_Delegate_CreateKeyDelegation ((UINT32)0x000000D4) +#define TPM_ORD_Delegate_CreateOwnerDelegation ((UINT32)0x000000D5) +#define TPM_ORD_Delegate_VerifyDelegation ((UINT32)0x000000D6) +#define TPM_ORD_Delegate_LoadOwnerDelegation ((UINT32)0x000000D8) +#define TPM_ORD_Delegate_ReadTable ((UINT32)0x000000DB) +#define TPM_ORD_CreateCounter ((UINT32)0x000000DC) +#define TPM_ORD_IncrementCounter ((UINT32)0x000000DD) +#define TPM_ORD_ReadCounter ((UINT32)0x000000DE) +#define TPM_ORD_ReleaseCounter ((UINT32)0x000000DF) +#define TPM_ORD_ReleaseCounterOwner ((UINT32)0x000000E0) +#define TPM_ORD_EstablishTransport ((UINT32)0x000000E6) +#define TPM_ORD_ExecuteTransport ((UINT32)0x000000E7) +#define TPM_ORD_ReleaseTransportSigned ((UINT32)0x000000E8) +#define TPM_ORD_GetTicks ((UINT32)0x000000F1) +#define TPM_ORD_TickStampBlob ((UINT32)0x000000F2) + +#define TSC_ORD_PhysicalPresence ((UINT32)0x4000000A) +#define TSC_ORD_ResetEstablishmentBit ((UINT32)0x4000000B) + +#endif // __TPM_ORDINAL_H__ diff --git a/src/include/tss/tspi.h b/src/include/tss/tspi.h new file mode 100644 index 0000000..1d188f7 --- /dev/null +++ b/src/include/tss/tspi.h @@ -0,0 +1,1198 @@ +#if !defined(_TSPI_H_) +#define _TSPI_H_ + +#include +#include +#include +#include +#include + +#if !defined( TSPICALL ) + #if !defined(WIN32) || defined (TSP_STATIC) + // Linux, or a Win32 static library + #define TSPICALL extern TSS_RESULT + #elif defined (TSPDLL_EXPORTS) + // Win32 DLL build + #define TSPICALL extern __declspec(dllexport) TSS_RESULT + #else + // Win32 DLL import + #define TSPICALL extern __declspec(dllimport) TSS_RESULT + #endif +#endif /* TSPICALL */ + +#if defined ( __cplusplus ) +extern "C" { +#endif /* __cplusplus */ + + +// Class-independent ASN.1 conversion functions +TSPICALL Tspi_EncodeDER_TssBlob +( + UINT32 rawBlobSize, // in + BYTE* rawBlob, // in + UINT32 blobType, // in + UINT32* derBlobSize, // in, out + BYTE* derBlob // out +); + +TSPICALL Tspi_DecodeBER_TssBlob +( + UINT32 berBlobSize, // in + BYTE* berBlob, // in + UINT32* blobType, // out + UINT32* rawBlobSize, // in, out + BYTE* rawBlob // out +); + + + +// Common Methods +TSPICALL Tspi_SetAttribUint32 +( + TSS_HOBJECT hObject, // in + TSS_FLAG attribFlag, // in + TSS_FLAG subFlag, // in + UINT32 ulAttrib // in +); + +TSPICALL Tspi_GetAttribUint32 +( + TSS_HOBJECT hObject, // in + TSS_FLAG attribFlag, // in + TSS_FLAG subFlag, // in + UINT32* pulAttrib // out +); + +TSPICALL Tspi_SetAttribData +( + TSS_HOBJECT hObject, // in + TSS_FLAG attribFlag, // in + TSS_FLAG subFlag, // in + UINT32 ulAttribDataSize, // in + BYTE* rgbAttribData // in +); + +TSPICALL Tspi_GetAttribData +( + TSS_HOBJECT hObject, // in + TSS_FLAG attribFlag, // in + TSS_FLAG subFlag, // in + UINT32* pulAttribDataSize, // out + BYTE** prgbAttribData // out +); + +TSPICALL Tspi_ChangeAuth +( + TSS_HOBJECT hObjectToChange, // in + TSS_HOBJECT hParentObject, // in + TSS_HPOLICY hNewPolicy // in +); + +TSPICALL Tspi_ChangeAuthAsym +( + TSS_HOBJECT hObjectToChange, // in + TSS_HOBJECT hParentObject, // in + TSS_HKEY hIdentKey, // in + TSS_HPOLICY hNewPolicy // in +); + +TSPICALL Tspi_GetPolicyObject +( + TSS_HOBJECT hObject, // in + TSS_FLAG policyType, // in + TSS_HPOLICY* phPolicy // out +); + + + +// Tspi_Context Class Definitions +TSPICALL Tspi_Context_Create +( + TSS_HCONTEXT* phContext // out +); + +TSPICALL Tspi_Context_Close +( + TSS_HCONTEXT hContext // in +); + +TSPICALL Tspi_Context_Connect +( + TSS_HCONTEXT hContext, // in + TSS_UNICODE* wszDestination // in +); + +TSPICALL Tspi_Context_FreeMemory +( + TSS_HCONTEXT hContext, // in + BYTE* rgbMemory // in +); + +TSPICALL Tspi_Context_GetDefaultPolicy +( + TSS_HCONTEXT hContext, // in + TSS_HPOLICY* phPolicy // out +); + +TSPICALL Tspi_Context_CreateObject +( + TSS_HCONTEXT hContext, // in + TSS_FLAG objectType, // in + TSS_FLAG initFlags, // in + TSS_HOBJECT* phObject // out +); + +TSPICALL Tspi_Context_CloseObject +( + TSS_HCONTEXT hContext, // in + TSS_HOBJECT hObject // in +); + +TSPICALL Tspi_Context_GetCapability +( + TSS_HCONTEXT hContext, // in + TSS_FLAG capArea, // in + UINT32 ulSubCapLength, // in + BYTE* rgbSubCap, // in + UINT32* pulRespDataLength, // out + BYTE** prgbRespData // out +); + +TSPICALL Tspi_Context_GetTpmObject +( + TSS_HCONTEXT hContext, // in + TSS_HTPM* phTPM // out +); + +TSPICALL Tspi_Context_SetTransEncryptionKey +( + TSS_HCONTEXT hContext, // in + TSS_HKEY hKey // in +); + +TSPICALL Tspi_Context_CloseSignTransport +( + TSS_HCONTEXT hContext, // in + TSS_HKEY hSigningKey, // in + TSS_VALIDATION* pValidationData // in, out +); + +TSPICALL Tspi_Context_LoadKeyByBlob +( + TSS_HCONTEXT hContext, // in + TSS_HKEY hUnwrappingKey, // in + UINT32 ulBlobLength, // in + BYTE* rgbBlobData, // in + TSS_HKEY* phKey // out +); + +TSPICALL Tspi_Context_LoadKeyByUUID +( + TSS_HCONTEXT hContext, // in + TSS_FLAG persistentStorageType, // in + TSS_UUID uuidData, // in + TSS_HKEY* phKey // out +); + +TSPICALL Tspi_Context_RegisterKey +( + TSS_HCONTEXT hContext, // in + TSS_HKEY hKey, // in + TSS_FLAG persistentStorageType, // in + TSS_UUID uuidKey, // in + TSS_FLAG persistentStorageTypeParent, // in + TSS_UUID uuidParentKey // in +); + +TSPICALL Tspi_Context_UnregisterKey +( + TSS_HCONTEXT hContext, // in + TSS_FLAG persistentStorageType, // in + TSS_UUID uuidKey, // in + TSS_HKEY* phkey // out +); + +TSPICALL Tspi_Context_GetKeyByUUID +( + TSS_HCONTEXT hContext, // in + TSS_FLAG persistentStorageType, // in + TSS_UUID uuidData, // in + TSS_HKEY* phKey // out +); + +TSPICALL Tspi_Context_GetKeyByPublicInfo +( + TSS_HCONTEXT hContext, // in + TSS_FLAG persistentStorageType, // in + TSS_ALGORITHM_ID algID, // in + UINT32 ulPublicInfoLength, // in + BYTE* rgbPublicInfo, // in + TSS_HKEY* phKey // out +); + +TSPICALL Tspi_Context_GetRegisteredKeysByUUID +( + TSS_HCONTEXT hContext, // in + TSS_FLAG persistentStorageType, // in + TSS_UUID* pUuidData, // in + UINT32* pulKeyHierarchySize, // out + TSS_KM_KEYINFO** ppKeyHierarchy // out +); + +TSPICALL Tspi_Context_GetRegisteredKeysByUUID2 +( + TSS_HCONTEXT hContext, // in + TSS_FLAG persistentStorageType, // in + TSS_UUID* pUuidData, // in + UINT32* pulKeyHierarchySize, // out + TSS_KM_KEYINFO2** ppKeyHierarchy // out +); + + +// Policy class definitions +TSPICALL Tspi_Policy_SetSecret +( + TSS_HPOLICY hPolicy, // in + TSS_FLAG secretMode, // in + UINT32 ulSecretLength, // in + BYTE* rgbSecret // in +); + +TSPICALL Tspi_Policy_FlushSecret +( + TSS_HPOLICY hPolicy // in +); + +TSPICALL Tspi_Policy_AssignToObject +( + TSS_HPOLICY hPolicy, // in + TSS_HOBJECT hObject // in +); + + + +// TPM Class Definitions +TSPICALL Tspi_TPM_KeyControlOwner +( + TSS_HTPM hTPM, // in + TSS_HKEY hKey, // in + UINT32 attribName, // in + TSS_BOOL attribValue, // in + TSS_UUID* pUuidData // out +); + +TSPICALL Tspi_TPM_CreateEndorsementKey +( + TSS_HTPM hTPM, // in + TSS_HKEY hKey, // in + TSS_VALIDATION* pValidationData // in, out +); + +TSPICALL Tspi_TPM_CreateRevocableEndorsementKey +( + TSS_HTPM hTPM, // in + TSS_HKEY hKey, // in + TSS_VALIDATION* pValidationData, // in, out + UINT32* pulEkResetDataLength, // in, out + BYTE** rgbEkResetData // in, out +); + +TSPICALL Tspi_TPM_RevokeEndorsementKey +( + TSS_HTPM hTPM, // in + UINT32 ulEkResetDataLength, // in + BYTE* rgbEkResetData // in +); + +TSPICALL Tspi_TPM_GetPubEndorsementKey +( + TSS_HTPM hTPM, // in + TSS_BOOL fOwnerAuthorized, // in + TSS_VALIDATION* pValidationData, // in, out + TSS_HKEY* phEndorsementPubKey // out +); + +TSPICALL Tspi_TPM_OwnerGetSRKPubKey +( + TSS_HTPM hTPM, // in + UINT32* pulPubKeyLength, // out + BYTE** prgbPubKey // out +); + +TSPICALL Tspi_TPM_TakeOwnership +( + TSS_HTPM hTPM, // in + TSS_HKEY hKeySRK, // in + TSS_HKEY hEndorsementPubKey // in +); + +TSPICALL Tspi_TPM_ClearOwner +( + TSS_HTPM hTPM, // in + TSS_BOOL fForcedClear // in +); + +TSPICALL Tspi_TPM_CollateIdentityRequest +( + TSS_HTPM hTPM, // in + TSS_HKEY hKeySRK, // in + TSS_HKEY hCAPubKey, // in + UINT32 ulIdentityLabelLength, // in + BYTE* rgbIdentityLabelData, // in + TSS_HKEY hIdentityKey, // in + TSS_ALGORITHM_ID algID, // in + UINT32* pulTCPAIdentityReqLength, // out + BYTE** prgbTCPAIdentityReq // out +); + +TSPICALL Tspi_TPM_ActivateIdentity +( + TSS_HTPM hTPM, // in + TSS_HKEY hIdentKey, // in + UINT32 ulAsymCAContentsBlobLength, // in + BYTE* rgbAsymCAContentsBlob, // in + UINT32 ulSymCAAttestationBlobLength, // in + BYTE* rgbSymCAAttestationBlob, // in + UINT32* pulCredentialLength, // out + BYTE** prgbCredential // out +); + +TSPICALL Tspi_TPM_CreateMaintenanceArchive +( + TSS_HTPM hTPM, // in + TSS_BOOL fGenerateRndNumber, // in + UINT32* pulRndNumberLength, // out + BYTE** prgbRndNumber, // out + UINT32* pulArchiveDataLength, // out + BYTE** prgbArchiveData // out +); + +TSPICALL Tspi_TPM_KillMaintenanceFeature +( + TSS_HTPM hTPM // in +); + +TSPICALL Tspi_TPM_LoadMaintenancePubKey +( + TSS_HTPM hTPM, // in + TSS_HKEY hMaintenanceKey, // in + TSS_VALIDATION* pValidationData // in, out +); + +TSPICALL Tspi_TPM_CheckMaintenancePubKey +( + TSS_HTPM hTPM, // in + TSS_HKEY hMaintenanceKey, // in + TSS_VALIDATION* pValidationData // in, out +); + +TSPICALL Tspi_TPM_SetOperatorAuth +( + TSS_HTPM hTPM, // in + TSS_HPOLICY hOperatorPolicy // in +); + +TSPICALL Tspi_TPM_SetStatus +( + TSS_HTPM hTPM, // in + TSS_FLAG statusFlag, // in + TSS_BOOL fTpmState // in +); + +TSPICALL Tspi_TPM_GetStatus +( + TSS_HTPM hTPM, // in + TSS_FLAG statusFlag, // in + TSS_BOOL* pfTpmState // out +); + +TSPICALL Tspi_TPM_GetCapability +( + TSS_HTPM hTPM, // in + TSS_FLAG capArea, // in + UINT32 ulSubCapLength, // in + BYTE* rgbSubCap, // in + UINT32* pulRespDataLength, // out + BYTE** prgbRespData // out +); + +TSPICALL Tspi_TPM_GetCapabilitySigned +( + TSS_HTPM hTPM, // in + TSS_HKEY hKey, // in + TSS_FLAG capArea, // in + UINT32 ulSubCapLength, // in + BYTE* rgbSubCap, // in + TSS_VALIDATION* pValidationData, // in, out + UINT32* pulRespDataLength, // out + BYTE** prgbRespData // out +); + +TSPICALL Tspi_TPM_SelfTestFull +( + TSS_HTPM hTPM // in +); + +TSPICALL Tspi_TPM_CertifySelfTest +( + TSS_HTPM hTPM, // in + TSS_HKEY hKey, // in + TSS_VALIDATION* pValidationData // in, out +); + +TSPICALL Tspi_TPM_GetTestResult +( + TSS_HTPM hTPM, // in + UINT32* pulTestResultLength, // out + BYTE** prgbTestResult // out +); + +TSPICALL Tspi_TPM_GetRandom +( + TSS_HTPM hTPM, // in + UINT32 ulRandomDataLength, // in + BYTE** prgbRandomData // out +); + +TSPICALL Tspi_TPM_StirRandom +( + TSS_HTPM hTPM, // in + UINT32 ulEntropyDataLength, // in + BYTE* rgbEntropyData // in +); + +TSPICALL Tspi_TPM_GetEvent +( + TSS_HTPM hTPM, // in + UINT32 ulPcrIndex, // in + UINT32 ulEventNumber, // in + TSS_PCR_EVENT* pPcrEvent // out +); + +TSPICALL Tspi_TPM_GetEvents +( + TSS_HTPM hTPM, // in + UINT32 ulPcrIndex, // in + UINT32 ulStartNumber, // in + UINT32* pulEventNumber, // in, out + TSS_PCR_EVENT** prgPcrEvents // out +); + +TSPICALL Tspi_TPM_GetEventLog +( + TSS_HTPM hTPM, // in + UINT32* pulEventNumber, // out + TSS_PCR_EVENT** prgPcrEvents // out +); + +TSPICALL Tspi_TPM_Quote +( + TSS_HTPM hTPM, // in + TSS_HKEY hIdentKey, // in + TSS_HPCRS hPcrComposite, // in + TSS_VALIDATION* pValidationData // in, out +); + +TSPICALL Tspi_TPM_Quote2 +( + TSS_HTPM hTPM, // in + TSS_HKEY hIdentKey, // in + TSS_BOOL fAddVersion, // in + TSS_HPCRS hPcrComposite, // in + TSS_VALIDATION* pValidationData, // in, out + UINT32* versionInfoSize, // out + BYTE** versionInfo // out +); + +TSPICALL Tspi_TPM_PcrExtend +( + TSS_HTPM hTPM, // in + UINT32 ulPcrIndex, // in + UINT32 ulPcrDataLength, // in + BYTE* pbPcrData, // in + TSS_PCR_EVENT* pPcrEvent, // in + UINT32* pulPcrValueLength, // out + BYTE** prgbPcrValue // out +); + +TSPICALL Tspi_TPM_PcrRead +( + TSS_HTPM hTPM, // in + UINT32 ulPcrIndex, // in + UINT32* pulPcrValueLength, // out + BYTE** prgbPcrValue // out +); + +TSPICALL Tspi_TPM_PcrReset +( + TSS_HTPM hTPM, // in + TSS_HPCRS hPcrComposite // in +); + +TSPICALL Tspi_TPM_AuthorizeMigrationTicket +( + TSS_HTPM hTPM, // in + TSS_HKEY hMigrationKey, // in + TSS_MIGRATE_SCHEME migrationScheme, // in + UINT32* pulMigTicketLength, // out + BYTE** prgbMigTicket // out +); + +TSPICALL Tspi_TPM_CMKSetRestrictions +( + TSS_HTPM hTPM, // in + TSS_CMK_DELEGATE CmkDelegate // in +); + +TSPICALL Tspi_TPM_CMKApproveMA +( + TSS_HTPM hTPM, // in + TSS_HMIGDATA hMaAuthData // in +); + +TSPICALL Tspi_TPM_CMKCreateTicket +( + TSS_HTPM hTPM, // in + TSS_HKEY hVerifyKey, // in + TSS_HMIGDATA hSigData // in +); + +TSPICALL Tspi_TPM_ReadCounter +( + TSS_HTPM hTPM, // in + UINT32* counterValue // out +); + +TSPICALL Tspi_TPM_ReadCurrentTicks +( + TSS_HTPM hTPM, // in + TPM_CURRENT_TICKS* tickCount // out +); + +TSPICALL Tspi_TPM_DirWrite +( + TSS_HTPM hTPM, // in + UINT32 ulDirIndex, // in + UINT32 ulDirDataLength, // in + BYTE* rgbDirData // in +); + +TSPICALL Tspi_TPM_DirRead +( + TSS_HTPM hTPM, // in + UINT32 ulDirIndex, // in + UINT32* pulDirDataLength, // out + BYTE** prgbDirData // out +); + +TSPICALL Tspi_TPM_Delegate_AddFamily +( + TSS_HTPM hTPM, // in, must not be NULL + BYTE bLabel, // in + TSS_HDELFAMILY* phFamily // out +); + +TSPICALL Tspi_TPM_Delegate_GetFamily +( + TSS_HTPM hTPM, // in, must not NULL + UINT32 ulFamilyID, // in + TSS_HDELFAMILY* phFamily // out +); + +TSPICALL Tspi_TPM_Delegate_InvalidateFamily +( + TSS_HTPM hTPM, // in, must not be NULL + TSS_HDELFAMILY hFamily // in +); + +TSPICALL Tspi_TPM_Delegate_CreateDelegation +( + TSS_HOBJECT hObject, // in + BYTE bLabel, // in + UINT32 ulFlags, // in + TSS_HPCRS hPcr, // in, may be NULL + TSS_HDELFAMILY hFamily, // in + TSS_HPOLICY hDelegation // in, out +); + +TSPICALL Tspi_TPM_Delegate_CacheOwnerDelegation +( + TSS_HTPM hTPM, // in, must not be NULL + TSS_HPOLICY hDelegation, // in, out + UINT32 ulIndex, // in + UINT32 ulFlags // in +); + +TSPICALL Tspi_TPM_Delegate_UpdateVerificationCount +( + TSS_HTPM hTPM, // in + TSS_HPOLICY hDelegation // in, out +); + +TSPICALL Tspi_TPM_Delegate_VerifyDelegation +( + TSS_HPOLICY hDelegation // in, out +); + +TSPICALL Tspi_TPM_Delegate_ReadTables +( + TSS_HCONTEXT hContext, // in + UINT32* pulFamilyTableSize, // out + TSS_FAMILY_TABLE_ENTRY** ppFamilyTable, // out + UINT32* pulDelegateTableSize, // out + TSS_DELEGATION_TABLE_ENTRY** ppDelegateTable // out +); + +TSPICALL Tspi_TPM_DAA_JoinInit +( + TSS_HTPM hTPM, // in + TSS_HDAA_ISSUER_KEY hIssuerKey, // in + UINT32 daaCounter, // in + UINT32 issuerAuthPKsLength, // in + TSS_HKEY* issuerAuthPKs, // in + UINT32 issuerAuthPKSignaturesLength, // in + UINT32 issuerAuthPKSignaturesLength2, // in + BYTE** issuerAuthPKSignatures, // in + UINT32* capitalUprimeLength, // out + BYTE** capitalUprime, // out + TSS_DAA_IDENTITY_PROOF** identityProof, // out + UINT32* joinSessionLength, // out + BYTE** joinSession // out +); + +TSPICALL Tspi_TPM_DAA_JoinCreateDaaPubKey +( + TSS_HTPM hTPM, // in + TSS_HDAA_CREDENTIAL hDAACredential, // in + UINT32 authenticationChallengeLength, // in + BYTE* authenticationChallenge, // in + UINT32 nonceIssuerLength, // in + BYTE* nonceIssuer, // in + UINT32 attributesPlatformLength, // in + UINT32 attributesPlatformLength2, // in + BYTE** attributesPlatform, // in + UINT32 joinSessionLength, // in + BYTE* joinSession, // in + TSS_DAA_CREDENTIAL_REQUEST** credentialRequest // out +); + +TSPICALL Tspi_TPM_DAA_JoinStoreCredential +( + TSS_HTPM hTPM, // in + TSS_HDAA_CREDENTIAL hDAACredential, // in + TSS_DAA_CRED_ISSUER* credIssuer, // in + UINT32 joinSessionLength, // in + BYTE* joinSession // in +); + +TSPICALL Tspi_TPM_DAA_Sign +( + TSS_HTPM hTPM, // in + TSS_HDAA_CREDENTIAL hDAACredential, // in + TSS_HDAA_ARA_KEY hARAKey, // in + TSS_DAA_SELECTED_ATTRIB* revealAttributes, // in + UINT32 verifierNonceLength, // in + BYTE* verifierNonce, // in + UINT32 verifierBaseNameLength, // in + BYTE* verifierBaseName, // in + TSS_HOBJECT signData, // in + TSS_DAA_SIGNATURE** daaSignature // out +); + +TSPICALL Tspi_TPM_GetAuditDigest +( + TSS_HTPM hTPM, // in + TSS_HKEY hKey, // in + TSS_BOOL closeAudit, // in + UINT32* pulAuditDigestSize, // out + BYTE** prgbAuditDigest, // out + TPM_COUNTER_VALUE* pCounterValue, // out + TSS_VALIDATION* pValidationData, // out + UINT32* ordSize, // out + UINT32** ordList // out +); + + + +// PcrComposite Class Definitions +TSPICALL Tspi_PcrComposite_SelectPcrIndex +( + TSS_HPCRS hPcrComposite, // in + UINT32 ulPcrIndex // in +); + +TSPICALL Tspi_PcrComposite_SelectPcrIndexEx +( + TSS_HPCRS hPcrComposite, // in + UINT32 ulPcrIndex, // in + UINT32 direction // in +); + +TSPICALL Tspi_PcrComposite_SetPcrValue +( + TSS_HPCRS hPcrComposite, // in + UINT32 ulPcrIndex, // in + UINT32 ulPcrValueLength, // in + BYTE* rgbPcrValue // in +); + +TSPICALL Tspi_PcrComposite_GetPcrValue +( + TSS_HPCRS hPcrComposite, // in + UINT32 ulPcrIndex, // in + UINT32* pulPcrValueLength, // out + BYTE** prgbPcrValue // out +); + +TSPICALL Tspi_PcrComposite_SetPcrLocality +( + TSS_HPCRS hPcrComposite, // in + UINT32 LocalityValue // in +); + +TSPICALL Tspi_PcrComposite_GetPcrLocality +( + TSS_HPCRS hPcrComposite, // in + UINT32* pLocalityValue // out +); + +TSPICALL Tspi_PcrComposite_GetCompositeHash +( + TSS_HPCRS hPcrComposite, // in + UINT32* pLen, // in + BYTE** ppbHashData // out +); + + + +// Key Class Definition +TSPICALL Tspi_Key_LoadKey +( + TSS_HKEY hKey, // in + TSS_HKEY hUnwrappingKey // in +); + +TSPICALL Tspi_Key_UnloadKey +( + TSS_HKEY hKey // in +); + +TSPICALL Tspi_Key_GetPubKey +( + TSS_HKEY hKey, // in + UINT32* pulPubKeyLength, // out + BYTE** prgbPubKey // out +); + +TSPICALL Tspi_Key_CertifyKey +( + TSS_HKEY hKey, // in + TSS_HKEY hCertifyingKey, // in + TSS_VALIDATION* pValidationData // in, out +); + +TSPICALL Tspi_Key_CreateKey +( + TSS_HKEY hKey, // in + TSS_HKEY hWrappingKey, // in + TSS_HPCRS hPcrComposite // in, may be NULL +); + +TSPICALL Tspi_Key_WrapKey +( + TSS_HKEY hKey, // in + TSS_HKEY hWrappingKey, // in + TSS_HPCRS hPcrComposite // in, may be NULL +); + +TSPICALL Tspi_Key_CreateMigrationBlob +( + TSS_HKEY hKeyToMigrate, // in + TSS_HKEY hParentKey, // in + UINT32 ulMigTicketLength, // in + BYTE* rgbMigTicket, // in + UINT32* pulRandomLength, // out + BYTE** prgbRandom, // out + UINT32* pulMigrationBlobLength, // out + BYTE** prgbMigrationBlob // out +); + +TSPICALL Tspi_Key_ConvertMigrationBlob +( + TSS_HKEY hKeyToMigrate, // in + TSS_HKEY hParentKey, // in + UINT32 ulRandomLength, // in + BYTE* rgbRandom, // in + UINT32 ulMigrationBlobLength, // in + BYTE* rgbMigrationBlob // in +); + +TSPICALL Tspi_Key_MigrateKey +( + TSS_HKEY hMaKey, // in + TSS_HKEY hPublicKey, // in + TSS_HKEY hMigData // in +); + +TSPICALL Tspi_Key_CMKCreateBlob +( + TSS_HKEY hKeyToMigrate, // in + TSS_HKEY hParentKey, // in + TSS_HMIGDATA hMigrationData, // in + UINT32* pulRandomLength, // out + BYTE** prgbRandom // out +); + +TSPICALL Tspi_Key_CMKConvertMigration +( + TSS_HKEY hKeyToMigrate, // in + TSS_HKEY hParentKey, // in + TSS_HMIGDATA hMigrationData, // in + UINT32 ulRandomLength, // in + BYTE* rgbRandom // in +); + + + +// Hash Class Definition +TSPICALL Tspi_Hash_Sign +( + TSS_HHASH hHash, // in + TSS_HKEY hKey, // in + UINT32* pulSignatureLength, // out + BYTE** prgbSignature // out +); + +TSPICALL Tspi_Hash_VerifySignature +( + TSS_HHASH hHash, // in + TSS_HKEY hKey, // in + UINT32 ulSignatureLength, // in + BYTE* rgbSignature // in +); + +TSPICALL Tspi_Hash_SetHashValue +( + TSS_HHASH hHash, // in + UINT32 ulHashValueLength, // in + BYTE* rgbHashValue // in +); + +TSPICALL Tspi_Hash_GetHashValue +( + TSS_HHASH hHash, // in + UINT32* pulHashValueLength, // out + BYTE** prgbHashValue // out +); + +TSPICALL Tspi_Hash_UpdateHashValue +( + TSS_HHASH hHash, // in + UINT32 ulDataLength, // in + BYTE* rgbData // in +); + +TSPICALL Tspi_Hash_TickStampBlob +( + TSS_HHASH hHash, // in + TSS_HKEY hIdentKey, // in + TSS_VALIDATION* pValidationData // in +); + + + +// EncData Class Definition +TSPICALL Tspi_Data_Bind +( + TSS_HENCDATA hEncData, // in + TSS_HKEY hEncKey, // in + UINT32 ulDataLength, // in + BYTE* rgbDataToBind // in +); + +TSPICALL Tspi_Data_Unbind +( + TSS_HENCDATA hEncData, // in + TSS_HKEY hKey, // in + UINT32* pulUnboundDataLength, // out + BYTE** prgbUnboundData // out +); + +TSPICALL Tspi_Data_Seal +( + TSS_HENCDATA hEncData, // in + TSS_HKEY hEncKey, // in + UINT32 ulDataLength, // in + BYTE* rgbDataToSeal, // in + TSS_HPCRS hPcrComposite // in +); + +TSPICALL Tspi_Data_Unseal +( + TSS_HENCDATA hEncData, // in + TSS_HKEY hKey, // in + UINT32* pulUnsealedDataLength, // out + BYTE** prgbUnsealedData // out +); + + + +// NV Class Definition +TSPICALL Tspi_NV_DefineSpace +( + TSS_HNVSTORE hNVStore, // in + TSS_HPCRS hReadPcrComposite, // in, may be NULL + TSS_HPCRS hWritePcrComposite // in, may be NULL +); + +TSPICALL Tspi_NV_ReleaseSpace +( + TSS_HNVSTORE hNVStore // in +); + +TSPICALL Tspi_NV_WriteValue +( + TSS_HNVSTORE hNVStore, // in + UINT32 offset, // in + UINT32 ulDataLength, // in + BYTE* rgbDataToWrite // in +); + +TSPICALL Tspi_NV_ReadValue +( + TSS_HNVSTORE hNVStore, // in + UINT32 offset, // in + UINT32* ulDataLength, // in, out + BYTE** rgbDataRead // out +); + + +// DAA Utility functions (optional, do not require a TPM or TCS) +TSPICALL Tspi_DAA_IssuerKeyVerify +( + TSS_HDAA_CREDENTIAL hDAACredential, // in + TSS_HDAA_ISSUER_KEY hIssuerKey, // in + TSS_BOOL* isCorrect // out +); + +TSPICALL Tspi_DAA_Issuer_GenerateKey +( + TSS_HDAA_ISSUER_KEY hIssuerKey, // in + UINT32 issuerBaseNameLength, // in + BYTE* issuerBaseName // in +); + +TSPICALL Tspi_DAA_Issuer_InitCredential +( + TSS_HDAA_ISSUER_KEY hIssuerKey, // in + TSS_HKEY issuerAuthPK, // in + TSS_DAA_IDENTITY_PROOF* identityProof, // in + UINT32 capitalUprimeLength, // in + BYTE* capitalUprime, // in + UINT32 daaCounter, // in + UINT32* nonceIssuerLength, // out + BYTE** nonceIssuer, // out + UINT32* authenticationChallengeLength, // out + BYTE** authenticationChallenge, // out + UINT32* joinSessionLength, // out + BYTE** joinSession // out +); + +TSPICALL Tspi_DAA_Issuer_IssueCredential +( + TSS_HDAA_ISSUER_KEY hIssuerKey, // in + TSS_DAA_CREDENTIAL_REQUEST* credentialRequest, // in + UINT32 issuerJoinSessionLength, // in + BYTE* issuerJoinSession, // in + TSS_DAA_CRED_ISSUER** credIssuer // out +); + +TSPICALL Tspi_DAA_Verifier_Init +( + TSS_HDAA_CREDENTIAL hDAACredential, // in + UINT32* nonceVerifierLength, // out + BYTE** nonceVerifier, // out + UINT32* baseNameLength, // out + BYTE** baseName // out +); + +TSPICALL Tspi_DAA_VerifySignature +( + TSS_HDAA_CREDENTIAL hDAACredential, // in + TSS_HDAA_ISSUER_KEY hIssuerKey, // in + TSS_HDAA_ARA_KEY hARAKey, // in + TSS_HHASH hARACondition, // in + UINT32 attributesLength, // in + UINT32 attributesLength2, // in + BYTE** attributes, // in + UINT32 verifierNonceLength, // in + BYTE* verifierNonce, // in + UINT32 verifierBaseNameLength, // in + BYTE* verifierBaseName, // in + TSS_HOBJECT signData, // in + TSS_DAA_SIGNATURE* daaSignature, // in + TSS_BOOL* isCorrect // out +); + +TSPICALL Tspi_DAA_ARA_GenerateKey +( + TSS_HDAA_ISSUER_KEY hIssuerKey, // in + TSS_HDAA_ARA_KEY hARAKey // in +); + +TSPICALL Tspi_DAA_ARA_RevokeAnonymity +( + TSS_HDAA_ARA_KEY hARAKey, // in + TSS_HHASH hARACondition, // in + TSS_HDAA_ISSUER_KEY hIssuerKey, // in + TSS_DAA_PSEUDONYM_ENCRYPTED* encryptedPseudonym, // in + TSS_DAA_PSEUDONYM_PLAIN** pseudonym // out +); + + + +// Callback typedefs +typedef TSS_RESULT (*Tspicb_CallbackHMACAuth) +( + PVOID lpAppData, // in + TSS_HOBJECT hAuthorizedObject, // in + TSS_BOOL ReturnOrVerify, // in + UINT32 ulPendingFunction, // in + TSS_BOOL ContinueUse, // in + UINT32 ulSizeNonces, // in + BYTE* rgbNonceEven, // in + BYTE* rgbNonceOdd, // in + BYTE* rgbNonceEvenOSAP, // in + BYTE* rgbNonceOddOSAP, // in + UINT32 ulSizeDigestHmac, // in + BYTE* rgbParamDigest, // in + BYTE* rgbHmacData // in, out +); + +typedef TSS_RESULT (*Tspicb_CallbackXorEnc) +( + PVOID lpAppData, // in + TSS_HOBJECT hOSAPObject, // in + TSS_HOBJECT hObject, // in + TSS_FLAG PurposeSecret, // in + UINT32 ulSizeNonces, // in + BYTE* rgbNonceEven, // in + BYTE* rgbNonceOdd, // in + BYTE* rgbNonceEvenOSAP, // in + BYTE* rgbNonceOddOSAP, // in + UINT32 ulSizeEncAuth, // in + BYTE* rgbEncAuthUsage, // out + BYTE* rgbEncAuthMigration // out +); + +typedef TSS_RESULT (*Tspicb_CallbackTakeOwnership) +( + PVOID lpAppData, // in + TSS_HOBJECT hObject, // in + TSS_HKEY hObjectPubKey, // in + UINT32 ulSizeEncAuth, // in + BYTE* rgbEncAuth // out +); + +typedef TSS_RESULT (*Tspicb_CallbackSealxMask) +( + PVOID lpAppData, // in + TSS_HKEY hKey, // in + TSS_HENCDATA hEncData, // in + TSS_ALGORITHM_ID algID, // in + UINT32 ulSizeNonces, // in + BYTE* rgbNonceEven, // in + BYTE* rgbNonceOdd, // in + BYTE* rgbNonceEvenOSAP, // in + BYTE* rgbNonceOddOSAP, // in + UINT32 ulDataLength, // in + BYTE* rgbDataToMask, // in + BYTE* rgbMaskedData // out +); + +typedef TSS_RESULT (*Tspicb_CallbackChangeAuthAsym) +( + PVOID lpAppData, // in + TSS_HOBJECT hObject, // in + TSS_HKEY hObjectPubKey, // in + UINT32 ulSizeEncAuth, // in + UINT32 ulSizeAuthLink, // in + BYTE* rgbEncAuth, // out + BYTE* rgbAuthLink // out +); + +typedef TSS_RESULT (*Tspicb_CollateIdentity) +( + PVOID lpAppData, // in + UINT32 ulTCPAPlainIdentityProofLength, // in + BYTE* rgbTCPAPlainIdentityProof, // in + TSS_ALGORITHM_ID algID, // in + UINT32 ulSessionKeyLength, // out + BYTE* rgbSessionKey, // out + UINT32* pulTCPAIdentityProofLength, // out + BYTE* rgbTCPAIdentityProof // out +); + + +typedef TSS_RESULT (*Tspicb_ActivateIdentity) +( + PVOID lpAppData, // in + UINT32 ulSessionKeyLength, // in + BYTE* rgbSessionKey, // in + UINT32 ulSymCAAttestationBlobLength, // in + BYTE* rgbSymCAAttestationBlob, // in + UINT32* pulCredentialLength, // out + BYTE* rgbCredential // out +); + + +typedef TSS_RESULT (*Tspicb_DAA_Sign) +( + PVOID lpAppData, // in + TSS_HDAA_ISSUER_KEY daaPublicKey, // in + UINT32 gammasLength, // in + BYTE** gammas, // in + UINT32 attributesLength, // in + BYTE** attributes, // in + UINT32 randomAttributesLength, // in + BYTE** randomAttributes, // in + UINT32 attributeCommitmentsLength,// in + TSS_DAA_ATTRIB_COMMIT* attributeCommitments, // in + TSS_DAA_ATTRIB_COMMIT* attributeCommitmentsProof, // in + TSS_DAA_PSEUDONYM_PLAIN* pseudonym, // in + TSS_DAA_PSEUDONYM_PLAIN* pseudonymTilde, // in + TSS_DAA_PSEUDONYM_ENCRYPTED* pseudonymEncrypted, // in + TSS_DAA_PSEUDONYM_ENCRYPTED* pseudonymEncProof, // in + TSS_DAA_SIGN_CALLBACK** additionalProof // out +); + +typedef TSS_RESULT (*Tspicb_DAA_VerifySignature) +( + PVOID lpAppData, // in + UINT32 challengeLength, // in + BYTE* challenge, // in + TSS_DAA_SIGN_CALLBACK* additionalProof, // in + TSS_HDAA_ISSUER_KEY daaPublicKey, // in + UINT32 gammasLength, // in + BYTE** gammas, // in + UINT32 sAttributesLength, // in + BYTE** sAttributes, // in + UINT32 attributeCommitmentsLength,// in + TSS_DAA_ATTRIB_COMMIT* attributeCommitments, // in + TSS_DAA_ATTRIB_COMMIT* attributeCommitmentsProof, // in + UINT32 zetaLength, // in + BYTE* zeta, // in + UINT32 sFLength, // in + BYTE* sF, // in + TSS_DAA_PSEUDONYM* pseudonym, // in + TSS_DAA_PSEUDONYM* pseudonymProof, // in + TSS_BOOL* isCorrect // out +); + + +#if defined ( __cplusplus ) +} +#endif /* __cplusplus */ + + +#endif /* _TSPI_H_ */ diff --git a/src/include/tss/tss_defines.h b/src/include/tss/tss_defines.h new file mode 100644 index 0000000..a525a6a --- /dev/null +++ b/src/include/tss/tss_defines.h @@ -0,0 +1,1288 @@ +/*++ + +Global defines for TSS. + +--*/ + +#ifndef __TSS_DEFINES_H__ +#define __TSS_DEFINES_H__ + +#include +#include + + +////////////////////////////////////////////////////////////////////////// +// Object types: +////////////////////////////////////////////////////////////////////////// + +// +// definition of the object types that can be created via CreateObject +// +#define TSS_OBJECT_TYPE_POLICY (0x01) // Policy object +#define TSS_OBJECT_TYPE_RSAKEY (0x02) // RSA-Key object +#define TSS_OBJECT_TYPE_ENCDATA (0x03) // Encrypted data object +#define TSS_OBJECT_TYPE_PCRS (0x04) // PCR composite object +#define TSS_OBJECT_TYPE_HASH (0x05) // Hash object +#define TSS_OBJECT_TYPE_DELFAMILY (0x06) // Delegation Family object +#define TSS_OBJECT_TYPE_NV (0x07) // NV object +#define TSS_OBJECT_TYPE_MIGDATA (0x08) // CMK Migration data object +#define TSS_OBJECT_TYPE_DAA_CERTIFICATE (0x09) // DAA credential +#define TSS_OBJECT_TYPE_DAA_ISSUER_KEY (0x0a) // DAA cred. issuer keypair +#define TSS_OBJECT_TYPE_DAA_ARA_KEY (0x0b) // DAA anonymity revocation + // authority keypair + + +////////////////////////////////////////////////////////////////////////// +// CreateObject: Flags +////////////////////////////////////////////////////////////////////////// + + +//************************************ +// Flags for creating RSAKEY object: * +//************************************ + +// +// +// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 +// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 +// --------------------------------------------------------------- +// |x x|Auth +// |x| Volatility +// |x| Migration +// |x x x x| Type +// |x x x x| Size +// |x x| CMK +// |x x x| Version +// |0 0 0 0 0 0 0 0 0| Reserved +// |x x x x x x| Fixed Type +// + +// Authorization: +// +// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 +// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 +// --------------------------------------------------------------- +// +// Never |0 0| +// Always |0 1| +// Private key always |1 0| +// +#define TSS_KEY_NO_AUTHORIZATION (0x00000000) // no auth needed + // for this key +#define TSS_KEY_AUTHORIZATION (0x00000001) // key needs auth + // for all ops +#define TSS_KEY_AUTHORIZATION_PRIV_USE_ONLY (0x00000002) // key needs auth + // for privkey ops, + // noauth for pubkey + +// +// Volatility +// +// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 +// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 +// --------------------------------------------------------------- +// +// Non Volatile |0| +// Volatile |1| +// +#define TSS_KEY_NON_VOLATILE (0x00000000) // Key is non-volatile +#define TSS_KEY_VOLATILE (0x00000004) // Key is volatile + +// +// Migration +// +// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 +// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 +// --------------------------------------------------------------- +// +// Non Migratable |0| +// Migratable |1| +// +#define TSS_KEY_NOT_MIGRATABLE (0x00000000) // key is not migratable +#define TSS_KEY_MIGRATABLE (0x00000008) // key is migratable + +// +// Usage +// +// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 +// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 +// --------------------------------------------------------------- +// +// Default (Legacy) |0 0 0 0| +// Signing |0 0 0 1| +// Storage |0 0 1 0| +// Identity |0 0 1 1| +// AuthChange |0 1 0 0| +// Bind |0 1 0 1| +// Legacy |0 1 1 0| +// +#define TSS_KEY_TYPE_DEFAULT (0x00000000) // indicate a default key + // (Legacy-Key) +#define TSS_KEY_TYPE_SIGNING (0x00000010) // indicate a signing key +#define TSS_KEY_TYPE_STORAGE (0x00000020) // used as storage key +#define TSS_KEY_TYPE_IDENTITY (0x00000030) // indicate an idendity key +#define TSS_KEY_TYPE_AUTHCHANGE (0x00000040) // indicate an ephemeral key +#define TSS_KEY_TYPE_BIND (0x00000050) // indicate a key for TPM_Bind +#define TSS_KEY_TYPE_LEGACY (0x00000060) // indicate a key that can + // perform signing and binding +#define TSS_KEY_TYPE_MIGRATE (0x00000070) // indicate a key that can + // act as a CMK MA +#define TSS_KEY_TYPE_BITMASK (0x000000F0) // mask to extract key type + +// +// Key size +// +// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 +// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 +// --------------------------------------------------------------- +// +// DEFAULT |0 0 0 0| +// 512 |0 0 0 1| +// 1024 |0 0 1 0| +// 2048 |0 0 1 1| +// 4096 |0 1 0 0| +// 8192 |0 1 0 1| +// 16384 |0 1 1 0| +// +#define TSS_KEY_SIZE_DEFAULT (UINT32)(0x00000000) // indicate tpm-specific size +#define TSS_KEY_SIZE_512 (UINT32)(0x00000100) // indicate a 512-bit key +#define TSS_KEY_SIZE_1024 (UINT32)(0x00000200) // indicate a 1024-bit key +#define TSS_KEY_SIZE_2048 (UINT32)(0x00000300) // indicate a 2048-bit key +#define TSS_KEY_SIZE_4096 (UINT32)(0x00000400) // indicate a 4096-bit key +#define TSS_KEY_SIZE_8192 (UINT32)(0x00000500) // indicate a 8192-bit key +#define TSS_KEY_SIZE_16384 (UINT32)(0x00000600) // indicate a 16384-bit key +#define TSS_KEY_SIZE_BITMASK (UINT32)(0x00000F00) // mask to extract key size + +// +// Certified Migratability +// +// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 +// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 +// --------------------------------------------------------------- +// +// DEFAULT |0 0| +// Not Certified Migratable |0 0| +// Certified Migratable |0 1| +// +#define TSS_KEY_NOT_CERTIFIED_MIGRATABLE (UINT32)(0x00000000) +#define TSS_KEY_CERTIFIED_MIGRATABLE (UINT32)(0x00001000) + +// +// Specification version +// +// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 +// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 +// --------------------------------------------------------------- +// +// Context default |0 0 0| +// TPM_KEY 1.1b key |0 0 1| +// TPM_KEY12 1.2 key |0 1 0| +// +#define TSS_KEY_STRUCT_DEFAULT (UINT32)(0x00000000) +#define TSS_KEY_STRUCT_KEY (UINT32)(0x00004000) +#define TSS_KEY_STRUCT_KEY12 (UINT32)(0x00008000) +#define TSS_KEY_STRUCT_BITMASK (UINT32)(0x0001C000) + + +// +// fixed KeyTypes (templates) +// +// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 +// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 +// --------------------------------------------------------------- +// +// |0 0 0 0 0 0| Empty Key +// |0 0 0 0 0 1| Storage Root Key +// +#define TSS_KEY_EMPTY_KEY (0x00000000) // no TPM key template + // (empty TSP key object) +#define TSS_KEY_TSP_SRK (0x04000000) // use a TPM SRK template + // (TSP key object for SRK) +#define TSS_KEY_TEMPLATE_BITMASK (0xFC000000) // bitmask to extract key + // template + + +//************************************* +// Flags for creating ENCDATA object: * +//************************************* + +// +// Type +// +// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 +// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 +// --------------------------------------------------------------- +// +// Seal |0 0 1| +// Bind |0 1 0| +// Legacy |0 1 1| +// +// ENCDATA Reserved: +// |x x x x x x x x x x x x x x x x x x x x x x x x x x x x x| +// +#define TSS_ENCDATA_SEAL (0x00000001) // data for seal operation +#define TSS_ENCDATA_BIND (0x00000002) // data for bind operation +#define TSS_ENCDATA_LEGACY (0x00000003) // data for legacy bind operation + + +//********************************** +// Flags for creating HASH object: * +//********************************** + +// +// Algorithm +// +// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 +// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 +// --------------------------------------------------------------- +// +// DEFAULT +// |0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0| +// SHA1 +// |0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1| +// OTHER +// |1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1| +// +#define TSS_HASH_DEFAULT (0x00000000) // Default hash algorithm +#define TSS_HASH_SHA1 (0x00000001) // SHA-1 with 20 bytes +#define TSS_HASH_OTHER (0xFFFFFFFF) // Not-specified hash algorithm + + +//************************************ +// Flags for creating POLICY object: * +//************************************ + +// +// Type +// +// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 +// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 +// --------------------------------------------------------------- +// +// Usage |0 0 1| +// Migration |0 1 0| +// Operator |0 1 1| +// +// POLICY Reserved: +// |x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x| + +#define TSS_POLICY_USAGE (0x00000001) // usage policy object +#define TSS_POLICY_MIGRATION (0x00000002) // migration policy object +#define TSS_POLICY_OPERATOR (0x00000003) // migration policy object + + +//****************************************** +// Flags for creating PCRComposite object: * +//****************************************** + +// +// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 +// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 +// --------------------------------------------------------------- +// |x x| Struct +// |x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x| Reserved +// + +// PCRComposite Version: +// +// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 +// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 +// --------------------------------------------------------------- +// TPM_PCR_DEFAULT |0 0 0| +// TPM_PCR_INFO |0 0 1| +// TPM_PCR_INFO_LONG |0 1 0| +// TPM_PCR_INFO_SHORT |0 1 1| +// + +#define TSS_PCRS_STRUCT_DEFAULT (0x00000000) // depends on context +#define TSS_PCRS_STRUCT_INFO (0x00000001) // TPM_PCR_INFO +#define TSS_PCRS_STRUCT_INFO_LONG (0x00000002) // TPM_PCR_INFO_LONG +#define TSS_PCRS_STRUCT_INFO_SHORT (0x00000003) // TPM_PCR_INFO_SHORT + + + +////////////////////////////////////////////////////////////////////////// +// Attribute Flags, Subflags, and Values +////////////////////////////////////////////////////////////////////////// + + +//****************** +// Context object: * +//****************** + +// +// Attributes +// +#define TSS_TSPATTRIB_CONTEXT_SILENT_MODE (0x00000001) + // dialog display control +#define TSS_TSPATTRIB_CONTEXT_MACHINE_NAME (0x00000002) + // remote machine name +#define TSS_TSPATTRIB_CONTEXT_VERSION_MODE (0x00000003) + // context version +#define TSS_TSPATTRIB_CONTEXT_TRANSPORT (0x00000004) + // transport control +#define TSS_TSPATTRIB_CONTEXT_CONNECTION_VERSION (0x00000005) + // connection version +#define TSS_TSPATTRIB_SECRET_HASH_MODE (0x00000006) + // flag indicating whether + // NUL is included in the + // hash of the password +// +// SubFlags for Flag TSS_TSPATTRIB_CONTEXT_TRANSPORT +// +#define TSS_TSPATTRIB_CONTEXTTRANS_CONTROL (0x00000008) +#define TSS_TSPATTRIB_CONTEXTTRANS_MODE (0x00000010) + +// +// Values for the TSS_TSPATTRIB_CONTEXT_SILENT_MODE attribute +// +#define TSS_TSPATTRIB_CONTEXT_NOT_SILENT (0x00000000) // TSP dialogs enabled +#define TSS_TSPATTRIB_CONTEXT_SILENT (0x00000001) // TSP dialogs disabled + +// +// Values for the TSS_TSPATTRIB_CONTEXT_VERSION_MODE attribute +// +#define TSS_TSPATTRIB_CONTEXT_VERSION_AUTO (0x00000001) +#define TSS_TSPATTRIB_CONTEXT_VERSION_V1_1 (0x00000002) +#define TSS_TSPATTRIB_CONTEXT_VERSION_V1_2 (0x00000003) + +// +// Values for the subflag TSS_TSPATTRIB_CONTEXT_TRANS_CONTROL +// +#define TSS_TSPATTRIB_DISABLE_TRANSPORT (0x00000016) +#define TSS_TSPATTRIB_ENABLE_TRANSPORT (0x00000032) + +// +// Values for the subflag TSS_TSPATTRIB_CONTEXT_TRANS_MODE +// +#define TSS_TSPATTRIB_TRANSPORT_NO_DEFAULT_ENCRYPTION (0x00000000) +#define TSS_TSPATTRIB_TRANSPORT_DEFAULT_ENCRYPTION (0x00000001) +#define TSS_TSPATTRIB_TRANSPORT_AUTHENTIC_CHANNEL (0x00000002) +#define TSS_TSPATTRIB_TRANSPORT_EXCLUSIVE (0x00000004) +#define TSS_TSPATTRIB_TRANSPORT_STATIC_AUTH (0x00000008) + +// +// Values for the TSS_TSPATTRIB_CONTEXT_CONNECTION_VERSION attribute +// +#define TSS_CONNECTION_VERSION_1_1 (0x00000001) +#define TSS_CONNECTION_VERSION_1_2 (0x00000002) + + +// +// Subflags of TSS_TSPATTRIB_SECRET_HASH_MODE +// +#define TSS_TSPATTRIB_SECRET_HASH_MODE_POPUP (0x00000001) + +// +// Values for TSS_TSPATTRIB_SECRET_HASH_MODE_POPUP subflag +// +#define TSS_TSPATTRIB_HASH_MODE_NOT_NULL (0x00000000) +#define TSS_TSPATTRIB_HASH_MODE_NULL (0x00000001) + + +// ************* +// TPM object: * +// ************* + +// +// Attributes: +// +#define TSS_TSPATTRIB_TPM_CALLBACK_COLLATEIDENTITY 0x00000001 +#define TSS_TSPATTRIB_TPM_CALLBACK_ACTIVATEIDENTITY 0x00000002 +#define TSS_TSPATTRIB_TPM_ORDINAL_AUDIT_STATUS 0x00000003 +#define TSS_TSPATTRIB_TPM_CREDENTIAL 0x00001000 + +// +// Subflags for TSS_TSPATTRIB_TPM_ORDINAL_AUDIT_STATUS +// +#define TPM_CAP_PROP_TPM_CLEAR_ORDINAL_AUDIT 0x00000000 +#define TPM_CAP_PROP_TPM_SET_ORDINAL_AUDIT 0x00000001 + +// +// Subflags for TSS_TSPATTRIB_TPM_CREDENTIAL +// +#define TSS_TPMATTRIB_EKCERT 0x00000001 +#define TSS_TPMATTRIB_TPM_CC 0x00000002 +#define TSS_TPMATTRIB_PLATFORMCERT 0x00000003 +#define TSS_TPMATTRIB_PLATFORM_CC 0x00000004 + + +//***************** +// Policy object: * +//***************** + +// +// Attributes +// +#define TSS_TSPATTRIB_POLICY_CALLBACK_HMAC (0x00000080) + // enable/disable callback function + +#define TSS_TSPATTRIB_POLICY_CALLBACK_XOR_ENC (0x00000100) + // enable/disable callback function + +#define TSS_TSPATTRIB_POLICY_CALLBACK_TAKEOWNERSHIP (0x00000180) + // enable/disable callback function + +#define TSS_TSPATTRIB_POLICY_CALLBACK_CHANGEAUTHASYM (0x00000200) + // enable/disable callback function + +#define TSS_TSPATTRIB_POLICY_SECRET_LIFETIME (0x00000280) + // set lifetime mode for policy secret + +#define TSS_TSPATTRIB_POLICY_POPUPSTRING (0x00000300) + // set a NULL terminated UNICODE string + // which is displayed in the TSP policy + // popup dialog +#define TSS_TSPATTRIB_POLICY_CALLBACK_SEALX_MASK (0x00000380) + // enable/disable callback function +#if 0 +/* This attribute flag is defined earlier with the context attributes. + * It is valid for both context and policy objects. It is copied + * here as a reminder to avoid collisions. + */ +#define TSS_TSPATTRIB_SECRET_HASH_MODE (0x00000006) + // flag indicating whether + // NUL is included in the + // hash of the password +#endif + + +#define TSS_TSPATTRIB_POLICY_DELEGATION_INFO (0x00000001) +#define TSS_TSPATTRIB_POLICY_DELEGATION_PCR (0x00000002) + +// +// SubFlags for Flag TSS_TSPATTRIB_POLICY_SECRET_LIFETIME +// +#define TSS_SECRET_LIFETIME_ALWAYS (0x00000001) // secret will not be + // invalidated +#define TSS_SECRET_LIFETIME_COUNTER (0x00000002) // secret lifetime + // controlled by counter +#define TSS_SECRET_LIFETIME_TIMER (0x00000003) // secret lifetime + // controlled by time +#define TSS_TSPATTRIB_POLSECRET_LIFETIME_ALWAYS TSS_SECRET_LIFETIME_ALWAYS +#define TSS_TSPATTRIB_POLSECRET_LIFETIME_COUNTER TSS_SECRET_LIFETIME_COUNTER +#define TSS_TSPATTRIB_POLSECRET_LIFETIME_TIMER TSS_SECRET_LIFETIME_TIMER + +// Alternate names misspelled in the 1.1 TSS spec. +#define TSS_TSPATTRIB_POLICYSECRET_LIFETIME_ALWAYS TSS_SECRET_LIFETIME_ALWAYS +#define TSS_TSPATTRIB_POLICYSECRET_LIFETIME_COUNTER TSS_SECRET_LIFETIME_COUNTER +#define TSS_TSPATTRIB_POLICYSECRET_LIFETIME_TIMER TSS_SECRET_LIFETIME_TIMER + +// +// Subflags of TSS_TSPATTRIB_POLICY_DELEGATION_INFO +// +#define TSS_TSPATTRIB_POLDEL_TYPE (0x00000001) +#define TSS_TSPATTRIB_POLDEL_INDEX (0x00000002) +#define TSS_TSPATTRIB_POLDEL_PER1 (0x00000003) +#define TSS_TSPATTRIB_POLDEL_PER2 (0x00000004) +#define TSS_TSPATTRIB_POLDEL_LABEL (0x00000005) +#define TSS_TSPATTRIB_POLDEL_FAMILYID (0x00000006) +#define TSS_TSPATTRIB_POLDEL_VERCOUNT (0x00000007) +#define TSS_TSPATTRIB_POLDEL_OWNERBLOB (0x00000008) +#define TSS_TSPATTRIB_POLDEL_KEYBLOB (0x00000009) + +// +// Subflags of TSS_TSPATTRIB_POLICY_DELEGATION_PCR +// +#define TSS_TSPATTRIB_POLDELPCR_LOCALITY (0x00000001) +#define TSS_TSPATTRIB_POLDELPCR_DIGESTATRELEASE (0x00000002) +#define TSS_TSPATTRIB_POLDELPCR_SELECTION (0x00000003) + +// +// Values for the Policy TSS_TSPATTRIB_POLDEL_TYPE attribute +// +#define TSS_DELEGATIONTYPE_NONE (0x00000001) +#define TSS_DELEGATIONTYPE_OWNER (0x00000002) +#define TSS_DELEGATIONTYPE_KEY (0x00000003) + + + +// +// Flags used for the 'mode' parameter in Tspi_Policy_SetSecret() +// +#define TSS_SECRET_MODE_NONE (0x00000800) // No authorization will be + // processed +#define TSS_SECRET_MODE_SHA1 (0x00001000) // Secret string will not be + // touched by TSP +#define TSS_SECRET_MODE_PLAIN (0x00001800) // Secret string will be hashed + // using SHA1 +#define TSS_SECRET_MODE_POPUP (0x00002000) // TSS SP will ask for a secret +#define TSS_SECRET_MODE_CALLBACK (0x00002800) // Application has to provide a + // call back function + + + +//****************** +// EncData object: * +//****************** + +// +// Attributes +// +#define TSS_TSPATTRIB_ENCDATA_BLOB (0x00000008) +#define TSS_TSPATTRIB_ENCDATA_PCR (0x00000010) +#define TSS_TSPATTRIB_ENCDATA_PCR_LONG (0x00000018) +#define TSS_TSPATTRIB_ENCDATA_SEAL (0x00000020) + +// +// SubFlags for Flag TSS_TSPATTRIB_ENCDATA_BLOB +// +#define TSS_TSPATTRIB_ENCDATABLOB_BLOB (0x00000001) // encrypted data blob + +// +// SubFlags for Flag TSS_TSPATTRIB_ENCDATA_PCR +// +#define TSS_TSPATTRIB_ENCDATAPCR_DIGEST_ATCREATION (0x00000002) +#define TSS_TSPATTRIB_ENCDATAPCR_DIGEST_ATRELEASE (0x00000003) +#define TSS_TSPATTRIB_ENCDATAPCR_SELECTION (0x00000004) +// support typo from 1.1 headers +#define TSS_TSPATTRIB_ENCDATAPCR_DIGEST_RELEASE \ + TSS_TSPATTRIB_ENCDATAPCR_DIGEST_ATRELEASE + +#define TSS_TSPATTRIB_ENCDATAPCRLONG_LOCALITY_ATCREATION (0x00000005) +#define TSS_TSPATTRIB_ENCDATAPCRLONG_LOCALITY_ATRELEASE (0x00000006) +#define TSS_TSPATTRIB_ENCDATAPCRLONG_CREATION_SELECTION (0x00000007) +#define TSS_TSPATTRIB_ENCDATAPCRLONG_RELEASE_SELECTION (0x00000008) +#define TSS_TSPATTRIB_ENCDATAPCRLONG_DIGEST_ATCREATION (0x00000009) +#define TSS_TSPATTRIB_ENCDATAPCRLONG_DIGEST_ATRELEASE (0x0000000A) + + +// +// Attribute subflags TSS_TSPATTRIB_ENCDATA_SEAL +// +#define TSS_TSPATTRIB_ENCDATASEAL_PROTECT_MODE (0x00000001) + +// +// Attribute values for +// TSS_TSPATTRIB_ENCDATA_SEAL/TSS_TSPATTRIB_ENCDATASEAL_PROTECT_MODE +// +#define TSS_TSPATTRIB_ENCDATASEAL_NOPROTECT (0x00000000) +#define TSS_TSPATTRIB_ENCDATASEAL_PROTECT (0x00000001) + +// Accounting for typos in original header files +#define TSS_TSPATTRIB_ENCDATASEAL_NO_PROTECT \ + TSS_TSPATTRIB_ENCDATASEAL_NOPROTECT + +//************* +// NV object: * +//************* + +// +// Attributes +// +#define TSS_TSPATTRIB_NV_INDEX (0x00000001) +#define TSS_TSPATTRIB_NV_PERMISSIONS (0x00000002) +#define TSS_TSPATTRIB_NV_STATE (0x00000003) +#define TSS_TSPATTRIB_NV_DATASIZE (0x00000004) +#define TSS_TSPATTRIB_NV_PCR (0x00000005) + +#define TSS_TSPATTRIB_NVSTATE_READSTCLEAR (0x00100000) +#define TSS_TSPATTRIB_NVSTATE_WRITESTCLEAR (0x00200000) +#define TSS_TSPATTRIB_NVSTATE_WRITEDEFINE (0x00300000) + +#define TSS_TSPATTRIB_NVPCR_READPCRSELECTION (0x01000000) +#define TSS_TSPATTRIB_NVPCR_READDIGESTATRELEASE (0x02000000) +#define TSS_TSPATTRIB_NVPCR_READLOCALITYATRELEASE (0x03000000) +#define TSS_TSPATTRIB_NVPCR_WRITEPCRSELECTION (0x04000000) +#define TSS_TSPATTRIB_NVPCR_WRITEDIGESTATRELEASE (0x05000000) +#define TSS_TSPATTRIB_NVPCR_WRITELOCALITYATRELEASE (0x06000000) + +/* NV index flags + * + * From the TPM spec, Part 2, Section 19.1. + * + * 3 2 1 + * 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * |T|P|U|D| resvd | Purview | Index | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + */ +#define TSS_NV_TPM (0x80000000) // TPM mfr reserved bit +#define TSS_NV_PLATFORM (0x40000000) // Platform mfr reserved bit +#define TSS_NV_USER (0x20000000) // User reserved bit +#define TSS_NV_DEFINED (0x10000000) // "Defined permanently" flag +#define TSS_NV_MASK_TPM (0x80000000) // mask to extract 'T' +#define TSS_NV_MASK_PLATFORM (0x40000000) // mask to extract 'P' +#define TSS_NV_MASK_USER (0x20000000) // mask to extract 'U' +#define TSS_NV_MASK_DEFINED (0x10000000) // mask to extract 'D' +#define TSS_NV_MASK_RESERVED (0x0f000000) // mask to extract reserved bits +#define TSS_NV_MASK_PURVIEW (0x00ff0000) // mask to extract purview byte +#define TSS_NV_MASK_INDEX (0x0000ffff) // mask to extract index byte + +// This is the index of the NV storage area where the number of sessions +// per locality is stored. +#define TSS_NV_INDEX_SESSIONS (0x00011101) + + +//****************** +// MigData object: * +//****************** + +// +// Attributes +// +#define TSS_MIGATTRIB_MIGRATIONBLOB (0x00000010) +#define TSS_MIGATTRIB_MIGRATIONTICKET (0x00000020) +#define TSS_MIGATTRIB_AUTHORITY_DATA (0x00000030) +#define TSS_MIGATTRIB_MIG_AUTH_DATA (0x00000040) +#define TSS_MIGATTRIB_TICKET_DATA (0x00000050) +#define TSS_MIGATTRIB_PAYLOAD_TYPE (0x00000060) + +// +// Attribute subflags TSS_MIGATTRIB_MIGRATIONBLOB +// +#define TSS_MIGATTRIB_MIGRATION_XOR_BLOB (0x00000101) +#define TSS_MIGATTRIB_MIGRATION_REWRAPPED_BLOB (0x00000102) +#define TSS_MIGATTRIB_MIG_MSALIST_PUBKEY_BLOB (0x00000103) +#define TSS_MIGATTRIB_MIG_AUTHORITY_PUBKEY_BLOB (0x00000104) +#define TSS_MIGATTRIB_MIG_DESTINATION_PUBKEY_BLOB (0x00000105) +#define TSS_MIGATTRIB_MIG_SOURCE_PUBKEY_BLOB (0x00000106) +#define TSS_MIGATTRIB_MIG_REWRAPPED_BLOB TSS_MIGATTRIB_MIGRATION_REWRAPPED_BLOB +#define TSS_MIGATTRIB_MIG_XOR_BLOB TSS_MIGATTRIB_MIGRATION_XOR_BLOB + +// +// Attribute subflags TSS_MIGATTRIB_MIGRATIONTICKET +// +// none + +// +// Attribute subflags TSS_MIGATTRIB_AUTHORITY_DATA +// +#define TSS_MIGATTRIB_AUTHORITY_DIGEST (0x00000301) +#define TSS_MIGATTRIB_AUTHORITY_APPROVAL_HMAC (0x00000302) +#define TSS_MIGATTRIB_AUTHORITY_MSALIST (0x00000303) + +// +// Attribute subflags TSS_MIGATTRIB_MIG_AUTH_DATA +// +#define TSS_MIGATTRIB_MIG_AUTH_AUTHORITY_DIGEST (0x00000401) +#define TSS_MIGATTRIB_MIG_AUTH_DESTINATION_DIGEST (0x00000402) +#define TSS_MIGATTRIB_MIG_AUTH_SOURCE_DIGEST (0x00000403) + +// +// Attribute subflags TSS_MIGATTRIB_TICKET_DATA +// +#define TSS_MIGATTRIB_TICKET_SIG_DIGEST (0x00000501) +#define TSS_MIGATTRIB_TICKET_SIG_VALUE (0x00000502) +#define TSS_MIGATTRIB_TICKET_SIG_TICKET (0x00000503) +#define TSS_MIGATTRIB_TICKET_RESTRICT_TICKET (0x00000504) + +// +// Attribute subflags TSS_MIGATTRIB_PAYLOAD_TYPE +// +#define TSS_MIGATTRIB_PT_MIGRATE_RESTRICTED (0x00000601) +#define TSS_MIGATTRIB_PT_MIGRATE_EXTERNAL (0x00000602) + + + + +//*************** +// Hash object: * +//*************** + +// +// Attributes +// +#define TSS_TSPATTRIB_HASH_IDENTIFIER (0x00001000) // Hash algorithm identifier +#define TSS_TSPATTRIB_ALG_IDENTIFIER (0x00002000) // ASN.1 alg identifier + + + +//*************** +// PCRs object: * +//*************** + +// +// Attributes +// +#define TSS_TSPATTRIB_PCRS_INFO (0x00000001) // info + +// +// Subflags for TSS_TSPATTRIB_PCRS_INFO flag +// +#define TSS_TSPATTRIB_PCRSINFO_PCRSTRUCT (0x00000001) // type of pcr struct + // TSS_PCRS_STRUCT_TYPE_XX + +//**************************** +// Delegation Family object: * +//**************************** + +// +// Attributes +// +#define TSS_TSPATTRIB_DELFAMILY_STATE (0x00000001) +#define TSS_TSPATTRIB_DELFAMILY_INFO (0x00000002) + +// DELFAMILY_STATE sub-attributes +#define TSS_TSPATTRIB_DELFAMILYSTATE_LOCKED (0x00000001) +#define TSS_TSPATTRIB_DELFAMILYSTATE_ENABLED (0x00000002) + +// DELFAMILY_INFO sub-attributes +#define TSS_TSPATTRIB_DELFAMILYINFO_LABEL (0x00000003) +#define TSS_TSPATTRIB_DELFAMILYINFO_VERCOUNT (0x00000004) +#define TSS_TSPATTRIB_DELFAMILYINFO_FAMILYID (0x00000005) + +// Bitmasks for the 'ulFlags' argument to Tspi_TPM_Delegate_CreateDelegation. +// Only one bit used for now. +#define TSS_DELEGATE_INCREMENTVERIFICATIONCOUNT ((UINT32)1) + +// Bitmasks for the 'ulFlags' argument to +// Tspi_TPM_Delegate_CacheOwnerDelegation. Only 1 bit is used for now. +#define TSS_DELEGATE_CACHEOWNERDELEGATION_OVERWRITEEXISTING ((UINT32)1) + + + +//************************* +// DAA Credential Object: * +//************************* + +// +// Attribute flags +// +#define TSS_TSPATTRIB_DAACRED_COMMIT (0x00000001) +#define TSS_TSPATTRIB_DAACRED_ATTRIB_GAMMAS (0x00000002) +#define TSS_TSPATTRIB_DAACRED_CREDENTIAL_BLOB (0x00000003) +#define TSS_TSPATTRIB_DAACRED_CALLBACK_SIGN (0x00000004) +#define TSS_TSPATTRIB_DAACRED_CALLBACK_VERIFYSIGNATURE (0x00000005) + +// +// Subflags for TSS_TSPATTRIB_DAACRED_COMMIT +// +#define TSS_TSPATTRIB_DAACOMMIT_NUMBER (0x00000001) +#define TSS_TSPATTRIB_DAACOMMIT_SELECTION (0x00000002) +#define TSS_TSPATTRIB_DAACOMMIT_COMMITMENTS (0x00000003) + +// +// Subflags for TSS_TSPATTRIB_DAACRED_ATTRIB_GAMMAS +// +#define TSS_TSPATTRIB_DAAATTRIBGAMMAS_BLOB (0xffffffff) + + + +//************************* +// DAA Issuer Key Object: * +//************************* + +// +// Attribute flags +// +#define TSS_TSPATTRIB_DAAISSUERKEY_BLOB (0x00000001) +#define TSS_TSPATTRIB_DAAISSUERKEY_PUBKEY (0x00000002) + +// +// Subflags for TSS_TSPATTRIB_DAAISSUERKEY_BLOB +// +#define TSS_TSPATTRIB_DAAISSUERKEYBLOB_PUBLIC_KEY (0x00000001) +#define TSS_TSPATTRIB_DAAISSUERKEYBLOB_SECRET_KEY (0x00000002) +#define TSS_TSPATTRIB_DAAISSUERKEYBLOB_KEYBLOB (0x00000003) +#define TSS_TSPATTRIB_DAAISSUERKEYBLOB_PROOF (0x00000004) + +// +// Subflags for TSS_TSPATTRIB_DAAISSUERKEY_PUBKEY +// +#define TSS_TSPATTRIB_DAAISSUERKEYPUBKEY_NUM_ATTRIBS (0x00000001) +#define TSS_TSPATTRIB_DAAISSUERKEYPUBKEY_NUM_PLATFORM_ATTRIBS (0x00000002) +#define TSS_TSPATTRIB_DAAISSUERKEYPUBKEY_NUM_ISSUER_ATTRIBS (0x00000003) + + + +//*************************************** +// DAA Anonymity Revocation Key Object: * +//*************************************** + +// +// Attribute flags +// +#define TSS_TSPATTRIB_DAAARAKEY_BLOB (0x00000001) + +// +// Subflags for TSS_TSPATTRIB_DAAARAKEY_BLOB +// +#define TSS_TSPATTRIB_DAAARAKEYBLOB_PUBLIC_KEY (0x00000001) +#define TSS_TSPATTRIB_DAAARAKEYBLOB_SECRET_KEY (0x00000002) +#define TSS_TSPATTRIB_DAAARAKEYBLOB_KEYBLOB (0x00000003) + + + +// +// Structure payload flags for TSS_DAA_PSEUDONYM, +// (TSS_DAA_PSEUDONYM.payloadFlag) +// +#define TSS_FLAG_DAA_PSEUDONYM_PLAIN (0x00000000) +#define TSS_FLAG_DAA_PSEUDONYM_ENCRYPTED (0x00000001) + + +//************** +// Key Object: * +//************** + +// +// Attribute flags +// +#define TSS_TSPATTRIB_KEY_BLOB (0x00000040) // key info as blob data +#define TSS_TSPATTRIB_KEY_INFO (0x00000080) // keyparam info as blob data +#define TSS_TSPATTRIB_KEY_UUID (0x000000C0) // key UUID info as blob data +#define TSS_TSPATTRIB_KEY_PCR (0x00000100) // composite digest value for + // the key +#define TSS_TSPATTRIB_RSAKEY_INFO (0x00000140) // public key info +#define TSS_TSPATTRIB_KEY_REGISTER (0x00000180) // register location +#define TSS_TSPATTRIB_KEY_PCR_LONG (0x000001c0) // PCR_INFO_LONG for the key +#define TSS_TSPATTRIB_KEY_CONTROLBIT (0x00000200) // key control flags +#define TSS_TSPATTRIB_KEY_CMKINFO (0x00000400) // CMK info + +// +// SubFlags for Flag TSS_TSPATTRIB_KEY_BLOB +// +#define TSS_TSPATTRIB_KEYBLOB_BLOB (0x00000008) // key info using the + // key blob +#define TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY (0x00000010) // public key info + // using the blob +#define TSS_TSPATTRIB_KEYBLOB_PRIVATE_KEY (0x00000028) // encrypted private key + // blob + +// +// SubFlags for Flag TSS_TSPATTRIB_KEY_INFO +// +#define TSS_TSPATTRIB_KEYINFO_SIZE (0x00000080) // key size in bits +#define TSS_TSPATTRIB_KEYINFO_USAGE (0x00000100) // key usage info +#define TSS_TSPATTRIB_KEYINFO_KEYFLAGS (0x00000180) // key flags +#define TSS_TSPATTRIB_KEYINFO_AUTHUSAGE (0x00000200) // key auth usage info +#define TSS_TSPATTRIB_KEYINFO_ALGORITHM (0x00000280) // key algorithm ID +#define TSS_TSPATTRIB_KEYINFO_SIGSCHEME (0x00000300) // key sig scheme +#define TSS_TSPATTRIB_KEYINFO_ENCSCHEME (0x00000380) // key enc scheme +#define TSS_TSPATTRIB_KEYINFO_MIGRATABLE (0x00000400) // if true then key is + // migratable +#define TSS_TSPATTRIB_KEYINFO_REDIRECTED (0x00000480) // key is redirected +#define TSS_TSPATTRIB_KEYINFO_VOLATILE (0x00000500) // if true key is + // volatile +#define TSS_TSPATTRIB_KEYINFO_AUTHDATAUSAGE (0x00000580) // if true auth is + // required +#define TSS_TSPATTRIB_KEYINFO_VERSION (0x00000600) // version info as TSS + // version struct +#define TSS_TSPATTRIB_KEYINFO_CMK (0x00000680) // if true then key + // is certified + // migratable +#define TSS_TSPATTRIB_KEYINFO_KEYSTRUCT (0x00000700) // type of key struct + // used for this key + // (TPM_KEY or + // TPM_KEY12) +#define TSS_TSPATTRIB_KEYCONTROL_OWNEREVICT (0x00000780) // Get current status + // of owner evict flag + +// +// SubFlags for Flag TSS_TSPATTRIB_RSAKEY_INFO +// +#define TSS_TSPATTRIB_KEYINFO_RSA_EXPONENT (0x00001000) +#define TSS_TSPATTRIB_KEYINFO_RSA_MODULUS (0x00002000) +#define TSS_TSPATTRIB_KEYINFO_RSA_KEYSIZE (0x00003000) +#define TSS_TSPATTRIB_KEYINFO_RSA_PRIMES (0x00004000) + +// +// SubFlags for Flag TSS_TSPATTRIB_KEY_PCR +// +#define TSS_TSPATTRIB_KEYPCR_DIGEST_ATCREATION (0x00008000) +#define TSS_TSPATTRIB_KEYPCR_DIGEST_ATRELEASE (0x00010000) +#define TSS_TSPATTRIB_KEYPCR_SELECTION (0x00018000) + +// +// SubFlags for TSS_TSPATTRIB_KEY_REGISTER +// +#define TSS_TSPATTRIB_KEYREGISTER_USER (0x02000000) +#define TSS_TSPATTRIB_KEYREGISTER_SYSTEM (0x04000000) +#define TSS_TSPATTRIB_KEYREGISTER_NO (0x06000000) + +// +// SubFlags for Flag TSS_TSPATTRIB_KEY_PCR_LONG +// +#define TSS_TSPATTRIB_KEYPCRLONG_LOCALITY_ATCREATION (0x00040000) /* UINT32 */ +#define TSS_TSPATTRIB_KEYPCRLONG_LOCALITY_ATRELEASE (0x00080000) /* UINT32 */ +#define TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION (0x000C0000) /* DATA */ +#define TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION (0x00100000) /* DATA */ +#define TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION (0x00140000) /* DATA */ +#define TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE (0x00180000) /* DATA */ + +// +// SubFlags for Flag TSS_TSPATTRIB_KEY_CMKINFO +// +#define TSS_TSPATTRIB_KEYINFO_CMK_MA_APPROVAL (0x00000010) +#define TSS_TSPATTRIB_KEYINFO_CMK_MA_DIGEST (0x00000020) + + +// +// Attribute Values +// + +// +// key size definitions +// +#define TSS_KEY_SIZEVAL_512BIT (0x0200) +#define TSS_KEY_SIZEVAL_1024BIT (0x0400) +#define TSS_KEY_SIZEVAL_2048BIT (0x0800) +#define TSS_KEY_SIZEVAL_4096BIT (0x1000) +#define TSS_KEY_SIZEVAL_8192BIT (0x2000) +#define TSS_KEY_SIZEVAL_16384BIT (0x4000) + +// +// key usage definitions +// Values intentionally moved away from corresponding TPM values to avoid +// possible misuse +// +#define TSS_KEYUSAGE_BIND (0x00) +#define TSS_KEYUSAGE_IDENTITY (0x01) +#define TSS_KEYUSAGE_LEGACY (0x02) +#define TSS_KEYUSAGE_SIGN (0x03) +#define TSS_KEYUSAGE_STORAGE (0x04) +#define TSS_KEYUSAGE_AUTHCHANGE (0x05) +#define TSS_KEYUSAGE_MIGRATE (0x06) + +// +// key flag definitions +// +#define TSS_KEYFLAG_REDIRECTION (0x00000001) +#define TSS_KEYFLAG_MIGRATABLE (0x00000002) +#define TSS_KEYFLAG_VOLATILEKEY (0x00000004) +#define TSS_KEYFLAG_CERTIFIED_MIGRATABLE (0x00000008) + +// +// algorithm ID definitions +// +// This table defines the algo id's +// Values intentionally moved away from corresponding TPM values to avoid +// possible misuse +// +#define TSS_ALG_RSA (0x20) +#define TSS_ALG_DES (0x21) +#define TSS_ALG_3DES (0x22) +#define TSS_ALG_SHA (0x23) +#define TSS_ALG_HMAC (0x24) +#define TSS_ALG_AES128 (0x25) +#define TSS_ALG_AES192 (0x26) +#define TSS_ALG_AES256 (0x27) +#define TSS_ALG_XOR (0x28) +#define TSS_ALG_MGF1 (0x29) + +#define TSS_ALG_AES TSS_ALG_AES128 + +// Special values for +// Tspi_Context_GetCapability(TSS_TSPCAP_ALG) +// Tspi_Context_GetCapability(TSS_TCSCAP_ALG) +#define TSS_ALG_DEFAULT (0xfe) +#define TSS_ALG_DEFAULT_SIZE (0xff) + + +// +// key signature scheme definitions +// +#define TSS_SS_NONE (0x10) +#define TSS_SS_RSASSAPKCS1V15_SHA1 (0x11) +#define TSS_SS_RSASSAPKCS1V15_DER (0x12) +#define TSS_SS_RSASSAPKCS1V15_INFO (0x13) + +// +// key encryption scheme definitions +// +#define TSS_ES_NONE (0x10) +#define TSS_ES_RSAESPKCSV15 (0x11) +#define TSS_ES_RSAESOAEP_SHA1_MGF1 (0x12) +#define TSS_ES_SYM_CNT (0x13) +#define TSS_ES_SYM_OFB (0x14) +#define TSS_ES_SYM_CBC_PKCS5PAD (0x15) + + +// +// persistent storage registration definitions +// +#define TSS_PS_TYPE_USER (1) // Key is registered persistantly in the user + // storage database. +#define TSS_PS_TYPE_SYSTEM (2) // Key is registered persistantly in the system + // storage database. + +// +// migration scheme definitions +// Values intentionally moved away from corresponding TPM values to avoid +// possible misuse +// +#define TSS_MS_MIGRATE (0x20) +#define TSS_MS_REWRAP (0x21) +#define TSS_MS_MAINT (0x22) +#define TSS_MS_RESTRICT_MIGRATE (0x23) +#define TSS_MS_RESTRICT_APPROVE_DOUBLE (0x24) +#define TSS_MS_RESTRICT_MIGRATE_EXTERNAL (0x25) + +// +// TPM key authorization +// Values intentionally moved away from corresponding TPM values to avoid +// possible misuse +// +#define TSS_KEYAUTH_AUTH_NEVER (0x10) +#define TSS_KEYAUTH_AUTH_ALWAYS (0x11) +#define TSS_KEYAUTH_AUTH_PRIV_USE_ONLY (0x12) + + +// +// Flags for TPM status information (GetStatus and SetStatus) +// +#define TSS_TPMSTATUS_DISABLEOWNERCLEAR (0x00000001) // persistent flag +#define TSS_TPMSTATUS_DISABLEFORCECLEAR (0x00000002) // volatile flag +#define TSS_TPMSTATUS_DISABLED (0x00000003) // persistent flag +#define TSS_TPMSTATUS_DEACTIVATED (0x00000004) // volatile flag +#define TSS_TPMSTATUS_OWNERSETDISABLE (0x00000005) // persistent flag + // for SetStatus + // (disable flag) +#define TSS_TPMSTATUS_SETOWNERINSTALL (0x00000006) // persistent flag + // (ownership flag) +#define TSS_TPMSTATUS_DISABLEPUBEKREAD (0x00000007) // persistent flag +#define TSS_TPMSTATUS_ALLOWMAINTENANCE (0x00000008) // persistent flag +#define TSS_TPMSTATUS_PHYSPRES_LIFETIMELOCK (0x00000009) // persistent flag +#define TSS_TPMSTATUS_PHYSPRES_HWENABLE (0x0000000A) // persistent flag +#define TSS_TPMSTATUS_PHYSPRES_CMDENABLE (0x0000000B) // persistent flag +#define TSS_TPMSTATUS_PHYSPRES_LOCK (0x0000000C) // volatile flag +#define TSS_TPMSTATUS_PHYSPRESENCE (0x0000000D) // volatile flag +#define TSS_TPMSTATUS_PHYSICALDISABLE (0x0000000E) // persistent flag + // (SetStatus + // disable flag) +#define TSS_TPMSTATUS_CEKP_USED (0x0000000F) // persistent flag +#define TSS_TPMSTATUS_PHYSICALSETDEACTIVATED (0x00000010) // persistent flag + // (deactivated flag) +#define TSS_TPMSTATUS_SETTEMPDEACTIVATED (0x00000011) // volatile flag + // (deactivated flag) +#define TSS_TPMSTATUS_POSTINITIALISE (0x00000012) // volatile flag +#define TSS_TPMSTATUS_TPMPOST (0x00000013) // persistent flag +#define TSS_TPMSTATUS_TPMPOSTLOCK (0x00000014) // persistent flag +#define TSS_TPMSTATUS_DISABLEPUBSRKREAD (0x00000016) // persistent flag +#define TSS_TPMSTATUS_MAINTENANCEUSED (0x00000017) // persistent flag +#define TSS_TPMSTATUS_OPERATORINSTALLED (0x00000018) // persistent flag +#define TSS_TPMSTATUS_OPERATOR_INSTALLED (TSS_TPMSTATUS_OPERATORINSTALLED) +#define TSS_TPMSTATUS_FIPS (0x00000019) // persistent flag +#define TSS_TPMSTATUS_ENABLEREVOKEEK (0x0000001A) // persistent flag +#define TSS_TPMSTATUS_ENABLE_REVOKEEK (TSS_TPMSTATUS_ENABLEREVOKEEK) +#define TSS_TPMSTATUS_NV_LOCK (0x0000001B) // persistent flag +#define TSS_TPMSTATUS_TPM_ESTABLISHED (0x0000001C) // persistent flag +#define TSS_TPMSTATUS_RESETLOCK (0x0000001D) // volatile flag +#define TSS_TPMSTATUS_DISABLE_FULL_DA_LOGIC_INFO (0x0000001D) //persistent flag + + +// +// Capability flag definitions +// +// TPM capabilities +// +#define TSS_TPMCAP_ORD (0x10) +#define TSS_TPMCAP_ALG (0x11) +#define TSS_TPMCAP_FLAG (0x12) +#define TSS_TPMCAP_PROPERTY (0x13) +#define TSS_TPMCAP_VERSION (0x14) +#define TSS_TPMCAP_VERSION_VAL (0x15) +#define TSS_TPMCAP_NV_LIST (0x16) +#define TSS_TPMCAP_NV_INDEX (0x17) +#define TSS_TPMCAP_MFR (0x18) +#define TSS_TPMCAP_SYM_MODE (0x19) +#define TSS_TPMCAP_HANDLE (0x1a) +#define TSS_TPMCAP_TRANS_ES (0x1b) +#define TSS_TPMCAP_AUTH_ENCRYPT (0x1c) +#define TSS_TPMCAP_SET_PERM_FLAGS (0x1d) // cf. TPM_SET_PERM_FLAGS +#define TSS_TPMCAP_SET_VENDOR (0x1e) // cf. TPM_SET_VENDOR +#define TSS_TPMCAP_DA_LOGIC (0x1f) + +// +// Sub-Capability Flags for TSS_TPMCAP_PROPERTY +// +#define TSS_TPMCAP_PROP_PCR (0x10) +#define TSS_TPMCAP_PROP_DIR (0x11) +#define TSS_TPMCAP_PROP_MANUFACTURER (0x12) +#define TSS_TPMCAP_PROP_SLOTS (0x13) +#define TSS_TPMCAP_PROP_KEYS TSS_TPMCAP_PROP_SLOTS +#define TSS_TPMCAP_PROP_FAMILYROWS (0x14) +#define TSS_TPMCAP_PROP_DELEGATEROWS (0x15) +#define TSS_TPMCAP_PROP_OWNER (0x16) +#define TSS_TPMCAP_PROP_MAXKEYS (0x18) +#define TSS_TPMCAP_PROP_AUTHSESSIONS (0x19) +#define TSS_TPMCAP_PROP_MAXAUTHSESSIONS (0x1a) +#define TSS_TPMCAP_PROP_TRANSESSIONS (0x1b) +#define TSS_TPMCAP_PROP_MAXTRANSESSIONS (0x1c) +#define TSS_TPMCAP_PROP_SESSIONS (0x1d) +#define TSS_TPMCAP_PROP_MAXSESSIONS (0x1e) +#define TSS_TPMCAP_PROP_CONTEXTS (0x1f) +#define TSS_TPMCAP_PROP_MAXCONTEXTS (0x20) +#define TSS_TPMCAP_PROP_DAASESSIONS (0x21) +#define TSS_TPMCAP_PROP_MAXDAASESSIONS (0x22) +#define TSS_TPMCAP_PROP_DAA_INTERRUPT (0x23) +#define TSS_TPMCAP_PROP_COUNTERS (0x24) +#define TSS_TPMCAP_PROP_MAXCOUNTERS (0x25) +#define TSS_TPMCAP_PROP_ACTIVECOUNTER (0x26) +#define TSS_TPMCAP_PROP_MIN_COUNTER (0x27) +#define TSS_TPMCAP_PROP_TISTIMEOUTS (0x28) +#define TSS_TPMCAP_PROP_STARTUPEFFECTS (0x29) +#define TSS_TPMCAP_PROP_MAXCONTEXTCOUNTDIST (0x2a) +#define TSS_TPMCAP_PROP_CMKRESTRICTION (0x2b) +#define TSS_TPMCAP_PROP_DURATION (0x2c) +#define TSS_TPMCAP_PROP_MAXNVAVAILABLE (0x2d) +#define TSS_TPMCAP_PROP_INPUTBUFFERSIZE (0x2e) +#define TSS_TPMCAP_PROP_REVISION (0x2f) +#define TSS_TPMCAP_PROP_LOCALITIES_AVAIL (0x32) + +// +// Resource type flags +// Sub-Capability Flags for TSS_TPMCAP_HANDLE +// +#define TSS_RT_KEY ((UINT32)0x00000010) +#define TSS_RT_AUTH ((UINT32)0x00000020) +#define TSS_RT_TRANS ((UINT32)0x00000030) +#define TSS_RT_COUNTER ((UINT32)0x00000040) + + +// +// TSS Core Service Capabilities +// +#define TSS_TCSCAP_ALG (0x00000001) +#define TSS_TCSCAP_VERSION (0x00000002) +#define TSS_TCSCAP_CACHING (0x00000003) +#define TSS_TCSCAP_PERSSTORAGE (0x00000004) +#define TSS_TCSCAP_MANUFACTURER (0x00000005) +#define TSS_TCSCAP_PLATFORM_CLASS (0x00000006) +#define TSS_TCSCAP_TRANSPORT (0x00000007) +#define TSS_TCSCAP_PLATFORM_INFO (0x00000008) + +// +// Sub-Capability Flags TSS-CoreService-Capabilities +// +#define TSS_TCSCAP_PROP_KEYCACHE (0x00000100) +#define TSS_TCSCAP_PROP_AUTHCACHE (0x00000101) +#define TSS_TCSCAP_PROP_MANUFACTURER_STR (0x00000102) +#define TSS_TCSCAP_PROP_MANUFACTURER_ID (0x00000103) +#define TSS_TCSCAP_PLATFORM_VERSION (0x00001100) +#define TSS_TCSCAP_PLATFORM_TYPE (0x00001101) +#define TSS_TCSCAP_TRANS_EXCLUSIVE (0x00002100) +#define TSS_TCSCAP_PROP_HOST_PLATFORM (0x00003001) +#define TSS_TCSCAP_PROP_ALL_PLATFORMS (0x00003002) + +// +// TSS Service Provider Capabilities +// +#define TSS_TSPCAP_ALG (0x00000010) +#define TSS_TSPCAP_VERSION (0x00000011) +#define TSS_TSPCAP_PERSSTORAGE (0x00000012) +#define TSS_TSPCAP_MANUFACTURER (0x00000013) +#define TSS_TSPCAP_RETURNVALUE_INFO (0x00000015) +#define TSS_TSPCAP_PLATFORM_INFO (0x00000016) + +// Sub-Capability Flags for TSS_TSPCAP_MANUFACTURER +// +#define TSS_TSPCAP_PROP_MANUFACTURER_STR (0x00000102) +#define TSS_TSPCAP_PROP_MANUFACTURER_ID (0x00000103) + +// Sub-Capability Flags for TSS_TSPCAP_PLATFORM_INFO +// +#define TSS_TSPCAP_PLATFORM_TYPE (0x00000201) +#define TSS_TSPCAP_PLATFORM_VERSION (0x00000202) + + + +// Sub-Capability Flags for TSS_TSPCAP_RETURNVALUE_INFO +// +#define TSS_TSPCAP_PROP_RETURNVALUE_INFO (0x00000201) + +// +// Event type definitions +// +#define TSS_EV_CODE_CERT (0x00000001) +#define TSS_EV_CODE_NOCERT (0x00000002) +#define TSS_EV_XML_CONFIG (0x00000003) +#define TSS_EV_NO_ACTION (0x00000004) +#define TSS_EV_SEPARATOR (0x00000005) +#define TSS_EV_ACTION (0x00000006) +#define TSS_EV_PLATFORM_SPECIFIC (0x00000007) + + +// +// TSP random number limits +// +#define TSS_TSPCAP_RANDOMLIMIT (0x00001000) // Errata: Missing from spec + +// +// UUIDs +// +// Errata: This are not in the spec +#define TSS_UUID_SRK {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 1}} // Storage root key +#define TSS_UUID_SK {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 2}} // System key +#define TSS_UUID_RK {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 3}} // roaming key +#define TSS_UUID_CRK {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 8}} // CMK roaming key +#define TSS_UUID_USK1 {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 4}} // user storage key 1 +#define TSS_UUID_USK2 {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 5}} // user storage key 2 +#define TSS_UUID_USK3 {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 6}} // user storage key 3 +#define TSS_UUID_USK4 {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 7}} // user storage key 4 +#define TSS_UUID_USK5 {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 9}} // user storage key 5 +#define TSS_UUID_USK6 {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 10}}// user storage key 6 + +// macro to derive UUIDs for keys whose "OwnerEvict" key is set. +#define TSS_UUID_OWNEREVICT(i) {0, 0, 0, 0, 0, {0, 0, 0, 0, 1, (i)}} + + +// +// TPM well-known secret +// +#define TSS_WELL_KNOWN_SECRET \ + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} + + +// Values for the "direction" parameters in the Tspi_PcrComposite_XX functions. +#define TSS_PCRS_DIRECTION_CREATION ((UINT32)1) +#define TSS_PCRS_DIRECTION_RELEASE ((UINT32)2) + + +// +// TSS blob version definition for ASN.1 blobs +// +#define TSS_BLOB_STRUCT_VERSION 0x01 + +// +// TSS blob type definitions for ASN.1 blobs +// +#define TSS_BLOB_TYPE_KEY 0x01 +#define TSS_BLOB_TYPE_PUBKEY 0x02 +#define TSS_BLOB_TYPE_MIGKEY 0x03 +#define TSS_BLOB_TYPE_SEALEDDATA 0x04 +#define TSS_BLOB_TYPE_BOUNDDATA 0x05 +#define TSS_BLOB_TYPE_MIGTICKET 0x06 +#define TSS_BLOB_TYPE_PRIVATEKEY 0x07 +#define TSS_BLOB_TYPE_PRIVATEKEY_MOD1 0x08 +#define TSS_BLOB_TYPE_RANDOM_XOR 0x09 +#define TSS_BLOB_TYPE_CERTIFY_INFO 0x0A +#define TSS_BLOB_TYPE_KEY_1_2 0x0B +#define TSS_BLOB_TYPE_CERTIFY_INFO_2 0x0C +#define TSS_BLOB_TYPE_CMK_MIG_KEY 0x0D +#define TSS_BLOB_TYPE_CMK_BYTE_STREAM 0x0E + + + +// +// Values for TPM_CMK_DELEGATE bitmasks +// For now these are exactly the same values as the corresponding +// TPM_CMK_DELEGATE_* bitmasks. +// +#define TSS_CMK_DELEGATE_SIGNING (((UINT32)1)<<31) +#define TSS_CMK_DELEGATE_STORAGE (((UINT32)1)<<30) +#define TSS_CMK_DELEGATE_BIND (((UINT32)1)<<29) +#define TSS_CMK_DELEGATE_LEGACY (((UINT32)1)<<28) +#define TSS_CMK_DELEGATE_MIGRATE (((UINT32)1)<<27) + + +// +// Constants for DAA +// +#define TSS_DAA_LENGTH_N 256 // Length of the RSA Modulus (2048 bits) +#define TSS_DAA_LENGTH_F 13 // Length of the f_i's (information encoded into the certificate, 104 bits) +#define TSS_DAA_LENGTH_E 46 // Length of the e's (exponents, part of certificate, 386 bits) +#define TSS_DAA_LENGTH_E_PRIME 15 // Length of the interval the e's are chosen from (120 bits) +#define TSS_DAA_LENGTH_V 317 // Length of the v's (random value, part of certificate, 2536 bits) +#define TSS_DAA_LENGTH_SAFETY 10 // Length of the security parameter controlling the statistical zero-knowledge property (80 bits) +#define TSS_DAA_LENGTH_HASH TPM_SHA1_160_HASH_LEN // Length of the output of the hash function SHA-1 used for the Fiat-Shamir heuristic(160 bits) +#define TSS_DAA_LENGTH_S 128 // Length of the split large exponent for easier computations on the TPM (1024 bits) +#define TSS_DAA_LENGTH_GAMMA 204 // Length of the modulus 'Gamma' (1632 bits) +#define TSS_DAA_LENGTH_RHO 26 // Length of the order 'rho' of the sub group of Z*_Gamma that is used for roggue tagging (208 bits) +#define TSS_DAA_LENGTH_MFG1_GAMMA 214 // Length of the output of MGF1 in conjunction with the modulus Gamma (1712 bits) +#define TSS_DAA_LENGTH_MGF1_AR 25 // Length of the output of MGF1 used for anonymity revocation (200 bits) + + +#endif // __TSS_DEFINES_H__ diff --git a/src/include/tss/tss_error.h b/src/include/tss/tss_error.h new file mode 100644 index 0000000..3330a9b --- /dev/null +++ b/src/include/tss/tss_error.h @@ -0,0 +1,687 @@ +/*++ + +TSS error return codes + +--*/ + +#ifndef __TSS_ERROR_H__ +#define __TSS_ERROR_H__ + +#include + +// +// error coding scheme for a Microsoft Windows platform - +// refer to the TSS Specification Parts +// +// Values are 32 bit values layed out as follows: +// +// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 +// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 +// +---+-+-+-----------------------+-------+-----------------------+ +// |Lev|C|R| Facility | Layer | Code | +// +---+-+-+-----------------------+-------+-----------------------+ +// | Platform specific coding | TSS error coding system | +// +---+-+-+-----------------------+-------+-----------------------+ +// +// Lev - is the Level code +// +// 00 - Success +// 01 - Informational +// 10 - Warning +// 11 - Error +// +// C - is the Customer code flag (must actually be set) +// +// R - is a reserved bit (unused) +// +// Facility - is the facility code: TCPA: proposal 0x028 +// +// Code - is the facility's status code +// + +// +// definitions for the code level information +// +#define TSS_LEVEL_SUCCESS 0x00 // code level success +#define TSS_LEVEL_INFO 0x40000000L // code level information +#define TSS_LEVEL_WARNING 0x80000000L // code level warning +#define TSS_LEVEL_ERROR 0xC0000000L // code level error + +// +// some defines for the platform specific information +// +#define FACILITY_TSS 0x28L // facility number for TCPA return codes +#define FACILITY_TSS_CODEPOS (FACILITY_TSS << 16) // shift the facility info to the code + // position + +#define TSS_CUSTOM_CODEFLAG 0x20000000L // bit position for the custom flag in + // return code + +// +// +// TSS error return codes +// +// +#ifndef TSS_E_BASE +#define TSS_E_BASE 0x00000000L +#endif // TSS_E_BASE +#ifndef TSS_W_BASE +#define TSS_W_BASE 0x00000000L +#endif // TSS_W_BASE +#ifndef TSS_I_BASE +#define TSS_I_BASE 0x00000000L +#endif // TSS_I_BASE + +// +// basic error return codes common to all TSS Service Provider Interface methods +// and returned by all TSS SW stack components +// + +// +// MessageId: TSS_SUCCESS +// +// MessageText: +// +// Successful completion of the operation. +// +#define TSS_SUCCESS (UINT32)(0x00000000L) + +// +// MessageId: TSS_E_FAIL +// +// MessageText: +// +// An internal error has been detected, but the source is unknown. +// +#define TSS_E_FAIL (UINT32)(TSS_E_BASE + 0x002L) + +// +// MessageId: TSS_E_BAD_PARAMETER +// +// MessageText: +// +// One or more parameter is bad. +// +#define TSS_E_BAD_PARAMETER (UINT32)(TSS_E_BASE + 0x003L) + +// +// MessageId: TSS_E_INTERNAL_ERROR +// +// MessageText: +// +// An internal SW error has been detected. +// +#define TSS_E_INTERNAL_ERROR (UINT32)(TSS_E_BASE + 0x004L) + +// +// MessageId: TSS_E_OUTOFMEMORY +// +// MessageText: +// +// Ran out of memory. +// +#define TSS_E_OUTOFMEMORY (UINT32)(TSS_E_BASE + 0x005L) + +// +// MessageId: TSS_E_NOTIMPL +// +// MessageText: +// +// Not implemented. +// +#define TSS_E_NOTIMPL (UINT32)(TSS_E_BASE + 0x006L) + +// +// MessageId: TSS_E_KEY_ALREADY_REGISTERED +// +// MessageText: +// +// Key is already registered +// +#define TSS_E_KEY_ALREADY_REGISTERED (UINT32)(TSS_E_BASE + 0x008L) + + +// +// MessageId: TSS_E_TPM_UNEXPECTED +// +// MessageText: +// +// An unexpected TPM error has occurred. +// +#define TSS_E_TPM_UNEXPECTED (UINT32)(TSS_E_BASE + 0x010L) + +// +// MessageId: TSS_E_COMM_FAILURE +// +// MessageText: +// +// A communications error with the TPM has been detected. +// +#define TSS_E_COMM_FAILURE (UINT32)(TSS_E_BASE + 0x011L) + +// +// MessageId: TSS_E_TIMEOUT +// +// MessageText: +// +// The operation has timed out. +// +#define TSS_E_TIMEOUT (UINT32)(TSS_E_BASE + 0x012L) + +// +// MessageId: TSS_E_TPM_UNSUPPORTED_FEATURE +// +// MessageText: +// +// The TPM does not support the requested feature. +// +#define TSS_E_TPM_UNSUPPORTED_FEATURE (UINT32)(TSS_E_BASE + 0x014L) + +// +// MessageId: TSS_E_CANCELED +// +// MessageText: +// +// The action was canceled by request. +// +#define TSS_E_CANCELED (UINT32)(TSS_E_BASE + 0x016L) + +// +// MessageId: TSS_E_PS_KEY_NOTFOUND +// +// MessageText: +// +// The key cannot be found in the persistent storage database. +// +#define TSS_E_PS_KEY_NOTFOUND (UINT32)(TSS_E_BASE + 0x020L) +// +// MessageId: TSS_E_PS_KEY_EXISTS +// +// MessageText: +// +// The key already exists in the persistent storage database. +// +#define TSS_E_PS_KEY_EXISTS (UINT32)(TSS_E_BASE + 0x021L) + +// +// MessageId: TSS_E_PS_BAD_KEY_STATE +// +// MessageText: +// +// The key data set not valid in the persistent storage database. +// +#define TSS_E_PS_BAD_KEY_STATE (UINT32)(TSS_E_BASE + 0x022L) + + +// +// error codes returned by specific TSS Service Provider Interface methods +// offset TSS_TSPI_OFFSET +// + +// +// MessageId: TSS_E_INVALID_OBJECT_TYPE +// +// MessageText: +// +// Object type not valid for this operation. +// +#define TSS_E_INVALID_OBJECT_TYPE (UINT32)(TSS_E_BASE + 0x101L) + +// +// MessageId: TSS_E_NO_CONNECTION +// +// MessageText: +// +// Core Service connection doesn't exist. +// +#define TSS_E_NO_CONNECTION (UINT32)(TSS_E_BASE + 0x102L) + +// +// MessageId: TSS_E_CONNECTION_FAILED +// +// MessageText: +// +// Core Service connection failed. +// +#define TSS_E_CONNECTION_FAILED (UINT32)(TSS_E_BASE + 0x103L) + +// +// MessageId: TSS_E_CONNECTION_BROKEN +// +// MessageText: +// +// Communication with Core Service failed. +// +#define TSS_E_CONNECTION_BROKEN (UINT32)(TSS_E_BASE + 0x104L) + +// +// MessageId: TSS_E_HASH_INVALID_ALG +// +// MessageText: +// +// Invalid hash algorithm. +// +#define TSS_E_HASH_INVALID_ALG (UINT32)(TSS_E_BASE + 0x105L) + +// +// MessageId: TSS_E_HASH_INVALID_LENGTH +// +// MessageText: +// +// Hash length is inconsistent with hash algorithm. +// +#define TSS_E_HASH_INVALID_LENGTH (UINT32)(TSS_E_BASE + 0x106L) + +// +// MessageId: TSS_E_HASH_NO_DATA +// +// MessageText: +// +// Hash object has no internal hash value. +// +#define TSS_E_HASH_NO_DATA (UINT32)(TSS_E_BASE + 0x107L) + + +// +// MessageId: TSS_E_INVALID_ATTRIB_FLAG +// +// MessageText: +// +// Flag value for attrib-functions inconsistent. +// +#define TSS_E_INVALID_ATTRIB_FLAG (UINT32)(TSS_E_BASE + 0x109L) + +// +// MessageId: TSS_E_INVALID_ATTRIB_SUBFLAG +// +// MessageText: +// +// Subflag value for attrib-functions inconsistent. +// +#define TSS_E_INVALID_ATTRIB_SUBFLAG (UINT32)(TSS_E_BASE + 0x10AL) + +// +// MessageId: TSS_E_INVALID_ATTRIB_DATA +// +// MessageText: +// +// Data for attrib-functions invalid. +// +#define TSS_E_INVALID_ATTRIB_DATA (UINT32)(TSS_E_BASE + 0x10BL) + +// +// MessageId: TSS_E_INVALID_OBJECT_INITFLAG +// +// MessageText: +// +// Wrong flag information for object creation. +// +// The alternate spelling is supported to be compatible with a typo +// in the 1.1b header files. +// +#define TSS_E_INVALID_OBJECT_INIT_FLAG (UINT32)(TSS_E_BASE + 0x10CL) +#define TSS_E_INVALID_OBJECT_INITFLAG TSS_E_INVALID_OBJECT_INIT_FLAG + +// +// MessageId: TSS_E_NO_PCRS_SET +// +// MessageText: +// +// No PCR register are selected or set. +// +#define TSS_E_NO_PCRS_SET (UINT32)(TSS_E_BASE + 0x10DL) + +// +// MessageId: TSS_E_KEY_NOT_LOADED +// +// MessageText: +// +// The addressed key is currently not loaded. +// +#define TSS_E_KEY_NOT_LOADED (UINT32)(TSS_E_BASE + 0x10EL) + +// +// MessageId: TSS_E_KEY_NOT_SET +// +// MessageText: +// +// No key information is currently available. +// +#define TSS_E_KEY_NOT_SET (UINT32)(TSS_E_BASE + 0x10FL) + +// +// MessageId: TSS_E_VALIDATION_FAILED +// +// MessageText: +// +// Internal validation of data failed. +// +#define TSS_E_VALIDATION_FAILED (UINT32)(TSS_E_BASE + 0x110L) + +// +// MessageId: TSS_E_TSP_AUTHREQUIRED +// +// MessageText: +// +// Authorization is required. +// +#define TSS_E_TSP_AUTHREQUIRED (UINT32)(TSS_E_BASE + 0x111L) + +// +// MessageId: TSS_E_TSP_AUTH2REQUIRED +// +// MessageText: +// +// Multiple authorization is required. +// +#define TSS_E_TSP_AUTH2REQUIRED (UINT32)(TSS_E_BASE + 0x112L) + +// +// MessageId: TSS_E_TSP_AUTHFAIL +// +// MessageText: +// +// Authorization failed. +// +#define TSS_E_TSP_AUTHFAIL (UINT32)(TSS_E_BASE + 0x113L) + +// +// MessageId: TSS_E_TSP_AUTH2FAIL +// +// MessageText: +// +// Multiple authorization failed. +// +#define TSS_E_TSP_AUTH2FAIL (UINT32)(TSS_E_BASE + 0x114L) + +// +// MessageId: TSS_E_KEY_NO_MIGRATION_POLICY +// +// MessageText: +// +// There's no migration policy object set for the addressed key. +// +#define TSS_E_KEY_NO_MIGRATION_POLICY (UINT32)(TSS_E_BASE + 0x115L) + +// +// MessageId: TSS_E_POLICY_NO_SECRET +// +// MessageText: +// +// No secret information is currently available for the addressed policy object. +// +#define TSS_E_POLICY_NO_SECRET (UINT32)(TSS_E_BASE + 0x116L) + +// +// MessageId: TSS_E_INVALID_OBJ_ACCESS +// +// MessageText: +// +// The operation failed due to an invalid object status. +// +#define TSS_E_INVALID_OBJ_ACCESS (UINT32)(TSS_E_BASE + 0x117L) + +// +// MessageId: TSS_E_INVALID_ENCSCHEME +// +// MessageText: +// +// +// +#define TSS_E_INVALID_ENCSCHEME (UINT32)(TSS_E_BASE + 0x118L) + + +// +// MessageId: TSS_E_INVALID_SIGSCHEME +// +// MessageText: +// +// +// +#define TSS_E_INVALID_SIGSCHEME (UINT32)(TSS_E_BASE + 0x119L) + +// +// MessageId: TSS_E_ENC_INVALID_LENGTH +// +// MessageText: +// +// +// +#define TSS_E_ENC_INVALID_LENGTH (UINT32)(TSS_E_BASE + 0x120L) + + +// +// MessageId: TSS_E_ENC_NO_DATA +// +// MessageText: +// +// +// +#define TSS_E_ENC_NO_DATA (UINT32)(TSS_E_BASE + 0x121L) + +// +// MessageId: TSS_E_ENC_INVALID_TYPE +// +// MessageText: +// +// +// +#define TSS_E_ENC_INVALID_TYPE (UINT32)(TSS_E_BASE + 0x122L) + + +// +// MessageId: TSS_E_INVALID_KEYUSAGE +// +// MessageText: +// +// +// +#define TSS_E_INVALID_KEYUSAGE (UINT32)(TSS_E_BASE + 0x123L) + +// +// MessageId: TSS_E_VERIFICATION_FAILED +// +// MessageText: +// +// +// +#define TSS_E_VERIFICATION_FAILED (UINT32)(TSS_E_BASE + 0x124L) + +// +// MessageId: TSS_E_HASH_NO_IDENTIFIER +// +// MessageText: +// +// Hash algorithm identifier not set. +// +#define TSS_E_HASH_NO_IDENTIFIER (UINT32)(TSS_E_BASE + 0x125L) + +// +// MessageId: TSS_E_INVALID_HANDLE +// +// MessageText: +// +// An invalid handle +// +#define TSS_E_INVALID_HANDLE (UINT32)(TSS_E_BASE + 0x126L) + +// +// MessageId: TSS_E_SILENT_CONTEXT +// +// MessageText: +// +// A silent context requires user input +// +#define TSS_E_SILENT_CONTEXT (UINT32)(TSS_E_BASE + 0x127L) + +// +// MessageId: TSS_E_EK_CHECKSUM +// +// MessageText: +// +// TSP is instructed to verify the EK checksum and it does not verify. +// +#define TSS_E_EK_CHECKSUM (UINT32)(TSS_E_BASE + 0x128L) + + +// +// MessageId: TSS_E_DELGATION_NOTSET +// +// MessageText: +// +// The Policy object does not have a delegation blob set. +// +#define TSS_E_DELEGATION_NOTSET (UINT32)(TSS_E_BASE + 0x129L) + +// +// MessageId: TSS_E_DELFAMILY_NOTFOUND +// +// MessageText: +// +// The specified delegation family was not found +// +#define TSS_E_DELFAMILY_NOTFOUND (UINT32)(TSS_E_BASE + 0x130L) + +// +// MessageId: TSS_E_DELFAMILY_ROWEXISTS +// +// MessageText: +// +// The specified delegation family table row is already in use and +// the command flags does not allow the TSS to overwrite the existing +// entry. +// +#define TSS_E_DELFAMILY_ROWEXISTS (UINT32)(TSS_E_BASE + 0x131L) + +// +// MessageId: TSS_E_VERSION_MISMATCH +// +// MessageText: +// +// The specified delegation family table row is already in use and +// the command flags does not allow the TSS to overwrite the existing +// entry. +// +#define TSS_E_VERSION_MISMATCH (UINT32)(TSS_E_BASE + 0x132L) + +// +// MessageId: TSS_E_DAA_AR_DECRYPTION_ERROR +// +// Decryption of the encrypted pseudonym has failed, due to +// either a wrong secret key or a wrong decryption condition. +// +#define TSS_E_DAA_AR_DECRYPTION_ERROR (UINT32)(TSS_E_BASE + 0x133L) + +// +// MessageId: TSS_E_DAA_AUTHENTICATION_ERROR +// +// The TPM could not be authenticated by the DAA Issuer. +// +#define TSS_E_DAA_AUTHENTICATION_ERROR (UINT32)(TSS_E_BASE + 0x134L) + +// +// MessageId: TSS_E_DAA_CHALLENGE_RESPONSE_ERROR +// +// DAA Challenge response error. +// +#define TSS_E_DAA_CHALLENGE_RESPONSE_ERROR (UINT32)(TSS_E_BASE + 0x135L) + +// +// MessageId: TSS_E_DAA_CREDENTIAL_PROOF_ERROR +// +// Verification of the credential TSS_DAA_CRED_ISSUER issued by +// the DAA Issuer has failed. +// +#define TSS_E_DAA_CREDENTIAL_PROOF_ERROR (UINT32)(TSS_E_BASE + 0x136L) + +// +// MessageId: TSS_E_DAA_CREDENTIAL_REQUEST_PROOF_ERROR +// +// Verification of the platform's credential request +// TSS_DAA_CREDENTIAL_REQUEST has failed. +// +#define TSS_E_DAA_CREDENTIAL_REQUEST_PROOF_ERROR (UINT32)(TSS_E_BASE + 0x137L) + +// +// MessageId: TSS_E_DAA_ISSUER_KEY_ERROR +// +// DAA Issuer's authentication key chain could not be verified or +// is not correct. +// +#define TSS_E_DAA_ISSUER_KEY_ERROR (UINT32)(TSS_E_BASE + 0x138L) + +// +// MessageId: TSS_E_DAA_PSEUDONYM_ERROR +// +// While verifying the pseudonym of the TPM, the private key of the +// TPM was found on the rogue list. +// +#define TSS_E_DAA_PSEUDONYM_ERROR (UINT32)(TSS_E_BASE + 0x139L) + +// +// MessageId: TSS_E_INVALID_RESOURCE +// +// Pointer to memory wrong. +// +#define TSS_E_INVALID_RESOURCE (UINT32)(TSS_E_BASE + 0x13AL) + +// +// MessageId: TSS_E_NV_AREA_EXIST +// +// The NV area referenced already exists +// +#define TSS_E_NV_AREA_EXIST (UINT32)(TSS_E_BASE + 0x13BL) + +// +// MessageId: TSS_E_NV_AREA_NOT_EXIST +// +// The NV area referenced doesn't exist +// +#define TSS_E_NV_AREA_NOT_EXIST (UINT32)(TSS_E_BASE + 0x13CL) + +// +// MessageId: TSS_E_TSP_TRANS_AUTHFAIL +// +// The transport session authorization failed +// +#define TSS_E_TSP_TRANS_AUTHFAIL (UINT32)(TSS_E_BASE + 0x13DL) + +// +// MessageId: TSS_E_TSP_TRANS_AUTHREQUIRED +// +// Authorization for transport is required +// +#define TSS_E_TSP_TRANS_AUTHREQUIRED (UINT32)(TSS_E_BASE + 0x13EL) + +// +// MessageId: TSS_E_TSP_TRANS_NOT_EXCLUSIVE +// +// A command was executed outside of an exclusive transport session. +// +#define TSS_E_TSP_TRANS_NOTEXCLUSIVE (UINT32)(TSS_E_BASE + 0x13FL) + +// +// MessageId: TSS_E_TSP_TRANS_FAIL +// +// Generic transport protection error. +// +#define TSS_E_TSP_TRANS_FAIL (UINT32)(TSS_E_BASE + 0x140L) + +// +// MessageId: TSS_E_TSP_TRANS_NO_PUBKEY +// +// A command could not be executed through a logged transport session +// because the command used a key and the key's public key is not +// known to the TSP. +// +#define TSS_E_TSP_TRANS_NO_PUBKEY (UINT32)(TSS_E_BASE + 0x141L) + +// +// MessageId: TSS_E_NO_ACTIVE_COUNTER +// +// The TPM active counter has not been set yet. +// +#define TSS_E_NO_ACTIVE_COUNTER (UINT32)(TSS_E_BASE + 0x142L) + + +#endif // __TSS_ERROR_H__ diff --git a/src/include/tss/tss_error_basics.h b/src/include/tss/tss_error_basics.h new file mode 100644 index 0000000..b9e965c --- /dev/null +++ b/src/include/tss/tss_error_basics.h @@ -0,0 +1,59 @@ +/*++ + +Basic defines for TSS error return codes + +--*/ + +#ifndef __TSS_ERROR_BASICS_H__ +#define __TSS_ERROR_BASICS_H__ + + +// +// definitions for the various TSS-SW layers +// +#ifndef TSS_LAYER_TPM +#define TSS_LAYER_TPM 0x0000L // definition for TPM layer +#endif // TSS_LAYER_TPM + +#define TSS_LAYER_TDDL 0x1000L // definition for TDDL layer +#define TSS_LAYER_TCS 0x2000L // definition for TCS layer + +#ifndef TSS_LAYER_TSP +#define TSS_LAYER_TSP 0x3000L // definition for TSP layer +#endif // TSS_LAYER_TSP + + +// +// definitions for the start points of layer specific error codes +// +#ifndef TSS_COMMON_OFFSET +#define TSS_COMMON_OFFSET 0x000L +#endif // TSS_COMMON_OFFSET + +#define TSS_TDDL_OFFSET 0x080L +#define TSS_TCSI_OFFSET 0x0C0L + +#ifndef TSS_TSPI_OFFSET +#define TSS_TSPI_OFFSET 0x100L +#endif // TSS_TSPI_OFFSET + +#ifndef TSS_VENDOR_OFFSET +#define TSS_VENDOR_OFFSET 0x800L +#endif // TSS_VENDOR_OFFSET + +// do not exceed TSS_MAX_ERROR for vendor specific code values: +#ifndef TSS_MAX_ERROR +#define TSS_MAX_ERROR 0xFFFL +#endif // TSS_MAX_ERROR + + +/* Macros for the construction and interpretation of error codes */ +#define TPM_ERROR(code) (code) +#define TDDL_ERROR(code) ((code) ? (TSS_LAYER_TDDL | (code)) : (code)) +#define TCS_ERROR(code) ((code) ? (TSS_LAYER_TCS | (code)) : (code)) +#define TSP_ERROR(code) ((code) ? (TSS_LAYER_TSP | (code)) : (code)) +#define ERROR_LAYER(error) ((error) & 0xf000) +#define ERROR_CODE(error) ((error) & 0x0fff) + +#endif // __TSS_ERROR_BASICS_H__ + diff --git a/src/include/tss/tss_structs.h b/src/include/tss/tss_structs.h new file mode 100644 index 0000000..fa4c4b3 --- /dev/null +++ b/src/include/tss/tss_structs.h @@ -0,0 +1,653 @@ +/*++ + +TSS structures for TSS + +*/ + +#ifndef __TSS_STRUCTS_H__ +#define __TSS_STRUCTS_H__ + +#include +#include +#include + +typedef struct tdTSS_VERSION +{ + BYTE bMajor; + BYTE bMinor; + BYTE bRevMajor; + BYTE bRevMinor; +} TSS_VERSION; + +typedef struct tdTSS_PCR_EVENT +{ + TSS_VERSION versionInfo; + UINT32 ulPcrIndex; + TSS_EVENTTYPE eventType; + UINT32 ulPcrValueLength; +#ifdef __midl + [size_is(ulPcrValueLength)] +#endif + BYTE* rgbPcrValue; + UINT32 ulEventLength; +#ifdef __midl + [size_is(ulEventLength)] +#endif + BYTE* rgbEvent; +} TSS_PCR_EVENT; + + +typedef struct tdTSS_EVENT_CERT +{ + TSS_VERSION versionInfo; + UINT32 ulCertificateHashLength; +#ifdef __midl + [size_is(ulCertificateHashLength)] +#endif + BYTE* rgbCertificateHash; + UINT32 ulEntityDigestLength; +#ifdef __midl + [size_is(ulEntityDigestLength)] +#endif + BYTE* rgbentityDigest; + TSS_BOOL fDigestChecked; + TSS_BOOL fDigestVerified; + UINT32 ulIssuerLength; +#ifdef __midl + [size_is(ulIssuerLength)] +#endif + BYTE* rgbIssuer; +} TSS_EVENT_CERT; + +typedef struct tdTSS_UUID +{ + UINT32 ulTimeLow; + UINT16 usTimeMid; + UINT16 usTimeHigh; + BYTE bClockSeqHigh; + BYTE bClockSeqLow; + BYTE rgbNode[6]; +} TSS_UUID; + +typedef struct tdTSS_KM_KEYINFO +{ + TSS_VERSION versionInfo; + TSS_UUID keyUUID; + TSS_UUID parentKeyUUID; + BYTE bAuthDataUsage; // whether auth is needed to load child keys + TSS_BOOL fIsLoaded; // TRUE: actually loaded in TPM + UINT32 ulVendorDataLength; // may be 0 +#ifdef __midl + [size_is(ulVendorDataLength)] +#endif + BYTE *rgbVendorData; // may be NULL +} TSS_KM_KEYINFO; + + +typedef struct tdTSS_KM_KEYINFO2 +{ + TSS_VERSION versionInfo; + TSS_UUID keyUUID; + TSS_UUID parentKeyUUID; + BYTE bAuthDataUsage; // whether auth is needed to load child keys + TSS_FLAG persistentStorageType; + TSS_FLAG persistentStorageTypeParent; + TSS_BOOL fIsLoaded; // TRUE: actually loaded in TPM + UINT32 ulVendorDataLength; // may be 0 +#ifdef __midl + [size_is(ulVendorDataLength)] +#endif + BYTE *rgbVendorData; // may be NULL +} TSS_KM_KEYINFO2; + + +typedef struct tdTSS_NONCE +{ + BYTE nonce[TPM_SHA1BASED_NONCE_LEN]; +} TSS_NONCE; + + +typedef struct tdTSS_VALIDATION +{ + TSS_VERSION versionInfo; + UINT32 ulExternalDataLength; +#ifdef __midl + [size_is(ulExternalDataLength)] +#endif + BYTE* rgbExternalData; + UINT32 ulDataLength; +#ifdef __midl + [size_is(ulDataLength)] +#endif + BYTE* rgbData; + UINT32 ulValidationDataLength; +#ifdef __midl + [size_is(ulValidationDataLength)] +#endif + BYTE* rgbValidationData; +} TSS_VALIDATION; + + +typedef struct tdTSS_CALLBACK +{ + PVOID callback; + PVOID appData; + TSS_ALGORITHM_ID alg; +} TSS_CALLBACK; + + +typedef struct tdTSS_DAA_PK +{ + TSS_VERSION versionInfo; + UINT32 modulusLength; +#ifdef __midl + [size_is(modulusLength)] +#endif + BYTE* modulus; + UINT32 capitalSLength; +#ifdef __midl + [size_is(capitalSLength)] +#endif + BYTE* capitalS; + UINT32 capitalZLength; +#ifdef __midl + [size_is(capitalZLength)] +#endif + BYTE* capitalZ; + UINT32 capitalR0Length; +#ifdef __midl + [size_is(capitalR0Length)] +#endif + BYTE* capitalR0; + UINT32 capitalR1Length; +#ifdef __midl + [size_is(capitalR1Length)] +#endif + BYTE* capitalR1; + UINT32 gammaLength; +#ifdef __midl + [size_is(gammaLength)] +#endif + BYTE* gamma; + UINT32 capitalGammaLength; +#ifdef __midl + [size_is(capitalGammaLength)] +#endif + BYTE* capitalGamma; + UINT32 rhoLength; +#ifdef __midl + [size_is(rhoLength)] +#endif + BYTE* rho; + UINT32 capitalYLength; // Length of first dimenstion + UINT32 capitalYLength2; // Length of second dimension +#ifdef __midl + [size_is(capitalYLength,capitalYLength2)] +#endif + BYTE** capitalY; + UINT32 capitalYPlatformLength; + UINT32 issuerBaseNameLength; +#ifdef __midl + [size_is(issuerBaseName)] +#endif + BYTE* issuerBaseName; + UINT32 numPlatformAttributes; + UINT32 numIssuerAttributes; +} TSS_DAA_PK; + +typedef struct tdTSS_DAA_PK_PROOF +{ + TSS_VERSION versionInfo; + UINT32 challengeLength; +#ifdef __midl + [size_is(challengeLength)] +#endif + BYTE* challenge; + UINT32 responseLength; // Length of first dimension + UINT32 responseLength2; // Length of second dimension +#ifdef __midl + [size_is(responseLength,responseLength2)] +#endif + BYTE** response; +} TSS_DAA_PK_PROOF; + +typedef struct tdTSS_DAA_SK +{ + TSS_VERSION versionInfo; + UINT32 productPQprimeLength; +#ifdef __midl + [size_is(productPQprimeLength)] +#endif + BYTE* productPQprime; +} TSS_DAA_SK; + + +typedef struct tdTSS_DAA_KEY_PAIR +{ + TSS_VERSION versionInfo; + TSS_DAA_SK secretKey; + TSS_DAA_PK publicKey; +} TSS_DAA_KEY_PAIR; + +typedef struct tdTSS_DAA_AR_PK +{ + TSS_VERSION versionInfo; + UINT32 etaLength; +#ifdef __midl + [size_is(etaLength)] +#endif + BYTE* eta; + UINT32 lambda1Length; +#ifdef __midl + [size_is(lambda1Length)] +#endif + BYTE* lambda1; + UINT32 lambda2Length; +#ifdef __midl + [size_is(lambda2Length)] +#endif + BYTE* lambda2; + UINT32 lambda3Length; +#ifdef __midl + [size_is(lambda3Length)] +#endif + BYTE* lambda3; +} TSS_DAA_AR_PK; + +typedef struct tdTSS_DAA_AR_SK +{ + TSS_VERSION versionInfo; + UINT32 x0Length; +#ifdef __midl + [size_is(x0Length)] +#endif + BYTE* x0; + UINT32 x1Length; +#ifdef __midl + [size_is(x1Length)] +#endif + BYTE* x1; + UINT32 x2Length; +#ifdef __midl + [size_is(x2Length)] +#endif + BYTE* x2; + UINT32 x3Length; +#ifdef __midl + [size_is(x3Length)] +#endif + BYTE* x3; + UINT32 x4Length; +#ifdef __midl + [size_is(x4Length)] +#endif + BYTE* x4; + UINT32 x5Length; +#ifdef __midl + [size_is(x5Length)] +#endif + BYTE* x5; +} TSS_DAA_AR_SK; + +typedef struct tdTSS_DAA_AR_KEY_PAIR +{ + TSS_VERSION versionInfo; + TSS_DAA_AR_SK secretKey; + TSS_DAA_AR_PK publicKey; +} TSS_DAA_AR_KEY_PAIR; + +typedef struct tdTSS_DAA_CRED_ISSUER +{ + TSS_VERSION versionInfo; + UINT32 capitalALength; +#ifdef __midl + [size_is(capitalALength)] +#endif + BYTE* capitalA; + UINT32 eLength; +#ifdef __midl + [size_is(eLength)] +#endif + BYTE* e; + UINT32 vPrimePrimeLength; +#ifdef __midl + [size_is(vPrimePrimeLength)] +#endif + BYTE* vPrimePrime; + UINT32 attributesIssuerLength; // Length of first dimension + UINT32 attributesIssuerLength2; // Length of second dimension +#ifdef __midl + [size_is(attributesIssuerLength,attributesIssuerLength2)] +#endif + BYTE** attributesIssuer; + UINT32 cPrimeLength; +#ifdef __midl + [size_is(cPrimeLength)] +#endif + BYTE* cPrime; + UINT32 sELength; +#ifdef __midl + [size_is(sELength)] +#endif + BYTE* sE; +} TSS_DAA_CRED_ISSUER; + +typedef struct tdTSS_DAA_CREDENTIAL +{ + TSS_VERSION versionInfo; + UINT32 capitalALength; +#ifdef __midl + [size_is(capitalALength)] +#endif + BYTE* capitalA; + UINT32 exponentLength; +#ifdef __midl + [size_is(exponentLength)] +#endif + BYTE* exponent; + UINT32 vBar0Length; +#ifdef __midl + [size_is(vBar0Length)] +#endif + BYTE* vBar0; + UINT32 vBar1Length; +#ifdef __midl + [size_is(vBar1Length)] +#endif + BYTE* vBar1; + UINT32 attributesLength; // Length of first dimension + UINT32 attributesLength2; // Length of second dimension +#ifdef __midl + [size_is(attributesLength,attributesLength2)] +#endif + BYTE** attributes; + TSS_DAA_PK issuerPK; + UINT32 tpmSpecificEncLength; +#ifdef __midl + [size_is(tpmSpecificEncLength)] +#endif + BYTE* tpmSpecificEnc; + UINT32 daaCounter; +} TSS_DAA_CREDENTIAL; + +typedef struct tdTSS_DAA_ATTRIB_COMMIT +{ + TSS_VERSION versionInfo; + UINT32 betaLength; +#ifdef __midl + [size_is(betaLength)] +#endif + BYTE* beta; + UINT32 sMuLength; +#ifdef __midl + [size_is(sMuLength)] +#endif + BYTE* sMu; +} TSS_DAA_ATTRIB_COMMIT; + +typedef struct tdTSS_DAA_CREDENTIAL_REQUEST +{ + TSS_VERSION versionInfo; + UINT32 capitalULength; +#ifdef __midl + [size_is(capitalULength)] +#endif + BYTE* capitalU; + UINT32 capitalNiLength; +#ifdef __midl + [size_is(capitalNiLength)] +#endif + BYTE* capitalNi; + UINT32 authenticationProofLength; +#ifdef __midl + [size_is(authenticationProofLength)] +#endif + BYTE* authenticationProof; + UINT32 challengeLength; +#ifdef __midl + [size_is(challengeLength)] +#endif + BYTE* challenge; + UINT32 nonceTpmLength; +#ifdef __midl + [size_is(nonceTpmLength)] +#endif + BYTE* nonceTpm; + UINT32 noncePlatformLength; +#ifdef __midl + [size_is(noncePlatformLength)] +#endif + BYTE* noncePlatform; + UINT32 sF0Length; +#ifdef __midl + [size_is(sF0Length)] +#endif + BYTE* sF0; + UINT32 sF1Length; +#ifdef __midl + [size_is(sF1Length)] +#endif + BYTE* sF1; + UINT32 sVprimeLength; +#ifdef __midl + [size_is(sVprimeLength)] +#endif + BYTE* sVprime; + UINT32 sVtildePrimeLength; +#ifdef __midl + [size_is(sVtildePrimeLength)] +#endif + BYTE* sVtildePrime; + UINT32 sALength; // Length of first dimension + UINT32 sALength2; // Length of second dimension +#ifdef __midl + [size_is(sALength,sALength2)] +#endif + BYTE** sA; + UINT32 attributeCommitmentsLength; + TSS_DAA_ATTRIB_COMMIT* attributeCommitments; +} TSS_DAA_CREDENTIAL_REQUEST; + +typedef struct tdTSS_DAA_SELECTED_ATTRIB +{ + TSS_VERSION versionInfo; + UINT32 indicesListLength; +#ifdef __midl + [size_is(indicesListLength)] +#endif + TSS_BOOL* indicesList; +} TSS_DAA_SELECTED_ATTRIB; + +typedef struct tdTSS_DAA_PSEUDONYM +{ + TSS_VERSION versionInfo; + TSS_FLAG payloadFlag; + UINT32 payloadLength; +#ifdef __midl + [size_is(payloadLength)] +#endif + BYTE* payload; +} TSS_DAA_PSEUDONYM; + +typedef struct tdTSS_DAA_PSEUDONYM_PLAIN +{ + TSS_VERSION versionInfo; + UINT32 capitalNvLength; +#ifdef __midl + [size_is(capitalNvLength)] +#endif + BYTE* capitalNv; +} TSS_DAA_PSEUDONYM_PLAIN; + +typedef struct tdTSS_DAA_PSEUDONYM_ENCRYPTED +{ + TSS_VERSION versionInfo; + UINT32 delta1Length; +#ifdef __midl + [size_is(delta1Length)] +#endif + BYTE* delta1; + UINT32 delta2Length; +#ifdef __midl + [size_is(delta2Length)] +#endif + BYTE* delta2; + UINT32 delta3Length; +#ifdef __midl + [size_is(delta3Length)] +#endif + BYTE* delta3; + UINT32 delta4Length; +#ifdef __midl + [size_is(delta4Length)] +#endif + BYTE* delta4; + UINT32 sTauLength; +#ifdef __midl + [size_is(sTauLength)] +#endif + BYTE* sTau; +} TSS_DAA_PSEUDONYM_ENCRYPTED; + +typedef struct tdTSS_DAA_SIGN_CALLBACK +{ + TSS_VERSION versionInfo; + TSS_HHASH challenge; + TSS_FLAG payloadFlag; + UINT32 payloadLength; +#ifdef __midl + [size_is(payloadLength)] +#endif + BYTE* payload; +} TSS_DAA_SIGN_CALLBACK; + +typedef struct tdTSS_DAA_SIGNATURE +{ + TSS_VERSION versionInfo; + UINT32 zetaLength; +#ifdef __midl + [size_is(zetaLength)] +#endif + BYTE* zeta; + UINT32 capitalTLength; +#ifdef __midl + [size_is(capitalTLength)] +#endif + BYTE* capitalT; + UINT32 challengeLength; +#ifdef __midl + [size_is(challengeLength)] +#endif + BYTE* challenge; + UINT32 nonceTpmLength; +#ifdef __midl + [size_is(nonceTpmLength)] +#endif + BYTE* nonceTpm; + UINT32 sVLength; +#ifdef __midl + [size_is(sVLength)] +#endif + BYTE* sV; + UINT32 sF0Length; +#ifdef __midl + [size_is(sF0Length)] +#endif + BYTE* sF0; + UINT32 sF1Length; +#ifdef __midl + [size_is(sF1Length)] +#endif + BYTE* sF1; + UINT32 sELength; +#ifdef __midl + [size_is(sELength)] +#endif + BYTE* sE; + UINT32 sALength; // Length of first dimension + UINT32 sALength2; // Length of second dimension +#ifdef __midl + [size_is(sALength,sALength2)] +#endif + BYTE** sA; + UINT32 attributeCommitmentsLength; +#ifdef __midl + [size_is(attributeCommitmentsLength)] +#endif + TSS_DAA_ATTRIB_COMMIT* attributeCommitments; + TSS_DAA_PSEUDONYM signedPseudonym; + TSS_DAA_SIGN_CALLBACK callbackResult; +} TSS_DAA_SIGNATURE; + +typedef struct tdTSS_DAA_IDENTITY_PROOF +{ + TSS_VERSION versionInfo; + UINT32 endorsementLength; +#ifdef __midl + [size_is(endorsementLength)] +#endif + BYTE* endorsementCredential; + UINT32 platformLength; +#ifdef __midl + [size_is(platformLength)] +#endif + BYTE* platform; + UINT32 conformanceLength; +#ifdef __midl + [size_is(conformanceLength)] +#endif + BYTE* conformance; +} TSS_DAA_IDENTITY_PROOF; + + +//////////////////////////////////////////////////////////////////// + +typedef UINT32 TSS_FAMILY_ID; +typedef BYTE TSS_DELEGATION_LABEL; +// Values are TSS_DELEGATIONTYPE_KEY or TSS_DELEGATIONTYPE_OWNER +typedef UINT32 TSS_DELEGATION_TYPE; + +typedef struct tdTSS_PCR_INFO_SHORT +{ + UINT32 sizeOfSelect; +#ifdef __midl + [size_is(sizeOfSelect)] +#endif + BYTE *selection; + BYTE localityAtRelease; + UINT32 sizeOfDigestAtRelease; +#ifdef __midl + [size_is(sizeOfDigestAtRelease)] +#endif + BYTE *digestAtRelease; +} TSS_PCR_INFO_SHORT; + +typedef struct tdTSS_FAMILY_TABLE_ENTRY +{ + TSS_FAMILY_ID familyID; + TSS_DELEGATION_LABEL label; + UINT32 verificationCount; + TSS_BOOL enabled; + TSS_BOOL locked; +} TSS_FAMILY_TABLE_ENTRY; + +typedef struct tdTSS_DELEGATION_TABLE_ENTRY +{ + UINT32 tableIndex; + TSS_DELEGATION_LABEL label; + TSS_PCR_INFO_SHORT pcrInfo; + UINT32 per1; + UINT32 per2; + TSS_FAMILY_ID familyID; + UINT32 verificationCount; +} TSS_DELEGATION_TABLE_ENTRY; + +typedef struct tdTSS_PLATFORM_CLASS +{ + UINT32 platformClassSimpleIdentifier; + UINT32 platformClassURISize; + BYTE* pPlatformClassURI; +} TSS_PLATFORM_CLASS; + +#endif // __TSS_STRUCTS_H__ + diff --git a/src/include/tss/tss_typedef.h b/src/include/tss/tss_typedef.h new file mode 100644 index 0000000..c23ef09 --- /dev/null +++ b/src/include/tss/tss_typedef.h @@ -0,0 +1,48 @@ +/*++ + +Global typedefs for TSS + +*/ + +#ifndef __TSS_TYPEDEF_H__ +#define __TSS_TYPEDEF_H__ + +#include + +//-------------------------------------------------------------------- +// definitions for TSS Service Provider (TSP) +// +typedef UINT32 TSS_HANDLE; + +typedef UINT32 TSS_FLAG; // object attributes +typedef UINT32 TSS_RESULT; // the return code from a TSS function + +typedef UINT32 TSS_HOBJECT; // basic object handle +typedef TSS_HOBJECT TSS_HCONTEXT; // context object handle +typedef TSS_HOBJECT TSS_HPOLICY; // policy object handle +typedef TSS_HOBJECT TSS_HTPM; // TPM object handle +typedef TSS_HOBJECT TSS_HKEY; // key object handle +typedef TSS_HOBJECT TSS_HENCDATA; // encrypted data object handle +typedef TSS_HOBJECT TSS_HPCRS; // PCR composite object handle +typedef TSS_HOBJECT TSS_HHASH; // hash object handle +typedef TSS_HOBJECT TSS_HNVSTORE; // NV storage object handle +typedef TSS_HOBJECT TSS_HMIGDATA; // migration data utility obj handle +typedef TSS_HOBJECT TSS_HDELFAMILY; // delegation family object handle +typedef TSS_HOBJECT TSS_HDAA_CREDENTIAL; // daa credential +typedef TSS_HOBJECT TSS_HDAA_ISSUER_KEY; // daa credential issuer keypair +typedef TSS_HOBJECT TSS_HDAA_ARA_KEY; // daa anonymity revocation + // authority keypair + +typedef UINT32 TSS_EVENTTYPE; +typedef UINT16 TSS_MIGRATE_SCHEME; +typedef UINT32 TSS_ALGORITHM_ID; +typedef UINT32 TSS_KEY_USAGE_ID; +typedef UINT16 TSS_KEY_ENC_SCHEME; +typedef UINT16 TSS_KEY_SIG_SCHEME; +typedef BYTE TSS_KEY_AUTH_DATA_USAGE; +typedef UINT32 TSS_CMK_DELEGATE; +typedef UINT32 TSS_NV_INDEX; +typedef UINT32 TSS_COUNTER_ID; + +#endif // __TSS_TYPEDEF_H__ + diff --git a/src/tcs/Makefile.am b/src/tcs/Makefile.am new file mode 100644 index 0000000..8540a9a --- /dev/null +++ b/src/tcs/Makefile.am @@ -0,0 +1,142 @@ +noinst_LIBRARIES=libtcs.a + +CFLAGS+=-I${top_srcdir}/src/include +libtcs_a_LIBADD=${top_builddir}/src/tddl/libtddl.a +libtcs_a_CFLAGS=-DAPPID=\"TCSD\ TCS\" -DVAR_PREFIX=\"@localstatedir@\" -DETC_PREFIX=\"@sysconfdir@\" + +libtcs_a_SOURCES=log.c \ + tcs_caps.c \ + tcs_req_mgr.c \ + tcs_context.c \ + tcsi_context.c \ + tcs_utils.c \ + rpc/@RPC@/rpc.c rpc/@RPC@/rpc_context.c \ + tcsi_caps_tpm.c rpc/@RPC@/rpc_caps_tpm.c \ + tcs_auth_mgr.c tcsi_auth.c rpc/@RPC@/rpc_auth.c \ + tcs_pbg.c + +if TSS_BUILD_TRANSPORT +libtcs_a_SOURCES+=tcsi_transport.c rpc/@RPC@/rpc_transport.c +libtcs_a_CFLAGS+=-DTSS_BUILD_TRANSPORT +endif +if TSS_BUILD_TICK +libtcs_a_SOURCES+=tcsi_tick.c rpc/@RPC@/rpc_tick.c +libtcs_a_CFLAGS+=-DTSS_BUILD_TICK +endif +if TSS_BUILD_COUNTER +libtcs_a_SOURCES+=tcsi_counter.c tcs_counter.c rpc/@RPC@/rpc_counter.c +libtcs_a_CFLAGS+=-DTSS_BUILD_COUNTER +endif +if TSS_BUILD_RANDOM +libtcs_a_SOURCES+=tcsi_random.c rpc/@RPC@/rpc_random.c +libtcs_a_CFLAGS+=-DTSS_BUILD_RANDOM +endif +if TSS_BUILD_CAPS +libtcs_a_SOURCES+=tcsi_caps.c rpc/@RPC@/rpc_caps.c +libtcs_a_CFLAGS+=-DTSS_BUILD_CAPS +endif +if TSS_BUILD_DIR +libtcs_a_SOURCES+=tcsi_dir.c rpc/@RPC@/rpc_dir.c +libtcs_a_CFLAGS+=-DTSS_BUILD_DIR +endif +if TSS_BUILD_PCR_EVENTS +libtcs_a_SOURCES+=tcsi_evlog.c tcs_evlog_biosem.c tcs_evlog_imaem.c tcs_evlog.c \ + rpc/@RPC@/rpc_evlog.c +libtcs_a_CFLAGS+=-DTSS_BUILD_PCR_EVENTS +endif +if TSS_BUILD_SIGN +libtcs_a_SOURCES+=tcsi_sign.c rpc/@RPC@/rpc_sign.c +libtcs_a_CFLAGS+=-DTSS_BUILD_SIGN +endif +if TSS_BUILD_QUOTE +libtcs_a_SOURCES+=tcsi_quote.c tcs_quote.c rpc/@RPC@/rpc_quote.c +libtcs_a_CFLAGS+=-DTSS_BUILD_QUOTE +endif +if TSS_BUILD_SEAL +libtcs_a_SOURCES+=tcsi_seal.c tcs_seal.c rpc/@RPC@/rpc_seal.c +libtcs_a_CFLAGS+=-DTSS_BUILD_SEAL +endif +if TSS_BUILD_CHANGEAUTH +libtcs_a_SOURCES+=tcsi_changeauth.c rpc/@RPC@/rpc_changeauth.c +libtcs_a_CFLAGS+=-DTSS_BUILD_CHANGEAUTH +endif +if TSS_BUILD_BIND +libtcs_a_SOURCES+=tcsi_bind.c rpc/@RPC@/rpc_bind.c +libtcs_a_CFLAGS+=-DTSS_BUILD_BIND +endif +if TSS_BUILD_OWN +libtcs_a_SOURCES+=tcsi_own.c rpc/@RPC@/rpc_own.c +libtcs_a_CFLAGS+=-DTSS_BUILD_OWN +endif +if TSS_BUILD_PS +libtcs_a_SOURCES+=ps/ps_utils.c ps/tcsps.c tcsi_ps.c tcs_ps.c tcs_key_ps.c rpc/@RPC@/rpc_ps.c +libtcs_a_CFLAGS+=-DTSS_BUILD_PS +endif +if TSS_BUILD_ADMIN +libtcs_a_SOURCES+=tcsi_admin.c rpc/@RPC@/rpc_admin.c +libtcs_a_CFLAGS+=-DTSS_BUILD_ADMIN +endif +if TSS_BUILD_AIK +libtcs_a_SOURCES+=tcsi_aik.c tcs_aik.c rpc/@RPC@/rpc_aik.c +libtcs_a_CFLAGS+=-DTSS_BUILD_AIK +endif +if TSS_BUILD_EK +libtcs_a_SOURCES+=tcsi_ek.c rpc/@RPC@/rpc_ek.c +libtcs_a_CFLAGS+=-DTSS_BUILD_EK +endif +if TSS_BUILD_CERTIFY +libtcs_a_SOURCES+=tcsi_certify.c rpc/@RPC@/rpc_certify.c +libtcs_a_CFLAGS+=-DTSS_BUILD_CERTIFY +endif +if TSS_BUILD_KEY +libtcs_a_SOURCES+=tcsi_key.c tcs_key.c tcs_key_mem_cache.c tcs_context_key.c rpc/@RPC@/rpc_key.c \ + crypto/@CRYPTO_PACKAGE@/crypto.c +libtcs_a_CFLAGS+=-DTSS_BUILD_KEY +endif +if TSS_BUILD_MAINT +libtcs_a_SOURCES+=tcsi_maint.c rpc/@RPC@/rpc_maint.c +libtcs_a_CFLAGS+=-DTSS_BUILD_MAINT +endif +if TSS_BUILD_MIGRATION +libtcs_a_SOURCES+=tcsi_migration.c tcs_migration.c rpc/@RPC@/rpc_migration.c +libtcs_a_CFLAGS+=-DTSS_BUILD_MIGRATION +endif +if TSS_BUILD_PCR_EXTEND +libtcs_a_SOURCES+=tcsi_pcr.c rpc/@RPC@/rpc_pcr_extend.c +libtcs_a_CFLAGS+=-DTSS_BUILD_PCR_EXTEND +endif +if TSS_BUILD_SELFTEST +libtcs_a_SOURCES+=tcsi_selftest.c rpc/@RPC@/rpc_selftest.c +libtcs_a_CFLAGS+=-DTSS_BUILD_SELFTEST +endif +if TSS_BUILD_DAA +libtcs_a_SOURCES+=tcsi_daa.c rpc/@RPC@/rpc_daa.c +libtcs_a_CFLAGS+=-DTSS_BUILD_DAA +endif +if TSS_BUILD_NV +libtcs_a_SOURCES+=tcsi_nv.c rpc/@RPC@/rpc_nv.c +libtcs_a_CFLAGS+=-DTSS_BUILD_NV +endif +if TSS_BUILD_AUDIT +libtcs_a_SOURCES+=tcsi_audit.c rpc/@RPC@/rpc_audit.c +libtcs_a_CFLAGS+=-DTSS_BUILD_AUDIT +endif +if TSS_BUILD_SEALX +libtcs_a_CFLAGS+=-DTSS_BUILD_SEALX +endif +if TSS_BUILD_TSS12 +libtcs_a_SOURCES+=tcsi_oper.c rpc/@RPC@/rpc_oper.c +libtcs_a_CFLAGS+=-DTSS_BUILD_TSS12 +endif +if TSS_BUILD_DELEGATION +libtcs_a_SOURCES+=tcsi_delegate.c rpc/@RPC@/rpc_delegate.c +libtcs_a_CFLAGS+=-DTSS_BUILD_DELEGATION +endif +if TSS_BUILD_QUOTE2 +libtcs_a_SOURCES+=tcsi_quote2.c tcs_quote2.c rpc/@RPC@/rpc_quote2.c +libtcs_a_CFLAGS+=-DTSS_BUILD_QUOTE2 +endif +if TSS_BUILD_CMK +libtcs_a_SOURCES+=tcsi_cmk.c rpc/@RPC@/rpc_cmk.c +libtcs_a_CFLAGS+=-DTSS_BUILD_CMK +endif diff --git a/src/tcs/Makefile.in b/src/tcs/Makefile.in new file mode 100644 index 0000000..1c64f40 --- /dev/null +++ b/src/tcs/Makefile.in @@ -0,0 +1,2069 @@ +# Makefile.in generated by automake 1.11.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +target_triplet = @target@ +@TSS_BUILD_TRANSPORT_TRUE@am__append_1 = tcsi_transport.c rpc/@RPC@/rpc_transport.c +@TSS_BUILD_TRANSPORT_TRUE@am__append_2 = -DTSS_BUILD_TRANSPORT +@TSS_BUILD_TICK_TRUE@am__append_3 = tcsi_tick.c rpc/@RPC@/rpc_tick.c +@TSS_BUILD_TICK_TRUE@am__append_4 = -DTSS_BUILD_TICK +@TSS_BUILD_COUNTER_TRUE@am__append_5 = tcsi_counter.c tcs_counter.c rpc/@RPC@/rpc_counter.c +@TSS_BUILD_COUNTER_TRUE@am__append_6 = -DTSS_BUILD_COUNTER +@TSS_BUILD_RANDOM_TRUE@am__append_7 = tcsi_random.c rpc/@RPC@/rpc_random.c +@TSS_BUILD_RANDOM_TRUE@am__append_8 = -DTSS_BUILD_RANDOM +@TSS_BUILD_CAPS_TRUE@am__append_9 = tcsi_caps.c rpc/@RPC@/rpc_caps.c +@TSS_BUILD_CAPS_TRUE@am__append_10 = -DTSS_BUILD_CAPS +@TSS_BUILD_DIR_TRUE@am__append_11 = tcsi_dir.c rpc/@RPC@/rpc_dir.c +@TSS_BUILD_DIR_TRUE@am__append_12 = -DTSS_BUILD_DIR +@TSS_BUILD_PCR_EVENTS_TRUE@am__append_13 = tcsi_evlog.c tcs_evlog_biosem.c tcs_evlog_imaem.c tcs_evlog.c \ +@TSS_BUILD_PCR_EVENTS_TRUE@ rpc/@RPC@/rpc_evlog.c + +@TSS_BUILD_PCR_EVENTS_TRUE@am__append_14 = -DTSS_BUILD_PCR_EVENTS +@TSS_BUILD_SIGN_TRUE@am__append_15 = tcsi_sign.c rpc/@RPC@/rpc_sign.c +@TSS_BUILD_SIGN_TRUE@am__append_16 = -DTSS_BUILD_SIGN +@TSS_BUILD_QUOTE_TRUE@am__append_17 = tcsi_quote.c tcs_quote.c rpc/@RPC@/rpc_quote.c +@TSS_BUILD_QUOTE_TRUE@am__append_18 = -DTSS_BUILD_QUOTE +@TSS_BUILD_SEAL_TRUE@am__append_19 = tcsi_seal.c tcs_seal.c rpc/@RPC@/rpc_seal.c +@TSS_BUILD_SEAL_TRUE@am__append_20 = -DTSS_BUILD_SEAL +@TSS_BUILD_CHANGEAUTH_TRUE@am__append_21 = tcsi_changeauth.c rpc/@RPC@/rpc_changeauth.c +@TSS_BUILD_CHANGEAUTH_TRUE@am__append_22 = -DTSS_BUILD_CHANGEAUTH +@TSS_BUILD_BIND_TRUE@am__append_23 = tcsi_bind.c rpc/@RPC@/rpc_bind.c +@TSS_BUILD_BIND_TRUE@am__append_24 = -DTSS_BUILD_BIND +@TSS_BUILD_OWN_TRUE@am__append_25 = tcsi_own.c rpc/@RPC@/rpc_own.c +@TSS_BUILD_OWN_TRUE@am__append_26 = -DTSS_BUILD_OWN +@TSS_BUILD_PS_TRUE@am__append_27 = ps/ps_utils.c ps/tcsps.c tcsi_ps.c tcs_ps.c tcs_key_ps.c rpc/@RPC@/rpc_ps.c +@TSS_BUILD_PS_TRUE@am__append_28 = -DTSS_BUILD_PS +@TSS_BUILD_ADMIN_TRUE@am__append_29 = tcsi_admin.c rpc/@RPC@/rpc_admin.c +@TSS_BUILD_ADMIN_TRUE@am__append_30 = -DTSS_BUILD_ADMIN +@TSS_BUILD_AIK_TRUE@am__append_31 = tcsi_aik.c tcs_aik.c rpc/@RPC@/rpc_aik.c +@TSS_BUILD_AIK_TRUE@am__append_32 = -DTSS_BUILD_AIK +@TSS_BUILD_EK_TRUE@am__append_33 = tcsi_ek.c rpc/@RPC@/rpc_ek.c +@TSS_BUILD_EK_TRUE@am__append_34 = -DTSS_BUILD_EK +@TSS_BUILD_CERTIFY_TRUE@am__append_35 = tcsi_certify.c rpc/@RPC@/rpc_certify.c +@TSS_BUILD_CERTIFY_TRUE@am__append_36 = -DTSS_BUILD_CERTIFY +@TSS_BUILD_KEY_TRUE@am__append_37 = tcsi_key.c tcs_key.c tcs_key_mem_cache.c tcs_context_key.c rpc/@RPC@/rpc_key.c \ +@TSS_BUILD_KEY_TRUE@ crypto/@CRYPTO_PACKAGE@/crypto.c + +@TSS_BUILD_KEY_TRUE@am__append_38 = -DTSS_BUILD_KEY +@TSS_BUILD_MAINT_TRUE@am__append_39 = tcsi_maint.c rpc/@RPC@/rpc_maint.c +@TSS_BUILD_MAINT_TRUE@am__append_40 = -DTSS_BUILD_MAINT +@TSS_BUILD_MIGRATION_TRUE@am__append_41 = tcsi_migration.c tcs_migration.c rpc/@RPC@/rpc_migration.c +@TSS_BUILD_MIGRATION_TRUE@am__append_42 = -DTSS_BUILD_MIGRATION +@TSS_BUILD_PCR_EXTEND_TRUE@am__append_43 = tcsi_pcr.c rpc/@RPC@/rpc_pcr_extend.c +@TSS_BUILD_PCR_EXTEND_TRUE@am__append_44 = -DTSS_BUILD_PCR_EXTEND +@TSS_BUILD_SELFTEST_TRUE@am__append_45 = tcsi_selftest.c rpc/@RPC@/rpc_selftest.c +@TSS_BUILD_SELFTEST_TRUE@am__append_46 = -DTSS_BUILD_SELFTEST +@TSS_BUILD_DAA_TRUE@am__append_47 = tcsi_daa.c rpc/@RPC@/rpc_daa.c +@TSS_BUILD_DAA_TRUE@am__append_48 = -DTSS_BUILD_DAA +@TSS_BUILD_NV_TRUE@am__append_49 = tcsi_nv.c rpc/@RPC@/rpc_nv.c +@TSS_BUILD_NV_TRUE@am__append_50 = -DTSS_BUILD_NV +@TSS_BUILD_AUDIT_TRUE@am__append_51 = tcsi_audit.c rpc/@RPC@/rpc_audit.c +@TSS_BUILD_AUDIT_TRUE@am__append_52 = -DTSS_BUILD_AUDIT +@TSS_BUILD_SEALX_TRUE@am__append_53 = -DTSS_BUILD_SEALX +@TSS_BUILD_TSS12_TRUE@am__append_54 = tcsi_oper.c rpc/@RPC@/rpc_oper.c +@TSS_BUILD_TSS12_TRUE@am__append_55 = -DTSS_BUILD_TSS12 +@TSS_BUILD_DELEGATION_TRUE@am__append_56 = tcsi_delegate.c rpc/@RPC@/rpc_delegate.c +@TSS_BUILD_DELEGATION_TRUE@am__append_57 = -DTSS_BUILD_DELEGATION +@TSS_BUILD_QUOTE2_TRUE@am__append_58 = tcsi_quote2.c tcs_quote2.c rpc/@RPC@/rpc_quote2.c +@TSS_BUILD_QUOTE2_TRUE@am__append_59 = -DTSS_BUILD_QUOTE2 +@TSS_BUILD_CMK_TRUE@am__append_60 = tcsi_cmk.c rpc/@RPC@/rpc_cmk.c +@TSS_BUILD_CMK_TRUE@am__append_61 = -DTSS_BUILD_CMK +subdir = src/tcs +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +LIBRARIES = $(noinst_LIBRARIES) +ARFLAGS = cru +libtcs_a_AR = $(AR) $(ARFLAGS) +libtcs_a_DEPENDENCIES = ${top_builddir}/src/tddl/libtddl.a +am__libtcs_a_SOURCES_DIST = log.c tcs_caps.c tcs_req_mgr.c \ + tcs_context.c tcsi_context.c tcs_utils.c rpc/@RPC@/rpc.c \ + rpc/@RPC@/rpc_context.c tcsi_caps_tpm.c \ + rpc/@RPC@/rpc_caps_tpm.c tcs_auth_mgr.c tcsi_auth.c \ + rpc/@RPC@/rpc_auth.c tcs_pbg.c tcsi_transport.c \ + rpc/@RPC@/rpc_transport.c tcsi_tick.c rpc/@RPC@/rpc_tick.c \ + tcsi_counter.c tcs_counter.c rpc/@RPC@/rpc_counter.c \ + tcsi_random.c rpc/@RPC@/rpc_random.c tcsi_caps.c \ + rpc/@RPC@/rpc_caps.c tcsi_dir.c rpc/@RPC@/rpc_dir.c \ + tcsi_evlog.c tcs_evlog_biosem.c tcs_evlog_imaem.c tcs_evlog.c \ + rpc/@RPC@/rpc_evlog.c tcsi_sign.c rpc/@RPC@/rpc_sign.c \ + tcsi_quote.c tcs_quote.c rpc/@RPC@/rpc_quote.c tcsi_seal.c \ + tcs_seal.c rpc/@RPC@/rpc_seal.c tcsi_changeauth.c \ + rpc/@RPC@/rpc_changeauth.c tcsi_bind.c rpc/@RPC@/rpc_bind.c \ + tcsi_own.c rpc/@RPC@/rpc_own.c ps/ps_utils.c ps/tcsps.c \ + tcsi_ps.c tcs_ps.c tcs_key_ps.c rpc/@RPC@/rpc_ps.c \ + tcsi_admin.c rpc/@RPC@/rpc_admin.c tcsi_aik.c tcs_aik.c \ + rpc/@RPC@/rpc_aik.c tcsi_ek.c rpc/@RPC@/rpc_ek.c \ + tcsi_certify.c rpc/@RPC@/rpc_certify.c tcsi_key.c tcs_key.c \ + tcs_key_mem_cache.c tcs_context_key.c rpc/@RPC@/rpc_key.c \ + crypto/@CRYPTO_PACKAGE@/crypto.c tcsi_maint.c \ + rpc/@RPC@/rpc_maint.c tcsi_migration.c tcs_migration.c \ + rpc/@RPC@/rpc_migration.c tcsi_pcr.c \ + rpc/@RPC@/rpc_pcr_extend.c tcsi_selftest.c \ + rpc/@RPC@/rpc_selftest.c tcsi_daa.c rpc/@RPC@/rpc_daa.c \ + tcsi_nv.c rpc/@RPC@/rpc_nv.c tcsi_audit.c \ + rpc/@RPC@/rpc_audit.c tcsi_oper.c rpc/@RPC@/rpc_oper.c \ + tcsi_delegate.c rpc/@RPC@/rpc_delegate.c tcsi_quote2.c \ + tcs_quote2.c rpc/@RPC@/rpc_quote2.c tcsi_cmk.c \ + rpc/@RPC@/rpc_cmk.c +@TSS_BUILD_TRANSPORT_TRUE@am__objects_1 = \ +@TSS_BUILD_TRANSPORT_TRUE@ libtcs_a-tcsi_transport.$(OBJEXT) \ +@TSS_BUILD_TRANSPORT_TRUE@ libtcs_a-rpc_transport.$(OBJEXT) +@TSS_BUILD_TICK_TRUE@am__objects_2 = libtcs_a-tcsi_tick.$(OBJEXT) \ +@TSS_BUILD_TICK_TRUE@ libtcs_a-rpc_tick.$(OBJEXT) +@TSS_BUILD_COUNTER_TRUE@am__objects_3 = \ +@TSS_BUILD_COUNTER_TRUE@ libtcs_a-tcsi_counter.$(OBJEXT) \ +@TSS_BUILD_COUNTER_TRUE@ libtcs_a-tcs_counter.$(OBJEXT) \ +@TSS_BUILD_COUNTER_TRUE@ libtcs_a-rpc_counter.$(OBJEXT) +@TSS_BUILD_RANDOM_TRUE@am__objects_4 = libtcs_a-tcsi_random.$(OBJEXT) \ +@TSS_BUILD_RANDOM_TRUE@ libtcs_a-rpc_random.$(OBJEXT) +@TSS_BUILD_CAPS_TRUE@am__objects_5 = libtcs_a-tcsi_caps.$(OBJEXT) \ +@TSS_BUILD_CAPS_TRUE@ libtcs_a-rpc_caps.$(OBJEXT) +@TSS_BUILD_DIR_TRUE@am__objects_6 = libtcs_a-tcsi_dir.$(OBJEXT) \ +@TSS_BUILD_DIR_TRUE@ libtcs_a-rpc_dir.$(OBJEXT) +@TSS_BUILD_PCR_EVENTS_TRUE@am__objects_7 = \ +@TSS_BUILD_PCR_EVENTS_TRUE@ libtcs_a-tcsi_evlog.$(OBJEXT) \ +@TSS_BUILD_PCR_EVENTS_TRUE@ libtcs_a-tcs_evlog_biosem.$(OBJEXT) \ +@TSS_BUILD_PCR_EVENTS_TRUE@ libtcs_a-tcs_evlog_imaem.$(OBJEXT) \ +@TSS_BUILD_PCR_EVENTS_TRUE@ libtcs_a-tcs_evlog.$(OBJEXT) \ +@TSS_BUILD_PCR_EVENTS_TRUE@ libtcs_a-rpc_evlog.$(OBJEXT) +@TSS_BUILD_SIGN_TRUE@am__objects_8 = libtcs_a-tcsi_sign.$(OBJEXT) \ +@TSS_BUILD_SIGN_TRUE@ libtcs_a-rpc_sign.$(OBJEXT) +@TSS_BUILD_QUOTE_TRUE@am__objects_9 = libtcs_a-tcsi_quote.$(OBJEXT) \ +@TSS_BUILD_QUOTE_TRUE@ libtcs_a-tcs_quote.$(OBJEXT) \ +@TSS_BUILD_QUOTE_TRUE@ libtcs_a-rpc_quote.$(OBJEXT) +@TSS_BUILD_SEAL_TRUE@am__objects_10 = libtcs_a-tcsi_seal.$(OBJEXT) \ +@TSS_BUILD_SEAL_TRUE@ libtcs_a-tcs_seal.$(OBJEXT) \ +@TSS_BUILD_SEAL_TRUE@ libtcs_a-rpc_seal.$(OBJEXT) +@TSS_BUILD_CHANGEAUTH_TRUE@am__objects_11 = \ +@TSS_BUILD_CHANGEAUTH_TRUE@ libtcs_a-tcsi_changeauth.$(OBJEXT) \ +@TSS_BUILD_CHANGEAUTH_TRUE@ libtcs_a-rpc_changeauth.$(OBJEXT) +@TSS_BUILD_BIND_TRUE@am__objects_12 = libtcs_a-tcsi_bind.$(OBJEXT) \ +@TSS_BUILD_BIND_TRUE@ libtcs_a-rpc_bind.$(OBJEXT) +@TSS_BUILD_OWN_TRUE@am__objects_13 = libtcs_a-tcsi_own.$(OBJEXT) \ +@TSS_BUILD_OWN_TRUE@ libtcs_a-rpc_own.$(OBJEXT) +@TSS_BUILD_PS_TRUE@am__objects_14 = libtcs_a-ps_utils.$(OBJEXT) \ +@TSS_BUILD_PS_TRUE@ libtcs_a-tcsps.$(OBJEXT) \ +@TSS_BUILD_PS_TRUE@ libtcs_a-tcsi_ps.$(OBJEXT) \ +@TSS_BUILD_PS_TRUE@ libtcs_a-tcs_ps.$(OBJEXT) \ +@TSS_BUILD_PS_TRUE@ libtcs_a-tcs_key_ps.$(OBJEXT) \ +@TSS_BUILD_PS_TRUE@ libtcs_a-rpc_ps.$(OBJEXT) +@TSS_BUILD_ADMIN_TRUE@am__objects_15 = libtcs_a-tcsi_admin.$(OBJEXT) \ +@TSS_BUILD_ADMIN_TRUE@ libtcs_a-rpc_admin.$(OBJEXT) +@TSS_BUILD_AIK_TRUE@am__objects_16 = libtcs_a-tcsi_aik.$(OBJEXT) \ +@TSS_BUILD_AIK_TRUE@ libtcs_a-tcs_aik.$(OBJEXT) \ +@TSS_BUILD_AIK_TRUE@ libtcs_a-rpc_aik.$(OBJEXT) +@TSS_BUILD_EK_TRUE@am__objects_17 = libtcs_a-tcsi_ek.$(OBJEXT) \ +@TSS_BUILD_EK_TRUE@ libtcs_a-rpc_ek.$(OBJEXT) +@TSS_BUILD_CERTIFY_TRUE@am__objects_18 = \ +@TSS_BUILD_CERTIFY_TRUE@ libtcs_a-tcsi_certify.$(OBJEXT) \ +@TSS_BUILD_CERTIFY_TRUE@ libtcs_a-rpc_certify.$(OBJEXT) +@TSS_BUILD_KEY_TRUE@am__objects_19 = libtcs_a-tcsi_key.$(OBJEXT) \ +@TSS_BUILD_KEY_TRUE@ libtcs_a-tcs_key.$(OBJEXT) \ +@TSS_BUILD_KEY_TRUE@ libtcs_a-tcs_key_mem_cache.$(OBJEXT) \ +@TSS_BUILD_KEY_TRUE@ libtcs_a-tcs_context_key.$(OBJEXT) \ +@TSS_BUILD_KEY_TRUE@ libtcs_a-rpc_key.$(OBJEXT) \ +@TSS_BUILD_KEY_TRUE@ libtcs_a-crypto.$(OBJEXT) +@TSS_BUILD_MAINT_TRUE@am__objects_20 = libtcs_a-tcsi_maint.$(OBJEXT) \ +@TSS_BUILD_MAINT_TRUE@ libtcs_a-rpc_maint.$(OBJEXT) +@TSS_BUILD_MIGRATION_TRUE@am__objects_21 = \ +@TSS_BUILD_MIGRATION_TRUE@ libtcs_a-tcsi_migration.$(OBJEXT) \ +@TSS_BUILD_MIGRATION_TRUE@ libtcs_a-tcs_migration.$(OBJEXT) \ +@TSS_BUILD_MIGRATION_TRUE@ libtcs_a-rpc_migration.$(OBJEXT) +@TSS_BUILD_PCR_EXTEND_TRUE@am__objects_22 = \ +@TSS_BUILD_PCR_EXTEND_TRUE@ libtcs_a-tcsi_pcr.$(OBJEXT) \ +@TSS_BUILD_PCR_EXTEND_TRUE@ libtcs_a-rpc_pcr_extend.$(OBJEXT) +@TSS_BUILD_SELFTEST_TRUE@am__objects_23 = \ +@TSS_BUILD_SELFTEST_TRUE@ libtcs_a-tcsi_selftest.$(OBJEXT) \ +@TSS_BUILD_SELFTEST_TRUE@ libtcs_a-rpc_selftest.$(OBJEXT) +@TSS_BUILD_DAA_TRUE@am__objects_24 = libtcs_a-tcsi_daa.$(OBJEXT) \ +@TSS_BUILD_DAA_TRUE@ libtcs_a-rpc_daa.$(OBJEXT) +@TSS_BUILD_NV_TRUE@am__objects_25 = libtcs_a-tcsi_nv.$(OBJEXT) \ +@TSS_BUILD_NV_TRUE@ libtcs_a-rpc_nv.$(OBJEXT) +@TSS_BUILD_AUDIT_TRUE@am__objects_26 = libtcs_a-tcsi_audit.$(OBJEXT) \ +@TSS_BUILD_AUDIT_TRUE@ libtcs_a-rpc_audit.$(OBJEXT) +@TSS_BUILD_TSS12_TRUE@am__objects_27 = libtcs_a-tcsi_oper.$(OBJEXT) \ +@TSS_BUILD_TSS12_TRUE@ libtcs_a-rpc_oper.$(OBJEXT) +@TSS_BUILD_DELEGATION_TRUE@am__objects_28 = \ +@TSS_BUILD_DELEGATION_TRUE@ libtcs_a-tcsi_delegate.$(OBJEXT) \ +@TSS_BUILD_DELEGATION_TRUE@ libtcs_a-rpc_delegate.$(OBJEXT) +@TSS_BUILD_QUOTE2_TRUE@am__objects_29 = \ +@TSS_BUILD_QUOTE2_TRUE@ libtcs_a-tcsi_quote2.$(OBJEXT) \ +@TSS_BUILD_QUOTE2_TRUE@ libtcs_a-tcs_quote2.$(OBJEXT) \ +@TSS_BUILD_QUOTE2_TRUE@ libtcs_a-rpc_quote2.$(OBJEXT) +@TSS_BUILD_CMK_TRUE@am__objects_30 = libtcs_a-tcsi_cmk.$(OBJEXT) \ +@TSS_BUILD_CMK_TRUE@ libtcs_a-rpc_cmk.$(OBJEXT) +am_libtcs_a_OBJECTS = libtcs_a-log.$(OBJEXT) \ + libtcs_a-tcs_caps.$(OBJEXT) libtcs_a-tcs_req_mgr.$(OBJEXT) \ + libtcs_a-tcs_context.$(OBJEXT) libtcs_a-tcsi_context.$(OBJEXT) \ + libtcs_a-tcs_utils.$(OBJEXT) libtcs_a-rpc.$(OBJEXT) \ + libtcs_a-rpc_context.$(OBJEXT) \ + libtcs_a-tcsi_caps_tpm.$(OBJEXT) \ + libtcs_a-rpc_caps_tpm.$(OBJEXT) \ + libtcs_a-tcs_auth_mgr.$(OBJEXT) libtcs_a-tcsi_auth.$(OBJEXT) \ + libtcs_a-rpc_auth.$(OBJEXT) libtcs_a-tcs_pbg.$(OBJEXT) \ + $(am__objects_1) $(am__objects_2) $(am__objects_3) \ + $(am__objects_4) $(am__objects_5) $(am__objects_6) \ + $(am__objects_7) $(am__objects_8) $(am__objects_9) \ + $(am__objects_10) $(am__objects_11) $(am__objects_12) \ + $(am__objects_13) $(am__objects_14) $(am__objects_15) \ + $(am__objects_16) $(am__objects_17) $(am__objects_18) \ + $(am__objects_19) $(am__objects_20) $(am__objects_21) \ + $(am__objects_22) $(am__objects_23) $(am__objects_24) \ + $(am__objects_25) $(am__objects_26) $(am__objects_27) \ + $(am__objects_28) $(am__objects_29) $(am__objects_30) +libtcs_a_OBJECTS = $(am_libtcs_a_OBJECTS) +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libtcs_a_SOURCES) +DIST_SOURCES = $(am__libtcs_a_SOURCES_DIST) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ -I${top_srcdir}/src/include +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CRYPTOLIB = @CRYPTOLIB@ +CRYPTO_PACKAGE = @CRYPTO_PACKAGE@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GREP = @GREP@ +GTK_CFLAGS = @GTK_CFLAGS@ +GTK_LIBS = @GTK_LIBS@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENSSL_LIB_DIR = @OPENSSL_LIB_DIR@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +RANLIB = @RANLIB@ +RPC = @RPC@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +TCSD_DEFAULT_PORT = @TCSD_DEFAULT_PORT@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target = @target@ +target_alias = @target_alias@ +target_cpu = @target_cpu@ +target_os = @target_os@ +target_vendor = @target_vendor@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +noinst_LIBRARIES = libtcs.a +libtcs_a_LIBADD = ${top_builddir}/src/tddl/libtddl.a +libtcs_a_CFLAGS = -DAPPID=\"TCSD\ TCS\" \ + -DVAR_PREFIX=\"@localstatedir@\" -DETC_PREFIX=\"@sysconfdir@\" \ + $(am__append_2) $(am__append_4) $(am__append_6) \ + $(am__append_8) $(am__append_10) $(am__append_12) \ + $(am__append_14) $(am__append_16) $(am__append_18) \ + $(am__append_20) $(am__append_22) $(am__append_24) \ + $(am__append_26) $(am__append_28) $(am__append_30) \ + $(am__append_32) $(am__append_34) $(am__append_36) \ + $(am__append_38) $(am__append_40) $(am__append_42) \ + $(am__append_44) $(am__append_46) $(am__append_48) \ + $(am__append_50) $(am__append_52) $(am__append_53) \ + $(am__append_55) $(am__append_57) $(am__append_59) \ + $(am__append_61) +libtcs_a_SOURCES = log.c tcs_caps.c tcs_req_mgr.c tcs_context.c \ + tcsi_context.c tcs_utils.c rpc/@RPC@/rpc.c \ + rpc/@RPC@/rpc_context.c tcsi_caps_tpm.c \ + rpc/@RPC@/rpc_caps_tpm.c tcs_auth_mgr.c tcsi_auth.c \ + rpc/@RPC@/rpc_auth.c tcs_pbg.c $(am__append_1) $(am__append_3) \ + $(am__append_5) $(am__append_7) $(am__append_9) \ + $(am__append_11) $(am__append_13) $(am__append_15) \ + $(am__append_17) $(am__append_19) $(am__append_21) \ + $(am__append_23) $(am__append_25) $(am__append_27) \ + $(am__append_29) $(am__append_31) $(am__append_33) \ + $(am__append_35) $(am__append_37) $(am__append_39) \ + $(am__append_41) $(am__append_43) $(am__append_45) \ + $(am__append_47) $(am__append_49) $(am__append_51) \ + $(am__append_54) $(am__append_56) $(am__append_58) \ + $(am__append_60) +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/tcs/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign src/tcs/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-noinstLIBRARIES: + -test -z "$(noinst_LIBRARIES)" || rm -f $(noinst_LIBRARIES) +libtcs.a: $(libtcs_a_OBJECTS) $(libtcs_a_DEPENDENCIES) + -rm -f libtcs.a + $(libtcs_a_AR) libtcs.a $(libtcs_a_OBJECTS) $(libtcs_a_LIBADD) + $(RANLIB) libtcs.a + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-crypto.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-log.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-ps_utils.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-rpc.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-rpc_admin.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-rpc_aik.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-rpc_audit.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-rpc_auth.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-rpc_bind.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-rpc_caps.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-rpc_caps_tpm.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-rpc_certify.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-rpc_changeauth.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-rpc_cmk.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-rpc_context.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-rpc_counter.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-rpc_daa.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-rpc_delegate.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-rpc_dir.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-rpc_ek.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-rpc_evlog.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-rpc_key.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-rpc_maint.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-rpc_migration.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-rpc_nv.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-rpc_oper.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-rpc_own.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-rpc_pcr_extend.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-rpc_ps.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-rpc_quote.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-rpc_quote2.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-rpc_random.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-rpc_seal.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-rpc_selftest.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-rpc_sign.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-rpc_tick.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-rpc_transport.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcs_aik.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcs_auth_mgr.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcs_caps.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcs_context.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcs_context_key.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcs_counter.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcs_evlog.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcs_evlog_biosem.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcs_evlog_imaem.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcs_key.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcs_key_mem_cache.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcs_key_ps.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcs_migration.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcs_pbg.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcs_ps.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcs_quote.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcs_quote2.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcs_req_mgr.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcs_seal.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcs_utils.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcsi_admin.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcsi_aik.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcsi_audit.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcsi_auth.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcsi_bind.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcsi_caps.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcsi_caps_tpm.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcsi_certify.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcsi_changeauth.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcsi_cmk.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcsi_context.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcsi_counter.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcsi_daa.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcsi_delegate.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcsi_dir.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcsi_ek.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcsi_evlog.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcsi_key.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcsi_maint.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcsi_migration.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcsi_nv.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcsi_oper.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcsi_own.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcsi_pcr.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcsi_ps.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcsi_quote.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcsi_quote2.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcsi_random.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcsi_seal.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcsi_selftest.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcsi_sign.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcsi_tick.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcsi_transport.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcs_a-tcsps.Po@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +libtcs_a-log.o: log.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-log.o -MD -MP -MF $(DEPDIR)/libtcs_a-log.Tpo -c -o libtcs_a-log.o `test -f 'log.c' || echo '$(srcdir)/'`log.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-log.Tpo $(DEPDIR)/libtcs_a-log.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='log.c' object='libtcs_a-log.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-log.o `test -f 'log.c' || echo '$(srcdir)/'`log.c + +libtcs_a-log.obj: log.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-log.obj -MD -MP -MF $(DEPDIR)/libtcs_a-log.Tpo -c -o libtcs_a-log.obj `if test -f 'log.c'; then $(CYGPATH_W) 'log.c'; else $(CYGPATH_W) '$(srcdir)/log.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-log.Tpo $(DEPDIR)/libtcs_a-log.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='log.c' object='libtcs_a-log.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-log.obj `if test -f 'log.c'; then $(CYGPATH_W) 'log.c'; else $(CYGPATH_W) '$(srcdir)/log.c'; fi` + +libtcs_a-tcs_caps.o: tcs_caps.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_caps.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_caps.Tpo -c -o libtcs_a-tcs_caps.o `test -f 'tcs_caps.c' || echo '$(srcdir)/'`tcs_caps.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_caps.Tpo $(DEPDIR)/libtcs_a-tcs_caps.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_caps.c' object='libtcs_a-tcs_caps.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_caps.o `test -f 'tcs_caps.c' || echo '$(srcdir)/'`tcs_caps.c + +libtcs_a-tcs_caps.obj: tcs_caps.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_caps.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_caps.Tpo -c -o libtcs_a-tcs_caps.obj `if test -f 'tcs_caps.c'; then $(CYGPATH_W) 'tcs_caps.c'; else $(CYGPATH_W) '$(srcdir)/tcs_caps.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_caps.Tpo $(DEPDIR)/libtcs_a-tcs_caps.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_caps.c' object='libtcs_a-tcs_caps.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_caps.obj `if test -f 'tcs_caps.c'; then $(CYGPATH_W) 'tcs_caps.c'; else $(CYGPATH_W) '$(srcdir)/tcs_caps.c'; fi` + +libtcs_a-tcs_req_mgr.o: tcs_req_mgr.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_req_mgr.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_req_mgr.Tpo -c -o libtcs_a-tcs_req_mgr.o `test -f 'tcs_req_mgr.c' || echo '$(srcdir)/'`tcs_req_mgr.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_req_mgr.Tpo $(DEPDIR)/libtcs_a-tcs_req_mgr.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_req_mgr.c' object='libtcs_a-tcs_req_mgr.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_req_mgr.o `test -f 'tcs_req_mgr.c' || echo '$(srcdir)/'`tcs_req_mgr.c + +libtcs_a-tcs_req_mgr.obj: tcs_req_mgr.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_req_mgr.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_req_mgr.Tpo -c -o libtcs_a-tcs_req_mgr.obj `if test -f 'tcs_req_mgr.c'; then $(CYGPATH_W) 'tcs_req_mgr.c'; else $(CYGPATH_W) '$(srcdir)/tcs_req_mgr.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_req_mgr.Tpo $(DEPDIR)/libtcs_a-tcs_req_mgr.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_req_mgr.c' object='libtcs_a-tcs_req_mgr.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_req_mgr.obj `if test -f 'tcs_req_mgr.c'; then $(CYGPATH_W) 'tcs_req_mgr.c'; else $(CYGPATH_W) '$(srcdir)/tcs_req_mgr.c'; fi` + +libtcs_a-tcs_context.o: tcs_context.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_context.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_context.Tpo -c -o libtcs_a-tcs_context.o `test -f 'tcs_context.c' || echo '$(srcdir)/'`tcs_context.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_context.Tpo $(DEPDIR)/libtcs_a-tcs_context.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_context.c' object='libtcs_a-tcs_context.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_context.o `test -f 'tcs_context.c' || echo '$(srcdir)/'`tcs_context.c + +libtcs_a-tcs_context.obj: tcs_context.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_context.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_context.Tpo -c -o libtcs_a-tcs_context.obj `if test -f 'tcs_context.c'; then $(CYGPATH_W) 'tcs_context.c'; else $(CYGPATH_W) '$(srcdir)/tcs_context.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_context.Tpo $(DEPDIR)/libtcs_a-tcs_context.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_context.c' object='libtcs_a-tcs_context.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_context.obj `if test -f 'tcs_context.c'; then $(CYGPATH_W) 'tcs_context.c'; else $(CYGPATH_W) '$(srcdir)/tcs_context.c'; fi` + +libtcs_a-tcsi_context.o: tcsi_context.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_context.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_context.Tpo -c -o libtcs_a-tcsi_context.o `test -f 'tcsi_context.c' || echo '$(srcdir)/'`tcsi_context.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_context.Tpo $(DEPDIR)/libtcs_a-tcsi_context.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_context.c' object='libtcs_a-tcsi_context.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_context.o `test -f 'tcsi_context.c' || echo '$(srcdir)/'`tcsi_context.c + +libtcs_a-tcsi_context.obj: tcsi_context.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_context.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_context.Tpo -c -o libtcs_a-tcsi_context.obj `if test -f 'tcsi_context.c'; then $(CYGPATH_W) 'tcsi_context.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_context.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_context.Tpo $(DEPDIR)/libtcs_a-tcsi_context.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_context.c' object='libtcs_a-tcsi_context.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_context.obj `if test -f 'tcsi_context.c'; then $(CYGPATH_W) 'tcsi_context.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_context.c'; fi` + +libtcs_a-tcs_utils.o: tcs_utils.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_utils.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_utils.Tpo -c -o libtcs_a-tcs_utils.o `test -f 'tcs_utils.c' || echo '$(srcdir)/'`tcs_utils.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_utils.Tpo $(DEPDIR)/libtcs_a-tcs_utils.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_utils.c' object='libtcs_a-tcs_utils.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_utils.o `test -f 'tcs_utils.c' || echo '$(srcdir)/'`tcs_utils.c + +libtcs_a-tcs_utils.obj: tcs_utils.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_utils.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_utils.Tpo -c -o libtcs_a-tcs_utils.obj `if test -f 'tcs_utils.c'; then $(CYGPATH_W) 'tcs_utils.c'; else $(CYGPATH_W) '$(srcdir)/tcs_utils.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_utils.Tpo $(DEPDIR)/libtcs_a-tcs_utils.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_utils.c' object='libtcs_a-tcs_utils.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_utils.obj `if test -f 'tcs_utils.c'; then $(CYGPATH_W) 'tcs_utils.c'; else $(CYGPATH_W) '$(srcdir)/tcs_utils.c'; fi` + +libtcs_a-rpc.o: rpc/@RPC@/rpc.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc.o -MD -MP -MF $(DEPDIR)/libtcs_a-rpc.Tpo -c -o libtcs_a-rpc.o `test -f 'rpc/@RPC@/rpc.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc.Tpo $(DEPDIR)/libtcs_a-rpc.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc.c' object='libtcs_a-rpc.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc.o `test -f 'rpc/@RPC@/rpc.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc.c + +libtcs_a-rpc.obj: rpc/@RPC@/rpc.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc.obj -MD -MP -MF $(DEPDIR)/libtcs_a-rpc.Tpo -c -o libtcs_a-rpc.obj `if test -f 'rpc/@RPC@/rpc.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc.Tpo $(DEPDIR)/libtcs_a-rpc.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc.c' object='libtcs_a-rpc.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc.obj `if test -f 'rpc/@RPC@/rpc.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc.c'; fi` + +libtcs_a-rpc_context.o: rpc/@RPC@/rpc_context.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_context.o -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_context.Tpo -c -o libtcs_a-rpc_context.o `test -f 'rpc/@RPC@/rpc_context.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_context.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_context.Tpo $(DEPDIR)/libtcs_a-rpc_context.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_context.c' object='libtcs_a-rpc_context.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_context.o `test -f 'rpc/@RPC@/rpc_context.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_context.c + +libtcs_a-rpc_context.obj: rpc/@RPC@/rpc_context.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_context.obj -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_context.Tpo -c -o libtcs_a-rpc_context.obj `if test -f 'rpc/@RPC@/rpc_context.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_context.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_context.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_context.Tpo $(DEPDIR)/libtcs_a-rpc_context.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_context.c' object='libtcs_a-rpc_context.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_context.obj `if test -f 'rpc/@RPC@/rpc_context.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_context.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_context.c'; fi` + +libtcs_a-tcsi_caps_tpm.o: tcsi_caps_tpm.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_caps_tpm.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_caps_tpm.Tpo -c -o libtcs_a-tcsi_caps_tpm.o `test -f 'tcsi_caps_tpm.c' || echo '$(srcdir)/'`tcsi_caps_tpm.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_caps_tpm.Tpo $(DEPDIR)/libtcs_a-tcsi_caps_tpm.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_caps_tpm.c' object='libtcs_a-tcsi_caps_tpm.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_caps_tpm.o `test -f 'tcsi_caps_tpm.c' || echo '$(srcdir)/'`tcsi_caps_tpm.c + +libtcs_a-tcsi_caps_tpm.obj: tcsi_caps_tpm.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_caps_tpm.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_caps_tpm.Tpo -c -o libtcs_a-tcsi_caps_tpm.obj `if test -f 'tcsi_caps_tpm.c'; then $(CYGPATH_W) 'tcsi_caps_tpm.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_caps_tpm.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_caps_tpm.Tpo $(DEPDIR)/libtcs_a-tcsi_caps_tpm.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_caps_tpm.c' object='libtcs_a-tcsi_caps_tpm.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_caps_tpm.obj `if test -f 'tcsi_caps_tpm.c'; then $(CYGPATH_W) 'tcsi_caps_tpm.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_caps_tpm.c'; fi` + +libtcs_a-rpc_caps_tpm.o: rpc/@RPC@/rpc_caps_tpm.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_caps_tpm.o -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_caps_tpm.Tpo -c -o libtcs_a-rpc_caps_tpm.o `test -f 'rpc/@RPC@/rpc_caps_tpm.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_caps_tpm.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_caps_tpm.Tpo $(DEPDIR)/libtcs_a-rpc_caps_tpm.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_caps_tpm.c' object='libtcs_a-rpc_caps_tpm.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_caps_tpm.o `test -f 'rpc/@RPC@/rpc_caps_tpm.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_caps_tpm.c + +libtcs_a-rpc_caps_tpm.obj: rpc/@RPC@/rpc_caps_tpm.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_caps_tpm.obj -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_caps_tpm.Tpo -c -o libtcs_a-rpc_caps_tpm.obj `if test -f 'rpc/@RPC@/rpc_caps_tpm.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_caps_tpm.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_caps_tpm.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_caps_tpm.Tpo $(DEPDIR)/libtcs_a-rpc_caps_tpm.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_caps_tpm.c' object='libtcs_a-rpc_caps_tpm.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_caps_tpm.obj `if test -f 'rpc/@RPC@/rpc_caps_tpm.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_caps_tpm.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_caps_tpm.c'; fi` + +libtcs_a-tcs_auth_mgr.o: tcs_auth_mgr.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_auth_mgr.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_auth_mgr.Tpo -c -o libtcs_a-tcs_auth_mgr.o `test -f 'tcs_auth_mgr.c' || echo '$(srcdir)/'`tcs_auth_mgr.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_auth_mgr.Tpo $(DEPDIR)/libtcs_a-tcs_auth_mgr.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_auth_mgr.c' object='libtcs_a-tcs_auth_mgr.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_auth_mgr.o `test -f 'tcs_auth_mgr.c' || echo '$(srcdir)/'`tcs_auth_mgr.c + +libtcs_a-tcs_auth_mgr.obj: tcs_auth_mgr.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_auth_mgr.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_auth_mgr.Tpo -c -o libtcs_a-tcs_auth_mgr.obj `if test -f 'tcs_auth_mgr.c'; then $(CYGPATH_W) 'tcs_auth_mgr.c'; else $(CYGPATH_W) '$(srcdir)/tcs_auth_mgr.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_auth_mgr.Tpo $(DEPDIR)/libtcs_a-tcs_auth_mgr.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_auth_mgr.c' object='libtcs_a-tcs_auth_mgr.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_auth_mgr.obj `if test -f 'tcs_auth_mgr.c'; then $(CYGPATH_W) 'tcs_auth_mgr.c'; else $(CYGPATH_W) '$(srcdir)/tcs_auth_mgr.c'; fi` + +libtcs_a-tcsi_auth.o: tcsi_auth.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_auth.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_auth.Tpo -c -o libtcs_a-tcsi_auth.o `test -f 'tcsi_auth.c' || echo '$(srcdir)/'`tcsi_auth.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_auth.Tpo $(DEPDIR)/libtcs_a-tcsi_auth.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_auth.c' object='libtcs_a-tcsi_auth.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_auth.o `test -f 'tcsi_auth.c' || echo '$(srcdir)/'`tcsi_auth.c + +libtcs_a-tcsi_auth.obj: tcsi_auth.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_auth.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_auth.Tpo -c -o libtcs_a-tcsi_auth.obj `if test -f 'tcsi_auth.c'; then $(CYGPATH_W) 'tcsi_auth.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_auth.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_auth.Tpo $(DEPDIR)/libtcs_a-tcsi_auth.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_auth.c' object='libtcs_a-tcsi_auth.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_auth.obj `if test -f 'tcsi_auth.c'; then $(CYGPATH_W) 'tcsi_auth.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_auth.c'; fi` + +libtcs_a-rpc_auth.o: rpc/@RPC@/rpc_auth.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_auth.o -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_auth.Tpo -c -o libtcs_a-rpc_auth.o `test -f 'rpc/@RPC@/rpc_auth.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_auth.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_auth.Tpo $(DEPDIR)/libtcs_a-rpc_auth.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_auth.c' object='libtcs_a-rpc_auth.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_auth.o `test -f 'rpc/@RPC@/rpc_auth.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_auth.c + +libtcs_a-rpc_auth.obj: rpc/@RPC@/rpc_auth.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_auth.obj -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_auth.Tpo -c -o libtcs_a-rpc_auth.obj `if test -f 'rpc/@RPC@/rpc_auth.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_auth.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_auth.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_auth.Tpo $(DEPDIR)/libtcs_a-rpc_auth.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_auth.c' object='libtcs_a-rpc_auth.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_auth.obj `if test -f 'rpc/@RPC@/rpc_auth.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_auth.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_auth.c'; fi` + +libtcs_a-tcs_pbg.o: tcs_pbg.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_pbg.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_pbg.Tpo -c -o libtcs_a-tcs_pbg.o `test -f 'tcs_pbg.c' || echo '$(srcdir)/'`tcs_pbg.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_pbg.Tpo $(DEPDIR)/libtcs_a-tcs_pbg.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_pbg.c' object='libtcs_a-tcs_pbg.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_pbg.o `test -f 'tcs_pbg.c' || echo '$(srcdir)/'`tcs_pbg.c + +libtcs_a-tcs_pbg.obj: tcs_pbg.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_pbg.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_pbg.Tpo -c -o libtcs_a-tcs_pbg.obj `if test -f 'tcs_pbg.c'; then $(CYGPATH_W) 'tcs_pbg.c'; else $(CYGPATH_W) '$(srcdir)/tcs_pbg.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_pbg.Tpo $(DEPDIR)/libtcs_a-tcs_pbg.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_pbg.c' object='libtcs_a-tcs_pbg.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_pbg.obj `if test -f 'tcs_pbg.c'; then $(CYGPATH_W) 'tcs_pbg.c'; else $(CYGPATH_W) '$(srcdir)/tcs_pbg.c'; fi` + +libtcs_a-tcsi_transport.o: tcsi_transport.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_transport.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_transport.Tpo -c -o libtcs_a-tcsi_transport.o `test -f 'tcsi_transport.c' || echo '$(srcdir)/'`tcsi_transport.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_transport.Tpo $(DEPDIR)/libtcs_a-tcsi_transport.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_transport.c' object='libtcs_a-tcsi_transport.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_transport.o `test -f 'tcsi_transport.c' || echo '$(srcdir)/'`tcsi_transport.c + +libtcs_a-tcsi_transport.obj: tcsi_transport.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_transport.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_transport.Tpo -c -o libtcs_a-tcsi_transport.obj `if test -f 'tcsi_transport.c'; then $(CYGPATH_W) 'tcsi_transport.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_transport.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_transport.Tpo $(DEPDIR)/libtcs_a-tcsi_transport.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_transport.c' object='libtcs_a-tcsi_transport.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_transport.obj `if test -f 'tcsi_transport.c'; then $(CYGPATH_W) 'tcsi_transport.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_transport.c'; fi` + +libtcs_a-rpc_transport.o: rpc/@RPC@/rpc_transport.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_transport.o -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_transport.Tpo -c -o libtcs_a-rpc_transport.o `test -f 'rpc/@RPC@/rpc_transport.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_transport.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_transport.Tpo $(DEPDIR)/libtcs_a-rpc_transport.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_transport.c' object='libtcs_a-rpc_transport.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_transport.o `test -f 'rpc/@RPC@/rpc_transport.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_transport.c + +libtcs_a-rpc_transport.obj: rpc/@RPC@/rpc_transport.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_transport.obj -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_transport.Tpo -c -o libtcs_a-rpc_transport.obj `if test -f 'rpc/@RPC@/rpc_transport.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_transport.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_transport.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_transport.Tpo $(DEPDIR)/libtcs_a-rpc_transport.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_transport.c' object='libtcs_a-rpc_transport.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_transport.obj `if test -f 'rpc/@RPC@/rpc_transport.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_transport.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_transport.c'; fi` + +libtcs_a-tcsi_tick.o: tcsi_tick.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_tick.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_tick.Tpo -c -o libtcs_a-tcsi_tick.o `test -f 'tcsi_tick.c' || echo '$(srcdir)/'`tcsi_tick.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_tick.Tpo $(DEPDIR)/libtcs_a-tcsi_tick.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_tick.c' object='libtcs_a-tcsi_tick.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_tick.o `test -f 'tcsi_tick.c' || echo '$(srcdir)/'`tcsi_tick.c + +libtcs_a-tcsi_tick.obj: tcsi_tick.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_tick.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_tick.Tpo -c -o libtcs_a-tcsi_tick.obj `if test -f 'tcsi_tick.c'; then $(CYGPATH_W) 'tcsi_tick.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_tick.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_tick.Tpo $(DEPDIR)/libtcs_a-tcsi_tick.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_tick.c' object='libtcs_a-tcsi_tick.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_tick.obj `if test -f 'tcsi_tick.c'; then $(CYGPATH_W) 'tcsi_tick.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_tick.c'; fi` + +libtcs_a-rpc_tick.o: rpc/@RPC@/rpc_tick.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_tick.o -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_tick.Tpo -c -o libtcs_a-rpc_tick.o `test -f 'rpc/@RPC@/rpc_tick.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_tick.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_tick.Tpo $(DEPDIR)/libtcs_a-rpc_tick.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_tick.c' object='libtcs_a-rpc_tick.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_tick.o `test -f 'rpc/@RPC@/rpc_tick.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_tick.c + +libtcs_a-rpc_tick.obj: rpc/@RPC@/rpc_tick.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_tick.obj -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_tick.Tpo -c -o libtcs_a-rpc_tick.obj `if test -f 'rpc/@RPC@/rpc_tick.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_tick.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_tick.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_tick.Tpo $(DEPDIR)/libtcs_a-rpc_tick.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_tick.c' object='libtcs_a-rpc_tick.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_tick.obj `if test -f 'rpc/@RPC@/rpc_tick.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_tick.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_tick.c'; fi` + +libtcs_a-tcsi_counter.o: tcsi_counter.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_counter.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_counter.Tpo -c -o libtcs_a-tcsi_counter.o `test -f 'tcsi_counter.c' || echo '$(srcdir)/'`tcsi_counter.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_counter.Tpo $(DEPDIR)/libtcs_a-tcsi_counter.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_counter.c' object='libtcs_a-tcsi_counter.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_counter.o `test -f 'tcsi_counter.c' || echo '$(srcdir)/'`tcsi_counter.c + +libtcs_a-tcsi_counter.obj: tcsi_counter.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_counter.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_counter.Tpo -c -o libtcs_a-tcsi_counter.obj `if test -f 'tcsi_counter.c'; then $(CYGPATH_W) 'tcsi_counter.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_counter.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_counter.Tpo $(DEPDIR)/libtcs_a-tcsi_counter.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_counter.c' object='libtcs_a-tcsi_counter.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_counter.obj `if test -f 'tcsi_counter.c'; then $(CYGPATH_W) 'tcsi_counter.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_counter.c'; fi` + +libtcs_a-tcs_counter.o: tcs_counter.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_counter.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_counter.Tpo -c -o libtcs_a-tcs_counter.o `test -f 'tcs_counter.c' || echo '$(srcdir)/'`tcs_counter.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_counter.Tpo $(DEPDIR)/libtcs_a-tcs_counter.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_counter.c' object='libtcs_a-tcs_counter.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_counter.o `test -f 'tcs_counter.c' || echo '$(srcdir)/'`tcs_counter.c + +libtcs_a-tcs_counter.obj: tcs_counter.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_counter.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_counter.Tpo -c -o libtcs_a-tcs_counter.obj `if test -f 'tcs_counter.c'; then $(CYGPATH_W) 'tcs_counter.c'; else $(CYGPATH_W) '$(srcdir)/tcs_counter.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_counter.Tpo $(DEPDIR)/libtcs_a-tcs_counter.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_counter.c' object='libtcs_a-tcs_counter.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_counter.obj `if test -f 'tcs_counter.c'; then $(CYGPATH_W) 'tcs_counter.c'; else $(CYGPATH_W) '$(srcdir)/tcs_counter.c'; fi` + +libtcs_a-rpc_counter.o: rpc/@RPC@/rpc_counter.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_counter.o -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_counter.Tpo -c -o libtcs_a-rpc_counter.o `test -f 'rpc/@RPC@/rpc_counter.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_counter.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_counter.Tpo $(DEPDIR)/libtcs_a-rpc_counter.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_counter.c' object='libtcs_a-rpc_counter.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_counter.o `test -f 'rpc/@RPC@/rpc_counter.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_counter.c + +libtcs_a-rpc_counter.obj: rpc/@RPC@/rpc_counter.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_counter.obj -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_counter.Tpo -c -o libtcs_a-rpc_counter.obj `if test -f 'rpc/@RPC@/rpc_counter.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_counter.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_counter.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_counter.Tpo $(DEPDIR)/libtcs_a-rpc_counter.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_counter.c' object='libtcs_a-rpc_counter.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_counter.obj `if test -f 'rpc/@RPC@/rpc_counter.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_counter.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_counter.c'; fi` + +libtcs_a-tcsi_random.o: tcsi_random.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_random.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_random.Tpo -c -o libtcs_a-tcsi_random.o `test -f 'tcsi_random.c' || echo '$(srcdir)/'`tcsi_random.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_random.Tpo $(DEPDIR)/libtcs_a-tcsi_random.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_random.c' object='libtcs_a-tcsi_random.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_random.o `test -f 'tcsi_random.c' || echo '$(srcdir)/'`tcsi_random.c + +libtcs_a-tcsi_random.obj: tcsi_random.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_random.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_random.Tpo -c -o libtcs_a-tcsi_random.obj `if test -f 'tcsi_random.c'; then $(CYGPATH_W) 'tcsi_random.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_random.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_random.Tpo $(DEPDIR)/libtcs_a-tcsi_random.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_random.c' object='libtcs_a-tcsi_random.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_random.obj `if test -f 'tcsi_random.c'; then $(CYGPATH_W) 'tcsi_random.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_random.c'; fi` + +libtcs_a-rpc_random.o: rpc/@RPC@/rpc_random.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_random.o -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_random.Tpo -c -o libtcs_a-rpc_random.o `test -f 'rpc/@RPC@/rpc_random.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_random.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_random.Tpo $(DEPDIR)/libtcs_a-rpc_random.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_random.c' object='libtcs_a-rpc_random.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_random.o `test -f 'rpc/@RPC@/rpc_random.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_random.c + +libtcs_a-rpc_random.obj: rpc/@RPC@/rpc_random.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_random.obj -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_random.Tpo -c -o libtcs_a-rpc_random.obj `if test -f 'rpc/@RPC@/rpc_random.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_random.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_random.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_random.Tpo $(DEPDIR)/libtcs_a-rpc_random.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_random.c' object='libtcs_a-rpc_random.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_random.obj `if test -f 'rpc/@RPC@/rpc_random.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_random.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_random.c'; fi` + +libtcs_a-tcsi_caps.o: tcsi_caps.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_caps.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_caps.Tpo -c -o libtcs_a-tcsi_caps.o `test -f 'tcsi_caps.c' || echo '$(srcdir)/'`tcsi_caps.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_caps.Tpo $(DEPDIR)/libtcs_a-tcsi_caps.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_caps.c' object='libtcs_a-tcsi_caps.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_caps.o `test -f 'tcsi_caps.c' || echo '$(srcdir)/'`tcsi_caps.c + +libtcs_a-tcsi_caps.obj: tcsi_caps.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_caps.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_caps.Tpo -c -o libtcs_a-tcsi_caps.obj `if test -f 'tcsi_caps.c'; then $(CYGPATH_W) 'tcsi_caps.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_caps.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_caps.Tpo $(DEPDIR)/libtcs_a-tcsi_caps.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_caps.c' object='libtcs_a-tcsi_caps.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_caps.obj `if test -f 'tcsi_caps.c'; then $(CYGPATH_W) 'tcsi_caps.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_caps.c'; fi` + +libtcs_a-rpc_caps.o: rpc/@RPC@/rpc_caps.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_caps.o -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_caps.Tpo -c -o libtcs_a-rpc_caps.o `test -f 'rpc/@RPC@/rpc_caps.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_caps.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_caps.Tpo $(DEPDIR)/libtcs_a-rpc_caps.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_caps.c' object='libtcs_a-rpc_caps.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_caps.o `test -f 'rpc/@RPC@/rpc_caps.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_caps.c + +libtcs_a-rpc_caps.obj: rpc/@RPC@/rpc_caps.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_caps.obj -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_caps.Tpo -c -o libtcs_a-rpc_caps.obj `if test -f 'rpc/@RPC@/rpc_caps.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_caps.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_caps.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_caps.Tpo $(DEPDIR)/libtcs_a-rpc_caps.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_caps.c' object='libtcs_a-rpc_caps.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_caps.obj `if test -f 'rpc/@RPC@/rpc_caps.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_caps.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_caps.c'; fi` + +libtcs_a-tcsi_dir.o: tcsi_dir.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_dir.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_dir.Tpo -c -o libtcs_a-tcsi_dir.o `test -f 'tcsi_dir.c' || echo '$(srcdir)/'`tcsi_dir.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_dir.Tpo $(DEPDIR)/libtcs_a-tcsi_dir.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_dir.c' object='libtcs_a-tcsi_dir.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_dir.o `test -f 'tcsi_dir.c' || echo '$(srcdir)/'`tcsi_dir.c + +libtcs_a-tcsi_dir.obj: tcsi_dir.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_dir.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_dir.Tpo -c -o libtcs_a-tcsi_dir.obj `if test -f 'tcsi_dir.c'; then $(CYGPATH_W) 'tcsi_dir.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_dir.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_dir.Tpo $(DEPDIR)/libtcs_a-tcsi_dir.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_dir.c' object='libtcs_a-tcsi_dir.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_dir.obj `if test -f 'tcsi_dir.c'; then $(CYGPATH_W) 'tcsi_dir.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_dir.c'; fi` + +libtcs_a-rpc_dir.o: rpc/@RPC@/rpc_dir.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_dir.o -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_dir.Tpo -c -o libtcs_a-rpc_dir.o `test -f 'rpc/@RPC@/rpc_dir.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_dir.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_dir.Tpo $(DEPDIR)/libtcs_a-rpc_dir.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_dir.c' object='libtcs_a-rpc_dir.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_dir.o `test -f 'rpc/@RPC@/rpc_dir.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_dir.c + +libtcs_a-rpc_dir.obj: rpc/@RPC@/rpc_dir.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_dir.obj -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_dir.Tpo -c -o libtcs_a-rpc_dir.obj `if test -f 'rpc/@RPC@/rpc_dir.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_dir.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_dir.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_dir.Tpo $(DEPDIR)/libtcs_a-rpc_dir.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_dir.c' object='libtcs_a-rpc_dir.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_dir.obj `if test -f 'rpc/@RPC@/rpc_dir.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_dir.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_dir.c'; fi` + +libtcs_a-tcsi_evlog.o: tcsi_evlog.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_evlog.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_evlog.Tpo -c -o libtcs_a-tcsi_evlog.o `test -f 'tcsi_evlog.c' || echo '$(srcdir)/'`tcsi_evlog.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_evlog.Tpo $(DEPDIR)/libtcs_a-tcsi_evlog.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_evlog.c' object='libtcs_a-tcsi_evlog.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_evlog.o `test -f 'tcsi_evlog.c' || echo '$(srcdir)/'`tcsi_evlog.c + +libtcs_a-tcsi_evlog.obj: tcsi_evlog.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_evlog.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_evlog.Tpo -c -o libtcs_a-tcsi_evlog.obj `if test -f 'tcsi_evlog.c'; then $(CYGPATH_W) 'tcsi_evlog.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_evlog.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_evlog.Tpo $(DEPDIR)/libtcs_a-tcsi_evlog.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_evlog.c' object='libtcs_a-tcsi_evlog.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_evlog.obj `if test -f 'tcsi_evlog.c'; then $(CYGPATH_W) 'tcsi_evlog.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_evlog.c'; fi` + +libtcs_a-tcs_evlog_biosem.o: tcs_evlog_biosem.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_evlog_biosem.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_evlog_biosem.Tpo -c -o libtcs_a-tcs_evlog_biosem.o `test -f 'tcs_evlog_biosem.c' || echo '$(srcdir)/'`tcs_evlog_biosem.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_evlog_biosem.Tpo $(DEPDIR)/libtcs_a-tcs_evlog_biosem.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_evlog_biosem.c' object='libtcs_a-tcs_evlog_biosem.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_evlog_biosem.o `test -f 'tcs_evlog_biosem.c' || echo '$(srcdir)/'`tcs_evlog_biosem.c + +libtcs_a-tcs_evlog_biosem.obj: tcs_evlog_biosem.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_evlog_biosem.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_evlog_biosem.Tpo -c -o libtcs_a-tcs_evlog_biosem.obj `if test -f 'tcs_evlog_biosem.c'; then $(CYGPATH_W) 'tcs_evlog_biosem.c'; else $(CYGPATH_W) '$(srcdir)/tcs_evlog_biosem.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_evlog_biosem.Tpo $(DEPDIR)/libtcs_a-tcs_evlog_biosem.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_evlog_biosem.c' object='libtcs_a-tcs_evlog_biosem.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_evlog_biosem.obj `if test -f 'tcs_evlog_biosem.c'; then $(CYGPATH_W) 'tcs_evlog_biosem.c'; else $(CYGPATH_W) '$(srcdir)/tcs_evlog_biosem.c'; fi` + +libtcs_a-tcs_evlog_imaem.o: tcs_evlog_imaem.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_evlog_imaem.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_evlog_imaem.Tpo -c -o libtcs_a-tcs_evlog_imaem.o `test -f 'tcs_evlog_imaem.c' || echo '$(srcdir)/'`tcs_evlog_imaem.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_evlog_imaem.Tpo $(DEPDIR)/libtcs_a-tcs_evlog_imaem.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_evlog_imaem.c' object='libtcs_a-tcs_evlog_imaem.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_evlog_imaem.o `test -f 'tcs_evlog_imaem.c' || echo '$(srcdir)/'`tcs_evlog_imaem.c + +libtcs_a-tcs_evlog_imaem.obj: tcs_evlog_imaem.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_evlog_imaem.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_evlog_imaem.Tpo -c -o libtcs_a-tcs_evlog_imaem.obj `if test -f 'tcs_evlog_imaem.c'; then $(CYGPATH_W) 'tcs_evlog_imaem.c'; else $(CYGPATH_W) '$(srcdir)/tcs_evlog_imaem.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_evlog_imaem.Tpo $(DEPDIR)/libtcs_a-tcs_evlog_imaem.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_evlog_imaem.c' object='libtcs_a-tcs_evlog_imaem.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_evlog_imaem.obj `if test -f 'tcs_evlog_imaem.c'; then $(CYGPATH_W) 'tcs_evlog_imaem.c'; else $(CYGPATH_W) '$(srcdir)/tcs_evlog_imaem.c'; fi` + +libtcs_a-tcs_evlog.o: tcs_evlog.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_evlog.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_evlog.Tpo -c -o libtcs_a-tcs_evlog.o `test -f 'tcs_evlog.c' || echo '$(srcdir)/'`tcs_evlog.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_evlog.Tpo $(DEPDIR)/libtcs_a-tcs_evlog.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_evlog.c' object='libtcs_a-tcs_evlog.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_evlog.o `test -f 'tcs_evlog.c' || echo '$(srcdir)/'`tcs_evlog.c + +libtcs_a-tcs_evlog.obj: tcs_evlog.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_evlog.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_evlog.Tpo -c -o libtcs_a-tcs_evlog.obj `if test -f 'tcs_evlog.c'; then $(CYGPATH_W) 'tcs_evlog.c'; else $(CYGPATH_W) '$(srcdir)/tcs_evlog.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_evlog.Tpo $(DEPDIR)/libtcs_a-tcs_evlog.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_evlog.c' object='libtcs_a-tcs_evlog.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_evlog.obj `if test -f 'tcs_evlog.c'; then $(CYGPATH_W) 'tcs_evlog.c'; else $(CYGPATH_W) '$(srcdir)/tcs_evlog.c'; fi` + +libtcs_a-rpc_evlog.o: rpc/@RPC@/rpc_evlog.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_evlog.o -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_evlog.Tpo -c -o libtcs_a-rpc_evlog.o `test -f 'rpc/@RPC@/rpc_evlog.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_evlog.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_evlog.Tpo $(DEPDIR)/libtcs_a-rpc_evlog.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_evlog.c' object='libtcs_a-rpc_evlog.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_evlog.o `test -f 'rpc/@RPC@/rpc_evlog.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_evlog.c + +libtcs_a-rpc_evlog.obj: rpc/@RPC@/rpc_evlog.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_evlog.obj -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_evlog.Tpo -c -o libtcs_a-rpc_evlog.obj `if test -f 'rpc/@RPC@/rpc_evlog.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_evlog.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_evlog.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_evlog.Tpo $(DEPDIR)/libtcs_a-rpc_evlog.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_evlog.c' object='libtcs_a-rpc_evlog.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_evlog.obj `if test -f 'rpc/@RPC@/rpc_evlog.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_evlog.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_evlog.c'; fi` + +libtcs_a-tcsi_sign.o: tcsi_sign.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_sign.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_sign.Tpo -c -o libtcs_a-tcsi_sign.o `test -f 'tcsi_sign.c' || echo '$(srcdir)/'`tcsi_sign.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_sign.Tpo $(DEPDIR)/libtcs_a-tcsi_sign.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_sign.c' object='libtcs_a-tcsi_sign.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_sign.o `test -f 'tcsi_sign.c' || echo '$(srcdir)/'`tcsi_sign.c + +libtcs_a-tcsi_sign.obj: tcsi_sign.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_sign.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_sign.Tpo -c -o libtcs_a-tcsi_sign.obj `if test -f 'tcsi_sign.c'; then $(CYGPATH_W) 'tcsi_sign.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_sign.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_sign.Tpo $(DEPDIR)/libtcs_a-tcsi_sign.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_sign.c' object='libtcs_a-tcsi_sign.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_sign.obj `if test -f 'tcsi_sign.c'; then $(CYGPATH_W) 'tcsi_sign.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_sign.c'; fi` + +libtcs_a-rpc_sign.o: rpc/@RPC@/rpc_sign.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_sign.o -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_sign.Tpo -c -o libtcs_a-rpc_sign.o `test -f 'rpc/@RPC@/rpc_sign.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_sign.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_sign.Tpo $(DEPDIR)/libtcs_a-rpc_sign.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_sign.c' object='libtcs_a-rpc_sign.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_sign.o `test -f 'rpc/@RPC@/rpc_sign.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_sign.c + +libtcs_a-rpc_sign.obj: rpc/@RPC@/rpc_sign.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_sign.obj -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_sign.Tpo -c -o libtcs_a-rpc_sign.obj `if test -f 'rpc/@RPC@/rpc_sign.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_sign.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_sign.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_sign.Tpo $(DEPDIR)/libtcs_a-rpc_sign.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_sign.c' object='libtcs_a-rpc_sign.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_sign.obj `if test -f 'rpc/@RPC@/rpc_sign.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_sign.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_sign.c'; fi` + +libtcs_a-tcsi_quote.o: tcsi_quote.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_quote.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_quote.Tpo -c -o libtcs_a-tcsi_quote.o `test -f 'tcsi_quote.c' || echo '$(srcdir)/'`tcsi_quote.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_quote.Tpo $(DEPDIR)/libtcs_a-tcsi_quote.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_quote.c' object='libtcs_a-tcsi_quote.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_quote.o `test -f 'tcsi_quote.c' || echo '$(srcdir)/'`tcsi_quote.c + +libtcs_a-tcsi_quote.obj: tcsi_quote.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_quote.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_quote.Tpo -c -o libtcs_a-tcsi_quote.obj `if test -f 'tcsi_quote.c'; then $(CYGPATH_W) 'tcsi_quote.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_quote.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_quote.Tpo $(DEPDIR)/libtcs_a-tcsi_quote.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_quote.c' object='libtcs_a-tcsi_quote.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_quote.obj `if test -f 'tcsi_quote.c'; then $(CYGPATH_W) 'tcsi_quote.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_quote.c'; fi` + +libtcs_a-tcs_quote.o: tcs_quote.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_quote.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_quote.Tpo -c -o libtcs_a-tcs_quote.o `test -f 'tcs_quote.c' || echo '$(srcdir)/'`tcs_quote.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_quote.Tpo $(DEPDIR)/libtcs_a-tcs_quote.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_quote.c' object='libtcs_a-tcs_quote.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_quote.o `test -f 'tcs_quote.c' || echo '$(srcdir)/'`tcs_quote.c + +libtcs_a-tcs_quote.obj: tcs_quote.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_quote.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_quote.Tpo -c -o libtcs_a-tcs_quote.obj `if test -f 'tcs_quote.c'; then $(CYGPATH_W) 'tcs_quote.c'; else $(CYGPATH_W) '$(srcdir)/tcs_quote.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_quote.Tpo $(DEPDIR)/libtcs_a-tcs_quote.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_quote.c' object='libtcs_a-tcs_quote.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_quote.obj `if test -f 'tcs_quote.c'; then $(CYGPATH_W) 'tcs_quote.c'; else $(CYGPATH_W) '$(srcdir)/tcs_quote.c'; fi` + +libtcs_a-rpc_quote.o: rpc/@RPC@/rpc_quote.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_quote.o -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_quote.Tpo -c -o libtcs_a-rpc_quote.o `test -f 'rpc/@RPC@/rpc_quote.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_quote.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_quote.Tpo $(DEPDIR)/libtcs_a-rpc_quote.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_quote.c' object='libtcs_a-rpc_quote.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_quote.o `test -f 'rpc/@RPC@/rpc_quote.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_quote.c + +libtcs_a-rpc_quote.obj: rpc/@RPC@/rpc_quote.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_quote.obj -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_quote.Tpo -c -o libtcs_a-rpc_quote.obj `if test -f 'rpc/@RPC@/rpc_quote.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_quote.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_quote.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_quote.Tpo $(DEPDIR)/libtcs_a-rpc_quote.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_quote.c' object='libtcs_a-rpc_quote.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_quote.obj `if test -f 'rpc/@RPC@/rpc_quote.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_quote.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_quote.c'; fi` + +libtcs_a-tcsi_seal.o: tcsi_seal.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_seal.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_seal.Tpo -c -o libtcs_a-tcsi_seal.o `test -f 'tcsi_seal.c' || echo '$(srcdir)/'`tcsi_seal.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_seal.Tpo $(DEPDIR)/libtcs_a-tcsi_seal.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_seal.c' object='libtcs_a-tcsi_seal.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_seal.o `test -f 'tcsi_seal.c' || echo '$(srcdir)/'`tcsi_seal.c + +libtcs_a-tcsi_seal.obj: tcsi_seal.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_seal.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_seal.Tpo -c -o libtcs_a-tcsi_seal.obj `if test -f 'tcsi_seal.c'; then $(CYGPATH_W) 'tcsi_seal.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_seal.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_seal.Tpo $(DEPDIR)/libtcs_a-tcsi_seal.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_seal.c' object='libtcs_a-tcsi_seal.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_seal.obj `if test -f 'tcsi_seal.c'; then $(CYGPATH_W) 'tcsi_seal.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_seal.c'; fi` + +libtcs_a-tcs_seal.o: tcs_seal.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_seal.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_seal.Tpo -c -o libtcs_a-tcs_seal.o `test -f 'tcs_seal.c' || echo '$(srcdir)/'`tcs_seal.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_seal.Tpo $(DEPDIR)/libtcs_a-tcs_seal.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_seal.c' object='libtcs_a-tcs_seal.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_seal.o `test -f 'tcs_seal.c' || echo '$(srcdir)/'`tcs_seal.c + +libtcs_a-tcs_seal.obj: tcs_seal.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_seal.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_seal.Tpo -c -o libtcs_a-tcs_seal.obj `if test -f 'tcs_seal.c'; then $(CYGPATH_W) 'tcs_seal.c'; else $(CYGPATH_W) '$(srcdir)/tcs_seal.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_seal.Tpo $(DEPDIR)/libtcs_a-tcs_seal.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_seal.c' object='libtcs_a-tcs_seal.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_seal.obj `if test -f 'tcs_seal.c'; then $(CYGPATH_W) 'tcs_seal.c'; else $(CYGPATH_W) '$(srcdir)/tcs_seal.c'; fi` + +libtcs_a-rpc_seal.o: rpc/@RPC@/rpc_seal.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_seal.o -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_seal.Tpo -c -o libtcs_a-rpc_seal.o `test -f 'rpc/@RPC@/rpc_seal.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_seal.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_seal.Tpo $(DEPDIR)/libtcs_a-rpc_seal.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_seal.c' object='libtcs_a-rpc_seal.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_seal.o `test -f 'rpc/@RPC@/rpc_seal.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_seal.c + +libtcs_a-rpc_seal.obj: rpc/@RPC@/rpc_seal.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_seal.obj -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_seal.Tpo -c -o libtcs_a-rpc_seal.obj `if test -f 'rpc/@RPC@/rpc_seal.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_seal.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_seal.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_seal.Tpo $(DEPDIR)/libtcs_a-rpc_seal.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_seal.c' object='libtcs_a-rpc_seal.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_seal.obj `if test -f 'rpc/@RPC@/rpc_seal.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_seal.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_seal.c'; fi` + +libtcs_a-tcsi_changeauth.o: tcsi_changeauth.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_changeauth.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_changeauth.Tpo -c -o libtcs_a-tcsi_changeauth.o `test -f 'tcsi_changeauth.c' || echo '$(srcdir)/'`tcsi_changeauth.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_changeauth.Tpo $(DEPDIR)/libtcs_a-tcsi_changeauth.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_changeauth.c' object='libtcs_a-tcsi_changeauth.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_changeauth.o `test -f 'tcsi_changeauth.c' || echo '$(srcdir)/'`tcsi_changeauth.c + +libtcs_a-tcsi_changeauth.obj: tcsi_changeauth.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_changeauth.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_changeauth.Tpo -c -o libtcs_a-tcsi_changeauth.obj `if test -f 'tcsi_changeauth.c'; then $(CYGPATH_W) 'tcsi_changeauth.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_changeauth.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_changeauth.Tpo $(DEPDIR)/libtcs_a-tcsi_changeauth.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_changeauth.c' object='libtcs_a-tcsi_changeauth.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_changeauth.obj `if test -f 'tcsi_changeauth.c'; then $(CYGPATH_W) 'tcsi_changeauth.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_changeauth.c'; fi` + +libtcs_a-rpc_changeauth.o: rpc/@RPC@/rpc_changeauth.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_changeauth.o -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_changeauth.Tpo -c -o libtcs_a-rpc_changeauth.o `test -f 'rpc/@RPC@/rpc_changeauth.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_changeauth.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_changeauth.Tpo $(DEPDIR)/libtcs_a-rpc_changeauth.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_changeauth.c' object='libtcs_a-rpc_changeauth.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_changeauth.o `test -f 'rpc/@RPC@/rpc_changeauth.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_changeauth.c + +libtcs_a-rpc_changeauth.obj: rpc/@RPC@/rpc_changeauth.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_changeauth.obj -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_changeauth.Tpo -c -o libtcs_a-rpc_changeauth.obj `if test -f 'rpc/@RPC@/rpc_changeauth.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_changeauth.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_changeauth.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_changeauth.Tpo $(DEPDIR)/libtcs_a-rpc_changeauth.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_changeauth.c' object='libtcs_a-rpc_changeauth.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_changeauth.obj `if test -f 'rpc/@RPC@/rpc_changeauth.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_changeauth.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_changeauth.c'; fi` + +libtcs_a-tcsi_bind.o: tcsi_bind.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_bind.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_bind.Tpo -c -o libtcs_a-tcsi_bind.o `test -f 'tcsi_bind.c' || echo '$(srcdir)/'`tcsi_bind.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_bind.Tpo $(DEPDIR)/libtcs_a-tcsi_bind.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_bind.c' object='libtcs_a-tcsi_bind.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_bind.o `test -f 'tcsi_bind.c' || echo '$(srcdir)/'`tcsi_bind.c + +libtcs_a-tcsi_bind.obj: tcsi_bind.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_bind.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_bind.Tpo -c -o libtcs_a-tcsi_bind.obj `if test -f 'tcsi_bind.c'; then $(CYGPATH_W) 'tcsi_bind.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_bind.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_bind.Tpo $(DEPDIR)/libtcs_a-tcsi_bind.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_bind.c' object='libtcs_a-tcsi_bind.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_bind.obj `if test -f 'tcsi_bind.c'; then $(CYGPATH_W) 'tcsi_bind.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_bind.c'; fi` + +libtcs_a-rpc_bind.o: rpc/@RPC@/rpc_bind.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_bind.o -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_bind.Tpo -c -o libtcs_a-rpc_bind.o `test -f 'rpc/@RPC@/rpc_bind.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_bind.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_bind.Tpo $(DEPDIR)/libtcs_a-rpc_bind.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_bind.c' object='libtcs_a-rpc_bind.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_bind.o `test -f 'rpc/@RPC@/rpc_bind.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_bind.c + +libtcs_a-rpc_bind.obj: rpc/@RPC@/rpc_bind.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_bind.obj -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_bind.Tpo -c -o libtcs_a-rpc_bind.obj `if test -f 'rpc/@RPC@/rpc_bind.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_bind.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_bind.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_bind.Tpo $(DEPDIR)/libtcs_a-rpc_bind.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_bind.c' object='libtcs_a-rpc_bind.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_bind.obj `if test -f 'rpc/@RPC@/rpc_bind.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_bind.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_bind.c'; fi` + +libtcs_a-tcsi_own.o: tcsi_own.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_own.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_own.Tpo -c -o libtcs_a-tcsi_own.o `test -f 'tcsi_own.c' || echo '$(srcdir)/'`tcsi_own.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_own.Tpo $(DEPDIR)/libtcs_a-tcsi_own.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_own.c' object='libtcs_a-tcsi_own.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_own.o `test -f 'tcsi_own.c' || echo '$(srcdir)/'`tcsi_own.c + +libtcs_a-tcsi_own.obj: tcsi_own.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_own.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_own.Tpo -c -o libtcs_a-tcsi_own.obj `if test -f 'tcsi_own.c'; then $(CYGPATH_W) 'tcsi_own.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_own.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_own.Tpo $(DEPDIR)/libtcs_a-tcsi_own.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_own.c' object='libtcs_a-tcsi_own.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_own.obj `if test -f 'tcsi_own.c'; then $(CYGPATH_W) 'tcsi_own.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_own.c'; fi` + +libtcs_a-rpc_own.o: rpc/@RPC@/rpc_own.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_own.o -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_own.Tpo -c -o libtcs_a-rpc_own.o `test -f 'rpc/@RPC@/rpc_own.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_own.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_own.Tpo $(DEPDIR)/libtcs_a-rpc_own.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_own.c' object='libtcs_a-rpc_own.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_own.o `test -f 'rpc/@RPC@/rpc_own.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_own.c + +libtcs_a-rpc_own.obj: rpc/@RPC@/rpc_own.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_own.obj -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_own.Tpo -c -o libtcs_a-rpc_own.obj `if test -f 'rpc/@RPC@/rpc_own.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_own.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_own.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_own.Tpo $(DEPDIR)/libtcs_a-rpc_own.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_own.c' object='libtcs_a-rpc_own.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_own.obj `if test -f 'rpc/@RPC@/rpc_own.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_own.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_own.c'; fi` + +libtcs_a-ps_utils.o: ps/ps_utils.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-ps_utils.o -MD -MP -MF $(DEPDIR)/libtcs_a-ps_utils.Tpo -c -o libtcs_a-ps_utils.o `test -f 'ps/ps_utils.c' || echo '$(srcdir)/'`ps/ps_utils.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-ps_utils.Tpo $(DEPDIR)/libtcs_a-ps_utils.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ps/ps_utils.c' object='libtcs_a-ps_utils.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-ps_utils.o `test -f 'ps/ps_utils.c' || echo '$(srcdir)/'`ps/ps_utils.c + +libtcs_a-ps_utils.obj: ps/ps_utils.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-ps_utils.obj -MD -MP -MF $(DEPDIR)/libtcs_a-ps_utils.Tpo -c -o libtcs_a-ps_utils.obj `if test -f 'ps/ps_utils.c'; then $(CYGPATH_W) 'ps/ps_utils.c'; else $(CYGPATH_W) '$(srcdir)/ps/ps_utils.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-ps_utils.Tpo $(DEPDIR)/libtcs_a-ps_utils.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ps/ps_utils.c' object='libtcs_a-ps_utils.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-ps_utils.obj `if test -f 'ps/ps_utils.c'; then $(CYGPATH_W) 'ps/ps_utils.c'; else $(CYGPATH_W) '$(srcdir)/ps/ps_utils.c'; fi` + +libtcs_a-tcsps.o: ps/tcsps.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsps.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcsps.Tpo -c -o libtcs_a-tcsps.o `test -f 'ps/tcsps.c' || echo '$(srcdir)/'`ps/tcsps.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsps.Tpo $(DEPDIR)/libtcs_a-tcsps.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ps/tcsps.c' object='libtcs_a-tcsps.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsps.o `test -f 'ps/tcsps.c' || echo '$(srcdir)/'`ps/tcsps.c + +libtcs_a-tcsps.obj: ps/tcsps.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsps.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcsps.Tpo -c -o libtcs_a-tcsps.obj `if test -f 'ps/tcsps.c'; then $(CYGPATH_W) 'ps/tcsps.c'; else $(CYGPATH_W) '$(srcdir)/ps/tcsps.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsps.Tpo $(DEPDIR)/libtcs_a-tcsps.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ps/tcsps.c' object='libtcs_a-tcsps.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsps.obj `if test -f 'ps/tcsps.c'; then $(CYGPATH_W) 'ps/tcsps.c'; else $(CYGPATH_W) '$(srcdir)/ps/tcsps.c'; fi` + +libtcs_a-tcsi_ps.o: tcsi_ps.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_ps.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_ps.Tpo -c -o libtcs_a-tcsi_ps.o `test -f 'tcsi_ps.c' || echo '$(srcdir)/'`tcsi_ps.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_ps.Tpo $(DEPDIR)/libtcs_a-tcsi_ps.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_ps.c' object='libtcs_a-tcsi_ps.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_ps.o `test -f 'tcsi_ps.c' || echo '$(srcdir)/'`tcsi_ps.c + +libtcs_a-tcsi_ps.obj: tcsi_ps.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_ps.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_ps.Tpo -c -o libtcs_a-tcsi_ps.obj `if test -f 'tcsi_ps.c'; then $(CYGPATH_W) 'tcsi_ps.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_ps.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_ps.Tpo $(DEPDIR)/libtcs_a-tcsi_ps.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_ps.c' object='libtcs_a-tcsi_ps.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_ps.obj `if test -f 'tcsi_ps.c'; then $(CYGPATH_W) 'tcsi_ps.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_ps.c'; fi` + +libtcs_a-tcs_ps.o: tcs_ps.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_ps.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_ps.Tpo -c -o libtcs_a-tcs_ps.o `test -f 'tcs_ps.c' || echo '$(srcdir)/'`tcs_ps.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_ps.Tpo $(DEPDIR)/libtcs_a-tcs_ps.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_ps.c' object='libtcs_a-tcs_ps.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_ps.o `test -f 'tcs_ps.c' || echo '$(srcdir)/'`tcs_ps.c + +libtcs_a-tcs_ps.obj: tcs_ps.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_ps.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_ps.Tpo -c -o libtcs_a-tcs_ps.obj `if test -f 'tcs_ps.c'; then $(CYGPATH_W) 'tcs_ps.c'; else $(CYGPATH_W) '$(srcdir)/tcs_ps.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_ps.Tpo $(DEPDIR)/libtcs_a-tcs_ps.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_ps.c' object='libtcs_a-tcs_ps.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_ps.obj `if test -f 'tcs_ps.c'; then $(CYGPATH_W) 'tcs_ps.c'; else $(CYGPATH_W) '$(srcdir)/tcs_ps.c'; fi` + +libtcs_a-tcs_key_ps.o: tcs_key_ps.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_key_ps.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_key_ps.Tpo -c -o libtcs_a-tcs_key_ps.o `test -f 'tcs_key_ps.c' || echo '$(srcdir)/'`tcs_key_ps.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_key_ps.Tpo $(DEPDIR)/libtcs_a-tcs_key_ps.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_key_ps.c' object='libtcs_a-tcs_key_ps.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_key_ps.o `test -f 'tcs_key_ps.c' || echo '$(srcdir)/'`tcs_key_ps.c + +libtcs_a-tcs_key_ps.obj: tcs_key_ps.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_key_ps.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_key_ps.Tpo -c -o libtcs_a-tcs_key_ps.obj `if test -f 'tcs_key_ps.c'; then $(CYGPATH_W) 'tcs_key_ps.c'; else $(CYGPATH_W) '$(srcdir)/tcs_key_ps.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_key_ps.Tpo $(DEPDIR)/libtcs_a-tcs_key_ps.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_key_ps.c' object='libtcs_a-tcs_key_ps.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_key_ps.obj `if test -f 'tcs_key_ps.c'; then $(CYGPATH_W) 'tcs_key_ps.c'; else $(CYGPATH_W) '$(srcdir)/tcs_key_ps.c'; fi` + +libtcs_a-rpc_ps.o: rpc/@RPC@/rpc_ps.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_ps.o -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_ps.Tpo -c -o libtcs_a-rpc_ps.o `test -f 'rpc/@RPC@/rpc_ps.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_ps.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_ps.Tpo $(DEPDIR)/libtcs_a-rpc_ps.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_ps.c' object='libtcs_a-rpc_ps.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_ps.o `test -f 'rpc/@RPC@/rpc_ps.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_ps.c + +libtcs_a-rpc_ps.obj: rpc/@RPC@/rpc_ps.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_ps.obj -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_ps.Tpo -c -o libtcs_a-rpc_ps.obj `if test -f 'rpc/@RPC@/rpc_ps.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_ps.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_ps.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_ps.Tpo $(DEPDIR)/libtcs_a-rpc_ps.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_ps.c' object='libtcs_a-rpc_ps.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_ps.obj `if test -f 'rpc/@RPC@/rpc_ps.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_ps.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_ps.c'; fi` + +libtcs_a-tcsi_admin.o: tcsi_admin.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_admin.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_admin.Tpo -c -o libtcs_a-tcsi_admin.o `test -f 'tcsi_admin.c' || echo '$(srcdir)/'`tcsi_admin.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_admin.Tpo $(DEPDIR)/libtcs_a-tcsi_admin.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_admin.c' object='libtcs_a-tcsi_admin.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_admin.o `test -f 'tcsi_admin.c' || echo '$(srcdir)/'`tcsi_admin.c + +libtcs_a-tcsi_admin.obj: tcsi_admin.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_admin.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_admin.Tpo -c -o libtcs_a-tcsi_admin.obj `if test -f 'tcsi_admin.c'; then $(CYGPATH_W) 'tcsi_admin.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_admin.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_admin.Tpo $(DEPDIR)/libtcs_a-tcsi_admin.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_admin.c' object='libtcs_a-tcsi_admin.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_admin.obj `if test -f 'tcsi_admin.c'; then $(CYGPATH_W) 'tcsi_admin.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_admin.c'; fi` + +libtcs_a-rpc_admin.o: rpc/@RPC@/rpc_admin.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_admin.o -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_admin.Tpo -c -o libtcs_a-rpc_admin.o `test -f 'rpc/@RPC@/rpc_admin.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_admin.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_admin.Tpo $(DEPDIR)/libtcs_a-rpc_admin.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_admin.c' object='libtcs_a-rpc_admin.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_admin.o `test -f 'rpc/@RPC@/rpc_admin.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_admin.c + +libtcs_a-rpc_admin.obj: rpc/@RPC@/rpc_admin.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_admin.obj -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_admin.Tpo -c -o libtcs_a-rpc_admin.obj `if test -f 'rpc/@RPC@/rpc_admin.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_admin.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_admin.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_admin.Tpo $(DEPDIR)/libtcs_a-rpc_admin.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_admin.c' object='libtcs_a-rpc_admin.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_admin.obj `if test -f 'rpc/@RPC@/rpc_admin.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_admin.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_admin.c'; fi` + +libtcs_a-tcsi_aik.o: tcsi_aik.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_aik.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_aik.Tpo -c -o libtcs_a-tcsi_aik.o `test -f 'tcsi_aik.c' || echo '$(srcdir)/'`tcsi_aik.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_aik.Tpo $(DEPDIR)/libtcs_a-tcsi_aik.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_aik.c' object='libtcs_a-tcsi_aik.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_aik.o `test -f 'tcsi_aik.c' || echo '$(srcdir)/'`tcsi_aik.c + +libtcs_a-tcsi_aik.obj: tcsi_aik.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_aik.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_aik.Tpo -c -o libtcs_a-tcsi_aik.obj `if test -f 'tcsi_aik.c'; then $(CYGPATH_W) 'tcsi_aik.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_aik.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_aik.Tpo $(DEPDIR)/libtcs_a-tcsi_aik.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_aik.c' object='libtcs_a-tcsi_aik.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_aik.obj `if test -f 'tcsi_aik.c'; then $(CYGPATH_W) 'tcsi_aik.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_aik.c'; fi` + +libtcs_a-tcs_aik.o: tcs_aik.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_aik.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_aik.Tpo -c -o libtcs_a-tcs_aik.o `test -f 'tcs_aik.c' || echo '$(srcdir)/'`tcs_aik.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_aik.Tpo $(DEPDIR)/libtcs_a-tcs_aik.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_aik.c' object='libtcs_a-tcs_aik.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_aik.o `test -f 'tcs_aik.c' || echo '$(srcdir)/'`tcs_aik.c + +libtcs_a-tcs_aik.obj: tcs_aik.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_aik.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_aik.Tpo -c -o libtcs_a-tcs_aik.obj `if test -f 'tcs_aik.c'; then $(CYGPATH_W) 'tcs_aik.c'; else $(CYGPATH_W) '$(srcdir)/tcs_aik.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_aik.Tpo $(DEPDIR)/libtcs_a-tcs_aik.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_aik.c' object='libtcs_a-tcs_aik.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_aik.obj `if test -f 'tcs_aik.c'; then $(CYGPATH_W) 'tcs_aik.c'; else $(CYGPATH_W) '$(srcdir)/tcs_aik.c'; fi` + +libtcs_a-rpc_aik.o: rpc/@RPC@/rpc_aik.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_aik.o -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_aik.Tpo -c -o libtcs_a-rpc_aik.o `test -f 'rpc/@RPC@/rpc_aik.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_aik.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_aik.Tpo $(DEPDIR)/libtcs_a-rpc_aik.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_aik.c' object='libtcs_a-rpc_aik.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_aik.o `test -f 'rpc/@RPC@/rpc_aik.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_aik.c + +libtcs_a-rpc_aik.obj: rpc/@RPC@/rpc_aik.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_aik.obj -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_aik.Tpo -c -o libtcs_a-rpc_aik.obj `if test -f 'rpc/@RPC@/rpc_aik.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_aik.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_aik.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_aik.Tpo $(DEPDIR)/libtcs_a-rpc_aik.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_aik.c' object='libtcs_a-rpc_aik.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_aik.obj `if test -f 'rpc/@RPC@/rpc_aik.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_aik.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_aik.c'; fi` + +libtcs_a-tcsi_ek.o: tcsi_ek.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_ek.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_ek.Tpo -c -o libtcs_a-tcsi_ek.o `test -f 'tcsi_ek.c' || echo '$(srcdir)/'`tcsi_ek.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_ek.Tpo $(DEPDIR)/libtcs_a-tcsi_ek.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_ek.c' object='libtcs_a-tcsi_ek.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_ek.o `test -f 'tcsi_ek.c' || echo '$(srcdir)/'`tcsi_ek.c + +libtcs_a-tcsi_ek.obj: tcsi_ek.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_ek.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_ek.Tpo -c -o libtcs_a-tcsi_ek.obj `if test -f 'tcsi_ek.c'; then $(CYGPATH_W) 'tcsi_ek.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_ek.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_ek.Tpo $(DEPDIR)/libtcs_a-tcsi_ek.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_ek.c' object='libtcs_a-tcsi_ek.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_ek.obj `if test -f 'tcsi_ek.c'; then $(CYGPATH_W) 'tcsi_ek.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_ek.c'; fi` + +libtcs_a-rpc_ek.o: rpc/@RPC@/rpc_ek.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_ek.o -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_ek.Tpo -c -o libtcs_a-rpc_ek.o `test -f 'rpc/@RPC@/rpc_ek.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_ek.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_ek.Tpo $(DEPDIR)/libtcs_a-rpc_ek.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_ek.c' object='libtcs_a-rpc_ek.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_ek.o `test -f 'rpc/@RPC@/rpc_ek.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_ek.c + +libtcs_a-rpc_ek.obj: rpc/@RPC@/rpc_ek.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_ek.obj -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_ek.Tpo -c -o libtcs_a-rpc_ek.obj `if test -f 'rpc/@RPC@/rpc_ek.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_ek.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_ek.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_ek.Tpo $(DEPDIR)/libtcs_a-rpc_ek.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_ek.c' object='libtcs_a-rpc_ek.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_ek.obj `if test -f 'rpc/@RPC@/rpc_ek.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_ek.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_ek.c'; fi` + +libtcs_a-tcsi_certify.o: tcsi_certify.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_certify.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_certify.Tpo -c -o libtcs_a-tcsi_certify.o `test -f 'tcsi_certify.c' || echo '$(srcdir)/'`tcsi_certify.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_certify.Tpo $(DEPDIR)/libtcs_a-tcsi_certify.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_certify.c' object='libtcs_a-tcsi_certify.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_certify.o `test -f 'tcsi_certify.c' || echo '$(srcdir)/'`tcsi_certify.c + +libtcs_a-tcsi_certify.obj: tcsi_certify.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_certify.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_certify.Tpo -c -o libtcs_a-tcsi_certify.obj `if test -f 'tcsi_certify.c'; then $(CYGPATH_W) 'tcsi_certify.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_certify.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_certify.Tpo $(DEPDIR)/libtcs_a-tcsi_certify.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_certify.c' object='libtcs_a-tcsi_certify.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_certify.obj `if test -f 'tcsi_certify.c'; then $(CYGPATH_W) 'tcsi_certify.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_certify.c'; fi` + +libtcs_a-rpc_certify.o: rpc/@RPC@/rpc_certify.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_certify.o -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_certify.Tpo -c -o libtcs_a-rpc_certify.o `test -f 'rpc/@RPC@/rpc_certify.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_certify.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_certify.Tpo $(DEPDIR)/libtcs_a-rpc_certify.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_certify.c' object='libtcs_a-rpc_certify.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_certify.o `test -f 'rpc/@RPC@/rpc_certify.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_certify.c + +libtcs_a-rpc_certify.obj: rpc/@RPC@/rpc_certify.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_certify.obj -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_certify.Tpo -c -o libtcs_a-rpc_certify.obj `if test -f 'rpc/@RPC@/rpc_certify.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_certify.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_certify.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_certify.Tpo $(DEPDIR)/libtcs_a-rpc_certify.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_certify.c' object='libtcs_a-rpc_certify.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_certify.obj `if test -f 'rpc/@RPC@/rpc_certify.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_certify.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_certify.c'; fi` + +libtcs_a-tcsi_key.o: tcsi_key.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_key.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_key.Tpo -c -o libtcs_a-tcsi_key.o `test -f 'tcsi_key.c' || echo '$(srcdir)/'`tcsi_key.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_key.Tpo $(DEPDIR)/libtcs_a-tcsi_key.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_key.c' object='libtcs_a-tcsi_key.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_key.o `test -f 'tcsi_key.c' || echo '$(srcdir)/'`tcsi_key.c + +libtcs_a-tcsi_key.obj: tcsi_key.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_key.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_key.Tpo -c -o libtcs_a-tcsi_key.obj `if test -f 'tcsi_key.c'; then $(CYGPATH_W) 'tcsi_key.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_key.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_key.Tpo $(DEPDIR)/libtcs_a-tcsi_key.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_key.c' object='libtcs_a-tcsi_key.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_key.obj `if test -f 'tcsi_key.c'; then $(CYGPATH_W) 'tcsi_key.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_key.c'; fi` + +libtcs_a-tcs_key.o: tcs_key.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_key.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_key.Tpo -c -o libtcs_a-tcs_key.o `test -f 'tcs_key.c' || echo '$(srcdir)/'`tcs_key.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_key.Tpo $(DEPDIR)/libtcs_a-tcs_key.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_key.c' object='libtcs_a-tcs_key.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_key.o `test -f 'tcs_key.c' || echo '$(srcdir)/'`tcs_key.c + +libtcs_a-tcs_key.obj: tcs_key.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_key.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_key.Tpo -c -o libtcs_a-tcs_key.obj `if test -f 'tcs_key.c'; then $(CYGPATH_W) 'tcs_key.c'; else $(CYGPATH_W) '$(srcdir)/tcs_key.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_key.Tpo $(DEPDIR)/libtcs_a-tcs_key.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_key.c' object='libtcs_a-tcs_key.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_key.obj `if test -f 'tcs_key.c'; then $(CYGPATH_W) 'tcs_key.c'; else $(CYGPATH_W) '$(srcdir)/tcs_key.c'; fi` + +libtcs_a-tcs_key_mem_cache.o: tcs_key_mem_cache.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_key_mem_cache.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_key_mem_cache.Tpo -c -o libtcs_a-tcs_key_mem_cache.o `test -f 'tcs_key_mem_cache.c' || echo '$(srcdir)/'`tcs_key_mem_cache.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_key_mem_cache.Tpo $(DEPDIR)/libtcs_a-tcs_key_mem_cache.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_key_mem_cache.c' object='libtcs_a-tcs_key_mem_cache.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_key_mem_cache.o `test -f 'tcs_key_mem_cache.c' || echo '$(srcdir)/'`tcs_key_mem_cache.c + +libtcs_a-tcs_key_mem_cache.obj: tcs_key_mem_cache.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_key_mem_cache.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_key_mem_cache.Tpo -c -o libtcs_a-tcs_key_mem_cache.obj `if test -f 'tcs_key_mem_cache.c'; then $(CYGPATH_W) 'tcs_key_mem_cache.c'; else $(CYGPATH_W) '$(srcdir)/tcs_key_mem_cache.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_key_mem_cache.Tpo $(DEPDIR)/libtcs_a-tcs_key_mem_cache.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_key_mem_cache.c' object='libtcs_a-tcs_key_mem_cache.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_key_mem_cache.obj `if test -f 'tcs_key_mem_cache.c'; then $(CYGPATH_W) 'tcs_key_mem_cache.c'; else $(CYGPATH_W) '$(srcdir)/tcs_key_mem_cache.c'; fi` + +libtcs_a-tcs_context_key.o: tcs_context_key.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_context_key.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_context_key.Tpo -c -o libtcs_a-tcs_context_key.o `test -f 'tcs_context_key.c' || echo '$(srcdir)/'`tcs_context_key.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_context_key.Tpo $(DEPDIR)/libtcs_a-tcs_context_key.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_context_key.c' object='libtcs_a-tcs_context_key.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_context_key.o `test -f 'tcs_context_key.c' || echo '$(srcdir)/'`tcs_context_key.c + +libtcs_a-tcs_context_key.obj: tcs_context_key.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_context_key.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_context_key.Tpo -c -o libtcs_a-tcs_context_key.obj `if test -f 'tcs_context_key.c'; then $(CYGPATH_W) 'tcs_context_key.c'; else $(CYGPATH_W) '$(srcdir)/tcs_context_key.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_context_key.Tpo $(DEPDIR)/libtcs_a-tcs_context_key.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_context_key.c' object='libtcs_a-tcs_context_key.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_context_key.obj `if test -f 'tcs_context_key.c'; then $(CYGPATH_W) 'tcs_context_key.c'; else $(CYGPATH_W) '$(srcdir)/tcs_context_key.c'; fi` + +libtcs_a-rpc_key.o: rpc/@RPC@/rpc_key.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_key.o -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_key.Tpo -c -o libtcs_a-rpc_key.o `test -f 'rpc/@RPC@/rpc_key.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_key.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_key.Tpo $(DEPDIR)/libtcs_a-rpc_key.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_key.c' object='libtcs_a-rpc_key.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_key.o `test -f 'rpc/@RPC@/rpc_key.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_key.c + +libtcs_a-rpc_key.obj: rpc/@RPC@/rpc_key.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_key.obj -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_key.Tpo -c -o libtcs_a-rpc_key.obj `if test -f 'rpc/@RPC@/rpc_key.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_key.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_key.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_key.Tpo $(DEPDIR)/libtcs_a-rpc_key.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_key.c' object='libtcs_a-rpc_key.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_key.obj `if test -f 'rpc/@RPC@/rpc_key.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_key.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_key.c'; fi` + +libtcs_a-crypto.o: crypto/@CRYPTO_PACKAGE@/crypto.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-crypto.o -MD -MP -MF $(DEPDIR)/libtcs_a-crypto.Tpo -c -o libtcs_a-crypto.o `test -f 'crypto/@CRYPTO_PACKAGE@/crypto.c' || echo '$(srcdir)/'`crypto/@CRYPTO_PACKAGE@/crypto.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-crypto.Tpo $(DEPDIR)/libtcs_a-crypto.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/@CRYPTO_PACKAGE@/crypto.c' object='libtcs_a-crypto.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-crypto.o `test -f 'crypto/@CRYPTO_PACKAGE@/crypto.c' || echo '$(srcdir)/'`crypto/@CRYPTO_PACKAGE@/crypto.c + +libtcs_a-crypto.obj: crypto/@CRYPTO_PACKAGE@/crypto.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-crypto.obj -MD -MP -MF $(DEPDIR)/libtcs_a-crypto.Tpo -c -o libtcs_a-crypto.obj `if test -f 'crypto/@CRYPTO_PACKAGE@/crypto.c'; then $(CYGPATH_W) 'crypto/@CRYPTO_PACKAGE@/crypto.c'; else $(CYGPATH_W) '$(srcdir)/crypto/@CRYPTO_PACKAGE@/crypto.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-crypto.Tpo $(DEPDIR)/libtcs_a-crypto.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/@CRYPTO_PACKAGE@/crypto.c' object='libtcs_a-crypto.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-crypto.obj `if test -f 'crypto/@CRYPTO_PACKAGE@/crypto.c'; then $(CYGPATH_W) 'crypto/@CRYPTO_PACKAGE@/crypto.c'; else $(CYGPATH_W) '$(srcdir)/crypto/@CRYPTO_PACKAGE@/crypto.c'; fi` + +libtcs_a-tcsi_maint.o: tcsi_maint.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_maint.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_maint.Tpo -c -o libtcs_a-tcsi_maint.o `test -f 'tcsi_maint.c' || echo '$(srcdir)/'`tcsi_maint.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_maint.Tpo $(DEPDIR)/libtcs_a-tcsi_maint.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_maint.c' object='libtcs_a-tcsi_maint.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_maint.o `test -f 'tcsi_maint.c' || echo '$(srcdir)/'`tcsi_maint.c + +libtcs_a-tcsi_maint.obj: tcsi_maint.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_maint.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_maint.Tpo -c -o libtcs_a-tcsi_maint.obj `if test -f 'tcsi_maint.c'; then $(CYGPATH_W) 'tcsi_maint.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_maint.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_maint.Tpo $(DEPDIR)/libtcs_a-tcsi_maint.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_maint.c' object='libtcs_a-tcsi_maint.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_maint.obj `if test -f 'tcsi_maint.c'; then $(CYGPATH_W) 'tcsi_maint.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_maint.c'; fi` + +libtcs_a-rpc_maint.o: rpc/@RPC@/rpc_maint.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_maint.o -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_maint.Tpo -c -o libtcs_a-rpc_maint.o `test -f 'rpc/@RPC@/rpc_maint.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_maint.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_maint.Tpo $(DEPDIR)/libtcs_a-rpc_maint.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_maint.c' object='libtcs_a-rpc_maint.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_maint.o `test -f 'rpc/@RPC@/rpc_maint.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_maint.c + +libtcs_a-rpc_maint.obj: rpc/@RPC@/rpc_maint.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_maint.obj -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_maint.Tpo -c -o libtcs_a-rpc_maint.obj `if test -f 'rpc/@RPC@/rpc_maint.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_maint.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_maint.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_maint.Tpo $(DEPDIR)/libtcs_a-rpc_maint.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_maint.c' object='libtcs_a-rpc_maint.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_maint.obj `if test -f 'rpc/@RPC@/rpc_maint.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_maint.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_maint.c'; fi` + +libtcs_a-tcsi_migration.o: tcsi_migration.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_migration.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_migration.Tpo -c -o libtcs_a-tcsi_migration.o `test -f 'tcsi_migration.c' || echo '$(srcdir)/'`tcsi_migration.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_migration.Tpo $(DEPDIR)/libtcs_a-tcsi_migration.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_migration.c' object='libtcs_a-tcsi_migration.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_migration.o `test -f 'tcsi_migration.c' || echo '$(srcdir)/'`tcsi_migration.c + +libtcs_a-tcsi_migration.obj: tcsi_migration.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_migration.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_migration.Tpo -c -o libtcs_a-tcsi_migration.obj `if test -f 'tcsi_migration.c'; then $(CYGPATH_W) 'tcsi_migration.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_migration.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_migration.Tpo $(DEPDIR)/libtcs_a-tcsi_migration.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_migration.c' object='libtcs_a-tcsi_migration.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_migration.obj `if test -f 'tcsi_migration.c'; then $(CYGPATH_W) 'tcsi_migration.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_migration.c'; fi` + +libtcs_a-tcs_migration.o: tcs_migration.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_migration.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_migration.Tpo -c -o libtcs_a-tcs_migration.o `test -f 'tcs_migration.c' || echo '$(srcdir)/'`tcs_migration.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_migration.Tpo $(DEPDIR)/libtcs_a-tcs_migration.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_migration.c' object='libtcs_a-tcs_migration.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_migration.o `test -f 'tcs_migration.c' || echo '$(srcdir)/'`tcs_migration.c + +libtcs_a-tcs_migration.obj: tcs_migration.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_migration.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_migration.Tpo -c -o libtcs_a-tcs_migration.obj `if test -f 'tcs_migration.c'; then $(CYGPATH_W) 'tcs_migration.c'; else $(CYGPATH_W) '$(srcdir)/tcs_migration.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_migration.Tpo $(DEPDIR)/libtcs_a-tcs_migration.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_migration.c' object='libtcs_a-tcs_migration.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_migration.obj `if test -f 'tcs_migration.c'; then $(CYGPATH_W) 'tcs_migration.c'; else $(CYGPATH_W) '$(srcdir)/tcs_migration.c'; fi` + +libtcs_a-rpc_migration.o: rpc/@RPC@/rpc_migration.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_migration.o -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_migration.Tpo -c -o libtcs_a-rpc_migration.o `test -f 'rpc/@RPC@/rpc_migration.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_migration.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_migration.Tpo $(DEPDIR)/libtcs_a-rpc_migration.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_migration.c' object='libtcs_a-rpc_migration.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_migration.o `test -f 'rpc/@RPC@/rpc_migration.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_migration.c + +libtcs_a-rpc_migration.obj: rpc/@RPC@/rpc_migration.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_migration.obj -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_migration.Tpo -c -o libtcs_a-rpc_migration.obj `if test -f 'rpc/@RPC@/rpc_migration.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_migration.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_migration.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_migration.Tpo $(DEPDIR)/libtcs_a-rpc_migration.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_migration.c' object='libtcs_a-rpc_migration.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_migration.obj `if test -f 'rpc/@RPC@/rpc_migration.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_migration.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_migration.c'; fi` + +libtcs_a-tcsi_pcr.o: tcsi_pcr.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_pcr.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_pcr.Tpo -c -o libtcs_a-tcsi_pcr.o `test -f 'tcsi_pcr.c' || echo '$(srcdir)/'`tcsi_pcr.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_pcr.Tpo $(DEPDIR)/libtcs_a-tcsi_pcr.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_pcr.c' object='libtcs_a-tcsi_pcr.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_pcr.o `test -f 'tcsi_pcr.c' || echo '$(srcdir)/'`tcsi_pcr.c + +libtcs_a-tcsi_pcr.obj: tcsi_pcr.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_pcr.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_pcr.Tpo -c -o libtcs_a-tcsi_pcr.obj `if test -f 'tcsi_pcr.c'; then $(CYGPATH_W) 'tcsi_pcr.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_pcr.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_pcr.Tpo $(DEPDIR)/libtcs_a-tcsi_pcr.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_pcr.c' object='libtcs_a-tcsi_pcr.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_pcr.obj `if test -f 'tcsi_pcr.c'; then $(CYGPATH_W) 'tcsi_pcr.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_pcr.c'; fi` + +libtcs_a-rpc_pcr_extend.o: rpc/@RPC@/rpc_pcr_extend.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_pcr_extend.o -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_pcr_extend.Tpo -c -o libtcs_a-rpc_pcr_extend.o `test -f 'rpc/@RPC@/rpc_pcr_extend.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_pcr_extend.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_pcr_extend.Tpo $(DEPDIR)/libtcs_a-rpc_pcr_extend.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_pcr_extend.c' object='libtcs_a-rpc_pcr_extend.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_pcr_extend.o `test -f 'rpc/@RPC@/rpc_pcr_extend.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_pcr_extend.c + +libtcs_a-rpc_pcr_extend.obj: rpc/@RPC@/rpc_pcr_extend.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_pcr_extend.obj -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_pcr_extend.Tpo -c -o libtcs_a-rpc_pcr_extend.obj `if test -f 'rpc/@RPC@/rpc_pcr_extend.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_pcr_extend.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_pcr_extend.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_pcr_extend.Tpo $(DEPDIR)/libtcs_a-rpc_pcr_extend.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_pcr_extend.c' object='libtcs_a-rpc_pcr_extend.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_pcr_extend.obj `if test -f 'rpc/@RPC@/rpc_pcr_extend.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_pcr_extend.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_pcr_extend.c'; fi` + +libtcs_a-tcsi_selftest.o: tcsi_selftest.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_selftest.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_selftest.Tpo -c -o libtcs_a-tcsi_selftest.o `test -f 'tcsi_selftest.c' || echo '$(srcdir)/'`tcsi_selftest.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_selftest.Tpo $(DEPDIR)/libtcs_a-tcsi_selftest.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_selftest.c' object='libtcs_a-tcsi_selftest.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_selftest.o `test -f 'tcsi_selftest.c' || echo '$(srcdir)/'`tcsi_selftest.c + +libtcs_a-tcsi_selftest.obj: tcsi_selftest.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_selftest.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_selftest.Tpo -c -o libtcs_a-tcsi_selftest.obj `if test -f 'tcsi_selftest.c'; then $(CYGPATH_W) 'tcsi_selftest.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_selftest.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_selftest.Tpo $(DEPDIR)/libtcs_a-tcsi_selftest.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_selftest.c' object='libtcs_a-tcsi_selftest.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_selftest.obj `if test -f 'tcsi_selftest.c'; then $(CYGPATH_W) 'tcsi_selftest.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_selftest.c'; fi` + +libtcs_a-rpc_selftest.o: rpc/@RPC@/rpc_selftest.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_selftest.o -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_selftest.Tpo -c -o libtcs_a-rpc_selftest.o `test -f 'rpc/@RPC@/rpc_selftest.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_selftest.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_selftest.Tpo $(DEPDIR)/libtcs_a-rpc_selftest.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_selftest.c' object='libtcs_a-rpc_selftest.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_selftest.o `test -f 'rpc/@RPC@/rpc_selftest.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_selftest.c + +libtcs_a-rpc_selftest.obj: rpc/@RPC@/rpc_selftest.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_selftest.obj -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_selftest.Tpo -c -o libtcs_a-rpc_selftest.obj `if test -f 'rpc/@RPC@/rpc_selftest.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_selftest.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_selftest.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_selftest.Tpo $(DEPDIR)/libtcs_a-rpc_selftest.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_selftest.c' object='libtcs_a-rpc_selftest.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_selftest.obj `if test -f 'rpc/@RPC@/rpc_selftest.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_selftest.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_selftest.c'; fi` + +libtcs_a-tcsi_daa.o: tcsi_daa.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_daa.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_daa.Tpo -c -o libtcs_a-tcsi_daa.o `test -f 'tcsi_daa.c' || echo '$(srcdir)/'`tcsi_daa.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_daa.Tpo $(DEPDIR)/libtcs_a-tcsi_daa.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_daa.c' object='libtcs_a-tcsi_daa.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_daa.o `test -f 'tcsi_daa.c' || echo '$(srcdir)/'`tcsi_daa.c + +libtcs_a-tcsi_daa.obj: tcsi_daa.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_daa.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_daa.Tpo -c -o libtcs_a-tcsi_daa.obj `if test -f 'tcsi_daa.c'; then $(CYGPATH_W) 'tcsi_daa.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_daa.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_daa.Tpo $(DEPDIR)/libtcs_a-tcsi_daa.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_daa.c' object='libtcs_a-tcsi_daa.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_daa.obj `if test -f 'tcsi_daa.c'; then $(CYGPATH_W) 'tcsi_daa.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_daa.c'; fi` + +libtcs_a-rpc_daa.o: rpc/@RPC@/rpc_daa.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_daa.o -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_daa.Tpo -c -o libtcs_a-rpc_daa.o `test -f 'rpc/@RPC@/rpc_daa.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_daa.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_daa.Tpo $(DEPDIR)/libtcs_a-rpc_daa.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_daa.c' object='libtcs_a-rpc_daa.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_daa.o `test -f 'rpc/@RPC@/rpc_daa.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_daa.c + +libtcs_a-rpc_daa.obj: rpc/@RPC@/rpc_daa.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_daa.obj -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_daa.Tpo -c -o libtcs_a-rpc_daa.obj `if test -f 'rpc/@RPC@/rpc_daa.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_daa.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_daa.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_daa.Tpo $(DEPDIR)/libtcs_a-rpc_daa.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_daa.c' object='libtcs_a-rpc_daa.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_daa.obj `if test -f 'rpc/@RPC@/rpc_daa.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_daa.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_daa.c'; fi` + +libtcs_a-tcsi_nv.o: tcsi_nv.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_nv.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_nv.Tpo -c -o libtcs_a-tcsi_nv.o `test -f 'tcsi_nv.c' || echo '$(srcdir)/'`tcsi_nv.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_nv.Tpo $(DEPDIR)/libtcs_a-tcsi_nv.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_nv.c' object='libtcs_a-tcsi_nv.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_nv.o `test -f 'tcsi_nv.c' || echo '$(srcdir)/'`tcsi_nv.c + +libtcs_a-tcsi_nv.obj: tcsi_nv.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_nv.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_nv.Tpo -c -o libtcs_a-tcsi_nv.obj `if test -f 'tcsi_nv.c'; then $(CYGPATH_W) 'tcsi_nv.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_nv.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_nv.Tpo $(DEPDIR)/libtcs_a-tcsi_nv.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_nv.c' object='libtcs_a-tcsi_nv.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_nv.obj `if test -f 'tcsi_nv.c'; then $(CYGPATH_W) 'tcsi_nv.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_nv.c'; fi` + +libtcs_a-rpc_nv.o: rpc/@RPC@/rpc_nv.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_nv.o -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_nv.Tpo -c -o libtcs_a-rpc_nv.o `test -f 'rpc/@RPC@/rpc_nv.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_nv.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_nv.Tpo $(DEPDIR)/libtcs_a-rpc_nv.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_nv.c' object='libtcs_a-rpc_nv.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_nv.o `test -f 'rpc/@RPC@/rpc_nv.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_nv.c + +libtcs_a-rpc_nv.obj: rpc/@RPC@/rpc_nv.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_nv.obj -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_nv.Tpo -c -o libtcs_a-rpc_nv.obj `if test -f 'rpc/@RPC@/rpc_nv.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_nv.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_nv.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_nv.Tpo $(DEPDIR)/libtcs_a-rpc_nv.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_nv.c' object='libtcs_a-rpc_nv.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_nv.obj `if test -f 'rpc/@RPC@/rpc_nv.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_nv.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_nv.c'; fi` + +libtcs_a-tcsi_audit.o: tcsi_audit.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_audit.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_audit.Tpo -c -o libtcs_a-tcsi_audit.o `test -f 'tcsi_audit.c' || echo '$(srcdir)/'`tcsi_audit.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_audit.Tpo $(DEPDIR)/libtcs_a-tcsi_audit.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_audit.c' object='libtcs_a-tcsi_audit.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_audit.o `test -f 'tcsi_audit.c' || echo '$(srcdir)/'`tcsi_audit.c + +libtcs_a-tcsi_audit.obj: tcsi_audit.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_audit.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_audit.Tpo -c -o libtcs_a-tcsi_audit.obj `if test -f 'tcsi_audit.c'; then $(CYGPATH_W) 'tcsi_audit.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_audit.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_audit.Tpo $(DEPDIR)/libtcs_a-tcsi_audit.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_audit.c' object='libtcs_a-tcsi_audit.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_audit.obj `if test -f 'tcsi_audit.c'; then $(CYGPATH_W) 'tcsi_audit.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_audit.c'; fi` + +libtcs_a-rpc_audit.o: rpc/@RPC@/rpc_audit.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_audit.o -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_audit.Tpo -c -o libtcs_a-rpc_audit.o `test -f 'rpc/@RPC@/rpc_audit.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_audit.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_audit.Tpo $(DEPDIR)/libtcs_a-rpc_audit.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_audit.c' object='libtcs_a-rpc_audit.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_audit.o `test -f 'rpc/@RPC@/rpc_audit.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_audit.c + +libtcs_a-rpc_audit.obj: rpc/@RPC@/rpc_audit.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_audit.obj -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_audit.Tpo -c -o libtcs_a-rpc_audit.obj `if test -f 'rpc/@RPC@/rpc_audit.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_audit.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_audit.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_audit.Tpo $(DEPDIR)/libtcs_a-rpc_audit.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_audit.c' object='libtcs_a-rpc_audit.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_audit.obj `if test -f 'rpc/@RPC@/rpc_audit.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_audit.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_audit.c'; fi` + +libtcs_a-tcsi_oper.o: tcsi_oper.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_oper.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_oper.Tpo -c -o libtcs_a-tcsi_oper.o `test -f 'tcsi_oper.c' || echo '$(srcdir)/'`tcsi_oper.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_oper.Tpo $(DEPDIR)/libtcs_a-tcsi_oper.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_oper.c' object='libtcs_a-tcsi_oper.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_oper.o `test -f 'tcsi_oper.c' || echo '$(srcdir)/'`tcsi_oper.c + +libtcs_a-tcsi_oper.obj: tcsi_oper.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_oper.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_oper.Tpo -c -o libtcs_a-tcsi_oper.obj `if test -f 'tcsi_oper.c'; then $(CYGPATH_W) 'tcsi_oper.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_oper.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_oper.Tpo $(DEPDIR)/libtcs_a-tcsi_oper.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_oper.c' object='libtcs_a-tcsi_oper.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_oper.obj `if test -f 'tcsi_oper.c'; then $(CYGPATH_W) 'tcsi_oper.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_oper.c'; fi` + +libtcs_a-rpc_oper.o: rpc/@RPC@/rpc_oper.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_oper.o -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_oper.Tpo -c -o libtcs_a-rpc_oper.o `test -f 'rpc/@RPC@/rpc_oper.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_oper.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_oper.Tpo $(DEPDIR)/libtcs_a-rpc_oper.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_oper.c' object='libtcs_a-rpc_oper.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_oper.o `test -f 'rpc/@RPC@/rpc_oper.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_oper.c + +libtcs_a-rpc_oper.obj: rpc/@RPC@/rpc_oper.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_oper.obj -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_oper.Tpo -c -o libtcs_a-rpc_oper.obj `if test -f 'rpc/@RPC@/rpc_oper.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_oper.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_oper.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_oper.Tpo $(DEPDIR)/libtcs_a-rpc_oper.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_oper.c' object='libtcs_a-rpc_oper.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_oper.obj `if test -f 'rpc/@RPC@/rpc_oper.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_oper.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_oper.c'; fi` + +libtcs_a-tcsi_delegate.o: tcsi_delegate.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_delegate.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_delegate.Tpo -c -o libtcs_a-tcsi_delegate.o `test -f 'tcsi_delegate.c' || echo '$(srcdir)/'`tcsi_delegate.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_delegate.Tpo $(DEPDIR)/libtcs_a-tcsi_delegate.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_delegate.c' object='libtcs_a-tcsi_delegate.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_delegate.o `test -f 'tcsi_delegate.c' || echo '$(srcdir)/'`tcsi_delegate.c + +libtcs_a-tcsi_delegate.obj: tcsi_delegate.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_delegate.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_delegate.Tpo -c -o libtcs_a-tcsi_delegate.obj `if test -f 'tcsi_delegate.c'; then $(CYGPATH_W) 'tcsi_delegate.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_delegate.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_delegate.Tpo $(DEPDIR)/libtcs_a-tcsi_delegate.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_delegate.c' object='libtcs_a-tcsi_delegate.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_delegate.obj `if test -f 'tcsi_delegate.c'; then $(CYGPATH_W) 'tcsi_delegate.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_delegate.c'; fi` + +libtcs_a-rpc_delegate.o: rpc/@RPC@/rpc_delegate.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_delegate.o -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_delegate.Tpo -c -o libtcs_a-rpc_delegate.o `test -f 'rpc/@RPC@/rpc_delegate.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_delegate.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_delegate.Tpo $(DEPDIR)/libtcs_a-rpc_delegate.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_delegate.c' object='libtcs_a-rpc_delegate.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_delegate.o `test -f 'rpc/@RPC@/rpc_delegate.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_delegate.c + +libtcs_a-rpc_delegate.obj: rpc/@RPC@/rpc_delegate.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_delegate.obj -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_delegate.Tpo -c -o libtcs_a-rpc_delegate.obj `if test -f 'rpc/@RPC@/rpc_delegate.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_delegate.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_delegate.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_delegate.Tpo $(DEPDIR)/libtcs_a-rpc_delegate.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_delegate.c' object='libtcs_a-rpc_delegate.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_delegate.obj `if test -f 'rpc/@RPC@/rpc_delegate.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_delegate.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_delegate.c'; fi` + +libtcs_a-tcsi_quote2.o: tcsi_quote2.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_quote2.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_quote2.Tpo -c -o libtcs_a-tcsi_quote2.o `test -f 'tcsi_quote2.c' || echo '$(srcdir)/'`tcsi_quote2.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_quote2.Tpo $(DEPDIR)/libtcs_a-tcsi_quote2.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_quote2.c' object='libtcs_a-tcsi_quote2.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_quote2.o `test -f 'tcsi_quote2.c' || echo '$(srcdir)/'`tcsi_quote2.c + +libtcs_a-tcsi_quote2.obj: tcsi_quote2.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_quote2.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_quote2.Tpo -c -o libtcs_a-tcsi_quote2.obj `if test -f 'tcsi_quote2.c'; then $(CYGPATH_W) 'tcsi_quote2.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_quote2.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_quote2.Tpo $(DEPDIR)/libtcs_a-tcsi_quote2.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_quote2.c' object='libtcs_a-tcsi_quote2.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_quote2.obj `if test -f 'tcsi_quote2.c'; then $(CYGPATH_W) 'tcsi_quote2.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_quote2.c'; fi` + +libtcs_a-tcs_quote2.o: tcs_quote2.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_quote2.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_quote2.Tpo -c -o libtcs_a-tcs_quote2.o `test -f 'tcs_quote2.c' || echo '$(srcdir)/'`tcs_quote2.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_quote2.Tpo $(DEPDIR)/libtcs_a-tcs_quote2.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_quote2.c' object='libtcs_a-tcs_quote2.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_quote2.o `test -f 'tcs_quote2.c' || echo '$(srcdir)/'`tcs_quote2.c + +libtcs_a-tcs_quote2.obj: tcs_quote2.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcs_quote2.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcs_quote2.Tpo -c -o libtcs_a-tcs_quote2.obj `if test -f 'tcs_quote2.c'; then $(CYGPATH_W) 'tcs_quote2.c'; else $(CYGPATH_W) '$(srcdir)/tcs_quote2.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcs_quote2.Tpo $(DEPDIR)/libtcs_a-tcs_quote2.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcs_quote2.c' object='libtcs_a-tcs_quote2.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcs_quote2.obj `if test -f 'tcs_quote2.c'; then $(CYGPATH_W) 'tcs_quote2.c'; else $(CYGPATH_W) '$(srcdir)/tcs_quote2.c'; fi` + +libtcs_a-rpc_quote2.o: rpc/@RPC@/rpc_quote2.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_quote2.o -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_quote2.Tpo -c -o libtcs_a-rpc_quote2.o `test -f 'rpc/@RPC@/rpc_quote2.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_quote2.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_quote2.Tpo $(DEPDIR)/libtcs_a-rpc_quote2.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_quote2.c' object='libtcs_a-rpc_quote2.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_quote2.o `test -f 'rpc/@RPC@/rpc_quote2.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_quote2.c + +libtcs_a-rpc_quote2.obj: rpc/@RPC@/rpc_quote2.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_quote2.obj -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_quote2.Tpo -c -o libtcs_a-rpc_quote2.obj `if test -f 'rpc/@RPC@/rpc_quote2.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_quote2.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_quote2.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_quote2.Tpo $(DEPDIR)/libtcs_a-rpc_quote2.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_quote2.c' object='libtcs_a-rpc_quote2.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_quote2.obj `if test -f 'rpc/@RPC@/rpc_quote2.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_quote2.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_quote2.c'; fi` + +libtcs_a-tcsi_cmk.o: tcsi_cmk.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_cmk.o -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_cmk.Tpo -c -o libtcs_a-tcsi_cmk.o `test -f 'tcsi_cmk.c' || echo '$(srcdir)/'`tcsi_cmk.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_cmk.Tpo $(DEPDIR)/libtcs_a-tcsi_cmk.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_cmk.c' object='libtcs_a-tcsi_cmk.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_cmk.o `test -f 'tcsi_cmk.c' || echo '$(srcdir)/'`tcsi_cmk.c + +libtcs_a-tcsi_cmk.obj: tcsi_cmk.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-tcsi_cmk.obj -MD -MP -MF $(DEPDIR)/libtcs_a-tcsi_cmk.Tpo -c -o libtcs_a-tcsi_cmk.obj `if test -f 'tcsi_cmk.c'; then $(CYGPATH_W) 'tcsi_cmk.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_cmk.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-tcsi_cmk.Tpo $(DEPDIR)/libtcs_a-tcsi_cmk.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsi_cmk.c' object='libtcs_a-tcsi_cmk.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-tcsi_cmk.obj `if test -f 'tcsi_cmk.c'; then $(CYGPATH_W) 'tcsi_cmk.c'; else $(CYGPATH_W) '$(srcdir)/tcsi_cmk.c'; fi` + +libtcs_a-rpc_cmk.o: rpc/@RPC@/rpc_cmk.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_cmk.o -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_cmk.Tpo -c -o libtcs_a-rpc_cmk.o `test -f 'rpc/@RPC@/rpc_cmk.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_cmk.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_cmk.Tpo $(DEPDIR)/libtcs_a-rpc_cmk.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_cmk.c' object='libtcs_a-rpc_cmk.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_cmk.o `test -f 'rpc/@RPC@/rpc_cmk.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_cmk.c + +libtcs_a-rpc_cmk.obj: rpc/@RPC@/rpc_cmk.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -MT libtcs_a-rpc_cmk.obj -MD -MP -MF $(DEPDIR)/libtcs_a-rpc_cmk.Tpo -c -o libtcs_a-rpc_cmk.obj `if test -f 'rpc/@RPC@/rpc_cmk.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_cmk.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_cmk.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtcs_a-rpc_cmk.Tpo $(DEPDIR)/libtcs_a-rpc_cmk.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_cmk.c' object='libtcs_a-rpc_cmk.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcs_a_CFLAGS) $(CFLAGS) -c -o libtcs_a-rpc_cmk.obj `if test -f 'rpc/@RPC@/rpc_cmk.c'; then $(CYGPATH_W) 'rpc/@RPC@/rpc_cmk.c'; else $(CYGPATH_W) '$(srcdir)/rpc/@RPC@/rpc_cmk.c'; fi` + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LIBRARIES) +installdirs: +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-noinstLIBRARIES \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-noinstLIBRARIES ctags distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/tcs/crypto/openssl/crypto.c b/src/tcs/crypto/openssl/crypto.c new file mode 100644 index 0000000..c02db27 --- /dev/null +++ b/src/tcs/crypto/openssl/crypto.c @@ -0,0 +1,68 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2006 + * + */ + + +#include +#include +#include +#include +#include + +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcslog.h" + +/* + * Hopefully this will make the code clearer since + * OpenSSL returns 1 on success + */ +#define EVP_SUCCESS 1 + +TSS_RESULT +Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest) +{ + EVP_MD_CTX md_ctx; + unsigned int result_size; + int rv; + + switch (HashType) { + case TSS_HASH_SHA1: + rv = EVP_DigestInit(&md_ctx, EVP_sha1()); + break; + default: + rv = TCSERR(TSS_E_BAD_PARAMETER); + goto out; + break; + } + + if (rv != EVP_SUCCESS) { + rv = TCSERR(TSS_E_INTERNAL_ERROR); + goto out; + } + + rv = EVP_DigestUpdate(&md_ctx, Buf, BufSize); + if (rv != EVP_SUCCESS) { + rv = TCSERR(TSS_E_INTERNAL_ERROR); + goto out; + } + + result_size = EVP_MD_CTX_size(&md_ctx); + rv = EVP_DigestFinal(&md_ctx, Digest, &result_size); + if (rv != EVP_SUCCESS) { + rv = TCSERR(TSS_E_INTERNAL_ERROR); + } else + rv = TSS_SUCCESS; + +out: + return rv; +} diff --git a/src/tcs/log.c b/src/tcs/log.c new file mode 100644 index 0000000..8f3d0b4 --- /dev/null +++ b/src/tcs/log.c @@ -0,0 +1,87 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + + +#include +#include +#include + +#include "trousers/tss.h" +#include "tcslog.h" + +#ifdef TSS_DEBUG + +/* + * LogBlobData() + * + * Log a blob's data to the debugging stream + * + * szDescriptor - The APPID tag found in the caller's environment at build time + * sizeOfBlob - The size of the data to log + * blob - the data to log + * + */ + +void +LogBlobData(char *szDescriptor, unsigned long sizeOfBlob, unsigned char *blob) +{ + char temp[64]; + unsigned int i; + + + if (getenv("TCSD_FOREGROUND") == NULL) + openlog(szDescriptor, LOG_NDELAY|LOG_PID, TSS_SYSLOG_LVL); + memset(temp, 0, sizeof(temp)); + + for (i = 0; (unsigned long)i < sizeOfBlob; i++) { + if ((i > 0) && ((i % 16) == 0)) { + if (getenv("TCSD_FOREGROUND") != NULL) + fprintf(stdout, "%s %s\n", szDescriptor, temp); + else + syslog(LOG_DEBUG, "%s", temp); + memset(temp, 0, sizeof(temp)); + } + snprintf(&temp[(i%16)*3], 4, "%.2X ", blob[i]); + } + + if (i == sizeOfBlob) { + if (getenv("TCSD_FOREGROUND") != NULL) + fprintf(stdout, "%s %s\n", szDescriptor, temp); + else + syslog(LOG_DEBUG, "%s", temp); + } +} + +void +LogTPMERR(TSS_RESULT result, char *file, int line) +{ + if (getenv("TSS_DEBUG_OFF") == NULL) + fprintf(stderr, "%s %s %s:%d: 0x%x\n", "LOG_RETERR", "TPM", file, line, result); +} + +TSS_RESULT +LogTDDLERR(TSS_RESULT result, char *file, int line) +{ + if (getenv("TSS_DEBUG_OFF") == NULL) + fprintf(stderr, "%s %s %s:%d: 0x%x\n", "LOG_RETERR", APPID, file, line, result); + + return (result | TSS_LAYER_TDDL); +} + +TSS_RESULT +LogTCSERR(TSS_RESULT result, char *file, int line) +{ + if (getenv("TSS_DEBUG_OFF") == NULL) + fprintf(stderr, "%s %s %s:%d: 0x%x\n", "LOG_RETERR", APPID, file, line, result); + + return (result | TSS_LAYER_TCS); +} + +#endif diff --git a/src/tcs/ps/ps_utils.c b/src/tcs/ps/ps_utils.c new file mode 100644 index 0000000..2e7f502 --- /dev/null +++ b/src/tcs/ps/ps_utils.c @@ -0,0 +1,538 @@ +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + + +#include +#include +#include +#include +#include +#if defined(HAVE_BYTEORDER_H) +#include +#elif defined(HTOLE_DEFINED) +#include +#define LE_16 htole16 +#define LE_32 htole32 +#define LE_64 htole64 +#else +#define LE_16(x) (x) +#define LE_32(x) (x) +#define LE_64(x) (x) +#endif +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_int_literals.h" +#include "tcsps.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcslog.h" + +struct key_disk_cache *key_disk_cache_head = NULL; + + +#ifdef SOLARIS +TSS_RESULT +#else +inline TSS_RESULT +#endif +read_data(int fd, void *data, UINT32 size) +{ + int rc; + + rc = read(fd, data, size); + if (rc == -1) { + LogError("read of %d bytes: %s", size, strerror(errno)); + return TCSERR(TSS_E_INTERNAL_ERROR); + } else if ((unsigned)rc != size) { + LogError("read of %d bytes (only %d read)", size, rc); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + return TSS_SUCCESS; +} + + +#ifdef SOLARIS +TSS_RESULT +#else +inline TSS_RESULT +#endif +write_data(int fd, void *data, UINT32 size) +{ + int rc; + + rc = write(fd, data, size); + if (rc == -1) { + LogError("write of %d bytes: %s", size, strerror(errno)); + return TCSERR(TSS_E_INTERNAL_ERROR); + } else if ((unsigned)rc != size) { + LogError("write of %d bytes (only %d written)", size, rc); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + return TSS_SUCCESS; +} + +/* + * called by write_key_init to find the next available location in the PS file to + * write a new key to. + */ +int +find_write_offset(UINT32 pub_data_size, UINT32 blob_size, UINT32 vendor_data_size) +{ + struct key_disk_cache *tmp; + unsigned int offset; + + MUTEX_LOCK(disk_cache_lock); + + tmp = key_disk_cache_head; + while (tmp) { + /* if we find a deleted key of the right size, return its offset */ + if (!(tmp->flags & CACHE_FLAG_VALID) && + tmp->pub_data_size == pub_data_size && + tmp->blob_size == blob_size && + tmp->vendor_data_size == vendor_data_size) { + offset = tmp->offset; + MUTEX_UNLOCK(disk_cache_lock); + return offset; + } + tmp = tmp->next; + } + + MUTEX_UNLOCK(disk_cache_lock); + + /* no correctly sized holes */ + return -1; +} + +/* + * move the file pointer to the point where the next key can be written and return + * that offset + */ +int +write_key_init(int fd, UINT32 pub_data_size, UINT32 blob_size, UINT32 vendor_data_size) +{ + UINT32 num_keys; + BYTE version; + int rc, offset; + + /* seek to the PS version */ + rc = lseek(fd, TSSPS_VERSION_OFFSET, SEEK_SET); + if (rc == ((off_t) - 1)) { + LogError("lseek: %s", strerror(errno)); + return -1; + } + + /* go to NUM_KEYS */ + rc = lseek(fd, TSSPS_NUM_KEYS_OFFSET, SEEK_SET); + if (rc == ((off_t) - 1)) { + LogError("lseek: %s", strerror(errno)); + return -1; + } + + /* read the number of keys */ + rc = read(fd, &num_keys, sizeof(UINT32)); + num_keys = LE_32(num_keys); + if (rc == -1) { + LogError("read of %zd bytes: %s", sizeof(UINT32), strerror(errno)); + return -1; + } else if (rc == 0) { + /* This is the first key being written */ + num_keys = 1; + version = 1; + + /* seek to the PS version */ + rc = lseek(fd, TSSPS_VERSION_OFFSET, SEEK_SET); + if (rc == ((off_t) - 1)) { + LogError("lseek: %s", strerror(errno)); + return -1; + } + + /* write out the version info byte */ + if ((rc = write_data(fd, &version, sizeof(BYTE)))) { + LogError("%s", __FUNCTION__); + return rc; + } + + rc = lseek(fd, TSSPS_NUM_KEYS_OFFSET, SEEK_SET); + if (rc == ((off_t) - 1)) { + LogError("lseek: %s", strerror(errno)); + return -1; + } + + num_keys = LE_32(num_keys); + if ((rc = write_data(fd, &num_keys, sizeof(UINT32)))) { + LogError("%s", __FUNCTION__); + return rc; + } + + /* return the offset */ + return (TSSPS_NUM_KEYS_OFFSET + sizeof(UINT32)); + } + + /* if there is a hole in the file we can write to, find it */ + offset = find_write_offset(pub_data_size, blob_size, vendor_data_size); + + if (offset != -1) { + /* we found a hole, seek to it and don't increment the # of keys on disk */ + rc = lseek(fd, offset, SEEK_SET); + } else { + /* we didn't find a hole, increment the number of keys on disk and seek + * to the end of the file + */ + num_keys++; + + /* go to the beginning */ + rc = lseek(fd, TSSPS_NUM_KEYS_OFFSET, SEEK_SET); + if (rc == ((off_t) - 1)) { + LogError("lseek: %s", strerror(errno)); + return -1; + } + num_keys = LE_32(num_keys); + if ((rc = write_data(fd, &num_keys, sizeof(UINT32)))) { + LogError("%s", __FUNCTION__); + return rc; + } + + rc = lseek(fd, 0, SEEK_END); + } + if (rc == ((off_t) - 1)) { + LogError("lseek: %s", strerror(errno)); + return -1; + } + + /* lseek returns the number of bytes of offset from the beginning of the file */ + return rc; +} + +/* + * add a new cache entry for a written key + */ +TSS_RESULT +cache_key(UINT32 offset, UINT16 flags, + TSS_UUID *uuid, TSS_UUID *parent_uuid, + UINT16 pub_data_size, UINT32 blob_size, + UINT32 vendor_data_size) +{ + struct key_disk_cache *tmp; + + MUTEX_LOCK(disk_cache_lock); + + tmp = key_disk_cache_head; + + for (; tmp; tmp = tmp->next) { + /* reuse an invalidated key cache entry */ + if (!(tmp->flags & CACHE_FLAG_VALID)) + goto fill_cache_entry; + } + + tmp = malloc(sizeof(struct key_disk_cache)); + if (tmp == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(struct key_disk_cache)); + MUTEX_UNLOCK(disk_cache_lock); + return TCSERR(TSS_E_OUTOFMEMORY); + } + tmp->next = key_disk_cache_head; + key_disk_cache_head = tmp; + +fill_cache_entry: + tmp->offset = offset; +#ifdef TSS_DEBUG + if (offset == 0) + LogDebug("Storing key with file offset==0!!!"); +#endif + tmp->flags = flags; + tmp->blob_size = blob_size; + tmp->pub_data_size = pub_data_size; + tmp->vendor_data_size = vendor_data_size; + memcpy(&tmp->uuid, uuid, sizeof(TSS_UUID)); + memcpy(&tmp->parent_uuid, parent_uuid, sizeof(TSS_UUID)); + + MUTEX_UNLOCK(disk_cache_lock); + return TSS_SUCCESS; +} + +/* + * read into the PS file and return the number of keys + */ +int +get_num_keys_in_file(int fd) +{ + UINT32 num_keys; + int rc; + + /* go to the number of keys */ + rc = lseek(fd, TSSPS_NUM_KEYS_OFFSET, SEEK_SET); + if (rc == ((off_t) - 1)) { + LogError("lseek: %s", strerror(errno)); + return 0; + } + + rc = read(fd, &num_keys, sizeof(UINT32)); + if (rc < 0) { + LogError("read of %zd bytes: %s", sizeof(UINT32), strerror(errno)); + return 0; + } else if ((unsigned)rc < sizeof(UINT32)) { + num_keys = 0; + } + num_keys = LE_32(num_keys); + + return num_keys; +} + +/* + * count the number of valid keys in the cache + */ +int +get_num_keys() +{ + int num_keys = 0; + struct key_disk_cache *tmp; + + MUTEX_LOCK(disk_cache_lock); + + tmp = key_disk_cache_head; + + for (; tmp; tmp = tmp->next) { + if (tmp->flags & CACHE_FLAG_VALID) + num_keys++; + } + + MUTEX_UNLOCK(disk_cache_lock); + return num_keys; +} + +/* + * disk store format: + * + * TrouSerS 0.2.0 and before: + * Version 0: cached? + * [UINT32 num_keys_on_disk] + * [TSS_UUID uuid0 ] yes + * [TSS_UUID uuid_parent0 ] yes + * [UINT16 pub_data_size0 ] yes + * [UINT16 blob_size0 ] yes + * [UINT16 cache_flags0 ] yes + * [BYTE[] pub_data0 ] + * [BYTE[] blob0 ] + * [...] + * + * TrouSerS 0.2.1+ + * Version 1: cached? + * [BYTE PS version = '\1'] + * [UINT32 num_keys_on_disk ] + * [TSS_UUID uuid0 ] yes + * [TSS_UUID uuid_parent0 ] yes + * [UINT16 pub_data_size0 ] yes + * [UINT16 blob_size0 ] yes + * [UINT32 vendor_data_size0] yes + * [UINT16 cache_flags0 ] yes + * [BYTE[] pub_data0 ] + * [BYTE[] blob0 ] + * [BYTE[] vendor_data0 ] + * [...] + * + */ +/* + * read the PS file pointed to by fd and create a cache based on it + */ +int +init_disk_cache(int fd) +{ + UINT32 num_keys = get_num_keys_in_file(fd); + UINT16 i; + UINT64 tmp_offset; + int rc = 0, offset; + struct key_disk_cache *tmp, *prev = NULL; + BYTE srk_blob[2048]; + TSS_KEY srk_key; +#ifdef TSS_DEBUG + int valid_keys = 0; +#endif + + MUTEX_LOCK(disk_cache_lock); + + if (num_keys == 0) { + key_disk_cache_head = NULL; + MUTEX_UNLOCK(disk_cache_lock); + return 0; + } else { + key_disk_cache_head = tmp = calloc(1, sizeof(struct key_disk_cache)); + if (tmp == NULL) { + LogError("malloc of %zd bytes failed.", + sizeof(struct key_disk_cache)); + rc = -1; + goto err_exit; + } + } + + /* make sure the file pointer is where we expect, just after the number + * of keys on disk at the head of the file + */ + offset = lseek(fd, TSSPS_KEYS_OFFSET, SEEK_SET); + if (offset == ((off_t) - 1)) { + LogError("lseek: %s", strerror(errno)); + rc = -1; + goto err_exit; + } + + for (i=0; ioffset = offset; +#ifdef TSS_DEBUG + if (offset == 0) + LogDebug("Storing key with file offset==0!!!"); +#endif + /* read UUID */ + if ((rc = read_data(fd, (void *)&tmp->uuid, sizeof(TSS_UUID)))) { + LogError("%s", __FUNCTION__); + goto err_exit; + } + + /* read parent UUID */ + if ((rc = read_data(fd, (void *)&tmp->parent_uuid, sizeof(TSS_UUID)))) { + LogError("%s", __FUNCTION__); + goto err_exit; + } + + /* pub data size */ + if ((rc = read_data(fd, &tmp->pub_data_size, sizeof(UINT16)))) { + LogError("%s", __FUNCTION__); + goto err_exit; + } + tmp->pub_data_size = LE_16(tmp->pub_data_size); + + DBG_ASSERT(tmp->pub_data_size <= 2048 && tmp->pub_data_size > 0); + + /* blob size */ + if ((rc = read_data(fd, &tmp->blob_size, sizeof(UINT16)))) { + LogError("%s", __FUNCTION__); + goto err_exit; + } + tmp->blob_size = LE_16(tmp->blob_size); + DBG_ASSERT(tmp->blob_size <= 4096 && tmp->blob_size > 0); + + /* vendor data size */ + if ((rc = read_data(fd, &tmp->vendor_data_size, sizeof(UINT32)))) { + LogError("%s", __FUNCTION__); + goto err_exit; + } + tmp->vendor_data_size = LE_32(tmp->vendor_data_size); + + /* cache flags */ + if ((rc = read_data(fd, &tmp->flags, sizeof(UINT16)))) { + LogError("%s", __FUNCTION__); + goto err_exit; + } + tmp->flags = LE_16(tmp->flags); + +#ifdef TSS_DEBUG + if (tmp->flags & CACHE_FLAG_VALID) + valid_keys++; +#endif + /* fast forward over the pub key */ + offset = lseek(fd, tmp->pub_data_size, SEEK_CUR); + if (offset == ((off_t) - 1)) { + LogError("lseek: %s", strerror(errno)); + rc = -1; + goto err_exit; + } + + /* if this is the SRK, load it into memory, since its already loaded in + * the chip */ + if (!memcmp(&SRK_UUID, &tmp->uuid, sizeof(TSS_UUID))) { + /* read SRK blob from disk */ + if ((rc = read_data(fd, srk_blob, tmp->blob_size))) { + LogError("%s", __FUNCTION__); + goto err_exit; + } + + tmp_offset = 0; + if ((rc = UnloadBlob_TSS_KEY(&tmp_offset, srk_blob, &srk_key))) + goto err_exit; + /* add to the mem cache */ + if ((rc = mc_add_entry_init(SRK_TPM_HANDLE, SRK_TPM_HANDLE, &srk_key, + &SRK_UUID))) { + LogError("Error adding SRK to mem cache."); + destroy_key_refs(&srk_key); + goto err_exit; + } + destroy_key_refs(&srk_key); + } else { + /* fast forward over the blob */ + offset = lseek(fd, tmp->blob_size, SEEK_CUR); + if (offset == ((off_t) - 1)) { + LogError("lseek: %s", strerror(errno)); + rc = -1; + goto err_exit; + } + + /* fast forward over the vendor data */ + offset = lseek(fd, tmp->vendor_data_size, SEEK_CUR); + if (offset == ((off_t) - 1)) { + LogError("lseek: %s", strerror(errno)); + rc = -1; + goto err_exit; + } + } + + tmp->next = calloc(1, sizeof(struct key_disk_cache)); + if (tmp->next == NULL) { + LogError("malloc of %zd bytes failed.", + sizeof(struct key_disk_cache)); + rc = -1; + goto err_exit; + } + prev = tmp; + tmp = tmp->next; + } + + /* delete the dangling, unfilled cache entry */ + free(tmp); + prev->next = NULL; + rc = 0; + LogDebug("%s: found %d valid key(s) on disk.\n", __FUNCTION__, valid_keys); + +err_exit: + MUTEX_UNLOCK(disk_cache_lock); + return rc; +} + +int +close_disk_cache(int fd) +{ + struct key_disk_cache *tmp, *tmp_next; + + if (key_disk_cache_head == NULL) + return 0; + + MUTEX_LOCK(disk_cache_lock); + tmp = key_disk_cache_head; + + do { + tmp_next = tmp->next; + free(tmp); + tmp = tmp_next; + } while (tmp); + + MUTEX_UNLOCK(disk_cache_lock); + + return 0; +} diff --git a/src/tcs/ps/tcsps.c b/src/tcs/ps/tcsps.c new file mode 100644 index 0000000..0d55608 --- /dev/null +++ b/src/tcs/ps/tcsps.c @@ -0,0 +1,784 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + + +#include +#include +#include +#include +#include +#include +#include +#include +#if defined (HAVE_BYTEORDER_H) +#include +#elif defined (HTOLE_DEFINED) +#include +#define LE_16 htole16 +#define LE_32 htole32 +#define LE_64 htole64 +#else +#define LE_16(x) (x) +#define LE_32(x) (x) +#define LE_64(x) (x) +#endif +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcsps.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" + +int system_ps_fd = -1; +MUTEX_DECLARE(disk_cache_lock); + +static struct flock fl; + +int +get_file() +{ + int rc; + /* check the global file handle first. If it exists, lock it and return */ + if (system_ps_fd != -1) { + int rc = 0; + + fl.l_type = F_WRLCK; + if ((rc = fcntl(system_ps_fd, F_SETLKW, &fl))) { + LogError("failed to get system PS lock: %s", strerror(errno)); + return -1; + } + + return system_ps_fd; + } + + /* open and lock the file */ + system_ps_fd = open(tcsd_options.system_ps_file, O_CREAT|O_RDWR, 0600); + if (system_ps_fd < 0) { + LogError("system PS: open() of %s failed: %s", + tcsd_options.system_ps_file, strerror(errno)); + return -1; + } + + fl.l_type = F_WRLCK; + if ((rc = fcntl(system_ps_fd, F_SETLKW, &fl))) { + LogError("failed to get system PS lock of file %s: %s", + tcsd_options.system_ps_file, strerror(errno)); + return -1; + } + + return system_ps_fd; +} + +int +put_file(int fd) +{ + int rc = 0; + /* release the file lock */ + + fl.l_type = F_UNLCK; + if ((rc = fcntl(fd, F_SETLKW, &fl))) { + LogError("failed to unlock system PS file: %s", + strerror(errno)); + return -1; + } + + return rc; +} + +void +close_file(int fd) +{ + close(fd); + system_ps_fd = -1; +} + +TSS_RESULT +psfile_get_parent_uuid_by_uuid(int fd, TSS_UUID *uuid, TSS_UUID *ret_uuid) +{ + int rc; + UINT32 file_offset = 0; + struct key_disk_cache *tmp; + + MUTEX_LOCK(disk_cache_lock); + tmp = key_disk_cache_head; + + while (tmp) { + if (memcmp(uuid, &tmp->uuid, sizeof(TSS_UUID)) || !(tmp->flags & CACHE_FLAG_VALID)) { + tmp = tmp->next; + continue; + } + + /* jump to the location of the parent uuid */ + file_offset = TSSPS_PARENT_UUID_OFFSET(tmp); + + rc = lseek(fd, file_offset, SEEK_SET); + if (rc == ((off_t) - 1)) { + LogError("lseek: %s", strerror(errno)); + MUTEX_UNLOCK(disk_cache_lock); + return -1; + } + + if ((rc = read_data(fd, ret_uuid, sizeof(TSS_UUID)))) { + LogError("%s", __FUNCTION__); + MUTEX_UNLOCK(disk_cache_lock); + return rc; + } + + MUTEX_UNLOCK(disk_cache_lock); + return TSS_SUCCESS; + } + MUTEX_UNLOCK(disk_cache_lock); + /* key not found */ + return -2; +} + +/* + * return a key blob from PS given a uuid + */ +TSS_RESULT +psfile_get_key_by_uuid(int fd, TSS_UUID *uuid, BYTE *ret_buffer, UINT16 *ret_buffer_size) +{ + int rc; + UINT32 file_offset = 0; + struct key_disk_cache *tmp; + + MUTEX_LOCK(disk_cache_lock); + tmp = key_disk_cache_head; + + while (tmp) { + if (memcmp(uuid, &tmp->uuid, sizeof(TSS_UUID)) || !(tmp->flags & CACHE_FLAG_VALID)) { + tmp = tmp->next; + continue; + } + + /* jump to the location of the key blob */ + file_offset = TSSPS_BLOB_DATA_OFFSET(tmp); + + rc = lseek(fd, file_offset, SEEK_SET); + if (rc == ((off_t) - 1)) { + LogError("lseek: %s", strerror(errno)); + MUTEX_UNLOCK(disk_cache_lock); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + /* we found the key; file ptr is pointing at the blob */ + if (*ret_buffer_size < tmp->blob_size) { + /* not enough room */ + MUTEX_UNLOCK(disk_cache_lock); + return TCSERR(TSS_E_FAIL); + } + + if ((rc = read_data(fd, ret_buffer, tmp->blob_size))) { + LogError("%s", __FUNCTION__); + MUTEX_UNLOCK(disk_cache_lock); + return rc; + } + *ret_buffer_size = tmp->blob_size; + LogDebugUnrollKey(ret_buffer); + MUTEX_UNLOCK(disk_cache_lock); + return TSS_SUCCESS; + } + MUTEX_UNLOCK(disk_cache_lock); + /* key not found */ + return TCSERR(TSS_E_FAIL); +} + +/* + * return a key blob from PS given its cache entry. The disk cache must be + * locked by the caller. + */ +TSS_RESULT +psfile_get_key_by_cache_entry(int fd, struct key_disk_cache *c, BYTE *ret_buffer, + UINT16 *ret_buffer_size) +{ + int rc; + UINT32 file_offset = 0; + + /* jump to the location of the key blob */ + file_offset = TSSPS_BLOB_DATA_OFFSET(c); + + rc = lseek(fd, file_offset, SEEK_SET); + if (rc == ((off_t) - 1)) { + LogError("lseek: %s", strerror(errno)); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + /* we found the key; file ptr is pointing at the blob */ + if (*ret_buffer_size < c->blob_size) { + /* not enough room */ + LogError("%s: Buf size too small. Needed %d bytes, passed %d", __FUNCTION__, + c->blob_size, *ret_buffer_size); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if ((rc = read_data(fd, ret_buffer, c->blob_size))) { + LogError("%s: error reading %d bytes", __FUNCTION__, c->blob_size); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + *ret_buffer_size = c->blob_size; + + return TSS_SUCCESS; +} + +/* + * return the vendor data from PS given its cache entry. The disk cache must be + * locked by the caller. + */ +TSS_RESULT +psfile_get_vendor_data(int fd, struct key_disk_cache *c, UINT32 *size, BYTE **data) +{ + int rc; + UINT32 file_offset; + + /* jump to the location of the data */ + file_offset = TSSPS_VENDOR_DATA_OFFSET(c); + + rc = lseek(fd, file_offset, SEEK_SET); + if (rc == ((off_t) - 1)) { + LogError("lseek: %s", strerror(errno)); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if ((*data = malloc(c->vendor_data_size)) == NULL) { + LogError("malloc of %u bytes failed", c->vendor_data_size); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + if ((rc = read_data(fd, *data, c->vendor_data_size))) { + LogError("%s: error reading %u bytes", __FUNCTION__, c->vendor_data_size); + free(*data); + *data = NULL; + return TCSERR(TSS_E_INTERNAL_ERROR); + } + *size = c->vendor_data_size; + + return TSS_SUCCESS; +} + +TSS_RESULT +psfile_get_ps_type_by_uuid(int fd, TSS_UUID *uuid, UINT32 *ret_ps_type) +{ + struct key_disk_cache *tmp; + + MUTEX_LOCK(disk_cache_lock); + tmp = key_disk_cache_head; + + while (tmp) { + if (memcmp(uuid, &tmp->uuid, sizeof(TSS_UUID)) || + !(tmp->flags & CACHE_FLAG_VALID)) { + tmp = tmp->next; + continue; + } + + if (tmp->flags & CACHE_FLAG_PARENT_PS_SYSTEM) { + *ret_ps_type = TSS_PS_TYPE_SYSTEM; + goto done; + } else + break; + } + + *ret_ps_type = TSS_PS_TYPE_USER; +done: + MUTEX_UNLOCK(disk_cache_lock); + return TSS_SUCCESS; +} + +TSS_RESULT +psfile_is_pub_registered(int fd, TCPA_STORE_PUBKEY *pub, TSS_BOOL *is_reg) +{ + int rc; + UINT32 file_offset = 0; + struct key_disk_cache *tmp; + char tmp_buffer[2048]; + + MUTEX_LOCK(disk_cache_lock); + tmp = key_disk_cache_head; + + while (tmp) { + /* if the key is of the wrong size or is invalid, try the next one */ + if (pub->keyLength != tmp->pub_data_size || !(tmp->flags & CACHE_FLAG_VALID)) { + tmp = tmp->next; + continue; + } + + /* we have a valid key with the same key size as the one we're looking for. + * grab the pub key data off disk and compare it. */ + + /* jump to the location of the public key */ + file_offset = TSSPS_PUB_DATA_OFFSET(tmp); + + rc = lseek(fd, file_offset, SEEK_SET); + if (rc == ((off_t) - 1)) { + LogError("lseek: %s", strerror(errno)); + MUTEX_UNLOCK(disk_cache_lock); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + DBG_ASSERT(tmp->pub_data_size < 2048); + + /* read in the key */ + if ((rc = read_data(fd, tmp_buffer, tmp->pub_data_size))) { + LogError("%s", __FUNCTION__); + MUTEX_UNLOCK(disk_cache_lock); + return rc; + } + + /* do the compare */ + if (memcmp(tmp_buffer, pub->key, tmp->pub_data_size)) { + tmp = tmp->next; + continue; + } + + /* the key matches, copy the uuid out */ + *is_reg = TRUE; + + MUTEX_UNLOCK(disk_cache_lock); + return TSS_SUCCESS; + } + MUTEX_UNLOCK(disk_cache_lock); + /* key not found */ + *is_reg = FALSE; + return TSS_SUCCESS; +} + + +TSS_RESULT +psfile_get_uuid_by_pub(int fd, TCPA_STORE_PUBKEY *pub, TSS_UUID **ret_uuid) +{ + int rc; + UINT32 file_offset = 0; + struct key_disk_cache *tmp; + char tmp_buffer[2048]; + + MUTEX_LOCK(disk_cache_lock); + tmp = key_disk_cache_head; + + while (tmp) { + /* if the key is of the wrong size or is invalid, try the next one */ + if (pub->keyLength != tmp->pub_data_size || !(tmp->flags & CACHE_FLAG_VALID)) { + tmp = tmp->next; + continue; + } + + /* we have a valid key with the same key size as the one we're looking for. + * grab the pub key data off disk and compare it. */ + + /* jump to the location of the public key */ + file_offset = TSSPS_PUB_DATA_OFFSET(tmp); + + rc = lseek(fd, file_offset, SEEK_SET); + if (rc == ((off_t) - 1)) { + LogError("lseek: %s", strerror(errno)); + MUTEX_UNLOCK(disk_cache_lock); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + DBG_ASSERT(tmp->pub_data_size < 2048); + + if (tmp->pub_data_size > sizeof(tmp_buffer)) { + LogError("Source buffer size too big! Size: %d", + tmp->pub_data_size); + MUTEX_UNLOCK(disk_cache_lock); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + /* read in the key */ + if ((rc = read_data(fd, tmp_buffer, tmp->pub_data_size))) { + LogError("%s", __FUNCTION__); + MUTEX_UNLOCK(disk_cache_lock); + return rc; + } + + /* do the compare */ + if (memcmp(tmp_buffer, pub->key, tmp->pub_data_size)) { + tmp = tmp->next; + continue; + } + + *ret_uuid = (TSS_UUID *)malloc(sizeof(TSS_UUID)); + if (*ret_uuid == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(TSS_UUID)); + MUTEX_UNLOCK(disk_cache_lock); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + /* the key matches, copy the uuid out */ + memcpy(*ret_uuid, &tmp->uuid, sizeof(TSS_UUID)); + + MUTEX_UNLOCK(disk_cache_lock); + return TSS_SUCCESS; + } + MUTEX_UNLOCK(disk_cache_lock); + /* key not found */ + return TCSERR(TSS_E_PS_KEY_NOTFOUND); +} + +TSS_RESULT +psfile_get_key_by_pub(int fd, TCPA_STORE_PUBKEY *pub, UINT32 *size, BYTE **ret_key) +{ + int rc; + UINT32 file_offset = 0; + struct key_disk_cache *tmp; + BYTE tmp_buffer[4096]; + + MUTEX_LOCK(disk_cache_lock); + tmp = key_disk_cache_head; + + while (tmp) { + /* if the key is of the wrong size or is invalid, try the next one */ + if (pub->keyLength != tmp->pub_data_size || !(tmp->flags & CACHE_FLAG_VALID)) { + tmp = tmp->next; + continue; + } + + /* we have a valid key with the same key size as the one we're looking for. + * grab the pub key data off disk and compare it. */ + + /* jump to the location of the public key */ + file_offset = TSSPS_PUB_DATA_OFFSET(tmp); + + rc = lseek(fd, file_offset, SEEK_SET); + if (rc == ((off_t) - 1)) { + LogError("lseek: %s", strerror(errno)); + MUTEX_UNLOCK(disk_cache_lock); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + DBG_ASSERT(tmp->pub_data_size < 2048); + if (tmp->pub_data_size > sizeof(tmp_buffer)) { + LogError("Source buffer size too big! Size: %d", + tmp->pub_data_size); + MUTEX_UNLOCK(disk_cache_lock); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + /* read in the key */ + if ((rc = read_data(fd, tmp_buffer, tmp->pub_data_size))) { + LogError("%s", __FUNCTION__); + MUTEX_UNLOCK(disk_cache_lock); + return rc; + } + + /* do the compare */ + if (memcmp(tmp_buffer, pub->key, tmp->pub_data_size)) { + tmp = tmp->next; + continue; + } + + /* jump to the location of the key blob */ + file_offset = TSSPS_BLOB_DATA_OFFSET(tmp); + + rc = lseek(fd, file_offset, SEEK_SET); + if (rc == ((off_t) - 1)) { + LogError("lseek: %s", strerror(errno)); + MUTEX_UNLOCK(disk_cache_lock); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + DBG_ASSERT(tmp->blob_size < 4096); + if (tmp->blob_size > sizeof(tmp_buffer)) { + LogError("Blob size greater than 4096! Size: %d", + tmp->blob_size); + MUTEX_UNLOCK(disk_cache_lock); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + /* read in the key blob */ + if ((rc = read_data(fd, tmp_buffer, tmp->blob_size))) { + LogError("%s", __FUNCTION__); + MUTEX_UNLOCK(disk_cache_lock); + return rc; + } + + *ret_key = malloc(tmp->blob_size); + if (*ret_key == NULL) { + LogError("malloc of %d bytes failed.", tmp->blob_size); + MUTEX_UNLOCK(disk_cache_lock); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + memcpy(*ret_key, tmp_buffer, tmp->blob_size); + *size = tmp->blob_size; + + MUTEX_UNLOCK(disk_cache_lock); + return rc; + } + MUTEX_UNLOCK(disk_cache_lock); + /* key not found */ + return -2; +} + +/* + * disk store format: + * + * TrouSerS 0.2.0 and before: + * Version 0: cached? + * [UINT32 num_keys_on_disk] + * [TSS_UUID uuid0 ] yes + * [TSS_UUID uuid_parent0 ] yes + * [UINT16 pub_data_size0 ] yes + * [UINT16 blob_size0 ] yes + * [UINT16 cache_flags0 ] yes + * [BYTE[] pub_data0 ] + * [BYTE[] blob0 ] + * [...] + * + * TrouSerS 0.2.1+ + * Version 1: cached? + * [BYTE PS version = '\1'] + * [UINT32 num_keys_on_disk ] + * [TSS_UUID uuid0 ] yes + * [TSS_UUID uuid_parent0 ] yes + * [UINT16 pub_data_size0 ] yes + * [UINT16 blob_size0 ] yes + * [UINT32 vendor_data_size0] yes + * [UINT16 cache_flags0 ] yes + * [BYTE[] pub_data0 ] + * [BYTE[] blob0 ] + * [BYTE[] vendor_data0 ] + * [...] + * + */ +TSS_RESULT +psfile_write_key(int fd, + TSS_UUID *uuid, + TSS_UUID *parent_uuid, + UINT32 *parent_ps, + BYTE *vendor_data, + UINT32 vendor_size, + BYTE *key_blob, + UINT16 key_blob_size) +{ + TSS_KEY key; + UINT16 pub_key_size, cache_flags = CACHE_FLAG_VALID; + UINT64 offset; + int rc = 0; + + /* leaving the cache flag for parent ps type as 0 implies TSS_PS_TYPE_USER */ + if (*parent_ps == TSS_PS_TYPE_SYSTEM) + cache_flags |= CACHE_FLAG_PARENT_PS_SYSTEM; + + /* Unload the blob to get the public key */ + offset = 0; + if ((rc = UnloadBlob_TSS_KEY(&offset, key_blob, &key))) + return rc; + + pub_key_size = key.pubKey.keyLength; + + if ((rc = write_key_init(fd, pub_key_size, key_blob_size, vendor_size)) < 0) + goto done; + + /* offset now holds the number of bytes from the beginning of the file + * the key will be stored at + */ + offset = rc; + +#ifdef TSS_DEBUG + if (offset == 0) + LogDebug("ERROR: key being written with offset 0!!"); +#endif + + /* [TSS_UUID uuid0 ] yes */ + if ((rc = write_data(fd, (void *)uuid, sizeof(TSS_UUID)))) { + LogError("%s", __FUNCTION__); + goto done; + } + + /* [TSS_UUID uuid_parent0 ] yes */ + if ((rc = write_data(fd, (void *)parent_uuid, sizeof(TSS_UUID)))) { + LogError("%s", __FUNCTION__); + goto done; + } + + /* [UINT16 pub_data_size0 ] yes */ + pub_key_size = LE_16(pub_key_size); + if ((rc = write_data(fd, &pub_key_size, sizeof(UINT16)))) { + LogError("%s", __FUNCTION__); + goto done; + } + /* Swap it back for later */ + pub_key_size = LE_16(pub_key_size); + + /* [UINT16 blob_size0 ] yes */ + key_blob_size = LE_16(key_blob_size); + if ((rc = write_data(fd, &key_blob_size, sizeof(UINT16)))) { + LogError("%s", __FUNCTION__); + goto done; + } + /* Swap it back for later */ + key_blob_size = LE_16(key_blob_size); + + /* [UINT32 vendor_data_size0 ] yes */ + vendor_size = LE_32(vendor_size); + if ((rc = write_data(fd, &vendor_size, sizeof(UINT32)))) { + LogError("%s", __FUNCTION__); + goto done; + } + /* Swap it back for later */ + vendor_size = LE_32(vendor_size); + + /* [UINT16 cache_flags0 ] yes */ + cache_flags = LE_16(cache_flags); + if ((rc = write_data(fd, &cache_flags, sizeof(UINT16)))) { + LogError("%s", __FUNCTION__); + goto done; + } + /* Swap it back for later */ + cache_flags = LE_16(cache_flags); + + /* [BYTE[] pub_data0 ] no */ + if ((rc = write_data(fd, (void *)key.pubKey.key, pub_key_size))) { + LogError("%s", __FUNCTION__); + goto done; + } + + /* [BYTE[] blob0 ] no */ + if ((rc = write_data(fd, (void *)key_blob, key_blob_size))) { + LogError("%s", __FUNCTION__); + goto done; + } + + /* [BYTE[] vendor_data0 ] no */ + if (vendor_size > 0) { + if ((rc = write_data(fd, (void *)vendor_data, vendor_size))) { + LogError("%s", __FUNCTION__); + goto done; + } + } + + if ((rc = cache_key((UINT32)offset, cache_flags, uuid, parent_uuid, pub_key_size, + key_blob_size, vendor_size))) + goto done; +done: + destroy_key_refs(&key); + + return rc; +} + +TSS_RESULT +psfile_remove_key(int fd, struct key_disk_cache *c) +{ + TSS_RESULT result; + UINT32 head_offset = 0, tail_offset, num_keys; + BYTE buf[4096]; + struct stat stat_buf; + int rc, size = 0; + + if ((rc = fstat(fd, &stat_buf)) != 0) { + LogError("fstat: %s", strerror(errno)); + return TSS_E_INTERNAL_ERROR; + } + + /* head_offset is the offset the beginning of the key */ + head_offset = TSSPS_UUID_OFFSET(c); + + /* tail_offset is the offset the beginning of the next key */ + tail_offset = TSSPS_VENDOR_DATA_OFFSET(c) + c->vendor_data_size; + + rc = lseek(fd, tail_offset, SEEK_SET); + if (rc == ((off_t) - 1)) { + LogError("lseek: %s", strerror(errno)); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + /* read in from tail, write out to head to fill the gap */ + while ((rc = read(fd, buf, sizeof(buf))) > 0) { + size = rc; + tail_offset += size; + + /* set the file pointer to where we want to write */ + rc = lseek(fd, head_offset, SEEK_SET); + if (rc == ((off_t) - 1)) { + LogError("lseek: %s", strerror(errno)); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + /* write the data */ + if ((result = write_data(fd, (void *)buf, size))) { + LogError("%s", __FUNCTION__); + return result; + } + head_offset += size; + + /* set the file pointer to where we want to read in the next + * loop */ + rc = lseek(fd, tail_offset, SEEK_SET); + if (rc == ((off_t) - 1)) { + LogError("lseek: %s", strerror(errno)); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + + if (rc < 0) { + LogError("read: %s", strerror(errno)); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + /* set the file pointer to where we want to write */ + rc = lseek(fd, head_offset, SEEK_SET); + if (rc == ((off_t) - 1)) { + LogError("lseek: %s", strerror(errno)); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + /* head_offset now contains a pointer to where we want to truncate the + * file. Zero out the old tail end of the file and truncate it. */ + + memset(buf, 0, sizeof(buf)); + + /* Zero out the old tail end of the file */ + if ((result = write_data(fd, (void *)buf, tail_offset - head_offset))) { + LogError("%s", __FUNCTION__); + return result; + } + + if ((rc = ftruncate(fd, head_offset)) < 0) { + LogError("ftruncate: %s", strerror(errno)); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + /* we succeeded in removing a key from the disk. Decrement the number + * of keys in the file */ + rc = lseek(fd, TSSPS_NUM_KEYS_OFFSET, SEEK_SET); + if (rc == ((off_t) - 1)) { + LogError("lseek: %s", strerror(errno)); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + rc = read(fd, &num_keys, sizeof(UINT32)); + num_keys = LE_32(num_keys); + if (rc != sizeof(UINT32)) { + LogError("read of %zd bytes: %s", sizeof(UINT32), strerror(errno)); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + rc = lseek(fd, TSSPS_NUM_KEYS_OFFSET, SEEK_SET); + if (rc == ((off_t) - 1)) { + LogError("lseek: %s", strerror(errno)); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + /* decrement, then write back out to disk */ + num_keys--; + + num_keys = LE_32(num_keys); + if ((result = write_data(fd, (void *)&num_keys, sizeof(UINT32)))) { + LogError("%s", __FUNCTION__); + return result; + } + + return TSS_SUCCESS; +} diff --git a/src/tcs/rpc/tcstp/rpc.c b/src/tcs/rpc/tcstp/rpc.c new file mode 100644 index 0000000..7660675 --- /dev/null +++ b/src/tcs/rpc/tcstp/rpc.c @@ -0,0 +1,628 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#include +#include +#include +#include +#include +#if (defined (__OpenBSD__) || defined (__FreeBSD__)) +#include +#include +#endif +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "rpc_tcstp_tcs.h" + + +/* Lock is not static because we need to reference it in the auth manager */ +MUTEX_DECLARE_INIT(tcsp_lock); + + +void +LoadBlob_Auth_Special(UINT64 *offset, BYTE *blob, TPM_AUTH *auth) +{ + LoadBlob(offset, TCPA_SHA1BASED_NONCE_LEN, blob, auth->NonceEven.nonce); + LoadBlob_BOOL(offset, auth->fContinueAuthSession, blob); + LoadBlob(offset, TCPA_SHA1BASED_NONCE_LEN, blob, (BYTE *)&auth->HMAC); +} + +void +UnloadBlob_Auth_Special(UINT64 *offset, BYTE *blob, TPM_AUTH *auth) +{ + UnloadBlob_UINT32(offset, &auth->AuthHandle, blob); + UnloadBlob(offset, TCPA_SHA1BASED_NONCE_LEN, blob, auth->NonceOdd.nonce); + UnloadBlob_BOOL(offset, &auth->fContinueAuthSession, blob); + UnloadBlob(offset, TCPA_SHA1BASED_NONCE_LEN, blob, (BYTE *)&auth->HMAC); +} + +int +recv_from_socket(int sock, void *buffer, int size) +{ + int recv_size = 0, recv_total = 0; + + while (recv_total < size) { + errno = 0; + if ((recv_size = recv(sock, buffer+recv_total, size-recv_total, 0)) <= 0) { + if (recv_size < 0) { + if (errno == EINTR) + continue; + LogError("Socket receive connection error: %s.", strerror(errno)); + } else { + LogDebug("Socket connection closed."); + } + + return -1; + } + recv_total += recv_size; + } + + return recv_total; +} + +int +send_to_socket(int sock, void *buffer, int size) +{ + int send_size = 0, send_total = 0; + + while (send_total < size) { + if ((send_size = send(sock, buffer+send_total, size-send_total, 0)) < 0) { + LogError("Socket send connection error: %s.", strerror(errno)); + return -1; + } + send_total += send_size; + } + + return send_total; +} + + +void +initData(struct tcsd_comm_data *comm, int parm_count) +{ + /* min packet size should be the size of the header */ + memset(&comm->hdr, 0, sizeof(struct tcsd_packet_hdr)); + comm->hdr.packet_size = sizeof(struct tcsd_packet_hdr); + if (parm_count > 0) { + comm->hdr.type_offset = sizeof(struct tcsd_packet_hdr); + comm->hdr.parm_offset = comm->hdr.type_offset + + (sizeof(TCSD_PACKET_TYPE) * parm_count); + comm->hdr.packet_size = comm->hdr.parm_offset; + } + + memset(comm->buf, 0, comm->buf_size); +} + +int +loadData(UINT64 *offset, TCSD_PACKET_TYPE data_type, void *data, int data_size, BYTE *blob) +{ + switch (data_type) { + case TCSD_PACKET_TYPE_BYTE: + LoadBlob_BYTE(offset, *((BYTE *) (data)), blob); + break; + case TCSD_PACKET_TYPE_BOOL: + LoadBlob_BOOL(offset, *((TSS_BOOL *) (data)), blob); + break; + case TCSD_PACKET_TYPE_UINT16: + LoadBlob_UINT16(offset, *((UINT16 *) (data)), blob); + break; + case TCSD_PACKET_TYPE_UINT32: + LoadBlob_UINT32(offset, *((UINT32 *) (data)), blob); + break; + case TCSD_PACKET_TYPE_UINT64: + LoadBlob_UINT64(offset, *((UINT64 *) (data)), blob); + break; + case TCSD_PACKET_TYPE_PBYTE: + LoadBlob(offset, data_size, blob, data); + break; + case TCSD_PACKET_TYPE_NONCE: + LoadBlob(offset, sizeof(TCPA_NONCE), blob, ((TCPA_NONCE *)data)->nonce); + break; + case TCSD_PACKET_TYPE_DIGEST: + LoadBlob(offset, sizeof(TCPA_DIGEST), blob, ((TCPA_DIGEST *)data)->digest); + break; + case TCSD_PACKET_TYPE_AUTH: + LoadBlob_Auth_Special(offset, blob, ((TPM_AUTH *)data)); + break; +#ifdef TSS_BUILD_PS + case TCSD_PACKET_TYPE_UUID: + LoadBlob_UUID(offset, blob, *((TSS_UUID *)data)); + break; + case TCSD_PACKET_TYPE_KM_KEYINFO: + LoadBlob_KM_KEYINFO(offset, blob, ((TSS_KM_KEYINFO *)data)); + break; + case TCSD_PACKET_TYPE_KM_KEYINFO2: + LoadBlob_KM_KEYINFO2(offset, blob, ((TSS_KM_KEYINFO2 *)data)); + break; + case TCSD_PACKET_TYPE_LOADKEY_INFO: + LoadBlob_LOADKEY_INFO(offset, blob, ((TCS_LOADKEY_INFO *)data)); + break; +#endif + case TCSD_PACKET_TYPE_ENCAUTH: + LoadBlob(offset, sizeof(TCPA_ENCAUTH), blob, + ((TCPA_ENCAUTH *)data)->authdata); + break; + case TCSD_PACKET_TYPE_VERSION: + LoadBlob_VERSION(offset, blob, ((TPM_VERSION *)data)); + break; +#ifdef TSS_BUILD_PCR_EVENTS + case TCSD_PACKET_TYPE_PCR_EVENT: + LoadBlob_PCR_EVENT(offset, blob, ((TSS_PCR_EVENT *)data)); + break; +#endif + case TCSD_PACKET_TYPE_SECRET: + LoadBlob(offset, sizeof(TCPA_SECRET), blob, + ((TCPA_SECRET *)data)->authdata); + break; + default: + LogError("TCSD packet type unknown! (0x%x)", data_type & 0xff); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + return TSS_SUCCESS; +} + + +int +setData(TCSD_PACKET_TYPE dataType, + unsigned int index, + void *theData, + int theDataSize, + struct tcsd_comm_data *comm) +{ + UINT64 old_offset, offset; + TSS_RESULT result; + TCSD_PACKET_TYPE *type; + + /* Calculate the size of the area needed (use NULL for blob address) */ + offset = 0; + if ((result = loadData(&offset, dataType, theData, theDataSize, NULL)) != TSS_SUCCESS) + return result; + + if ((comm->hdr.packet_size + offset) > comm->buf_size) { + /* reallocate the buffer */ + BYTE *buffer; + int buffer_size = comm->hdr.packet_size + offset; + + LogDebug("Increasing communication buffer to %d bytes.", buffer_size); + buffer = realloc(comm->buf, buffer_size); + if (buffer == NULL) { + LogError("realloc of %d bytes failed.", buffer_size); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + comm->buf_size = buffer_size; + comm->buf = buffer; + } + + offset = old_offset = comm->hdr.parm_offset + comm->hdr.parm_size; + if ((result = loadData(&offset, dataType, theData, theDataSize, comm->buf)) != TSS_SUCCESS) + return result; + type = (TCSD_PACKET_TYPE *)(comm->buf + comm->hdr.type_offset) + index; + *type = dataType; + comm->hdr.type_size += sizeof(TCSD_PACKET_TYPE); + comm->hdr.parm_size += (offset - old_offset); + + comm->hdr.packet_size = offset; + comm->hdr.num_parms++; + + return TSS_SUCCESS; +} + +UINT32 +getData(TCSD_PACKET_TYPE dataType, + unsigned int index, + void *theData, + int theDataSize, + struct tcsd_comm_data *comm) +{ + UINT64 old_offset, offset; + TCSD_PACKET_TYPE *type; + + if ((comm->hdr.type_offset + index) > comm->buf_size) + return TSS_TCP_RPC_BAD_PACKET_TYPE; + + type = (comm->buf + comm->hdr.type_offset) + index; + + if ((UINT32)index >= comm->hdr.num_parms || dataType != *type) { + LogDebug("Data type of TCS packet element %d doesn't match.", index); + return TSS_TCP_RPC_BAD_PACKET_TYPE; + } + old_offset = offset = comm->hdr.parm_offset; + switch (dataType) { + case TCSD_PACKET_TYPE_BYTE: + if (old_offset + sizeof(BYTE) > comm->hdr.packet_size) + return TCSERR(TSS_E_INTERNAL_ERROR); + + UnloadBlob_BYTE(&offset, (BYTE *) (theData), comm->buf); + break; + case TCSD_PACKET_TYPE_BOOL: + if (old_offset + sizeof(TSS_BOOL) > comm->hdr.packet_size) + return TCSERR(TSS_E_INTERNAL_ERROR); + + UnloadBlob_BOOL(&offset, (TSS_BOOL *) (theData), comm->buf); + break; + case TCSD_PACKET_TYPE_UINT16: + if (old_offset + sizeof(UINT16) > comm->hdr.packet_size) + return TCSERR(TSS_E_INTERNAL_ERROR); + + UnloadBlob_UINT16(&offset, (UINT16 *) (theData), comm->buf); + break; + case TCSD_PACKET_TYPE_UINT32: + if (old_offset + sizeof(UINT32) > comm->hdr.packet_size) + return TCSERR(TSS_E_INTERNAL_ERROR); + + UnloadBlob_UINT32(&offset, (UINT32 *) (theData), comm->buf); + break; + case TCSD_PACKET_TYPE_PBYTE: + if (old_offset + theDataSize > comm->hdr.packet_size) + return TCSERR(TSS_E_INTERNAL_ERROR); + + UnloadBlob(&offset, theDataSize, comm->buf, theData); + break; + case TCSD_PACKET_TYPE_NONCE: + if (old_offset + sizeof(TPM_NONCE) > comm->hdr.packet_size) + return TCSERR(TSS_E_INTERNAL_ERROR); + + UnloadBlob(&offset, sizeof(TCPA_NONCE), comm->buf, + ((TCPA_NONCE *) (theData))->nonce); + break; + case TCSD_PACKET_TYPE_DIGEST: + if (old_offset + sizeof(TPM_DIGEST) > comm->hdr.packet_size) + return TCSERR(TSS_E_INTERNAL_ERROR); + + UnloadBlob(&offset, sizeof(TCPA_DIGEST), comm->buf, + ((TCPA_DIGEST *) (theData))->digest); + break; + case TCSD_PACKET_TYPE_AUTH: + if ((old_offset + sizeof(TCS_AUTHHANDLE) + + sizeof(TPM_BOOL) + + (2 * sizeof(TPM_NONCE))) > comm->hdr.packet_size) + return TCSERR(TSS_E_INTERNAL_ERROR); + + UnloadBlob_Auth_Special(&offset, comm->buf, ((TPM_AUTH *) theData)); + break; + case TCSD_PACKET_TYPE_ENCAUTH: + if (old_offset + sizeof(TPM_ENCAUTH) > comm->hdr.packet_size) + return TCSERR(TSS_E_INTERNAL_ERROR); + + UnloadBlob(&offset, sizeof(TCPA_ENCAUTH), comm->buf, + ((TCPA_ENCAUTH *) theData)->authdata); + break; + case TCSD_PACKET_TYPE_VERSION: + if (old_offset + sizeof(TPM_VERSION) > comm->hdr.packet_size) + return TCSERR(TSS_E_INTERNAL_ERROR); + + UnloadBlob_VERSION(&offset, comm->buf, ((TPM_VERSION *) theData)); + break; +#ifdef TSS_BUILD_PS + case TCSD_PACKET_TYPE_KM_KEYINFO: + UnloadBlob_KM_KEYINFO(&old_offset, comm->buf, NULL); + + if (old_offset > comm->hdr.packet_size) + return TCSERR(TSS_E_INTERNAL_ERROR); + + old_offset = offset; + UnloadBlob_KM_KEYINFO(&offset, comm->buf, ((TSS_KM_KEYINFO *)theData)); + break; + case TCSD_PACKET_TYPE_LOADKEY_INFO: + UnloadBlob_LOADKEY_INFO(&old_offset, comm->buf, NULL); + + if (old_offset > comm->hdr.packet_size) + return TCSERR(TSS_E_INTERNAL_ERROR); + + old_offset = offset; + UnloadBlob_LOADKEY_INFO(&offset, comm->buf, ((TCS_LOADKEY_INFO *)theData)); + break; + case TCSD_PACKET_TYPE_UUID: + if (old_offset + sizeof(TSS_UUID) > comm->hdr.packet_size) + return TCSERR(TSS_E_INTERNAL_ERROR); + + UnloadBlob_UUID(&offset, comm->buf, (TSS_UUID *) theData); + break; +#endif +#ifdef TSS_BUILD_PCR_EVENTS + case TCSD_PACKET_TYPE_PCR_EVENT: + { + TSS_RESULT result; + + (void)UnloadBlob_PCR_EVENT(&old_offset, comm->buf, NULL); + + if (old_offset > comm->hdr.packet_size) + return TCSERR(TSS_E_INTERNAL_ERROR); + + old_offset = offset; + if ((result = UnloadBlob_PCR_EVENT(&offset, comm->buf, + ((TSS_PCR_EVENT *)theData)))) + return result; + break; + } +#endif + case TCSD_PACKET_TYPE_SECRET: + if (old_offset + sizeof(TPM_SECRET) > comm->hdr.packet_size) + return TCSERR(TSS_E_INTERNAL_ERROR); + + UnloadBlob(&offset, sizeof(TCPA_SECRET), comm->buf, + ((TCPA_SECRET *) theData)->authdata); + break; + default: + LogError("TCSD packet type unknown! (0x%x)", dataType & 0xff); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + comm->hdr.parm_offset = offset; + comm->hdr.parm_size -= (offset - old_offset); + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_Error(struct tcsd_thread_data *data) +{ + LogError("%s reached.", __FUNCTION__); + + initData(&data->comm, 0); + + data->comm.hdr.u.result = TCSERR(TSS_E_FAIL); + + return TSS_SUCCESS; + +} + +/* Dispatch */ +typedef struct tdDispatchTable { + TSS_RESULT (*Func) (struct tcsd_thread_data *); + const char *name; +} DispatchTable; + +DispatchTable tcs_func_table[TCSD_MAX_NUM_ORDS] = { + {tcs_wrap_Error,"Error"}, /* 0 */ + {tcs_wrap_OpenContext,"OpenContext"}, + {tcs_wrap_CloseContext,"CloseContext"}, + {tcs_wrap_Error,"Error"}, + {tcs_wrap_TCSGetCapability,"TCSGetCapability"}, + {tcs_wrap_RegisterKey,"RegisterKey"}, /* 5 */ + {tcs_wrap_UnregisterKey,"UnregisterKey"}, + {tcs_wrap_EnumRegisteredKeys,"EnumRegisteredKeys"}, + {tcs_wrap_Error,"Error"}, + {tcs_wrap_GetRegisteredKeyBlob,"GetRegisteredKeyBlob"}, + {tcs_wrap_GetRegisteredKeyByPublicInfo,"GetRegisteredKeyByPublicInfo"}, /* 10 */ + {tcs_wrap_LoadKeyByBlob,"LoadKeyByBlob"}, + {tcs_wrap_LoadKeyByUUID,"LoadKeyByUUID"}, + {tcs_wrap_EvictKey,"EvictKey"}, + {tcs_wrap_CreateWrapKey,"CreateWrapKey"}, + {tcs_wrap_GetPubkey,"GetPubkey"}, /* 15 */ + {tcs_wrap_MakeIdentity,"MakeIdentity"}, + {tcs_wrap_LogPcrEvent,"LogPcrEvent"}, + {tcs_wrap_GetPcrEvent,"GetPcrEvent"}, + {tcs_wrap_GetPcrEventsByPcr,"GetPcrEventsByPcr"}, + {tcs_wrap_GetPcrEventLog,"GetPcrEventLog"}, /* 20 */ + {tcs_wrap_SetOwnerInstall,"SetOwnerInstall"}, + {tcs_wrap_TakeOwnership,"TakeOwnership"}, + {tcs_wrap_OIAP,"OIAP"}, + {tcs_wrap_OSAP,"OSAP"}, + {tcs_wrap_ChangeAuth,"ChangeAuth"}, /* 25 */ + {tcs_wrap_ChangeAuthOwner,"ChangeAuthOwner"}, + {tcs_wrap_Error,"Error"}, + {tcs_wrap_Error,"Error"}, + {tcs_wrap_TerminateHandle,"TerminateHandle"}, + {tcs_wrap_ActivateIdentity,"ActivateIdentity"}, /* 30 */ + {tcs_wrap_Extend,"Extend"}, + {tcs_wrap_PcrRead,"PcrRead"}, + {tcs_wrap_Quote,"Quote"}, + {tcs_wrap_DirWriteAuth,"DirWriteAuth"}, + {tcs_wrap_DirRead,"DirRead"}, /* 35 */ + {tcs_wrap_Seal,"Seal"}, + {tcs_wrap_UnSeal,"UnSeal"}, + {tcs_wrap_UnBind,"UnBind"}, + {tcs_wrap_CreateMigrationBlob,"CreateMigrationBlob"}, + {tcs_wrap_ConvertMigrationBlob,"ConvertMigrationBlob"}, /* 40 */ + {tcs_wrap_AuthorizeMigrationKey,"AuthorizeMigrationKey"}, + {tcs_wrap_CertifyKey,"CertifyKey"}, + {tcs_wrap_Sign,"Sign"}, + {tcs_wrap_GetRandom,"GetRandom"}, + {tcs_wrap_StirRandom,"StirRandom"}, /* 45 */ + {tcs_wrap_GetCapability,"GetCapability"}, + {tcs_wrap_Error,"Error"}, + {tcs_wrap_GetCapabilityOwner,"GetCapabilityOwner"}, + {tcs_wrap_CreateEndorsementKeyPair,"CreateEndorsementKeyPair"}, + {tcs_wrap_ReadPubek,"ReadPubek"}, /* 50 */ + {tcs_wrap_DisablePubekRead,"DisablePubekRead"}, + {tcs_wrap_OwnerReadPubek,"OwnerReadPubek"}, + {tcs_wrap_SelfTestFull,"SelfTestFull"}, + {tcs_wrap_CertifySelfTest,"CertifySelfTest"}, + {tcs_wrap_Error,"Error"}, /* 55 */ + {tcs_wrap_GetTestResult,"GetTestResult"}, + {tcs_wrap_OwnerSetDisable,"OwnerSetDisable"}, + {tcs_wrap_OwnerClear,"OwnerClear"}, + {tcs_wrap_DisableOwnerClear,"DisableOwnerClear"}, + {tcs_wrap_ForceClear,"ForceClear"}, /* 60 */ + {tcs_wrap_DisableForceClear,"DisableForceClear"}, + {tcs_wrap_PhysicalDisable,"PhysicalDisable"}, + {tcs_wrap_PhysicalEnable,"PhysicalEnable"}, + {tcs_wrap_PhysicalSetDeactivated,"PhysicalSetDeactivated"}, + {tcs_wrap_SetTempDeactivated,"SetTempDeactivated"}, /* 65 */ + {tcs_wrap_PhysicalPresence,"PhysicalPresence"}, + {tcs_wrap_Error,"Error"}, + {tcs_wrap_Error,"Error"}, + {tcs_wrap_CreateMaintenanceArchive,"CreateMaintenanceArchive"}, + {tcs_wrap_LoadMaintenanceArchive,"LoadMaintenanceArchive"}, /* 70 */ + {tcs_wrap_KillMaintenanceFeature,"KillMaintenanceFeature"}, + {tcs_wrap_LoadManuMaintPub,"LoadManuMaintPub"}, + {tcs_wrap_ReadManuMaintPub,"ReadManuMaintPub"}, + {tcs_wrap_DaaJoin,"DaaJoin"}, + {tcs_wrap_DaaSign,"DaaSign"}, /* 75 */ + {tcs_wrap_SetCapability,"SetCapability"}, + {tcs_wrap_ResetLockValue,"ResetLockValue"}, + {tcs_wrap_PcrReset,"PcrReset"}, + {tcs_wrap_ReadCounter,"ReadCounter"}, + {tcs_wrap_CreateCounter,"CreateCounter"}, /* 80 */ + {tcs_wrap_IncrementCounter,"IncrementCounter"}, + {tcs_wrap_ReleaseCounter,"ReleaseCounter"}, + {tcs_wrap_ReleaseCounterOwner,"ReleaseCounterOwner"}, + {tcs_wrap_ReadCurrentTicks,"ReadCurrentTicks"}, + {tcs_wrap_TickStampBlob,"TicksStampBlob"}, /* 85 */ + {tcs_wrap_GetCredential,"GetCredential"}, + {tcs_wrap_NV_DefineOrReleaseSpace,"NVDefineOrReleaseSpace"}, + {tcs_wrap_NV_WriteValue,"NVWriteValue"}, + {tcs_wrap_NV_WriteValueAuth,"NVWriteValueAuth"}, + {tcs_wrap_NV_ReadValue,"NVReadValue"}, /* 90 */ + {tcs_wrap_NV_ReadValueAuth,"NVReadValueAuth"}, + {tcs_wrap_EstablishTransport,"EstablishTransport"}, + {tcs_wrap_ExecuteTransport,"ExecuteTransport"}, + {tcs_wrap_ReleaseTransportSigned,"ReleaseTransportSigned"}, + {tcs_wrap_SetOrdinalAuditStatus,"SetOrdinalAuditStatus"}, /* 95 */ + {tcs_wrap_GetAuditDigest,"GetAuditDigest"}, + {tcs_wrap_GetAuditDigestSigned,"GetAuditDigestSigned"}, + {tcs_wrap_Sealx,"Sealx"}, + {tcs_wrap_SetOperatorAuth,"SetOperatorAuth"}, + {tcs_wrap_OwnerReadInternalPub,"OwnerReadInternalPub"}, /* 100 */ + {tcs_wrap_EnumRegisteredKeys2,"EnumRegisteredKeys2"}, + {tcs_wrap_SetTempDeactivated2,"SetTempDeactivated2"}, + {tcs_wrap_Delegate_Manage,"Delegate_Manage"}, + {tcs_wrap_Delegate_CreateKeyDelegation,"Delegate_CreateKeyDelegation"}, + {tcs_wrap_Delegate_CreateOwnerDelegation,"Delegate_CreateOwnerDelegation"}, /* 105 */ + {tcs_wrap_Delegate_LoadOwnerDelegation,"Delegate_LoadOwnerDelegation"}, + {tcs_wrap_Delegate_ReadTable,"Delegate_ReadTable"}, + {tcs_wrap_Delegate_UpdateVerificationCount,"Delegate_UpdateVerificationCount"}, + {tcs_wrap_Delegate_VerifyDelegation,"Delegate_VerifyDelegation"}, + {tcs_wrap_CreateRevocableEndorsementKeyPair,"CreateRevocableEndorsementKeyPair"}, /* 110 */ + {tcs_wrap_RevokeEndorsementKeyPair,"RevokeEndorsementKeyPair"}, + {tcs_wrap_Error,"Error - was MakeIdentity2"}, + {tcs_wrap_Quote2,"Quote2"}, + {tcs_wrap_CMK_SetRestrictions,"CMK_SetRestrictions"}, + {tcs_wrap_CMK_ApproveMA,"CMK_ApproveMA"}, /* 115 */ + {tcs_wrap_CMK_CreateKey,"CMK_CreateKey"}, + {tcs_wrap_CMK_CreateTicket,"CMK_CreateTicket"}, + {tcs_wrap_CMK_CreateBlob,"CMK_CreateBlob"}, + {tcs_wrap_CMK_ConvertMigration,"CMK_ConvertMigration"}, + {tcs_wrap_FlushSpecific,"FlushSpecific"}, /* 120 */ + {tcs_wrap_KeyControlOwner, "KeyControlOwner"}, + {tcs_wrap_DSAP, "DSAP"} +}; + +int +access_control(struct tcsd_thread_data *thread_data) +{ + int i = 0; + struct hostent *local_hostent = NULL; + static char *localhostname = NULL; + static int localhostname_len = 0; + + if (!localhostname) { + if ((local_hostent = gethostbyname("localhost")) == NULL) { + LogError("Error resolving localhost: %s", hstrerror(h_errno)); + return 1; + } + + LogDebugFn("Cached local hostent:"); + LogDebugFn("h_name: %s", local_hostent->h_name); + for (i = 0; local_hostent->h_aliases[i]; i++) { + LogDebugFn("h_aliases[%d]: %s", i, local_hostent->h_aliases[i]); + } + LogDebugFn("h_addrtype: %s", + (local_hostent->h_addrtype == AF_INET6 ? "AF_INET6" : "AF_INET")); + + localhostname_len = strlen(local_hostent->h_name); + if ((localhostname = strdup(local_hostent->h_name)) == NULL) { + LogError("malloc of %d bytes failed.", localhostname_len); + return TCSERR(TSS_E_OUTOFMEMORY); + } + } + + /* if the request comes from localhost, or is in the accepted ops list, + * approve it */ + if (!strncmp(thread_data->hostname, localhostname, + MIN((size_t)localhostname_len, strlen(thread_data->hostname)))) { + return 0; + } else { + while (tcsd_options.remote_ops[i]) { + if ((UINT32)tcsd_options.remote_ops[i] == thread_data->comm.hdr.u.ordinal) { + LogInfo("Accepted %s operation from %s", + tcs_func_table[thread_data->comm.hdr.u.ordinal].name, + thread_data->hostname); + return 0; + } + i++; + } + } + + return 1; +} + +TSS_RESULT +dispatchCommand(struct tcsd_thread_data *data) +{ + UINT64 offset; + TSS_RESULT result; + + /* First, check the ordinal bounds */ + if (data->comm.hdr.u.ordinal >= TCSD_MAX_NUM_ORDS) { + LogError("Illegal TCSD Ordinal"); + return TCSERR(TSS_E_FAIL); + } + + LogDebug("Dispatching ordinal %u", data->comm.hdr.u.ordinal); + /* We only need to check access_control if there are remote operations that are defined + * in the config file, which means we allow remote connections */ + if (tcsd_options.remote_ops[0] && access_control(data)) { + LogWarn("Denied %s operation from %s", + tcs_func_table[data->comm.hdr.u.ordinal].name, data->hostname); + + /* set platform header */ + memset(&data->comm.hdr, 0, sizeof(data->comm.hdr)); + data->comm.hdr.packet_size = sizeof(struct tcsd_packet_hdr); + data->comm.hdr.u.result = TCSERR(TSS_E_FAIL); + + /* set the comm buffer */ + memset(data->comm.buf, 0, data->comm.buf_size); + offset = 0; + LoadBlob_UINT32(&offset, data->comm.hdr.packet_size, data->comm.buf); + LoadBlob_UINT32(&offset, data->comm.hdr.u.result, data->comm.buf); + + return TSS_SUCCESS; + } + + /* Now, dispatch */ + if ((result = tcs_func_table[data->comm.hdr.u.ordinal].Func(data)) == TSS_SUCCESS) { + /* set the comm buffer */ + offset = 0; + LoadBlob_UINT32(&offset, data->comm.hdr.packet_size, data->comm.buf); + LoadBlob_UINT32(&offset, data->comm.hdr.u.result, data->comm.buf); + LoadBlob_UINT32(&offset, data->comm.hdr.num_parms, data->comm.buf); + LoadBlob_UINT32(&offset, data->comm.hdr.type_size, data->comm.buf); + LoadBlob_UINT32(&offset, data->comm.hdr.type_offset, data->comm.buf); + LoadBlob_UINT32(&offset, data->comm.hdr.parm_size, data->comm.buf); + LoadBlob_UINT32(&offset, data->comm.hdr.parm_offset, data->comm.buf); + } + + return result; + +} + +TSS_RESULT +getTCSDPacket(struct tcsd_thread_data *data) +{ + /* make sure the all the data is present */ + if (data->comm.hdr.num_parms > 0 && + data->comm.hdr.packet_size != + (UINT32)(data->comm.hdr.parm_offset + data->comm.hdr.parm_size)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + /* dispatch the command to the TCS */ + return dispatchCommand(data); +} diff --git a/src/tcs/rpc/tcstp/rpc_admin.c b/src/tcs/rpc/tcstp/rpc_admin.c new file mode 100644 index 0000000..4f357c3 --- /dev/null +++ b/src/tcs/rpc/tcstp/rpc_admin.c @@ -0,0 +1,404 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcs_utils.h" +#include "rpc_tcstp_tcs.h" + + +TSS_RESULT +tcs_wrap_PhysicalSetDeactivated(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_BOOL state; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_BOOL, 1, &state, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_PhysicalSetDeactivated_Internal(hContext, state); + + MUTEX_UNLOCK(tcsp_lock); + + initData(&data->comm, 0); + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_DisableOwnerClear(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_RESULT result; + TPM_AUTH auth; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_AUTH, 1, &auth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_DisableOwnerClear_Internal(hContext, &auth); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 1); + if (setData(TCSD_PACKET_TYPE_AUTH, 0, &auth, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_ForceClear(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_ForceClear_Internal(hContext); + + MUTEX_UNLOCK(tcsp_lock); + + initData(&data->comm, 0); + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_DisableForceClear(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_DisableForceClear_Internal(hContext); + + MUTEX_UNLOCK(tcsp_lock); + + initData(&data->comm, 0); + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_PhysicalEnable(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_PhysicalEnable_Internal(hContext); + + MUTEX_UNLOCK(tcsp_lock); + + initData(&data->comm, 0); + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_SetOwnerInstall(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_BOOL state; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_BOOL, 1, &state, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_SetOwnerInstall_Internal(hContext, state); + + MUTEX_UNLOCK(tcsp_lock); + + initData(&data->comm, 0); + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_OwnerSetDisable(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_BOOL disableState; + TPM_AUTH ownerAuth; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_BOOL, 1, &disableState, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_AUTH, 2, &ownerAuth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_OwnerSetDisable_Internal(hContext, disableState, &ownerAuth); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 1); + if (setData(TCSD_PACKET_TYPE_AUTH, 0, &ownerAuth, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } else + initData(&data->comm, 0); + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_PhysicalDisable(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_PhysicalDisable_Internal(hContext); + + MUTEX_UNLOCK(tcsp_lock); + + initData(&data->comm, 0); + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_PhysicalPresence(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_RESULT result; + TCPA_PHYSICAL_PRESENCE phyPresFlags; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT16, 1, &phyPresFlags, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_PhysicalPresence_Internal(hContext, phyPresFlags); + + MUTEX_UNLOCK(tcsp_lock); + + initData(&data->comm, 0); + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_SetTempDeactivated(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_SetTempDeactivated_Internal(hContext); + + MUTEX_UNLOCK(tcsp_lock); + + initData(&data->comm, 0); + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +#ifdef TSS_BUILD_TSS12 +TSS_RESULT +tcs_wrap_SetTempDeactivated2(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TPM_AUTH operatorAuth, nullAuth, *pAuth; + TSS_RESULT result; + + memset(&operatorAuth, 0, sizeof(TPM_AUTH)); + memset(&nullAuth, 0, sizeof(TPM_AUTH)); + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_AUTH, 1, &operatorAuth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (memcmp(&nullAuth, &operatorAuth, sizeof(TPM_AUTH))) + pAuth = &operatorAuth; + else + pAuth = NULL; + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_SetTempDeactivated2_Internal(hContext, pAuth); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 1); + if (pAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 0, pAuth, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_ResetLockValue(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TPM_AUTH ownerAuth; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_AUTH, 1, &ownerAuth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_ResetLockValue_Internal(hContext, &ownerAuth); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 1); + if (setData(TCSD_PACKET_TYPE_AUTH, 0, &ownerAuth, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_FlushSpecific(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TCS_HANDLE hResHandle; + TPM_RESOURCE_TYPE resourceType; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &hResHandle, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT32, 2, &resourceType, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_FlushSpecific_Internal(hContext, hResHandle, resourceType); + + MUTEX_UNLOCK(tcsp_lock); + + initData(&data->comm, 0); + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} +#endif diff --git a/src/tcs/rpc/tcstp/rpc_aik.c b/src/tcs/rpc/tcstp/rpc_aik.c new file mode 100644 index 0000000..0f758f9 --- /dev/null +++ b/src/tcs/rpc/tcstp/rpc_aik.c @@ -0,0 +1,285 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcs_utils.h" +#include "rpc_tcstp_tcs.h" + + +TSS_RESULT +tcs_wrap_MakeIdentity(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TCPA_ENCAUTH identityAuth; + TCPA_CHOSENID_HASH privCAHash; + UINT32 idKeyInfoSize; + BYTE *idKeyInfo = NULL; + + TPM_AUTH auth1, auth2; + TPM_AUTH *pSRKAuth, *pOwnerAuth; + + UINT32 idKeySize; + BYTE *idKey = NULL; + UINT32 pcIDBindSize; + BYTE *prgbIDBind = NULL; + UINT32 pcECSize; + BYTE *prgbEC = NULL; + UINT32 pcPlatCredSize; + BYTE *prgbPlatCred = NULL; + UINT32 pcConfCredSize; + BYTE *prgbConfCred = NULL; + TSS_RESULT result; + + int i; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_ENCAUTH, 1, &identityAuth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_DIGEST, 2, &privCAHash, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_UINT32, 3, &idKeyInfoSize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + idKeyInfo = (BYTE *) calloc(1, idKeyInfoSize); + if (idKeyInfo == NULL) { + LogError("malloc of %d bytes failed.", idKeyInfoSize); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 4, idKeyInfo, idKeyInfoSize, &data->comm)) { + free(idKeyInfo); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_AUTH, 5, &auth1, 0, &data->comm)) { + free(idKeyInfo); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + result = getData(TCSD_PACKET_TYPE_AUTH, 6, &auth2, 0, &data->comm); + if (result == TSS_TCP_RPC_BAD_PACKET_TYPE) { + pOwnerAuth = &auth1; + pSRKAuth = NULL; + } else if (result) { + free(idKeyInfo); + return result; + } else { + pOwnerAuth = &auth2; + pSRKAuth = &auth1; + } + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_MakeIdentity_Internal(hContext, identityAuth, privCAHash, + idKeyInfoSize, idKeyInfo, pSRKAuth, + pOwnerAuth, &idKeySize, &idKey, + &pcIDBindSize, &prgbIDBind, &pcECSize, + &prgbEC, &pcPlatCredSize, &prgbPlatCred, + &pcConfCredSize, &prgbConfCred); + + MUTEX_UNLOCK(tcsp_lock); + free(idKeyInfo); + + if (result == TSS_SUCCESS) { + i = 0; + initData(&data->comm, 12); + if (pSRKAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, i++, pSRKAuth, 0, &data->comm)) + goto internal_error; + } + if (setData(TCSD_PACKET_TYPE_AUTH, i++, pOwnerAuth, 0, &data->comm)) + goto internal_error; + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &idKeySize, 0, &data->comm)) + goto internal_error; + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, idKey, idKeySize, &data->comm)) + goto internal_error; + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &pcIDBindSize, 0, &data->comm)) + goto internal_error; + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, prgbIDBind, pcIDBindSize, &data->comm)) + goto internal_error; + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &pcECSize, 0, &data->comm)) + goto internal_error; + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, prgbEC, pcECSize, &data->comm)) + goto internal_error; + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &pcPlatCredSize, 0, &data->comm)) + goto internal_error; + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, prgbPlatCred, pcPlatCredSize, &data->comm)) + goto internal_error; + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &pcConfCredSize, 0, &data->comm)) + goto internal_error; + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, prgbConfCred, pcConfCredSize, &data->comm)) + goto internal_error; + + free(idKey); + free(prgbIDBind); + free(prgbEC); + free(prgbPlatCred); + free(prgbConfCred); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; + +internal_error: + free(idKey); + free(prgbIDBind); + free(prgbEC); + free(prgbPlatCred); + free(prgbConfCred); + return TCSERR(TSS_E_INTERNAL_ERROR); +} + +TSS_RESULT +tcs_wrap_ActivateIdentity(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TCS_KEY_HANDLE idKeyHandle; + TPM_AUTH *pIdKeyAuth = NULL, *pOwnerAuth = NULL, auth1, auth2; + UINT32 SymmetricKeySize, blobSize; + BYTE *SymmetricKey, *blob; + TSS_RESULT result; + UINT32 i; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &idKeyHandle, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT32, 2, &blobSize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if ((blob = malloc(blobSize)) == NULL) + return TCSERR(TSS_E_OUTOFMEMORY); + + if (getData(TCSD_PACKET_TYPE_PBYTE, 3, blob, blobSize, &data->comm)) { + free(blob); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_AUTH, 4, &auth1, 0, &data->comm)) { + free(blob); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + result = getData(TCSD_PACKET_TYPE_AUTH, 5, &auth2, 0, &data->comm); + if (result == TSS_TCP_RPC_BAD_PACKET_TYPE) + pOwnerAuth = &auth1; + else if (result) { + free(blob); + return result; + } else { + pIdKeyAuth = &auth1; + pOwnerAuth = &auth2; + } + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_ActivateTPMIdentity_Internal(hContext, idKeyHandle, blobSize, + blob, pIdKeyAuth, pOwnerAuth, + &SymmetricKeySize, + &SymmetricKey); + + MUTEX_UNLOCK(tcsp_lock); + free(blob); + + if (result == TSS_SUCCESS) { + i = 0; + initData(&data->comm, 4); + if (pIdKeyAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, i++, pIdKeyAuth, 0, &data->comm)) { + free(SymmetricKey); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + if (setData(TCSD_PACKET_TYPE_AUTH, i++, pOwnerAuth, 0, &data->comm)) { + free(SymmetricKey); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &SymmetricKeySize, 0, &data->comm)) { + free(SymmetricKey); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, SymmetricKey, SymmetricKeySize, &data->comm)) { + free(SymmetricKey); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(SymmetricKey); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +#ifdef TSS_BUILD_TSS12 +TSS_RESULT +tcs_wrap_GetCredential(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + UINT32 CredType; + UINT32 CredAccessMode; + UINT32 CredSize; + BYTE *CredData = NULL; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &CredType, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_UINT32, 2, &CredAccessMode, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + result = TCS_GetCredential_Internal(hContext, CredType, CredAccessMode, + &CredSize, &CredData); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 2); + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &CredSize, 0, &data->comm)) + goto internal_error; + if (setData(TCSD_PACKET_TYPE_PBYTE, 1, CredData, CredSize, &data->comm)) + goto internal_error; + + free(CredData); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; + +internal_error: + free(CredData); + return TCSERR(TSS_E_INTERNAL_ERROR); +} +#endif diff --git a/src/tcs/rpc/tcstp/rpc_audit.c b/src/tcs/rpc/tcstp/rpc_audit.c new file mode 100644 index 0000000..0fcfd18 --- /dev/null +++ b/src/tcs/rpc/tcstp/rpc_audit.c @@ -0,0 +1,230 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcs_utils.h" +#include "rpc_tcstp_tcs.h" + + +TSS_RESULT +tcs_wrap_SetOrdinalAuditStatus(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TPM_AUTH ownerAuth; + UINT32 ulOrdinal; + TSS_BOOL bAuditState; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &ulOrdinal, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_BOOL, 2, &bAuditState, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_AUTH, 3, &ownerAuth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_SetOrdinalAuditStatus_Internal(hContext, &ownerAuth, ulOrdinal, bAuditState); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 1); + if (setData(TCSD_PACKET_TYPE_AUTH, 0, &ownerAuth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_GetAuditDigest(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + UINT32 startOrdinal; + TPM_DIGEST auditDigest; + UINT32 counterValueSize; + BYTE *counterValue; + TSS_BOOL more; + UINT32 ordSize; + UINT32 *ordList; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &startOrdinal, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_GetAuditDigest_Internal(hContext, startOrdinal, &auditDigest, &counterValueSize, &counterValue, + &more, &ordSize, &ordList); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 6); + if (setData(TCSD_PACKET_TYPE_DIGEST, 0, &auditDigest, 0, &data->comm)) { + free(counterValue); + free(ordList); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &counterValueSize, 0, &data->comm)) { + free(counterValue); + free(ordList); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, 2, counterValue, counterValueSize, &data->comm)) { + free(counterValue); + free(ordList); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(counterValue); + if (setData(TCSD_PACKET_TYPE_BOOL, 3, &more, 0, &data->comm)) { + free(ordList); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_UINT32, 4, &ordSize, 0, &data->comm)) { + free(ordList); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, 5, ordList, ordSize * sizeof(UINT32), &data->comm)) { + free(ordList); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(ordList); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_GetAuditDigestSigned(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TCS_KEY_HANDLE keyHandle; + TSS_BOOL closeAudit; + TPM_NONCE antiReplay; + TPM_AUTH privAuth, nullAuth, *pAuth; + UINT32 counterValueSize; + BYTE *counterValue; + TPM_DIGEST auditDigest; + TPM_DIGEST ordinalDigest; + UINT32 sigSize; + BYTE *sig; + TSS_RESULT result; + int i; + + memset(&privAuth, 0, sizeof(TPM_AUTH)); + memset(&nullAuth, 0, sizeof(TPM_AUTH)); + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &keyHandle, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_BOOL, 2, &closeAudit, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_NONCE, 3, &antiReplay, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_AUTH, 4, &privAuth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (memcmp(&nullAuth, &privAuth, sizeof(TPM_AUTH))) + pAuth = &privAuth; + else + pAuth = NULL; + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_GetAuditDigestSigned_Internal(hContext, keyHandle, closeAudit, antiReplay, + pAuth, &counterValueSize, &counterValue, + &auditDigest, &ordinalDigest, + &sigSize, &sig); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + i = 0; + initData(&data->comm, 7); + if (pAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, i++, pAuth, 0, &data->comm)) { + free(counterValue); + free(sig); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &counterValueSize, 0, &data->comm)) { + free(counterValue); + free(sig); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, counterValue, counterValueSize, &data->comm)) { + free(counterValue); + free(sig); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(counterValue); + if (setData(TCSD_PACKET_TYPE_DIGEST, i++, &auditDigest, 0, &data->comm)) { + free(sig); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_DIGEST, i++, &ordinalDigest, 0, &data->comm)) { + free(sig); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &sigSize, 0, &data->comm)) { + free(sig); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, sig, sigSize, &data->comm)) { + free(sig); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(sig); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} diff --git a/src/tcs/rpc/tcstp/rpc_auth.c b/src/tcs/rpc/tcstp/rpc_auth.c new file mode 100644 index 0000000..2437c6b --- /dev/null +++ b/src/tcs/rpc/tcstp/rpc_auth.c @@ -0,0 +1,113 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcs_utils.h" +#include "rpc_tcstp_tcs.h" + + +TSS_RESULT +tcs_wrap_OIAP(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TCS_AUTHHANDLE authHandle; + TCPA_NONCE n0; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + MUTEX_LOCK(tcsp_lock); + + result = auth_mgr_oiap(hContext, &authHandle, &n0); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 2); + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &authHandle, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_NONCE, 1, &n0, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_OSAP(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TCPA_ENTITY_TYPE entityType; + UINT32 entityValue; + TCPA_NONCE nonceOddOSAP; + + TCS_AUTHHANDLE authHandle; + TCPA_NONCE nonceEven; + TCPA_NONCE nonceEvenOSAP; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT16, 1, &entityType, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT32, 2, &entityValue, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_NONCE, 3, &nonceOddOSAP, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + MUTEX_LOCK(tcsp_lock); + + result = auth_mgr_osap(hContext, entityType, entityValue, nonceOddOSAP, + &authHandle, &nonceEven, &nonceEvenOSAP); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 3); + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &authHandle, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_NONCE, 1, &nonceEven, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_NONCE, 2, &nonceEvenOSAP, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} diff --git a/src/tcs/rpc/tcstp/rpc_bind.c b/src/tcs/rpc/tcstp/rpc_bind.c new file mode 100644 index 0000000..92eee24 --- /dev/null +++ b/src/tcs/rpc/tcstp/rpc_bind.c @@ -0,0 +1,105 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcs_utils.h" +#include "rpc_tcstp_tcs.h" + + +TSS_RESULT +tcs_wrap_UnBind(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TCS_KEY_HANDLE keyHandle; + UINT32 inDataSize; + BYTE *inData; + + TPM_AUTH privAuth; + TPM_AUTH *pPrivAuth; + + UINT32 outDataSize; + BYTE *outData; + TSS_RESULT result; + + int i; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &keyHandle, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT32, 2, &inDataSize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + inData = calloc(1, inDataSize); + if (inData == NULL) { + LogError("malloc of %u bytes failed.", inDataSize); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 3, inData, inDataSize, &data->comm)) { + free(inData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + result = getData(TCSD_PACKET_TYPE_AUTH, 4, &privAuth, 0, &data->comm); + if (result == TSS_TCP_RPC_BAD_PACKET_TYPE) + pPrivAuth = NULL; + else if (result) { + free(inData); + return result; + } else + pPrivAuth = &privAuth; + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_UnBind_Internal(hContext, keyHandle, inDataSize, inData, + pPrivAuth, &outDataSize, &outData); + + MUTEX_UNLOCK(tcsp_lock); + free(inData); + + if (result == TSS_SUCCESS) { + i = 0; + initData(&data->comm, 3); + if (pPrivAuth != NULL) { + if (setData(TCSD_PACKET_TYPE_AUTH, i++, pPrivAuth, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &outDataSize, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, outData, outDataSize, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(outData); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} diff --git a/src/tcs/rpc/tcstp/rpc_caps.c b/src/tcs/rpc/tcstp/rpc_caps.c new file mode 100644 index 0000000..4fd2c11 --- /dev/null +++ b/src/tcs/rpc/tcstp/rpc_caps.c @@ -0,0 +1,81 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcs_utils.h" +#include "rpc_tcstp_tcs.h" + + +TSS_RESULT +tcs_wrap_TCSGetCapability(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TCPA_CAPABILITY_AREA capArea; + UINT32 subCapSize; + BYTE *subCap; + UINT32 respSize; + BYTE *resp; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &capArea, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT32, 2, &subCapSize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + subCap = calloc(1, subCapSize); + if (subCap == NULL) { + LogError("malloc of %u bytes failed.", subCapSize); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 3, subCap, subCapSize, &data->comm)) { + free(subCap); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + result = TCS_GetCapability_Internal(hContext, capArea, subCapSize, subCap, + &respSize, &resp); + free(subCap); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 2); + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &respSize, 0, &data->comm)) { + free(resp); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, 1, resp, respSize, &data->comm)) { + free(resp); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(resp); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} diff --git a/src/tcs/rpc/tcstp/rpc_caps_tpm.c b/src/tcs/rpc/tcstp/rpc_caps_tpm.c new file mode 100644 index 0000000..2bcac27 --- /dev/null +++ b/src/tcs/rpc/tcstp/rpc_caps_tpm.c @@ -0,0 +1,220 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcs_utils.h" +#include "rpc_tcstp_tcs.h" + + +TSS_RESULT +tcs_wrap_GetCapability(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TCPA_CAPABILITY_AREA capArea; + UINT32 subCapSize; + BYTE *subCap; + UINT32 respSize; + BYTE *resp; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ldd context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &capArea, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT32, 2, &subCapSize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (subCapSize == 0) + subCap = NULL; + else { + subCap = calloc(1, subCapSize); + if (subCap == NULL) { + LogError("malloc of %u bytes failed.", subCapSize); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 3, subCap, subCapSize, &data->comm)) { + free(subCap); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_GetCapability_Internal(hContext, capArea, subCapSize, subCap, &respSize, + &resp); + + MUTEX_UNLOCK(tcsp_lock); + free(subCap); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 2); + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &respSize, 0, &data->comm)) { + free(resp); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, 1, resp, respSize, &data->comm)) { + free(resp); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(resp); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_GetCapabilityOwner(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TPM_AUTH ownerAuth; + TCPA_VERSION version; + UINT32 nonVol; + UINT32 vol; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_AUTH, 1, &ownerAuth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_GetCapabilityOwner_Internal(hContext, &ownerAuth, &version, &nonVol, &vol); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 4); + if (setData(TCSD_PACKET_TYPE_VERSION, 0, &version, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &nonVol, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_UINT32, 2, &vol, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_AUTH, 3, &ownerAuth, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_SetCapability(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TCPA_CAPABILITY_AREA capArea; + UINT32 subCapSize; + BYTE *subCap; + UINT32 valueSize; + BYTE *value; + TSS_RESULT result; + TPM_AUTH ownerAuth, *pOwnerAuth; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &capArea, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT32, 2, &subCapSize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (subCapSize == 0) + subCap = NULL; + else { + subCap = calloc(1, subCapSize); + if (subCap == NULL) { + LogError("malloc of %u bytes failed.", subCapSize); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 3, subCap, subCapSize, &data->comm)) { + free(subCap); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + + if (getData(TCSD_PACKET_TYPE_UINT32, 4, &valueSize, 0, &data->comm)) { + free(subCap); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (valueSize == 0) + value = NULL; + else { + value = calloc(1, valueSize); + if (value == NULL) { + free(subCap); + LogError("malloc of %u bytes failed.", valueSize); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 5, value, valueSize, &data->comm)) { + free(subCap); + free(value); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + + if (getData(TCSD_PACKET_TYPE_AUTH, 6, &ownerAuth, 0, &data->comm)) + pOwnerAuth = NULL; + else + pOwnerAuth = &ownerAuth; + + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_SetCapability_Internal(hContext, capArea, subCapSize, subCap, valueSize, + value, pOwnerAuth); + + MUTEX_UNLOCK(tcsp_lock); + free(subCap); + free(value); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 1); + if (pOwnerAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 0, pOwnerAuth, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} diff --git a/src/tcs/rpc/tcstp/rpc_certify.c b/src/tcs/rpc/tcstp/rpc_certify.c new file mode 100644 index 0000000..85c9321 --- /dev/null +++ b/src/tcs/rpc/tcstp/rpc_certify.c @@ -0,0 +1,120 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcs_utils.h" +#include "rpc_tcstp_tcs.h" + + +TSS_RESULT +tcs_wrap_CertifyKey(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TCS_KEY_HANDLE certHandle, keyHandle; + TPM_AUTH *pCertAuth = NULL, *pKeyAuth = NULL, certAuth, keyAuth, nullAuth; + UINT32 CertifyInfoSize, outDataSize; + BYTE *CertifyInfo, *outData; + TCPA_NONCE antiReplay; + TSS_RESULT result; + UINT32 i; + + memset(&nullAuth, 0, sizeof(TPM_AUTH)); + memset(&certAuth, 0, sizeof(TPM_AUTH)); + memset(&keyAuth, 0, sizeof(TPM_AUTH)); + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &certHandle, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT32, 2, &keyHandle, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_NONCE, 3, &antiReplay, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_AUTH, 4, &certAuth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_AUTH, 5, &keyAuth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (memcmp(&nullAuth, &certAuth, sizeof(TPM_AUTH))) + pCertAuth = &certAuth; + + if (memcmp(&nullAuth, &keyAuth, sizeof(TPM_AUTH))) + pKeyAuth = &keyAuth; + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_CertifyKey_Internal(hContext, certHandle, keyHandle, antiReplay, pCertAuth, + pKeyAuth, &CertifyInfoSize, &CertifyInfo, &outDataSize, + &outData); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + i = 0; + initData(&data->comm, 6); + if (pCertAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, i++, pCertAuth, 0, &data->comm)) { + free(CertifyInfo); + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + if (pKeyAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, i++, pKeyAuth, 0, &data->comm)) { + free(CertifyInfo); + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &CertifyInfoSize, 0, &data->comm)) { + free(CertifyInfo); + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, CertifyInfo, CertifyInfoSize, &data->comm)) { + free(CertifyInfo); + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(CertifyInfo); + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &outDataSize, 0, &data->comm)) { + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, outData, outDataSize, &data->comm)) { + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(outData); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} diff --git a/src/tcs/rpc/tcstp/rpc_changeauth.c b/src/tcs/rpc/tcstp/rpc_changeauth.c new file mode 100644 index 0000000..97af192 --- /dev/null +++ b/src/tcs/rpc/tcstp/rpc_changeauth.c @@ -0,0 +1,158 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcs_utils.h" +#include "rpc_tcstp_tcs.h" + + +TSS_RESULT +tcs_wrap_ChangeAuth(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TCS_KEY_HANDLE parentHandle; + TCPA_PROTOCOL_ID protocolID; + TCPA_ENCAUTH newAuth; + TCPA_ENTITY_TYPE entityType; + UINT32 encDataSize; + BYTE *encData; + + TPM_AUTH ownerAuth; + TPM_AUTH entityAuth; + + UINT32 outDataSize; + BYTE *outData; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &parentHandle, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT16, 2, &protocolID, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_ENCAUTH, 3, &newAuth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT16, 4, &entityType, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT32, 5, &encDataSize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + encData = calloc(1, encDataSize); + if (encData == NULL) { + LogError("malloc of %d bytes failed.", encDataSize); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 6, encData, encDataSize, &data->comm)) { + free(encData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_AUTH, 7, &ownerAuth, 0, &data->comm)) { + free(encData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_AUTH, 8, &entityAuth, 0, &data->comm)) { + free(encData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_ChangeAuth_Internal(hContext, parentHandle, protocolID, newAuth, entityType, + encDataSize, encData, &ownerAuth, &entityAuth, + &outDataSize, &outData); + + MUTEX_UNLOCK(tcsp_lock); + free(encData); + if (result == TSS_SUCCESS) { + initData(&data->comm, 4); + if (setData(TCSD_PACKET_TYPE_AUTH, 0, &ownerAuth, 0, &data->comm)) { + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_AUTH, 1, &entityAuth, 0, &data->comm)) { + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_UINT32, 2, &outDataSize, 0, &data->comm)) { + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, 3, outData, outDataSize, &data->comm)) { + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(outData); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_ChangeAuthOwner(struct tcsd_thread_data *data) +{ + + TCS_CONTEXT_HANDLE hContext; + TCPA_PROTOCOL_ID protocolID; + TCPA_ENCAUTH newAuth; + TCPA_ENTITY_TYPE entityType; + + TPM_AUTH ownerAuth; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT16, 1, &protocolID, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_ENCAUTH, 2, &newAuth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT16, 3, &entityType, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_AUTH, 4, &ownerAuth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_ChangeAuthOwner_Internal(hContext, protocolID, newAuth, entityType, + &ownerAuth); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 1); + if (setData(TCSD_PACKET_TYPE_AUTH, 0, &ownerAuth, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} diff --git a/src/tcs/rpc/tcstp/rpc_cmk.c b/src/tcs/rpc/tcstp/rpc_cmk.c new file mode 100644 index 0000000..3d00c13 --- /dev/null +++ b/src/tcs/rpc/tcstp/rpc_cmk.c @@ -0,0 +1,617 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcs_utils.h" +#include "rpc_tcstp_tcs.h" + + +TSS_RESULT +tcs_wrap_CMK_SetRestrictions(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_CMK_DELEGATE restriction; + TPM_AUTH ownerAuth; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &restriction, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_AUTH, 2, &ownerAuth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_CMK_SetRestrictions_Internal(hContext, restriction, &ownerAuth); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 1); + if (setData(TCSD_PACKET_TYPE_AUTH, 0, &ownerAuth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_CMK_ApproveMA(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TPM_DIGEST migAuthorityDigest; + TPM_AUTH ownerAuth; + TPM_HMAC migAuthorityApproval; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_DIGEST, 1, &migAuthorityDigest, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_AUTH, 2, &ownerAuth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_CMK_ApproveMA_Internal(hContext, migAuthorityDigest, &ownerAuth, + &migAuthorityApproval); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 2); + if (setData(TCSD_PACKET_TYPE_AUTH, 0, &ownerAuth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (setData(TCSD_PACKET_TYPE_DIGEST, 1, &migAuthorityApproval, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_CMK_CreateKey(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TCS_KEY_HANDLE hKey; + TPM_ENCAUTH keyUsageAuth; + TPM_HMAC migAuthorityApproval; + TPM_DIGEST migAuthorityDigest; + UINT32 keyDataSize; + BYTE *keyData; + TPM_AUTH parentAuth, nullAuth, *pAuth; + TSS_RESULT result; + + memset(&parentAuth, 0, sizeof(TPM_AUTH)); + memset(&nullAuth, 0, sizeof(TPM_AUTH)); + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &hKey, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_ENCAUTH, 2, &keyUsageAuth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_DIGEST, 3, &migAuthorityApproval, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_DIGEST, 4, &migAuthorityDigest, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_UINT32, 5, &keyDataSize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + keyData = malloc(keyDataSize); + if (keyData == NULL) { + LogError("malloc of %u bytes failed.", keyDataSize); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 6, keyData, keyDataSize, &data->comm)) { + free(keyData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_AUTH, 7, &parentAuth, 0, &data->comm)) { + free(keyData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (memcmp(&nullAuth, &parentAuth, sizeof(TPM_AUTH))) + pAuth = &parentAuth; + else + pAuth = NULL; + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_CMK_CreateKey_Internal(hContext, hKey, keyUsageAuth, migAuthorityApproval, + migAuthorityDigest, &keyDataSize, &keyData, pAuth); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 3); + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &keyDataSize, 0, &data->comm)) { + free(keyData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (setData(TCSD_PACKET_TYPE_PBYTE, 1, keyData, keyDataSize, &data->comm)) { + free(keyData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(keyData); + + if (pAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 2, pAuth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_CMK_CreateTicket(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + UINT32 publicVerifyKeySize; + BYTE *publicVerifyKey; + TPM_DIGEST signedData; + UINT32 sigValueSize; + BYTE *sigValue; + TPM_AUTH ownerAuth; + TPM_HMAC sigTicket; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &publicVerifyKeySize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + publicVerifyKey = malloc(publicVerifyKeySize); + if (publicVerifyKey == NULL) { + LogError("malloc of %u bytes failed.", publicVerifyKeySize); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 2, publicVerifyKey, publicVerifyKeySize, &data->comm)) { + free(publicVerifyKey); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_DIGEST, 3, &signedData, 0, &data->comm)) { + free(publicVerifyKey); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_UINT32, 4, &sigValueSize, 0, &data->comm)) { + free(publicVerifyKey); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + sigValue = malloc(sigValueSize); + if (sigValue == NULL) { + LogError("malloc of %u bytes failed.", sigValueSize); + free(publicVerifyKey); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 5, sigValue, sigValueSize, &data->comm)) { + free(publicVerifyKey); + free(sigValue); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_AUTH, 6, &ownerAuth, 0, &data->comm)) { + free(publicVerifyKey); + free(sigValue); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_CMK_CreateTicket_Internal(hContext, publicVerifyKeySize, publicVerifyKey, + signedData, sigValueSize, sigValue, &ownerAuth, &sigTicket); + + MUTEX_UNLOCK(tcsp_lock); + free(publicVerifyKey); + free(sigValue); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 2); + if (setData(TCSD_PACKET_TYPE_AUTH, 0, &ownerAuth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (setData(TCSD_PACKET_TYPE_DIGEST, 1, &sigTicket, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_CMK_CreateBlob(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TCS_KEY_HANDLE hKey; + UINT16 migrationType; + UINT32 migKeyAuthSize; + BYTE *migKeyAuth; + TPM_DIGEST pubSourceKeyDigest; + UINT32 msaListSize, restrictTicketSize, sigTicketSize, encDataSize; + BYTE *msaList, *restrictTicket, *sigTicket, *encData; + TPM_AUTH parentAuth, nullAuth, *pAuth; + UINT32 randomSize, outDataSize; + BYTE *random, *outData; + TSS_RESULT result; + int i; + + memset(&parentAuth, 0, sizeof(TPM_AUTH)); + memset(&nullAuth, 0, sizeof(TPM_AUTH)); + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &hKey, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_UINT16, 2, &migrationType, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_UINT32, 3, &migKeyAuthSize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + migKeyAuth = malloc(migKeyAuthSize); + if (migKeyAuth == NULL) { + LogError("malloc of %u bytes failed.", migKeyAuthSize); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 4, migKeyAuth, migKeyAuthSize, &data->comm)) { + free(migKeyAuth); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_DIGEST, 5, &pubSourceKeyDigest, 0, &data->comm)) { + free(migKeyAuth); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_UINT32, 6, &msaListSize, 0, &data->comm)) { + free(migKeyAuth); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + msaList = malloc(msaListSize); + if (msaList == NULL) { + LogError("malloc of %u bytes failed.", msaListSize); + free(migKeyAuth); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 7, msaList, msaListSize, &data->comm)) { + free(migKeyAuth); + free(msaList); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_UINT32, 8, &restrictTicketSize, 0, &data->comm)) { + free(migKeyAuth); + free(msaList); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + restrictTicket = malloc(restrictTicketSize); + if (restrictTicket == NULL) { + LogError("malloc of %u bytes failed.", restrictTicketSize); + free(migKeyAuth); + free(msaList); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 9, restrictTicket, restrictTicketSize, &data->comm)) { + free(migKeyAuth); + free(msaList); + free(restrictTicket); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_UINT32, 10, &sigTicketSize, 0, &data->comm)) { + free(migKeyAuth); + free(msaList); + free(restrictTicket); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + sigTicket = malloc(sigTicketSize); + if (sigTicket == NULL) { + LogError("malloc of %u bytes failed.", sigTicketSize); + free(migKeyAuth); + free(msaList); + free(restrictTicket); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 11, sigTicket, sigTicketSize, &data->comm)) { + free(migKeyAuth); + free(msaList); + free(restrictTicket); + free(sigTicket); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_UINT32, 12, &encDataSize, 0, &data->comm)) { + free(migKeyAuth); + free(msaList); + free(restrictTicket); + free(sigTicket); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + encData = malloc(encDataSize); + if (encData == NULL) { + LogError("malloc of %u bytes failed.", encDataSize); + free(migKeyAuth); + free(msaList); + free(restrictTicket); + free(sigTicket); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 13, encData, encDataSize, &data->comm)) { + free(migKeyAuth); + free(msaList); + free(restrictTicket); + free(sigTicket); + free(encData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_AUTH, 14, &parentAuth, 0, &data->comm)) { + free(migKeyAuth); + free(msaList); + free(restrictTicket); + free(sigTicket); + free(encData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (memcmp(&nullAuth, &parentAuth, sizeof(TPM_AUTH))) + pAuth = &parentAuth; + else + pAuth = NULL; + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_CMK_CreateBlob_Internal(hContext, hKey, migrationType, migKeyAuthSize, + migKeyAuth, pubSourceKeyDigest, msaListSize, msaList, restrictTicketSize, + restrictTicket, sigTicketSize, sigTicket, encDataSize, encData, pAuth, + &randomSize, &random, &outDataSize, &outData); + + MUTEX_UNLOCK(tcsp_lock); + free(migKeyAuth); + free(msaList); + free(restrictTicket); + free(sigTicket); + free(encData); + + if (result == TSS_SUCCESS) { + i = 0; + initData(&data->comm, 5); + if (pAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, i++, pAuth, 0, &data->comm)) { + free(random); + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &randomSize, 0, &data->comm)) { + free(random); + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, random, randomSize, &data->comm)) { + free(random); + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(random); + + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &outDataSize, 0, &data->comm)) { + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, outData, outDataSize, &data->comm)) { + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(outData); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_CMK_ConvertMigration(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TCS_KEY_HANDLE hKey; + TPM_CMK_AUTH restrictTicket; + TPM_HMAC sigTicket; + UINT32 keyDataSize, msaListSize, randomSize; + BYTE *keyData, *msaList, *random; + TPM_AUTH parentAuth, nullAuth, *pAuth; + UINT32 outDataSize; + BYTE *outData; + TSS_RESULT result; + int i; + + memset(&parentAuth, 0, sizeof(TPM_AUTH)); + memset(&nullAuth, 0, sizeof(TPM_AUTH)); + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &hKey, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_PBYTE, 2, &restrictTicket, sizeof(restrictTicket), &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_DIGEST, 3, &sigTicket, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_UINT32, 4, &keyDataSize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + keyData = malloc(keyDataSize); + if (keyData == NULL) { + LogError("malloc of %u bytes failed.", keyDataSize); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 5, keyData, keyDataSize, &data->comm)) { + free(keyData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_UINT32, 6, &msaListSize, 0, &data->comm)) { + free(keyData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + msaList = malloc(msaListSize); + if (msaList == NULL) { + LogError("malloc of %u bytes failed.", msaListSize); + free(keyData); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 7, msaList, msaListSize, &data->comm)) { + free(keyData); + free(msaList); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_UINT32, 8, &randomSize, 0, &data->comm)) { + free(keyData); + free(msaList); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + random = malloc(randomSize); + if (random == NULL) { + LogError("malloc of %u bytes failed.", randomSize); + free(keyData); + free(msaList); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 9, random, randomSize, &data->comm)) { + free(keyData); + free(msaList); + free(random); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_AUTH, 10, &parentAuth, 0, &data->comm)) { + free(keyData); + free(msaList); + free(random); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (memcmp(&nullAuth, &parentAuth, sizeof(TPM_AUTH))) + pAuth = &parentAuth; + else + pAuth = NULL; + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_CMK_ConvertMigration_Internal(hContext, hKey, restrictTicket, sigTicket, + keyDataSize, keyData, msaListSize, msaList, randomSize, random, + pAuth, &outDataSize, &outData); + + MUTEX_UNLOCK(tcsp_lock); + free(keyData); + free(msaList); + free(random); + + if (result == TSS_SUCCESS) { + i = 0; + initData(&data->comm, 3); + if (pAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, i++, pAuth, 0, &data->comm)) { + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &outDataSize, 0, &data->comm)) { + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, outData, outDataSize, &data->comm)) { + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(outData); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + diff --git a/src/tcs/rpc/tcstp/rpc_context.c b/src/tcs/rpc/tcstp/rpc_context.c new file mode 100644 index 0000000..b04449e --- /dev/null +++ b/src/tcs/rpc/tcstp/rpc_context.c @@ -0,0 +1,81 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcs_utils.h" +#include "rpc_tcstp_tcs.h" + + +TSS_RESULT +tcs_wrap_OpenContext(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_RESULT result; + UINT32 tpm_version = tpm_metrics.version.minor; + + LogDebugFn("thread %ld", THREAD_ID); + + result = TCS_OpenContext_Internal(&hContext); + if (result == TSS_SUCCESS) { + initData(&data->comm, 2); + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &tpm_version, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + /* Set the context in the thread's object. Later, if something goes wrong + * and the connection can't be closed cleanly, we'll still have a reference + * to what resources need to be freed. */ + data->context = hContext; + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_CloseContext(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + result = TCS_CloseContext_Internal(hContext); + + /* This will signal the thread that the connection has been closed cleanly */ + if (result == TSS_SUCCESS) + data->context = NULL_TCS_HANDLE; + + initData(&data->comm, 0); + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} diff --git a/src/tcs/rpc/tcstp/rpc_counter.c b/src/tcs/rpc/tcstp/rpc_counter.c new file mode 100644 index 0000000..6bb654e --- /dev/null +++ b/src/tcs/rpc/tcstp/rpc_counter.c @@ -0,0 +1,231 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcs_utils.h" +#include "rpc_tcstp_tcs.h" + + +TSS_RESULT +tcs_wrap_ReadCounter(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_COUNTER_ID idCounter; + TPM_COUNTER_VALUE counterValue; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &idCounter, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_ReadCounter_Internal(hContext, idCounter, &counterValue); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 1); + if (setData(TCSD_PACKET_TYPE_COUNTER_VALUE, 0, &counterValue, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_CreateCounter(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_COUNTER_ID idCounter; + TPM_COUNTER_VALUE counterValue; + TPM_AUTH auth; + TPM_ENCAUTH encauth; + UINT32 LabelSize; + BYTE *pLabel = NULL; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &LabelSize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if ((pLabel = calloc(1, LabelSize)) == NULL) { + LogError("malloc of %u bytes failed.", LabelSize); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + if (getData(TCSD_PACKET_TYPE_PBYTE, 2, &pLabel, LabelSize, &data->comm)) { + free(pLabel); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_ENCAUTH, 3, &encauth, 0, &data->comm)) { + free(pLabel); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_AUTH, 4, &auth, 0, &data->comm)) { + free(pLabel); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_CreateCounter_Internal(hContext, LabelSize, pLabel, encauth, &auth, + &idCounter, &counterValue); + + MUTEX_UNLOCK(tcsp_lock); + + free(pLabel); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 3); + if (setData(TCSD_PACKET_TYPE_AUTH, 0, &auth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &idCounter, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_COUNTER_VALUE, 2, &counterValue, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_IncrementCounter(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_COUNTER_ID idCounter; + TPM_COUNTER_VALUE counterValue; + TPM_AUTH auth; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &idCounter, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_AUTH, 2, &auth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_IncrementCounter_Internal(hContext, idCounter, &auth, &counterValue); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 2); + if (setData(TCSD_PACKET_TYPE_AUTH, 0, &auth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_COUNTER_VALUE, 1, &counterValue, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_ReleaseCounter(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_COUNTER_ID idCounter; + TPM_AUTH auth; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &idCounter, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_AUTH, 2, &auth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_ReleaseCounter_Internal(hContext, idCounter, &auth); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 1); + if (setData(TCSD_PACKET_TYPE_AUTH, 0, &auth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_ReleaseCounterOwner(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_COUNTER_ID idCounter; + TPM_AUTH auth; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &idCounter, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_AUTH, 2, &auth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_ReleaseCounterOwner_Internal(hContext, idCounter, &auth); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 1); + if (setData(TCSD_PACKET_TYPE_AUTH, 0, &auth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} diff --git a/src/tcs/rpc/tcstp/rpc_daa.c b/src/tcs/rpc/tcstp/rpc_daa.c new file mode 100644 index 0000000..6b9c1c6 --- /dev/null +++ b/src/tcs/rpc/tcstp/rpc_daa.c @@ -0,0 +1,238 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcs_utils.h" +#include "rpc_tcstp_tcs.h" + + +TSS_RESULT +tcs_wrap_DaaJoin(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TPM_HANDLE hDAA; + BYTE stage; + UINT32 inputSize0, inputSize1, outputSize, i; + BYTE *inputData0 = NULL, *inputData1 = NULL,*outputData; + TSS_RESULT result; + TPM_AUTH ownerAuth, *pOwnerAuth; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &hDAA, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + LogDebugFn("thread %ld hDAA %x", THREAD_ID, hDAA); + + if (getData(TCSD_PACKET_TYPE_BYTE, 2, &stage, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + LogDebug("getData 2 (stage=%d)", (int)stage); + + if (getData(TCSD_PACKET_TYPE_UINT32, 3, &inputSize0, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + LogDebug("getData 3 inputSize0=%d", inputSize0); + + inputData0 = calloc(1, inputSize0); + if (inputData0 == NULL) { + LogError("malloc of %d bytes failed.", inputSize0); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + LogDebug("getData 4 inputData0"); + if (getData(TCSD_PACKET_TYPE_PBYTE, 4, inputData0, inputSize0, &data->comm)) { + free(inputData0); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + LogDebug("getData 5"); + if (getData(TCSD_PACKET_TYPE_UINT32, 5, &inputSize1, 0, &data->comm)) { + free( inputData0); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + LogDebug("getData 5 inputSize1=%d", inputSize1); + + if( inputSize1 > 0) { + inputData1 = calloc(1, inputSize1); + if (inputData1 == NULL) { + LogError("malloc of %d bytes failed.", inputSize1); + free( inputData0); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + LogDebug("getData 6 inputData1"); + if (getData(TCSD_PACKET_TYPE_PBYTE, 6, inputData1, inputSize1, &data->comm)) { + free(inputData0); + free(inputData1); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + + LogDebug("getData 7"); + if (getData(TCSD_PACKET_TYPE_AUTH, 7, &ownerAuth, 0, &data->comm)) { + pOwnerAuth = NULL; + } else { + pOwnerAuth = &ownerAuth; + } + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_DaaJoin_internal(hContext, hDAA, stage, inputSize0, inputData0, inputSize1, + inputData1, pOwnerAuth, &outputSize, &outputData); + + MUTEX_UNLOCK(tcsp_lock); + + free(inputData0); + if( inputData1 != NULL) free(inputData1); + + if (result == TSS_SUCCESS) { + i = 0; + initData(&data->comm, 3); + if ( pOwnerAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, i++, pOwnerAuth, 0, &data->comm)) { + free(outputData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &outputSize, 0, &data->comm)) { + free(outputData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, outputData, outputSize, &data->comm)) { + free(outputData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(outputData); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_DaaSign(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TPM_HANDLE hDAA; + BYTE stage; + UINT32 inputSize0, inputSize1, outputSize, i; + BYTE *inputData0 = NULL, *inputData1 = NULL,*outputData; + TSS_RESULT result; + TPM_AUTH ownerAuth, *pOwnerAuth; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &hDAA, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + LogDebugFn("thread %ld hDAA %x", THREAD_ID, hDAA); + + if (getData(TCSD_PACKET_TYPE_BYTE, 2, &stage, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + LogDebugFn("getData 2 (stage=%d)", (int)stage); + + if (getData(TCSD_PACKET_TYPE_UINT32, 3, &inputSize0, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + LogDebug("getData 3 inputSize0=%d", inputSize0); + + inputData0 = calloc(1, inputSize0); + if (inputData0 == NULL) { + LogError("malloc of %d bytes failed.", inputSize0); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + LogDebug("getData 4 inputData0"); + if (getData(TCSD_PACKET_TYPE_PBYTE, 4, inputData0, inputSize0, &data->comm)) { + free(inputData0); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + LogDebug("getData 5"); + if (getData(TCSD_PACKET_TYPE_UINT32, 5, &inputSize1, 0, &data->comm)) { + free( inputData0); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + LogDebug("getData 5 inputSize1=%d", inputSize1); + + if( inputSize1 > 0) { + inputData1 = calloc(1, inputSize1); + if (inputData1 == NULL) { + LogError("malloc of %d bytes failed.", inputSize1); + free( inputData0); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + LogDebug("getData 6 inputData1"); + if (getData(TCSD_PACKET_TYPE_PBYTE, 6, inputData1, inputSize1, &data->comm)) { + free(inputData0); + free(inputData1); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + + LogDebug("getData 7"); + if (getData(TCSD_PACKET_TYPE_AUTH, 7, &ownerAuth, 0, &data->comm)) { + pOwnerAuth = NULL; + } else { + pOwnerAuth = &ownerAuth; + } + + LogDebugFn("-> TCSP_DaaSign_internal"); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_DaaSign_internal(hContext, hDAA, stage, inputSize0, inputData0, inputSize1, + inputData1, pOwnerAuth, &outputSize, &outputData); + + MUTEX_UNLOCK(tcsp_lock); + + LogDebugFn("<- TCSP_DaaSign_internal"); + + free(inputData0); + if( inputData1 != NULL) free(inputData1); + + if (result == TSS_SUCCESS) { + i = 0; + initData(&data->comm, 3); + if ( pOwnerAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, i++, pOwnerAuth, 0, &data->comm)) { + free(outputData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &outputSize, 0, &data->comm)) { + free(outputData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, outputData, outputSize, &data->comm)) { + free(outputData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(outputData); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} diff --git a/src/tcs/rpc/tcstp/rpc_delegate.c b/src/tcs/rpc/tcstp/rpc_delegate.c new file mode 100644 index 0000000..5bd0cd8 --- /dev/null +++ b/src/tcs/rpc/tcstp/rpc_delegate.c @@ -0,0 +1,590 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcs_utils.h" +#include "rpc_tcstp_tcs.h" + + +TSS_RESULT +tcs_wrap_Delegate_Manage(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TPM_FAMILY_ID familyId; + TPM_FAMILY_OPERATION opFlag; + UINT32 opDataSize; + BYTE *opData; + TPM_AUTH ownerAuth, nullAuth, *pAuth; + UINT32 retDataSize; + BYTE *retData; + TSS_RESULT result; + int i; + + memset(&ownerAuth, 0, sizeof(TPM_AUTH)); + memset(&nullAuth, 0, sizeof(TPM_AUTH)); + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &familyId, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_UINT32, 2, &opFlag, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_UINT32, 3, &opDataSize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + opData = malloc(opDataSize); + if (opData == NULL) { + LogError("malloc of %u bytes failed.", opDataSize); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 4, opData, opDataSize, &data->comm)) { + free(opData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_AUTH, 5, &ownerAuth, 0, &data->comm)) { + free(opData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (memcmp(&nullAuth, &ownerAuth, sizeof(TPM_AUTH))) + pAuth = &ownerAuth; + else + pAuth = NULL; + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_Delegate_Manage_Internal(hContext, familyId, opFlag, + opDataSize, opData, pAuth, &retDataSize, &retData); + + MUTEX_UNLOCK(tcsp_lock); + free(opData); + + if (result == TSS_SUCCESS) { + i = 0; + initData(&data->comm, 3); + if (pAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, i++, pAuth, 0, &data->comm)) { + free(retData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &retDataSize, 0, &data->comm)) { + free(retData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, retData, retDataSize, &data->comm)) { + free(retData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(retData); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_Delegate_CreateKeyDelegation(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TCS_KEY_HANDLE hKey; + UINT32 publicInfoSize; + BYTE *publicInfo; + TPM_ENCAUTH encDelAuth; + TPM_AUTH keyAuth, nullAuth, *pAuth; + UINT32 blobSize; + BYTE *blob; + TSS_RESULT result; + int i; + + memset(&keyAuth, 0, sizeof(TPM_AUTH)); + memset(&nullAuth, 0, sizeof(TPM_AUTH)); + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &hKey, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_UINT32, 2, &publicInfoSize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + publicInfo = malloc(publicInfoSize); + if (publicInfo == NULL) { + LogError("malloc of %u bytes failed.", publicInfoSize); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 3, publicInfo, publicInfoSize, &data->comm)) { + free(publicInfo); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_ENCAUTH, 4, &encDelAuth, 0, &data->comm)) { + free(publicInfo); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_AUTH, 5, &keyAuth, 0, &data->comm)) { + free(publicInfo); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (memcmp(&nullAuth, &keyAuth, sizeof(TPM_AUTH))) + pAuth = &keyAuth; + else + pAuth = NULL; + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_Delegate_CreateKeyDelegation_Internal(hContext, hKey, + publicInfoSize, publicInfo, &encDelAuth, pAuth, &blobSize, &blob); + + MUTEX_UNLOCK(tcsp_lock); + free(publicInfo); + + if (result == TSS_SUCCESS) { + i = 0; + initData(&data->comm, 3); + if (pAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, i++, pAuth, 0, &data->comm)) { + free(blob); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &blobSize, 0, &data->comm)) { + free(blob); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, blob, blobSize, &data->comm)) { + free(blob); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(blob); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_Delegate_CreateOwnerDelegation(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_BOOL increment; + UINT32 publicInfoSize; + BYTE *publicInfo; + TPM_ENCAUTH encDelAuth; + TPM_AUTH ownerAuth, nullAuth, *pAuth; + UINT32 blobSize; + BYTE *blob; + TSS_RESULT result; + int i; + + memset(&ownerAuth, 0, sizeof(TPM_AUTH)); + memset(&nullAuth, 0, sizeof(TPM_AUTH)); + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_BOOL, 1, &increment, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_UINT32, 2, &publicInfoSize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + publicInfo = malloc(publicInfoSize); + if (publicInfo == NULL) { + LogError("malloc of %u bytes failed.", publicInfoSize); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 3, publicInfo, publicInfoSize, &data->comm)) { + free(publicInfo); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_ENCAUTH, 4, &encDelAuth, 0, &data->comm)) { + free(publicInfo); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_AUTH, 5, &ownerAuth, 0, &data->comm)) { + free(publicInfo); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (memcmp(&nullAuth, &ownerAuth, sizeof(TPM_AUTH))) + pAuth = &ownerAuth; + else + pAuth = NULL; + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_Delegate_CreateOwnerDelegation_Internal(hContext, increment, + publicInfoSize, publicInfo, &encDelAuth, pAuth, &blobSize, &blob); + + MUTEX_UNLOCK(tcsp_lock); + free(publicInfo); + + if (result == TSS_SUCCESS) { + i = 0; + initData(&data->comm, 3); + if (pAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, i++, pAuth, 0, &data->comm)) { + free(blob); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &blobSize, 0, &data->comm)) { + free(blob); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, blob, blobSize, &data->comm)) { + free(blob); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(blob); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_Delegate_LoadOwnerDelegation(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TPM_DELEGATE_INDEX index; + UINT32 blobSize; + BYTE *blob; + TPM_AUTH ownerAuth, nullAuth, *pAuth; + TSS_RESULT result; + + memset(&ownerAuth, 0, sizeof(TPM_AUTH)); + memset(&nullAuth, 0, sizeof(TPM_AUTH)); + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &index, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_UINT32, 2, &blobSize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + blob = malloc(blobSize); + if (blob == NULL) { + LogError("malloc of %u bytes failed.", blobSize); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 3, blob, blobSize, &data->comm)) { + free(blob); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_AUTH, 4, &ownerAuth, 0, &data->comm)) { + free(blob); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (memcmp(&nullAuth, &ownerAuth, sizeof(TPM_AUTH))) + pAuth = &ownerAuth; + else + pAuth = NULL; + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_Delegate_LoadOwnerDelegation_Internal(hContext, index, blobSize, blob, + pAuth); + + MUTEX_UNLOCK(tcsp_lock); + free(blob); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 1); + if (pAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 0, pAuth, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_Delegate_ReadTable(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + UINT32 familyTableSize; + BYTE *familyTable; + UINT32 delegateTableSize; + BYTE *delegateTable; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_Delegate_ReadTable_Internal(hContext, &familyTableSize, &familyTable, + &delegateTableSize, &delegateTable); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 4); + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &familyTableSize, 0, &data->comm)) { + free(familyTable); + free(delegateTable); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, 1, familyTable, familyTableSize, &data->comm)) { + free(familyTable); + free(delegateTable); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(familyTable); + + if (setData(TCSD_PACKET_TYPE_UINT32, 2, &delegateTableSize, 0, &data->comm)) { + free(delegateTable); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, 3, delegateTable, delegateTableSize, &data->comm)) { + free(delegateTable); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(delegateTable); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_Delegate_UpdateVerificationCount(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + UINT32 inputSize; + BYTE *input; + TPM_AUTH ownerAuth, nullAuth, *pAuth; + UINT32 outputSize; + BYTE *output; + TSS_RESULT result; + int i; + + memset(&ownerAuth, 0, sizeof(TPM_AUTH)); + memset(&nullAuth, 0, sizeof(TPM_AUTH)); + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &inputSize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + input = malloc(inputSize); + if (input == NULL) { + LogError("malloc of %u bytes failed.", inputSize); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 2, input, inputSize, &data->comm)) { + free(input); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_AUTH, 3, &ownerAuth, 0, &data->comm)) { + free(input); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (memcmp(&nullAuth, &ownerAuth, sizeof(TPM_AUTH))) + pAuth = &ownerAuth; + else + pAuth = NULL; + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_Delegate_UpdateVerificationCount_Internal(hContext, inputSize, input, + pAuth, &outputSize, &output); + + MUTEX_UNLOCK(tcsp_lock); + free(input); + + if (result == TSS_SUCCESS) { + i = 0; + initData(&data->comm, 3); + if (pAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, i++, pAuth, 0, &data->comm)) { + free(output); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &outputSize, 0, &data->comm)) { + free(output); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, output, outputSize, &data->comm)) { + free(output); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(output); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_Delegate_VerifyDelegation(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + UINT32 delegateSize; + BYTE *delegate; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &delegateSize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + delegate = malloc(delegateSize); + if (delegate == NULL) { + LogError("malloc of %u bytes failed.", delegateSize); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 2, delegate, delegateSize, &data->comm)) { + free(delegate); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_Delegate_VerifyDelegation_Internal(hContext, delegateSize, delegate); + + MUTEX_UNLOCK(tcsp_lock); + free(delegate); + + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_DSAP(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + UINT16 entityType; + TCS_KEY_HANDLE keyHandle; + TPM_NONCE nonceOddDSAP, nonceEven, nonceEvenDSAP; + UINT32 entityValueSize; + BYTE *entityValue; + TCS_AUTHHANDLE authHandle; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT16, 1, &entityType, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT32, 2, &keyHandle, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_NONCE, 3, &nonceOddDSAP, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT32, 4, &entityValueSize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + entityValue = malloc(entityValueSize); + if (entityValue == NULL) { + LogError("malloc of %u bytes failed.", entityValueSize); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 5, entityValue, entityValueSize, &data->comm)) { + free(entityValue); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_DSAP_Internal(hContext, entityType, keyHandle, &nonceOddDSAP, entityValueSize, + entityValue, &authHandle, &nonceEven, &nonceEvenDSAP); + + MUTEX_UNLOCK(tcsp_lock); + free(entityValue); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 3); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &authHandle, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_NONCE, 1, &nonceEven, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_NONCE, 2, &nonceEvenDSAP, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + diff --git a/src/tcs/rpc/tcstp/rpc_dir.c b/src/tcs/rpc/tcstp/rpc_dir.c new file mode 100644 index 0000000..47baec6 --- /dev/null +++ b/src/tcs/rpc/tcstp/rpc_dir.c @@ -0,0 +1,103 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcs_utils.h" +#include "rpc_tcstp_tcs.h" + + +TSS_RESULT +tcs_wrap_DirWriteAuth(struct tcsd_thread_data *data) +{ + TSS_RESULT result; + TSS_HCONTEXT hContext; + TCPA_DIRINDEX dirIndex; + TCPA_DIGEST dirDigest; + TPM_AUTH auth; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &dirIndex, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_DIGEST, 2, &dirDigest, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_AUTH, 3, &auth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_DirWriteAuth_Internal(hContext, dirIndex, dirDigest, &auth); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 1); + if (setData(TCSD_PACKET_TYPE_AUTH, 0, &auth, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_DirRead(struct tcsd_thread_data *data) +{ + TSS_RESULT result; + TSS_HCONTEXT hContext; + TCPA_DIRINDEX dirIndex; + TCPA_DIRVALUE dirValue; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &dirIndex, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_DirRead_Internal(hContext, dirIndex, &dirValue); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 1); + if (setData(TCSD_PACKET_TYPE_DIGEST, 0, &dirValue, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} diff --git a/src/tcs/rpc/tcstp/rpc_ek.c b/src/tcs/rpc/tcstp/rpc_ek.c new file mode 100644 index 0000000..0b49718 --- /dev/null +++ b/src/tcs/rpc/tcstp/rpc_ek.c @@ -0,0 +1,324 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcs_utils.h" +#include "rpc_tcstp_tcs.h" + + +TSS_RESULT +tcs_wrap_CreateEndorsementKeyPair(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TCPA_NONCE antiReplay; + UINT32 eKPtrSize; + BYTE *eKPtr; + UINT32 eKSize; + BYTE* eK; + TCPA_DIGEST checksum; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_NONCE, 1, &antiReplay, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_UINT32, 2, &eKPtrSize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + eKPtr = calloc(1, eKPtrSize); + if (eKPtr == NULL) { + LogError("malloc of %u bytes failed.", eKPtrSize); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 3, eKPtr, eKPtrSize, &data->comm)) { + free(eKPtr); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_CreateEndorsementKeyPair_Internal(hContext, antiReplay, eKPtrSize, eKPtr, + &eKSize, &eK, &checksum); + + MUTEX_UNLOCK(tcsp_lock); + + free(eKPtr); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 3); + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &eKSize, 0, &data->comm)) { + free(eK); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, 1, eK, eKSize, &data->comm)) { + free(eK); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(eK); + if (setData(TCSD_PACKET_TYPE_DIGEST, 2, &checksum, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_ReadPubek(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TCPA_NONCE antiReplay; + UINT32 pubEKSize; + BYTE *pubEK; + TCPA_DIGEST checksum; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_NONCE, 1, &antiReplay, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_ReadPubek_Internal(hContext, antiReplay, &pubEKSize, &pubEK, &checksum); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 3); + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &pubEKSize, 0, &data->comm)) { + free(pubEK); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, 1, pubEK, pubEKSize, &data->comm)) { + free(pubEK); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(pubEK); + if (setData(TCSD_PACKET_TYPE_DIGEST, 2, &checksum, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_OwnerReadPubek(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + UINT32 pubEKSize; + BYTE *pubEK; + TSS_RESULT result; + TPM_AUTH auth; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_AUTH, 1, &auth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_OwnerReadPubek_Internal(hContext, &auth, &pubEKSize, &pubEK); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 3); + if (setData(TCSD_PACKET_TYPE_AUTH, 0, &auth, 0, &data->comm)) { + free(pubEK); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &pubEKSize, 0, &data->comm)) { + free(pubEK); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, 2, pubEK, pubEKSize, &data->comm)) { + free(pubEK); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(pubEK); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_DisablePubekRead(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_RESULT result; + TPM_AUTH auth; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_AUTH, 1, &auth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_DisablePubekRead_Internal(hContext, &auth); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 1); + if (setData(TCSD_PACKET_TYPE_AUTH, 0, &auth, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} + +#ifdef TSS_BUILD_TSS12 +TSS_RESULT +tcs_wrap_CreateRevocableEndorsementKeyPair(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TPM_NONCE antiReplay; + UINT32 eKPtrSize; + BYTE *eKPtr; + TSS_BOOL genResetAuth; + TPM_DIGEST eKResetAuth; + UINT32 eKSize; + BYTE* eK; + TPM_DIGEST checksum; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_NONCE, 1, &antiReplay, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_UINT32, 2, &eKPtrSize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + eKPtr = calloc(1, eKPtrSize); + if (eKPtr == NULL) { + LogError("malloc of %d bytes failed.", eKPtrSize); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 3, eKPtr, eKPtrSize, &data->comm)) { + free(eKPtr); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_BOOL, 4, &genResetAuth, 0, &data->comm)) { + free(eKPtr); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_DIGEST, 5, &eKResetAuth, 0, &data->comm)) { + free(eKPtr); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_CreateRevocableEndorsementKeyPair_Internal(hContext, antiReplay, + eKPtrSize, eKPtr, genResetAuth, &eKResetAuth, &eKSize, &eK, &checksum); + + MUTEX_UNLOCK(tcsp_lock); + + free(eKPtr); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 4); + if (setData(TCSD_PACKET_TYPE_DIGEST, 0, &eKResetAuth, 0, &data->comm)) { + free(eK); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &eKSize, 0, &data->comm)) { + free(eK); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, 2, eK, eKSize, &data->comm)) { + free(eK); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(eK); + if (setData(TCSD_PACKET_TYPE_DIGEST, 3, &checksum, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_RevokeEndorsementKeyPair(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TPM_DIGEST eKResetAuth; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_DIGEST, 1, &eKResetAuth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_RevokeEndorsementKeyPair_Internal(hContext, eKResetAuth); + + MUTEX_UNLOCK(tcsp_lock); + + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} +#endif diff --git a/src/tcs/rpc/tcstp/rpc_evlog.c b/src/tcs/rpc/tcstp/rpc_evlog.c new file mode 100644 index 0000000..12c4151 --- /dev/null +++ b/src/tcs/rpc/tcstp/rpc_evlog.c @@ -0,0 +1,285 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcs_utils.h" +#include "rpc_tcstp_tcs.h" + + +TSS_RESULT +tcs_wrap_GetPcrEvent(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_PCR_EVENT *pEvent = NULL; + TSS_RESULT result; + UINT32 pcrIndex, number; + BYTE lengthOnly; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &pcrIndex, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_UINT32, 2, &number, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_BYTE, 3, &lengthOnly, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (lengthOnly) + result = TCS_GetPcrEvent_Internal(hContext, pcrIndex, &number, NULL); + else + result = TCS_GetPcrEvent_Internal(hContext, pcrIndex, &number, &pEvent); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 2); + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &number, 0, &data->comm)) { + if (lengthOnly == FALSE) + free_external_events(1, pEvent); + free(pEvent); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (lengthOnly == FALSE) { + if (setData(TCSD_PACKET_TYPE_PCR_EVENT, 1, pEvent, 0, &data->comm)) { + free_external_events(1, pEvent); + free(pEvent); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free_external_events(1, pEvent); + free(pEvent); + } + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + + +TSS_RESULT +tcs_wrap_GetPcrEventsByPcr(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_PCR_EVENT *ppEvents = NULL; + TSS_RESULT result; + UINT32 firstEvent, eventCount, totalSize, pcrIndex, i, j; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &pcrIndex, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_UINT32, 2, &firstEvent, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_UINT32, 3, &eventCount, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + result = TCS_GetPcrEventsByPcr_Internal(hContext, pcrIndex, firstEvent, &eventCount, &ppEvents); + + if (result == TSS_SUCCESS) { + /* XXX totalSize not used */ + for (i = 0, totalSize = 0; i < eventCount; i++) + totalSize += get_pcr_event_size(&(ppEvents[i])); + + initData(&data->comm, eventCount + 1); + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &eventCount, 0, &data->comm)) { + free_external_events(eventCount, ppEvents); + free(ppEvents); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + i = 1; + for (j = 0; j < eventCount; j++) { + if (setData(TCSD_PACKET_TYPE_PCR_EVENT, i++, &(ppEvents[j]), 0, &data->comm)) { + free_external_events(eventCount, ppEvents); + free(ppEvents); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + + free_external_events(eventCount, ppEvents); + free(ppEvents); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_GetPcrEventLog(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_PCR_EVENT *ppEvents; + TSS_RESULT result; + UINT32 eventCount, totalSize, i, j; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + result = TCS_GetPcrEventLog_Internal(hContext, &eventCount, &ppEvents); + + if (result == TSS_SUCCESS) { + for (i = 0, totalSize = 0; i < eventCount; i++) + totalSize += get_pcr_event_size(&(ppEvents[i])); + + initData(&data->comm, eventCount + 1); + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &eventCount, 0, &data->comm)) { + free_external_events(eventCount, ppEvents); + free(ppEvents); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + i = 1; + for (j = 0; j < eventCount; j++) { + if (setData(TCSD_PACKET_TYPE_PCR_EVENT, i++, &(ppEvents[j]), 0, &data->comm)) { + free_external_events(eventCount, ppEvents); + free(ppEvents); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + + free_external_events(eventCount, ppEvents); + free(ppEvents); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_LogPcrEvent(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_PCR_EVENT event; + TSS_RESULT result; + UINT32 number; + + /* Receive */ + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_PCR_EVENT , 1, &event, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + result = TCS_LogPcrEvent_Internal(hContext, event, &number); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 1); + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &number, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +void +LoadBlob_PCR_EVENT(UINT64 *offset, BYTE *blob, TSS_PCR_EVENT *event) +{ + LoadBlob_VERSION(offset, blob, (TPM_VERSION *)&(event->versionInfo)); + LoadBlob_UINT32(offset, event->ulPcrIndex, blob); + LoadBlob_UINT32(offset, event->eventType, blob); + + LoadBlob_UINT32(offset, event->ulPcrValueLength, blob); + if (event->ulPcrValueLength > 0) + LoadBlob(offset, event->ulPcrValueLength, blob, event->rgbPcrValue); + + LoadBlob_UINT32(offset, event->ulEventLength, blob); + if (event->ulEventLength > 0) + LoadBlob(offset, event->ulEventLength, blob, event->rgbEvent); + +} + +TSS_RESULT +UnloadBlob_PCR_EVENT(UINT64 *offset, BYTE *blob, TSS_PCR_EVENT *event) +{ + if (!event) { + UINT32 ulPcrValueLength, ulEventLength; + + UnloadBlob_VERSION(offset, blob, NULL); + UnloadBlob_UINT32(offset, NULL, blob); + UnloadBlob_UINT32(offset, NULL, blob); + + UnloadBlob_UINT32(offset, &ulPcrValueLength, blob); + (*offset) += ulPcrValueLength; + + UnloadBlob_UINT32(offset, &ulEventLength, blob); + (*offset) += ulEventLength; + + return TSS_SUCCESS; + } + + UnloadBlob_VERSION(offset, blob, (TPM_VERSION *)&(event->versionInfo)); + UnloadBlob_UINT32(offset, &event->ulPcrIndex, blob); + UnloadBlob_UINT32(offset, &event->eventType, blob); + + UnloadBlob_UINT32(offset, &event->ulPcrValueLength, blob); + if (event->ulPcrValueLength > 0) { + event->rgbPcrValue = malloc(event->ulPcrValueLength); + if (event->rgbPcrValue == NULL) { + LogError("malloc of %u bytes failed.", event->ulPcrValueLength); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + UnloadBlob(offset, event->ulPcrValueLength, blob, event->rgbPcrValue); + } else { + event->rgbPcrValue = NULL; + } + + UnloadBlob_UINT32(offset, &event->ulEventLength, blob); + if (event->ulEventLength > 0) { + event->rgbEvent = malloc(event->ulEventLength); + if (event->rgbEvent == NULL) { + LogError("malloc of %u bytes failed.", event->ulEventLength); + free(event->rgbPcrValue); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + UnloadBlob(offset, event->ulEventLength, blob, event->rgbEvent); + } else { + event->rgbEvent = NULL; + } + + return TSS_SUCCESS; +} diff --git a/src/tcs/rpc/tcstp/rpc_key.c b/src/tcs/rpc/tcstp/rpc_key.c new file mode 100644 index 0000000..d3a5153 --- /dev/null +++ b/src/tcs/rpc/tcstp/rpc_key.c @@ -0,0 +1,476 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcs_utils.h" +#include "rpc_tcstp_tcs.h" + + +TSS_RESULT +tcs_wrap_EvictKey(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TCS_KEY_HANDLE hKey; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &hKey, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + MUTEX_LOCK(tcsp_lock); + + result = key_mgr_evict(hContext, hKey); + + MUTEX_UNLOCK(tcsp_lock); + + initData(&data->comm, 0); + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_GetPubkey(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TCS_KEY_HANDLE hKey; + TPM_AUTH auth; + TPM_AUTH *pAuth; + UINT32 pubKeySize; + BYTE *pubKey; + TSS_RESULT result; + int i; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &hKey, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + result = getData(TCSD_PACKET_TYPE_AUTH, 2, &auth, 0, &data->comm); + if (result == TSS_TCP_RPC_BAD_PACKET_TYPE) + pAuth = NULL; + else if (result) + return result; + else + pAuth = &auth; + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_GetPubKey_Internal(hContext, hKey, pAuth, &pubKeySize, &pubKey); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + i = 0; + initData(&data->comm, 3); + if (pAuth != NULL) + if (setData(TCSD_PACKET_TYPE_AUTH, i++, pAuth, 0, &data->comm)) { + free(pubKey); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &pubKeySize, 0, &data->comm)) { + free(pubKey); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, pubKey, pubKeySize, &data->comm)) { + free(pubKey); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(pubKey); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_TerminateHandle(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TCS_AUTHHANDLE authHandle; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &authHandle, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_TerminateHandle_Internal(hContext, authHandle); + + MUTEX_UNLOCK(tcsp_lock); + + initData(&data->comm, 0); + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_LoadKeyByBlob(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TCS_KEY_HANDLE hUnwrappingKey; + UINT32 cWrappedKeyBlob; + BYTE *rgbWrappedKeyBlob; + + TPM_AUTH auth; + + TCS_KEY_HANDLE phKeyTCSI; + TCS_KEY_HANDLE phKeyHMAC; + + TPM_AUTH *pAuth; + TSS_RESULT result; + int i; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &hUnwrappingKey, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT32, 2, &cWrappedKeyBlob, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + rgbWrappedKeyBlob = calloc(1, cWrappedKeyBlob); + if (rgbWrappedKeyBlob == NULL) { + LogError("malloc of %d bytes failed.", cWrappedKeyBlob); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 3, rgbWrappedKeyBlob, cWrappedKeyBlob, &data->comm)) { + free(rgbWrappedKeyBlob); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + result = getData(TCSD_PACKET_TYPE_AUTH, 4, &auth, 0, &data->comm); + if (result == TSS_TCP_RPC_BAD_PACKET_TYPE) + pAuth = NULL; + else if (result) { + free(rgbWrappedKeyBlob); + return result; + } else + pAuth = &auth; + + MUTEX_LOCK(tcsp_lock); + + result = key_mgr_load_by_blob(hContext, hUnwrappingKey, cWrappedKeyBlob, rgbWrappedKeyBlob, + pAuth, &phKeyTCSI, &phKeyHMAC); + + if (!result) + result = ctx_mark_key_loaded(hContext, phKeyTCSI); + + MUTEX_UNLOCK(tcsp_lock); + + free(rgbWrappedKeyBlob); + + if (result == TSS_SUCCESS) { + i = 0; + initData(&data->comm, 3); + if (pAuth != NULL) { + if (setData(TCSD_PACKET_TYPE_AUTH, i++, pAuth, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &phKeyTCSI, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &phKeyHMAC, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +#ifdef TSS_BUILD_TSS12 +TSS_RESULT +tcs_wrap_LoadKey2ByBlob(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TCS_KEY_HANDLE hUnwrappingKey; + UINT32 cWrappedKeyBlob; + BYTE *rgbWrappedKeyBlob; + TPM_AUTH auth; + TCS_KEY_HANDLE phKeyTCSI; + TPM_AUTH *pAuth; + TSS_RESULT result; + int i; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &hUnwrappingKey, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT32, 2, &cWrappedKeyBlob, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + rgbWrappedKeyBlob = calloc(1, cWrappedKeyBlob); + if (rgbWrappedKeyBlob == NULL) { + LogError("malloc of %d bytes failed.", cWrappedKeyBlob); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 3, rgbWrappedKeyBlob, cWrappedKeyBlob, &data->comm)) { + free(rgbWrappedKeyBlob); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + result = getData(TCSD_PACKET_TYPE_AUTH, 4, &auth, 0, &data->comm); + if (result == TSS_TCP_RPC_BAD_PACKET_TYPE) + pAuth = NULL; + else if (result) { + free(rgbWrappedKeyBlob); + return result; + } else + pAuth = &auth; + + MUTEX_LOCK(tcsp_lock); + + result = key_mgr_load_by_blob(hContext, hUnwrappingKey, cWrappedKeyBlob, rgbWrappedKeyBlob, + pAuth, &phKeyTCSI, NULL); + + if (!result) + result = ctx_mark_key_loaded(hContext, phKeyTCSI); + + MUTEX_UNLOCK(tcsp_lock); + + free(rgbWrappedKeyBlob); + + if (result == TSS_SUCCESS) { + i = 0; + initData(&data->comm, 2); + if (pAuth != NULL) { + if (setData(TCSD_PACKET_TYPE_AUTH, i++, pAuth, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &phKeyTCSI, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} +#endif + +TSS_RESULT +tcs_wrap_CreateWrapKey(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TCS_KEY_HANDLE hWrappingKey; + TCPA_ENCAUTH KeyUsageAuth; + TCPA_ENCAUTH KeyMigrationAuth; + UINT32 keyInfoSize; + BYTE *keyInfo; + + TPM_AUTH *pAuth, auth; + + UINT32 keyDataSize; + BYTE *keyData; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &hWrappingKey, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_ENCAUTH, 2, &KeyUsageAuth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_ENCAUTH, 3, &KeyMigrationAuth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT32, 4, &keyInfoSize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + keyInfo = calloc(1, keyInfoSize); + if (keyInfo == NULL) { + LogError("malloc of %d bytes failed.", keyInfoSize); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 5, keyInfo, keyInfoSize, &data->comm)) { + free(keyInfo); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_AUTH, 6, &auth, 0, &data->comm)) + pAuth = NULL; + else + pAuth = &auth; + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_CreateWrapKey_Internal(hContext, hWrappingKey, KeyUsageAuth, KeyMigrationAuth, + keyInfoSize, keyInfo, &keyDataSize, &keyData, pAuth); + + MUTEX_UNLOCK(tcsp_lock); + + free(keyInfo); + if (result == TSS_SUCCESS) { + initData(&data->comm, 3); + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &keyDataSize, 0, &data->comm)) { + free(keyData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, 1, keyData, keyDataSize, &data->comm)) { + free(keyData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(keyData); + if (pAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 2, pAuth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +#ifdef TSS_BUILD_TSS12 +TSS_RESULT +tcs_wrap_OwnerReadInternalPub(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TCS_KEY_HANDLE hKey; + TPM_AUTH ownerAuth; + UINT32 pubKeySize; + BYTE *pubKeyData; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &hKey, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_AUTH, 2, &ownerAuth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_OwnerReadInternalPub_Internal(hContext, hKey, &ownerAuth, &pubKeySize, &pubKeyData); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 3); + if (setData(TCSD_PACKET_TYPE_AUTH, 0, &ownerAuth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &pubKeySize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 2, pubKeyData, pubKeySize, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_KeyControlOwner(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TCS_KEY_HANDLE hKey; + UINT32 ulPublicKeyLength; + BYTE* rgbPublicKey; + UINT32 attribName; + TSS_BOOL attribValue; + TPM_AUTH ownerAuth; + TSS_UUID uuidData; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &hKey, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT32, 2, &ulPublicKeyLength, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + rgbPublicKey = (BYTE *) malloc(ulPublicKeyLength); + if (rgbPublicKey == NULL) { + LogError("malloc of %u bytes failed.", ulPublicKeyLength); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 3, rgbPublicKey, ulPublicKeyLength, &data->comm)) { + free(rgbPublicKey); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_UINT32, 4, &attribName, 0, &data->comm)) { + free(rgbPublicKey); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_BOOL, 5, &attribValue, 0, &data->comm)) { + free(rgbPublicKey); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_AUTH, 6, &ownerAuth, 0, &data->comm)) { + free(rgbPublicKey); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_KeyControlOwner_Internal(hContext, hKey, ulPublicKeyLength, rgbPublicKey, + attribName, attribValue, &ownerAuth, &uuidData); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 2); + if (setData(TCSD_PACKET_TYPE_AUTH, 0, &ownerAuth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UUID, 1, &uuidData, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; + +} +#endif diff --git a/src/tcs/rpc/tcstp/rpc_maint.c b/src/tcs/rpc/tcstp/rpc_maint.c new file mode 100644 index 0000000..f51a4f2 --- /dev/null +++ b/src/tcs/rpc/tcstp/rpc_maint.c @@ -0,0 +1,283 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcs_utils.h" +#include "rpc_tcstp_tcs.h" + + +TSS_RESULT +tcs_wrap_KillMaintenanceFeature(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_RESULT result; + TPM_AUTH ownerAuth; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_AUTH, 1, &ownerAuth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_KillMaintenanceFeature_Internal(hContext, &ownerAuth); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 1); + if (setData(TCSD_PACKET_TYPE_AUTH, 0, &ownerAuth, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_CreateMaintenanceArchive(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_RESULT result; + TPM_AUTH ownerAuth; + TSS_BOOL generateRandom; + UINT32 randomSize, archiveSize; + BYTE *random, *archive; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_BOOL, 1, &generateRandom, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_AUTH, 2, &ownerAuth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_CreateMaintenanceArchive_Internal(hContext, generateRandom, &ownerAuth, + &randomSize, &random, &archiveSize, + &archive); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 5); + if (setData(TCSD_PACKET_TYPE_AUTH, 0, &ownerAuth, 0, &data->comm)) { + free(random); + free(archive); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &randomSize, 0, &data->comm)) { + free(random); + free(archive); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, 2, random, randomSize, &data->comm)) { + free(random); + free(archive); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (setData(TCSD_PACKET_TYPE_UINT32, 3, &archiveSize, 0, &data->comm)) { + free(random); + free(archive); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, 4, archive, archiveSize, &data->comm)) { + free(random); + free(archive); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + free(random); + free(archive); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_LoadMaintenanceArchive(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_RESULT result; + TPM_AUTH ownerAuth; + UINT32 dataInSize, dataOutSize; + BYTE *dataIn, *dataOut; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &dataInSize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + dataIn = (BYTE *)malloc(dataInSize); + if (dataIn == NULL) { + LogError("malloc of %d bytes failed.", dataInSize); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 2, dataIn, dataInSize, &data->comm)) { + free(dataIn); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_AUTH, 3, &ownerAuth, 0, &data->comm)) { + free(dataIn); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_LoadMaintenanceArchive_Internal(hContext, dataInSize, dataIn, &ownerAuth, + &dataOutSize, &dataOut); + + MUTEX_UNLOCK(tcsp_lock); + free(dataIn); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 3); + if (setData(TCSD_PACKET_TYPE_AUTH, 0, &ownerAuth, 0, &data->comm)) { + free(dataOut); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &dataOutSize, 0, &data->comm)) { + free(dataOut); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, 2, dataOut, dataOutSize, &data->comm)) { + free(dataOut); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + free(dataOut); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_LoadManuMaintPub(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_RESULT result; + UINT32 pubKeySize; + BYTE *pubKey; + TCPA_NONCE antiReplay; + TCPA_DIGEST checksum; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_NONCE, 1, &antiReplay, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_UINT32, 2, &pubKeySize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + pubKey = (BYTE *)malloc(pubKeySize); + if (pubKey == NULL) { + LogError("malloc of %d bytes failed.", pubKeySize); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_PBYTE, 3, pubKey, pubKeySize, &data->comm)) { + free(pubKey); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_LoadManuMaintPub_Internal(hContext, antiReplay, pubKeySize, pubKey, + &checksum); + + MUTEX_UNLOCK(tcsp_lock); + free(pubKey); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 1); + if (setData(TCSD_PACKET_TYPE_DIGEST, 0, &checksum, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_ReadManuMaintPub(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_RESULT result; + TCPA_NONCE antiReplay; + TCPA_DIGEST checksum; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_NONCE, 1, &antiReplay, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_ReadManuMaintPub_Internal(hContext, antiReplay, &checksum); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 1); + if (setData(TCSD_PACKET_TYPE_DIGEST, 0, &checksum, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} diff --git a/src/tcs/rpc/tcstp/rpc_migration.c b/src/tcs/rpc/tcstp/rpc_migration.c new file mode 100644 index 0000000..5233096 --- /dev/null +++ b/src/tcs/rpc/tcstp/rpc_migration.c @@ -0,0 +1,321 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcs_utils.h" +#include "rpc_tcstp_tcs.h" + + +TSS_RESULT +tcs_wrap_CreateMigrationBlob(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_RESULT result; + TCS_KEY_HANDLE parentHandle; + TSS_MIGRATE_SCHEME migrationType; + UINT32 MigrationKeyAuthSize, encDataSize, randomSize, outDataSize; + BYTE *MigrationKeyAuth, *encData, *random, *outData; + TPM_AUTH auth1, auth2, *pParentAuth, *pEntityAuth; + UINT32 i; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &parentHandle, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT16, 2, &migrationType, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_UINT32, 3, &MigrationKeyAuthSize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + MigrationKeyAuth = (BYTE *)malloc(MigrationKeyAuthSize); + if (MigrationKeyAuth == NULL) { + LogError("malloc of %d bytes failed.", MigrationKeyAuthSize); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 4, MigrationKeyAuth, MigrationKeyAuthSize, &data->comm)) { + free(MigrationKeyAuth); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_UINT32, 5, &encDataSize, 0, &data->comm)) { + free(MigrationKeyAuth); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + encData = (BYTE *)malloc(encDataSize); + if (encData == NULL) { + free(MigrationKeyAuth); + LogError("malloc of %d bytes failed.", encDataSize); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 6, encData, encDataSize, &data->comm)) { + free(MigrationKeyAuth); + free(encData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_AUTH, 7, &auth1, 0, &data->comm)) { + free(MigrationKeyAuth); + free(encData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_AUTH, 8, &auth2, 0, &data->comm)) { + /* If loading the 2nd auth fails, the first one was entity auth */ + pParentAuth = NULL; + pEntityAuth = &auth1; + } else { + /* If loading the 2nd auth succeeds, the first one was parent auth */ + pParentAuth = &auth1; + pEntityAuth = &auth2; + } + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_CreateMigrationBlob_Internal(hContext, parentHandle, migrationType, + MigrationKeyAuthSize, MigrationKeyAuth, + encDataSize, encData, pParentAuth, pEntityAuth, + &randomSize, &random, &outDataSize, &outData); + + MUTEX_UNLOCK(tcsp_lock); + + free(MigrationKeyAuth); + free(encData); + if (result == TSS_SUCCESS) { + i = 0; + initData(&data->comm, 6); + if (pParentAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, i++, pParentAuth, 0, &data->comm)) { + free(random); + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + + if (setData(TCSD_PACKET_TYPE_AUTH, i++, pEntityAuth, 0, &data->comm)) { + free(random); + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &randomSize, 0, &data->comm)) { + free(random); + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (randomSize > 0) { + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, random, randomSize, &data->comm)) { + free(random); + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &outDataSize, 0, &data->comm)) { + free(random); + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, outData, outDataSize, &data->comm)) { + free(random); + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + free(random); + free(outData); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_ConvertMigrationBlob(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_RESULT result; + TCS_KEY_HANDLE parentHandle; + UINT32 outDataSize, randomSize, inDataSize; + BYTE *outData, *random, *inData; + TPM_AUTH parentAuth, *pParentAuth; + UINT32 i; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &parentHandle, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_UINT32, 2, &inDataSize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + inData = (BYTE *)malloc(inDataSize); + if (inData == NULL) { + LogError("malloc of %d bytes failed.", inDataSize); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 3, inData, inDataSize, &data->comm)) { + free(inData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_UINT32, 4, &randomSize, 0, &data->comm)) { + free(inData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + random = (BYTE *)malloc(randomSize); + if (random == NULL) { + free(inData); + LogError("malloc of %d bytes failed.", randomSize); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 5, random, randomSize, &data->comm)) { + free(inData); + free(random); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_AUTH, 6, &parentAuth, 0, &data->comm)) + pParentAuth = NULL; + else + pParentAuth = &parentAuth; + + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_ConvertMigrationBlob_Internal(hContext, parentHandle, inDataSize, inData, + randomSize, random, pParentAuth, &outDataSize, + &outData); + + MUTEX_UNLOCK(tcsp_lock); + + free(inData); + free(random); + if (result == TSS_SUCCESS) { + i = 0; + initData(&data->comm, 3); + if (pParentAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, i++, pParentAuth, 0, &data->comm)) { + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &outDataSize, 0, &data->comm)) { + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, outData, outDataSize, &data->comm)) { + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + free(outData); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_AuthorizeMigrationKey(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_RESULT result; + TSS_MIGRATE_SCHEME migrateScheme; + UINT32 MigrationKeySize, MigrationKeyAuthSize; + BYTE *MigrationKey, *MigrationKeyAuth; + TPM_AUTH ownerAuth; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT16, 1, &migrateScheme, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_UINT32, 2, &MigrationKeySize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + MigrationKey = (BYTE *)malloc(MigrationKeySize); + if (MigrationKey == NULL) { + LogError("malloc of %d bytes failed.", MigrationKeySize); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 3, MigrationKey, MigrationKeySize, &data->comm)) { + free(MigrationKey); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_AUTH, 4, &ownerAuth, 0, &data->comm)) { + free(MigrationKey); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_AuthorizeMigrationKey_Internal(hContext, migrateScheme, MigrationKeySize, + MigrationKey, &ownerAuth, + &MigrationKeyAuthSize, &MigrationKeyAuth); + + MUTEX_UNLOCK(tcsp_lock); + + free(MigrationKey); + if (result == TSS_SUCCESS) { + initData(&data->comm, 3); + if (setData(TCSD_PACKET_TYPE_AUTH, 0, &ownerAuth, 0, &data->comm)) { + free(MigrationKeyAuth); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &MigrationKeyAuthSize, 0, &data->comm)) { + free(MigrationKeyAuth); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, 2, MigrationKeyAuth, MigrationKeyAuthSize, + &data->comm)) { + free(MigrationKeyAuth); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + free(MigrationKeyAuth); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} diff --git a/src/tcs/rpc/tcstp/rpc_nv.c b/src/tcs/rpc/tcstp/rpc_nv.c new file mode 100644 index 0000000..71c170d --- /dev/null +++ b/src/tcs/rpc/tcstp/rpc_nv.c @@ -0,0 +1,344 @@ +/* + * The Initial Developer of the Original Code is Intel Corporation. + * Portions created by Intel Corporation are Copyright (C) 2007 Intel Corporation. + * All Rights Reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the Common Public License as published by + * IBM Corporation; either version 1 of the License, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * Common Public License for more details. + * + * You should have received a copy of the Common Public License + * along with this program; if not, a copy can be viewed at + * http://www.opensource.org/licenses/cpl1.0.php. + * + * trousers - An open source TCG Software Stack + * + * Author: james.xu@intel.com Rossey.liu@intel.com + * + */ + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcs_utils.h" +#include "rpc_tcstp_tcs.h" + + +TSS_RESULT +tcs_wrap_NV_DefineOrReleaseSpace(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + UINT32 cPubInfoSize; + BYTE *pubInfo = NULL; + TSS_RESULT result; + TPM_ENCAUTH encAuth; + TPM_AUTH Auth, *pAuth; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &cPubInfoSize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + pubInfo = calloc(1, cPubInfoSize); + if (pubInfo == NULL) { + LogError("malloc of %u bytes failed.", cPubInfoSize); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + if (getData(TCSD_PACKET_TYPE_PBYTE, 2, pubInfo, cPubInfoSize, &data->comm)) { + free(pubInfo); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_ENCAUTH, 3, &encAuth, 0, &data->comm)) { + free(pubInfo); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_AUTH, 4, &Auth, 0, &data->comm)) + pAuth = NULL; + else + pAuth = &Auth; + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_NV_DefineOrReleaseSpace_Internal(hContext, + cPubInfoSize, pubInfo, encAuth, pAuth); + + MUTEX_UNLOCK(tcsp_lock); + + free(pubInfo); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 1); + if ( pAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 0, pAuth, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_NV_WriteValue(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_NV_INDEX hNVStore; + UINT32 offset,ulDataLength; + BYTE *rgbDataToWrite = NULL; + TSS_RESULT result; + TPM_AUTH Auth, *pAuth; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &hNVStore, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_UINT32, 2, &offset, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_UINT32, 3, &ulDataLength, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + rgbDataToWrite = calloc(1, ulDataLength); + if (rgbDataToWrite == NULL) { + LogError("malloc of %u bytes failed.", ulDataLength); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + if (getData(TCSD_PACKET_TYPE_PBYTE, 4, rgbDataToWrite, ulDataLength, &data->comm)) { + free(rgbDataToWrite); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_AUTH, 5, &Auth, 0, &data->comm)) + pAuth = NULL; + else + pAuth = &Auth; + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_NV_WriteValue_Internal(hContext, hNVStore, + offset, ulDataLength, rgbDataToWrite, pAuth); + + MUTEX_UNLOCK(tcsp_lock); + + free(rgbDataToWrite); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 1); + if (pAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 0, pAuth, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_NV_WriteValueAuth(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_NV_INDEX hNVStore; + UINT32 offset,ulDataLength; + BYTE *rgbDataToWrite = NULL; + TSS_RESULT result; + TPM_AUTH Auth, *pAuth; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &hNVStore, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_UINT32, 2, &offset, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_UINT32, 3, &ulDataLength, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + rgbDataToWrite = calloc(1, ulDataLength); + if (rgbDataToWrite == NULL) { + LogError("malloc of %u bytes failed.", ulDataLength); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + if (getData(TCSD_PACKET_TYPE_PBYTE, 4, rgbDataToWrite, ulDataLength, &data->comm)) { + free(rgbDataToWrite); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_AUTH, 5, &Auth, 0, &data->comm)) + pAuth = NULL; + else + pAuth = &Auth; + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_NV_WriteValueAuth_Internal(hContext, hNVStore, + offset, ulDataLength, rgbDataToWrite, pAuth); + + MUTEX_UNLOCK(tcsp_lock); + + free(rgbDataToWrite); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 1); + if ( pAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 0, pAuth, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_NV_ReadValue(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_NV_INDEX hNVStore; + UINT32 offset,ulDataLength, i; + BYTE *rgbDataRead = NULL; + TSS_RESULT result; + TPM_AUTH Auth, *pAuth; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &hNVStore, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_UINT32, 2, &offset, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_UINT32, 3, &ulDataLength, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_AUTH, 4, &Auth, 0, &data->comm)) + pAuth = NULL; + else + pAuth = &Auth; + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_NV_ReadValue_Internal(hContext, hNVStore, + offset, &ulDataLength, pAuth, &rgbDataRead); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + i = 0; + initData(&data->comm, 3); + if ( pAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, i++, pAuth, 0, &data->comm)) { + free(rgbDataRead); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &ulDataLength, 0, &data->comm)) { + free(rgbDataRead); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, rgbDataRead, ulDataLength, &data->comm)) { + free(rgbDataRead); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(rgbDataRead); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_NV_ReadValueAuth(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_NV_INDEX hNVStore; + UINT32 offset,ulDataLength, i; + BYTE *rgbDataRead = NULL; + TSS_RESULT result; + TPM_AUTH NVAuth, *pNVAuth; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &hNVStore, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_UINT32, 2, &offset, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_UINT32, 3, &ulDataLength, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_AUTH, 4, &NVAuth, 0, &data->comm)) { + pNVAuth = NULL; + } else { + pNVAuth = &NVAuth; + } + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_NV_ReadValueAuth_Internal(hContext, hNVStore, + offset, &ulDataLength, pNVAuth, &rgbDataRead); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + i = 0; + initData(&data->comm, 3); + if ( pNVAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, i++, pNVAuth, 0, &data->comm)) { + free(rgbDataRead); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &ulDataLength, 0, &data->comm)) { + free(rgbDataRead); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, rgbDataRead, ulDataLength, &data->comm)) { + free(rgbDataRead); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(rgbDataRead); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} + diff --git a/src/tcs/rpc/tcstp/rpc_oper.c b/src/tcs/rpc/tcstp/rpc_oper.c new file mode 100644 index 0000000..8e097be --- /dev/null +++ b/src/tcs/rpc/tcstp/rpc_oper.c @@ -0,0 +1,57 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcs_utils.h" +#include "rpc_tcstp_tcs.h" + + +TSS_RESULT +tcs_wrap_SetOperatorAuth(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TCPA_SECRET operatorAuth; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_SECRET, 1, &operatorAuth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_SetOperatorAuth_Internal(hContext, &operatorAuth); + + MUTEX_UNLOCK(tcsp_lock); + + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + diff --git a/src/tcs/rpc/tcstp/rpc_own.c b/src/tcs/rpc/tcstp/rpc_own.c new file mode 100644 index 0000000..beb2a8c --- /dev/null +++ b/src/tcs/rpc/tcstp/rpc_own.c @@ -0,0 +1,170 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcs_utils.h" +#include "rpc_tcstp_tcs.h" + + +TSS_RESULT +tcs_wrap_TakeOwnership(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + UINT16 protocolID; + UINT32 encOwnerAuthSize; + BYTE *encOwnerAuth; + UINT32 encSrkAuthSize; + BYTE *encSrkAuth; + UINT32 srkInfoSize; + BYTE *srkInfo; + TPM_AUTH ownerAuth; + + UINT32 srkKeySize; + BYTE *srkKey; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT16, 1, &protocolID, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT32, 2, &encOwnerAuthSize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + encOwnerAuth = calloc(1, encOwnerAuthSize); + if (encOwnerAuth == NULL) { + LogError("malloc of %d bytes failed.", encOwnerAuthSize); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 3, encOwnerAuth, encOwnerAuthSize, &data->comm)) { + free(encOwnerAuth); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_UINT32, 4, &encSrkAuthSize, 0, &data->comm)) { + free(encOwnerAuth); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + encSrkAuth = calloc(1, encSrkAuthSize); + if (encSrkAuth == NULL) { + LogError("malloc of %d bytes failed.", encSrkAuthSize); + free(encOwnerAuth); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 5, encSrkAuth, encSrkAuthSize, &data->comm)) { + free(encOwnerAuth); + free(encSrkAuth); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_UINT32, 6, &srkInfoSize, 0, &data->comm)) { + free(encOwnerAuth); + free(encSrkAuth); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + srkInfo = calloc(1, srkInfoSize); + if (srkInfo == NULL) { + LogError("malloc of %d bytes failed.", srkInfoSize); + free(encOwnerAuth); + free(encSrkAuth); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 7, srkInfo, srkInfoSize, &data->comm)) { + free(encOwnerAuth); + free(encSrkAuth); + free(srkInfo); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_AUTH, 8, &ownerAuth, 0, &data->comm)) { + free(encOwnerAuth); + free(encSrkAuth); + free(srkInfo); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_TakeOwnership_Internal(hContext, protocolID, encOwnerAuthSize, encOwnerAuth, + encSrkAuthSize, encSrkAuth, srkInfoSize, srkInfo, + &ownerAuth, &srkKeySize, &srkKey); + + MUTEX_UNLOCK(tcsp_lock); + free(encOwnerAuth); + free(encSrkAuth); + free(srkInfo); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 3); + if (setData(TCSD_PACKET_TYPE_AUTH, 0, &ownerAuth, 0, &data->comm)) { + free(srkKey); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &srkKeySize, 0, &data->comm)) { + free(srkKey); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, 2, srkKey, srkKeySize, &data->comm)) { + free(srkKey); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(srkKey); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_OwnerClear(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_RESULT result; + TPM_AUTH auth; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_AUTH, 1, &auth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_OwnerClear_Internal(hContext, &auth); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 1); + if (setData(TCSD_PACKET_TYPE_AUTH, 0, &auth, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} diff --git a/src/tcs/rpc/tcstp/rpc_pcr_extend.c b/src/tcs/rpc/tcstp/rpc_pcr_extend.c new file mode 100644 index 0000000..e9fd9cd --- /dev/null +++ b/src/tcs/rpc/tcstp/rpc_pcr_extend.c @@ -0,0 +1,139 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcs_utils.h" +#include "rpc_tcstp_tcs.h" + + +TSS_RESULT +tcs_wrap_Extend(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + UINT32 pcrIndex; + TCPA_DIGEST inDigest; + TSS_RESULT result; + TCPA_DIGEST outDigest; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &pcrIndex, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_DIGEST, 2, &inDigest, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_Extend_Internal(hContext, pcrIndex, inDigest, &outDigest); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 1); + if (setData(TCSD_PACKET_TYPE_DIGEST, 0, &outDigest, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_PcrRead(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + UINT32 pcrIndex; + TCPA_DIGEST digest; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &pcrIndex, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_PcrRead_Internal(hContext, pcrIndex, &digest); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 1); + if (setData(TCSD_PACKET_TYPE_DIGEST, 0, &digest, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_PcrReset(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + UINT32 pcrDataSizeIn; + BYTE *pcrDataIn; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &pcrDataSizeIn, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + pcrDataIn = (BYTE *)malloc(pcrDataSizeIn); + if (pcrDataIn == NULL) { + LogError("malloc of %u bytes failed.", pcrDataSizeIn); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 2, pcrDataIn, pcrDataSizeIn, &data->comm)) { + free(pcrDataIn); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_PcrReset_Internal(hContext, pcrDataSizeIn, pcrDataIn); + + MUTEX_UNLOCK(tcsp_lock); + free(pcrDataIn); + + initData(&data->comm, 0); + data->comm.hdr.u.result = result; + + return result; +} + diff --git a/src/tcs/rpc/tcstp/rpc_ps.c b/src/tcs/rpc/tcstp/rpc_ps.c new file mode 100644 index 0000000..3f6e5a7 --- /dev/null +++ b/src/tcs/rpc/tcstp/rpc_ps.c @@ -0,0 +1,510 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcs_utils.h" +#include "rpc_tcstp_tcs.h" + + +TSS_RESULT +tcs_wrap_RegisterKey(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_UUID WrappingKeyUUID; + TSS_UUID KeyUUID; + UINT32 cKeySize; + BYTE *rgbKey; + UINT32 cVendorData; + BYTE *gbVendorData; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UUID, 1, &WrappingKeyUUID, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UUID, 2, &KeyUUID, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT32, 3, &cKeySize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + rgbKey = calloc(1, cKeySize); + if (rgbKey == NULL) { + LogError("malloc of %d bytes failed.", cKeySize); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 4, rgbKey, cKeySize, &data->comm)) { + free(rgbKey); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_UINT32, 5, &cVendorData, 0, &data->comm)) { + free(rgbKey); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (cVendorData == 0) + gbVendorData = NULL; + else { + gbVendorData = calloc(1, cVendorData); + if (gbVendorData == NULL) { + LogError("malloc of %d bytes failed.", cVendorData); + free(rgbKey); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + if (getData(TCSD_PACKET_TYPE_PBYTE, 6, gbVendorData, cVendorData, &data->comm)) { + free(rgbKey); + free(gbVendorData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + + result = TCS_RegisterKey_Internal(hContext, &WrappingKeyUUID, &KeyUUID, + cKeySize, rgbKey, cVendorData, + gbVendorData); + free(rgbKey); + free(gbVendorData); + + initData(&data->comm, 0); + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_UnregisterKey(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_UUID uuid; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UUID, 1, &uuid, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + result = TCS_UnregisterKey_Internal(hContext, uuid); + + initData(&data->comm, 0); + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_GetRegisteredKeyBlob(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_UUID uuid; + UINT32 pcKeySize; + BYTE *prgbKey; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UUID, 1, &uuid, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + result = TCS_GetRegisteredKeyBlob_Internal(hContext, &uuid, &pcKeySize, + &prgbKey); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 2); + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &pcKeySize, 0, &data->comm)) { + free(prgbKey); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, 1, prgbKey, pcKeySize, &data->comm)) { + free(prgbKey); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(prgbKey); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_LoadKeyByUUID(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_UUID uuid; + TCS_LOADKEY_INFO info, *pInfo; + TCS_KEY_HANDLE phKeyTCSI; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UUID, 1, &uuid, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + result = getData(TCSD_PACKET_TYPE_LOADKEY_INFO, 2, &info, 0, &data->comm); + if (result == TSS_TCP_RPC_BAD_PACKET_TYPE) + pInfo = NULL; + else if (result) + return result; + else + pInfo = &info; + + result = key_mgr_load_by_uuid(hContext, &uuid, pInfo, &phKeyTCSI); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 2); + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &phKeyTCSI, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (pInfo != NULL) { + if (setData(TCSD_PACKET_TYPE_LOADKEY_INFO, 1, pInfo, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + } else { + if (result == TCSERR(TCS_E_KM_LOADFAILED) && pInfo != NULL) { + initData(&data->comm, 1); + if (setData(TCSD_PACKET_TYPE_LOADKEY_INFO, 0, pInfo, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } else + initData(&data->comm, 0); + + } + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_EnumRegisteredKeys(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_UUID uuid, *pUuid; + UINT32 cKeyHierarchySize; + TSS_KM_KEYINFO *pKeyHierarchy; + unsigned int i, j; + TSS_RESULT result; + + /* Receive */ + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + result = getData(TCSD_PACKET_TYPE_UUID , 1, &uuid, 0, &data->comm); + if (result == TSS_TCP_RPC_BAD_PACKET_TYPE) + pUuid = NULL; + else if (result) + return result; + else + pUuid = &uuid; + + result = TCS_EnumRegisteredKeys_Internal( + hContext, + pUuid, + &cKeyHierarchySize, + &pKeyHierarchy); + + if (result == TSS_SUCCESS) { + i=0; + initData(&data->comm, cKeyHierarchySize + 1); + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &cKeyHierarchySize, 0, &data->comm)) { + free(pKeyHierarchy); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + for (j = 0; j < cKeyHierarchySize; j++) { + if (setData(TCSD_PACKET_TYPE_KM_KEYINFO, i++, &pKeyHierarchy[j], 0, &data->comm)) { + free(pKeyHierarchy); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + free(pKeyHierarchy); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_EnumRegisteredKeys2(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_UUID uuid, *pUuid; + UINT32 cKeyHierarchySize; + TSS_KM_KEYINFO2 *pKeyHierarchy; + unsigned int i, j; + TSS_RESULT result; + + /* Receive */ + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + result = getData(TCSD_PACKET_TYPE_UUID , 1, &uuid, 0, &data->comm); + if (result == TSS_TCP_RPC_BAD_PACKET_TYPE) + pUuid = NULL; + else if (result) + return result; + else + pUuid = &uuid; + + result = TCS_EnumRegisteredKeys_Internal2( + hContext, + pUuid, + &cKeyHierarchySize, + &pKeyHierarchy); + + if (result == TSS_SUCCESS) { + i=0; + initData(&data->comm, cKeyHierarchySize + 1); + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &cKeyHierarchySize, 0, &data->comm)) { + free(pKeyHierarchy); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + for (j = 0; j < cKeyHierarchySize; j++) { + if (setData(TCSD_PACKET_TYPE_KM_KEYINFO2, i++, &pKeyHierarchy[j], 0, &data->comm)) { + free(pKeyHierarchy); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + free(pKeyHierarchy); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_GetRegisteredKeyByPublicInfo(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_RESULT result; + UINT32 algId, ulPublicInfoLength, keySize; + BYTE *rgbPublicInfo, *keyBlob; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &algId, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT32, 2, &ulPublicInfoLength, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + rgbPublicInfo = (BYTE *)calloc(1, ulPublicInfoLength); + if (rgbPublicInfo == NULL) { + LogError("malloc of %d bytes failed.", ulPublicInfoLength); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 3, rgbPublicInfo, ulPublicInfoLength, &data->comm)) { + free(rgbPublicInfo); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + result = TCSP_GetRegisteredKeyByPublicInfo_Internal(hContext, algId, + ulPublicInfoLength, rgbPublicInfo, &keySize, &keyBlob); + + free(rgbPublicInfo); + if (result == TSS_SUCCESS) { + initData(&data->comm, 2); + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &keySize, 0, &data->comm)) { + free(keyBlob); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, 1, keyBlob, keySize, &data->comm)) { + free(keyBlob); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(keyBlob); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +void +LoadBlob_LOADKEY_INFO(UINT64 *offset, BYTE *blob, TCS_LOADKEY_INFO *info) +{ + LoadBlob_UUID(offset, blob, info->keyUUID); + LoadBlob_UUID(offset, blob, info->parentKeyUUID); + LoadBlob(offset, TCPA_DIGEST_SIZE, blob, info->paramDigest.digest); + LoadBlob_UINT32(offset, info->authData.AuthHandle, blob); + LoadBlob(offset, TCPA_NONCE_SIZE, blob, info->authData.NonceOdd.nonce); + LoadBlob(offset, TCPA_NONCE_SIZE, blob, info->authData.NonceEven.nonce); + LoadBlob_BOOL(offset, info->authData.fContinueAuthSession, blob); + LoadBlob(offset, TCPA_AUTHDATA_SIZE, blob, (BYTE *)&info->authData.HMAC); +} + +void +UnloadBlob_LOADKEY_INFO(UINT64 *offset, BYTE *blob, TCS_LOADKEY_INFO *info) +{ + if (!info) { + UnloadBlob_UUID(offset, blob, NULL); + UnloadBlob_UUID(offset, blob, NULL); + UnloadBlob(offset, TCPA_DIGEST_SIZE, blob, NULL); + UnloadBlob_UINT32(offset, NULL, blob); + UnloadBlob(offset, TCPA_NONCE_SIZE, blob, NULL); + UnloadBlob(offset, TCPA_NONCE_SIZE, blob, NULL); + UnloadBlob_BOOL(offset, NULL, blob); + UnloadBlob(offset, TCPA_DIGEST_SIZE, blob, NULL); + + return; + } + + UnloadBlob_UUID(offset, blob, &info->keyUUID); + UnloadBlob_UUID(offset, blob, &info->parentKeyUUID); + UnloadBlob(offset, TCPA_DIGEST_SIZE, blob, info->paramDigest.digest); + UnloadBlob_UINT32(offset, &info->authData.AuthHandle, blob); + UnloadBlob(offset, TCPA_NONCE_SIZE, blob, (BYTE *)&info->authData.NonceOdd.nonce); + UnloadBlob(offset, TCPA_NONCE_SIZE, blob, (BYTE *)&info->authData.NonceEven.nonce); + UnloadBlob_BOOL(offset, &info->authData.fContinueAuthSession, blob); + UnloadBlob(offset, TCPA_DIGEST_SIZE, blob, (BYTE *)&info->authData.HMAC); +} + +void +LoadBlob_UUID(UINT64 *offset, BYTE * blob, TSS_UUID uuid) +{ + LoadBlob_UINT32(offset, uuid.ulTimeLow, blob); + LoadBlob_UINT16(offset, uuid.usTimeMid, blob); + LoadBlob_UINT16(offset, uuid.usTimeHigh, blob); + LoadBlob_BYTE(offset, uuid.bClockSeqHigh, blob); + LoadBlob_BYTE(offset, uuid.bClockSeqLow, blob); + LoadBlob(offset, 6, blob, uuid.rgbNode); +} + +void +UnloadBlob_UUID(UINT64 *offset, BYTE * blob, TSS_UUID *uuid) +{ + if (!uuid) { + UnloadBlob_UINT32(offset, NULL, blob); + UnloadBlob_UINT16(offset, NULL, blob); + UnloadBlob_UINT16(offset, NULL, blob); + UnloadBlob_BYTE(offset, NULL, blob); + UnloadBlob_BYTE(offset, NULL, blob); + UnloadBlob(offset, 6, blob, NULL); + + return; + } + + memset(uuid, 0, sizeof(TSS_UUID)); + UnloadBlob_UINT32(offset, &uuid->ulTimeLow, blob); + UnloadBlob_UINT16(offset, &uuid->usTimeMid, blob); + UnloadBlob_UINT16(offset, &uuid->usTimeHigh, blob); + UnloadBlob_BYTE(offset, &uuid->bClockSeqHigh, blob); + UnloadBlob_BYTE(offset, &uuid->bClockSeqLow, blob); + UnloadBlob(offset, 6, blob, uuid->rgbNode); +} + +void +LoadBlob_KM_KEYINFO(UINT64 *offset, BYTE *blob, TSS_KM_KEYINFO *info) +{ + LoadBlob_VERSION(offset, blob, (TPM_VERSION *)&(info->versionInfo)); + LoadBlob_UUID(offset, blob, info->keyUUID); + LoadBlob_UUID(offset, blob, info->parentKeyUUID); + LoadBlob_BYTE(offset, info->bAuthDataUsage, blob); + LoadBlob_BOOL(offset, info->fIsLoaded, blob); + LoadBlob_UINT32(offset, info->ulVendorDataLength, blob); + LoadBlob(offset, info->ulVendorDataLength, blob, info->rgbVendorData); +} + +void +LoadBlob_KM_KEYINFO2(UINT64 *offset, BYTE *blob, TSS_KM_KEYINFO2 *info) +{ + LoadBlob_VERSION(offset, blob, (TPM_VERSION *)&(info->versionInfo)); + LoadBlob_UUID(offset, blob, info->keyUUID); + LoadBlob_UUID(offset, blob, info->parentKeyUUID); + LoadBlob_BYTE(offset, info->bAuthDataUsage, blob); + /* Load the infos of the blob regarding the new data type TSS_KM_KEYINFO2 */ + LoadBlob_UINT32(offset,info->persistentStorageType,blob); + LoadBlob_UINT32(offset, info->persistentStorageTypeParent,blob); + + LoadBlob_BOOL(offset, info->fIsLoaded, blob); + LoadBlob_UINT32(offset, info->ulVendorDataLength, blob); + LoadBlob(offset, info->ulVendorDataLength, blob, info->rgbVendorData); +} + +void +UnloadBlob_KM_KEYINFO(UINT64 *offset, BYTE *blob, TSS_KM_KEYINFO *info) +{ + if (!info) { + UINT32 ulVendorDataLength; + + UnloadBlob_VERSION(offset, blob, NULL); + UnloadBlob_UUID(offset, blob, NULL); + UnloadBlob_UUID(offset, blob, NULL); + UnloadBlob_BYTE(offset, blob, NULL); + UnloadBlob_BOOL(offset, NULL, blob); + UnloadBlob_UINT32(offset, &ulVendorDataLength, blob); + + (*offset) += ulVendorDataLength; + + return; + } + + UnloadBlob_VERSION(offset, blob, (TPM_VERSION *)&(info->versionInfo)); + UnloadBlob_UUID(offset, blob, &info->keyUUID); + UnloadBlob_UUID(offset, blob, &info->parentKeyUUID); + UnloadBlob_BYTE(offset, blob, &info->bAuthDataUsage); + UnloadBlob_BOOL(offset, &info->fIsLoaded, blob); + UnloadBlob_UINT32(offset, &info->ulVendorDataLength, blob); + UnloadBlob(offset, info->ulVendorDataLength, info->rgbVendorData, blob); +} + +#if 0 +void +UnloadBlob_KM_KEYINFO2(UINT64 *offset, BYTE *blob, TSS_KM_KEYINFO2 *info) +{ + UnloadBlob_VERSION(offset, blob, (TCPA_VERSION *)&(info->versionInfo)); + UnloadBlob_UUID(offset, blob, &info->keyUUID); + UnloadBlob_UUID(offset, blob, &info->parentKeyUUID); + UnloadBlob_BYTE(offset, blob, &info->bAuthDataUsage); + + /* Extract the infos of the blob regarding the new data type TSS_KM_KEYINFO2 */ + UnloadBlob_UINT32(offset, &info->persistentStorageType, blob); + UnloadBlob_UINT32(offset, &info->persistentStorageTypeParent, blob); + + UnloadBlob_BOOL(offset, &info->fIsLoaded, blob); + UnloadBlob_UINT32(offset, &info->ulVendorDataLength, blob); + UnloadBlob(offset, info->ulVendorDataLength, info->rgbVendorData, blob); +} +#endif diff --git a/src/tcs/rpc/tcstp/rpc_quote.c b/src/tcs/rpc/tcstp/rpc_quote.c new file mode 100644 index 0000000..aeb469c --- /dev/null +++ b/src/tcs/rpc/tcstp/rpc_quote.c @@ -0,0 +1,126 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcs_utils.h" +#include "rpc_tcstp_tcs.h" + + +TSS_RESULT +tcs_wrap_Quote(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TCS_KEY_HANDLE hKey; + TCPA_NONCE antiReplay; + UINT32 pcrDataSizeIn; + BYTE *pcrDataIn; + + TPM_AUTH privAuth; + TPM_AUTH *pPrivAuth; + + UINT32 pcrDataSizeOut; + BYTE *pcrDataOut; + UINT32 sigSize; + BYTE *sig; + TSS_RESULT result; + + int i; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &hKey, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_NONCE, 2, &antiReplay, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT32, 3, &pcrDataSizeIn, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + pcrDataIn = (BYTE *)calloc(1, pcrDataSizeIn); + if (pcrDataIn == NULL) { + LogError("malloc of %d bytes failed.", pcrDataSizeIn); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 4, pcrDataIn, pcrDataSizeIn, &data->comm)) { + free(pcrDataIn); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + result = getData(TCSD_PACKET_TYPE_AUTH, 5, &privAuth, 0, &data->comm); + if (result == TSS_TCP_RPC_BAD_PACKET_TYPE) + pPrivAuth = NULL; + else if (result) { + free(pcrDataIn); + return result; + } else + pPrivAuth = &privAuth; + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_Quote_Internal(hContext, hKey, antiReplay, pcrDataSizeIn, pcrDataIn, + pPrivAuth, &pcrDataSizeOut, &pcrDataOut, &sigSize, &sig); + + MUTEX_UNLOCK(tcsp_lock); + free(pcrDataIn); + + if (result == TSS_SUCCESS) { + i = 0; + initData(&data->comm, 5); + if (pPrivAuth != NULL) { + if (setData(TCSD_PACKET_TYPE_AUTH, i++, pPrivAuth, 0, &data->comm)) { + free(pcrDataOut); + free(sig); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &pcrDataSizeOut, 0, &data->comm)) { + free(pcrDataOut); + free(sig); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, pcrDataOut, pcrDataSizeOut, &data->comm)) { + free(pcrDataOut); + free(sig); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &sigSize, 0, &data->comm)) { + free(pcrDataOut); + free(sig); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, sig, sigSize, &data->comm)) { + free(pcrDataOut); + free(sig); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + free(pcrDataOut); + free(sig); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} diff --git a/src/tcs/rpc/tcstp/rpc_quote2.c b/src/tcs/rpc/tcstp/rpc_quote2.c new file mode 100644 index 0000000..2a10ead --- /dev/null +++ b/src/tcs/rpc/tcstp/rpc_quote2.c @@ -0,0 +1,163 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcs_utils.h" +#include "rpc_tcstp_tcs.h" + + +TSS_RESULT +tcs_wrap_Quote2(struct tcsd_thread_data *data) +{ + /* Data to be forwarded to the next level */ + TCS_CONTEXT_HANDLE hContext; + TCS_KEY_HANDLE hKey; + TCPA_NONCE antiReplay; + UINT32 pcrDataSizeIn; + BYTE *pcrDataIn; + TSS_BOOL addVersion; + TPM_AUTH privAuth; /* in/out */ + TPM_AUTH *pPrivAuth; + + UINT32 pcrDataSizeOut; + BYTE *pcrDataOut; + + UINT32 versionInfoSize; + BYTE * versionInfo; + + UINT32 sigSize; + BYTE *sig; + TSS_RESULT result; + + int i; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &hKey, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_NONCE, 2, &antiReplay, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT32, 3, &pcrDataSizeIn, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + pcrDataIn = (BYTE *)calloc(1, pcrDataSizeIn); + if (pcrDataIn == NULL) { + LogError("malloc of %u bytes failed.", pcrDataSizeIn); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 4, pcrDataIn, pcrDataSizeIn, &data->comm)) { + free(pcrDataIn); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_BOOL,5,&addVersion, 0, &data->comm)) { + free(pcrDataIn); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + result = getData(TCSD_PACKET_TYPE_AUTH, 6, &privAuth, 0, &data->comm); + if (result == TSS_TCP_RPC_BAD_PACKET_TYPE) + pPrivAuth = NULL; + else if (result) { + free(pcrDataIn); + return result; + } else + pPrivAuth = &privAuth; + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_Quote2_Internal(hContext, hKey, antiReplay, pcrDataSizeIn, pcrDataIn, + addVersion,pPrivAuth, &pcrDataSizeOut, &pcrDataOut, &versionInfoSize, + &versionInfo,&sigSize, &sig); + + MUTEX_UNLOCK(tcsp_lock); + free(pcrDataIn); + + if (result == TSS_SUCCESS) { + i = 0; + + initData(&data->comm,7); /* Add versionInfoSize and versionInfo */ + if (pPrivAuth != NULL) { + if (setData(TCSD_PACKET_TYPE_AUTH, i++, pPrivAuth, 0, &data->comm)) { + free(pcrDataOut); + /* It's a null pointer when addVersion == FALSE */ + if (addVersion) + free(versionInfo); + free(sig); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &pcrDataSizeOut, 0, &data->comm)) { + free(pcrDataOut); + if (addVersion) + free(versionInfo); + free(sig); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, pcrDataOut, pcrDataSizeOut, &data->comm)) { + free(pcrDataOut); + if (addVersion) + free(versionInfo); + free(sig); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &versionInfoSize, 0, &data->comm)) { + free(pcrDataOut); + free(versionInfo); + free(sig); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (versionInfoSize > 0){ + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, versionInfo, versionInfoSize, &data->comm)) { + free(pcrDataOut); + free(versionInfo); + free(sig); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &sigSize, 0, &data->comm)) { + free(pcrDataOut); + if (addVersion) + free(versionInfo); + free(sig); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, sig, sigSize, &data->comm)) { + free(pcrDataOut); + if (addVersion) + free(versionInfo); + free(sig); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + free(pcrDataOut); + if (versionInfoSize >0) + free(versionInfo); + free(sig); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} diff --git a/src/tcs/rpc/tcstp/rpc_random.c b/src/tcs/rpc/tcstp/rpc_random.c new file mode 100644 index 0000000..6fd9606 --- /dev/null +++ b/src/tcs/rpc/tcstp/rpc_random.c @@ -0,0 +1,107 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcs_utils.h" +#include "rpc_tcstp_tcs.h" + + +TSS_RESULT +tcs_wrap_GetRandom(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + UINT32 bytesRequested; + BYTE *randomBytes = NULL; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &bytesRequested, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_GetRandom_Internal(hContext, &bytesRequested, &randomBytes); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 2); + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &bytesRequested, 0, &data->comm)) { + free(randomBytes); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, 1, randomBytes, bytesRequested, &data->comm)) { + free(randomBytes); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(randomBytes); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_StirRandom(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + UINT32 inDataSize; + BYTE *inData; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &inDataSize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + inData = calloc(1, inDataSize); + if (inData == NULL) { + LogError("malloc of %d bytes failed.", inDataSize); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 2, inData, inDataSize, &data->comm)) { + free(inData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_StirRandom_Internal(hContext, inDataSize, inData); + + MUTEX_UNLOCK(tcsp_lock); + free(inData); + + initData(&data->comm, 0); + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} diff --git a/src/tcs/rpc/tcstp/rpc_seal.c b/src/tcs/rpc/tcstp/rpc_seal.c new file mode 100644 index 0000000..f0dd359 --- /dev/null +++ b/src/tcs/rpc/tcstp/rpc_seal.c @@ -0,0 +1,251 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcs_utils.h" +#include "rpc_tcstp_tcs.h" + + +TSS_RESULT +tcs_common_Seal(UINT32 sealOrdinal, + struct tcsd_thread_data *data) +{ + TSS_RESULT result; + TCS_CONTEXT_HANDLE hContext; + TCS_KEY_HANDLE keyHandle; + TCPA_ENCAUTH KeyUsageAuth; + UINT32 PCRInfoSize, inDataSize; + BYTE *PCRInfo = NULL, *inData = NULL; + TPM_AUTH emptyAuth, pubAuth, *pAuth; + UINT32 outDataSize; + BYTE *outData; + + int i = 0; + + memset(&emptyAuth, 0, sizeof(TPM_AUTH)); + memset(&pubAuth, 0, sizeof(TPM_AUTH)); + + if (getData(TCSD_PACKET_TYPE_UINT32, i++, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, i++, &keyHandle, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_ENCAUTH, i++, &KeyUsageAuth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT32, i++, &PCRInfoSize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (PCRInfoSize > 0) { + PCRInfo = calloc(1, PCRInfoSize); + if (PCRInfo == NULL) { + LogError("malloc of %u bytes failed.", PCRInfoSize); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, PCRInfo, PCRInfoSize, &data->comm)) { + free(PCRInfo); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + + if (getData(TCSD_PACKET_TYPE_UINT32, i++, &inDataSize, 0, &data->comm)) { + free(PCRInfo); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (inDataSize > 0) { + inData = calloc(1, inDataSize); + if (inData == NULL) { + LogError("malloc of %u bytes failed.", inDataSize); + free(PCRInfo); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, inData, inDataSize, &data->comm)) { + free(inData); + free(PCRInfo); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + + result = getData(TCSD_PACKET_TYPE_AUTH, i++, &pubAuth, 0, &data->comm); + if (result == TSS_TCP_RPC_BAD_PACKET_TYPE) + pAuth = NULL; + else if (result) { + free(inData); + free(PCRInfo); + return result; + } else + pAuth = &pubAuth; + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_Seal_Internal(sealOrdinal, hContext, keyHandle, KeyUsageAuth, PCRInfoSize, + PCRInfo, inDataSize, inData, pAuth, &outDataSize, &outData); + + MUTEX_UNLOCK(tcsp_lock); + free(inData); + free(PCRInfo); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 3); + if (pAuth != NULL) { + if (setData(TCSD_PACKET_TYPE_AUTH, 0, pAuth, 0, &data->comm)) { + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &outDataSize, 0, &data->comm)) { + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, 2, outData, outDataSize, &data->comm)) { + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(outData); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_Seal(struct tcsd_thread_data *data) +{ + return tcs_common_Seal(TPM_ORD_Seal, data); +} + +#ifdef TSS_BUILD_SEALX +TSS_RESULT +tcs_wrap_Sealx(struct tcsd_thread_data *data) +{ + return tcs_common_Seal(TPM_ORD_Sealx, data); +} +#endif + +TSS_RESULT +tcs_wrap_UnSeal(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TCS_KEY_HANDLE parentHandle; + UINT32 inDataSize; + BYTE *inData; + + TPM_AUTH parentAuth, dataAuth, emptyAuth; + TPM_AUTH *pParentAuth, *pDataAuth; + + UINT32 outDataSize; + BYTE *outData; + TSS_RESULT result; + + memset(&emptyAuth, 0, sizeof(TPM_AUTH)); + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &parentHandle, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT32, 2, &inDataSize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + inData = calloc(1, inDataSize); + if (inData == NULL) { + LogError("malloc of %d bytes failed.", inDataSize); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + if (getData(TCSD_PACKET_TYPE_PBYTE, 3, inData, inDataSize, &data->comm)) { + free(inData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + result = getData(TCSD_PACKET_TYPE_AUTH, 4, &parentAuth, 0, &data->comm); + if (result == TSS_TCP_RPC_BAD_PACKET_TYPE) + pParentAuth = NULL; + else if (result) { + free(inData); + return result; + } else + pParentAuth = &parentAuth; + + result = getData(TCSD_PACKET_TYPE_AUTH, 5, &dataAuth, 0, &data->comm); + if (result == TSS_TCP_RPC_BAD_PACKET_TYPE) { + pDataAuth = pParentAuth; + pParentAuth = NULL; + } else if (result) { + free(inData); + return result; + } else + pDataAuth = &dataAuth; + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_Unseal_Internal(hContext, parentHandle, inDataSize, inData, pParentAuth, + pDataAuth, &outDataSize, &outData); + + MUTEX_UNLOCK(tcsp_lock); + free(inData); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 4); + if (pParentAuth != NULL) { + if (setData(TCSD_PACKET_TYPE_AUTH, 0, pParentAuth, 0, &data->comm)) { + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } else { + if (setData(TCSD_PACKET_TYPE_AUTH, 0, &emptyAuth, 0, &data->comm)) { + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + + if (setData(TCSD_PACKET_TYPE_AUTH, 1, &dataAuth, 0, &data->comm)) { + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_UINT32, 2, &outDataSize, 0, &data->comm)) { + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, 3, outData, outDataSize, &data->comm)) { + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(outData); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} diff --git a/src/tcs/rpc/tcstp/rpc_selftest.c b/src/tcs/rpc/tcstp/rpc_selftest.c new file mode 100644 index 0000000..4cad0c9 --- /dev/null +++ b/src/tcs/rpc/tcstp/rpc_selftest.c @@ -0,0 +1,154 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcs_utils.h" +#include "rpc_tcstp_tcs.h" + + +TSS_RESULT +tcs_wrap_SelfTestFull(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_SelfTestFull_Internal(hContext); + + MUTEX_UNLOCK(tcsp_lock); + + initData(&data->comm, 0); + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_CertifySelfTest(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_RESULT result; + UINT32 sigSize; + BYTE *sigData = NULL; + TCS_KEY_HANDLE hKey; + TCPA_NONCE antiReplay; + TPM_AUTH privAuth; + TPM_AUTH *pPrivAuth; + int i; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &hKey, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_NONCE, 2, &antiReplay, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + result = getData(TCSD_PACKET_TYPE_AUTH, 3, &privAuth, 0, &data->comm); + if (result == TSS_TCP_RPC_BAD_PACKET_TYPE) + pPrivAuth = NULL; + else if (result) + return result; + else + pPrivAuth = &privAuth; + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_CertifySelfTest_Internal(hContext, hKey, antiReplay, pPrivAuth, &sigSize, + &sigData); + + MUTEX_UNLOCK(tcsp_lock); + + i = 0; + if (result == TSS_SUCCESS) { + initData(&data->comm, 3); + if (pPrivAuth != NULL) { + if (setData(TCSD_PACKET_TYPE_AUTH, i++, pPrivAuth, 0, &data->comm)) { + free(sigData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &sigSize, 0, &data->comm)) { + free(sigData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, sigData, sigSize, &data->comm)) { + free(sigData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(sigData); + } else + initData(&data->comm, 0); + + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_GetTestResult(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_RESULT result; + UINT32 resultDataSize; + BYTE *resultData = NULL; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_GetTestResult_Internal(hContext, &resultDataSize, &resultData); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 2); + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &resultDataSize, 0, &data->comm)) { + free(resultData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, 1, resultData, resultDataSize, &data->comm)) { + free(resultData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(resultData); + } else + initData(&data->comm, 0); + + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} diff --git a/src/tcs/rpc/tcstp/rpc_sign.c b/src/tcs/rpc/tcstp/rpc_sign.c new file mode 100644 index 0000000..2cd2027 --- /dev/null +++ b/src/tcs/rpc/tcstp/rpc_sign.c @@ -0,0 +1,106 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcs_utils.h" +#include "rpc_tcstp_tcs.h" + + +TSS_RESULT +tcs_wrap_Sign(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TCS_KEY_HANDLE hKey; + UINT32 areaToSignSize; + BYTE *areaToSign; + + TPM_AUTH auth; + TPM_AUTH *pAuth; + + UINT32 sigSize; + BYTE *sig; + TSS_RESULT result; + + int i; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &hKey, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT32, 2, &areaToSignSize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + areaToSign = calloc(1, areaToSignSize); + if (areaToSign == NULL) { + LogError("malloc of %d bytes failed.", areaToSignSize); + return TCSERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 3, areaToSign, areaToSignSize, &data->comm)) { + free(areaToSign); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + result = getData(TCSD_PACKET_TYPE_AUTH, 4, &auth, 0, &data->comm); + if (result == TSS_TCP_RPC_BAD_PACKET_TYPE) + pAuth = NULL; + else if (result) { + free(areaToSign); + return result; + } else + pAuth = &auth; + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_Sign_Internal(hContext, hKey, areaToSignSize, areaToSign, pAuth, &sigSize, + &sig); + + MUTEX_UNLOCK(tcsp_lock); + free(areaToSign); + + if (result == TSS_SUCCESS) { + i = 0; + initData(&data->comm, 3); + if (pAuth != NULL) { + if (setData(TCSD_PACKET_TYPE_AUTH, i++, &auth, 0, &data->comm)) { + free(sig); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &sigSize, 0, &data->comm)) { + free(sig); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, sig, sigSize, &data->comm)) { + free(sig); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(sig); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} diff --git a/src/tcs/rpc/tcstp/rpc_tick.c b/src/tcs/rpc/tcstp/rpc_tick.c new file mode 100644 index 0000000..98e53ad --- /dev/null +++ b/src/tcs/rpc/tcstp/rpc_tick.c @@ -0,0 +1,138 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcs_utils.h" +#include "rpc_tcstp_tcs.h" + + +TSS_RESULT +tcs_wrap_ReadCurrentTicks(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + UINT32 pulCurrentTime; + BYTE *prgbCurrentTime; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_ReadCurrentTicks_Internal(hContext, &pulCurrentTime, &prgbCurrentTime); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 2); + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &pulCurrentTime, 0, &data->comm)) { + free(prgbCurrentTime); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, 1, prgbCurrentTime, pulCurrentTime, + &data->comm)) { + free(prgbCurrentTime); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(prgbCurrentTime); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_TickStampBlob(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TCS_KEY_HANDLE hKey; + TPM_AUTH auth, *pAuth; + TPM_NONCE nonce; + TPM_DIGEST digest; + UINT32 sigSize, tcSize, i; + BYTE *sig, *tc; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &hKey, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_NONCE, 2, &nonce, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_DIGEST, 3, &digest, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_AUTH, 4, &auth, 0, &data->comm)) + pAuth = NULL; + else + pAuth = &auth; + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_TickStampBlob_Internal(hContext, hKey, &nonce, &digest, pAuth, &sigSize, &sig, + &tcSize, &tc); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 5); + i = 0; + if (pAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, i++, pAuth, 0, &data->comm)) { + free(sig); + free(tc); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &sigSize, 0, &data->comm)) { + free(sig); + free(tc); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, sig, sigSize, &data->comm)) { + free(sig); + free(tc); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &tcSize, 0, &data->comm)) { + free(sig); + free(tc); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, tc, tcSize, &data->comm)) { + free(sig); + free(tc); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} diff --git a/src/tcs/rpc/tcstp/rpc_transport.c b/src/tcs/rpc/tcstp/rpc_transport.c new file mode 100644 index 0000000..1993cb3 --- /dev/null +++ b/src/tcs/rpc/tcstp/rpc_transport.c @@ -0,0 +1,397 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcs_utils.h" +#include "rpc_tcstp_tcs.h" + + +TSS_RESULT +tcs_wrap_EstablishTransport(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TCS_KEY_HANDLE hEncKey, hTransSession; + UINT32 ulTransControlFlags, ulTransSessionInfoSize, ulSecretSize, ulCurrentTicks, i; + BYTE *rgbTransSessionInfo, *rgbSecret, *prgbCurrentTicks; + TPM_MODIFIER_INDICATOR pbLocality; + TPM_AUTH pEncKeyAuth, *pAuth; + TPM_NONCE pTransNonce; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &ulTransControlFlags, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT32, 2, &hEncKey, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT32, 3, &ulTransSessionInfoSize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + rgbTransSessionInfo = malloc(ulTransSessionInfoSize); + if (rgbTransSessionInfo == NULL) { + LogError("malloc of %u bytes failed.", ulTransSessionInfoSize); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 4, rgbTransSessionInfo, ulTransSessionInfoSize, + &data->comm)) { + free(rgbTransSessionInfo); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_UINT32, 5, &ulSecretSize, 0, &data->comm)) { + free(rgbTransSessionInfo); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + rgbSecret = malloc(ulSecretSize); + if (rgbSecret == NULL) { + free(rgbTransSessionInfo); + LogError("malloc of %u bytes failed.", ulSecretSize); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 6, rgbSecret, ulSecretSize, &data->comm)) { + free(rgbTransSessionInfo); + free(rgbSecret); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_AUTH, 7, &pEncKeyAuth, 0, &data->comm)) + pAuth = NULL; + else + pAuth = &pEncKeyAuth; + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_EstablishTransport_Internal(hContext, ulTransControlFlags, hEncKey, + ulTransSessionInfoSize, rgbTransSessionInfo, + ulSecretSize, rgbSecret, pAuth, &pbLocality, + &hTransSession, &ulCurrentTicks, + &prgbCurrentTicks, &pTransNonce); + + MUTEX_UNLOCK(tcsp_lock); + + free(rgbSecret); + free(rgbTransSessionInfo); + + if (result == TSS_SUCCESS) { + i = 0; + initData(&data->comm, 6); + if (pAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, i++, pAuth, 0, &data->comm)) { + free(prgbCurrentTicks); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &pbLocality, 0, &data->comm)) { + free(prgbCurrentTicks); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &hTransSession, 0, &data->comm)) { + free(prgbCurrentTicks); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &ulCurrentTicks, 0, &data->comm)) { + free(prgbCurrentTicks); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, prgbCurrentTicks, ulCurrentTicks, + &data->comm)) { + free(prgbCurrentTicks); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(prgbCurrentTicks); + if (setData(TCSD_PACKET_TYPE_NONCE, i++, &pTransNonce, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_ExecuteTransport(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TPM_COMMAND_CODE unWrappedCommandOrdinal; + TCS_HANDLE *rghHandles = NULL, handles[2]; + UINT32 ulWrappedCmdDataInSize, pulHandleListSize, ulWrappedCmdDataOutSize, i = 0; + BYTE *rgbWrappedCmdDataIn, *rgbWrappedCmdDataOut; + TPM_MODIFIER_INDICATOR pbLocality; + TPM_AUTH pWrappedCmdAuth1, pWrappedCmdAuth2, pTransAuth, *pAuth1, *pAuth2, null_auth; + UINT64 punCurrentTicks; + TSS_RESULT result, pulWrappedCmdReturnCode; + + if (getData(TCSD_PACKET_TYPE_UINT32, i++, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, i++, &unWrappedCommandOrdinal, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT32, i++, &ulWrappedCmdDataInSize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + rgbWrappedCmdDataIn = malloc(ulWrappedCmdDataInSize); + if (rgbWrappedCmdDataIn == NULL) { + LogError("malloc of %u bytes failed", ulWrappedCmdDataInSize); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, rgbWrappedCmdDataIn, ulWrappedCmdDataInSize, + &data->comm)) { + free(rgbWrappedCmdDataIn); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_UINT32, i++, &pulHandleListSize, 0, &data->comm)) { + free(rgbWrappedCmdDataIn); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (pulHandleListSize > 2) { + free(rgbWrappedCmdDataIn); + return TCSERR(TSS_E_BAD_PARAMETER); + } + + if (pulHandleListSize) { + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, handles, + pulHandleListSize * sizeof(UINT32), &data->comm)) { + free(rgbWrappedCmdDataIn); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + rghHandles = handles; + + memset(&null_auth, 0, sizeof(TPM_AUTH)); + memset(&pWrappedCmdAuth1, 0, sizeof(TPM_AUTH)); + memset(&pWrappedCmdAuth2, 0, sizeof(TPM_AUTH)); + + if (getData(TCSD_PACKET_TYPE_AUTH, i++, &pWrappedCmdAuth1, 0, &data->comm)) { + free(rgbWrappedCmdDataIn); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_AUTH, i++, &pWrappedCmdAuth2, 0, &data->comm)) { + free(rgbWrappedCmdDataIn); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_AUTH, i++, &pTransAuth, 0, &data->comm)) { + free(rgbWrappedCmdDataIn); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (!memcmp(&pWrappedCmdAuth1, &null_auth, sizeof(TPM_AUTH))) + pAuth1 = NULL; + else + pAuth1 = &pWrappedCmdAuth1; + + if (!memcmp(&pWrappedCmdAuth2, &null_auth, sizeof(TPM_AUTH))) + pAuth2 = NULL; + else + pAuth2 = &pWrappedCmdAuth2; + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_ExecuteTransport_Internal(hContext, unWrappedCommandOrdinal, + ulWrappedCmdDataInSize, rgbWrappedCmdDataIn, + &pulHandleListSize, &rghHandles, pAuth1, pAuth2, + &pTransAuth, &punCurrentTicks, &pbLocality, + &pulWrappedCmdReturnCode, &ulWrappedCmdDataOutSize, + &rgbWrappedCmdDataOut); + + MUTEX_UNLOCK(tcsp_lock); + + free(rgbWrappedCmdDataIn); + + if (result == TSS_SUCCESS) { + i = 0; + initData(&data->comm, 10); + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &pulHandleListSize, 0, &data->comm)) { + free(rgbWrappedCmdDataOut); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (pulHandleListSize) { + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, rghHandles, + pulHandleListSize * sizeof(UINT32), &data->comm)) { + free(rgbWrappedCmdDataOut); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + if (pAuth1) { + if (setData(TCSD_PACKET_TYPE_AUTH, i++, pAuth1, 0, &data->comm)) { + free(rgbWrappedCmdDataOut); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } else { + if (setData(TCSD_PACKET_TYPE_AUTH, i++, &null_auth, 0, &data->comm)) { + free(rgbWrappedCmdDataOut); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + if (pAuth2) { + if (setData(TCSD_PACKET_TYPE_AUTH, i++, pAuth2, 0, &data->comm)) { + free(rgbWrappedCmdDataOut); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } else { + if (setData(TCSD_PACKET_TYPE_AUTH, i++, &null_auth, 0, &data->comm)) { + free(rgbWrappedCmdDataOut); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + if (setData(TCSD_PACKET_TYPE_AUTH, i++, &pTransAuth, 0, &data->comm)) { + free(rgbWrappedCmdDataOut); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_UINT64, i++, &punCurrentTicks, 0, &data->comm)) { + free(rgbWrappedCmdDataOut); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &pbLocality, 0, &data->comm)) { + free(rgbWrappedCmdDataOut); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &pulWrappedCmdReturnCode, 0, + &data->comm)) { + free(rgbWrappedCmdDataOut); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &ulWrappedCmdDataOutSize, 0, + &data->comm)) { + free(rgbWrappedCmdDataOut); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (ulWrappedCmdDataOutSize) { + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, rgbWrappedCmdDataOut, + ulWrappedCmdDataOutSize, &data->comm)) { + free(rgbWrappedCmdDataOut); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + free(rgbWrappedCmdDataOut); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_ReleaseTransportSigned(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TCS_KEY_HANDLE hSignatureKey; + TPM_NONCE AntiReplayNonce; + UINT32 pulCurrentTicks, pulSignatureSize; + BYTE *prgbCurrentTicks, *prgbSignature; + TPM_MODIFIER_INDICATOR pbLocality; + TPM_AUTH pKeyAuth, pTransAuth, *pAuth, null_auth; + TSS_RESULT result; + + memset(&null_auth, 0, sizeof(TPM_AUTH)); + memset(&pKeyAuth, 0, sizeof(TPM_AUTH)); + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %ld context %x", THREAD_ID, hContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &hSignatureKey, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_NONCE, 2, &AntiReplayNonce, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_AUTH, 3, &pKeyAuth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (!memcmp(&null_auth, &pKeyAuth, sizeof(TPM_AUTH))) + pAuth = NULL; + else + pAuth = &pKeyAuth; + + if (getData(TCSD_PACKET_TYPE_AUTH, 4, &pTransAuth, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + + MUTEX_LOCK(tcsp_lock); + + result = TCSP_ReleaseTransportSigned_Internal(hContext, hSignatureKey, &AntiReplayNonce, + pAuth, &pTransAuth, &pbLocality, + &pulCurrentTicks, &prgbCurrentTicks, + &pulSignatureSize, &prgbSignature); + + MUTEX_UNLOCK(tcsp_lock); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 7); + if (pAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 0, pAuth, 0, &data->comm)) { + free(prgbCurrentTicks); + free(prgbSignature); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } else { + if (setData(TCSD_PACKET_TYPE_AUTH, 0, &null_auth, 0, &data->comm)) { + free(prgbCurrentTicks); + free(prgbSignature); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + if (setData(TCSD_PACKET_TYPE_AUTH, 1, &pTransAuth, 0, &data->comm)) { + free(prgbCurrentTicks); + free(prgbSignature); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_UINT32, 2, &pbLocality, 0, &data->comm)) { + free(prgbCurrentTicks); + free(prgbSignature); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_UINT32, 3, &pulCurrentTicks, 0, &data->comm)) { + free(prgbCurrentTicks); + free(prgbSignature); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, 4, prgbCurrentTicks, pulCurrentTicks, + &data->comm)) { + free(prgbCurrentTicks); + free(prgbSignature); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(prgbCurrentTicks); + if (setData(TCSD_PACKET_TYPE_UINT32, 5, &pulSignatureSize, 0, &data->comm)) { + free(prgbSignature); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, 6, prgbSignature, pulSignatureSize, + &data->comm)) { + free(prgbSignature); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(prgbSignature); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + return TSS_SUCCESS; +} diff --git a/src/tcs/tcs_aik.c b/src/tcs/tcs_aik.c new file mode 100644 index 0000000..1d22506 --- /dev/null +++ b/src/tcs/tcs_aik.c @@ -0,0 +1,146 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "tcsps.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcs_aik.h" + +void +LoadBlob_SYMMETRIC_KEY(UINT64 *offset, BYTE *blob, TCPA_SYMMETRIC_KEY *key) +{ + LoadBlob_UINT32(offset, key->algId, blob); + LoadBlob_UINT16(offset, key->encScheme, blob); + LoadBlob_UINT16(offset, key->size, blob); + + if (key->size > 0) { + LoadBlob(offset, key->size, blob, key->data); + } else { + key->data = NULL; + } +} + +TSS_RESULT +UnloadBlob_SYMMETRIC_KEY(UINT64 *offset, BYTE *blob, TCPA_SYMMETRIC_KEY *key) +{ + if (!key) { + UINT16 size; + + UnloadBlob_UINT32(offset, NULL, blob); + UnloadBlob_UINT16(offset, NULL, blob); + UnloadBlob_UINT16(offset, &size, blob); + + if (size > 0) + UnloadBlob(offset, size, blob, NULL); + + return TSS_SUCCESS; + } + + UnloadBlob_UINT32(offset, &key->algId, blob); + UnloadBlob_UINT16(offset, &key->encScheme, blob); + UnloadBlob_UINT16(offset, &key->size, blob); + + if (key->size > 0) { + key->data = (BYTE *)malloc(key->size); + if (key->data == NULL) { + LogError("malloc of %hu bytes failed.", key->size); + key->size = 0; + return TCSERR(TSS_E_OUTOFMEMORY); + } + UnloadBlob(offset, key->size, blob, key->data); + } else { + key->data = NULL; + } + + return TSS_SUCCESS; +} + +void +get_credential(UINT32 type, UINT32 *size, BYTE **cred) +{ + int rc, fd; + char *path = NULL; + void *file = NULL; + struct stat stat_buf; + size_t file_size; + + switch (type) { + case TSS_TCS_CREDENTIAL_PLATFORMCERT: + path = tcsd_options.platform_cred; + break; + case TSS_TCS_CREDENTIAL_TPM_CC: + path = tcsd_options.conformance_cred; + break; + case TSS_TCS_CREDENTIAL_EKCERT: + path = tcsd_options.endorsement_cred; + break; + default: + LogDebugFn("Bad credential type"); + break; + } + + if (path == NULL) + goto done; + + if ((fd = open(path, O_RDONLY)) < 0) { + LogError("open(%s): %s", path, strerror(errno)); + goto done; + } + + if ((rc = fstat(fd, &stat_buf)) == -1) { + LogError("Error stating credential: %s: %s", path, strerror(errno)); + goto done; + } + + file_size = (size_t)stat_buf.st_size; + + LogDebugFn("%s, (%zd bytes)", path, file_size); + + file = mmap(0, file_size, PROT_READ, MAP_PRIVATE, fd, 0); + if (file == MAP_FAILED) { + LogError("Error reading credential: %s: %s", path, strerror(errno)); + close(fd); + goto done; + } + close(fd); + + if ((*cred = malloc(file_size)) == NULL) { + LogError("malloc of %zd bytes failed.", file_size); + munmap(file, file_size); + goto done; + } + + memcpy(*cred, file, file_size); + *size = file_size; + munmap(file, file_size); + + return; +done: + *cred = NULL; + *size = 0; +} diff --git a/src/tcs/tcs_auth_mgr.c b/src/tcs/tcs_auth_mgr.c new file mode 100644 index 0000000..5d07832 --- /dev/null +++ b/src/tcs/tcs_auth_mgr.c @@ -0,0 +1,584 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "auth_mgr.h" +#include "req_mgr.h" + + +MUTEX_DECLARE_EXTERN(tcsp_lock); + +/* Note: The after taking the auth_mgr_lock in any of the functions below, the + * mem_cache_lock cannot be taken without risking a deadlock. So, the auth_mgr + * functions must be "self-contained" wrt locking */ + +/* no locking done in init since its called by only a single thread */ +TSS_RESULT +auth_mgr_init() +{ + memset(&auth_mgr, 0, sizeof(struct _auth_mgr)); + + auth_mgr.max_auth_sessions = tpm_metrics.num_auths; + + auth_mgr.overflow = calloc(TSS_DEFAULT_OVERFLOW_AUTHS, sizeof(COND_VAR *)); + if (auth_mgr.overflow == NULL) { + LogError("malloc of %zd bytes failed", + (TSS_DEFAULT_OVERFLOW_AUTHS * sizeof(COND_VAR *))); + return TCSERR(TSS_E_OUTOFMEMORY); + } + auth_mgr.overflow_size = TSS_DEFAULT_OVERFLOW_AUTHS; + + auth_mgr.auth_mapper = calloc(TSS_DEFAULT_AUTH_TABLE_SIZE, sizeof(struct auth_map)); + if (auth_mgr.auth_mapper == NULL) { + LogError("malloc of %zd bytes failed", + (TSS_DEFAULT_AUTH_TABLE_SIZE * sizeof(struct auth_map))); + return TCSERR(TSS_E_OUTOFMEMORY); + } + auth_mgr.auth_mapper_size = TSS_DEFAULT_AUTH_TABLE_SIZE; + + return TSS_SUCCESS; +} + +TSS_RESULT +auth_mgr_final() +{ + UINT32 i; + + /* wake up any sleeping threads, so they can be joined */ + for (i = 0; i < auth_mgr.overflow_size; i++) { + if (auth_mgr.overflow[i] != NULL) + COND_SIGNAL(auth_mgr.overflow[i]); + } + + free(auth_mgr.overflow); + free(auth_mgr.auth_mapper); + + return TSS_SUCCESS; +} + +TSS_RESULT +auth_mgr_save_ctx(TCS_CONTEXT_HANDLE hContext) +{ + TSS_RESULT result = TSS_SUCCESS; + UINT32 i; + + for (i = 0; i < auth_mgr.auth_mapper_size; i++) { + if (auth_mgr.auth_mapper[i].full == TRUE && + auth_mgr.auth_mapper[i].swap == NULL && + auth_mgr.auth_mapper[i].tcs_ctx != hContext) { + LogDebug("Calling TPM_SaveAuthContext for TCS CTX %x. Swapping out: TCS %x " + "TPM %x", hContext, auth_mgr.auth_mapper[i].tcs_ctx, + auth_mgr.auth_mapper[i].tpm_handle); + + if ((result = TPM_SaveAuthContext(auth_mgr.auth_mapper[i].tpm_handle, + &auth_mgr.auth_mapper[i].swap_size, + &auth_mgr.auth_mapper[i].swap))) { + LogDebug("TPM_SaveAuthContext failed: 0x%x", result); + return result; + } + break; + } + } + + return result; +} + +/* if there's a TCS context waiting to get auth, wake it up or swap it in */ +void +auth_mgr_swap_in() +{ + if (auth_mgr.overflow[auth_mgr.of_tail] != NULL) { + LogDebug("waking up thread %lddd, auth slot has opened", THREAD_ID); + /* wake up the next sleeping thread in order and increment tail */ + COND_SIGNAL(auth_mgr.overflow[auth_mgr.of_tail]); + auth_mgr.overflow[auth_mgr.of_tail] = NULL; + auth_mgr.of_tail = (auth_mgr.of_tail + 1) % auth_mgr.overflow_size; + } else { + /* else nobody needs to be swapped in, so continue */ + LogDebug("no threads need to be signaled."); + } +} + +/* we need to swap out an auth context or add a waiting context to the overflow queue */ +TSS_RESULT +auth_mgr_swap_out(TCS_CONTEXT_HANDLE hContext) +{ + COND_VAR *cond; + + /* If the TPM can do swapping and it succeeds, return, else cond wait below */ + if (tpm_metrics.authctx_swap && !auth_mgr_save_ctx(hContext)) + return TSS_SUCCESS; + + if ((cond = ctx_get_cond_var(hContext)) == NULL) { + LogError("Auth swap variable not found for TCS context 0x%x", hContext); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + /* Test whether we are the last awake thread. If we are, we can't go to sleep + * since then there'd be no worker thread to wake the others up. This situation + * can arise when we're on a busy system who's TPM doesn't support auth ctx + * swapping. + */ + if (auth_mgr.sleeping_threads == (tcsd_options.num_threads - 1)) { + LogError("auth mgr failing: too many threads already waiting"); + LogTPMERR(TCPA_E_RESOURCES, __FILE__, __LINE__); + return TCPA_E_RESOURCES; + } + + if (auth_mgr.overflow[auth_mgr.of_head] == NULL) { + auth_mgr.overflow[auth_mgr.of_head] = cond; + auth_mgr.of_head = (auth_mgr.of_head + 1) % auth_mgr.overflow_size; + /* go to sleep */ + LogDebug("thread %lddd going to sleep until auth slot opens", THREAD_ID); + auth_mgr.sleeping_threads++; + COND_WAIT(cond, &tcsp_lock); + auth_mgr.sleeping_threads--; + } else if (auth_mgr.overflow_size + TSS_DEFAULT_OVERFLOW_AUTHS < UINT_MAX) { + COND_VAR **tmp = auth_mgr.overflow; + + LogDebugFn("Table of sleeping threads is full (%hu), growing to %hu entries", + auth_mgr.sleeping_threads, + auth_mgr.overflow_size + TSS_DEFAULT_OVERFLOW_AUTHS); + + auth_mgr.overflow = calloc(auth_mgr.overflow_size + TSS_DEFAULT_OVERFLOW_AUTHS, + sizeof(COND_VAR *)); + if (auth_mgr.overflow == NULL) { + LogDebugFn("malloc of %zd bytes failed", + (auth_mgr.overflow_size + TSS_DEFAULT_OVERFLOW_AUTHS) * + sizeof(COND_VAR *)); + auth_mgr.overflow = tmp; + return TCSERR(TSS_E_OUTOFMEMORY); + } + auth_mgr.overflow_size += TSS_DEFAULT_OVERFLOW_AUTHS; + + LogDebugFn("Success."); + memcpy(auth_mgr.overflow, tmp, auth_mgr.sleeping_threads * sizeof(COND_VAR *)); + free(tmp); + + /* XXX This could temporarily wake threads up out of order */ + auth_mgr.of_head = auth_mgr.sleeping_threads; + auth_mgr.of_tail = 0; + auth_mgr.overflow[auth_mgr.of_head] = cond; + auth_mgr.of_head = (auth_mgr.of_head + 1) % auth_mgr.overflow_size; + LogDebug("thread %lddd going to sleep until auth slot opens", THREAD_ID); + auth_mgr.sleeping_threads++; + COND_WAIT(cond, &tcsp_lock); + auth_mgr.sleeping_threads--; + } else { + LogError("Auth table overflow is full (%u entries), some will fail.", + auth_mgr.overflow_size); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + return TSS_SUCCESS; +} + +/* close all auth contexts associated with this TCS_CONTEXT_HANDLE */ +TSS_RESULT +auth_mgr_close_context(TCS_CONTEXT_HANDLE tcs_handle) +{ + UINT32 i; + TSS_RESULT result; + + for (i = 0; i < auth_mgr.auth_mapper_size; i++) { + if (auth_mgr.auth_mapper[i].full == TRUE && + auth_mgr.auth_mapper[i].tcs_ctx == tcs_handle) { + if (auth_mgr.auth_mapper[i].swap) { + /* This context is swapped out of the TPM, so we can just free the + * blob */ + free(auth_mgr.auth_mapper[i].swap); + auth_mgr.auth_mapper[i].swap = NULL; + auth_mgr.auth_mapper[i].swap_size = 0; + } else { + result = TCSP_FlushSpecific_Common(auth_mgr.auth_mapper[i].tpm_handle, + TPM_RT_AUTH); + + /* Ok, probably dealing with a 1.1 TPM */ + if (result == TPM_E_BAD_ORDINAL) + result = internal_TerminateHandle( + auth_mgr.auth_mapper[i].tpm_handle); + + if (result == TCPA_E_INVALID_AUTHHANDLE) { + LogDebug("Tried to close an invalid auth handle: %x", + auth_mgr.auth_mapper[i].tpm_handle); + } else if (result != TCPA_SUCCESS) { + LogDebug("TPM_TerminateHandle returned %d", result); + } + } + /* clear the slot */ + auth_mgr.open_auth_sessions--; + auth_mgr.auth_mapper[i].full = FALSE; + auth_mgr.auth_mapper[i].tpm_handle = 0; + auth_mgr.auth_mapper[i].tcs_ctx = 0; + LogDebug("released auth for TCS %x TPM %x", tcs_handle, + auth_mgr.auth_mapper[i].tpm_handle); + + auth_mgr_swap_in(); + } + } + + return TSS_SUCCESS; +} + +void +auth_mgr_release_auth(TPM_AUTH *auth0, TPM_AUTH *auth1, TCS_CONTEXT_HANDLE tcs_handle) +{ + if (auth0) + auth_mgr_release_auth_handle(auth0->AuthHandle, tcs_handle, + auth0->fContinueAuthSession); + + if (auth1) + auth_mgr_release_auth_handle(auth1->AuthHandle, tcs_handle, + auth1->fContinueAuthSession); +} + +/* unload the auth ctx associated with this auth handle */ +TSS_RESULT +auth_mgr_release_auth_handle(TCS_AUTHHANDLE tpm_auth_handle, TCS_CONTEXT_HANDLE tcs_handle, + TSS_BOOL cont) +{ + UINT32 i; + TSS_RESULT result = TSS_SUCCESS; + + for (i = 0; i < auth_mgr.auth_mapper_size; i++) { + if (auth_mgr.auth_mapper[i].full == TRUE && + auth_mgr.auth_mapper[i].tpm_handle == tpm_auth_handle && + auth_mgr.auth_mapper[i].tcs_ctx == tcs_handle) { + if (!cont) { + /* + * This function should not be necessary, but + * if the main operation resulted in an error, + * the TPM may still hold the auth handle + * and it must be freed. Most of the time + * this call will result in TPM_E_INVALID_AUTHHANDLE + * error which can be ignored. + */ + result = TCSP_FlushSpecific_Common( + auth_mgr.auth_mapper[i].tpm_handle, + TPM_RT_AUTH); + + /* Ok, probably dealing with a 1.1 TPM */ + if (result == TPM_E_BAD_ORDINAL) + result = internal_TerminateHandle( + auth_mgr.auth_mapper[i].tpm_handle); + + if (result == TCPA_E_INVALID_AUTHHANDLE) { + LogDebug("Tried to close an invalid auth handle: %x", + auth_mgr.auth_mapper[i].tpm_handle); + } else if (result != TCPA_SUCCESS) { + LogDebug("TPM_TerminateHandle returned %d", result); + } + + if (result == TPM_SUCCESS) { + LogDebug("released auth for TCS %x TPM %x", + auth_mgr.auth_mapper[i].tcs_ctx, tpm_auth_handle); + } + /* + * Mark it as released, the "cont" flag indicates + * that it is no longer needed. + */ + auth_mgr.open_auth_sessions--; + auth_mgr.auth_mapper[i].full = FALSE; + auth_mgr.auth_mapper[i].tpm_handle = 0; + auth_mgr.auth_mapper[i].tcs_ctx = 0; + auth_mgr_swap_in(); + } + /* If the cont flag is TRUE, we have to keep the handle */ + } + } + + return result; +} + +TSS_RESULT +auth_mgr_check(TCS_CONTEXT_HANDLE tcsContext, TPM_AUTHHANDLE *tpm_auth_handle) +{ + UINT32 i; + TSS_RESULT result = TSS_SUCCESS; + + for (i = 0; i < auth_mgr.auth_mapper_size; i++) { + if (auth_mgr.auth_mapper[i].full == TRUE && + auth_mgr.auth_mapper[i].tpm_handle == *tpm_auth_handle && + auth_mgr.auth_mapper[i].tcs_ctx == tcsContext) { + /* We have a record of this session, now swap it into the TPM if need be. */ + if (auth_mgr.auth_mapper[i].swap) { + LogDebugFn("TPM_LoadAuthContext for TCS %x TPM %x", tcsContext, + auth_mgr.auth_mapper[i].tpm_handle); + + result = TPM_LoadAuthContext(auth_mgr.auth_mapper[i].swap_size, + auth_mgr.auth_mapper[i].swap, + tpm_auth_handle); + if (result == TSS_SUCCESS) { + free(auth_mgr.auth_mapper[i].swap); + auth_mgr.auth_mapper[i].swap = NULL; + auth_mgr.auth_mapper[i].swap_size = 0; + + LogDebugFn("TPM_LoadAuthContext succeeded. Old TPM: %x, New" + " TPM: %x", auth_mgr.auth_mapper[i].tpm_handle, + *tpm_auth_handle); + + auth_mgr.auth_mapper[i].tpm_handle = *tpm_auth_handle; + } else if (result == TPM_E_RESOURCES) { + if ((result = auth_mgr_swap_out(tcsContext))) { + LogDebugFn("TPM_LoadAuthContext failed with TPM_E_R" + "ESOURCES and swapping out failed, retur" + "ning error"); + return result; + } + + LogDebugFn("Retrying TPM_LoadAuthContext after swap" + " out..."); + result = + TPM_LoadAuthContext(auth_mgr.auth_mapper[i].swap_size, + auth_mgr.auth_mapper[i].swap, + tpm_auth_handle); + free(auth_mgr.auth_mapper[i].swap); + auth_mgr.auth_mapper[i].swap = NULL; + auth_mgr.auth_mapper[i].swap_size = 0; + } else { + LogDebug("TPM_LoadAuthContext failed: 0x%x.", result); + } + } + + return result; + } + } + + LogDebugFn("Can't find auth for TCS handle %x, should be %x", tcsContext, *tpm_auth_handle); + return TCSERR(TSS_E_INTERNAL_ERROR); +} + +TSS_RESULT +auth_mgr_add(TCS_CONTEXT_HANDLE tcsContext, TCS_AUTHHANDLE tpm_auth_handle) +{ + struct auth_map *tmp = auth_mgr.auth_mapper; + UINT32 i; + + for (i = 0; i < auth_mgr.auth_mapper_size; i++) { + if (auth_mgr.auth_mapper[i].full == FALSE) { + auth_mgr.auth_mapper[i].tpm_handle = tpm_auth_handle; + auth_mgr.auth_mapper[i].tcs_ctx = tcsContext; + auth_mgr.auth_mapper[i].full = TRUE; + auth_mgr.open_auth_sessions++; + LogDebug("added auth for TCS %x TPM %x", tcsContext, tpm_auth_handle); + + return TSS_SUCCESS; + } + } + + + LogDebugFn("Thread %ld growing the auth table to %u entries", THREAD_ID, + auth_mgr.auth_mapper_size + TSS_DEFAULT_AUTH_TABLE_SIZE); + + auth_mgr.auth_mapper = calloc(auth_mgr.auth_mapper_size + + TSS_DEFAULT_AUTH_TABLE_SIZE, sizeof(struct auth_map)); + if (auth_mgr.auth_mapper == NULL) { + auth_mgr.auth_mapper = tmp; + return TCSERR(TSS_E_OUTOFMEMORY); + } else { + memcpy(auth_mgr.auth_mapper, tmp, + auth_mgr.auth_mapper_size * sizeof(struct auth_map)); + auth_mgr.auth_mapper_size += TSS_DEFAULT_AUTH_TABLE_SIZE; + LogDebugFn("Success."); + return TSS_SUCCESS; + } +} + +/* A thread wants a new OIAP or OSAP session with the TPM. Returning TRUE indicates that we should + * allow it to open the session, FALSE to indicate that the request should be queued or have + * another thread's session swapped out to make room for it. + */ +TSS_BOOL +auth_mgr_req_new(TCS_CONTEXT_HANDLE hContext) +{ + UINT32 i, opened = 0; + + for (i = 0; i < auth_mgr.auth_mapper_size; i++) { + if (auth_mgr.auth_mapper[i].full == TRUE && + auth_mgr.auth_mapper[i].tcs_ctx == hContext) { + opened++; + } + } + + /* If this TSP has already opened its max open auth handles, deny another open */ + if (opened >= MAX(2, (UINT32)auth_mgr.max_auth_sessions/2)) { + LogDebug("Max opened auth handles already opened."); + return FALSE; + } + + /* if we have one opened already and there's a slot available, ok */ + if (opened && ((auth_mgr.max_auth_sessions - auth_mgr.open_auth_sessions) >= 1)) + return TRUE; + + /* we don't already have one open and there are at least 2 slots left */ + if ((auth_mgr.max_auth_sessions - auth_mgr.open_auth_sessions) >= 2) + return TRUE; + + LogDebug("Request for new auth handle denied by TCS. (%d opened sessions)", opened); + + return FALSE; +} + +TSS_RESULT +auth_mgr_oiap(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_AUTHHANDLE *authHandle, /* out */ + TCPA_NONCE *nonce0) /* out */ +{ + TSS_RESULT result; + + /* are the maximum number of auth sessions open? */ + if (auth_mgr_req_new(hContext) == FALSE) { + if ((result = auth_mgr_swap_out(hContext))) + goto done; + } + + if ((result = TCSP_OIAP_Internal(hContext, authHandle, nonce0))) + goto done; + + /* success, add an entry to the table */ + result = auth_mgr_add(hContext, *authHandle); +done: + return result; +} + +TSS_RESULT +auth_mgr_osap(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_ENTITY_TYPE entityType, /* in */ + UINT32 entityValue, /* in */ + TCPA_NONCE nonceOddOSAP, /* in */ + TCS_AUTHHANDLE *authHandle, /* out */ + TCPA_NONCE *nonceEven, /* out */ + TCPA_NONCE *nonceEvenOSAP) /* out */ +{ + TSS_RESULT result; + UINT32 newEntValue = 0; + + /* if ET is not KEYHANDLE or KEY, newEntValue is a don't care */ + if (entityType == TCPA_ET_KEYHANDLE || entityType == TCPA_ET_KEY) { + if (ensureKeyIsLoaded(hContext, entityValue, &newEntValue)) + return TCSERR(TSS_E_FAIL); + } else { + newEntValue = entityValue; + } + + /* are the maximum number of auth sessions open? */ + if (auth_mgr_req_new(hContext) == FALSE) { + if ((result = auth_mgr_swap_out(hContext))) + goto done; + } + + if ((result = TCSP_OSAP_Internal(hContext, entityType, newEntValue, nonceOddOSAP, + authHandle, nonceEven, nonceEvenOSAP))) + goto done; + + /* success, add an entry to the table */ + result = auth_mgr_add(hContext, *authHandle); +done: + return result; +} + +/* This function is only called directly from the TSP, we use other internal routines to free + * our handles. */ +TSS_RESULT +TCSP_TerminateHandle_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_AUTHHANDLE handle) /* in */ +{ + TSS_RESULT result; + + LogDebug("Entering TCSI_TerminateHandle"); + if ((result = ctx_verify_context(hContext))) + return result; + + if ((result = auth_mgr_check(hContext, &handle))) + return result; + + result = auth_mgr_release_auth_handle(handle, hContext, TRUE); + + LogResult("Terminate Handle", result); + return result; +} + +TSS_RESULT +TPM_SaveAuthContext(TPM_AUTHHANDLE handle, UINT32 *size, BYTE **blob) +{ + UINT64 offset; + UINT32 trash, bsize; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + offset = 10; + LoadBlob_UINT32(&offset, handle, txBlob); + LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset, TPM_ORD_SaveAuthContext, txBlob); + + if ((result = req_mgr_submit_req(txBlob))) + return result; + + result = UnloadBlob_Header(txBlob, &trash); + + LogDebug("total packet size received from TPM: %u", trash); + + if (!result) { + offset = 10; + UnloadBlob_UINT32(&offset, &bsize, txBlob); + + LogDebug("Reported blob size from TPM: %u", bsize); + + *blob = malloc(bsize); + if (*blob == NULL) { + LogError("malloc of %u bytes failed.", bsize); + return TCSERR(TSS_E_OUTOFMEMORY); + } + UnloadBlob(&offset, bsize, txBlob, *blob); + *size = bsize; + } + + return result; +} + +TSS_RESULT +TPM_LoadAuthContext(UINT32 size, BYTE *blob, TPM_AUTHHANDLE *handle) +{ + UINT64 offset; + UINT32 trash; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebugFn("Loading %u byte auth blob back into TPM", size); + + offset = 10; + LoadBlob_UINT32(&offset, size, txBlob); + LoadBlob(&offset, size, txBlob, blob); + LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset, TPM_ORD_LoadAuthContext, txBlob); + + if ((result = req_mgr_submit_req(txBlob))) + return result; + + result = UnloadBlob_Header(txBlob, &trash); + + if (!result) { + offset = 10; + UnloadBlob_UINT32(&offset, handle, txBlob); + } + + return result; +} diff --git a/src/tcs/tcs_caps.c b/src/tcs/tcs_caps.c new file mode 100644 index 0000000..c4cff7c --- /dev/null +++ b/src/tcs/tcs_caps.c @@ -0,0 +1,195 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcsps.h" +#include "tcslog.h" +#include "tddl.h" +#include "req_mgr.h" + + +TSS_RESULT +get_current_version(TPM_VERSION *version) +{ + TCPA_CAPABILITY_AREA capArea = TPM_CAP_VERSION_VAL; + UINT32 respSize; + BYTE *resp; + TSS_RESULT result; + UINT64 offset; + + /* try the 1.2 way first */ + result = TCSP_GetCapability_Internal(InternalContext, capArea, 0, NULL, &respSize, &resp); + if (result == TSS_SUCCESS) { + offset = sizeof(UINT16); // XXX hack + UnloadBlob_VERSION(&offset, resp, version); + free(resp); + } else if (result == TCPA_E_BAD_MODE) { + /* if the TPM doesn't understand VERSION_VAL, try the 1.1 way */ + capArea = TCPA_CAP_VERSION; + result = TCSP_GetCapability_Internal(InternalContext, capArea, 0, NULL, &respSize, + &resp); + if (result == TSS_SUCCESS) { + offset = 0; + UnloadBlob_VERSION(&offset, resp, version); + free(resp); + } + } + + return result; +} + +TSS_RESULT +get_cap_uint32(TCPA_CAPABILITY_AREA capArea, BYTE *subCap, UINT32 subCapSize, UINT32 *v) +{ + UINT32 respSize; + BYTE *resp; + TSS_RESULT result; + UINT64 offset; + + result = TCSP_GetCapability_Internal(InternalContext, capArea, subCapSize, subCap, + &respSize, &resp); + if (!result) { + offset = 0; + switch (respSize) { + case 1: + UnloadBlob_BYTE(&offset, (BYTE *)v, resp); + break; + case sizeof(UINT16): + UnloadBlob_UINT16(&offset, (UINT16 *)v, resp); + break; + case sizeof(UINT32): + UnloadBlob_UINT32(&offset, v, resp); + break; + default: + LogDebug("TCSP_GetCapability_Internal returned" + " %u bytes", respSize); + result = TCSERR(TSS_E_FAIL); + break; + } + free(resp); + } + + return result; +} + + +TSS_RESULT +get_max_auths(UINT32 *auths) +{ + TCS_AUTHHANDLE handles[TSS_MAX_AUTHS_CAP]; + TCPA_NONCE nonce; + UINT32 subCap; + TSS_RESULT result; + int i; + + if (TPM_VERSION_IS(1,2)) { + UINT32ToArray(TPM_CAP_PROP_MAX_AUTHSESS, (BYTE *)(&subCap)); + result = get_cap_uint32(TPM_CAP_PROPERTY, (BYTE *)&subCap, sizeof(subCap), auths); + } else if (TPM_VERSION_IS(1,1)) { + /* open auth sessions until we get a failure */ + for (i = 0; i < TSS_MAX_AUTHS_CAP; i++) { + result = TCSP_OIAP_Internal(InternalContext, &(handles[i]), &nonce); + if (result != TSS_SUCCESS) { + /* this is not off by one since we're 0 indexed */ + *auths = i; + break; + } + } + + if (i == TSS_MAX_AUTHS_CAP) + *auths = TSS_MAX_AUTHS_CAP; + + /* close the auth sessions */ + for (i = 0; (UINT32)i < *auths; i++) { + internal_TerminateHandle(handles[i]); + } + } else { + result = TCSERR(TSS_E_INTERNAL_ERROR); + *auths = 0; + } + + if (*auths < 2) { + LogError("%s reported only %u auth available!", __FUNCTION__, *auths); + LogError("Your TPM must be reset before the TCSD can be started."); + } else { + LogDebug("get_max_auths reports %u auth contexts found", *auths); + result = TSS_SUCCESS; + } + + return result; +} + +/* This is only called from init paths, so printing an error message is + * appropriate if something goes wrong */ +TSS_RESULT +get_tpm_metrics(struct tpm_properties *p) +{ + TSS_RESULT result; + UINT32 subCap, rv = 0; + + if ((result = get_current_version(&p->version))) + goto err; + + UINT32ToArray(TPM_ORD_SaveKeyContext, (BYTE *)&subCap); + if ((result = get_cap_uint32(TCPA_CAP_ORD, (BYTE *)&subCap, sizeof(UINT32), &rv))) + goto err; + p->keyctx_swap = rv ? TRUE : FALSE; + + rv = 0; + UINT32ToArray(TPM_ORD_SaveAuthContext, (BYTE *)&subCap); + if ((result = get_cap_uint32(TCPA_CAP_ORD, (BYTE *)&subCap, sizeof(UINT32), &rv))) + goto err; + p->authctx_swap = rv ? TRUE : FALSE; + + UINT32ToArray(TPM_CAP_PROP_PCR, (BYTE *)&subCap); + if ((result = get_cap_uint32(TCPA_CAP_PROPERTY, (BYTE *)&subCap, sizeof(UINT32), + &p->num_pcrs))) + goto err; + + UINT32ToArray(TPM_CAP_PROP_DIR, (BYTE *)&subCap); + if ((result = get_cap_uint32(TCPA_CAP_PROPERTY, (BYTE *)&subCap, sizeof(UINT32), + &p->num_dirs))) + goto err; + + UINT32ToArray(TPM_CAP_PROP_SLOTS, (BYTE *)&subCap); + if ((result = get_cap_uint32(TCPA_CAP_PROPERTY, (BYTE *)&subCap, sizeof(UINT32), + &p->num_keys))) + goto err; + + UINT32ToArray(TPM_CAP_PROP_MANUFACTURER, (BYTE *)&subCap); + if ((result = get_cap_uint32(TCPA_CAP_PROPERTY, (BYTE *)&subCap, sizeof(UINT32), + (UINT32 *)&p->manufacturer))) + goto err; + + result = get_max_auths(&(p->num_auths)); + +err: + if (result) + LogError("TCS GetCapability failed with result = 0x%x", result); + + return result; +} + diff --git a/src/tcs/tcs_context.c b/src/tcs/tcs_context.c new file mode 100644 index 0000000..1e9f4b8 --- /dev/null +++ b/src/tcs/tcs_context.c @@ -0,0 +1,320 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_context.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" + + +unsigned long nextContextHandle = 0xA0000000; +struct tcs_context *tcs_context_table = NULL; + +MUTEX_DECLARE_INIT(tcs_ctx_lock); + +TCS_CONTEXT_HANDLE getNextHandle(); +struct tcs_context *create_tcs_context(); +struct tcs_context *get_context(TCS_CONTEXT_HANDLE); +struct tcs_context *get_previous_context(TCS_CONTEXT_HANDLE); + +TSS_BOOL initContextHandle = 1; + +TCS_CONTEXT_HANDLE +getNextHandle() +{ + UINT32 tempRand; + time_t currentTime; + + if (initContextHandle) { + currentTime = time(NULL); + srand(currentTime); + tempRand = rand(); + tempRand = tempRand << 16; + tempRand &= 0x00FF0000; + nextContextHandle |= tempRand; + initContextHandle = 0; + } + currentTime = time(NULL); + srand(currentTime + 1); + tempRand = rand(); + tempRand = tempRand << 8; + tempRand &= 0x0000FF00; + if (nextContextHandle == 0) + return getNextHandle(); + else + return ((nextContextHandle++) | tempRand); +} + +struct tcs_context * +create_tcs_context() +{ + struct tcs_context *ret = (struct tcs_context *)calloc(1, sizeof(struct tcs_context)); + + if (ret != NULL) { + ret->handle = getNextHandle(); + COND_INIT(ret->cond); + } + return ret; +} + +struct tcs_context * +get_context(TCS_CONTEXT_HANDLE handle) +{ + struct tcs_context *index; + index = tcs_context_table; + while (index) { + if (index->handle == handle) + break; + index = index->next; + } + + return index; +} + +struct tcs_context * +get_previous_context(TCS_CONTEXT_HANDLE handle) +{ + struct tcs_context *index; + index = tcs_context_table; + while (index) { + if (index->next) { + if (index->next->handle == handle) + return index; + } + index = index->next; + } + + return 0; +} + +void +destroy_context(TCS_CONTEXT_HANDLE handle) +{ + struct tcs_context *toKill; + struct tcs_context *previous; + + MUTEX_LOCK(tcs_ctx_lock); + + toKill = get_context(handle); + previous = get_previous_context(handle); + + if (!previous && tcs_context_table->handle == handle) { + /* this means that toKill is the first one */ + tcs_context_table = tcs_context_table->next; + } else if (previous && toKill) { + /* both are found */ + previous->next = toKill->next; + } else { + MUTEX_UNLOCK(tcs_ctx_lock); + return; + } + + MUTEX_UNLOCK(tcs_ctx_lock); + + CTX_ref_count_keys(toKill); + +#ifdef TSS_BUILD_TRANSPORT + /* Free existing transport session if necessary */ + if (toKill->transHandle) + TCSP_FlushSpecific_Common(toKill->transHandle, TPM_RT_TRANS); +#endif + + free(toKill); +} + +TCS_CONTEXT_HANDLE +make_context() +{ + struct tcs_context *index; + + MUTEX_LOCK(tcs_ctx_lock); + + index = tcs_context_table; + + if (!index) { + tcs_context_table = create_tcs_context(); + if (tcs_context_table == NULL) { + LogError("Malloc Failure."); + MUTEX_UNLOCK(tcs_ctx_lock); + return 0; + } + index = tcs_context_table; + } else { + while (index->next) { + index = index->next; + } + index->next = create_tcs_context(); + if (index->next == NULL) { + LogError("Malloc Failure."); + MUTEX_UNLOCK(tcs_ctx_lock); + return 0; + } + index = index->next; + } + + MUTEX_UNLOCK(tcs_ctx_lock); + + return index->handle; +} + + +TSS_RESULT +ctx_verify_context(TCS_CONTEXT_HANDLE tcsContext) +{ + struct tcs_context *c; + + if (tcsContext == InternalContext) { + LogDebug("Success: %x is an Internal Context", tcsContext); + return TSS_SUCCESS; + } + + MUTEX_LOCK(tcs_ctx_lock); + + c = get_context(tcsContext); + + MUTEX_UNLOCK(tcs_ctx_lock); + + if (c == NULL) { + LogDebug("Fail: Context %x not found", tcsContext); + return TCSERR(TCS_E_INVALID_CONTEXTHANDLE); + } + + return TSS_SUCCESS; +} + + +COND_VAR * +ctx_get_cond_var(TCS_CONTEXT_HANDLE tcs_handle) +{ + struct tcs_context *c; + COND_VAR *ret = NULL; + + MUTEX_LOCK(tcs_ctx_lock); + + c = get_context(tcs_handle); + + if (c != NULL) + ret = &c->cond; + + MUTEX_UNLOCK(tcs_ctx_lock); + + return ret; +} + +/* the only transport flag at the TCS level is whether the session is exclusive or not. If the app + * is requesting an exclusive transport session, check that no other exclusive sessions exist and + * if not, flag this context as being the one. If so, return internal error. */ +TSS_RESULT +ctx_req_exclusive_transport(TCS_CONTEXT_HANDLE tcsContext) +{ + TSS_RESULT result = TSS_SUCCESS; + struct tcs_context *tmp, *self = NULL; + + /* If the daemon is configured to ignore apps that want an exclusive transport, just + * return */ + if (!tcsd_options.exclusive_transport) + return result; + + MUTEX_LOCK(tcs_ctx_lock); + + tmp = tcs_context_table; + while (tmp) { + if (tmp->flags & TSS_CONTEXT_FLAG_TRANSPORT_EXCLUSIVE) { + result = TCSERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + if (tmp->handle == tcsContext) + self = tmp; + + tmp = tmp->next; + } + + if (self) + self->flags |= TSS_CONTEXT_FLAG_TRANSPORT_EXCLUSIVE; + else + result = TCSERR(TCS_E_INVALID_CONTEXTHANDLE); +done: + MUTEX_UNLOCK(tcs_ctx_lock); + + return result; +} + +TSS_RESULT +ctx_set_transport_enabled(TCS_CONTEXT_HANDLE tcsContext, UINT32 hTransHandle) +{ + TSS_RESULT result = TSS_SUCCESS; + struct tcs_context *tmp, *self = NULL; + + MUTEX_LOCK(tcs_ctx_lock); + + tmp = tcs_context_table; + while (tmp) { + if (tmp->handle == tcsContext) { + self = tmp; + break; + } + + tmp = tmp->next; + } + + if (self) { + self->flags |= TSS_CONTEXT_FLAG_TRANSPORT_ENABLED; + self->transHandle = hTransHandle; + } else + result = TCSERR(TCS_E_INVALID_CONTEXTHANDLE); + + MUTEX_UNLOCK(tcs_ctx_lock); + + return result; +} + +TSS_RESULT +ctx_set_transport_disabled(TCS_CONTEXT_HANDLE tcsContext, TCS_HANDLE *transHandle) +{ + TSS_RESULT result = TSS_SUCCESS; + struct tcs_context *tmp, *self = NULL; + + MUTEX_LOCK(tcs_ctx_lock); + + tmp = tcs_context_table; + while (tmp) { + if (tmp->handle == tcsContext) { + self = tmp; + break; + } + + tmp = tmp->next; + } + + if (self) { + if (!transHandle || *transHandle == self->transHandle) { + self->transHandle = 0; + self->flags &= ~TSS_CONTEXT_FLAG_TRANSPORT_ENABLED; + } + } else + result = TCSERR(TCS_E_INVALID_CONTEXTHANDLE); + + MUTEX_UNLOCK(tcs_ctx_lock); + + return result; +} diff --git a/src/tcs/tcs_context_key.c b/src/tcs/tcs_context_key.c new file mode 100644 index 0000000..dcec6dc --- /dev/null +++ b/src/tcs/tcs_context_key.c @@ -0,0 +1,162 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_context.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" + +MUTEX_DECLARE_EXTERN(tcs_ctx_lock); + +/* runs through the list of all keys loaded by context c and decrements + * their ref count by 1, then free's their structures. + */ +void +ctx_ref_count_keys(struct tcs_context *c) +{ + struct keys_loaded *cur, *prev; + + if (c == NULL) + return; + + cur = prev = c->keys; + + while (cur != NULL) { + key_mgr_dec_ref_count(cur->key_handle); + cur = cur->next; + free(prev); + prev = cur; + } +} +/* Traverse loaded keys list and if matching key handle is found return TRUE else return FALSE + */ +TSS_BOOL +ctx_has_key_loaded(TCS_CONTEXT_HANDLE ctx_handle, TCS_KEY_HANDLE key_handle) +{ + struct tcs_context *c; + struct keys_loaded *k = NULL; + + MUTEX_LOCK(tcs_ctx_lock); + + c = get_context(ctx_handle); + if (c == NULL) { + MUTEX_UNLOCK(tcs_ctx_lock); + return FALSE; + } + k = c->keys; + while (k != NULL) { + if (k->key_handle == key_handle) { + MUTEX_UNLOCK(tcs_ctx_lock); + return TRUE; + } + k = k->next; + } + + MUTEX_UNLOCK(tcs_ctx_lock); + return FALSE; +} + +/* Traverse loaded keys list and if matching key handle is found remove it */ +TSS_RESULT +ctx_remove_key_loaded(TCS_CONTEXT_HANDLE ctx_handle, TCS_KEY_HANDLE key_handle) +{ + struct tcs_context *c; + struct keys_loaded *cur, *prev; + + MUTEX_LOCK(tcs_ctx_lock); + + c = get_context(ctx_handle); + if (c == NULL) { + MUTEX_UNLOCK(tcs_ctx_lock); + return TCSERR(TCS_E_INVALID_CONTEXTHANDLE); + } + + for (prev = cur = c->keys; cur; prev = cur, cur = cur->next) { + if (cur->key_handle == key_handle) { + if (prev == c->keys) + c->keys = cur->next; + else + prev->next = cur->next; + + free(cur); + MUTEX_UNLOCK(tcs_ctx_lock); + return TCS_SUCCESS; + } + } + + MUTEX_UNLOCK(tcs_ctx_lock); + return TCSERR(TCS_E_INVALID_KEY); +} + +/* make a new entry in the per-context list of loaded keys. If the list already + * contains a pointer to the key in memory, just return success. + */ +TSS_RESULT +ctx_mark_key_loaded(TCS_CONTEXT_HANDLE ctx_handle, TCS_KEY_HANDLE key_handle) +{ + struct tcs_context *c; + struct keys_loaded *k = NULL, *new; + TSS_RESULT result; + + MUTEX_LOCK(tcs_ctx_lock); + + c = get_context(ctx_handle); + + if (c != NULL) { + k = c->keys; + while (k != NULL) { + if (k->key_handle == key_handle) { + /* we've previously created a pointer to key_handle in the global + * list of loaded keys and incremented that key's reference count, + * so there's no need to do anything. + */ + result = TSS_SUCCESS; + break; + } + + k = k->next; + } + } else { + MUTEX_UNLOCK(tcs_ctx_lock); + return TCSERR(TSS_E_FAIL); + } + + /* if we have no record of this key being loaded by this context, create a new + * entry and increment the key's reference count in the global list. + */ + if (k == NULL) { + new = calloc(1, sizeof(struct keys_loaded)); + if (new == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(struct keys_loaded)); + MUTEX_UNLOCK(tcs_ctx_lock); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + new->key_handle = key_handle; + new->next = c->keys; + c->keys = new; + result = key_mgr_inc_ref_count(new->key_handle); + } + + MUTEX_UNLOCK(tcs_ctx_lock); + + return result; +} + diff --git a/src/tcs/tcs_counter.c b/src/tcs/tcs_counter.c new file mode 100644 index 0000000..f212ac6 --- /dev/null +++ b/src/tcs/tcs_counter.c @@ -0,0 +1,54 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcsps.h" +#include "tcslog.h" + + +void +UnloadBlob_COUNTER_VALUE(UINT64 *offset, BYTE *blob, TPM_COUNTER_VALUE *ctr) +{ + if (!ctr) { + UnloadBlob_UINT16(offset, NULL, blob); + UnloadBlob(offset, 4, blob, NULL); + UnloadBlob_UINT32(offset, NULL, blob); + return; + } + + UnloadBlob_UINT16(offset, &ctr->tag, blob); + UnloadBlob(offset, 4, blob, (BYTE *)&ctr->label); + UnloadBlob_UINT32(offset, &ctr->counter, blob); +} + +void +LoadBlob_COUNTER_VALUE(UINT64 *offset, BYTE *blob, TPM_COUNTER_VALUE *ctr) +{ + LoadBlob_UINT16(offset, ctr->tag, blob); + LoadBlob(offset, 4, blob, (BYTE *)&ctr->label); + LoadBlob_UINT32(offset, ctr->counter, blob); +} diff --git a/src/tcs/tcs_evlog.c b/src/tcs/tcs_evlog.c new file mode 100644 index 0000000..f854e4e --- /dev/null +++ b/src/tcs/tcs_evlog.c @@ -0,0 +1,223 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcslog.h" +#include "tcsem.h" + + +struct event_log *tcs_event_log = NULL; + +TSS_RESULT +event_log_init() +{ + if (tcs_event_log != NULL) + return TSS_SUCCESS; + + tcs_event_log = calloc(1, sizeof(struct event_log)); + if (tcs_event_log == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(struct event_log)); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + MUTEX_INIT(tcs_event_log->lock); + + /* allocate as many event lists as there are PCR's */ + tcs_event_log->lists = calloc(tpm_metrics.num_pcrs, sizeof(struct event_wrapper *)); + if (tcs_event_log->lists == NULL) { + LogError("malloc of %zd bytes failed.", + tpm_metrics.num_pcrs * sizeof(struct event_wrapper *)); + free(tcs_event_log); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + /* assign external event log sources here */ + //tcs_event_log->firmware_source = EVLOG_IMA_SOURCE; + tcs_event_log->firmware_source = EVLOG_BIOS_SOURCE; + tcs_event_log->kernel_source = EVLOG_IMA_SOURCE; + + return TSS_SUCCESS; +} + +TSS_RESULT +event_log_final() +{ + struct event_wrapper *cur, *next; + UINT32 i; + + MUTEX_LOCK(tcs_event_log->lock); + + for (i = 0; i < tpm_metrics.num_pcrs; i++) { + cur = tcs_event_log->lists[i]; + while (cur != NULL) { + next = cur->next; + free(cur->event.rgbPcrValue); + free(cur->event.rgbEvent); + free(cur); + cur = next; + } + } + + MUTEX_UNLOCK(tcs_event_log->lock); + + free(tcs_event_log->lists); + free(tcs_event_log); + + return TSS_SUCCESS; +} + +TSS_RESULT +copy_pcr_event(TSS_PCR_EVENT *dest, TSS_PCR_EVENT *source) +{ + memcpy(dest, source, sizeof(TSS_PCR_EVENT)); + return TSS_SUCCESS; +} + +TSS_RESULT +event_log_add(TSS_PCR_EVENT *event, UINT32 *pNumber) +{ + struct event_wrapper *new, *tmp; + TSS_RESULT result; + UINT32 i; + + MUTEX_LOCK(tcs_event_log->lock); + + new = calloc(1, sizeof(struct event_wrapper)); + if (new == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(struct event_wrapper)); + MUTEX_UNLOCK(tcs_event_log->lock); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + if ((result = copy_pcr_event(&(new->event), event))) { + free(new); + MUTEX_UNLOCK(tcs_event_log->lock); + return result; + } + + /* go to the end of the list to add the element, so that they're in order */ + i = 0; + if (tcs_event_log->lists[event->ulPcrIndex] == NULL) { + tcs_event_log->lists[event->ulPcrIndex] = new; + } else { + i++; + tmp = tcs_event_log->lists[event->ulPcrIndex]; + while (tmp->next != NULL) { + i++; + tmp = tmp->next; + } + tmp->next = new; + } + + *pNumber = ++i; + + MUTEX_UNLOCK(tcs_event_log->lock); + + return TSS_SUCCESS; +} + +TSS_PCR_EVENT * +get_pcr_event(UINT32 pcrIndex, UINT32 eventNumber) +{ + struct event_wrapper *tmp; + UINT32 counter = 0; + + MUTEX_LOCK(tcs_event_log->lock); + + tmp = tcs_event_log->lists[pcrIndex]; + for (; tmp; tmp = tmp->next) { + if (counter == eventNumber) { + break; + } + counter++; + } + + MUTEX_UNLOCK(tcs_event_log->lock); + + return (tmp ? &(tmp->event) : NULL); +} + +/* the lock should be held before calling this function */ +UINT32 +get_num_events(UINT32 pcrIndex) +{ + struct event_wrapper *tmp; + UINT32 counter = 0; + + tmp = tcs_event_log->lists[pcrIndex]; + for (; tmp; tmp = tmp->next) { + counter++; + } + + return counter; +} + +TSS_PCR_EVENT * +concat_pcr_events(TSS_PCR_EVENT **list_so_far, UINT32 list_size, TSS_PCR_EVENT *addition, + UINT32 addition_size) +{ + TSS_PCR_EVENT *ret; + + ret = realloc(*list_so_far, (list_size + addition_size) * sizeof(TSS_PCR_EVENT)); + if (ret == NULL) { + LogError("malloc of %zd bytes failed", + (list_size + addition_size) * sizeof(TSS_PCR_EVENT)); + return ret; + } + + memcpy(&ret[list_size], addition, addition_size * sizeof(TSS_PCR_EVENT)); + return ret; +} + +/* XXX make this a macro */ +UINT32 +get_pcr_event_size(TSS_PCR_EVENT *e) +{ + return (sizeof(TSS_PCR_EVENT) + e->ulEventLength + e->ulPcrValueLength); +} + +void +free_external_events(UINT32 eventCount, TSS_PCR_EVENT *ppEvents) +{ + UINT32 j; + + if (!ppEvents) + return; + + for (j = 0; j < eventCount; j++) { + /* This is a fairly heinous hack, but PCR event logs can get really large + * and without it, there is a real potential to exhaust memory by leaks. + * The PCR event logs that we pull out of securityfs have had their + * rgbPcrValue and rgbEvent pointers malloc'd dynamically as the + * securityfs log was parsed. The other event log lists that are + * maintained by the TCSD don't need to have this data free'd, since that + * will happen at shutdown time only. So, for each PCR index that's + * read from securityfs, we need to free its pointers after that data has + * been set in the packet to send back to the TSP. */ + if ((tcsd_options.kernel_pcrs & (1 << ppEvents[j].ulPcrIndex)) || + (tcsd_options.firmware_pcrs & (1 << ppEvents[j].ulPcrIndex))) { + free(ppEvents[j].rgbPcrValue); + free(ppEvents[j].rgbEvent); + } + } +} diff --git a/src/tcs/tcs_evlog_biosem.c b/src/tcs/tcs_evlog_biosem.c new file mode 100644 index 0000000..7065e12 --- /dev/null +++ b/src/tcs/tcs_evlog_biosem.c @@ -0,0 +1,298 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2006 + * + */ + +/* + * biosem.c + * + * Routines for handling PCR events from the TCG Compliant BIOS + * + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcsps.h" +#include "tcslog.h" +#include "tcsem.h" + +#ifdef EVLOG_SOURCE_BIOS + +struct ext_log_source bios_source = { + bios_open, + bios_get_entries_by_pcr, + bios_get_entry, + bios_close +}; + +int +bios_open(void *source, FILE **handle) +{ + FILE *fd; + + if ((fd = fopen((char *)source, "r")) == NULL ) { + LogError("Error opening BIOS Eventlog file %s: %s", (char *)source, + strerror(errno)); + return -1; + } + + *handle = fd; + + return 0; +} + +TSS_RESULT +bios_get_entries_by_pcr(FILE *handle, UINT32 pcr_index, UINT32 first, + UINT32 *count, TSS_PCR_EVENT **events) +{ + char page[BIOS_READ_SIZE]; + int error_path = 1; + UINT32 seen_indices = 0, copied_events = 0, i; + struct event_wrapper *list = calloc(1, sizeof(struct event_wrapper)); + struct event_wrapper *cur = list; + TSS_RESULT result = TSS_E_INTERNAL_ERROR; + TCG_PCClientPCREventStruc *event = NULL; + int num=0; + + if (list == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(struct event_wrapper)); + return TSS_E_OUTOFMEMORY; + } + + if (*count == 0) { + result = TSS_SUCCESS; + goto free_list; + } + + while (1) { + /* read event header from the file */ + if ((fread(page, 32, 1, handle)) <= 0) { + goto copy_events; + } + + event = (TCG_PCClientPCREventStruc *)page; + + /* if the index is the one we're looking for, grab the entry */ + if (pcr_index == event->pcrIndex) { + if (seen_indices >= first) { + /* grab this entry */ + cur->event.rgbPcrValue = malloc(20); + if (cur->event.rgbPcrValue == NULL) { + LogError("malloc of %d bytes failed.", 20); + result = TSS_E_OUTOFMEMORY; + goto free_list; + } + + cur->event.ulPcrIndex = pcr_index; + cur->event.eventType = event->eventType; + cur->event.ulPcrValueLength = 20; + + /* copy the SHA1 XXX endianess ignored */ + memcpy(cur->event.rgbPcrValue, event->digest, 20); + + /* copy the event name XXX endianess ignored */ + cur->event.ulEventLength = event->eventDataSize; + + if (event->eventDataSize>0) { + cur->event.rgbEvent = malloc(event->eventDataSize); + if (cur->event.rgbEvent == NULL) { + LogError("malloc of %d bytes failed.", + event->eventDataSize); + free(cur->event.rgbPcrValue); + result = TSS_E_OUTOFMEMORY; + goto free_list; + } + if ((fread(cur->event.rgbEvent, + event->eventDataSize, 1, handle)) <= 0) { + LogError("read from event source failed: %s", + strerror(errno)); + return result; + } + } else { + cur->event.rgbEvent = NULL; + } + + copied_events++; + if (copied_events == *count) + goto copy_events; + + cur->next = calloc(1, sizeof(struct event_wrapper)); + if (cur->next == NULL) { + LogError("malloc of %zd bytes failed.", + sizeof(struct event_wrapper)); + result = TSS_E_OUTOFMEMORY; + goto free_list; + } + cur = cur->next; + } else { + /* skip */ + if (event->eventDataSize > 0) + fseek(handle,event->eventDataSize,SEEK_CUR); + } + seen_indices++; + } else { + if (event->eventDataSize > 0) + fseek(handle,event->eventDataSize,SEEK_CUR); + } + num++; + } + +copy_events: + + /* we've copied all the events we need to from this PCR, now + * copy them all into one contiguous memory block + */ + *events = calloc(copied_events, sizeof(TSS_PCR_EVENT)); + if (*events == NULL) { + LogError("malloc of %zd bytes failed.", copied_events * sizeof(TSS_PCR_EVENT)); + result = TSS_E_OUTOFMEMORY; + goto free_list; + } + + cur = list; + for (i = 0; i < copied_events; i++) { + memcpy(&((*events)[i]), &(cur->event), sizeof(TSS_PCR_EVENT)); + cur = cur->next; + } + + *count = copied_events; + /* assume we're in an error path until we get here */ + error_path = 0; + result = TSS_SUCCESS; + +free_list: + cur = list->next; + while (cur != NULL) { + if (error_path) { + free(cur->event.rgbEvent); + free(cur->event.rgbPcrValue); + } + free(list); + list = cur; + cur = list->next; + } + free(list); + return result; +} + +TSS_RESULT +bios_get_entry(FILE *handle, UINT32 pcr_index, UINT32 *num, TSS_PCR_EVENT **ppEvent) +{ + char page[BIOS_READ_SIZE]; + UINT32 seen_indices = 0; + TSS_RESULT result = TSS_E_INTERNAL_ERROR; + TSS_PCR_EVENT *e = NULL; + TCG_PCClientPCREventStruc *event = NULL; + + while (1) { + /* read event header from the file */ + if ((fread(page, 32, 1, handle)) == 0) { + goto done; + } + + event = (TCG_PCClientPCREventStruc *)page; + + if (pcr_index == event->pcrIndex) { + if (ppEvent && !*ppEvent && seen_indices == *num) { + *ppEvent = calloc(1, sizeof(TSS_PCR_EVENT)); + if (*ppEvent == NULL) { + LogError("malloc of %zd bytes failed.", + sizeof(TSS_PCR_EVENT)); + return TSS_E_INTERNAL_ERROR; + } + + e = *ppEvent; + + e->rgbPcrValue = malloc(20); + if (e->rgbPcrValue == NULL) { + LogError("malloc of %d bytes failed.", 20); + free(e); + e = NULL; + break; + } + + e->ulPcrIndex = pcr_index; + e->eventType = event->eventType; + e->ulPcrValueLength = 20; + + /* copy the SHA1 XXX endianess ignored */ + memcpy(e->rgbPcrValue, event->digest, 20); + + e->ulEventLength = event->eventDataSize; + + if (event->eventDataSize>0) { + e->rgbEvent = malloc(e->ulEventLength); + if (e->rgbEvent == NULL) { + LogError("malloc of %d bytes failed.", + e->ulEventLength); + free(e->rgbPcrValue); + free(e); + e = NULL; + break; + } + if ((fread(e->rgbEvent, + event->eventDataSize, + 1, handle)) <= 0) { + LogError("read from event source failed: %s", + strerror(errno)); + return result; + } + } else { + e->rgbEvent = NULL; + } + result = TSS_SUCCESS; + + break; + } else { + /* skip */ + if (event->eventDataSize > 0) { + fseek(handle,event->eventDataSize,SEEK_CUR); + } + } + seen_indices++; + } else { + /* skip */ + if (event->eventDataSize > 0) { + fseek(handle,event->eventDataSize,SEEK_CUR); + } + } + } + +done: + if (!ppEvent) { + *num = seen_indices; + result = TSS_SUCCESS; + } else if (e == NULL) + *ppEvent = NULL; + + return result; +} + +int +bios_close(FILE *handle) +{ + fclose(handle); + + return 0; +} + +#endif diff --git a/src/tcs/tcs_evlog_imaem.c b/src/tcs/tcs_evlog_imaem.c new file mode 100644 index 0000000..fbdd29a --- /dev/null +++ b/src/tcs/tcs_evlog_imaem.c @@ -0,0 +1,352 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +/* + * imaem.c + * + * Routines for handling PCR events from the Integrity Measurement + * Architecture. + * + * The external event source format used by IMA: + * + * 4 bytes PCR Index (bin) + * 20 bytes SHA1 template (bin) + * 4 bytes template name_len + * 1-255 bytes template name + * 20 bytes SHA1 IMA(bin) + * 4 bytes IMA name len + * 1-255 bytes eventname + * 1 byte separator = '\0' + * + * + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcsps.h" +#include "tcslog.h" +#include "tcsem.h" + +#ifdef EVLOG_SOURCE_IMA + +struct ext_log_source ima_source = { + ima_open, + ima_get_entries_by_pcr, + ima_get_entry, + ima_close +}; + +int +ima_open(void *source, FILE **handle) +{ + FILE *fd; + + if ((fd = fopen((char *)source, "r")) == NULL) { + LogError("Error opening PCR log file %s: %s", + (char *)source, strerror(errno)); + return -1; + } + + *handle = fd; + return 0; +} + +TSS_RESULT +ima_get_entries_by_pcr(FILE *handle, UINT32 pcr_index, UINT32 first, + UINT32 *count, TSS_PCR_EVENT **events) +{ + int pcr_value; + char page[IMA_READ_SIZE]; + int error_path = 1, ptr = 0; + UINT32 copied_events = 0, i; + struct event_wrapper *list = calloc(1, sizeof(struct event_wrapper)); + struct event_wrapper *cur = list; + TSS_RESULT result = TCSERR(TSS_E_INTERNAL_ERROR); + FILE *fp = (FILE *) handle; + uint len; + char name[255]; + + if (list == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(struct event_wrapper)); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + if (*count == 0) { + result = TSS_SUCCESS; + goto free_list; + } + + if (!fp) { + perror("unable to open file\n"); + return 1; + } + rewind(fp); + + while (fread(page, 24, 1, fp)) { + /* copy the initial 4 bytes (PCR index) XXX endianess ignored */ + ptr = 0; + memcpy(&pcr_value, &page[ptr], sizeof(int)); + cur->event.ulPcrIndex = pcr_value; + ptr += sizeof(int); + + /* grab this entry */ + cur->event.ulPcrValueLength = 20; + cur->event.rgbPcrValue = malloc(cur->event.ulPcrValueLength); + if (cur->event.rgbPcrValue == NULL) { + LogError("malloc of %d bytes failed.", 20); + result = TCSERR(TSS_E_OUTOFMEMORY); + goto free_list; + } + + /* copy the template SHA1 XXX endianess ignored */ + memcpy(cur->event.rgbPcrValue, &page[ptr], + cur->event.ulPcrValueLength); + +/* Get the template name size, template name */ +{ + char digest[20]; + + if (fread(&len, 1, sizeof(len), fp) != (sizeof(len))) { + LogError("Failed to read event log file"); + result = TCSERR(TSS_E_INTERNAL_ERROR); + goto free_list; + } + + memset(name, 0, sizeof name); + if (fread(name, 1, len, fp) != len) { + LogError("Failed to read event log file"); + result = TCSERR(TSS_E_INTERNAL_ERROR); + goto free_list; + } + if (fread(digest, 1, sizeof digest, fp) != (sizeof(digest))) { + LogError("Failed to read event log file"); + result = TCSERR(TSS_E_INTERNAL_ERROR); + goto free_list; + } +} + /* Get the template data namelen and data */ + if (fread(&cur->event.ulEventLength, 1, sizeof(int), fp) != sizeof(int)) { + LogError("Failed to read event log file"); + result = TCSERR(TSS_E_INTERNAL_ERROR); + goto free_list; + } + cur->event.rgbEvent = malloc(cur->event.ulEventLength + 1); + if (cur->event.rgbEvent == NULL) { + free(cur->event.rgbPcrValue); + LogError("malloc of %u bytes failed.", + cur->event.ulEventLength); + result = TCSERR(TSS_E_OUTOFMEMORY); + goto free_list; + } + memset(cur->event.rgbEvent, 0, cur->event.ulEventLength); + if (fread(cur->event.rgbEvent, 1, cur->event.ulEventLength, fp) != cur->event.ulEventLength) { + free(cur->event.rgbPcrValue); + LogError("Failed to read event log file"); + result = TCSERR(TSS_E_INTERNAL_ERROR); + goto free_list; + } + + copied_events++; +printf("%d %s ", copied_events, name); + +printf("%s\n", cur->event.rgbEvent); + if (copied_events == *count) + goto copy_events; + + cur->next = calloc(1, sizeof(struct event_wrapper)); + if (cur->next == NULL) { + LogError("malloc of %zd bytes failed.", + sizeof(struct event_wrapper)); + result = TCSERR(TSS_E_OUTOFMEMORY); + goto free_list; + } + cur = cur->next; + } + +copy_events: + /* we've copied all the events we need to from this PCR, now + * copy them all into one contiguous memory block + */ +printf("copied_events: %d\n", copied_events); + *events = calloc(copied_events, sizeof(TSS_PCR_EVENT)); + if (*events == NULL) { + LogError("malloc of %zd bytes failed.", copied_events * sizeof(TSS_PCR_EVENT)); + result = TCSERR(TSS_E_OUTOFMEMORY); + goto free_list; + } + + cur = list; + for (i = 0; i < copied_events; i++) { + memcpy(&((*events)[i]), &(cur->event), sizeof(TSS_PCR_EVENT)); + cur = cur->next; + } + + *count = copied_events; + /* assume we're in an error path until we get here */ + error_path = 0; + result = TSS_SUCCESS; + +free_list: + cur = list->next; + while (cur != NULL) { + if (error_path) { + free(cur->event.rgbEvent); + free(cur->event.rgbPcrValue); + } + free(list); + list = cur; + cur = list->next; + } + free(list); + return result; +} + +TSS_RESULT +ima_get_entry(FILE *handle, UINT32 pcr_index, UINT32 *num, TSS_PCR_EVENT **ppEvent) +{ + int pcr_value, ptr = 0; + uint len; + char page[IMA_READ_SIZE]; + UINT32 seen_indices = 0; + TSS_RESULT result = TCSERR(TSS_E_INTERNAL_ERROR); + TSS_PCR_EVENT *event = NULL; + FILE *fp = (FILE *) handle; + char name[255]; + + rewind(fp); + while (fread(page, 24, 1, fp)) { + /* copy the initial 4 bytes (PCR index) XXX endianess ignored */ + ptr = 0; + memcpy(&pcr_value, &page[ptr], sizeof(int)); + + if (pcr_index == (UINT32)pcr_value) { + event = calloc(1, sizeof(TSS_PCR_EVENT)); + event->ulPcrIndex = pcr_value; + ptr += sizeof(int); + /* This is the case where we're looking for a specific event number in a + * specific PCR index. When we've reached the correct event, malloc + * space for it, copy it in, then break out of the while loop */ + if (ppEvent && seen_indices == *num) { + /* grab this entry */ + event->ulPcrValueLength = 20; + event->rgbPcrValue = malloc(event->ulPcrValueLength); + if (event->rgbPcrValue == NULL) { + LogError("malloc of %d bytes failed.", 20); + free(event); + result = TCSERR(TSS_E_OUTOFMEMORY); + goto done; + } + + /* copy the template SHA1 XXX endianess ignored */ + memcpy(event->rgbPcrValue, &page[ptr], + event->ulPcrValueLength); + + /* Get the template name size, template name */ + { + char digest[20]; + + if (fread(&len, 1, sizeof(len), fp) != sizeof(len)) { + free(event); + LogError("Failed to read event log file"); + result = TCSERR(TSS_E_INTERNAL_ERROR); + goto done; + } + memset(name, 0, sizeof name); + if (fread(name, 1, len, fp) != len) { + free(event); + LogError("Failed to read event log file"); + result = TCSERR(TSS_E_INTERNAL_ERROR); + goto done; + } + if (fread(digest, 1, sizeof(digest), fp) != sizeof(digest)) { + free(event); + LogError("Failed to read event log file"); + result = TCSERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + /* Get the template data namelen and data */ + if (fread(&event->ulEventLength, 1, sizeof(int), fp) != sizeof(int)) { + free(event); + LogError("Failed to read event log file"); + result = TCSERR(TSS_E_INTERNAL_ERROR); + goto done; + } + event->rgbEvent = malloc(event->ulEventLength + 1); + if (event->rgbEvent == NULL) { + free(event->rgbPcrValue); + free(event); + LogError("malloc of %u bytes failed.", + event->ulEventLength); + result = TCSERR(TSS_E_OUTOFMEMORY); + goto done; + } + memset(event->rgbEvent, 0, event->ulEventLength); + if (fread(event->rgbEvent, 1, event->ulEventLength, fp) != event->ulEventLength ) { + free(event->rgbPcrValue); + free(event); + LogError("Failed to read event log file"); + result = TCSERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *ppEvent = event; + result = TSS_SUCCESS; + break; + } + } + if (fread(&len, 1, sizeof(len), fp) != sizeof(len)) { + free(event->rgbPcrValue); + free(event); + LogError("Failed to read event log file"); + result = TCSERR(TSS_E_INTERNAL_ERROR); + goto done; + } + fseek(fp, len + 20, SEEK_CUR); + if (fread(&len, 1, sizeof(len), fp) != sizeof(len)) { + free(event->rgbPcrValue); + free(event); + LogError("Failed to read event log file"); + result = TCSERR(TSS_E_INTERNAL_ERROR); + goto done; + } + fseek(fp, len, SEEK_CUR); + seen_indices++; + printf("%d - index\n", seen_indices); + } +done: + if (ppEvent == NULL) + *num = seen_indices; + + return result; +} + +int +ima_close(FILE *handle) +{ + fclose((FILE *)handle); + + return 0; +} +#endif diff --git a/src/tcs/tcs_key.c b/src/tcs/tcs_key.c new file mode 100644 index 0000000..bb73f57 --- /dev/null +++ b/src/tcs/tcs_key.c @@ -0,0 +1,588 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + + +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "req_mgr.h" +#include "tcs_tsp.h" +#include "tcslog.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" + +struct key_mem_cache *key_mem_cache_head = NULL; + +TSS_UUID NULL_UUID = { 0, 0, 0, 0, 0, { 0, 0, 0, 0, 0, 0 } }; + + +TSS_RESULT +add_cache_entry(TCS_CONTEXT_HANDLE hContext, + BYTE* blob, + TCS_KEY_HANDLE hParent, + TPM_KEY_HANDLE hSlot, + TCS_KEY_HANDLE* new) +{ + UINT64 offset; + TSS_RESULT result; + TCS_KEY_HANDLE tcsHandle; + TSS_KEY key, *pKey; + + if (!blob) { + pKey = NULL; + } else { + offset = 0; + if ((result = UnloadBlob_TSS_KEY(&offset, blob, &key))) + return result; + + if ((tcsHandle = mc_get_handle_by_pub(&key.pubKey, hParent)) == NULL_TCS_HANDLE) { + pKey = &key; + } else { + mc_set_slot_by_handle(tcsHandle, hSlot); + *new = tcsHandle; + goto done; + } + } + + LogDebugFn("No existing key handle for this key, creating new one..."); + /* Get a new TCS Key Handle */ + tcsHandle = getNextTcsKeyHandle(); + LogDebugFn("calling mc_add_entry, TCS handle: 0x%x, TPM handle 0x%x", tcsHandle, hSlot); + + if ((result = mc_add_entry(tcsHandle, hSlot, pKey))) + goto done; + + LogDebugFn("ctx_mark_key_loaded"); + if (ctx_mark_key_loaded(hContext, tcsHandle)) { + LogError("Error marking key as loaded"); + result = TCSERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + if ((result = mc_set_parent_by_handle(tcsHandle, hParent))) { + LogError("mc_set_parent_by_handle failed."); + goto done; + } + + *new = tcsHandle; +done: + if (blob) + destroy_key_refs(&key); + return result; +} + +/* Check that the context has this key loaded and return the associated slot. Do not search PS if + * the key is not found */ +TSS_RESULT +get_slot_lite(TCS_CONTEXT_HANDLE hContext, TCS_KEY_HANDLE hKey, TPM_KEY_HANDLE *out) +{ + if (ctx_has_key_loaded(hContext, hKey)) { + if ((*out = mc_get_slot_by_handle(hKey)) == NULL_TPM_HANDLE) + return TCSERR(TCS_E_INVALID_KEY); + + return TSS_SUCCESS; + } + + return TCSERR(TCS_E_INVALID_KEY); +} + +/* XXX Can get_slot be merged with ensureKeyIsLoaded? */ + +/* Given a handle, get_slot searches the mem cache for a mapping to a TPM handle. If there is no + * mapping, it looks up the pub key of the handle and attempts to load it by finding its pub key + * in the persistent store. If that's not found, return error. */ +TSS_RESULT +get_slot(TCS_CONTEXT_HANDLE hContext, TCS_KEY_HANDLE hKey, TPM_KEY_HANDLE *out) +{ + TSS_RESULT result = TSS_SUCCESS; + TPM_STORE_PUBKEY *pub = NULL; + TPM_KEY_HANDLE slot; + + LogDebugFn("calling mc_get_slot_by_handle"); + if ((slot = mc_get_slot_by_handle(hKey)) == NULL_TPM_HANDLE) { + LogDebugFn("calling mc_get_pub_by_slot"); + if ((pub = mc_get_pub_by_slot(hKey)) == NULL) + return TCSERR(TCS_E_KM_LOADFAILED); + + LogDebugFn("calling LoadKeyShim"); + /* Otherwise, try to load it using the shim */ + result = LoadKeyShim(hContext, pub, NULL, &slot); + } + + if (!result) + *out = slot; + + return result; +} + +/* load_key_init is the common entry point for all load key requests to the TCSD. These can come in + * as straight load or load2 requests, or through a transport session. + * + * We'll always attempt to load the key if + * A) It requires auth (load should fail if auth is bad, even when its already been loaded by + * another thread) + * B) Its in a transport session (the key blob is encrypted) + * + * Otherwise if the key is already loaded by another thread and it doesn't require auth, then we + * will just set *load_key to FALSE, telling the caller that there's no need to send anything to + * the TPM. + */ +TSS_RESULT +load_key_init(TPM_COMMAND_CODE ord, + TCS_CONTEXT_HANDLE hContext, + TCS_KEY_HANDLE parent_handle, + UINT32 blob_size, + BYTE* blob, + TSS_BOOL encrypted, + TPM_AUTH* auth, + TSS_BOOL* load_key, + UINT64* out_len, + BYTE* out, + TCS_KEY_HANDLE* handle, + TPM_KEY_HANDLE* slot) +{ + TSS_RESULT result = TSS_SUCCESS; + TSS_KEY key; + UINT64 offset; + TPM_KEY_HANDLE tpm_slot; + TCS_KEY_HANDLE tcs_handle; + TSS_BOOL canLoad; + + + if (!encrypted) { + offset = 0; + memset(&key, 0, sizeof(TSS_KEY)); + if ((result = UnloadBlob_TSS_KEY(&offset, blob, &key))) + return result; + } + + if (!auth && !encrypted) { + LogDebugFn("Checking if LoadKeyByBlob can be avoided by using existing key"); + + if ((tcs_handle = mc_get_handle_by_pub(&key.pubKey, parent_handle))) { + LogDebugFn("tcs key handle exists"); + + tpm_slot = mc_get_slot_by_handle(tcs_handle); + if (tpm_slot && (isKeyLoaded(tpm_slot) == TRUE)) { + LogDebugFn("Don't need to reload this key."); + *handle = tcs_handle; + *slot = tpm_slot; + *load_key = FALSE; + goto done; + } + } + } + *load_key = TRUE; + + LogDebugFn("calling canILoadThisKey"); + if (!encrypted) { + if ((result = canILoadThisKey(&(key.algorithmParms), &canLoad))) + goto error; + + if (canLoad == FALSE) { + LogDebugFn("calling evictFirstKey"); + /* Evict a key that isn't the parent */ + if ((result = evictFirstKey(parent_handle))) + goto error; + } + } + +error: + if (!encrypted) + destroy_key_refs(&key); +done: + return result; +} + +TSS_RESULT +load_key_final(TCS_CONTEXT_HANDLE hContext, + TCS_KEY_HANDLE parent_handle, + TCS_KEY_HANDLE* tcs_handle, + BYTE* blob, + TPM_KEY_HANDLE slot) +{ + if (*tcs_handle == NULL_TCS_HANDLE) + return add_cache_entry(hContext, blob, parent_handle, slot, tcs_handle); + else + return mc_set_slot_by_handle(*tcs_handle, slot); +} + +TSS_RESULT +canILoadThisKey(TCPA_KEY_PARMS *parms, TSS_BOOL *b) +{ + UINT16 subCapLength; + UINT64 offset; + BYTE subCap[100]; + TCPA_RESULT result; + UINT32 respDataLength; + BYTE *respData; + + offset = 0; + LoadBlob_KEY_PARMS(&offset, subCap, parms); + subCapLength = offset; + + if ((result = TCSP_GetCapability_Internal(InternalContext, TCPA_CAP_CHECK_LOADED, + subCapLength, subCap, &respDataLength, + &respData))) { + *b = FALSE; + LogDebugFn("NO"); + return result; + } + + *b = respData[0]; + free(respData); + LogDebugFn("%s", *b ? "YES" : "NO"); + + return TSS_SUCCESS; +} + +TCPA_RESULT +internal_EvictByKeySlot(TCPA_KEY_HANDLE slot) +{ + TCPA_RESULT result; + UINT32 paramSize; + UINT64 offset; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering Evict Key"); + +#ifdef TSS_BUILD_TSS12 + if (TPM_VERSION_IS(1,2)) { + LogDebugFn("Evicting key using FlushSpecific for TPM 1.2"); + + return TCSP_FlushSpecific_Common(slot, TPM_RT_KEY); + } +#endif + + offset = 10; + LoadBlob_UINT32(&offset, slot, txBlob); + LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset, TPM_ORD_EvictKey, txBlob); + + if ((result = req_mgr_submit_req(txBlob))) + return result; + + result = UnloadBlob_Header(txBlob, ¶mSize); + + LogResult("Evict Key", result); + return result; +} + +TSS_RESULT +clearUnknownKeys(TCS_CONTEXT_HANDLE hContext, UINT32 *cleared) +{ + TSS_RESULT result = TSS_SUCCESS; + TCPA_KEY_HANDLE_LIST keyList = { 0, NULL }; + int i; + BYTE *respData = NULL; + UINT32 respDataSize = 0, count = 0; + TCPA_CAPABILITY_AREA capArea = -1; + UINT64 offset = 0; + TSS_BOOL found = FALSE; + struct key_mem_cache *tmp; + + capArea = TCPA_CAP_KEY_HANDLE; + + if ((result = TCSP_GetCapability_Internal(hContext, capArea, 0, NULL, &respDataSize, + &respData))) + return result; + + if ((result = UnloadBlob_KEY_HANDLE_LIST(&offset, respData, &keyList))) + goto done; + +#ifdef TSS_DEBUG + LogDebug("Loaded TPM key handles:"); + for (i = 0; i < keyList.loaded; i++) { + LogDebugFn("%d: %x", i, keyList.handle[i]); + } + + LogDebug("Loaded TCSD key handles:"); + i=0; + for (tmp = key_mem_cache_head; tmp; tmp = tmp->next) { + LogDebugFn("%d: 0x%x -> 0x%x", i++, tmp->tpm_handle, + tmp->tcs_handle); + } +#endif + + for (i = 0; i < keyList.loaded; i++) { + /* as long as we're only called from evictFirstKey(), we don't + * need to lock here */ + for (tmp = key_mem_cache_head; tmp; tmp = tmp->next) { + if (tmp->tpm_handle == keyList.handle[i]) { + found = TRUE; + break; + } + } + if (found) + found = FALSE; + else { + if ((result = internal_EvictByKeySlot(keyList.handle[i]))) + goto done; + else + count++; + } + } + + *cleared = count; +done: + free(keyList.handle); + free(respData); + + return TSS_SUCCESS; +} + +#if 0 +TCPA_RESULT +clearKeysFromChip(TCS_CONTEXT_HANDLE hContext) +{ + TCPA_RESULT result; + TCPA_KEY_HANDLE_LIST keyList; + UINT32 i; + BYTE *respData = 0; + UINT32 respDataSize = 0; + TCPA_CAPABILITY_AREA capArea = -1; + UINT64 offset = 0; + + capArea = TCPA_CAP_KEY_HANDLE; + + if ((result = TCSP_GetCapability_Internal(hContext, capArea, 0, NULL, + &respDataSize, &respData))) + return result; + + if ((result = UnloadBlob_KEY_HANDLE_LIST(&offset, respData, &keyList))) + return result; + for (i = 0; i < keyList.loaded; i++) { + if (keyList.handle[i] == SRK_TPM_HANDLE || /*can't evict SRK */ + keyList.handle[i] == EK_TPM_HANDLE) /*can't evict EK */ + continue; + if ((result = internal_EvictByKeySlot(keyList.handle[i]))) + return result; + } + return TSS_SUCCESS; +} +#endif + +void +LoadBlob_KEY_PARMS(UINT64 *offset, BYTE *blob, TCPA_KEY_PARMS *keyInfo) +{ + LoadBlob_UINT32(offset, keyInfo->algorithmID, blob); + LoadBlob_UINT16(offset, keyInfo->encScheme, blob); + LoadBlob_UINT16(offset, keyInfo->sigScheme, blob); + LoadBlob_UINT32(offset, keyInfo->parmSize, blob); + LoadBlob(offset, keyInfo->parmSize, blob, keyInfo->parms); +} + +TSS_RESULT +UnloadBlob_STORE_PUBKEY(UINT64 *offset, BYTE *blob, TCPA_STORE_PUBKEY *store) +{ + if (!store) { + UINT32 keyLength; + + UnloadBlob_UINT32(offset, &keyLength, blob); + + if (keyLength > 0) + UnloadBlob(offset, keyLength, blob, NULL); + + return TSS_SUCCESS; + } + + UnloadBlob_UINT32(offset, &store->keyLength, blob); + + if (store->keyLength == 0) { + store->key = NULL; + LogWarn("Unloading a public key of size 0!"); + } else { + store->key = (BYTE *)malloc(store->keyLength); + if (store->key == NULL) { + LogError("malloc of %u bytes failed.", store->keyLength); + store->keyLength = 0; + return TCSERR(TSS_E_OUTOFMEMORY); + } + + UnloadBlob(offset, store->keyLength, blob, store->key); + } + + return TSS_SUCCESS; +} + +void +LoadBlob_STORE_PUBKEY(UINT64 *offset, BYTE * blob, TCPA_STORE_PUBKEY * store) +{ + LoadBlob_UINT32(offset, store->keyLength, blob); + LoadBlob(offset, store->keyLength, blob, store->key); +} + +TSS_RESULT +UnloadBlob_TSS_KEY(UINT64 *offset, BYTE *blob, TSS_KEY *key) +{ + TSS_RESULT rc; + + if (!key) { + UINT32 size; + + /* TPM_KEY's ver and TPM_KEY12's tag/file are + the same size, so... */ + UnloadBlob_VERSION(offset, blob, NULL); + UnloadBlob_UINT16(offset, NULL, blob); + UnloadBlob_KEY_FLAGS(offset, blob, NULL); + UnloadBlob_BOOL(offset, NULL, blob); + if ((rc = UnloadBlob_KEY_PARMS(offset, blob, NULL))) + return rc; + UnloadBlob_UINT32(offset, &size, blob); + + if (size > 0) + UnloadBlob(offset, size, blob, NULL); + + if ((rc = UnloadBlob_STORE_PUBKEY(offset, blob, NULL))) + return rc; + + UnloadBlob_UINT32(offset, &size, blob); + + if (size > 0) + UnloadBlob(offset, size, blob, NULL); + + return TSS_SUCCESS; + } + + if (key->hdr.key12.tag == TPM_TAG_KEY12) { + UnloadBlob_UINT16(offset, &key->hdr.key12.tag, blob); + UnloadBlob_UINT16(offset, &key->hdr.key12.fill, blob); + } else + UnloadBlob_TCPA_VERSION(offset, blob, &key->hdr.key11.ver); + UnloadBlob_UINT16(offset, &key->keyUsage, blob); + UnloadBlob_KEY_FLAGS(offset, blob, &key->keyFlags); + UnloadBlob_BOOL(offset, (TSS_BOOL *)&key->authDataUsage, blob); + if ((rc = UnloadBlob_KEY_PARMS(offset, blob, &key->algorithmParms))) + return rc; + UnloadBlob_UINT32(offset, &key->PCRInfoSize, blob); + + if (key->PCRInfoSize == 0) + key->PCRInfo = NULL; + else { + key->PCRInfo = malloc(key->PCRInfoSize); + if (key->PCRInfo == NULL) { + LogError("malloc of %u bytes failed.", key->PCRInfoSize); + key->PCRInfoSize = 0; + free(key->algorithmParms.parms); + key->algorithmParms.parms = NULL; + key->algorithmParms.parmSize = 0; + return TCSERR(TSS_E_OUTOFMEMORY); + } + UnloadBlob(offset, key->PCRInfoSize, blob, key->PCRInfo); + } + + if ((rc = UnloadBlob_STORE_PUBKEY(offset, blob, &key->pubKey))) { + free(key->PCRInfo); + key->PCRInfo = NULL; + key->PCRInfoSize = 0; + free(key->algorithmParms.parms); + key->algorithmParms.parms = NULL; + key->algorithmParms.parmSize = 0; + return rc; + } + UnloadBlob_UINT32(offset, &key->encSize, blob); + + if (key->encSize == 0) + key->encData = NULL; + else { + key->encData = (BYTE *)malloc(key->encSize); + if (key->encData == NULL) { + LogError("malloc of %d bytes failed.", key->encSize); + key->encSize = 0; + free(key->algorithmParms.parms); + key->algorithmParms.parms = NULL; + key->algorithmParms.parmSize = 0; + free(key->PCRInfo); + key->PCRInfo = NULL; + key->PCRInfoSize = 0; + free(key->pubKey.key); + key->pubKey.key = NULL; + key->pubKey.keyLength = 0; + return TCSERR(TSS_E_OUTOFMEMORY); + } + UnloadBlob(offset, key->encSize, blob, key->encData); + } + + return TSS_SUCCESS; +} + +void +LoadBlob_TSS_KEY(UINT64 *offset, BYTE * blob, TSS_KEY * key) +{ + if (key->hdr.key12.tag == TPM_TAG_KEY12) { + LoadBlob_UINT16(offset, key->hdr.key12.tag, blob); + LoadBlob_UINT16(offset, key->hdr.key12.fill, blob); + } else + LoadBlob_TCPA_VERSION(offset, blob, &key->hdr.key11.ver); + LoadBlob_UINT16(offset, key->keyUsage, blob); + LoadBlob_KEY_FLAGS(offset, blob, &key->keyFlags); + LoadBlob_BOOL(offset, key->authDataUsage, blob); + LoadBlob_KEY_PARMS(offset, blob, &key->algorithmParms); + LoadBlob_UINT32(offset, key->PCRInfoSize, blob); + LoadBlob(offset, key->PCRInfoSize, blob, key->PCRInfo); + LoadBlob_STORE_PUBKEY(offset, blob, &key->pubKey); + LoadBlob_UINT32(offset, key->encSize, blob); + LoadBlob(offset, key->encSize, blob, key->encData); +} + +void +LoadBlob_PUBKEY(UINT64 *offset, BYTE * blob, TCPA_PUBKEY * key) +{ + LoadBlob_KEY_PARMS(offset, blob, &(key->algorithmParms)); + LoadBlob_STORE_PUBKEY(offset, blob, &(key->pubKey)); +} + +TSS_RESULT +UnloadBlob_PUBKEY(UINT64 *offset, BYTE *blob, TCPA_PUBKEY *key) +{ + TSS_RESULT rc; + + if (!key) { + if ((rc = UnloadBlob_KEY_PARMS(offset, blob, NULL))) + return rc; + return UnloadBlob_STORE_PUBKEY(offset, blob, NULL); + } + + if ((rc = UnloadBlob_KEY_PARMS(offset, blob, &key->algorithmParms))) + return rc; + if ((rc = UnloadBlob_STORE_PUBKEY(offset, blob, &key->pubKey))) { + free(key->algorithmParms.parms); + key->algorithmParms.parms = NULL; + key->algorithmParms.parmSize = 0; + } + + return rc; +} + +void +LoadBlob_KEY_FLAGS(UINT64 *offset, BYTE * blob, TCPA_KEY_FLAGS * flags) +{ + LoadBlob_UINT32(offset, *flags, blob); +} + +void +destroy_key_refs(TSS_KEY *key) +{ + free(key->algorithmParms.parms); + key->algorithmParms.parms = NULL; + key->algorithmParms.parmSize = 0; + + free(key->pubKey.key); + key->pubKey.key = NULL; + key->pubKey.keyLength = 0; + + free(key->encData); + key->encData = NULL; + key->encSize = 0; + + free(key->PCRInfo); + key->PCRInfo = NULL; + key->PCRInfoSize = 0; +} diff --git a/src/tcs/tcs_key_mem_cache.c b/src/tcs/tcs_key_mem_cache.c new file mode 100644 index 0000000..4db0259 --- /dev/null +++ b/src/tcs/tcs_key_mem_cache.c @@ -0,0 +1,1175 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsps.h" +#include "req_mgr.h" + +#include "tcs_key_ps.h" + +/* + * mem_cache_lock will be responsible for protecting the key_mem_cache_head list. This is a + * TCSD global linked list of all keys which have been loaded into the TPM at some time. + */ +MUTEX_DECLARE_INIT(mem_cache_lock); + +/* + * tcs_keyhandle_lock is only used to make TCS keyhandle generation atomic for all TCSD + * threads. + */ +static MUTEX_DECLARE_INIT(tcs_keyhandle_lock); + +/* + * timestamp_lock is only used to make TCS key timestamp generation atomic for all TCSD + * threads. + */ +static MUTEX_DECLARE_INIT(timestamp_lock); + +TCS_KEY_HANDLE +getNextTcsKeyHandle() +{ + static TCS_KEY_HANDLE NextTcsKeyHandle = 0x22330000; + TCS_KEY_HANDLE ret; + + MUTEX_LOCK(tcs_keyhandle_lock); + + do { + ret = NextTcsKeyHandle++; + } while (NextTcsKeyHandle == SRK_TPM_HANDLE || NextTcsKeyHandle == NULL_TCS_HANDLE); + + MUTEX_UNLOCK(tcs_keyhandle_lock); + + return ret; +} + +UINT32 +getNextTimeStamp() +{ + static UINT32 time_stamp = 1; + UINT32 ret; + + MUTEX_LOCK(timestamp_lock); + ret = time_stamp++; + MUTEX_UNLOCK(timestamp_lock); + + return ret; +} + +/* only called from load key paths, so no locking */ +TCPA_STORE_PUBKEY * +mc_get_pub_by_slot(TCPA_KEY_HANDLE tpm_handle) +{ + struct key_mem_cache *tmp; + TCPA_STORE_PUBKEY *ret; + + if (tpm_handle == NULL_TPM_HANDLE) + return NULL; + + for (tmp = key_mem_cache_head; tmp; tmp = tmp->next) { + LogDebugFn("TCSD mem_cached handle: 0x%x", + tmp->tcs_handle); + if (tmp->tpm_handle == tpm_handle) { + ret = tmp->blob ? &tmp->blob->pubKey : NULL; + return ret; + } + } + LogDebugFn("returning NULL TCPA_STORE_PUBKEY"); + return NULL; +} + +/* only called from load key paths, so no locking */ +TCPA_STORE_PUBKEY * +mc_get_pub_by_handle(TCS_KEY_HANDLE tcs_handle) +{ + struct key_mem_cache *tmp; + TCPA_STORE_PUBKEY *ret; + + LogDebugFn("looking for 0x%x", tcs_handle); + + for (tmp = key_mem_cache_head; tmp; tmp = tmp->next) { + LogDebugFn("TCSD mem_cached handle: 0x%x", + tmp->tcs_handle); + if (tmp->tcs_handle == tcs_handle) { + ret = tmp->blob ? &tmp->blob->pubKey : NULL; + return ret; + } + } + + LogDebugFn("returning NULL TCPA_STORE_PUBKEY"); + return NULL; +} + +/* only called from load key paths, so no locking */ +TSS_RESULT +mc_set_parent_by_handle(TCS_KEY_HANDLE tcs_handle, TCS_KEY_HANDLE p_tcs_handle) +{ + struct key_mem_cache *tmp, *parent; + + /* find parent */ + for (tmp = key_mem_cache_head; tmp; tmp = tmp->next) { + LogDebug("TCSD mem_cached handle: 0x%x", tmp->tcs_handle); + if (tmp->tcs_handle == p_tcs_handle) { + parent = tmp; + break; + } + } + + /* didn't find parent */ + if (tmp == NULL) + goto done; + + /* set parent blob in child */ + for (tmp = key_mem_cache_head; tmp; tmp = tmp->next) { + if (tmp->tcs_handle == tcs_handle) { + tmp->parent = parent; + return TSS_SUCCESS; + } + } +done: + return TCSERR(TSS_E_FAIL); +} + +TCPA_RESULT +ensureKeyIsLoaded(TCS_CONTEXT_HANDLE hContext, TCS_KEY_HANDLE keyHandle, TCPA_KEY_HANDLE * keySlot) +{ + TCPA_RESULT result = TSS_SUCCESS; + TCPA_STORE_PUBKEY *myPub; + + LogDebugFn("0x%x", keyHandle); + + if (!ctx_has_key_loaded(hContext, keyHandle)) + return TCSERR(TCS_E_INVALID_KEY); + + MUTEX_LOCK(mem_cache_lock); + + *keySlot = mc_get_slot_by_handle(keyHandle); + LogDebug("keySlot is %08X", *keySlot); + if (*keySlot == NULL_TPM_HANDLE || isKeyLoaded(*keySlot) == FALSE) { + LogDebug("calling mc_get_pub_by_handle"); + if ((myPub = mc_get_pub_by_handle(keyHandle)) == NULL) { + LogDebug("Failed to find pub by handle"); + result = TCSERR(TCS_E_KM_LOADFAILED); + goto done; + } + + LogDebugFn("calling LoadKeyShim"); + if ((result = LoadKeyShim(hContext, myPub, NULL, keySlot))) { + LogDebug("Failed shim"); + goto done; + } + + if (*keySlot == NULL_TPM_HANDLE) { + LogDebug("Key slot is still invalid after ensureKeyIsLoaded"); + result = TCSERR(TCS_E_KM_LOADFAILED); + goto done; + } + } + mc_update_time_stamp(*keySlot); + +done: + MUTEX_UNLOCK(mem_cache_lock); + LogDebugFn("Exit"); + return result; +} + + +/* only called from load key paths, so no locking */ +TSS_UUID * +mc_get_uuid_by_pub(TCPA_STORE_PUBKEY *pub) +{ + TSS_UUID *ret; + struct key_mem_cache *tmp; + + for (tmp = key_mem_cache_head; tmp; tmp = tmp->next) { + LogDebugFn("TCSD mem_cached handle: 0x%x", tmp->tcs_handle); + if (tmp->blob && + tmp->blob->pubKey.keyLength == pub->keyLength && + !memcmp(tmp->blob->pubKey.key, pub->key, pub->keyLength)) { + ret = &tmp->uuid; + return ret; + } + } + + return NULL; +} + +TSS_RESULT +mc_get_handles_by_uuid(TSS_UUID *uuid, TCS_KEY_HANDLE *tcsHandle, TCPA_KEY_HANDLE *slot) +{ + struct key_mem_cache *tmp; + + for (tmp = key_mem_cache_head; tmp; tmp = tmp->next) { + if (!memcmp(&tmp->uuid, uuid, sizeof(TSS_UUID))) { + *tcsHandle = tmp->tcs_handle; + *slot = tmp->tpm_handle; + return TSS_SUCCESS; + } + } + + return TCSERR(TSS_E_FAIL); +} + +TCS_KEY_HANDLE +mc_get_handle_by_encdata(BYTE *encData) +{ + struct key_mem_cache *tmp; + TCS_KEY_HANDLE ret; + + MUTEX_LOCK(mem_cache_lock); + + for (tmp = key_mem_cache_head; tmp; tmp = tmp->next) { + LogDebugFn("TCSD mem_cached handle: 0x%x", tmp->tcs_handle); + if (!tmp->blob || tmp->blob->encSize == 0) + continue; + if (!memcmp(tmp->blob->encData, encData, tmp->blob->encSize)) { + ret = tmp->tcs_handle; + MUTEX_UNLOCK(mem_cache_lock); + return ret; + } + } + MUTEX_UNLOCK(mem_cache_lock); + return 0; +} + +TSS_RESULT +mc_update_encdata(BYTE *encData, BYTE *newEncData) +{ + struct key_mem_cache *tmp; + BYTE *tmp_enc_data; + + MUTEX_LOCK(mem_cache_lock); + + for (tmp = key_mem_cache_head; tmp; tmp = tmp->next) { + LogDebugFn("TCSD mem_cached handle: 0x%x", tmp->tcs_handle); + if (!tmp->blob || tmp->blob->encSize == 0) + continue; + if (!memcmp(tmp->blob->encData, encData, tmp->blob->encSize)) { + tmp_enc_data = (BYTE *)malloc(tmp->blob->encSize); + if (tmp_enc_data == NULL) { + LogError("malloc of %u bytes failed.", tmp->blob->encSize); + MUTEX_UNLOCK(mem_cache_lock); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + memcpy(tmp_enc_data, newEncData, tmp->blob->encSize); + free(tmp->blob->encData); + tmp->blob->encData = tmp_enc_data; + MUTEX_UNLOCK(mem_cache_lock); + return TSS_SUCCESS; + } + } + MUTEX_UNLOCK(mem_cache_lock); + LogError("Couldn't find requested encdata in mem cache"); + return TCSERR(TSS_E_INTERNAL_ERROR); +} + +/* + * only called from load key paths and the init (single thread time) path, + * so no locking + */ +TSS_RESULT +mc_add_entry(TCS_KEY_HANDLE tcs_handle, + TCPA_KEY_HANDLE tpm_handle, + TSS_KEY *key_blob) +{ + struct key_mem_cache *entry, *tmp; + + /* Make sure the cache doesn't already have an entry for this key */ + for (tmp = key_mem_cache_head; tmp; tmp = tmp->next) { + LogDebugFn("TCSD mem_cached handle: 0x%x", tmp->tcs_handle); + if (tcs_handle == tmp->tcs_handle) { + return TSS_SUCCESS; + } + } + + /* Not found - we need to create a new entry */ + entry = (struct key_mem_cache *)calloc(1, sizeof(struct key_mem_cache)); + if (entry == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(struct key_mem_cache)); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + entry->tcs_handle = tcs_handle; + if (tpm_handle != NULL_TPM_HANDLE) + entry->time_stamp = getNextTimeStamp(); + + entry->tpm_handle = tpm_handle; + + if (!key_blob) + goto add; + + /* allocate space for the blob */ + entry->blob = calloc(1, sizeof(TSS_KEY)); + if (entry->blob == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(TSS_KEY)); + free(entry); + return TCSERR(TSS_E_OUTOFMEMORY); + } + memcpy(entry->blob, key_blob, sizeof(TSS_KEY)); + + /* allocate space for the key parameters if necessary */ + if (key_blob->algorithmParms.parmSize) { + BYTE *tmp_parms = (BYTE *)malloc(key_blob->algorithmParms.parmSize); + if (tmp_parms == NULL) { + LogError("malloc of %u bytes failed.", key_blob->algorithmParms.parmSize); + free(entry->blob); + free(entry); + return TCSERR(TSS_E_OUTOFMEMORY); + } + memcpy(tmp_parms, key_blob->algorithmParms.parms, key_blob->algorithmParms.parmSize); + entry->blob->algorithmParms.parms = tmp_parms; + } + entry->blob->algorithmParms.parmSize = key_blob->algorithmParms.parmSize; + + /* allocate space for the public key */ + if (key_blob->pubKey.keyLength > 0) { + entry->blob->pubKey.key = (BYTE *)malloc(key_blob->pubKey.keyLength); + if (entry->blob->pubKey.key == NULL) { + LogError("malloc of %u bytes failed.", key_blob->pubKey.keyLength); + free(entry->blob->algorithmParms.parms); + free(entry->blob); + free(entry); + return TCSERR(TSS_E_OUTOFMEMORY); + } + memcpy(entry->blob->pubKey.key, key_blob->pubKey.key, key_blob->pubKey.keyLength); + } + entry->blob->pubKey.keyLength = key_blob->pubKey.keyLength; + + /* allocate space for the PCR info */ + if (key_blob->PCRInfoSize > 0) { + entry->blob->PCRInfo = (BYTE *)malloc(key_blob->PCRInfoSize); + if (entry->blob->PCRInfo == NULL) { + LogError("malloc of %u bytes failed.", key_blob->PCRInfoSize); + free(entry->blob->pubKey.key); + free(entry->blob->algorithmParms.parms); + free(entry->blob); + free(entry); + return TCSERR(TSS_E_OUTOFMEMORY); + } + memcpy(entry->blob->PCRInfo, key_blob->PCRInfo, key_blob->PCRInfoSize); + } + entry->blob->PCRInfoSize = key_blob->PCRInfoSize; + + /* allocate space for the encData if necessary */ + if (key_blob->encSize > 0) { + entry->blob->encData = (BYTE *)malloc(key_blob->encSize); + if (entry->blob->encData == NULL) { + LogError("malloc of %u bytes failed.", key_blob->encSize); + free(entry->blob->PCRInfo); + free(entry->blob->pubKey.key); + free(entry->blob->algorithmParms.parms); + free(entry->blob); + free(entry); + return TCSERR(TSS_E_OUTOFMEMORY); + } + memcpy(entry->blob->encData, key_blob->encData, key_blob->encSize); + } + entry->blob->encSize = key_blob->encSize; +add: + /* add to the front of the list */ + entry->next = key_mem_cache_head; + if (key_mem_cache_head) { + /* set the reference count to 0 initially for all keys not being the SRK. Up + * the call chain, a reference to this mem cache entry will be set in the + * context object of the calling context and this reference count will be + * incremented there. */ + entry->ref_cnt = 0; + + key_mem_cache_head->prev = entry; + } else { + /* if we are the SRK, initially set the reference count to 1, so that it is + * always seen as loaded in the TPM. */ + entry->ref_cnt = 1; + } + key_mem_cache_head = entry; + + return TSS_SUCCESS; +} + +/* caller must lock the mem cache before calling! */ +TSS_RESULT +mc_remove_entry(TCS_KEY_HANDLE tcs_handle) +{ + struct key_mem_cache *cur; + + for (cur = key_mem_cache_head; cur; cur = cur->next) { + if (cur->tcs_handle == tcs_handle) { + if (cur->blob) { + destroy_key_refs(cur->blob); + free(cur->blob); + } + + if (cur->prev != NULL) + cur->prev->next = cur->next; + if (cur->next != NULL) + cur->next->prev = cur->prev; + + if (cur == key_mem_cache_head) + key_mem_cache_head = cur->next; + free(cur); + + return TSS_SUCCESS; + } + } + + return TCSERR(TSS_E_FAIL); +} + +TSS_RESULT +mc_add_entry_init(TCS_KEY_HANDLE tcs_handle, + TCPA_KEY_HANDLE tpm_handle, + TSS_KEY *key_blob, + TSS_UUID *uuid) +{ + struct key_mem_cache *entry, *tmp; + + /* Make sure the cache doesn't already have an entry for this key */ + MUTEX_LOCK(mem_cache_lock); + for (tmp = key_mem_cache_head; tmp; tmp = tmp->next) { + if (tcs_handle == tmp->tcs_handle) { + mc_remove_entry(tcs_handle); + } + } + MUTEX_UNLOCK(mem_cache_lock); + + /* Not found - we need to create a new entry */ + entry = (struct key_mem_cache *)calloc(1, sizeof(struct key_mem_cache)); + if (entry == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(struct key_mem_cache)); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + entry->tcs_handle = tcs_handle; + if (tpm_handle != NULL_TPM_HANDLE) + entry->time_stamp = getNextTimeStamp(); + + entry->tpm_handle = tpm_handle; + + if (key_blob) { + /* allocate space for the blob */ + entry->blob = malloc(sizeof(TSS_KEY)); + if (entry->blob == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(TSS_KEY)); + free(entry); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + memcpy(entry->blob, key_blob, sizeof(TSS_KEY)); + + /* allocate space for the key parameters if necessary */ + if (key_blob->algorithmParms.parmSize) { + BYTE *tmp_parms = (BYTE *)malloc(key_blob->algorithmParms.parmSize); + if (tmp_parms == NULL) { + LogError("malloc of %u bytes failed.", + key_blob->algorithmParms.parmSize); + free(entry->blob); + free(entry); + return TCSERR(TSS_E_OUTOFMEMORY); + } + memcpy(tmp_parms, key_blob->algorithmParms.parms, + key_blob->algorithmParms.parmSize); + entry->blob->algorithmParms.parms = tmp_parms; + } + + /* allocate space for the public key */ + entry->blob->pubKey.key = (BYTE *)malloc(key_blob->pubKey.keyLength); + if (entry->blob->pubKey.key == NULL) { + LogError("malloc of %u bytes failed.", key_blob->pubKey.keyLength); + free(entry->blob); + free(entry); + return TCSERR(TSS_E_OUTOFMEMORY); + } + memcpy(entry->blob->pubKey.key, key_blob->pubKey.key, key_blob->pubKey.keyLength); + + /* allocate space for the encData if necessary */ + if (key_blob->encSize != 0) { + entry->blob->encData = (BYTE *)malloc(key_blob->encSize); + if (entry->blob->encData == NULL) { + LogError("malloc of %u bytes failed.", key_blob->encSize); + free(entry->blob->pubKey.key); + free(entry->blob); + free(entry); + return TCSERR(TSS_E_OUTOFMEMORY); + } + memcpy(entry->blob->encData, key_blob->encData, key_blob->encSize); + } + entry->blob->encSize = key_blob->encSize; + } + + memcpy(&entry->uuid, uuid, sizeof(TSS_UUID)); + + MUTEX_LOCK(mem_cache_lock); + + entry->next = key_mem_cache_head; + if (key_mem_cache_head) + key_mem_cache_head->prev = entry; + + entry->ref_cnt = 1; + key_mem_cache_head = entry; + MUTEX_UNLOCK(mem_cache_lock); + + return TSS_SUCCESS; +} + +/* only called from evict key paths, so no locking */ +TSS_RESULT +mc_set_slot_by_slot(TCPA_KEY_HANDLE old_handle, TCPA_KEY_HANDLE new_handle) +{ + struct key_mem_cache *tmp; + + for (tmp = key_mem_cache_head; tmp; tmp = tmp->next) { + if (tmp->tpm_handle == old_handle) { + LogDebugFn("Set TCS key 0x%x, old TPM handle: 0x%x " + "new TPM handle: 0x%x", tmp->tcs_handle, + old_handle, new_handle); + if (new_handle == NULL_TPM_HANDLE) + tmp->time_stamp = 0; + else + tmp->time_stamp = getNextTimeStamp(); + tmp->tpm_handle = new_handle; + return TSS_SUCCESS; + } + } + + return TCSERR(TSS_E_FAIL); +} + +/* only called from load key paths, so no locking */ +TSS_RESULT +mc_set_slot_by_handle(TCS_KEY_HANDLE tcs_handle, TCPA_KEY_HANDLE tpm_handle) +{ + struct key_mem_cache *tmp; + + for (tmp = key_mem_cache_head; tmp; tmp = tmp->next) { + LogDebug("TCSD mem_cached handle: 0x%x", tmp->tcs_handle); + if (tmp->tcs_handle == tcs_handle) { + if (tpm_handle == NULL_TPM_HANDLE) + tmp->time_stamp = 0; + else + tmp->time_stamp = getNextTimeStamp(); + tmp->tpm_handle = tpm_handle; + return TSS_SUCCESS; + } + } + + return TCSERR(TSS_E_FAIL); +} + +/* the beginnings of a key manager start here ;-) */ + +TSS_RESULT +key_mgr_evict(TCS_CONTEXT_HANDLE hContext, TCS_KEY_HANDLE hKey) +{ + TSS_RESULT result = TCS_SUCCESS; + + if ((result = ctx_remove_key_loaded(hContext, hKey))) + return result; + + if ((result = key_mgr_dec_ref_count(hKey))) + return result; + + key_mgr_ref_count(); + + return result; +} + +TSS_RESULT +key_mgr_load_by_blob(TCS_CONTEXT_HANDLE hContext, TCS_KEY_HANDLE hUnwrappingKey, + UINT32 cWrappedKeyBlob, BYTE *rgbWrappedKeyBlob, + TPM_AUTH *pAuth, TCS_KEY_HANDLE *phKeyTCSI, TCS_KEY_HANDLE *phKeyHMAC) +{ + TSS_RESULT result; + + /* Check that auth for the parent key is loaded outside the mem_cache_lock. We have to do + * this here because if the TPM can't process this request right now, the thread could be + * put to sleep while holding the mem_cache_lock, which would result in a deadlock */ + if (pAuth) { + if ((result = auth_mgr_check(hContext, &pAuth->AuthHandle))) + return result; + } + + MUTEX_LOCK(mem_cache_lock); + + if (TPM_VERSION_IS(1,2)) { + result = TCSP_LoadKey2ByBlob_Internal(hContext, hUnwrappingKey, cWrappedKeyBlob, + rgbWrappedKeyBlob, pAuth, phKeyTCSI); + } else { + result = TCSP_LoadKeyByBlob_Internal(hContext, hUnwrappingKey, cWrappedKeyBlob, + rgbWrappedKeyBlob, pAuth, phKeyTCSI, + phKeyHMAC); + } + + MUTEX_UNLOCK(mem_cache_lock); + + return result; +} + +/* create a reference to one key. This is called from the key_mgr_load_* + * functions only, so no locking is done. + */ +TSS_RESULT +key_mgr_inc_ref_count(TCS_KEY_HANDLE key_handle) +{ + struct key_mem_cache *cur; + + for (cur = key_mem_cache_head; cur; cur = cur->next) { + LogDebugFn("TCSD mem_cached handle: 0x%x", cur->tcs_handle); + if (cur->tcs_handle == key_handle) { + cur->ref_cnt++; + return TSS_SUCCESS; + } + } + + return TCSERR(TSS_E_FAIL); +} + +/* de-reference one key. This is called by the context routines, so + * locking is necessary. + */ +TSS_RESULT +key_mgr_dec_ref_count(TCS_KEY_HANDLE key_handle) +{ + struct key_mem_cache *cur; + + MUTEX_LOCK(mem_cache_lock); + + for (cur = key_mem_cache_head; cur; cur = cur->next) { + if (cur->tcs_handle == key_handle) { + cur->ref_cnt--; + LogDebugFn("decrementing ref cnt for key 0x%x", + key_handle); + MUTEX_UNLOCK(mem_cache_lock); + return TSS_SUCCESS; + } + } + + MUTEX_UNLOCK(mem_cache_lock); + return TCSERR(TSS_E_FAIL); +} + +/* run through the global list and free any keys with reference counts of 0 */ +void +key_mgr_ref_count() +{ + struct key_mem_cache *tmp, *cur; + + MUTEX_LOCK(mem_cache_lock); + + for (cur = key_mem_cache_head; cur;) { + if (cur->ref_cnt == 0) { + if (cur->tpm_handle != NULL_TPM_HANDLE) { + LogDebugFn("Key 0x%x being freed from TPM", cur->tpm_handle); + internal_EvictByKeySlot(cur->tpm_handle); + } + LogDebugFn("Key 0x%x being freed", cur->tcs_handle); + if (cur->blob) { + destroy_key_refs(cur->blob); + free(cur->blob); + } + if (cur->prev != NULL) + cur->prev->next = cur->next; + if (cur->next != NULL) + cur->next->prev = cur->prev; + + tmp = cur; + if (cur == key_mem_cache_head) + key_mem_cache_head = cur->next; + cur = cur->next; + free(tmp); + } else { + cur = cur->next; + } + } + + MUTEX_UNLOCK(mem_cache_lock); +} + +/* only called from load key paths, so no locking */ +TCPA_KEY_HANDLE +mc_get_slot_by_handle(TCS_KEY_HANDLE tcs_handle) +{ + struct key_mem_cache *tmp; + TCS_KEY_HANDLE ret; + + for (tmp = key_mem_cache_head; tmp; tmp = tmp->next) { + LogDebugFn("TCSD mem_cached handle: 0x%x", tmp->tcs_handle); + if (tmp->tcs_handle == tcs_handle) { + ret = tmp->tpm_handle; + return ret; + } + } + + LogDebugFn("returning NULL_TPM_HANDLE"); + return NULL_TPM_HANDLE; +} + +/* called from functions outside the load key path */ +TCPA_KEY_HANDLE +mc_get_slot_by_handle_lock(TCS_KEY_HANDLE tcs_handle) +{ + struct key_mem_cache *tmp; + TCS_KEY_HANDLE ret; + + MUTEX_LOCK(mem_cache_lock); + + for (tmp = key_mem_cache_head; tmp; tmp = tmp->next) { + LogDebugFn("TCSD mem_cached handle: 0x%x", tmp->tcs_handle); + if (tmp->tcs_handle == tcs_handle) { + ret = tmp->tpm_handle; + MUTEX_UNLOCK(mem_cache_lock); + return ret; + } + } + + MUTEX_UNLOCK(mem_cache_lock); + LogDebugFn("returning NULL_TPM_HANDLE"); + return NULL_TPM_HANDLE; +} + +/* only called from load key paths, so no locking */ +TCPA_KEY_HANDLE +mc_get_slot_by_pub(TCPA_STORE_PUBKEY *pub) +{ + struct key_mem_cache *tmp; + TCPA_KEY_HANDLE ret; + + for (tmp = key_mem_cache_head; tmp; tmp = tmp->next) { + LogDebugFn("TCSD mem_cached handle: 0x%x", tmp->tcs_handle); + if (tmp->blob && + !memcmp(tmp->blob->pubKey.key, pub->key, pub->keyLength)) { + ret = tmp->tpm_handle; + return ret; + } + } + + LogDebugFn("returning NULL_TPM_HANDLE"); + return NULL_TPM_HANDLE; +} + +/* Check the mem cache for a key with public key pub. If a parent TCS key handle + * is passed in, make sure the parent of the key find matches it, else return + * key not found */ +/* only called from load key paths, so no locking */ +TCS_KEY_HANDLE +mc_get_handle_by_pub(TCPA_STORE_PUBKEY *pub, TCS_KEY_HANDLE parent) +{ + struct key_mem_cache *tmp; + + for (tmp = key_mem_cache_head; tmp; tmp = tmp->next) { + LogDebugFn("TCSD mem_cached handle: 0x%x", tmp->tcs_handle); + if (tmp->blob && + pub->keyLength == tmp->blob->pubKey.keyLength && + !memcmp(tmp->blob->pubKey.key, pub->key, pub->keyLength)) { + if (parent) { + if (!tmp->parent) + continue; + if (parent == tmp->parent->tcs_handle) + return tmp->tcs_handle; + } else + return tmp->tcs_handle; + } + } + + LogDebugFn("returning NULL_TCS_HANDLE"); + return NULL_TCS_HANDLE; +} + +/* only called from load key paths, so no locking */ +TCPA_STORE_PUBKEY * +mc_get_parent_pub_by_pub(TCPA_STORE_PUBKEY *pub) +{ + struct key_mem_cache *tmp; + TCPA_STORE_PUBKEY *ret = NULL; + + for (tmp = key_mem_cache_head; tmp; tmp = tmp->next) { + LogDebugFn("TCSD mem_cached handle: 0x%x", tmp->tcs_handle); + if (tmp->tcs_handle == TPM_KEYHND_SRK) { + LogDebugFn("skipping the SRK"); + continue; + } + if (tmp->blob && + !memcmp(tmp->blob->pubKey.key, pub->key, pub->keyLength)) { + if (tmp->parent && tmp->parent->blob) { + ret = &tmp->parent->blob->pubKey; + LogDebugFn("Success"); + } else { + LogError("parent pointer not set in key mem cache object w/ TCS " + "handle: 0x%x", tmp->tcs_handle); + } + return ret; + } + } + + LogDebugFn("returning NULL TCPA_STORE_PUBKEY"); + return NULL; +} + +/* only called from load key paths, so no locking */ +TSS_RESULT +mc_get_blob_by_pub(TCPA_STORE_PUBKEY *pub, TSS_KEY **ret_key) +{ + struct key_mem_cache *tmp; + + for (tmp = key_mem_cache_head; tmp; tmp = tmp->next) { + LogDebugFn("TCSD mem_cached handle: 0x%x", tmp->tcs_handle); + if (tmp->blob && + !memcmp(tmp->blob->pubKey.key, pub->key, pub->keyLength)) { + *ret_key = tmp->blob; + return TSS_SUCCESS; + } + } + + LogDebugFn("returning TSS_E_FAIL"); + return TCSERR(TSS_E_FAIL); +} + +/* only called from load key paths, so no locking */ +TCS_KEY_HANDLE +mc_get_handle_by_slot(TCPA_KEY_HANDLE tpm_handle) +{ + struct key_mem_cache *tmp; + TCS_KEY_HANDLE ret; + + for (tmp = key_mem_cache_head; tmp; tmp = tmp->next) { + LogDebugFn("TCSD mem_cached handle: 0x%x", tmp->tcs_handle); + if (tmp->tpm_handle == tpm_handle) { + ret = tmp->tcs_handle; + return ret; + } + } + + return NULL_TCS_HANDLE; +} + +/* only called from load key paths, so no locking */ +TSS_RESULT +mc_update_time_stamp(TCPA_KEY_HANDLE tpm_handle) +{ + struct key_mem_cache *tmp; + + for (tmp = key_mem_cache_head; tmp; tmp = tmp->next) { + LogDebugFn("TCSD mem_cached handle: 0x%x", tmp->tcs_handle); + if (tmp->tpm_handle == tpm_handle) { + tmp->time_stamp = getNextTimeStamp(); + return TSS_SUCCESS; + } + } + + return TCSERR(TSS_E_FAIL); +} + +/* Right now this evicts the LRU key assuming it's not the parent */ +TSS_RESULT +evictFirstKey(TCS_KEY_HANDLE parent_tcs_handle) +{ + struct key_mem_cache *tmp; + TCS_KEY_HANDLE tpm_handle_to_evict = NULL_TPM_HANDLE; + UINT32 smallestTimeStamp = ~(0U); /* largest */ + TSS_RESULT result; + UINT32 count; + + /* First, see if there are any known keys worth evicting */ + if ((result = clearUnknownKeys(InternalContext, &count))) + return result; + + if (count > 0) { + LogDebugFn("Evicted %u unknown keys", count); + return TSS_SUCCESS; + } + + for (tmp = key_mem_cache_head; tmp; tmp = tmp->next) { + if (tmp->tpm_handle != NULL_TPM_HANDLE && /* not already evicted */ + tmp->tpm_handle != SRK_TPM_HANDLE && /* not the srk */ + tmp->tcs_handle != parent_tcs_handle && /* not my parent */ + tmp->time_stamp < smallestTimeStamp) { /* is the smallest time + stamp so far */ + tpm_handle_to_evict = tmp->tpm_handle; + smallestTimeStamp = tmp->time_stamp; + } + } + + if (tpm_handle_to_evict != NULL_TCS_HANDLE) { + if ((result = internal_EvictByKeySlot(tpm_handle_to_evict))) + return result; + + LogDebugFn("Evicted key w/ TPM handle 0x%x", tpm_handle_to_evict); + result = mc_set_slot_by_slot(tpm_handle_to_evict, NULL_TPM_HANDLE); + } else + return TSS_SUCCESS; + + return result; +} + +TSS_BOOL +isKeyLoaded(TCPA_KEY_HANDLE keySlot) +{ + UINT64 offset; + UINT32 i; + TCPA_KEY_HANDLE_LIST keyList; + UINT32 respSize; + BYTE *resp; + TSS_RESULT result; + + if (keySlot == SRK_TPM_HANDLE) { + return TRUE; + } + + if ((result = TCSP_GetCapability_Internal(InternalContext, TCPA_CAP_KEY_HANDLE, 0, NULL, + &respSize, &resp))) + goto not_loaded; + + offset = 0; + UnloadBlob_KEY_HANDLE_LIST(&offset, resp, &keyList); + free(resp); + for (i = 0; i < keyList.loaded; i++) { + LogDebugFn("loaded TPM key handle: 0x%x", keyList.handle[i]); + if (keyList.handle[i] == keySlot) { + free(keyList.handle); + return TRUE; + } + } + + free(keyList.handle); + +not_loaded: + LogDebugFn("Key is not loaded, changing slot"); + mc_set_slot_by_slot(keySlot, NULL_TPM_HANDLE); + return FALSE; +} + +/* all calls to LoadKeyShim are inside locks */ +TSS_RESULT +LoadKeyShim(TCS_CONTEXT_HANDLE hContext, TCPA_STORE_PUBKEY *pubKey, + TSS_UUID *parentUuid, TCPA_KEY_HANDLE *slotOut) +{ + + TCPA_STORE_PUBKEY *parentPub; + UINT32 result; + TCPA_KEY_HANDLE keySlot; + TCPA_KEY_HANDLE parentSlot; + TCS_KEY_HANDLE tcsKeyHandle; + TSS_KEY *myKey; + UINT64 offset; + TCS_KEY_HANDLE parentHandle; + BYTE keyBlob[1024]; + + LogDebugFn("calling mc_get_slot_by_pub"); + + /* If I'm loaded, then no point being here. Get the slot and return */ + keySlot = mc_get_slot_by_pub(pubKey); + if (keySlot != NULL_TPM_HANDLE && isKeyLoaded(keySlot)) { + *slotOut = keySlot; + return TSS_SUCCESS; + } + + /* + * Before proceeding, the parent must be loaded. + * If the parent is registered, then it can be loaded by UUID. + * If not, then the shim will be called to load it's parent and then try + * to load it based on the persistent store. + */ + + LogDebugFn("calling mc_get_parent_pub_by_pub"); + /* Check if the Key is in the memory cache */ + if ((parentPub = mc_get_parent_pub_by_pub(pubKey)) == NULL) { +#if 0 + LogDebugFn("parentPub is NULL"); + /* If parentUUID is not handed in, then this key was never loaded and isn't reg'd */ + if (parentUuid == NULL) + return TCSERR(TCS_E_KM_LOADFAILED); + + LogDebugFn("calling TCSP_LoadKeyByUUID_Internal"); + /* This will try to load my parent by UUID */ + if ((result = TCSP_LoadKeyByUUID_Internal(hContext, parentUuid, NULL, &parentSlot))) + return result; +#else + return TCSERR(TCS_E_KM_LOADFAILED); +#endif + } else { + LogDebugFn("calling LoadKeyShim"); + if ((result = LoadKeyShim(hContext, parentPub, NULL, &parentSlot))) + return result; + } + + /* + * Now that the parent is loaded, I can load myself. + * If I'm registered, that's by UUID. If I'm not, + * that's by blob. If there is no persistent storage data, then I cannot be + * loaded by blob. The user must have some point loaded this key manually. + */ + + /* check the mem cache */ + if (mc_get_blob_by_pub(pubKey, &myKey) == TSS_SUCCESS) { + parentHandle = mc_get_handle_by_slot(parentSlot); + if (parentHandle == 0) + return TCSERR(TCS_E_KM_LOADFAILED); + + offset = 0; + LoadBlob_TSS_KEY(&offset, keyBlob, myKey); + if (TPM_VERSION_IS(1,2)) + result = TCSP_LoadKey2ByBlob_Internal(hContext, + parentHandle, offset, + keyBlob, NULL, + &tcsKeyHandle); + else + result = TCSP_LoadKeyByBlob_Internal(hContext, + parentHandle, offset, + keyBlob, NULL, + &tcsKeyHandle, slotOut); + if (result) + return result; + + return ctx_mark_key_loaded(hContext, tcsKeyHandle); +#if TSS_BUILD_PS + } else { + TSS_UUID *uuid; + + /* check registered */ + if (ps_is_pub_registered(pubKey) == FALSE) + return TCSERR(TCS_E_KM_LOADFAILED); + //uuid = mc_get_uuid_by_pub(pubKey); // XXX pub is not in MC + if ((result = ps_get_uuid_by_pub(pubKey, &uuid))) + return result; + + if ((result = TCSP_LoadKeyByUUID_Internal(hContext, uuid, NULL, &tcsKeyHandle))) { + free(uuid); + return result; + } + free(uuid); + *slotOut = mc_get_slot_by_handle(tcsKeyHandle); + + return ctx_mark_key_loaded(hContext, tcsKeyHandle); +#endif + } + + return TCSERR(TCS_E_KM_LOADFAILED); +} + +TSS_RESULT +owner_evict_init() +{ + TSS_RESULT result = TSS_SUCCESS; + TCPA_KEY_HANDLE_LIST keyList = { 0, NULL }; + BYTE *respData = NULL, ownerEvictCtr = 0; + UINT32 respDataSize = 0, i; + UINT64 offset = 0; + + /* If we're a 1.1 TPM, we can exit immediately since only 1.2+ supports owner evict */ + if (TPM_VERSION_IS(1,1)) + return TSS_SUCCESS; + + if ((result = TCSP_GetCapability_Internal(InternalContext, TPM_CAP_KEY_HANDLE, 0, NULL, + &respDataSize, &respData))) + return result; + + if ((result = UnloadBlob_KEY_HANDLE_LIST(&offset, respData, &keyList))) { + free(respData); + return result; + } + + free(respData); + for (i = 0; i < keyList.loaded; i++) { + UINT64 offset = 0; + UINT32 keyHandle; + + LoadBlob_UINT32(&offset, keyList.handle[i], (BYTE *)&keyHandle); + /* get the ownerEvict flag for this key handle */ + result = TCSP_GetCapability_Internal(InternalContext, TPM_CAP_KEY_STATUS, + sizeof(UINT32), (BYTE *)&keyHandle, + &respDataSize, &respData); + /* special case, invalid keys are automatically evicted later */ + if (result == TPM_E_INVALID_KEYHANDLE) + continue; + if (result != TSS_SUCCESS) { + free(keyList.handle); + return result; + } + + if (*(TPM_BOOL *)respData == TRUE) { + TSS_UUID uuid = TSS_UUID_OWNEREVICT(ownerEvictCtr); + + LogDebugFn("Found an owner evict key, assigned uuid %hhu", ownerEvictCtr); + if ((result = mc_add_entry_init(getNextTcsKeyHandle(), keyList.handle[i], + NULL, &uuid))) { + free(keyList.handle); + return result; + } + ownerEvictCtr++; + } + } + + return result; +} + +/* find next lowest OWNEREVICT uuid */ +TSS_RESULT +mc_find_next_ownerevict_uuid(TSS_UUID *uuid) +{ + TCS_KEY_HANDLE tmpKey; + TCPA_KEY_HANDLE tmpSlot; + UINT16 seed = 0; + TSS_RESULT result = TCSERR(TSS_E_FAIL); + + MUTEX_LOCK(mem_cache_lock); + + for (seed = 0; seed <= 255; seed++) { + TSS_UUID tmpUuid = TSS_UUID_OWNEREVICT(seed); + + /* if UUID is found, continue on, trying the next UUID */ + if (!mc_get_handles_by_uuid(&tmpUuid, &tmpKey, &tmpSlot)) + continue; + + /* UUID is not found, so its the first one available */ + memcpy(uuid, &tmpUuid, sizeof(TSS_UUID)); + result = TSS_SUCCESS; + break; + } + + MUTEX_UNLOCK(mem_cache_lock); + return result; +} + +TSS_RESULT +mc_set_uuid(TCS_KEY_HANDLE tcs_handle, TSS_UUID *uuid) +{ + struct key_mem_cache *tmp; + TSS_RESULT result = TCSERR(TSS_E_FAIL); + + MUTEX_LOCK(mem_cache_lock); + + LogDebugFn("looking for 0x%x", tcs_handle); + + for (tmp = key_mem_cache_head; tmp; tmp = tmp->next) { + LogDebugFn("TCSD mem_cached handle: 0x%x", tmp->tcs_handle); + if (tmp->tcs_handle == tcs_handle) { + LogDebugFn("Handle found, re-setting UUID"); + memcpy(&tmp->uuid, uuid, sizeof(TSS_UUID)); + result = TSS_SUCCESS; + break; + } + } + MUTEX_UNLOCK(mem_cache_lock); + + return result; +} diff --git a/src/tcs/tcs_key_ps.c b/src/tcs/tcs_key_ps.c new file mode 100644 index 0000000..0ea28c1 --- /dev/null +++ b/src/tcs/tcs_key_ps.c @@ -0,0 +1,367 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsps.h" +#include "req_mgr.h" + + +TSS_RESULT +ps_init_disk_cache(void) +{ + int fd; + TSS_RESULT rc; + + MUTEX_INIT(disk_cache_lock); + + if ((fd = get_file()) < 0) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if ((rc = init_disk_cache(fd))) + return rc; + + /* this is temporary, to clear out a PS file from trousers + * versions before 0.2.1 */ + if ((rc = clean_disk_cache(fd))) + return rc; + + put_file(fd); + return TSS_SUCCESS; +} + +void +ps_close_disk_cache(void) +{ + int fd; + + if ((fd = get_file()) < 0) { + LogError("get_file() failed while trying to close disk cache."); + return; + } + + close_disk_cache(fd); + + put_file(fd); +} + +TSS_BOOL +ps_is_key_registered(TCPA_STORE_PUBKEY *pub) +{ + TSS_UUID *uuid; + int fd; + TSS_RESULT rc; + TSS_BOOL is_reg = FALSE; + + if ((fd = get_file()) < 0) + return FALSE; + + if ((rc = psfile_get_uuid_by_pub(fd, pub, &uuid))) { + put_file(fd); + return FALSE; + } + + put_file(fd); + + if ((isUUIDRegistered(uuid, &is_reg))) + is_reg = FALSE; + + free(uuid); + return is_reg; +} + +TSS_RESULT +getParentUUIDByUUID(TSS_UUID *uuid, TSS_UUID *ret_uuid) +{ + struct key_disk_cache *disk_tmp; + + /* check the registered key disk cache */ + MUTEX_LOCK(disk_cache_lock); + + for (disk_tmp = key_disk_cache_head; disk_tmp; disk_tmp = disk_tmp->next) { + if ((disk_tmp->flags & CACHE_FLAG_VALID) && + !memcmp(&disk_tmp->uuid, uuid, sizeof(TSS_UUID))) { + memcpy(ret_uuid, &disk_tmp->parent_uuid, sizeof(TSS_UUID)); + MUTEX_UNLOCK(disk_cache_lock); + return TSS_SUCCESS; + } + } + MUTEX_UNLOCK(disk_cache_lock); + + return TCSERR(TSS_E_FAIL); +} + +TSS_RESULT +isUUIDRegistered(TSS_UUID *uuid, TSS_BOOL *is_reg) +{ + struct key_disk_cache *disk_tmp; + + /* check the registered key disk cache */ + MUTEX_LOCK(disk_cache_lock); + + for (disk_tmp = key_disk_cache_head; disk_tmp; disk_tmp = disk_tmp->next) { + if ((disk_tmp->flags & CACHE_FLAG_VALID) && + !memcmp(&disk_tmp->uuid, uuid, sizeof(TSS_UUID))) { + *is_reg = TRUE; + MUTEX_UNLOCK(disk_cache_lock); + return TSS_SUCCESS; + } + } + MUTEX_UNLOCK(disk_cache_lock); + *is_reg = FALSE; + + return TSS_SUCCESS; +} + +void +disk_cache_shift(struct key_disk_cache *c) +{ + UINT32 key_size, offset; + struct key_disk_cache *tmp = key_disk_cache_head; + + /* offset is the end of the key location in the file */ + offset = TSSPS_VENDOR_DATA_OFFSET(c) + c->vendor_data_size; + /* key_size is the size of the key entry on disk */ + key_size = offset - TSSPS_UUID_OFFSET(c); + + /* for each disk cache entry, if the data for that entry is at an + * offset greater than the key beign removed, then the entry needs to + * be decremented by the size of key's disk footprint (the key_size + * variable) */ + while (tmp) { + if (tmp->offset >= offset) { + tmp->offset -= key_size; + } + + tmp = tmp->next; + } +} + +TSS_RESULT +ps_remove_key(TSS_UUID *uuid) +{ + struct key_disk_cache *tmp, *prev = NULL; + TSS_RESULT rc; + int fd = -1; + + MUTEX_LOCK(disk_cache_lock); + tmp = key_disk_cache_head; + + for (; tmp; prev = tmp, tmp = tmp->next) { + if ((tmp->flags & CACHE_FLAG_VALID) && + !memcmp(uuid, &tmp->uuid, sizeof(TSS_UUID))) { + if ((fd = get_file()) < 0) { + rc = TCSERR(TSS_E_INTERNAL_ERROR); + break; + } + + rc = psfile_remove_key(fd, tmp); + + put_file(fd); + + /* if moving the file contents around succeeded, then + * change the offsets of the keys in the cache in + * mem_cache_shift() and remove the key from the + * cache. */ + if (!rc) { + disk_cache_shift(tmp); + if (prev) { + prev->next = tmp->next; + } else { + key_disk_cache_head = tmp->next; + } + free(tmp); + } else { + LogError("Error removing registered key."); + } + + MUTEX_UNLOCK(disk_cache_lock); + return rc; + } + } + + MUTEX_UNLOCK(disk_cache_lock); + + return TCSERR(TCSERR(TSS_E_PS_KEY_NOTFOUND)); +} + +/* + * temporary function to clean out blanked keys from a PS file from + * trousers 0.2.0 and before + */ +TSS_RESULT +clean_disk_cache(int fd) +{ + struct key_disk_cache *tmp, *prev = NULL; + TSS_RESULT rc; + + MUTEX_LOCK(disk_cache_lock); + tmp = key_disk_cache_head; + + for (; tmp; prev = tmp, tmp = tmp->next) { + if (!(tmp->flags & CACHE_FLAG_VALID)) { + rc = psfile_remove_key(fd, tmp); + + /* if moving the file contents around succeeded, then + * change the offsets of the keys in the cache in + * mem_cache_shift() and remove the key from the + * cache. */ + if (!rc) { + disk_cache_shift(tmp); + if (prev) { + prev->next = tmp->next; + } + free(tmp); + } else { + LogError("Error removing blank key."); + } + + MUTEX_UNLOCK(disk_cache_lock); + return rc; + } + } + + MUTEX_UNLOCK(disk_cache_lock); + return TSS_SUCCESS; +} + +TSS_RESULT +ps_get_key_by_uuid(TSS_UUID *uuid, BYTE *blob, UINT16 *blob_size) +{ + int fd = -1; + TSS_RESULT rc = TSS_SUCCESS; + + if ((fd = get_file()) < 0) + return TCSERR(TSS_E_INTERNAL_ERROR); + + rc = psfile_get_key_by_uuid(fd, uuid, blob, blob_size); + + put_file(fd); + return rc; +} + +TSS_RESULT +ps_get_key_by_cache_entry(struct key_disk_cache *c, BYTE *blob, UINT16 *blob_size) +{ + int fd = -1; + TSS_RESULT rc = TSS_SUCCESS; + + if ((fd = get_file()) < 0) + return TCSERR(TSS_E_INTERNAL_ERROR); + + rc = psfile_get_key_by_cache_entry(fd, c, blob, blob_size); + + put_file(fd); + return rc; +} + +TSS_RESULT +ps_get_vendor_data(struct key_disk_cache *c, UINT32 *size, BYTE **data) +{ + int fd = -1; + TSS_RESULT rc; + + if ((fd = get_file()) < 0) + return TCSERR(TSS_E_INTERNAL_ERROR); + + rc = psfile_get_vendor_data(fd, c, size, data); + + put_file(fd); + return rc; +} + +TSS_RESULT +ps_is_pub_registered(TCPA_STORE_PUBKEY *key) +{ + int fd = -1; + TSS_BOOL answer; + + if ((fd = get_file()) < 0) + return FALSE; + + if (psfile_is_pub_registered(fd, key, &answer)) { + put_file(fd); + return FALSE; + } + + put_file(fd); + return answer; +} + +TSS_RESULT +ps_get_uuid_by_pub(TCPA_STORE_PUBKEY *pub, TSS_UUID **uuid) +{ + int fd = -1; + TSS_RESULT ret; + + if ((fd = get_file()) < 0) + return TCSERR(TSS_E_INTERNAL_ERROR); + + ret = psfile_get_uuid_by_pub(fd, pub, uuid); + + put_file(fd); + return ret; +} + +TSS_RESULT +ps_get_key_by_pub(TCPA_STORE_PUBKEY *pub, UINT32 *size, BYTE **key) +{ + int fd = -1; + TSS_RESULT ret; + + if ((fd = get_file()) < 0) + return TCSERR(TSS_E_INTERNAL_ERROR); + + ret = psfile_get_key_by_pub(fd, pub, size, key); + + put_file(fd); + return ret; +} + +TSS_RESULT +ps_write_key(TSS_UUID *uuid, TSS_UUID *parent_uuid, BYTE *vendor_data, + UINT32 vendor_size, BYTE *blob, UINT32 blob_size) +{ + int fd = -1; + TSS_RESULT rc; + UINT32 parent_ps; + UINT16 short_blob_size = (UINT16)blob_size; + + if ((fd = get_file()) < 0) + return TCSERR(TSS_E_INTERNAL_ERROR); + + /* this case needed for PS file init. if the key file doesn't yet exist, the + * psfile_get_parent_ps_type_by_uuid() call would fail. */ + if (!memcmp(parent_uuid, &NULL_UUID, sizeof(TSS_UUID))) { + parent_ps = TSS_PS_TYPE_SYSTEM; + } else { + if ((rc = psfile_get_ps_type_by_uuid(fd, parent_uuid, &parent_ps))) + return rc; + } + + rc = psfile_write_key(fd, uuid, parent_uuid, &parent_ps, vendor_data, + vendor_size, blob, short_blob_size); + + put_file(fd); + return TSS_SUCCESS; +} diff --git a/src/tcs/tcs_migration.c b/src/tcs/tcs_migration.c new file mode 100644 index 0000000..f653737 --- /dev/null +++ b/src/tcs/tcs_migration.c @@ -0,0 +1,51 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2006 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcsps.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "req_mgr.h" +#include "tcsd_wrap.h" +#include "tcsd.h" + +TSS_RESULT +UnloadBlob_MIGRATIONKEYAUTH(UINT64 *offset, BYTE *blob, TCPA_MIGRATIONKEYAUTH *mkAuth) +{ + TSS_RESULT result; + + if (!mkAuth) { + if ((result = UnloadBlob_PUBKEY(offset, blob, NULL))) + return result; + + UnloadBlob_UINT16(offset, NULL, blob); + UnloadBlob(offset, 20, blob, NULL); + + return TSS_SUCCESS; + } + + if ((result = UnloadBlob_PUBKEY(offset, blob, &mkAuth->migrationKey))) + return result; + + UnloadBlob_UINT16(offset, &mkAuth->migrationScheme, blob); + UnloadBlob(offset, 20, blob, mkAuth->digest.digest); + + return result; +} diff --git a/src/tcs/tcs_pbg.c b/src/tcs/tcs_pbg.c new file mode 100644 index 0000000..39c688c --- /dev/null +++ b/src/tcs/tcs_pbg.c @@ -0,0 +1,2201 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcsps.h" +#include "tcslog.h" + + +#define TSS_TPM_RSP_BLOB_AUTH_LEN (sizeof(TPM_NONCE) + sizeof(TPM_DIGEST) + sizeof(TPM_BOOL)) + +TSS_RESULT +tpm_rsp_parse(TPM_COMMAND_CODE ordinal, BYTE *b, UINT32 len, ...) +{ + TSS_RESULT result = TSS_SUCCESS; + UINT64 offset1, offset2; + va_list ap; + + DBG_ASSERT(ordinal); + DBG_ASSERT(b); + + va_start(ap, len); + + switch (ordinal) { + case TPM_ORD_ExecuteTransport: + { + UINT32 *val1 = va_arg(ap, UINT32 *); + UINT32 *val2 = va_arg(ap, UINT32 *); + UINT32 *len1 = va_arg(ap, UINT32 *); + BYTE **blob1 = va_arg(ap, BYTE **); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + TPM_AUTH *auth2 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (auth1 && auth2) { + offset1 = offset2 = len - (2 * TSS_TPM_RSP_BLOB_AUTH_LEN); + UnloadBlob_Auth(&offset1, b, auth1); + UnloadBlob_Auth(&offset1, b, auth2); + } else if (auth1) { + offset1 = offset2 = len - TSS_TPM_RSP_BLOB_AUTH_LEN; + UnloadBlob_Auth(&offset1, b, auth1); + } else if (auth2) { + offset1 = offset2 = len - TSS_TPM_RSP_BLOB_AUTH_LEN; + UnloadBlob_Auth(&offset1, b, auth2); + } else + offset2 = len; + + offset1 = TSS_TPM_TXBLOB_HDR_LEN; + if (val1) + UnloadBlob_UINT32(&offset1, val1, b); + if (val2) + UnloadBlob_UINT32(&offset1, val2, b); + + *len1 = offset2 - offset1; + if (*len1) { + if ((*blob1 = malloc(*len1)) == NULL) { + LogError("malloc of %u bytes failed", *len1); + return TCSERR(TSS_E_OUTOFMEMORY); + } + UnloadBlob(&offset1, *len1, b, *blob1); + } else + *blob1 = NULL; + + break; + } +#ifdef TSS_BUILD_TICK + /* TPM BLOB: TPM_CURRENT_TICKS, UINT32, BLOB, optional AUTH */ + case TPM_ORD_TickStampBlob: + { + UINT32 *len1 = va_arg(ap, UINT32 *); + BYTE **blob1 = va_arg(ap, BYTE **); + UINT32 *len2 = va_arg(ap, UINT32 *); + BYTE **blob2 = va_arg(ap, BYTE **); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!len1 || !blob1 || !len2 || !blob2) { + LogError("Internal error for ordinal 0x%x", ordinal); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (auth1) { + offset1 = len - TSS_TPM_RSP_BLOB_AUTH_LEN; + UnloadBlob_Auth(&offset1, b, auth1); + } + + offset1 = offset2 = TSS_TPM_TXBLOB_HDR_LEN; + UnloadBlob_CURRENT_TICKS(&offset2, b, NULL); + *len1 = (UINT32)offset2 - offset1; + + if ((*blob1 = malloc(*len1)) == NULL) { + LogError("malloc of %u bytes failed", *len1); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + UnloadBlob(&offset1, *len1, b, *blob1); + UnloadBlob_UINT32(&offset1, len2, b); + + if ((*blob2 = malloc(*len2)) == NULL) { + LogError("malloc of %u bytes failed", *len2); + free(*blob1); + *blob1 = NULL; + *len1 = 0; + *len2 = 0; + return TCSERR(TSS_E_OUTOFMEMORY); + } + UnloadBlob(&offset1, *len2, b, *blob2); + + break; + } +#endif +#ifdef TSS_BUILD_QUOTE + /* TPM BLOB: TPM_PCR_COMPOSITE, UINT32, BLOB, 1 optional AUTH + * return UINT32*, BYTE**, UINT32*, BYTE**, 1 optional AUTH */ + case TPM_ORD_Quote: + { + UINT32 *len1 = va_arg(ap, UINT32 *); + BYTE **blob1 = va_arg(ap, BYTE **); + UINT32 *len2 = va_arg(ap, UINT32 *); + BYTE **blob2 = va_arg(ap, BYTE **); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!len1 || !blob1 || !len2 || !blob2) { + LogError("Internal error for ordinal 0x%x", ordinal); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (auth1) { + offset1 = len - TSS_TPM_RSP_BLOB_AUTH_LEN; + UnloadBlob_Auth(&offset1, b, auth1); + } + + offset1 = offset2 = TSS_TPM_TXBLOB_HDR_LEN; + UnloadBlob_PCR_COMPOSITE(&offset2, b, NULL); + *len1 = offset2 - offset1; + + if ((*blob1 = malloc(*len1)) == NULL) { + LogError("malloc of %u bytes failed", *len1); + return TCSERR(TSS_E_OUTOFMEMORY); + } + UnloadBlob(&offset1, *len1, b, *blob1); + UnloadBlob_UINT32(&offset1, len2, b); + + if ((*blob2 = malloc(*len2)) == NULL) { + LogError("malloc of %u bytes failed", *len2); + free(*blob1); + *blob1 = NULL; + *len1 = 0; + *len2 = 0; + return TCSERR(TSS_E_OUTOFMEMORY); + } + UnloadBlob(&offset1, *len2, b, *blob2); + + break; + } +#endif +#ifdef TSS_BUILD_TSS12 + /* TPM BLOB: TPM_PCR_INFO_SHORT, (UINT32, BLOB,) UINT32, BLOB, 1 optional AUTH */ + case TPM_ORD_Quote2: + { + UINT32 *len1 = va_arg(ap, UINT32 *); /* pcrDataSizeOut */ + BYTE **blob1 = va_arg(ap, BYTE **); /* pcrDataOut */ + TSS_BOOL *addVersion = va_arg(ap, TSS_BOOL *); /* addVersion */ + UINT32 *len2 = va_arg(ap, UINT32 *); /* versionInfoSize */ + BYTE **blob2 = va_arg(ap, BYTE **); /* versionInfo */ + UINT32 *len3 = va_arg(ap, UINT32 *); /* sigSize */ + BYTE **blob3 = va_arg(ap, BYTE **); /* sig */ + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); /* privAuth */ + va_end(ap); + + if (!len1 || !blob1 || !len2 || !blob2 || !len3 || !blob3 || !addVersion) { + LogError("Internal error for ordinal 0x%x", ordinal); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (auth1) { + offset1 = len - TSS_TPM_RSP_BLOB_AUTH_LEN; + UnloadBlob_Auth(&offset1, b, auth1); + } + + offset1 = offset2 = TSS_TPM_TXBLOB_HDR_LEN; + /* Adjust the offset to take the TPM_PCR_INFO_SHORT size: + * need to allocate this size into blob1 + */ + UnloadBlob_PCR_INFO_SHORT(&offset2, b, NULL); + + /* Get the size of the TSS_TPM_INFO_SHORT + * and copy it into blob1 */ + *len1 = offset2 - offset1; + LogDebugFn("QUOTE2 Core: PCR_INFO_SHORT is %u size", *len1); + if ((*blob1 = malloc(*len1)) == NULL) { + LogError("malloc of %u bytes failed", *len1); + return TCSERR(TSS_E_OUTOFMEMORY); + } + UnloadBlob(&offset1, *len1, b, *blob1); /* TPM_PCR_INFO_SHORT */ + + UnloadBlob_UINT32(&offset1, len2,b); /* versionInfoSize */ + LogDebugFn("QUOTE2 Core: versionInfoSize=%u", *len2); + if ((*blob2 = malloc(*len2)) == NULL) { + LogError("malloc of %u bytes failed", *len2); + free(*blob1); + *blob1 = NULL; + *len1 = 0; + *len2 = 0; + *len3 = 0; + *blob3 = NULL; + return TCSERR(TSS_E_OUTOFMEMORY); + } + UnloadBlob(&offset1, *len2, b, *blob2); + + /* Take the sigSize */ + UnloadBlob_UINT32(&offset1, len3, b); + LogDebugFn("QUOTE2 Core: sigSize=%u", *len3); + /* sig */ + if ((*blob3 = malloc(*len3)) == NULL) { + LogError("malloc of %u bytes failed", *len3); + free(*blob1); + *blob1 = NULL; + if (*len2 > 0){ + free(*blob2); + *blob2 = NULL; + } + *len1 = 0; + *len2 = 0; + *len3 = 0; + return TCSERR(TSS_E_OUTOFMEMORY); + } + UnloadBlob(&offset1, *len3, b, *blob3); + break; + } +#endif + /* TPM BLOB: TPM_CERTIFY_INFO, UINT32, BLOB, 2 optional AUTHs + * return UINT32*, BYTE**, UINT32*, BYTE**, 2 optional AUTHs */ + case TPM_ORD_CertifyKey: + { + UINT32 *len1 = va_arg(ap, UINT32 *); + BYTE **blob1 = va_arg(ap, BYTE **); + UINT32 *len2 = va_arg(ap, UINT32 *); + BYTE **blob2 = va_arg(ap, BYTE **); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + TPM_AUTH *auth2 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!len1 || !blob1 || !len2 || !blob2) { + LogError("Internal error for ordinal 0x%x", ordinal); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (auth1 && auth2) { + offset1 = len - (2 * TSS_TPM_RSP_BLOB_AUTH_LEN); + UnloadBlob_Auth(&offset1, b, auth1); + UnloadBlob_Auth(&offset1, b, auth2); + } else if (auth1) { + offset1 = len - TSS_TPM_RSP_BLOB_AUTH_LEN; + UnloadBlob_Auth(&offset1, b, auth1); + } else if (auth2) { + offset1 = len - TSS_TPM_RSP_BLOB_AUTH_LEN; + UnloadBlob_Auth(&offset1, b, auth2); + } + + offset1 = offset2 = TSS_TPM_TXBLOB_HDR_LEN; + UnloadBlob_CERTIFY_INFO(&offset2, b, NULL); + *len1 = offset2 - offset1; + + if ((*blob1 = malloc(*len1)) == NULL) { + LogError("malloc of %u bytes failed", *len1); + return TCSERR(TSS_E_OUTOFMEMORY); + } + UnloadBlob(&offset1, *len1, b, *blob1); + UnloadBlob_UINT32(&offset1, len2, b); + + if ((*blob2 = malloc(*len2)) == NULL) { + LogError("malloc of %u bytes failed", *len2); + free(*blob1); + *blob1 = NULL; + *len1 = 0; + *len2 = 0; + return TCSERR(TSS_E_OUTOFMEMORY); + } + UnloadBlob(&offset1, *len2, b, *blob2); + + break; + } +#ifdef TSS_BUILD_AUDIT + /* TPM_BLOB: TPM_COUNTER_VALUE, DIGEST, DIGEST, UINT32, BLOB, optional AUTH + * return: UINT32*, BYTE**, DIGEST*, DIGEST*, UINT32*, BYTE**, optional AUTH */ + case TPM_ORD_GetAuditDigestSigned: + { + UINT32 *len1 = va_arg(ap, UINT32 *); + BYTE **blob1 = va_arg(ap, BYTE **); + TPM_DIGEST *digest1 = va_arg(ap, TPM_DIGEST *); + TPM_DIGEST *digest2 = va_arg(ap, TPM_DIGEST *); + UINT32 *len2 = va_arg(ap, UINT32 *); + BYTE **blob2 = va_arg(ap, BYTE **); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!digest1 || !digest2 || !len1 || !blob1 || !len2 || !blob2) { + LogError("Internal error for ordinal 0x%x", ordinal); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + offset1 = offset2 = TSS_TPM_TXBLOB_HDR_LEN; + UnloadBlob_COUNTER_VALUE(&offset2, b, NULL); + *len1 = offset2 - offset1; + + if ((*blob1 = malloc(*len1)) == NULL) { + LogError("malloc of %u bytes failed", *len1); + return TCSERR(TSS_E_OUTOFMEMORY); + } + UnloadBlob(&offset1, *len1, b, *blob1); + + UnloadBlob_DIGEST(&offset1, b, digest1); + UnloadBlob_DIGEST(&offset1, b, digest2); + UnloadBlob_UINT32(&offset1, len2, b); + + if ((*blob2 = malloc(*len2)) == NULL) { + LogError("malloc of %u bytes failed", *len2); + free(*blob1); + *blob1 = NULL; + *len1 = 0; + *len2 = 0; + return TCSERR(TSS_E_OUTOFMEMORY); + } + UnloadBlob(&offset1, *len2, b, *blob2); + + if (auth1) + UnloadBlob_Auth(&offset1, b, auth1); + + break; + } + /* TPM_BLOB: TPM_COUNTER_VALUE, DIGEST, BOOL, UINT32, BLOB + * return: DIGEST*, UINT32*, BYTE**, BOOL, UINT32*, BYTE** */ + case TPM_ORD_GetAuditDigest: + { + TPM_DIGEST *digest1 = va_arg(ap, TPM_DIGEST *); + UINT32 *len1 = va_arg(ap, UINT32 *); + BYTE **blob1 = va_arg(ap, BYTE **); + TSS_BOOL *bool1 = va_arg(ap, TSS_BOOL *); + UINT32 *len2 = va_arg(ap, UINT32 *); + BYTE **blob2 = va_arg(ap, BYTE **); + va_end(ap); + + if (!digest1 || !len1 || !blob1 || !len2 || !blob2 || !bool1) { + LogError("Internal error for ordinal 0x%x", ordinal); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + offset1 = offset2 = TSS_TPM_TXBLOB_HDR_LEN; + UnloadBlob_COUNTER_VALUE(&offset2, b, NULL); + *len1 = offset2 - offset1; + + if ((*blob1 = malloc(*len1)) == NULL) { + LogError("malloc of %u bytes failed", *len1); + return TCSERR(TSS_E_OUTOFMEMORY); + } + UnloadBlob(&offset1, *len1, b, *blob1); + + UnloadBlob_DIGEST(&offset1, b, digest1); + UnloadBlob_BOOL(&offset1, bool1, b); + UnloadBlob_UINT32(&offset1, len2, b); + + if ((*blob2 = malloc(*len2)) == NULL) { + LogError("malloc of %u bytes failed", *len2); + free(*blob1); + *blob1 = NULL; + *len1 = 0; + *len2 = 0; + return TCSERR(TSS_E_OUTOFMEMORY); + } + UnloadBlob(&offset1, *len2, b, *blob2); + + break; + } +#endif +#ifdef TSS_BUILD_COUNTER + /* optional UINT32, TPM_COUNTER_VALUE, optional AUTH */ + case TPM_ORD_ReadCounter: + case TPM_ORD_CreateCounter: + case TPM_ORD_IncrementCounter: + { + UINT32 *val1 = va_arg(ap, UINT32 *); + TPM_COUNTER_VALUE *ctr = va_arg(ap, TPM_COUNTER_VALUE *); + TPM_AUTH * auth1 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!ctr) { + LogError("Internal error for ordinal 0x%x", ordinal); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (auth1) { + offset1 = len - TSS_TPM_RSP_BLOB_AUTH_LEN; + UnloadBlob_Auth(&offset1, b, auth1); + } + + offset1 = TSS_TPM_TXBLOB_HDR_LEN; + if (val1) + UnloadBlob_UINT32(&offset1, val1, b); + UnloadBlob_COUNTER_VALUE(&offset1, b, ctr); + + break; + } +#endif + /* TPM BLOB: UINT32, BLOB, UINT32, BLOB, optional AUTH, optional AUTH */ + case TPM_ORD_CreateMaintenanceArchive: + case TPM_ORD_CreateMigrationBlob: + case TPM_ORD_Delegate_ReadTable: + case TPM_ORD_CMK_CreateBlob: + { + UINT32 *len1 = va_arg(ap, UINT32 *); + BYTE **blob1 = va_arg(ap, BYTE **); + UINT32 *len2 = va_arg(ap, UINT32 *); + BYTE **blob2 = va_arg(ap, BYTE **); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + TPM_AUTH *auth2 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!len1 || !blob1 || !len2 || !blob2) { + LogError("Internal error for ordinal 0x%x", ordinal); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (auth1 && auth2) { + offset1 = len - (2 * TSS_TPM_RSP_BLOB_AUTH_LEN); + UnloadBlob_Auth(&offset1, b, auth1); + UnloadBlob_Auth(&offset1, b, auth2); + } else if (auth1) { + offset1 = len - TSS_TPM_RSP_BLOB_AUTH_LEN; + UnloadBlob_Auth(&offset1, b, auth1); + } else if (auth2) { + offset1 = len - TSS_TPM_RSP_BLOB_AUTH_LEN; + UnloadBlob_Auth(&offset1, b, auth2); + } + + offset1 = TSS_TPM_TXBLOB_HDR_LEN; + UnloadBlob_UINT32(&offset1, len1, b); + if ((*blob1 = malloc(*len1)) == NULL) { + LogError("malloc of %u bytes failed", *len1); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + UnloadBlob(&offset1, *len1, b, *blob1); + + UnloadBlob_UINT32(&offset1, len2, b); + if ((*blob2 = malloc(*len2)) == NULL) { + free(*blob1); + LogError("malloc of %u bytes failed", *len2); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + UnloadBlob(&offset1, *len2, b, *blob2); + + break; + } + /* TPM BLOB: BLOB, optional AUTH, AUTH + * return: UINT32 *, BYTE **, optional AUTH, AUTH */ + case TPM_ORD_ActivateIdentity: + { + UINT32 *len1 = va_arg(ap, UINT32 *); + BYTE **blob1 = va_arg(ap, BYTE **); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + TPM_AUTH *auth2 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!len1 || !blob1 || !auth2) { + LogError("Internal error for ordinal 0x%x", ordinal); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (auth1 && auth2) { + offset1 = offset2 = len - (2 * TSS_TPM_RSP_BLOB_AUTH_LEN); + UnloadBlob_Auth(&offset1, b, auth1); + UnloadBlob_Auth(&offset1, b, auth2); + } else if (auth2) { + offset1 = offset2 = len - TSS_TPM_RSP_BLOB_AUTH_LEN; + UnloadBlob_Auth(&offset1, b, auth2); + } else + offset2 = len; + + offset1 = TSS_TPM_TXBLOB_HDR_LEN; + offset2 -= TSS_TPM_TXBLOB_HDR_LEN; + if ((*blob1 = malloc(offset2)) == NULL) { + LogError("malloc of %zd bytes failed", (size_t)offset2); + return TCSERR(TSS_E_OUTOFMEMORY); + } + *len1 = offset2; + UnloadBlob(&offset1, *len1, b, *blob1); + + break; + } + /* TPM BLOB: TPM_KEY, UINT32, BLOB, optional AUTH, AUTH + * return: UINT32 *, BYTE **, UINT32 *, BYTE **, optional AUTH, AUTH */ + case TPM_ORD_MakeIdentity: + { + UINT32 *len1, *len2; + BYTE **blob1, **blob2; + TPM_AUTH *auth1, *auth2; + + len1 = va_arg(ap, UINT32 *); + blob1 = va_arg(ap, BYTE **); + len2 = va_arg(ap, UINT32 *); + blob2 = va_arg(ap, BYTE **); + auth1 = va_arg(ap, TPM_AUTH *); + auth2 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!len1 || !blob1 || !len2 || !blob2 || !auth2) { + LogError("Internal error for ordinal 0x%x", ordinal); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + offset1 = offset2 = TSS_TPM_TXBLOB_HDR_LEN; + UnloadBlob_TSS_KEY(&offset1, b, NULL); + offset1 -= TSS_TPM_TXBLOB_HDR_LEN; + + if ((*blob1 = malloc(offset1)) == NULL) { + LogError("malloc of %zd bytes failed", (size_t)offset1); + return TCSERR(TSS_E_OUTOFMEMORY); + } + *len1 = offset1; + + UnloadBlob(&offset2, offset1, b, *blob1); + + /* offset2 points to the stuff after the key */ + UnloadBlob_UINT32(&offset2, len2, b); + + if ((*blob2 = malloc(*len2)) == NULL) { + free(*blob1); + LogError("malloc of %u bytes failed", *len2); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + UnloadBlob(&offset2, *len2, b, *blob2); + + if (auth1) + UnloadBlob_Auth(&offset2, b, auth1); + UnloadBlob_Auth(&offset2, b, auth2); + + break; + } + /* 1 TPM_VERSION, 2 UINT32s, 1 optional AUTH */ + case TPM_ORD_GetCapabilityOwner: + { + TPM_VERSION *ver1 = va_arg(ap, TPM_VERSION *); + UINT32 *data1 = va_arg(ap, UINT32 *); + UINT32 *data2 = va_arg(ap, UINT32 *); + TPM_AUTH *auth = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!data1 || !data2 || !ver1) { + LogError("Internal error for ordinal 0x%x", ordinal); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (auth) { + offset1 = len - TSS_TPM_RSP_BLOB_AUTH_LEN; + UnloadBlob_Auth(&offset1, b, auth); + } + + offset1 = TSS_TPM_TXBLOB_HDR_LEN; + UnloadBlob_VERSION(&offset1, b, ver1); + UnloadBlob_UINT32(&offset1, data1, b); + UnloadBlob_UINT32(&offset1, data2, b); + break; + } + /* TPM BLOB: 1 UINT32, 1 BLOB, 2 optional AUTHs + * return: UINT32 *, BYTE**, 2 optional AUTHs */ + case TPM_ORD_Sign: + case TPM_ORD_GetTestResult: + case TPM_ORD_CertifySelfTest: + case TPM_ORD_Unseal: + case TPM_ORD_GetRandom: + case TPM_ORD_DAA_Join: + case TPM_ORD_DAA_Sign: + case TPM_ORD_ChangeAuth: + case TPM_ORD_GetCapability: + case TPM_ORD_LoadMaintenanceArchive: + case TPM_ORD_ConvertMigrationBlob: + case TPM_ORD_NV_ReadValue: + case TPM_ORD_NV_ReadValueAuth: + case TPM_ORD_Delegate_Manage: + case TPM_ORD_Delegate_CreateKeyDelegation: + case TPM_ORD_Delegate_CreateOwnerDelegation: + case TPM_ORD_Delegate_UpdateVerification: + case TPM_ORD_CMK_ConvertMigration: + { + UINT32 *data_len = va_arg(ap, UINT32 *); + BYTE **data = va_arg(ap, BYTE **); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + TPM_AUTH *auth2 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!data || !data_len) { + LogError("Internal error for ordinal 0x%x", ordinal); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (auth1 && auth2) { + offset1 = len - (2 * TSS_TPM_RSP_BLOB_AUTH_LEN); + UnloadBlob_Auth(&offset1, b, auth1); + UnloadBlob_Auth(&offset1, b, auth2); + } else if (auth1) { + offset1 = len - TSS_TPM_RSP_BLOB_AUTH_LEN; + UnloadBlob_Auth(&offset1, b, auth1); + } else if (auth2) { + offset1 = len - TSS_TPM_RSP_BLOB_AUTH_LEN; + UnloadBlob_Auth(&offset1, b, auth2); + } + + offset1 = TSS_TPM_TXBLOB_HDR_LEN; + UnloadBlob_UINT32(&offset1, data_len, b); + if ((*data = malloc(*data_len)) == NULL) { + LogError("malloc of %u bytes failed", *data_len); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + UnloadBlob(&offset1, *data_len, b, *data); + break; + } + /* TPM BLOB: 1 UINT32, 1 BLOB, 1 optional AUTH + * return: UINT32 *, BYTE**, 1 optional AUTH*/ + case TPM_ORD_UnBind: + { + UINT32 *data_len = va_arg(ap, UINT32 *); + BYTE **data = va_arg(ap, BYTE **); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!data || !data_len) { + LogError("Internal error for ordinal 0x%x", ordinal); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (auth1) { + offset1 = len - TSS_TPM_RSP_BLOB_AUTH_LEN; + UnloadBlob_Auth(&offset1, b, auth1); + } + + offset1 = TSS_TPM_TXBLOB_HDR_LEN; + UnloadBlob_UINT32(&offset1, data_len, b); + if ((*data = malloc(*data_len)) == NULL) { + LogError("malloc of %u bytes failed", *data_len); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + UnloadBlob(&offset1, *data_len, b, *data); + break; + } + /* TPM BLOB: 1 BLOB, 1 optional AUTH + * return: UINT32 *, BYTE**, 1 optional AUTH*/ + case TPM_ORD_GetTicks: + case TPM_ORD_Seal: + case TPM_ORD_Sealx: + case TPM_ORD_FieldUpgrade: + case TPM_ORD_CreateWrapKey: + case TPM_ORD_GetPubKey: + case TPM_ORD_OwnerReadPubek: + case TPM_ORD_OwnerReadInternalPub: + case TPM_ORD_AuthorizeMigrationKey: + case TPM_ORD_TakeOwnership: + case TPM_ORD_CMK_CreateKey: + { + UINT32 *data_len = va_arg(ap, UINT32 *); + BYTE **data = va_arg(ap, BYTE **); + TPM_AUTH *auth = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!data || !data_len) { + LogError("Internal error for ordinal 0x%x", ordinal); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + /* remove the auth data from the back end of the data */ + if (auth) { + offset1 = offset2 = len - TSS_TPM_RSP_BLOB_AUTH_LEN; + UnloadBlob_Auth(&offset1, b, auth); + } else + offset2 = len; + + /* everything after the header is returned as the blob */ + offset1 = TSS_TPM_TXBLOB_HDR_LEN; + offset2 -= offset1; + if ((*data = malloc((size_t)offset2)) == NULL) { + LogError("malloc of %zd bytes failed", (size_t)offset2); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + if ((offset1 + offset2) > TSS_TPM_TXBLOB_SIZE) + return TCSERR(TSS_E_INTERNAL_ERROR); + + memcpy(*data, &b[offset1], offset2); + *data_len = offset2; + break; + } + /* TPM BLOB: BLOB, optional DIGEST */ + case TPM_ORD_CreateEndorsementKeyPair: + case TPM_ORD_ReadPubek: + { + UINT32 *data_len = va_arg(ap, UINT32 *); + BYTE **data = va_arg(ap, BYTE **); + BYTE *digest1 = va_arg(ap, BYTE *); + va_end(ap); + + if (!data || !data_len) { + LogError("Internal error for ordinal 0x%x", ordinal); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if ((offset2 + TPM_DIGEST_SIZE) > TSS_TPM_TXBLOB_SIZE) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (digest1) { + offset1 = offset2 = len - TPM_DIGEST_SIZE; + memcpy(digest1, &b[offset2], TPM_DIGEST_SIZE); + } else + offset2 = len; + + offset1 = TSS_TPM_TXBLOB_HDR_LEN; + offset2 -= offset1; + if ((*data = malloc((size_t)offset2)) == NULL) { + LogError("malloc of %zd bytes failed", (size_t)offset2); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + UnloadBlob(&offset1, offset2, b, *data); + *data_len = offset2; + break; + } +#ifdef TSS_BUILD_TSS12 + /* TPM BLOB: BLOB, DIGEST, DIGEST + * return: UINT32 *, BYTE**, DIGEST, DIGEST */ + case TPM_ORD_CreateRevocableEK: + { + UINT32 *data_len = va_arg(ap, UINT32 *); + BYTE **data = va_arg(ap, BYTE **); + BYTE *digest1 = va_arg(ap, BYTE *); + BYTE *digest2 = va_arg(ap, BYTE *); + va_end(ap); + + if (!data || !data_len || !digest1 || !digest2) { + LogError("Internal error for ordinal 0x%x", ordinal); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (len > TSS_TPM_TXBLOB_SIZE) + return TCSERR(TSS_E_INTERNAL_ERROR); + + offset2 = len - TPM_DIGEST_SIZE; + memcpy(digest2, &b[offset2], TPM_DIGEST_SIZE); + + offset2 -= TPM_DIGEST_SIZE; + memcpy(digest1, &b[offset2], TPM_DIGEST_SIZE); + + offset1 = TSS_TPM_TXBLOB_HDR_LEN; + offset2 -= offset1; + if ((*data = malloc((size_t)offset2)) == NULL) { + LogError("malloc of %zd bytes failed", (size_t)offset2); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + UnloadBlob(&offset1, offset2, b, *data); + *data_len = offset2; + break; + } +#endif + /* 1 UINT32, 1 optional AUTH */ + case TPM_ORD_LoadKey: + case TPM_ORD_LoadKey2: + { + UINT32 *handle; + TPM_AUTH *auth; + + handle = va_arg(ap, UINT32 *); + auth = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!handle) { + LogError("Internal error for ordinal 0x%x", ordinal); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (auth) { + offset1 = len - TSS_TPM_RSP_BLOB_AUTH_LEN; + UnloadBlob_Auth(&offset1, b, auth); + } + + offset1 = TSS_TPM_TXBLOB_HDR_LEN; + UnloadBlob_UINT32(&offset1, handle, b); + break; + } + /* 1 optional UINT32, 1 20 byte value */ + case TPM_ORD_DirRead: + case TPM_ORD_OIAP: + case TPM_ORD_LoadManuMaintPub: + case TPM_ORD_ReadManuMaintPub: + case TPM_ORD_Extend: + case TPM_ORD_PcrRead: + { + UINT32 *handle = va_arg(ap, UINT32 *); + BYTE *nonce = va_arg(ap, BYTE *); + va_end(ap); + + if (!nonce) { + LogError("Internal error for ordinal 0x%x", ordinal); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + offset1 = TSS_TPM_TXBLOB_HDR_LEN; + if (handle) + UnloadBlob_UINT32(&offset1, handle, b); + UnloadBlob(&offset1, TPM_NONCE_SIZE, b, nonce); + break; + } + /* 1 UINT32, 2 20 byte values */ + case TPM_ORD_OSAP: + case TPM_ORD_DSAP: + { + UINT32 *handle = va_arg(ap, UINT32 *); + BYTE *nonce1 = va_arg(ap, BYTE *); + BYTE *nonce2 = va_arg(ap, BYTE *); + va_end(ap); + + if (!handle || !nonce1 || !nonce2) { + LogError("Internal error for ordinal 0x%x", ordinal); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + offset1 = TSS_TPM_TXBLOB_HDR_LEN; + UnloadBlob_UINT32(&offset1, handle, b); + UnloadBlob(&offset1, TPM_NONCE_SIZE, b, nonce1); + UnloadBlob(&offset1, TPM_NONCE_SIZE, b, nonce2); + break; + } +#ifdef TSS_BUILD_CMK + /* 1 20 byte value, 1 optional AUTH */ + case TPM_ORD_CMK_ApproveMA: + case TPM_ORD_CMK_CreateTicket: + { + BYTE *hmac1 = va_arg(ap, BYTE *); + TPM_AUTH *auth = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!hmac1) { + LogError("Internal error for ordinal 0x%x", ordinal); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + offset1 = TSS_TPM_TXBLOB_HDR_LEN; + UnloadBlob(&offset1, TPM_SHA1_160_HASH_LEN, b, hmac1); + if (auth) { + offset1 = len - TSS_TPM_RSP_BLOB_AUTH_LEN; + UnloadBlob_Auth(&offset1, b, auth); + } + break; + } +#endif + /* 1 optional AUTH */ + case TPM_ORD_DisablePubekRead: + case TPM_ORD_DirWriteAuth: + case TPM_ORD_ReleaseCounter: + case TPM_ORD_ReleaseCounterOwner: + case TPM_ORD_ChangeAuthOwner: + case TPM_ORD_SetCapability: + case TPM_ORD_SetOrdinalAuditStatus: + case TPM_ORD_ResetLockValue: + case TPM_ORD_SetRedirection: + case TPM_ORD_DisableOwnerClear: + case TPM_ORD_OwnerSetDisable: + case TPM_ORD_SetTempDeactivated: + case TPM_ORD_KillMaintenanceFeature: + case TPM_ORD_NV_DefineSpace: + case TPM_ORD_NV_WriteValue: + case TPM_ORD_NV_WriteValueAuth: + case TPM_ORD_OwnerClear: + case TPM_ORD_Delegate_LoadOwnerDelegation: + case TPM_ORD_CMK_SetRestrictions: + case TPM_ORD_FlushSpecific: + case TPM_ORD_KeyControlOwner: + { + TPM_AUTH *auth = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (auth) { + offset1 = len - TSS_TPM_RSP_BLOB_AUTH_LEN; + UnloadBlob_Auth(&offset1, b, auth); + } + break; + } + default: + LogError("Unknown ordinal: 0x%x", ordinal); + result = TCSERR(TSS_E_INTERNAL_ERROR); + break; + } + + return result; +} + +/* XXX optimize these cases by always passing in lengths for blobs, no more "20 byte values" */ +TSS_RESULT +tpm_rqu_build(TPM_COMMAND_CODE ordinal, UINT64 *outOffset, BYTE *out_blob, ...) +{ + TSS_RESULT result = TSS_SUCCESS; + UINT64 blob_size; + va_list ap; + + DBG_ASSERT(ordinal); + DBG_ASSERT(outOffset); + DBG_ASSERT(out_blob); + + va_start(ap, out_blob); + + switch (ordinal) { +#ifdef TSS_BUILD_DELEGATION + /* 1 UINT16, 1 UINT32, 1 20 bytes value, 1 UINT32, 1 BLOB */ + case TPM_ORD_DSAP: + { + UINT16 val1 = va_arg(ap, int); + UINT32 handle1 = va_arg(ap, UINT32); + BYTE *digest1 = va_arg(ap, BYTE *); + UINT32 in_len1 = va_arg(ap, UINT32); + BYTE *in_blob1 = va_arg(ap, BYTE *); + va_end(ap); + + if (!digest1 || !in_blob1) { + result = TCSERR(TSS_E_INTERNAL_ERROR); + LogError("Internal error for ordinal 0x%x", ordinal); + break; + } + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob_UINT16(outOffset, val1, out_blob); + LoadBlob_UINT32(outOffset, handle1, out_blob); + LoadBlob(outOffset, TPM_SHA1_160_HASH_LEN, out_blob, digest1); + LoadBlob_UINT32(outOffset, in_len1, out_blob); + LoadBlob(outOffset, in_len1, out_blob, in_blob1); + LoadBlob_Header(TPM_TAG_RQU_COMMAND, *outOffset, ordinal, out_blob); + + break; + } + /* 1 BOOL, 1 UINT32, 1 BLOB, 1 20 byte value, 1 AUTH */ + case TPM_ORD_Delegate_CreateOwnerDelegation: + { + TSS_BOOL bool1 = va_arg(ap, int); + UINT32 in_len1 = va_arg(ap, UINT32); + BYTE *in_blob1 = va_arg(ap, BYTE *); + BYTE *digest1 = va_arg(ap, BYTE *); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!in_len1 || !in_blob1 || !digest1) { + result = TCSERR(TSS_E_INTERNAL_ERROR); + LogError("Internal error for ordinal 0x%x", ordinal); + break; + } + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob_BOOL(outOffset, bool1, out_blob); + LoadBlob(outOffset, in_len1, out_blob, in_blob1); + LoadBlob(outOffset, TPM_SHA1_160_HASH_LEN, out_blob, digest1); + if (auth1) { + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, *outOffset, ordinal, out_blob); + } else + LoadBlob_Header(TPM_TAG_RQU_COMMAND, *outOffset, ordinal, out_blob); + + break; + } + /* 2 UINT32's, 1 BLOB, 1 20 byte value, 1 AUTH */ + case TPM_ORD_Delegate_CreateKeyDelegation: + { + UINT32 keyslot1 = va_arg(ap, UINT32); + UINT32 in_len1 = va_arg(ap, UINT32); + BYTE *in_blob1 = va_arg(ap, BYTE *); + BYTE *digest1 = va_arg(ap, BYTE *); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!keyslot1 || !in_len1 || !in_blob1 || !digest1) { + result = TCSERR(TSS_E_INTERNAL_ERROR); + LogError("Internal error for ordinal 0x%x", ordinal); + break; + } + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob_UINT32(outOffset, keyslot1, out_blob); + LoadBlob(outOffset, in_len1, out_blob, in_blob1); + LoadBlob(outOffset, TPM_SHA1_160_HASH_LEN, out_blob, digest1); + if (auth1) { + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, *outOffset, ordinal, out_blob); + } else + LoadBlob_Header(TPM_TAG_RQU_COMMAND, *outOffset, ordinal, out_blob); + + break; + } +#endif +#ifdef TSS_BUILD_TRANSPORT + /* 3 UINT32's, 1 BLOB, 2 AUTHs */ + case TPM_ORD_ExecuteTransport: + { + UINT32 ord1 = va_arg(ap, UINT32); + UINT32 *keyslot1 = va_arg(ap, UINT32 *); + UINT32 *keyslot2 = va_arg(ap, UINT32 *); + UINT32 in_len1 = va_arg(ap, UINT32); + BYTE *in_blob1 = va_arg(ap, BYTE *); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + TPM_AUTH *auth2 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + if (keyslot1) + LoadBlob_UINT32(outOffset, *keyslot1, out_blob); + if (keyslot2) + LoadBlob_UINT32(outOffset, *keyslot2, out_blob); + //LoadBlob_UINT32(outOffset, in_len1, out_blob); + if (in_blob1) + LoadBlob(outOffset, in_len1, out_blob, in_blob1); + + if (auth1 && auth2) { + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Auth(outOffset, out_blob, auth2); + LoadBlob_Header(TPM_TAG_RQU_AUTH2_COMMAND, *outOffset, ord1, out_blob); + } else if (auth1) { + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, *outOffset, ord1, out_blob); + } else if (auth2) { + LoadBlob_Auth(outOffset, out_blob, auth2); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, *outOffset, ord1, out_blob); + } else { + LoadBlob_Header(TPM_TAG_RQU_COMMAND, *outOffset, ord1, out_blob); + } + + break; + } +#endif + /* 1 UINT32, 1 UINT16, 1 BLOB, 1 UINT32, 1 BLOB, 1 options AUTH, 1 AUTH */ + case TPM_ORD_CreateMigrationBlob: + { + UINT32 keyslot1 = va_arg(ap, UINT32); + UINT16 type1 = va_arg(ap, int); + UINT32 in_len1 = va_arg(ap, UINT32); + BYTE *in_blob1 = va_arg(ap, BYTE *); + UINT32 in_len2 = va_arg(ap, UINT32); + BYTE *in_blob2 = va_arg(ap, BYTE *); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + TPM_AUTH *auth2 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!in_blob1 || !in_blob2 || !auth2) { + result = TCSERR(TSS_E_INTERNAL_ERROR); + LogError("Internal error for ordinal 0x%x", ordinal); + break; + } + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob_UINT32(outOffset, keyslot1, out_blob); + LoadBlob_UINT16(outOffset, type1, out_blob); + LoadBlob(outOffset, in_len1, out_blob, in_blob1); + LoadBlob_UINT32(outOffset, in_len2, out_blob); + LoadBlob(outOffset, in_len2, out_blob, in_blob2); + if (auth1) { + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Auth(outOffset, out_blob, auth2); + LoadBlob_Header(TPM_TAG_RQU_AUTH2_COMMAND, *outOffset, ordinal, out_blob); + } else { + LoadBlob_Auth(outOffset, out_blob, auth2); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, *outOffset, ordinal, out_blob); + } + + break; + } + /* 1 UINT32, 1 UINT16, 1 20 byte value, 1 UINT16, 1 UINT32, 1 BLOB, 2 AUTHs */ + case TPM_ORD_ChangeAuth: + { + UINT32 keyslot1 = va_arg(ap, UINT32); + UINT16 proto1 = va_arg(ap, int); + BYTE *digest1 = va_arg(ap, BYTE *); + UINT16 entity1 = va_arg(ap, int); + UINT32 in_len1 = va_arg(ap, UINT32); + BYTE *in_blob1 = va_arg(ap, BYTE *); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + TPM_AUTH *auth2 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!digest1 || !in_blob1 || !auth1 || !auth2) { + result = TCSERR(TSS_E_INTERNAL_ERROR); + LogError("Internal error for ordinal 0x%x", ordinal); + break; + } + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob_UINT32(outOffset, keyslot1, out_blob); + LoadBlob_UINT16(outOffset, proto1, out_blob); + LoadBlob(outOffset, TPM_SHA1_160_HASH_LEN, out_blob, digest1); + LoadBlob_UINT16(outOffset, entity1, out_blob); + LoadBlob_UINT32(outOffset, in_len1, out_blob); + LoadBlob(outOffset, in_len1, out_blob, in_blob1); + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Auth(outOffset, out_blob, auth2); + LoadBlob_Header(TPM_TAG_RQU_AUTH2_COMMAND, *outOffset, ordinal, out_blob); + + break; + } + /* 2 DIGEST/ENCAUTH's, 1 UINT32, 1 BLOB, 1 optional AUTH, 1 AUTH */ + case TPM_ORD_MakeIdentity: + { + BYTE *dig1, *dig2, *blob1; + UINT32 len1; + TPM_AUTH *auth1, *auth2; + + dig1 = va_arg(ap, BYTE *); + dig2 = va_arg(ap, BYTE *); + len1 = va_arg(ap, UINT32); + blob1 = va_arg(ap, BYTE *); + auth1 = va_arg(ap, TPM_AUTH *); + auth2 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!dig1 || !dig2 || !blob1 || !auth2) { + result = TCSERR(TSS_E_INTERNAL_ERROR); + LogError("Internal error for ordinal 0x%x", ordinal); + break; + } + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob(outOffset, TPM_SHA1_160_HASH_LEN, out_blob, dig1); + LoadBlob(outOffset, TPM_SHA1_160_HASH_LEN, out_blob, dig2); + LoadBlob(outOffset, len1, out_blob, blob1); + if (auth1) { + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Auth(outOffset, out_blob, auth2); + LoadBlob_Header(TPM_TAG_RQU_AUTH2_COMMAND, *outOffset, ordinal, out_blob); + } else { + LoadBlob_Auth(outOffset, out_blob, auth2); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, *outOffset, ordinal, out_blob); + } + + break; + } +#if (TSS_BUILD_NV || TSS_BUILD_DELEGATION) + /* 3 UINT32's, 1 BLOB, 1 optional AUTH */ + case TPM_ORD_NV_WriteValue: + case TPM_ORD_NV_WriteValueAuth: + case TPM_ORD_Delegate_Manage: + { + UINT32 i = va_arg(ap, UINT32); + UINT32 j = va_arg(ap, UINT32); + UINT32 in_len1 = va_arg(ap, UINT32); + BYTE *in_blob1 = va_arg(ap, BYTE *); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!in_blob1) { + result = TCSERR(TSS_E_INTERNAL_ERROR); + LogError("Internal error for ordinal 0x%x", ordinal); + break; + } + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob_UINT32(outOffset, i, out_blob); + LoadBlob_UINT32(outOffset, j, out_blob); + LoadBlob_UINT32(outOffset, in_len1, out_blob); + LoadBlob(outOffset, in_len1, out_blob, in_blob1); + if (auth1) { + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, *outOffset, ordinal, out_blob); + } else { + LoadBlob_Header(TPM_TAG_RQU_COMMAND, *outOffset, ordinal, out_blob); + } + + break; + } +#endif + /* 3 UINT32's, 1 optional AUTH */ + case TPM_ORD_NV_ReadValue: + case TPM_ORD_NV_ReadValueAuth: + case TPM_ORD_SetRedirection: + { + UINT32 i = va_arg(ap, UINT32); + UINT32 j = va_arg(ap, UINT32); + UINT32 k = va_arg(ap, UINT32); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob_UINT32(outOffset, i, out_blob); + LoadBlob_UINT32(outOffset, j, out_blob); + LoadBlob_UINT32(outOffset, k, out_blob); + if (auth1) { + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, *outOffset, ordinal, out_blob); + } else { + LoadBlob_Header(TPM_TAG_RQU_COMMAND, *outOffset, ordinal, out_blob); + } + + break; + } + /* 1 20 byte value, 1 UINT32, 1 BLOB */ + case TPM_ORD_CreateEndorsementKeyPair: + { + BYTE *digest1 = va_arg(ap, BYTE *); + UINT32 in_len1 = va_arg(ap, UINT32); + BYTE *in_blob1 = va_arg(ap, BYTE *); + va_end(ap); + + if (!digest1 || !in_blob1) { + result = TCSERR(TSS_E_INTERNAL_ERROR); + LogError("Internal error for ordinal 0x%x", ordinal); + break; + } + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob(outOffset, TPM_SHA1_160_HASH_LEN, out_blob, digest1); + LoadBlob(outOffset, in_len1, out_blob, in_blob1); + LoadBlob_Header(TPM_TAG_RQU_COMMAND, *outOffset, ordinal, out_blob); + + break; + } +#ifdef TSS_BUILD_TSS12 + /* 1 20 byte value, 1 UINT32, 1 BLOB, 1 BOOL, 1 20 byte value */ + case TPM_ORD_CreateRevocableEK: + { + BYTE *digest1 = va_arg(ap, BYTE *); + UINT32 in_len1 = va_arg(ap, UINT32); + BYTE *in_blob1 = va_arg(ap, BYTE *); + TSS_BOOL in_bool1 = va_arg(ap, int); + BYTE *digest2 = va_arg(ap, BYTE *); + va_end(ap); + + if (!digest1 || !in_blob1 || !digest2) { + result = TCSERR(TSS_E_INTERNAL_ERROR); + LogError("Internal error for ordinal 0x%x", ordinal); + break; + } + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob(outOffset, TPM_SHA1_160_HASH_LEN, out_blob, digest1); + LoadBlob(outOffset, in_len1, out_blob, in_blob1); + LoadBlob_BOOL(outOffset, in_bool1, out_blob); + LoadBlob(outOffset, TPM_SHA1_160_HASH_LEN, out_blob, digest2); + LoadBlob_Header(TPM_TAG_RQU_COMMAND, *outOffset, ordinal, out_blob); + + break; + } + /* 1 20 byte value */ + case TPM_ORD_RevokeTrust: + { + BYTE *digest1 = va_arg(ap, BYTE *); + va_end(ap); + + if (!digest1) { + result = TCSERR(TSS_E_INTERNAL_ERROR); + LogError("Internal error for ordinal 0x%x", ordinal); + break; + } + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob(outOffset, TPM_SHA1_160_HASH_LEN, out_blob, digest1); + LoadBlob_Header(TPM_TAG_RQU_COMMAND, *outOffset, ordinal, out_blob); + + break; + } +#endif +#ifdef TSS_BUILD_COUNTER + /* 1 20 byte value, 1 UINT32, 1 BLOB, 1 AUTH */ + case TPM_ORD_CreateCounter: + { + BYTE *digest1 = va_arg(ap, BYTE *); + UINT32 in_len1 = va_arg(ap, UINT32); + BYTE *in_blob1 = va_arg(ap, BYTE *); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!digest1 || !in_blob1 || !auth1) { + result = TCSERR(TSS_E_INTERNAL_ERROR); + LogError("Internal error for ordinal 0x%x", ordinal); + break; + } + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob(outOffset, TPM_SHA1_160_HASH_LEN, out_blob, digest1); + LoadBlob(outOffset, in_len1, out_blob, in_blob1); + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, *outOffset, ordinal, out_blob); + + break; + } +#endif +#ifdef TSS_BUILD_DAA + /* 1 UINT32, 1 BYTE, 1 UINT32, 1 BLOB, 1 UINT32, 1 BLOB, 1 AUTH */ + case TPM_ORD_DAA_Sign: + case TPM_ORD_DAA_Join: + { + UINT32 keySlot1 = va_arg(ap, UINT32); + BYTE stage1 = va_arg(ap, int); + UINT32 in_len1 = va_arg(ap, UINT32); + BYTE *in_blob1 = va_arg(ap, BYTE *); + UINT32 in_len2 = va_arg(ap, UINT32); + BYTE *in_blob2 = va_arg(ap, BYTE *); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!keySlot1 || !in_blob1 || !auth1) { + result = TCSERR(TSS_E_INTERNAL_ERROR); + LogError("Internal error for ordinal 0x%x", ordinal); + break; + } + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob_UINT32(outOffset, keySlot1, out_blob); + LoadBlob_BOOL(outOffset, stage1, out_blob); + LoadBlob_UINT32(outOffset, in_len1, out_blob); + LoadBlob(outOffset, in_len1, out_blob, in_blob1); + LoadBlob_UINT32(outOffset, in_len2, out_blob); + LoadBlob(outOffset, in_len2, out_blob, in_blob2); + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, *outOffset, ordinal, out_blob); + + break; + } +#endif + /* 2 UINT32's, 1 BLOB, 1 UINT32, 1 BLOB, 1 optional AUTH */ + case TPM_ORD_ConvertMigrationBlob: + case TPM_ORD_SetCapability: + { + UINT32 keySlot1 = va_arg(ap, UINT32); + UINT32 in_len1 = va_arg(ap, UINT32); + BYTE *in_blob1 = va_arg(ap, BYTE *); + UINT32 in_len2 = va_arg(ap, UINT32); + BYTE *in_blob2 = va_arg(ap, BYTE *); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!keySlot1 || !in_blob1 || !in_blob2) { + result = TCSERR(TSS_E_INTERNAL_ERROR); + LogError("Internal error for ordinal 0x%x", ordinal); + break; + } + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob_UINT32(outOffset, keySlot1, out_blob); + LoadBlob_UINT32(outOffset, in_len1, out_blob); + LoadBlob(outOffset, in_len1, out_blob, in_blob1); + LoadBlob_UINT32(outOffset, in_len2, out_blob); + LoadBlob(outOffset, in_len2, out_blob, in_blob2); + if (auth1) { + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, *outOffset, ordinal, out_blob); + } else { + LoadBlob_Header(TPM_TAG_RQU_COMMAND, *outOffset, ordinal, out_blob); + } + + break; + } + /* 2 UINT32's, 1 20 byte value, 2 optional AUTHs */ + case TPM_ORD_CertifyKey: + { + UINT32 keySlot1 = va_arg(ap, UINT32); + UINT32 keySlot2 = va_arg(ap, UINT32); + BYTE *digest1 = va_arg(ap, BYTE *); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + TPM_AUTH *auth2 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!keySlot1 || !keySlot2 || !digest1) { + result = TCSERR(TSS_E_INTERNAL_ERROR); + LogError("Internal error for ordinal 0x%x", ordinal); + break; + } + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob_UINT32(outOffset, keySlot1, out_blob); + LoadBlob_UINT32(outOffset, keySlot2, out_blob); + LoadBlob(outOffset, TPM_SHA1_160_HASH_LEN, out_blob, digest1); + if (auth1 && auth2) { + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Auth(outOffset, out_blob, auth2); + LoadBlob_Header(TPM_TAG_RQU_AUTH2_COMMAND, *outOffset, ordinal, out_blob); + } else if (auth1) { + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, *outOffset, ordinal, out_blob); + } else if (auth2) { + LoadBlob_Auth(outOffset, out_blob, auth2); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, *outOffset, ordinal, out_blob); + } else { + LoadBlob_Header(TPM_TAG_RQU_COMMAND, *outOffset, ordinal, out_blob); + } + + break; + } + /* 2 UINT32's, 1 BLOB, 1 optional AUTH */ + case TPM_ORD_Delegate_LoadOwnerDelegation: + case TPM_ORD_GetCapability: + case TPM_ORD_UnBind: + case TPM_ORD_Sign: + { + UINT32 keySlot1 = va_arg(ap, UINT32); + UINT32 in_len1 = va_arg(ap, UINT32); + BYTE *in_blob1 = va_arg(ap, BYTE *); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (in_len1 && !in_blob1) { + result = TCSERR(TSS_E_INTERNAL_ERROR); + LogError("Internal error for ordinal 0x%x", ordinal); + break; + } + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob_UINT32(outOffset, keySlot1, out_blob); + LoadBlob_UINT32(outOffset, in_len1, out_blob); + if (in_len1) + LoadBlob(outOffset, in_len1, out_blob, in_blob1); + if (auth1) { + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, *outOffset, ordinal, out_blob); + } else { + LoadBlob_Header(TPM_TAG_RQU_COMMAND, *outOffset, ordinal, out_blob); + } + + break; + } + /* 1 UINT32, 1 20 byte value, 1 UINT32, 1 optional BLOB, 1 UINT32, 1 BLOB, 1 AUTH */ + case TPM_ORD_Seal: + case TPM_ORD_Sealx: + { + UINT32 keySlot1 = va_arg(ap, UINT32); + BYTE *digest1 = va_arg(ap, BYTE *); + UINT32 in_len1 = va_arg(ap, UINT32); + BYTE *in_blob1 = va_arg(ap, BYTE *); + UINT32 in_len2 = va_arg(ap, UINT32); + BYTE *in_blob2 = va_arg(ap, BYTE *); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + blob_size = in_len1 + in_len2 + TPM_DIGEST_SIZE + sizeof(TPM_AUTH); + if (blob_size > TSS_TPM_TXBLOB_SIZE) { + result = TCSERR(TSS_E_BAD_PARAMETER); + LogError("Oversized input when building ordinal 0x%x", ordinal); + break; + } + + if (!keySlot1 || !in_blob2 || !auth1) { + result = TCSERR(TSS_E_INTERNAL_ERROR); + LogError("Internal error for ordinal 0x%x", ordinal); + break; + } + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob_UINT32(outOffset, keySlot1, out_blob); + LoadBlob(outOffset, TPM_SHA1_160_HASH_LEN, out_blob, digest1); + LoadBlob_UINT32(outOffset, in_len1, out_blob); + LoadBlob(outOffset, in_len1, out_blob, in_blob1); + LoadBlob_UINT32(outOffset, in_len2, out_blob); + LoadBlob(outOffset, in_len2, out_blob, in_blob2); + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, *outOffset, ordinal, out_blob); + + break; + } + /* 2 UINT32's, 1 BLOB, 1 optional AUTH, 1 AUTH */ + case TPM_ORD_ActivateIdentity: + { + UINT32 keySlot1 = va_arg(ap, UINT32); + UINT32 in_len1 = va_arg(ap, UINT32); + BYTE *in_blob1 = va_arg(ap, BYTE *); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + TPM_AUTH *auth2 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!keySlot1 || !in_blob1 || !auth2) { + result = TCSERR(TSS_E_INTERNAL_ERROR); + LogError("Internal error for ordinal 0x%x", ordinal); + break; + } + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob_UINT32(outOffset, keySlot1, out_blob); + LoadBlob_UINT32(outOffset, in_len1, out_blob); + LoadBlob(outOffset, in_len1, out_blob, in_blob1); + if (auth1) { + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Auth(outOffset, out_blob, auth2); + LoadBlob_Header(TPM_TAG_RQU_AUTH2_COMMAND, *outOffset, ordinal, out_blob); + } else { + LoadBlob_Auth(outOffset, out_blob, auth2); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, *outOffset, ordinal, out_blob); + } + + break; + } + /* 1 UINT32, 1 20-byte blob, 1 BLOB, 1 optional AUTH */ + case TPM_ORD_Quote: + { + UINT32 keySlot1 = va_arg(ap, UINT32); + BYTE *digest1 = va_arg(ap, BYTE *); + UINT32 in_len1 = va_arg(ap, UINT32); + BYTE *in_blob1 = va_arg(ap, BYTE *); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!keySlot1 || !digest1 || !in_blob1) { + result = TCSERR(TSS_E_INTERNAL_ERROR); + LogError("Internal error for ordinal 0x%x", ordinal); + break; + } + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob_UINT32(outOffset, keySlot1, out_blob); + LoadBlob(outOffset, TPM_SHA1_160_HASH_LEN, out_blob, digest1); + LoadBlob(outOffset, in_len1, out_blob, in_blob1); + + if (auth1) { + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, *outOffset, ordinal, out_blob); + } else + LoadBlob_Header(TPM_TAG_RQU_COMMAND, *outOffset, ordinal, out_blob); + + break; + } +#ifdef TSS_BUILD_TSS12 + /* 1 UINT32, 1 20-byte blob, 1 BLOB, 1 BOOL, 1 optional AUTH */ + case TPM_ORD_Quote2: + { + /* Input vars */ + UINT32 keySlot1 = va_arg(ap, UINT32); + BYTE *digest1 = va_arg(ap, BYTE *); + UINT32 in_len1 = va_arg(ap, UINT32); + BYTE *in_blob1 = va_arg(ap, BYTE *); + TSS_BOOL* addVersion = va_arg(ap,TSS_BOOL *); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!keySlot1 || !digest1 || !in_blob1 || !addVersion) { + result = TCSERR(TSS_E_INTERNAL_ERROR); + LogError("Internal error for ordinal 0x%x", ordinal); + break; + } + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob_UINT32(outOffset, keySlot1, out_blob); + LoadBlob(outOffset, TPM_SHA1_160_HASH_LEN, out_blob, digest1); + LoadBlob(outOffset, in_len1, out_blob, in_blob1); + + /* Load the addVersion Bool */ + LoadBlob_BOOL(outOffset,*addVersion,out_blob); + + if (auth1) { + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, *outOffset, ordinal, out_blob); + } else + LoadBlob_Header(TPM_TAG_RQU_COMMAND, *outOffset, ordinal, out_blob); + + break; + } +#endif + /* 1 UINT32, 2 20-byte blobs, 1 BLOB, 1 optional AUTH */ + case TPM_ORD_CreateWrapKey: + { + UINT32 keySlot1 = va_arg(ap, UINT32); + BYTE *digest1 = va_arg(ap, BYTE *); + BYTE *digest2 = va_arg(ap, BYTE *); + UINT32 in_len1 = va_arg(ap, UINT32); + BYTE *in_blob1 = va_arg(ap, BYTE *); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!keySlot1 || !digest1 || !digest2 || !in_blob1) { + result = TCSERR(TSS_E_INTERNAL_ERROR); + LogError("Internal error for ordinal 0x%x", ordinal); + break; + } + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob_UINT32(outOffset, keySlot1, out_blob); + LoadBlob(outOffset, TPM_SHA1_160_HASH_LEN, out_blob, digest1); + LoadBlob(outOffset, TPM_SHA1_160_HASH_LEN, out_blob, digest2); + LoadBlob(outOffset, in_len1, out_blob, in_blob1); + if (auth1) { + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, *outOffset, ordinal, out_blob); + } else + LoadBlob_Header(TPM_TAG_RQU_COMMAND, *outOffset, ordinal, out_blob); + + break; + } + /* 2 BLOBs, 1 optional AUTH */ + case TPM_ORD_NV_DefineSpace: + case TPM_ORD_LoadManuMaintPub: + { + UINT32 in_len1 = va_arg(ap, UINT32); + BYTE *in_blob1 = va_arg(ap, BYTE *); + UINT32 in_len2 = va_arg(ap, UINT32); + BYTE *in_blob2 = va_arg(ap, BYTE *); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!in_blob1 || !in_blob2) { + result = TCSERR(TSS_E_INTERNAL_ERROR); + LogError("Internal error for ordinal 0x%x", ordinal); + break; + } + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob(outOffset, in_len1, out_blob, in_blob1); + LoadBlob(outOffset, in_len2, out_blob, in_blob2); + if (auth1) { + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, *outOffset, ordinal, out_blob); + } else { + LoadBlob_Header(TPM_TAG_RQU_COMMAND, *outOffset, ordinal, out_blob); + } + + break; + } +#ifdef TSS_BUILD_TICK + /* 1 UINT32, 2 20-byte blobs, 1 optional AUTH */ + case TPM_ORD_TickStampBlob: + { + UINT32 keySlot1 = va_arg(ap, UINT32); + BYTE *digest1 = va_arg(ap, BYTE *); + BYTE *digest2 = va_arg(ap, BYTE *); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!keySlot1 || !digest1 || !digest2) { + result = TCSERR(TSS_E_INTERNAL_ERROR); + LogError("Internal error for ordinal 0x%x", ordinal); + break; + } + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob_UINT32(outOffset, keySlot1, out_blob); + LoadBlob(outOffset, TPM_SHA1_160_HASH_LEN, out_blob, digest1); + LoadBlob(outOffset, TPM_SHA1_160_HASH_LEN, out_blob, digest2); + + if (auth1) { + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, *outOffset, ordinal, out_blob); + } else + LoadBlob_Header(TPM_TAG_RQU_COMMAND, *outOffset, ordinal, out_blob); + + break; + } +#endif + /* 1 BLOB */ + case TPM_ORD_ReadManuMaintPub: + case TPM_ORD_ReadPubek: + case TPM_ORD_PCR_Reset: + case TPM_ORD_SetOperatorAuth: + { + UINT32 in_len1 = va_arg(ap, UINT32); + BYTE *in_blob1 = va_arg(ap, BYTE *); + va_end(ap); + + if (!in_blob1) { + result = TCSERR(TSS_E_INTERNAL_ERROR); + LogError("Internal error for ordinal 0x%x", ordinal); + break; + } + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob(outOffset, in_len1, out_blob, in_blob1); + LoadBlob_Header(TPM_TAG_RQU_COMMAND, *outOffset, ordinal, out_blob); + + break; + } + /* 1 UINT32, 1 BLOB, 2 optional AUTHs */ + case TPM_ORD_LoadKey: + case TPM_ORD_LoadKey2: + case TPM_ORD_DirWriteAuth: + case TPM_ORD_CertifySelfTest: + case TPM_ORD_Unseal: + case TPM_ORD_Extend: + case TPM_ORD_StirRandom: + case TPM_ORD_LoadMaintenanceArchive: /* XXX */ + case TPM_ORD_FieldUpgrade: + case TPM_ORD_Delegate_UpdateVerification: + case TPM_ORD_Delegate_VerifyDelegation: + { + UINT32 val1 = va_arg(ap, UINT32); + UINT32 in_len1 = va_arg(ap, UINT32); + BYTE *in_blob1 = va_arg(ap, BYTE *); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + TPM_AUTH *auth2 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (in_len1 && !in_blob1) { + result = TCSERR(TSS_E_INTERNAL_ERROR); + LogError("Internal error for ordinal 0x%x", ordinal); + break; + } + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob_UINT32(outOffset, val1, out_blob); + LoadBlob(outOffset, in_len1, out_blob, in_blob1); + if (auth1 && auth2) { + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Auth(outOffset, out_blob, auth2); + LoadBlob_Header(TPM_TAG_RQU_AUTH2_COMMAND, *outOffset, ordinal, out_blob); + } else if (auth1) { + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, *outOffset, ordinal, out_blob); + } else if (auth2) { + LoadBlob_Auth(outOffset, out_blob, auth2); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, *outOffset, ordinal, out_blob); + } else { + LoadBlob_Header(TPM_TAG_RQU_COMMAND, *outOffset, ordinal, out_blob); + } + + break; + } + /* 1 UINT16, 1 BLOB, 1 AUTH */ + case TPM_ORD_AuthorizeMigrationKey: + { + UINT16 scheme1 = va_arg(ap, int); + UINT32 in_len1 = va_arg(ap, UINT32); + BYTE *in_blob1 = va_arg(ap, BYTE *); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!in_blob1 || !auth1) { + result = TCSERR(TSS_E_INTERNAL_ERROR); + LogError("Internal error for ordinal 0x%x", ordinal); + break; + } + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob_UINT16(outOffset, scheme1, out_blob); + LoadBlob(outOffset, in_len1, out_blob, in_blob1); + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, *outOffset, ordinal, out_blob); + + break; + } + /* 1 UINT16, 1 UINT32, 1 BLOB, 1 UINT32, 2 BLOBs, 1 AUTH */ + case TPM_ORD_TakeOwnership: + { + UINT16 scheme1 = va_arg(ap, int); + UINT32 in_len1 = va_arg(ap, UINT32); + BYTE *in_blob1 = va_arg(ap, BYTE *); + UINT32 in_len2 = va_arg(ap, UINT32); + BYTE *in_blob2 = va_arg(ap, BYTE *); + UINT32 in_len3 = va_arg(ap, UINT32); + BYTE *in_blob3 = va_arg(ap, BYTE *); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!in_blob1 || !in_blob2 || !in_blob3 || !auth1) { + result = TCSERR(TSS_E_INTERNAL_ERROR); + LogError("Internal error for ordinal 0x%x", ordinal); + break; + } + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob_UINT16(outOffset, scheme1, out_blob); + LoadBlob_UINT32(outOffset, in_len1, out_blob); + LoadBlob(outOffset, in_len1, out_blob, in_blob1); + LoadBlob_UINT32(outOffset, in_len2, out_blob); + LoadBlob(outOffset, in_len2, out_blob, in_blob2); + LoadBlob(outOffset, in_len3, out_blob, in_blob3); + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, *outOffset, ordinal, out_blob); + + break; + } +#ifdef TSS_BUILD_AUDIT + /* 1 UINT32, 1 BOOL, 1 20 byte value, 1 optional AUTH */ + case TPM_ORD_GetAuditDigestSigned: + { + UINT32 keyslot1 = va_arg(ap, UINT32); + TSS_BOOL bool1 = va_arg(ap, int); + BYTE *digest1 = va_arg(ap, BYTE *); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!digest1) { + result = TCSERR(TSS_E_INTERNAL_ERROR); + LogError("Internal error for ordinal 0x%x", ordinal); + break; + } + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob_UINT32(outOffset, keyslot1, out_blob); + LoadBlob_BOOL(outOffset, bool1, out_blob); + LoadBlob(outOffset, TPM_SHA1_160_HASH_LEN, out_blob, digest1); + + if (auth1) { + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, *outOffset, ordinal, out_blob); + } else { + LoadBlob_Header(TPM_TAG_RQU_COMMAND, *outOffset, ordinal, out_blob); + } + + break; + } +#endif + /* 1 UINT16, 1 UINT32, 1 20 byte value */ + case TPM_ORD_OSAP: + { + UINT16 type1 = va_arg(ap, int); + UINT32 value1 = va_arg(ap, UINT32); + BYTE *digest1 = va_arg(ap, BYTE *); + va_end(ap); + + if (!digest1) { + result = TCSERR(TSS_E_INTERNAL_ERROR); + LogError("Internal error for ordinal 0x%x", ordinal); + break; + } + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob_UINT16(outOffset, type1, out_blob); + LoadBlob_UINT32(outOffset, value1, out_blob); + LoadBlob(outOffset, TPM_SHA1_160_HASH_LEN, out_blob, digest1); + LoadBlob_Header(TPM_TAG_RQU_COMMAND, *outOffset, ordinal, out_blob); + + break; + } + /* 1 UINT16, 1 20 byte value, 1 UINT16, 1 AUTH */ + case TPM_ORD_ChangeAuthOwner: + { + UINT16 type1 = va_arg(ap, int); + BYTE *digest1 = va_arg(ap, BYTE *); + UINT16 type2 = va_arg(ap, int); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!digest1 || !auth1) { + result = TCSERR(TSS_E_INTERNAL_ERROR); + LogError("Internal error for ordinal 0x%x", ordinal); + break; + } + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob_UINT16(outOffset, type1, out_blob); + LoadBlob(outOffset, TPM_SHA1_160_HASH_LEN, out_blob, digest1); + LoadBlob_UINT16(outOffset, type2, out_blob); + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, *outOffset, ordinal, out_blob); + + break; + } +#ifdef TSS_BUILD_AUDIT + /* 1 UINT32, 1 BOOL, 1 AUTH */ + case TPM_ORD_SetOrdinalAuditStatus: + { + UINT32 ord1 = va_arg(ap, UINT32); + TSS_BOOL bool1 = va_arg(ap, int); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!auth1) { + result = TCSERR(TSS_E_INTERNAL_ERROR); + LogError("Internal error for ordinal 0x%x", ordinal); + break; + } + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob_UINT32(outOffset, ord1, out_blob); + LoadBlob_BOOL(outOffset, bool1, out_blob); + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, *outOffset, ordinal, out_blob); + + break; + } +#endif + /* 1 BOOL, 1 optional AUTH */ + case TPM_ORD_OwnerSetDisable: + case TPM_ORD_PhysicalSetDeactivated: + case TPM_ORD_CreateMaintenanceArchive: + case TPM_ORD_SetOwnerInstall: + { + TSS_BOOL bool1 = va_arg(ap, int); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob_BOOL(outOffset, bool1, out_blob); + if (auth1) { + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, *outOffset, ordinal, out_blob); + } else { + LoadBlob_Header(TPM_TAG_RQU_COMMAND, *outOffset, ordinal, out_blob); + } + + break; + } + /* 1 optional AUTH */ + case TPM_ORD_OwnerClear: + case TPM_ORD_DisablePubekRead: + case TPM_ORD_GetCapabilityOwner: + case TPM_ORD_ResetLockValue: + case TPM_ORD_DisableOwnerClear: + case TPM_ORD_SetTempDeactivated: + case TPM_ORD_OIAP: + case TPM_ORD_OwnerReadPubek: + case TPM_ORD_SelfTestFull: + case TPM_ORD_GetTicks: + case TPM_ORD_GetTestResult: + case TPM_ORD_KillMaintenanceFeature: + case TPM_ORD_Delegate_ReadTable: + case TPM_ORD_PhysicalEnable: + case TPM_ORD_DisableForceClear: + case TPM_ORD_ForceClear: + { + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + if (auth1) { + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, *outOffset, ordinal, out_blob); + } else { + LoadBlob_Header(TPM_TAG_RQU_COMMAND, *outOffset, ordinal, out_blob); + } + + break; + } + /* 1 UINT32, 1 optional AUTH */ + case TPM_ORD_OwnerReadInternalPub: + case TPM_ORD_GetPubKey: + case TPM_ORD_ReleaseCounterOwner: + case TPM_ORD_ReleaseCounter: + case TPM_ORD_IncrementCounter: + case TPM_ORD_PcrRead: + case TPM_ORD_DirRead: + case TPM_ORD_ReadCounter: + case TPM_ORD_Terminate_Handle: + case TPM_ORD_GetAuditDigest: + case TPM_ORD_GetRandom: + case TPM_ORD_CMK_SetRestrictions: + { + UINT32 i = va_arg(ap, UINT32); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob_UINT32(outOffset, i, out_blob); + if (auth1) { + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, *outOffset, ordinal, out_blob); + } else { + LoadBlob_Header(TPM_TAG_RQU_COMMAND, *outOffset, ordinal, out_blob); + } + + break; + } +#ifdef TSS_BUILD_CMK + /* 1 20 byte value, 1 optional AUTH */ + case TPM_ORD_CMK_ApproveMA: + { + BYTE *digest1 = va_arg(ap, BYTE *); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob(outOffset, TPM_SHA1_160_HASH_LEN, out_blob, digest1); + if (auth1) { + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, *outOffset, ordinal, out_blob); + } else { + LoadBlob_Header(TPM_TAG_RQU_COMMAND, *outOffset, ordinal, out_blob); + } + + break; + } +#endif + /* 1 UINT16 only */ + case TSC_ORD_PhysicalPresence: + { + UINT16 i = va_arg(ap, int); + va_end(ap); + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob_UINT16(outOffset, i, out_blob); + LoadBlob_Header(TPM_TAG_RQU_COMMAND, *outOffset, ordinal, out_blob); + + break; + } +#ifdef TSS_BUILD_CMK + /* 1 UINT32, 1 20 byte value, 1 BLOB, 2 20 byte values, 1 optional AUTH */ + case TPM_ORD_CMK_CreateKey: + { + UINT32 key1 = va_arg(ap, UINT32); + BYTE *digest1 = va_arg(ap, BYTE *); + UINT32 in_len1 = va_arg(ap, UINT32); + BYTE *in_blob1 = va_arg(ap, BYTE *); + BYTE *digest2 = va_arg(ap, BYTE *); + BYTE *digest3 = va_arg(ap, BYTE *); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!digest1 || !in_blob1 || !digest2 || !digest3) { + result = TCSERR(TSS_E_INTERNAL_ERROR); + LogError("Internal error for ordinal 0x%x", ordinal); + break; + } + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob_UINT32(outOffset, key1, out_blob); + LoadBlob(outOffset, TPM_SHA1_160_HASH_LEN, out_blob, digest1); + LoadBlob(outOffset, in_len1, out_blob, in_blob1); + LoadBlob(outOffset, TPM_SHA1_160_HASH_LEN, out_blob, digest2); + LoadBlob(outOffset, TPM_SHA1_160_HASH_LEN, out_blob, digest3); + if (auth1) { + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, *outOffset, ordinal, out_blob); + } else { + LoadBlob_Header(TPM_TAG_RQU_COMMAND, *outOffset, ordinal, out_blob); + } + + break; + } + /* 1 BLOB, 1 20 byte value, 1 UINT32, 1 BLOB, 1 optional AUTH */ + case TPM_ORD_CMK_CreateTicket: + { + UINT32 in_len1 = va_arg(ap, UINT32); + BYTE *in_blob1 = va_arg(ap, BYTE *); + BYTE *digest1 = va_arg(ap, BYTE *); + UINT32 in_len2 = va_arg(ap, UINT32); + BYTE *in_blob2 = va_arg(ap, BYTE *); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!digest1 || !in_blob1 || !in_blob2) { + result = TCSERR(TSS_E_INTERNAL_ERROR); + LogError("Internal error for ordinal 0x%x", ordinal); + break; + } + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob(outOffset, in_len1, out_blob, in_blob1); + LoadBlob(outOffset, TPM_SHA1_160_HASH_LEN, out_blob, digest1); + LoadBlob_UINT32(outOffset, in_len2, out_blob); + LoadBlob(outOffset, in_len2, out_blob, in_blob2); + if (auth1) { + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, *outOffset, ordinal, out_blob); + } else { + LoadBlob_Header(TPM_TAG_RQU_COMMAND, *outOffset, ordinal, out_blob); + } + + break; + } + /* 1 UINT32, 1 UINT16, 1 BLOB, 1 20 byte value, 4 x (1 UINT32, 1 BLOB), 1 optional AUTH */ + case TPM_ORD_CMK_CreateBlob: + { + UINT32 in_key1 = va_arg(ap, UINT32); + UINT16 i = va_arg(ap, int); + UINT32 in_len1 = va_arg(ap, UINT32); + BYTE *in_blob1 = va_arg(ap, BYTE *); + BYTE *digest1 = va_arg(ap, BYTE *); + UINT32 in_len2 = va_arg(ap, UINT32); + BYTE *in_blob2 = va_arg(ap, BYTE *); + UINT32 in_len3 = va_arg(ap, UINT32); + BYTE *in_blob3 = va_arg(ap, BYTE *); + UINT32 in_len4 = va_arg(ap, UINT32); + BYTE *in_blob4 = va_arg(ap, BYTE *); + UINT32 in_len5 = va_arg(ap, UINT32); + BYTE *in_blob5 = va_arg(ap, BYTE *); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!digest1 || !in_blob1 || !in_blob2 || !in_blob3 || !in_blob4 || !in_blob5) { + result = TCSERR(TSS_E_INTERNAL_ERROR); + LogError("Internal error for ordinal 0x%x", ordinal); + break; + } + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob_UINT32(outOffset, in_key1, out_blob); + LoadBlob_UINT16(outOffset, i, out_blob); + LoadBlob(outOffset, in_len1, out_blob, in_blob1); + LoadBlob(outOffset, TPM_SHA1_160_HASH_LEN, out_blob, digest1); + LoadBlob_UINT32(outOffset, in_len2, out_blob); + LoadBlob(outOffset, in_len2, out_blob, in_blob2); + LoadBlob_UINT32(outOffset, in_len3, out_blob); + LoadBlob(outOffset, in_len3, out_blob, in_blob3); + LoadBlob_UINT32(outOffset, in_len4, out_blob); + LoadBlob(outOffset, in_len4, out_blob, in_blob4); + LoadBlob_UINT32(outOffset, in_len5, out_blob); + LoadBlob(outOffset, in_len5, out_blob, in_blob5); + if (auth1) { + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, *outOffset, ordinal, out_blob); + } else { + LoadBlob_Header(TPM_TAG_RQU_COMMAND, *outOffset, ordinal, out_blob); + } + + break; + } + /* 1 UINT32, 1 60 byte value, 1 20 byte value, 1 BLOB, 2 x (1 UINT32, 1 BLOB), + * 1 optional AUTH */ + case TPM_ORD_CMK_ConvertMigration: + { + UINT32 key1 = va_arg(ap, UINT32); + BYTE *cmkauth1 = va_arg(ap, BYTE *); + BYTE *digest1 = va_arg(ap, BYTE *); + UINT32 in_len1 = va_arg(ap, UINT32); + BYTE *in_blob1 = va_arg(ap, BYTE *); + UINT32 in_len2 = va_arg(ap, UINT32); + BYTE *in_blob2 = va_arg(ap, BYTE *); + UINT32 in_len3 = va_arg(ap, UINT32); + BYTE *in_blob3 = va_arg(ap, BYTE *); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + if (!cmkauth1 || !digest1 || !in_blob1 || !in_blob2 || !in_blob3) { + result = TCSERR(TSS_E_INTERNAL_ERROR); + LogError("Internal error for ordinal 0x%x", ordinal); + break; + } + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob_UINT32(outOffset, key1, out_blob); + LoadBlob(outOffset, 3 * TPM_SHA1_160_HASH_LEN, out_blob, cmkauth1); + LoadBlob(outOffset, TPM_SHA1_160_HASH_LEN, out_blob, digest1); + LoadBlob(outOffset, in_len1, out_blob, in_blob1); + LoadBlob_UINT32(outOffset, in_len2, out_blob); + LoadBlob(outOffset, in_len2, out_blob, in_blob2); + LoadBlob_UINT32(outOffset, in_len3, out_blob); + LoadBlob(outOffset, in_len3, out_blob, in_blob3); + if (auth1) { + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, *outOffset, ordinal, out_blob); + } else { + LoadBlob_Header(TPM_TAG_RQU_COMMAND, *outOffset, ordinal, out_blob); + } + + break; + } +#endif +#ifdef TSS_BUILD_TSS12 + case TPM_ORD_FlushSpecific: + { + UINT32 val1 = va_arg(ap, UINT32); + UINT32 val2 = va_arg(ap, UINT32); + va_end(ap); + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob_UINT32(outOffset, val1, out_blob); + LoadBlob_UINT32(outOffset, val2, out_blob); + LoadBlob_Header(TPM_TAG_RQU_COMMAND, *outOffset, ordinal, out_blob); + + break; + } + /* 1 UINT32, 1 BLOB, 1 UINT32, 1 BOOL, 1 AUTH */ + case TPM_ORD_KeyControlOwner: + { + UINT32 i = va_arg(ap, UINT32); + UINT32 len1 = va_arg(ap, UINT32); + BYTE *blob1 = va_arg(ap, BYTE *); + UINT32 j = va_arg(ap, UINT32); + TSS_BOOL bool1 = va_arg(ap, int); + TPM_AUTH *auth1 = va_arg(ap, TPM_AUTH *); + va_end(ap); + + *outOffset += TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob_UINT32(outOffset, i, out_blob); + LoadBlob(outOffset, len1, out_blob, blob1); + LoadBlob_UINT32(outOffset, j, out_blob); + LoadBlob_BOOL(outOffset, bool1, out_blob); + LoadBlob_Auth(outOffset, out_blob, auth1); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, *outOffset, ordinal, out_blob); + + break; + } +#endif + default: + LogError("Unknown ordinal: 0x%x", ordinal); + break; + } + + return result; +} diff --git a/src/tcs/tcs_ps.c b/src/tcs/tcs_ps.c new file mode 100644 index 0000000..cd3d0c3 --- /dev/null +++ b/src/tcs/tcs_ps.c @@ -0,0 +1,176 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcsps.h" +#include "tcslog.h" +#include "tddl.h" +#include "req_mgr.h" +#include "tcsd_wrap.h" +#include "tcsd.h" + + +TSS_RESULT +get_vendor_data(struct key_disk_cache *d, UINT32 *size, BYTE **data) +{ + if (d->vendor_data_size == 0) { + *size = 0; + *data = NULL; + + return TSS_SUCCESS; + } + + return ps_get_vendor_data(d, size, data); +} + +TSS_RESULT +fill_key_info(struct key_disk_cache *d, struct key_mem_cache *m, TSS_KM_KEYINFO *key_info) +{ + BYTE tmp_blob[2048]; + UINT16 tmp_blob_size = 2048; + TSS_KEY tmp_key; + UINT64 offset; + TSS_RESULT result; + + if (m == NULL) { + key_info->fIsLoaded = FALSE; + + /* read key from disk */ + if ((result = ps_get_key_by_cache_entry(d, (BYTE *)&tmp_blob, &tmp_blob_size))) + return result; + + offset = 0; + /* XXX add a real context handle here */ + if ((result = UnloadBlob_TSS_KEY(&offset, tmp_blob, &tmp_key))) + return result; + + if (tmp_key.hdr.key12.tag == TPM_TAG_KEY12) { + key_info->versionInfo.bMajor = TSS_SPEC_MAJOR; + key_info->versionInfo.bMinor = TSS_SPEC_MINOR; + key_info->versionInfo.bRevMajor = 0; + key_info->versionInfo.bRevMajor = 0; + } else + memcpy(&key_info->versionInfo, &tmp_key.hdr.key11.ver, sizeof(TSS_VERSION)); + memcpy(&key_info->bAuthDataUsage, &tmp_key.authDataUsage, + sizeof(TCPA_AUTH_DATA_USAGE)); + destroy_key_refs(&tmp_key); + } else { + if (m->tpm_handle == NULL_TPM_HANDLE) + key_info->fIsLoaded = FALSE; + else + key_info->fIsLoaded = TRUE; + + if (m->blob->hdr.key12.tag == TPM_TAG_KEY12) { + key_info->versionInfo.bMajor = TSS_SPEC_MAJOR; + key_info->versionInfo.bMinor = TSS_SPEC_MINOR; + key_info->versionInfo.bRevMajor = 0; + key_info->versionInfo.bRevMajor = 0; + } else + memcpy(&key_info->versionInfo, &m->blob->hdr.key11.ver, sizeof(TSS_VERSION)); + memcpy(&key_info->bAuthDataUsage, &m->blob->authDataUsage, + sizeof(TCPA_AUTH_DATA_USAGE)); + } + + memcpy(&key_info->keyUUID, &d->uuid, sizeof(TSS_UUID)); + memcpy(&key_info->parentKeyUUID, &d->parent_uuid, sizeof(TSS_UUID)); + + return get_vendor_data(d, &key_info->ulVendorDataLength, &key_info->rgbVendorData); +} + +TSS_RESULT +fill_key_info2(struct key_disk_cache *d, struct key_mem_cache *m, TSS_KM_KEYINFO2 *key_info) +{ + BYTE tmp_blob[2048]; + UINT16 tmp_blob_size = 2048; + TSS_KEY tmp_key; + UINT64 offset; + TSS_RESULT result; + + if (m == NULL) { + key_info->fIsLoaded = FALSE; + + /* read key from disk */ + if ((result = ps_get_key_by_cache_entry(d, (BYTE *)&tmp_blob, &tmp_blob_size))) + return result; + + offset = 0; + /* XXX add a real context handle here */ + if ((result = UnloadBlob_TSS_KEY(&offset, tmp_blob, &tmp_key))) + return result; + + if (tmp_key.hdr.key12.tag == TPM_TAG_KEY12) { + key_info->versionInfo.bMajor = TSS_SPEC_MAJOR; + key_info->versionInfo.bMinor = TSS_SPEC_MINOR; + key_info->versionInfo.bRevMajor = 0; + key_info->versionInfo.bRevMajor = 0; + } else + memcpy(&key_info->versionInfo, &tmp_key.hdr.key11.ver, sizeof(TSS_VERSION)); + memcpy(&key_info->bAuthDataUsage, &tmp_key.authDataUsage, + sizeof(TCPA_AUTH_DATA_USAGE)); + destroy_key_refs(&tmp_key); + } else { + if (m->tpm_handle == NULL_TPM_HANDLE) + key_info->fIsLoaded = FALSE; + else + key_info->fIsLoaded = TRUE; + + if (m->blob->hdr.key12.tag == TPM_TAG_KEY12) { + key_info->versionInfo.bMajor = TSS_SPEC_MAJOR; + key_info->versionInfo.bMinor = TSS_SPEC_MINOR; + key_info->versionInfo.bRevMajor = 0; + key_info->versionInfo.bRevMajor = 0; + } else + memcpy(&key_info->versionInfo, &m->blob->hdr.key11.ver, sizeof(TSS_VERSION)); + memcpy(&key_info->bAuthDataUsage, &m->blob->authDataUsage, + sizeof(TCPA_AUTH_DATA_USAGE)); + } + + memcpy(&key_info->keyUUID, &d->uuid, sizeof(TSS_UUID)); + memcpy(&key_info->parentKeyUUID, &d->parent_uuid, sizeof(TSS_UUID)); + + /* Fill the two new TSS_KM_KEYINFO2 fields here */ + key_info->persistentStorageTypeParent = d->flags & CACHE_FLAG_PARENT_PS_SYSTEM ? + TSS_PS_TYPE_SYSTEM : TSS_PS_TYPE_USER; + key_info->persistentStorageType = TSS_PS_TYPE_SYSTEM; + + return get_vendor_data(d, &key_info->ulVendorDataLength, &key_info->rgbVendorData); +} + +TSS_RESULT +key_mgr_load_by_uuid(TCS_CONTEXT_HANDLE hContext, + TSS_UUID *uuid, + TCS_LOADKEY_INFO *pInfo, + TCS_KEY_HANDLE *phKeyTCSI) +{ + TSS_RESULT result; + + MUTEX_LOCK(mem_cache_lock); + + result = TCSP_LoadKeyByUUID_Internal(hContext, uuid, pInfo, phKeyTCSI); + + LogDebug("Key %s loaded by UUID w/ TCS handle: 0x%x", + result ? "NOT" : "successfully", result ? 0 : *phKeyTCSI); + + MUTEX_UNLOCK(mem_cache_lock); + + return result; +} + diff --git a/src/tcs/tcs_quote.c b/src/tcs/tcs_quote.c new file mode 100644 index 0000000..0c84687 --- /dev/null +++ b/src/tcs/tcs_quote.c @@ -0,0 +1,101 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcsps.h" +#include "tcslog.h" +#include "tddl.h" +#include "req_mgr.h" +#include "tcsd_wrap.h" +#include "tcsd.h" + + +TSS_RESULT +UnloadBlob_PCR_SELECTION(UINT64 *offset, BYTE *blob, TCPA_PCR_SELECTION *pcr) +{ + if (!pcr) { + UINT16 size; + + UnloadBlob_UINT16(offset, &size, blob); + + if (size > 0) + UnloadBlob(offset, size, blob, NULL); + + return TSS_SUCCESS; + } + + UnloadBlob_UINT16(offset, &pcr->sizeOfSelect, blob); + pcr->pcrSelect = malloc(pcr->sizeOfSelect); + if (pcr->pcrSelect == NULL) { + LogError("malloc of %hu bytes failed.", pcr->sizeOfSelect); + pcr->sizeOfSelect = 0; + return TCSERR(TSS_E_OUTOFMEMORY); + } + UnloadBlob(offset, pcr->sizeOfSelect, blob, pcr->pcrSelect); + + return TSS_SUCCESS; +} + +void +LoadBlob_PCR_SELECTION(UINT64 *offset, BYTE * blob, TCPA_PCR_SELECTION pcr) +{ + LoadBlob_UINT16(offset, pcr.sizeOfSelect, blob); + LoadBlob(offset, pcr.sizeOfSelect, blob, pcr.pcrSelect); +} + +TSS_RESULT +UnloadBlob_PCR_COMPOSITE(UINT64 *offset, BYTE *blob, TCPA_PCR_COMPOSITE *out) +{ + TSS_RESULT rc; + + if (!out) { + UINT32 size; + + if ((rc = UnloadBlob_PCR_SELECTION(offset, blob, NULL))) + return rc; + + UnloadBlob_UINT32(offset, &size, blob); + if (size > 0) + UnloadBlob(offset, size, blob, NULL); + + return TSS_SUCCESS; + } + + if ((rc = UnloadBlob_PCR_SELECTION(offset, blob, &out->select))) + return rc; + + UnloadBlob_UINT32(offset, &out->valueSize, blob); + out->pcrValue = malloc(out->valueSize); + if (out->pcrValue == NULL) { + LogError("malloc of %u bytes failed.", out->valueSize); + out->valueSize = 0; + return TCSERR(TSS_E_OUTOFMEMORY); + } + UnloadBlob(offset, out->valueSize, blob, (BYTE *) out->pcrValue); + + return TSS_SUCCESS; +} diff --git a/src/tcs/tcs_quote2.c b/src/tcs/tcs_quote2.c new file mode 100644 index 0000000..aa7ba51 --- /dev/null +++ b/src/tcs/tcs_quote2.c @@ -0,0 +1,72 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcsps.h" +#include "tcslog.h" +#include "tddl.h" +#include "req_mgr.h" +#include "tcsd_wrap.h" +#include "tcsd.h" + +TSS_RESULT +UnloadBlob_PCR_INFO_SHORT(UINT64 *offset, BYTE *blob, TPM_PCR_INFO_SHORT *pcrInfoOut) +{ + TSS_RESULT result; + BYTE locAtRelease; + TPM_DIGEST digest; + + LogDebugFn("UnloadBlob_PCR_INFO_SHORT."); + /* Only adjust the offset until the end of this data type */ + if (!pcrInfoOut) { + if ((result = UnloadBlob_PCR_SELECTION(offset, blob, NULL))) + return result; + /* What should go to &pcrInfoOut->localityAtRelease */ + UnloadBlob_BYTE(offset, NULL, blob); + /* What should go to &pcrInfoOut->digestAtRelease */ + UnloadBlob_DIGEST(offset, blob, NULL); + return TSS_SUCCESS; + } + + /* Normal retrieve or TPM_PCR_INFO_SHORT (not used yet, kept for + * integrity purposes. + * TPM_PCR_SELECTION pcrSelection + * TPM_LOCALITY_SELECTION localityAtRelease + * TPM_COMPOSITE_HASH digestAtRelease + * */ + if ((result = UnloadBlob_PCR_SELECTION(offset, blob, &pcrInfoOut->pcrSelection))) + return result; + + UnloadBlob_BYTE(offset, &locAtRelease, blob); + pcrInfoOut->localityAtRelease = locAtRelease; + UnloadBlob_DIGEST(offset, blob, &digest); + pcrInfoOut->digestAtRelease = digest; + + return TSS_SUCCESS; +} + + diff --git a/src/tcs/tcs_req_mgr.c b/src/tcs/tcs_req_mgr.c new file mode 100644 index 0000000..701cedb --- /dev/null +++ b/src/tcs/tcs_req_mgr.c @@ -0,0 +1,83 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + + +#include +#include +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tddl.h" +#include "req_mgr.h" +#include "tcslog.h" + +static struct tpm_req_mgr *trm; + +#ifdef TSS_DEBUG +#define TSS_TPM_DEBUG +#endif + +TSS_RESULT +req_mgr_submit_req(BYTE *blob) +{ + TSS_RESULT result; + BYTE loc_buf[TSS_TPM_TXBLOB_SIZE]; + UINT32 size = TSS_TPM_TXBLOB_SIZE; + UINT32 retry = TSS_REQ_MGR_MAX_RETRIES; + + MUTEX_LOCK(trm->queue_lock); + +#ifdef TSS_TPM_DEBUG + LogBlobData("To TPM:", Decode_UINT32(&blob[2]), blob); +#endif + + do { + result = Tddli_TransmitData(blob, Decode_UINT32(&blob[2]), loc_buf, &size); + } while (!result && (Decode_UINT32(&loc_buf[6]) == TCPA_E_RETRY) && --retry); + + if (!result) + memcpy(blob, loc_buf, Decode_UINT32(&loc_buf[2])); + +#ifdef TSS_TPM_DEBUG + LogBlobData("From TPM:", size, loc_buf); +#endif + + MUTEX_UNLOCK(trm->queue_lock); + + return result; +} + +TSS_RESULT +req_mgr_init() +{ + if ((trm = calloc(1, sizeof(struct tpm_req_mgr))) == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(struct tpm_req_mgr)); + return TSS_E_OUTOFMEMORY; + } + + MUTEX_INIT(trm->queue_lock); + + return Tddli_Open(); +} + +TSS_RESULT +req_mgr_final() +{ + free(trm); + + return Tddli_Close(); +} + diff --git a/src/tcs/tcs_seal.c b/src/tcs/tcs_seal.c new file mode 100644 index 0000000..e021948 --- /dev/null +++ b/src/tcs/tcs_seal.c @@ -0,0 +1,84 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcslog.h" + + +TSS_RESULT +UnloadBlob_STORED_DATA(UINT64 *offset, BYTE *blob, TCPA_STORED_DATA *data) +{ + if (!data) { + UINT32 size; + + UnloadBlob_VERSION(offset, blob, NULL); + + UnloadBlob_UINT32(offset, &size, blob); + + if (size > 0) + UnloadBlob(offset, size, blob, NULL); + + UnloadBlob_UINT32(offset, &size, blob); + + if (size > 0) + UnloadBlob(offset, size, blob, NULL); + + return TSS_SUCCESS; + } + + UnloadBlob_VERSION(offset, blob, (TPM_VERSION *)&data->ver); + + UnloadBlob_UINT32(offset, &data->sealInfoSize, blob); + + if (data->sealInfoSize > 0) { + data->sealInfo = (BYTE *)calloc(1, data->sealInfoSize); + if (data->sealInfo == NULL) { + LogError("malloc of %u bytes failed.", data->sealInfoSize); + data->sealInfoSize = 0; + return TCSERR(TSS_E_OUTOFMEMORY); + } + UnloadBlob(offset, data->sealInfoSize, blob, data->sealInfo); + } else { + data->sealInfo = NULL; + } + + UnloadBlob_UINT32(offset, &data->encDataSize, blob); + + if (data->encDataSize > 0) { + data->encData = (BYTE *)calloc(1, data->encDataSize); + if (data->encData == NULL) { + LogError("malloc of %u bytes failed.", data->encDataSize); + data->encDataSize = 0; + free(data->sealInfo); + data->sealInfo = NULL; + data->sealInfoSize = 0; + return TCSERR(TSS_E_OUTOFMEMORY); + } + UnloadBlob(offset, data->encDataSize, blob, data->encData); + } else { + data->encData = NULL; + } + + return TSS_SUCCESS; +} diff --git a/src/tcs/tcs_utils.c b/src/tcs/tcs_utils.c new file mode 100644 index 0000000..7e19d09 --- /dev/null +++ b/src/tcs/tcs_utils.c @@ -0,0 +1,537 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcsps.h" +#include "tcslog.h" + + +TCS_CONTEXT_HANDLE InternalContext = 0x30000000; +TSS_UUID SRK_UUID = TSS_UUID_SRK; + + +void +LogData(char *string, UINT32 data) +{ +#if 0 + /* commenting out temporarily, logs getting too chatty */ + LogDebug("%s %08x", string, data); +#endif +} + +void +LogResult(char *string, TCPA_RESULT result) +{ +#if 0 + /* commenting out temporarily, logs getting too chatty */ + LogDebug("Leaving %s with result 0x%08x", string, result); +#endif +} + +UINT16 +Decode_UINT16(BYTE * in) +{ + UINT16 temp = 0; + temp = (in[1] & 0xFF); + temp |= (in[0] << 8); + return temp; +} + +void +UINT64ToArray(UINT64 i, BYTE * out) +{ + out[0] = (BYTE) ((i >> 56) & 0xFF); + out[1] = (BYTE) ((i >> 48) & 0xFF); + out[2] = (BYTE) ((i >> 40) & 0xFF); + out[3] = (BYTE) ((i >> 32) & 0xFF); + out[4] = (BYTE) ((i >> 24) & 0xFF); + out[5] = (BYTE) ((i >> 16) & 0xFF); + out[6] = (BYTE) ((i >> 8) & 0xFF); + out[7] = (BYTE) (i & 0xFF); +} + +void +UINT32ToArray(UINT32 i, BYTE * out) +{ + out[0] = (BYTE) ((i >> 24) & 0xFF); + out[1] = (BYTE) ((i >> 16) & 0xFF); + out[2] = (BYTE) ((i >> 8) & 0xFF); + out[3] = (BYTE) (i & 0xFF); +} + +void +UINT16ToArray(UINT16 i, BYTE * out) +{ + out[0] = (BYTE) ((i >> 8) & 0xFF); + out[1] = (BYTE) (i & 0xFF); +} + +UINT32 +Decode_UINT32(BYTE * y) +{ + UINT32 x = 0; + + x = y[0]; + x = ((x << 8) | (y[1] & 0xFF)); + x = ((x << 8) | (y[2] & 0xFF)); + x = ((x << 8) | (y[3] & 0xFF)); + + return x; +} + +UINT64 +Decode_UINT64(BYTE *y) +{ + UINT64 x = 0; + + x = y[0]; + x = ((x << 8) | (y[1] & 0xFF)); + x = ((x << 8) | (y[2] & 0xFF)); + x = ((x << 8) | (y[3] & 0xFF)); + x = ((x << 8) | (y[4] & 0xFF)); + x = ((x << 8) | (y[5] & 0xFF)); + x = ((x << 8) | (y[6] & 0xFF)); + x = ((x << 8) | (y[7] & 0xFF)); + + return x; +} + +void +LoadBlob_UINT64(UINT64 *offset, UINT64 in, BYTE * blob) +{ + if (blob) + UINT64ToArray(in, &blob[*offset]); + *offset += sizeof(UINT64); +} + +void +LoadBlob_UINT32(UINT64 *offset, UINT32 in, BYTE * blob) +{ + if (blob) + UINT32ToArray(in, &blob[*offset]); + *offset += sizeof(UINT32); +} + +void +LoadBlob_UINT16(UINT64 *offset, UINT16 in, BYTE * blob) +{ + if (blob) + UINT16ToArray(in, &blob[*offset]); + *offset += sizeof(UINT16); +} + +void +UnloadBlob_UINT64(UINT64 *offset, UINT64 * out, BYTE * blob) +{ + if (out) + *out = Decode_UINT64(&blob[*offset]); + *offset += sizeof(UINT64); +} + +void +UnloadBlob_UINT32(UINT64 *offset, UINT32 * out, BYTE * blob) +{ + if (out) + *out = Decode_UINT32(&blob[*offset]); + *offset += sizeof(UINT32); +} + +void +UnloadBlob_UINT16(UINT64 *offset, UINT16 * out, BYTE * blob) +{ + if (out) + *out = Decode_UINT16(&blob[*offset]); + *offset += sizeof(UINT16); +} + +void +LoadBlob_BYTE(UINT64 *offset, BYTE data, BYTE * blob) +{ + if (blob) + blob[*offset] = data; + (*offset)++; +} + +void +UnloadBlob_BYTE(UINT64 *offset, BYTE * dataOut, BYTE * blob) +{ + if (dataOut) + *dataOut = blob[*offset]; + (*offset)++; +} + +void +LoadBlob_BOOL(UINT64 *offset, TSS_BOOL data, BYTE * blob) +{ + if (blob) + blob[*offset] = data; + (*offset)++; +} + +void +UnloadBlob_BOOL(UINT64 *offset, TSS_BOOL *dataOut, BYTE * blob) +{ + if (dataOut) + *dataOut = blob[*offset]; + (*offset)++; +} + +void +LoadBlob(UINT64 *offset, UINT32 size, BYTE *container, BYTE *object) +{ + if ((size == 0) || ((*offset + size) > TSS_TPM_TXBLOB_SIZE)) + return; + + if (container) + memcpy(&container[*offset], object, size); + (*offset) += (UINT64) size; +} + +void +UnloadBlob(UINT64 *offset, UINT32 size, BYTE *container, BYTE *object) +{ + if ((size == 0) || ((*offset + size) > TSS_TPM_TXBLOB_SIZE)) + return; + + if (object) + memcpy(object, &container[*offset], size); + (*offset) += (UINT64) size; +} + +void +LoadBlob_Header(UINT16 tag, UINT32 paramSize, UINT32 ordinal, BYTE * blob) +{ + + UINT16ToArray(tag, &blob[0]); + LogData("Header Tag:", tag); + UINT32ToArray(paramSize, &blob[2]); + LogData("Header ParamSize:", paramSize); + UINT32ToArray(ordinal, &blob[6]); + LogData("Header Ordinal:", ordinal); +#if 0 + LogInfo("Blob's TPM Ordinal: 0x%x", ordinal); +#endif +} + +#ifdef TSS_DEBUG +TSS_RESULT +LogUnloadBlob_Header(BYTE * blob, UINT32 * size, char *file, int line) +{ + TSS_RESULT result; + + UINT16 temp = Decode_UINT16(blob); + LogData("UnloadBlob_Tag:", (temp)); + *size = Decode_UINT32(&blob[2]); + LogData("UnloadBlob_Header, size:", *size); + LogData("UnloadBlob_Header, returnCode:", Decode_UINT32(&blob[6])); + + if ((result = Decode_UINT32(&blob[6]))) { + LogTPMERR(result, file, line); + } + + return result; +} +#else +TSS_RESULT +UnloadBlob_Header(BYTE * blob, UINT32 * size) +{ + UINT16 temp = Decode_UINT16(blob); + LogData("UnloadBlob_Tag:", (temp)); + *size = Decode_UINT32(&blob[2]); + LogData("UnloadBlob_Header, size:", *size); + LogData("UnloadBlob_Header, returnCode:", Decode_UINT32(&blob[6])); + return Decode_UINT32(&blob[6]); +} +#endif + +void +LoadBlob_Auth(UINT64 *offset, BYTE * blob, TPM_AUTH * auth) +{ + LoadBlob_UINT32(offset, auth->AuthHandle, blob); + LoadBlob(offset, TCPA_NONCE_SIZE, blob, auth->NonceOdd.nonce); + LoadBlob_BOOL(offset, auth->fContinueAuthSession, blob); + LoadBlob(offset, TCPA_AUTHDATA_SIZE, blob, (BYTE *)&auth->HMAC); +} + +void +UnloadBlob_Auth(UINT64 *offset, BYTE * blob, TPM_AUTH * auth) +{ + if (!auth) { + UnloadBlob(offset, TCPA_NONCE_SIZE, blob, NULL); + UnloadBlob_BOOL(offset, NULL, blob); + UnloadBlob(offset, TCPA_DIGEST_SIZE, blob, NULL); + + return; + } + + UnloadBlob(offset, TCPA_NONCE_SIZE, blob, auth->NonceEven.nonce); + UnloadBlob_BOOL(offset, &auth->fContinueAuthSession, blob); + UnloadBlob(offset, TCPA_DIGEST_SIZE, blob, (BYTE *)&auth->HMAC); +} + +void +UnloadBlob_VERSION(UINT64 *offset, BYTE *blob, TPM_VERSION *out) +{ + if (!out) { + *offset += (sizeof(BYTE) * 4); + return; + } + + UnloadBlob_BYTE(offset, &out->major, blob); + UnloadBlob_BYTE(offset, &out->minor, blob); + UnloadBlob_BYTE(offset, &out->revMajor, blob); + UnloadBlob_BYTE(offset, &out->revMinor, blob); +} + +void +LoadBlob_VERSION(UINT64 *offset, BYTE *blob, TPM_VERSION *ver) +{ + LoadBlob_BYTE(offset, ver->major, blob); + LoadBlob_BYTE(offset, ver->minor, blob); + LoadBlob_BYTE(offset, ver->revMajor, blob); + LoadBlob_BYTE(offset, ver->revMinor, blob); +} + +void +UnloadBlob_TCPA_VERSION(UINT64 *offset, BYTE *blob, TCPA_VERSION *out) +{ + if (!out) { + *offset += (sizeof(BYTE) * 4); + return; + } + + UnloadBlob_BYTE(offset, &out->major, blob); + UnloadBlob_BYTE(offset, &out->minor, blob); + UnloadBlob_BYTE(offset, &out->revMajor, blob); + UnloadBlob_BYTE(offset, &out->revMinor, blob); +} + +void +LoadBlob_TCPA_VERSION(UINT64 *offset, BYTE *blob, TCPA_VERSION *ver) +{ + LoadBlob_BYTE(offset, ver->major, blob); + LoadBlob_BYTE(offset, ver->minor, blob); + LoadBlob_BYTE(offset, ver->revMajor, blob); + LoadBlob_BYTE(offset, ver->revMinor, blob); +} + +TSS_RESULT +UnloadBlob_KEY_PARMS(UINT64 *offset, BYTE *blob, TCPA_KEY_PARMS *keyParms) +{ + if (!keyParms) { + UINT32 parmSize; + + UnloadBlob_UINT32(offset, NULL, blob); + UnloadBlob_UINT16(offset, NULL, blob); + UnloadBlob_UINT16(offset, NULL, blob); + UnloadBlob_UINT32(offset, &parmSize, blob); + + if (parmSize > 0) + UnloadBlob(offset, parmSize, blob, NULL); + + return TSS_SUCCESS; + } + + UnloadBlob_UINT32(offset, &keyParms->algorithmID, blob); + UnloadBlob_UINT16(offset, &keyParms->encScheme, blob); + UnloadBlob_UINT16(offset, &keyParms->sigScheme, blob); + UnloadBlob_UINT32(offset, &keyParms->parmSize, blob); + + if (keyParms->parmSize == 0) + keyParms->parms = NULL; + else { + keyParms->parms = malloc(keyParms->parmSize); + if (keyParms->parms == NULL) { + LogError("malloc of %u bytes failed.", keyParms->parmSize); + keyParms->parmSize = 0; + return TCSERR(TSS_E_OUTOFMEMORY); + } + + UnloadBlob(offset, keyParms->parmSize, blob, keyParms->parms); + } + + return TSS_SUCCESS; +} + +void +UnloadBlob_KEY_FLAGS(UINT64 *offset, BYTE *blob, TCPA_KEY_FLAGS *flags) +{ + if (!flags) { + UnloadBlob_UINT32(offset, NULL, blob); + + return; + } + + UnloadBlob_UINT32(offset, flags, blob); +} + +TSS_RESULT +UnloadBlob_CERTIFY_INFO(UINT64 *offset, BYTE *blob, TCPA_CERTIFY_INFO *certify) +{ + TSS_RESULT rc; + + if (!certify) { + TPM_VERSION version; + UINT32 size; + + UnloadBlob_VERSION(offset, blob, &version); + UnloadBlob_UINT16(offset, NULL, blob); + UnloadBlob_KEY_FLAGS(offset, blob, NULL); + UnloadBlob_BOOL(offset, NULL, blob); + + if ((rc = UnloadBlob_KEY_PARMS(offset, blob, NULL))) + return rc; + + UnloadBlob(offset, TCPA_DIGEST_SIZE, blob, NULL); + UnloadBlob(offset, TCPA_NONCE_SIZE, blob, NULL); + UnloadBlob_BOOL(offset, NULL, blob); + UnloadBlob_UINT32(offset, &size, blob); + + if (size > 0) + UnloadBlob(offset, size, blob, NULL); + + if (Decode_UINT16((BYTE *) &version) == TPM_TAG_CERTIFY_INFO2){ + /* This is a TPM_CERTIFY_INFO2 structure. */ + /* Read migrationAuthority. */ + UnloadBlob_UINT32(offset, &size, blob); + if (size > 0) + UnloadBlob(offset, size, blob, NULL); + } + + return TSS_SUCCESS; + } + + UnloadBlob_VERSION(offset, blob, (TPM_VERSION *)&certify->version); + UnloadBlob_UINT16(offset, &certify->keyUsage, blob); + UnloadBlob_KEY_FLAGS(offset, blob, &certify->keyFlags); + UnloadBlob_BOOL(offset, (TSS_BOOL *)&certify->authDataUsage, blob); + + if ((rc = UnloadBlob_KEY_PARMS(offset, blob, &certify->algorithmParms))) + return rc; + + UnloadBlob(offset, TCPA_DIGEST_SIZE, blob, certify->pubkeyDigest.digest); + UnloadBlob(offset, TCPA_NONCE_SIZE, blob, certify->data.nonce); + UnloadBlob_BOOL(offset, (TSS_BOOL *)&certify->parentPCRStatus, blob); + UnloadBlob_UINT32(offset, &certify->PCRInfoSize, blob); + + if (certify->PCRInfoSize > 0) { + certify->PCRInfo = (BYTE *)malloc(certify->PCRInfoSize); + if (certify->PCRInfo == NULL) { + LogError("malloc of %u bytes failed.", certify->PCRInfoSize); + certify->PCRInfoSize = 0; + free(certify->algorithmParms.parms); + certify->algorithmParms.parms = NULL; + certify->algorithmParms.parmSize = 0; + return TCSERR(TSS_E_OUTOFMEMORY); + } + UnloadBlob(offset, certify->PCRInfoSize, blob, certify->PCRInfo); + } else { + certify->PCRInfo = NULL; + } + + if (Decode_UINT16((BYTE *) &certify->version) == TPM_TAG_CERTIFY_INFO2){ + /* This is a TPM_CERTIFY_INFO2 structure. */ + /* Read migrationAuthority. */ + UINT32 size; + UnloadBlob_UINT32(offset, &size, blob); + if (size > 0) + UnloadBlob(offset, size, blob, NULL); + } + + return TSS_SUCCESS; +} + +TSS_RESULT +UnloadBlob_KEY_HANDLE_LIST(UINT64 *offset, BYTE *blob, TCPA_KEY_HANDLE_LIST *list) +{ + UINT16 i; + + if (!list) { + UINT16 size; + + UnloadBlob_UINT16(offset, &size, blob); + + *offset += (size * sizeof(UINT32)); + + return TSS_SUCCESS; + } + + UnloadBlob_UINT16(offset, &list->loaded, blob); + if (list->loaded == 0) { + list->handle = NULL; + return TSS_SUCCESS; + } + + list->handle = malloc(list->loaded * sizeof (UINT32)); + if (list->handle == NULL) { + LogError("malloc of %zd bytes failed.", list->loaded * sizeof (UINT32)); + list->loaded = 0; + return TCSERR(TSS_E_OUTOFMEMORY); + } + + for (i = 0; i < list->loaded; i++) + UnloadBlob_UINT32(offset, &list->handle[i], blob); + + return TSS_SUCCESS; +} + +void +LoadBlob_DIGEST(UINT64 *offset, BYTE *blob, TPM_DIGEST *digest) +{ + LoadBlob(offset, TPM_SHA1_160_HASH_LEN, blob, digest->digest); +} + +void +UnloadBlob_DIGEST(UINT64 *offset, BYTE *blob, TPM_DIGEST *digest) +{ + UnloadBlob(offset, TPM_SHA1_160_HASH_LEN, blob, digest->digest); +} + +void +LoadBlob_NONCE(UINT64 *offset, BYTE *blob, TPM_NONCE *nonce) +{ + LoadBlob(offset, TCPA_NONCE_SIZE, blob, nonce->nonce); +} + +void +UnloadBlob_NONCE(UINT64 *offset, BYTE *blob, TPM_NONCE *nonce) +{ + UnloadBlob(offset, TCPA_NONCE_SIZE, blob, nonce->nonce); +} + +void +LoadBlob_AUTHDATA(UINT64 *offset, BYTE *blob, TPM_AUTHDATA *authdata) +{ + LoadBlob(offset, TPM_SHA1_160_HASH_LEN, blob, authdata->authdata); +} + +void +UnloadBlob_AUTHDATA(UINT64 *offset, BYTE *blob, TPM_AUTHDATA *authdata) +{ + UnloadBlob(offset, TPM_SHA1_160_HASH_LEN, blob, authdata->authdata); +} + diff --git a/src/tcs/tcsi_admin.c b/src/tcs/tcsi_admin.c new file mode 100644 index 0000000..3830b12 --- /dev/null +++ b/src/tcs/tcsi_admin.c @@ -0,0 +1,518 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004, 2007 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcsps.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "req_mgr.h" +#include "tcsd_wrap.h" +#include "tcsd.h" + +TSS_RESULT +TCSP_SetOwnerInstall_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TSS_BOOL state) /* in */ +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering SetOwnerInstall"); + if ((result = ctx_verify_context(hContext))) + return result; + + if ((result = tpm_rqu_build(TPM_ORD_SetOwnerInstall, &offset, txBlob, state, NULL))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + return result; + + result = UnloadBlob_Header(txBlob, ¶mSize); + LogResult("SetOwnerInstall", result); + return result; +} + +TSS_RESULT +TCSP_OwnerSetDisable_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TSS_BOOL disableState, /* in */ + TPM_AUTH * ownerAuth) /* in, out */ +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + if ((result = ctx_verify_context(hContext))) + goto done; + + if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) + goto done; + + if ((result = tpm_rqu_build(TPM_ORD_OwnerSetDisable, &offset, txBlob, disableState, + ownerAuth))) + goto done; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_OwnerSetDisable, txBlob, paramSize, ownerAuth); + } +done: + auth_mgr_release_auth(ownerAuth, NULL, hContext); + return result; +} + +TSS_RESULT +TCSP_DisableOwnerClear_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TPM_AUTH * ownerAuth) /* in, out */ +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering DisableownerClear"); + + if ((result = ctx_verify_context(hContext))) + goto done; + + if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) + goto done; + + if ((result = tpm_rqu_build(TPM_ORD_DisableOwnerClear, &offset, txBlob, ownerAuth))) + goto done; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_DisableOwnerClear, txBlob, paramSize, ownerAuth); + } + LogResult("DisableOwnerClear", result); +done: + auth_mgr_release_auth(ownerAuth, NULL, hContext); + return result; +} + +TSS_RESULT +TCSP_ForceClear_Internal(TCS_CONTEXT_HANDLE hContext) /* in */ +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering Force Clear"); + if ((result = ctx_verify_context(hContext))) + return result; + + if ((result = tpm_rqu_build(TPM_ORD_ForceClear, &offset, txBlob, NULL))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + return result; + + result = UnloadBlob_Header(txBlob, ¶mSize); + LogResult("Force Clear", result); + return result; +} + +TSS_RESULT +TCSP_DisableForceClear_Internal(TCS_CONTEXT_HANDLE hContext) /* in */ +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering Disable Force Clear"); + if ((result = ctx_verify_context(hContext))) + return result; + + if ((result = tpm_rqu_build(TPM_ORD_DisableForceClear, &offset, txBlob, NULL))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + return result; + + result = UnloadBlob_Header(txBlob, ¶mSize); + LogResult("Disable Force Clear", result); + return result; +} + +TSS_RESULT +TCSP_PhysicalPresence_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_PHYSICAL_PRESENCE fPhysicalPresence) /* in */ +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result = TCSERR(TSS_E_NOTIMPL); + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + char runlevel; + + runlevel = platform_get_runlevel(); + + if (runlevel != 's' && runlevel != 'S' && runlevel != '1') { + LogInfo("Physical Presence command denied: Must be in single" + " user mode."); + return TCSERR(TSS_E_NOTIMPL); + } + + if ((result = ctx_verify_context(hContext))) + return result; + + if ((result = tpm_rqu_build(TSC_ORD_PhysicalPresence, &offset, txBlob, fPhysicalPresence))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + return result; + + return UnloadBlob_Header(txBlob, ¶mSize); +} + +TSS_RESULT +TCSP_PhysicalDisable_Internal(TCS_CONTEXT_HANDLE hContext) /* in */ +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering Physical Disable"); + if ((result = ctx_verify_context(hContext))) + return result; + + if ((result = tpm_rqu_build(TPM_ORD_PhysicalDisable, &offset, txBlob, NULL))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + return result; + + result = UnloadBlob_Header(txBlob, ¶mSize); + LogResult("Physical Disable", result); + + return result; +} + +TSS_RESULT +TCSP_PhysicalEnable_Internal(TCS_CONTEXT_HANDLE hContext) /* in */ +{ + UINT64 offset = 0; + TSS_RESULT result; + UINT32 paramSize; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering Physical Enable"); + if ((result = ctx_verify_context(hContext))) + return result; + + if ((result = tpm_rqu_build(TPM_ORD_PhysicalEnable, &offset, txBlob, NULL))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + return result; + + result = UnloadBlob_Header(txBlob, ¶mSize); + LogResult("Physical Enable", result); + + return result; +} + +TSS_RESULT +TCSP_PhysicalSetDeactivated_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TSS_BOOL state) /* in */ +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering Physical Set Deactivated"); + if ((result = ctx_verify_context(hContext))) + return result; + + if ((result = tpm_rqu_build(TPM_ORD_PhysicalSetDeactivated, &offset, txBlob, state, NULL))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + return result; + + result = UnloadBlob_Header(txBlob, ¶mSize); + LogResult("PhysicalSetDeactivated", result); + return result; +} + +TSS_RESULT +TCSP_SetTempDeactivated_Internal(TCS_CONTEXT_HANDLE hContext) /* in */ +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering Set Temp Deactivated"); + if ((result = ctx_verify_context(hContext))) + return result; + + if ((result = tpm_rqu_build(TPM_ORD_SetTempDeactivated, &offset, txBlob, NULL))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + return result; + + result = UnloadBlob_Header(txBlob, ¶mSize); + LogResult("SetTempDeactivated", result); + + return result; +} + +#ifdef TSS_BUILD_TSS12 +TSS_RESULT +TCSP_SetTempDeactivated2_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TPM_AUTH * operatorAuth) /* in, out */ +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering Set Temp Deactivated2"); + if ((result = ctx_verify_context(hContext))) + return result; + + if (operatorAuth) { + if ((result = auth_mgr_check(hContext, &operatorAuth->AuthHandle))) + return result; + } + + if ((result = tpm_rqu_build(TPM_ORD_SetTempDeactivated, &offset, txBlob, operatorAuth))) + goto done; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + + if (!result) { + result = tpm_rsp_parse(TPM_ORD_SetTempDeactivated, txBlob, paramSize, + operatorAuth); + } + + LogResult("SetTempDeactivated2", result); + +done: + auth_mgr_release_auth(operatorAuth, NULL, hContext); + + return result; +} +#endif + +TSS_RESULT +TCSP_FieldUpgrade_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 dataInSize, /* in */ + BYTE * dataIn, /* in */ + UINT32 * dataOutSize, /* out */ + BYTE ** dataOut, /* out */ + TPM_AUTH * ownerAuth) /* in, out */ +{ + TSS_RESULT result; + UINT32 paramSize; + UINT64 offset = 0; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Field Upgrade"); + + if ((result = ctx_verify_context(hContext))) + goto done; + + if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) + goto done; + + if ((result = tpm_rqu_build(TPM_ORD_FieldUpgrade, &offset, txBlob, dataInSize, dataInSize, + dataIn, ownerAuth, NULL))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + + if (!result) { + result = tpm_rsp_parse(TPM_ORD_FieldUpgrade, txBlob, paramSize, dataOutSize, + dataOut, ownerAuth); + } + LogResult("Field Upgrade", result); +done: + auth_mgr_release_auth(ownerAuth, NULL, hContext); + return result; +} + +TSS_RESULT +TCSP_SetRedirection_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + UINT32 c1, /* in */ + UINT32 c2, /* in */ + TPM_AUTH * privAuth) /* in, out */ +{ + TSS_RESULT result; + UINT32 paramSize; + UINT64 offset = 0; + TCPA_KEY_HANDLE keySlot; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Set Redirection"); + + if ((result = ctx_verify_context(hContext))) + goto done; + + if (privAuth != NULL) { + if ((result = auth_mgr_check(hContext, &privAuth->AuthHandle))) + goto done; + } + + if ((result = ensureKeyIsLoaded(hContext, keyHandle, &keySlot))) { + result = TCSERR(TSS_E_FAIL); + goto done; + } + + if ((result = tpm_rqu_build(TPM_ORD_SetRedirection, &offset, txBlob, keySlot, c1, c2, + privAuth))) + goto done; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + + if (!result) { + result = tpm_rsp_parse(TPM_ORD_SetRedirection, txBlob, paramSize, privAuth); + } + LogResult("Set Redirection", result); +done: + auth_mgr_release_auth(privAuth, NULL, hContext); + return result; +} + +#ifdef TSS_BUILD_TSS12 +TSS_RESULT +TCSP_ResetLockValue_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TPM_AUTH * ownerAuth) /* in, out */ +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + if ((result = ctx_verify_context(hContext))) + goto done; + + if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) + goto done; + + if ((result = tpm_rqu_build(TPM_ORD_ResetLockValue, &offset, txBlob, ownerAuth))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_ResetLockValue, txBlob, paramSize, ownerAuth); + } + +done: + auth_mgr_release_auth(ownerAuth, NULL, hContext); + return result; +} + +TSS_RESULT +TCSP_FlushSpecific_Common(UINT32 tpmResHandle, TPM_RESOURCE_TYPE resourceType) +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + if ((result = tpm_rqu_build(TPM_ORD_FlushSpecific, &offset, txBlob, tpmResHandle, + resourceType))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + return result; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_FlushSpecific, txBlob, paramSize, NULL); + } + + return result; +} + +TSS_RESULT +TCSP_FlushSpecific_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_HANDLE hResHandle, /* in */ + TPM_RESOURCE_TYPE resourceType) /* in */ +{ + UINT32 tpmResHandle; + TSS_RESULT result; + + if ((result = ctx_verify_context(hContext))) + return result; + + switch (resourceType) { + case TPM_RT_KEY: + if ((result = get_slot_lite(hContext, hResHandle, &tpmResHandle))) + return result; + + if ((result = ctx_remove_key_loaded(hContext, hResHandle))) + return result; + + if ((result = key_mgr_dec_ref_count(hResHandle))) + return result; + break; + case TPM_RT_AUTH: + if ((result = auth_mgr_check(hContext, &hResHandle))) + return result; + + auth_mgr_release_auth_handle(hResHandle, hContext, FALSE); + /* fall through */ + case TPM_RT_TRANS: + case TPM_RT_DAA_TPM: + tpmResHandle = hResHandle; + break; + case TPM_RT_CONTEXT: + result = TCSERR(TSS_E_NOTIMPL); + goto done; + default: + LogDebugFn("Unknown resource type: 0x%x", resourceType); + goto done; + } + + result = TCSP_FlushSpecific_Common(tpmResHandle, resourceType); + +done: + return result; +} +#endif + diff --git a/src/tcs/tcsi_aik.c b/src/tcs/tcsi_aik.c new file mode 100644 index 0000000..8915d13 --- /dev/null +++ b/src/tcs/tcsi_aik.c @@ -0,0 +1,227 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsps.h" +#include "req_mgr.h" +#include "tcs_aik.h" + + +TSS_RESULT +TCSP_MakeIdentity_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_ENCAUTH identityAuth, /* in */ + TCPA_CHOSENID_HASH IDLabel_PrivCAHash, /* in */ + UINT32 idKeyInfoSize, /* in */ + BYTE * idKeyInfo, /* in */ + TPM_AUTH * pSrkAuth, /* in, out */ + TPM_AUTH * pOwnerAuth, /* in, out */ + UINT32 * idKeySize, /* out */ + BYTE ** idKey, /* out */ + UINT32 * pcIdentityBindingSize, /* out */ + BYTE ** prgbIdentityBinding, /* out */ + UINT32 * pcEndorsementCredentialSize, /* out */ + BYTE ** prgbEndorsementCredential, /* out */ + UINT32 * pcPlatformCredentialSize, /* out */ + BYTE ** prgbPlatformCredential, /* out */ + UINT32 * pcConformanceCredentialSize, /* out */ + BYTE ** prgbConformanceCredential) /* out */ +{ + UINT64 offset; + UINT32 paramSize; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + if ((result = ctx_verify_context(hContext))) + goto done; + + if (pSrkAuth != NULL) { + LogDebug("SRK Auth Used"); + if ((result = auth_mgr_check(hContext, &pSrkAuth->AuthHandle))) + goto done; + } else { + LogDebug("No SRK Auth"); + } + + if ((result = auth_mgr_check(hContext, &pOwnerAuth->AuthHandle))) + goto done; + + offset = 0; + if ((result = tpm_rqu_build(TPM_ORD_MakeIdentity, &offset, txBlob, identityAuth.authdata, + IDLabel_PrivCAHash.digest, idKeyInfoSize, idKeyInfo, pSrkAuth, + pOwnerAuth))) + goto done; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + if ((result = tpm_rsp_parse(TPM_ORD_MakeIdentity, txBlob, paramSize, idKeySize, + idKey, pcIdentityBindingSize, prgbIdentityBinding, + pSrkAuth, pOwnerAuth))) + goto done; + + /* If an error occurs, these will return NULL */ + get_credential(TSS_TCS_CREDENTIAL_PLATFORMCERT, pcPlatformCredentialSize, + prgbPlatformCredential); + get_credential(TSS_TCS_CREDENTIAL_TPM_CC, pcConformanceCredentialSize, + prgbConformanceCredential); + get_credential(TSS_TCS_CREDENTIAL_EKCERT, pcEndorsementCredentialSize, + prgbEndorsementCredential); + } + LogResult("Make Identity", result); +done: + auth_mgr_release_auth(pSrkAuth, pOwnerAuth, hContext); + return result; +} + +TSS_RESULT +TCSP_ActivateTPMIdentity_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE idKey, /* in */ + UINT32 blobSize, /* in */ + BYTE * blob, /* in */ + TPM_AUTH * idKeyAuth, /* in, out */ + TPM_AUTH * ownerAuth, /* in, out */ + UINT32 * SymmetricKeySize, /* out */ + BYTE ** SymmetricKey) /* out */ +{ + UINT64 offset; + TSS_RESULT result; + UINT32 paramSize; + UINT32 keySlot; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("TCSP_ActivateTPMIdentity"); + + if ((result = ctx_verify_context(hContext))) + goto done; + + if (idKeyAuth != NULL) { + if ((result = auth_mgr_check(hContext, &idKeyAuth->AuthHandle))) + goto done; + } + if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) + goto done; + + if ((result = ensureKeyIsLoaded(hContext, idKey, &keySlot))) + goto done; + + offset = 0; + if ((result = tpm_rqu_build(TPM_ORD_ActivateIdentity, &offset, txBlob, keySlot, blobSize, + blob, idKeyAuth, ownerAuth))) + goto done; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + if ((result = tpm_rsp_parse(TPM_ORD_ActivateIdentity, txBlob, paramSize, + SymmetricKeySize, SymmetricKey, idKeyAuth, ownerAuth))) + goto done; + } + +done: + auth_mgr_release_auth(idKeyAuth, ownerAuth, hContext); + return result; +} + +TSS_RESULT +TCS_GetCredential_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 ulCredentialType, /* in */ + UINT32 ulCredentialAccessMode, /* in */ + UINT32 * pulCredentialSize, /* out */ + BYTE ** prgbCredentialData) /* out */ +{ + TSS_RESULT result; + + if ((result = ctx_verify_context(hContext))) + return result; + + if ((ulCredentialType != TSS_TCS_CREDENTIAL_EKCERT) && + (ulCredentialType != TSS_TCS_CREDENTIAL_TPM_CC) && + (ulCredentialType != TSS_TCS_CREDENTIAL_PLATFORMCERT)) { + LogError("GetCredential - Unsupported Credential Type"); + return TCSERR(TSS_E_BAD_PARAMETER); + } + + if (ulCredentialAccessMode == TSS_TCS_CERT_ACCESS_AUTO) { + get_credential(ulCredentialType, pulCredentialSize, prgbCredentialData); + } else { + LogError("GetCredential - Unsupported Credential Access Mode"); + return TCSERR(TSS_E_FAIL); + } + + return TSS_SUCCESS; +} + +TSS_RESULT +TCSP_MakeIdentity2_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_ENCAUTH identityAuth, /* in */ + TCPA_CHOSENID_HASH IDLabel_PrivCAHash, /* in */ + UINT32 idKeyInfoSize, /* in */ + BYTE * idKeyInfo, /* in */ + TPM_AUTH * pSrkAuth, /* in, out */ + TPM_AUTH * pOwnerAuth, /* in, out */ + UINT32 * idKeySize, /* out */ + BYTE ** idKey, /* out */ + UINT32 * pcIdentityBindingSize, /* out */ + BYTE ** prgbIdentityBinding) /* out */ +{ + UINT64 offset; + UINT32 paramSize; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + if ((result = ctx_verify_context(hContext))) + goto done; + + if (pSrkAuth) { + if ((result = auth_mgr_check(hContext, &pSrkAuth->AuthHandle))) + goto done; + } + + if ((result = auth_mgr_check(hContext, &pOwnerAuth->AuthHandle))) + goto done; + + offset = 0; + if ((result = tpm_rqu_build(TPM_ORD_MakeIdentity, &offset, txBlob, identityAuth.authdata, + IDLabel_PrivCAHash.digest, idKeyInfoSize, idKeyInfo, pSrkAuth, + pOwnerAuth))) + goto done; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + if ((result = tpm_rsp_parse(TPM_ORD_MakeIdentity, txBlob, paramSize, idKeySize, + idKey, pcIdentityBindingSize, prgbIdentityBinding, + pSrkAuth, pOwnerAuth))) + goto done; + } + LogResult("Make Identity", result); +done: + auth_mgr_release_auth(pSrkAuth, pOwnerAuth, hContext); + return result; +} + diff --git a/src/tcs/tcsi_audit.c b/src/tcs/tcsi_audit.c new file mode 100644 index 0000000..1832f19 --- /dev/null +++ b/src/tcs/tcsi_audit.c @@ -0,0 +1,159 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_utils.h" +#include "tcslog.h" +#include "req_mgr.h" + +TSS_RESULT +TCSP_SetOrdinalAuditStatus_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TPM_AUTH *ownerAuth, /* in/out */ + UINT32 ulOrdinal, /* in */ + TSS_BOOL bAuditState) /* in */ +{ + TSS_RESULT result; + UINT64 offset = 0; + UINT32 paramSize; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebugFn("Enter"); + + if ((result = ctx_verify_context(hContext))) + return result; + + if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) + return result; + + if ((result = tpm_rqu_build(TPM_ORD_SetOrdinalAuditStatus, &offset, txBlob, ulOrdinal, + bAuditState, ownerAuth))) + goto done; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + offset = 10; + result = UnloadBlob_Header(txBlob, ¶mSize); + + if (!result) { + result = tpm_rsp_parse(TPM_ORD_SetOrdinalAuditStatus, txBlob, paramSize, ownerAuth); + } + + LogResult("SetOrdinalAuditStatus", result); + +done: + auth_mgr_release_auth(ownerAuth, NULL, hContext); + + return result; +} + +TSS_RESULT +TCSP_GetAuditDigest_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 startOrdinal, /* in */ + TPM_DIGEST *auditDigest, /* out */ + UINT32 *counterValueSize, /* out */ + BYTE **counterValue, /* out */ + TSS_BOOL *more, /* out */ + UINT32 *ordSize, /* out */ + UINT32 **ordList) /* out */ +{ + TSS_RESULT result; + UINT64 offset = 0; + UINT32 paramSize; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebugFn("Enter"); + + if ((result = ctx_verify_context(hContext))) + return result; + + if ((result = tpm_rqu_build(TPM_ORD_GetAuditDigest, &offset, txBlob, startOrdinal, NULL))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + if ((result = tpm_rsp_parse(TPM_ORD_GetAuditDigest, txBlob, paramSize, auditDigest, + counterValueSize, counterValue, more, ordSize, + ordList))) + goto done; + + /* ordSize is returned from the TPM as the number of bytes in ordList + so ordSize needs to be converted to comply with the TSS spec which + returns the number of ordinals contained in ordList */ + *ordSize = *ordSize / sizeof(UINT32); + } + + LogResult("GetAuditDigest", result); + +done: + return result; +} + +TSS_RESULT +TCSP_GetAuditDigestSigned_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + TSS_BOOL closeAudit, /* in */ + TPM_NONCE antiReplay, /* in */ + TPM_AUTH *privAuth, /* in/out */ + UINT32 *counterValueSize, /* out */ + BYTE **counterValue, /* out */ + TPM_DIGEST *auditDigest, /* out */ + TPM_DIGEST *ordinalDigest, /* out */ + UINT32 *sigSize, /* out */ + BYTE **sig) /* out */ +{ + TSS_RESULT result; + TCPA_KEY_HANDLE keySlot; + UINT64 offset = 0;//, old_offset; + UINT32 paramSize; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebugFn("Enter"); + + if ((result = ctx_verify_context(hContext))) + return result; + + if (privAuth != NULL) + if ((result = auth_mgr_check(hContext, &privAuth->AuthHandle))) + return result; + + if ((result = ensureKeyIsLoaded(hContext, keyHandle, &keySlot))) + goto done; + + if ((result = tpm_rqu_build(TPM_ORD_GetAuditDigestSigned, &offset, txBlob, keySlot, + closeAudit, antiReplay.nonce, privAuth))) + goto done; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_GetAuditDigestSigned, txBlob, paramSize, + counterValueSize, counterValue, auditDigest, ordinalDigest, + sigSize, sig, privAuth); + } + + LogResult("GetAuditDigestSigned", result); + +done: + auth_mgr_release_auth(privAuth, NULL, hContext); + + return result; +} diff --git a/src/tcs/tcsi_auth.c b/src/tcs/tcsi_auth.c new file mode 100644 index 0000000..ec4a11e --- /dev/null +++ b/src/tcs/tcsi_auth.c @@ -0,0 +1,111 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcsps.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "req_mgr.h" +#include "tcsd_wrap.h" +#include "tcsd.h" + + +TSS_RESULT +TCSP_OIAP_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_AUTHHANDLE *authHandle, /* out */ + TCPA_NONCE *nonce0) /* out */ +{ + UINT64 offset = 0; + TSS_RESULT result; + UINT32 paramSize; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering TCSI_OIAP"); + + if ((result = ctx_verify_context(hContext))) + return result; + + if ((result = tpm_rqu_build(TPM_ORD_OIAP, &offset, txBlob, NULL))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + return result; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_OIAP, txBlob, paramSize, authHandle, nonce0->nonce); + } + + LogResult("OIAP", result); + return result; +} + +TSS_RESULT +TCSP_OSAP_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_ENTITY_TYPE entityType, /* in */ + UINT32 entityValue, /* in */ + TCPA_NONCE nonceOddOSAP, /* in */ + TCS_AUTHHANDLE * authHandle, /* out */ + TCPA_NONCE * nonceEven, /* out */ + TCPA_NONCE * nonceEvenOSAP) /* out */ +{ + UINT64 offset = 0; + TSS_RESULT result; + UINT32 paramSize; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering OSAP"); + if ((result = ctx_verify_context(hContext))) + return result; + + if ((result = tpm_rqu_build(TPM_ORD_OSAP, &offset, txBlob, entityType, entityValue, + nonceOddOSAP.nonce))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + return result; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_OSAP, txBlob, paramSize, authHandle, + nonceEven->nonce, nonceEvenOSAP->nonce); + } + LogResult("OSAP", result); + + return result; +} + +TSS_RESULT +internal_TerminateHandle(TCS_AUTHHANDLE handle) +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + if ((result = tpm_rqu_build(TPM_ORD_Terminate_Handle, &offset, txBlob, handle, NULL))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + return result; + + return UnloadBlob_Header(txBlob, ¶mSize); +} + diff --git a/src/tcs/tcsi_bind.c b/src/tcs/tcsi_bind.c new file mode 100644 index 0000000..7c9fb46 --- /dev/null +++ b/src/tcs/tcsi_bind.c @@ -0,0 +1,78 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcsps.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "req_mgr.h" +#include "tcsd_wrap.h" +#include "tcsd.h" + + +TSS_RESULT +TCSP_UnBind_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + UINT32 inDataSize, /* in */ + BYTE * inData, /* in */ + TPM_AUTH * privAuth, /* in, out */ + UINT32 * outDataSize, /* out */ + BYTE ** outData) /* out */ +{ + UINT32 paramSize; + TSS_RESULT result; + UINT64 offset = 0; + TCPA_KEY_HANDLE keySlot; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering TCSI_UnBind"); + if ((result = ctx_verify_context(hContext))) + goto done; + + if (privAuth != NULL) { + LogDebug("Auth Used"); + if ((result = auth_mgr_check(hContext, &privAuth->AuthHandle))) + goto done; + } else { + LogDebug("No Auth"); + } + + LogDebugFn("calling ensureKeyIsLoaded for TCS handle 0x%x", keyHandle); + if ((result = ensureKeyIsLoaded(hContext, keyHandle, &keySlot))) + goto done; + + if ((result = tpm_rqu_build(TPM_ORD_UnBind, &offset, txBlob, keySlot, inDataSize, inData, + privAuth, NULL))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_UnBind, txBlob, paramSize, outDataSize, outData, + privAuth, NULL); + } + +done: + auth_mgr_release_auth(privAuth, NULL, hContext); + return result; +} + diff --git a/src/tcs/tcsi_caps.c b/src/tcs/tcsi_caps.c new file mode 100644 index 0000000..2d7684f --- /dev/null +++ b/src/tcs/tcsi_caps.c @@ -0,0 +1,269 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcsps.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" + +extern struct tcsd_config tcsd_options; + +TSS_RESULT +internal_TCSGetCap(TCS_CONTEXT_HANDLE hContext, + TCPA_CAPABILITY_AREA capArea, + UINT32 subCap, + UINT32 * respSize, BYTE ** resp) +{ + UINT32 u32value = 0; + UINT64 offset; + TPM_VERSION tcsVersion = INTERNAL_CAP_VERSION; + struct tcsd_config *config = &tcsd_options; + struct platform_class *platClass; + TSS_BOOL bValue = FALSE; + + LogDebug("Checking Software Cap of TCS"); + switch (capArea) { + case TSS_TCSCAP_ALG: + LogDebug("TSS_TCSCAP_ALG"); + + switch (subCap) { + case TSS_ALG_RSA: + *respSize = sizeof(TSS_BOOL); + bValue = INTERNAL_CAP_TCS_ALG_RSA; + break; + case TSS_ALG_DES: + *respSize = sizeof(TSS_BOOL); + bValue = INTERNAL_CAP_TCS_ALG_DES; + break; + case TSS_ALG_3DES: + *respSize = sizeof(TSS_BOOL); + bValue = INTERNAL_CAP_TCS_ALG_3DES; + break; + case TSS_ALG_SHA: + *respSize = sizeof(TSS_BOOL); + bValue = INTERNAL_CAP_TCS_ALG_SHA; + break; + case TSS_ALG_AES: + *respSize = sizeof(TSS_BOOL); + bValue = INTERNAL_CAP_TCS_ALG_AES; + break; + case TSS_ALG_HMAC: + *respSize = sizeof(TSS_BOOL); + bValue = INTERNAL_CAP_TCS_ALG_HMAC; + break; + case TSS_ALG_DEFAULT: + *respSize = sizeof(UINT32); + u32value = INTERNAL_CAP_TCS_ALG_DEFAULT; + break; + case TSS_ALG_DEFAULT_SIZE: + *respSize = sizeof(UINT32); + u32value = INTERNAL_CAP_TCS_ALG_DEFAULT_SIZE; + break; + default: + *respSize = 0; + LogDebugFn("Bad subcap"); + return TCSERR(TSS_E_BAD_PARAMETER); + } + + if ((*resp = malloc(*respSize)) == NULL) { + LogError("malloc of %u bytes failed.", *respSize); + *respSize = 0; + return TCSERR(TSS_E_OUTOFMEMORY); + } + + offset = 0; + if (*respSize == sizeof(TSS_BOOL)) + *(TSS_BOOL *)(*resp) = bValue; + else + *(UINT32 *)(*resp) = u32value; + break; + case TSS_TCSCAP_VERSION: + LogDebug("TSS_TCSCAP_VERSION"); + if ((*resp = calloc(1, sizeof(TSS_VERSION))) == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(TSS_VERSION)); + return TCSERR(TSS_E_OUTOFMEMORY); + } + offset = 0; + LoadBlob_VERSION(&offset, *resp, &tcsVersion); + *respSize = sizeof(TSS_VERSION); + break; + case TSS_TCSCAP_PERSSTORAGE: + LogDebug("TSS_TCSCAP_PERSSTORAGE"); + if ((*resp = malloc(sizeof(TSS_BOOL))) == NULL) { + LogError("malloc of %zd byte failed.", sizeof(TSS_BOOL)); + return TCSERR(TSS_E_OUTOFMEMORY); + } + *(TSS_BOOL *)(*resp) = INTERNAL_CAP_TCS_PERSSTORAGE; + *respSize = sizeof(TSS_BOOL); + break; + case TSS_TCSCAP_CACHING: + LogDebug("TSS_TCSCAP_CACHING"); + + if (subCap == TSS_TCSCAP_PROP_KEYCACHE) + bValue = INTERNAL_CAP_TCS_CACHING_KEYCACHE; + else if (subCap == TSS_TCSCAP_PROP_AUTHCACHE) + bValue = INTERNAL_CAP_TCS_CACHING_AUTHCACHE; + else { + LogDebugFn("Bad subcap"); + return TCSERR(TSS_E_BAD_PARAMETER); + } + + if ((*resp = malloc(sizeof(TSS_BOOL))) == NULL) { + LogError("malloc of %zd byte failed.", sizeof(TSS_BOOL)); + return TCSERR(TSS_E_OUTOFMEMORY); + } + *respSize = sizeof(TSS_BOOL); + *(TSS_BOOL *)(*resp) = bValue; + break; + case TSS_TCSCAP_MANUFACTURER: + if (subCap == TSS_TCSCAP_PROP_MANUFACTURER_ID) { + if ((*resp = malloc(sizeof(UINT32))) == NULL) { + LogError("malloc of %zd byte failed.", sizeof(UINT32)); + return TCSERR(TSS_E_OUTOFMEMORY); + } + *(UINT32 *)(*resp) = INTERNAL_CAP_MANUFACTURER_ID; + *respSize = sizeof(UINT32); + } else if (subCap == TSS_TCSCAP_PROP_MANUFACTURER_STR) { + BYTE str[] = INTERNAL_CAP_MANUFACTURER_STR; + + if ((*resp = malloc(INTERNAL_CAP_MANUFACTURER_STR_LEN)) == NULL) { + LogError("malloc of %d bytes failed.", + INTERNAL_CAP_MANUFACTURER_STR_LEN); + return TCSERR(TSS_E_OUTOFMEMORY); + } + memcpy(*resp, str, INTERNAL_CAP_MANUFACTURER_STR_LEN); + *respSize = INTERNAL_CAP_MANUFACTURER_STR_LEN; + } else { + LogDebugFn("Bad subcap"); + return TCSERR(TSS_E_BAD_PARAMETER); + } + break; + case TSS_TCSCAP_TRANSPORT: + /* A zero value here means the TSP is asking whether we support transport sessions + * at all */ + if (subCap == TSS_TCSCAP_TRANS_EXCLUSIVE || subCap == 0) { + *respSize = sizeof(TSS_BOOL); + if ((*resp = malloc(sizeof(TSS_BOOL))) == NULL) { + LogError("malloc of %zd byte failed.", sizeof(TSS_BOOL)); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + if (subCap == TSS_TCSCAP_TRANS_EXCLUSIVE) + *(TSS_BOOL *)(*resp) = config->exclusive_transport ? TRUE : FALSE; + else + *(TSS_BOOL *)(*resp) = TRUE; + } else { + LogDebugFn("Bad subcap"); + return TCSERR(TSS_E_BAD_PARAMETER); + } + break; + case TSS_TCSCAP_PLATFORM_CLASS: + LogDebug("TSS_TCSCAP_PLATFORM_CLASS"); + + switch (subCap) { + case TSS_TCSCAP_PROP_HOST_PLATFORM: + /* Return the TSS_PLATFORM_CLASS */ + LogDebugFn("TSS_TCSCAP_PROP_HOST_PLATFORM"); + platClass = config->host_platform_class; + /* Computes the size of host platform structure */ + *respSize = (2 * sizeof(UINT32)) + platClass->classURISize; + *resp = malloc(*respSize); + if (*resp == NULL) { + LogError("malloc of %u bytes failed.", *respSize); + return TCSERR(TSS_E_OUTOFMEMORY); + } + memset(*resp, 0, *respSize); + offset = 0; + LoadBlob_UINT32(&offset, platClass->simpleID, *resp); + LoadBlob_UINT32(&offset, platClass->classURISize, *resp); + memcpy(&(*resp)[offset], platClass->classURI, platClass->classURISize); + LogBlob(*respSize, *resp); + break; + case TSS_TCSCAP_PROP_ALL_PLATFORMS: + /* Return an array of TSS_PLATFORM_CLASSes, when existent */ + LogDebugFn("TSS_TCSCAP_PROP_ALL_PLATFORMS"); + *respSize = 0; + *resp = NULL; + if ((platClass = config->all_platform_classes) != NULL) { + /* Computes the size of all Platform Structures */ + while (platClass != NULL) { + *respSize += (2 * sizeof(UINT32)) + platClass->classURISize; + platClass = platClass->next; + } + *resp = malloc(*respSize); + if (*resp == NULL) { + LogError("malloc of %u bytes failed.", *respSize); + return TCSERR(TSS_E_OUTOFMEMORY); + } + memset(*resp, 0, *respSize); + offset = 0; + /* Concatenates all the structures on the BYTE * resp */ + platClass = config->all_platform_classes; + while (platClass != NULL){ + LoadBlob_UINT32(&offset, platClass->simpleID, *resp); + LoadBlob_UINT32(&offset, platClass->classURISize, *resp); + memcpy(&(*resp)[offset], platClass->classURI, + platClass->classURISize); + offset += platClass->classURISize; + platClass = platClass->next; + } + LogBlob(*respSize, *resp); + } + break; + default: + LogDebugFn("Bad subcap"); + return TCSERR(TSS_E_BAD_PARAMETER); + } + break; + default: + LogDebugFn("Bad cap area"); + return TCSERR(TSS_E_BAD_PARAMETER); + } + + return TSS_SUCCESS; +} + +TSS_RESULT +TCS_GetCapability_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_CAPABILITY_AREA capArea, /* in */ + UINT32 subCapSize, /* in */ + BYTE * subCap, /* in */ + UINT32 * respSize, /* out */ + BYTE ** resp /* out */ + ) +{ + TSS_RESULT result; + UINT32 ulSubCap; + + if ((result = ctx_verify_context(hContext))) + return result; + + if (subCapSize == sizeof(UINT32)) + ulSubCap = *(UINT32 *)subCap; + else if (subCapSize == 0) + ulSubCap = 0; + else + return TCSERR(TSS_E_BAD_PARAMETER); + + return internal_TCSGetCap(hContext, capArea, ulSubCap, respSize, resp); +} + diff --git a/src/tcs/tcsi_caps_tpm.c b/src/tcs/tcsi_caps_tpm.c new file mode 100644 index 0000000..c64513f --- /dev/null +++ b/src/tcs/tcsi_caps_tpm.c @@ -0,0 +1,138 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcsps.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "req_mgr.h" +#include "tcsd_wrap.h" +#include "tcsd.h" + + +TSS_RESULT +TCSP_GetCapability_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_CAPABILITY_AREA capArea, /* in */ + UINT32 subCapSize, /* in */ + BYTE * subCap, /* in */ + UINT32 * respSize, /* out */ + BYTE ** resp) /* out */ +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering Get Cap"); + + if ((result = ctx_verify_context(hContext))) + return result; + + if ((result = tpm_rqu_build(TPM_ORD_GetCapability, &offset, txBlob, capArea, subCapSize, + subCap, NULL))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + return result; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_GetCapability, txBlob, paramSize, respSize, resp, + NULL, NULL); + } + LogResult("Get Cap", result); + return result; +} + +TSS_RESULT +TCSP_GetCapabilityOwner_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TPM_AUTH * pOwnerAuth, /* in / out */ + TCPA_VERSION * pVersion, /* out */ + UINT32 * pNonVolatileFlags, /* out */ + UINT32 * pVolatileFlags) /* out */ +{ + UINT64 offset = 0; + TSS_RESULT result; + UINT32 paramSize; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering Getcap owner"); + + if ((result = ctx_verify_context(hContext))) + goto done; + + if ((result = auth_mgr_check(hContext, &pOwnerAuth->AuthHandle))) + goto done; + + if ((result = tpm_rqu_build(TPM_ORD_GetCapabilityOwner, &offset, txBlob, pOwnerAuth))) + goto done; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_GetCapabilityOwner, txBlob, paramSize, pVersion, + pNonVolatileFlags, pVolatileFlags, pOwnerAuth); + } + + LogResult("GetCapowner", result); +done: + auth_mgr_release_auth(pOwnerAuth, NULL, hContext); + return result; +} + +TSS_RESULT +TCSP_SetCapability_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_CAPABILITY_AREA capArea, /* in */ + UINT32 subCapSize, /* in */ + BYTE * subCap, /* in */ + UINT32 valueSize, /* in */ + BYTE * value, /* in */ + TPM_AUTH * pOwnerAuth) /* in, out */ +{ + UINT64 offset = 0; + TSS_RESULT result; + UINT32 paramSize; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + if ((result = ctx_verify_context(hContext))) + goto done; + + if ((result = auth_mgr_check(hContext, &pOwnerAuth->AuthHandle))) + goto done; + + if ((result = tpm_rqu_build(TPM_ORD_SetCapability, &offset, txBlob, capArea, subCapSize, + subCap, valueSize, value, pOwnerAuth))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_SetCapability, txBlob, paramSize, pOwnerAuth); + } + +done: + auth_mgr_release_auth(pOwnerAuth, NULL, hContext); + return result; +} + diff --git a/src/tcs/tcsi_certify.c b/src/tcs/tcsi_certify.c new file mode 100644 index 0000000..8fae84e --- /dev/null +++ b/src/tcs/tcsi_certify.c @@ -0,0 +1,90 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcsps.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "req_mgr.h" +#include "tcsd_wrap.h" +#include "tcsd.h" + + +TSS_RESULT +TCSP_CertifyKey_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE certHandle, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + TCPA_NONCE antiReplay, /* in */ + TPM_AUTH * certAuth, /* in, out */ + TPM_AUTH * keyAuth, /* in, out */ + UINT32 * CertifyInfoSize, /* out */ + BYTE ** CertifyInfo, /* out */ + UINT32 * outDataSize, /* out */ + BYTE ** outData) /* out */ +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + TCPA_KEY_HANDLE certKeySlot, keySlot; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering Certify Key"); + if ((result = ctx_verify_context(hContext))) + goto done; + + if (certAuth != NULL) { + LogDebug("Auth Used for Cert signing key"); + if ((result = auth_mgr_check(hContext, &certAuth->AuthHandle))) + goto done; + } else { + LogDebug("No Auth used for Cert signing key"); + } + + if (keyAuth != NULL) { + LogDebug("Auth Used for Key being signed"); + if ((result = auth_mgr_check(hContext, &keyAuth->AuthHandle))) + goto done; + } else { + LogDebug("No Auth used for Key being signed"); + } + + if ((result = ensureKeyIsLoaded(hContext, certHandle, &certKeySlot))) + goto done; + + if ((result = ensureKeyIsLoaded(hContext, keyHandle, &keySlot))) + goto done; + + if ((result = tpm_rqu_build(TPM_ORD_CertifyKey, &offset, txBlob, certKeySlot, keySlot, + antiReplay.nonce, certAuth, keyAuth))) + goto done; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_CertifyKey, txBlob, paramSize, CertifyInfoSize, + CertifyInfo, outDataSize, outData, certAuth, keyAuth); + } + LogResult("Certify Key", result); +done: + auth_mgr_release_auth(certAuth, keyAuth, hContext); + return result; +} diff --git a/src/tcs/tcsi_changeauth.c b/src/tcs/tcsi_changeauth.c new file mode 100644 index 0000000..59329ea --- /dev/null +++ b/src/tcs/tcsi_changeauth.c @@ -0,0 +1,374 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcsps.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "req_mgr.h" +#include "tcsd_wrap.h" +#include "tcsd.h" + + +TSS_RESULT +TCSP_ChangeAuth_Internal(TCS_CONTEXT_HANDLE contextHandle, /* in */ + TCS_KEY_HANDLE parentHandle, /* in */ + TCPA_PROTOCOL_ID protocolID, /* in */ + TCPA_ENCAUTH newAuth, /* in */ + TCPA_ENTITY_TYPE entityType, /* in */ + UINT32 encDataSize, /* in */ + BYTE *encData, /* in */ + TPM_AUTH *ownerAuth, /* in, out */ + TPM_AUTH *entityAuth, /* in, out */ + UINT32 *outDataSize, /* out */ + BYTE **outData /* out */ + ) +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + TCPA_KEY_HANDLE keySlot; + TCS_KEY_HANDLE tcsKeyHandleToEvict; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering Changeauth"); + if ((result = ctx_verify_context(contextHandle))) + goto done; + + if ((result = auth_mgr_check(contextHandle, &ownerAuth->AuthHandle))) + goto done; + if ((result = auth_mgr_check(contextHandle, &entityAuth->AuthHandle))) + goto done; + + if ((result = ensureKeyIsLoaded(contextHandle, parentHandle, &keySlot))) + goto done; + + if ((result = tpm_rqu_build(TPM_ORD_ChangeAuth, &offset, txBlob, keySlot, protocolID, + newAuth.authdata, entityType, encDataSize, encData, ownerAuth, + entityAuth))) + goto done; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_ChangeAuth, txBlob, paramSize, outDataSize, outData, + ownerAuth, entityAuth); + + /* if the malloc above failed, terminate the 2 new auth handles and exit */ + if (result) + goto done; + + /* + * Check if ET is a key. If it is, we need to + * 1 - Evict the key if loaded + * 2 - update the mem cache entry + */ + if (entityType == TCPA_ET_KEYHANDLE || entityType == TCPA_ET_KEY) { + LogDebug("entity type is a key. Check if mem cache needs updating..."); + tcsKeyHandleToEvict = mc_get_handle_by_encdata(encData); + LogDebug("tcsKeyHandle being evicted is %.8X", tcsKeyHandleToEvict); + /*--- If it was found in knowledge, replace it */ + if (tcsKeyHandleToEvict != 0) { + internal_EvictByKeySlot(keySlot); + mc_update_encdata(encData, *outData); + } + + } + } + LogResult("ChangeAuth", result); +done: + auth_mgr_release_auth(ownerAuth, entityAuth, contextHandle); + return result; +} + +TSS_RESULT +TCSP_ChangeAuthOwner_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_PROTOCOL_ID protocolID, /* in */ + TCPA_ENCAUTH newAuth, /* in */ + TCPA_ENTITY_TYPE entityType, /* in */ + TPM_AUTH * ownerAuth /* in, out */ + ) +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering ChangeAuthOwner"); + + if ((result = ctx_verify_context(hContext))) + goto done; + + if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) + goto done; + + if ((result = tpm_rqu_build(TPM_ORD_ChangeAuthOwner, &offset, txBlob, protocolID, + newAuth.authdata, entityType, ownerAuth))) + goto done; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_ChangeAuthOwner, txBlob, paramSize, ownerAuth); + } + + LogResult("ChangeAuthOwner", result); +done: + auth_mgr_release_auth(ownerAuth, NULL, hContext); + return result; +} + +TSS_RESULT +TCSP_ChangeAuthAsymStart_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE idHandle, /* in */ + TCPA_NONCE antiReplay, /* in */ + UINT32 KeySizeIn, /* in */ + BYTE * KeyDataIn, /* in */ + TPM_AUTH * pAuth, /* in, out */ + UINT32 * KeySizeOut, /* out */ + BYTE ** KeyDataOut, /* out */ + UINT32 * CertifyInfoSize, /* out */ + BYTE ** CertifyInfo, /* out */ + UINT32 * sigSize, /* out */ + BYTE ** sig, /* out */ + TCS_KEY_HANDLE * ephHandle /* out */ + ) +{ +#if 0 +#warning Locking trouble in evictFirstKey + UINT64 offset; + UINT32 paramSize; + TSS_RESULT result; + UINT32 keySlot; + TCPA_CERTIFY_INFO certifyInfo; + TSS_KEY tempKey; + UINT32 tempSize; + TCPA_KEY_PARMS keyParmsContainer; + TSS_BOOL canLoad; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering ChangeAuthAsymStart"); + if ((result = ctx_verify_context(hContext))) + goto done; + + if (pAuth != NULL) { + LogDebug("Auth Command"); + if ((result = auth_mgr_check(hContext, pAuth->AuthHandle))) + goto done; + } else { + LogDebug("No Auth"); + } + + if ((result = ensureKeyIsLoaded(hContext, idHandle, &keySlot))) + goto done; + + LogDebug("Checking for room to load the eph key"); + offset = 0; + if ((result = UnloadBlob_KEY_PARMS(&offset, KeyDataIn, &keyParmsContainer))) + goto done; + + /* if we can't load the key, evict keys until we can */ + if ((result = canILoadThisKey(&keyParmsContainer, &canLoad))) + goto done; + + while (canLoad == FALSE) { + /* Evict a key that isn't the parent */ + if ((result = evictFirstKey(idHandle))) + goto done; + + if ((result = canILoadThisKey(&keyParmsContainer, &canLoad))) + goto done; + } + + offset = 10; + LoadBlob_UINT32(&offset, keySlot, txBlob); + LoadBlob(&offset, TCPA_NONCE_SIZE, txBlob, antiReplay.nonce); +/* LoadBlob_KEY_PARMS( &offset, txBlob, &tempKeyParms ); */ +/* LoadBlob_UINT32( &offset, KeySizeIn, txBlob ); */ + LoadBlob(&offset, KeySizeIn, txBlob, KeyDataIn); + + if (pAuth != NULL) { + LoadBlob_Auth(&offset, txBlob, pAuth); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, offset, + TPM_ORD_ChangeAuthAsymStart, txBlob); + } else { + LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset, + TPM_ORD_ChangeAuthAsymStart, txBlob); + } + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + offset = 10; + result = UnloadBlob_Header(txBlob, ¶mSize); + if (result == 0) { + UnloadBlob_CERTIFY_INFO(&offset, txBlob, &certifyInfo); + *CertifyInfoSize = offset - 10; + *CertifyInfo = malloc(*CertifyInfoSize); + if (*CertifyInfo == NULL) { + LogError("malloc of %u bytes failed.", *CertifyInfoSize); + result = TCSERR(TSS_E_OUTOFMEMORY); + goto done; + } + memcpy(*CertifyInfo, &txBlob[offset - *CertifyInfoSize], + *CertifyInfoSize); + UnloadBlob_UINT32(&offset, sigSize, txBlob); + *sig = malloc(*sigSize); + if (*sig == NULL) { + LogError("malloc of %u bytes failed.", *sigSize); + result = TCSERR(TSS_E_OUTOFMEMORY); + goto done; + } + UnloadBlob(&offset, *sigSize, txBlob, *sig); + UnloadBlob_UINT32(&offset, ephHandle, txBlob); + tempSize = offset; + UnloadBlob_TSS_KEY(&offset, txBlob, &tempKey); + *KeySizeOut = offset - tempSize; + *KeyDataOut = malloc(*KeySizeOut); + if (*KeyDataOut == NULL) { + LogError("malloc of %u bytes failed.", *KeySizeOut); + result = TCSERR(TSS_E_OUTOFMEMORY); + goto done; + } + memcpy(*KeyDataOut, &txBlob[offset - *KeySizeOut], *KeySizeOut); + if (pAuth != NULL) + UnloadBlob_Auth(&offset, txBlob, pAuth); + } + + LogResult("ChangeAuthAsymStart", result); +done: + auth_mgr_release_auth(pAuth, NULL, hContext); + return result; +#else + return TCSERR(TSS_E_NOTIMPL); +#endif +} + +TSS_RESULT +TCSP_ChangeAuthAsymFinish_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE parentHandle, /* in */ + TCS_KEY_HANDLE ephHandle, /* in */ + TCPA_ENTITY_TYPE entityType, /* in */ + TCPA_HMAC newAuthLink, /* in */ + UINT32 newAuthSize, /* in */ + BYTE * encNewAuth, /* in */ + UINT32 encDataSizeIn, /* in */ + BYTE * encDataIn, /* in */ + TPM_AUTH * ownerAuth, /* in, out */ + UINT32 * encDataSizeOut, /* out */ + BYTE ** encDataOut, /* out */ + TCPA_SALT_NONCE * saltNonce, /* out */ + TCPA_DIGEST * changeProof /* out */ + ) +{ +#if 0 + UINT64 offset; + UINT32 paramSize; + TSS_RESULT result; + UINT32 keySlot; +#if 0 + TCPA_CERTIFY_INFO certifyInfo; + TSS_KEY tempKey; + UINT32 tempSize; + TSS_UUID *uuidKeyToEvict; +#endif + TCS_KEY_HANDLE tcsKeyHandleToEvict; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering ChangeAuthAsymFinish"); + if ((result = ctx_verify_context(hContext))) + goto done; + + if (ownerAuth != NULL) { + LogDebug("Auth used"); + if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) + goto done; + } else { + LogDebug("No Auth"); + } + if ((result = ensureKeyIsLoaded(hContext, parentHandle, &keySlot))) + goto done; + + offset = 10; + LoadBlob_UINT32(&offset, keySlot, txBlob); + LoadBlob_UINT32(&offset, ephHandle, txBlob); + LoadBlob_UINT16(&offset, entityType, txBlob); + LoadBlob(&offset, 20, txBlob, newAuthLink.digest); + LoadBlob_UINT32(&offset, newAuthSize, txBlob); + LoadBlob(&offset, newAuthSize, txBlob, encNewAuth); + LoadBlob_UINT32(&offset, encDataSizeIn, txBlob); + LoadBlob(&offset, encDataSizeIn, txBlob, encDataIn); + + if (ownerAuth != NULL) { + LoadBlob_Auth(&offset, txBlob, ownerAuth); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, offset, + TPM_ORD_ChangeAuthAsymFinish, txBlob); + } else { + LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset, + TPM_ORD_ChangeAuthAsymFinish, txBlob); + } + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + offset = 10; + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + UnloadBlob_UINT32(&offset, encDataSizeOut, txBlob); + *encDataOut = calloc(1, *encDataSizeOut); + if (*encDataOut == NULL) { + LogError("malloc of %u bytes failed.", *encDataSizeOut); + result = TCSERR(TSS_E_OUTOFMEMORY); + goto done; + } + UnloadBlob(&offset, *encDataSizeOut, txBlob, *encDataOut); + UnloadBlob(&offset, 20, txBlob, saltNonce->nonce); + UnloadBlob(&offset, 20, txBlob, changeProof->digest); + if (ownerAuth != NULL) + UnloadBlob_Auth(&offset, txBlob, ownerAuth); + + /* Check if ET is a key. If it is, we need to + * 1 - Evict the key if loaded + * 2 - update the mem cache entry + */ + if (entityType == TCPA_ET_KEYHANDLE || + entityType == TCPA_ET_KEY) { + tcsKeyHandleToEvict = mc_get_handle_by_encdata(encDataIn); + /* If it was found in mem cache, replace it */ + if (tcsKeyHandleToEvict != 0) { + key_mgr_evict(hContext, tcsKeyHandleToEvict); + mc_update_encdata(encDataIn, *encDataOut); + } + } + } + + LogResult("ChangeAuthAsymFinish", result); +done: + auth_mgr_release_auth(ownerAuth, NULL, hContext); + return result; +#else + return TCSERR(TSS_E_NOTIMPL); +#endif +} + diff --git a/src/tcs/tcsi_cmk.c b/src/tcs/tcsi_cmk.c new file mode 100644 index 0000000..3f83133 --- /dev/null +++ b/src/tcs/tcsi_cmk.c @@ -0,0 +1,326 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_utils.h" +#include "tcslog.h" +#include "req_mgr.h" + +TSS_RESULT +TCSP_CMK_SetRestrictions_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TSS_CMK_DELEGATE Restriction, /* in */ + TPM_AUTH* ownerAuth) /* in */ +{ + TSS_RESULT result; + UINT64 offset = 0; + UINT32 paramSize; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebugFn("Enter"); + + if ((result = ctx_verify_context(hContext))) + return result; + + if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) + return result; + + if ((result = tpm_rqu_build(TPM_ORD_CMK_SetRestrictions, &offset, txBlob, + Restriction, ownerAuth))) + goto done; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_CMK_SetRestrictions, txBlob, paramSize, + ownerAuth); + } + + LogResult("CMK_SetRestrictions", result); + +done: + auth_mgr_release_auth(ownerAuth, NULL, hContext); + + return result; +} + +TSS_RESULT +TCSP_CMK_ApproveMA_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TPM_DIGEST migAuthorityDigest, /* in */ + TPM_AUTH* ownerAuth, /* in, out */ + TPM_HMAC* HmacMigAuthDigest) /* out */ +{ + TSS_RESULT result; + UINT64 offset = 0; + UINT32 paramSize; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebugFn("Enter"); + + if ((result = ctx_verify_context(hContext))) + return result; + + if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) + return result; + + if ((result = tpm_rqu_build(TPM_ORD_CMK_ApproveMA, &offset, txBlob, + &migAuthorityDigest, ownerAuth))) + goto done; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_CMK_ApproveMA, txBlob, paramSize, + HmacMigAuthDigest, ownerAuth); + } + + LogResult("CMK_SetRestrictions", result); + +done: + auth_mgr_release_auth(ownerAuth, NULL, hContext); + + return result; +} + +TSS_RESULT +TCSP_CMK_CreateKey_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE hWrappingKey, /* in */ + TPM_ENCAUTH KeyUsageAuth, /* in */ + TPM_HMAC MigAuthApproval, /* in */ + TPM_DIGEST MigAuthorityDigest, /* in */ + UINT32* keyDataSize, /* in, out */ + BYTE** prgbKeyData, /* in, out */ + TPM_AUTH* pAuth) /* in, out */ +{ + TSS_RESULT result; + UINT64 offset = 0; + UINT32 paramSize; + UINT32 parentSlot; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebugFn("Enter"); + + if ((result = ctx_verify_context(hContext))) { + free(*prgbKeyData); + return result; + } + + if ((result = get_slot(hContext, hWrappingKey, &parentSlot))) { + free(*prgbKeyData); + return result; + } + + if (pAuth) { + if ((result = auth_mgr_check(hContext, &pAuth->AuthHandle))) { + free(*prgbKeyData); + return result; + } + } + + if ((result = tpm_rqu_build(TPM_ORD_CMK_CreateKey, &offset, txBlob, + parentSlot, &KeyUsageAuth, *keyDataSize, *prgbKeyData, + &MigAuthApproval, &MigAuthorityDigest, pAuth))) { + free(*prgbKeyData); + goto done; + } + free(*prgbKeyData); + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_CMK_CreateKey, txBlob, paramSize, + keyDataSize, prgbKeyData, pAuth); + } + + LogResult("CMK_SetRestrictions", result); + +done: + auth_mgr_release_auth(pAuth, NULL, hContext); + + return result; +} + +TSS_RESULT +TCSP_CMK_CreateTicket_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 PublicVerifyKeySize, /* in */ + BYTE* PublicVerifyKey, /* in */ + TPM_DIGEST SignedData, /* in */ + UINT32 SigValueSize, /* in */ + BYTE* SigValue, /* in */ + TPM_AUTH* pOwnerAuth, /* in, out */ + TPM_HMAC* SigTicket) /* out */ +{ + TSS_RESULT result; + UINT64 offset = 0; + UINT32 paramSize; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebugFn("Enter"); + + if ((result = ctx_verify_context(hContext))) + return result; + + if ((result = auth_mgr_check(hContext, &pOwnerAuth->AuthHandle))) + return result; + + if ((result = tpm_rqu_build(TPM_ORD_CMK_CreateTicket, &offset, txBlob, + PublicVerifyKeySize, PublicVerifyKey, &SignedData, + SigValueSize, SigValue, pOwnerAuth))) + goto done; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_CMK_CreateTicket, txBlob, paramSize, + SigTicket, pOwnerAuth); + } + + LogResult("CMK_SetRestrictions", result); + +done: + auth_mgr_release_auth(pOwnerAuth, NULL, hContext); + + return result; +} + +TSS_RESULT +TCSP_CMK_CreateBlob_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE parentHandle, /* in */ + TSS_MIGRATE_SCHEME migrationType, /* in */ + UINT32 MigrationKeyAuthSize, /* in */ + BYTE* MigrationKeyAuth, /* in */ + TPM_DIGEST PubSourceKeyDigest, /* in */ + UINT32 msaListSize, /* in */ + BYTE* msaList, /* in */ + UINT32 restrictTicketSize, /* in */ + BYTE* restrictTicket, /* in */ + UINT32 sigTicketSize, /* in */ + BYTE* sigTicket, /* in */ + UINT32 encDataSize, /* in */ + BYTE* encData, /* in */ + TPM_AUTH* parentAuth, /* in, out */ + UINT32* randomSize, /* out */ + BYTE** random, /* out */ + UINT32* outDataSize, /* out */ + BYTE** outData) /* out */ +{ + TSS_RESULT result; + UINT64 offset = 0; + UINT32 paramSize; + UINT32 parentSlot; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebugFn("Enter"); + + if ((result = ctx_verify_context(hContext))) + return result; + + if ((result = get_slot(hContext, parentHandle, &parentSlot))) + return result; + + if (parentAuth) { + if ((result = auth_mgr_check(hContext, &parentAuth->AuthHandle))) + return result; + } + + if ((result = tpm_rqu_build(TPM_ORD_CMK_CreateBlob, &offset, txBlob, + parentSlot, migrationType, MigrationKeyAuthSize, + MigrationKeyAuth, &PubSourceKeyDigest, msaListSize, msaList, + restrictTicketSize, restrictTicket, sigTicketSize, sigTicket, + encDataSize, encData, parentAuth))) + goto done; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_CMK_CreateBlob, txBlob, paramSize, + randomSize, random, outDataSize, outData, parentAuth, NULL); + } + + LogResult("CMK_SetRestrictions", result); + +done: + auth_mgr_release_auth(parentAuth, NULL, hContext); + + return result; +} + +TSS_RESULT +TCSP_CMK_ConvertMigration_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE parentHandle, /* in */ + TPM_CMK_AUTH restrictTicket, /* in */ + TPM_HMAC sigTicket, /* in */ + UINT32 keyDataSize, /* in */ + BYTE* prgbKeyData, /* in */ + UINT32 msaListSize, /* in */ + BYTE* msaList, /* in */ + UINT32 randomSize, /* in */ + BYTE* random, /* in */ + TPM_AUTH* parentAuth, /* in, out */ + UINT32* outDataSize, /* out */ + BYTE** outData) /* out */ +{ + TSS_RESULT result; + UINT64 offset = 0; + UINT32 paramSize; + UINT32 parentSlot; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebugFn("Enter"); + + if ((result = ctx_verify_context(hContext))) + return result; + + if ((result = get_slot(hContext, parentHandle, &parentSlot))) + return result; + + if (parentAuth) { + if ((result = auth_mgr_check(hContext, &parentAuth->AuthHandle))) + return result; + } + + if ((result = tpm_rqu_build(TPM_ORD_CMK_ConvertMigration, &offset, txBlob, + parentSlot, &restrictTicket, &sigTicket, + keyDataSize, prgbKeyData, msaListSize, msaList, + randomSize, random, parentAuth))) + goto done; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_CMK_ConvertMigration, txBlob, paramSize, + outDataSize, outData, parentAuth, NULL); + } + + LogResult("CMK_SetRestrictions", result); + +done: + auth_mgr_release_auth(parentAuth, NULL, hContext); + + return result; +} + diff --git a/src/tcs/tcsi_context.c b/src/tcs/tcsi_context.c new file mode 100644 index 0000000..d6fe606 --- /dev/null +++ b/src/tcs/tcsi_context.c @@ -0,0 +1,62 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + + +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" + + +TSS_RESULT +TCS_OpenContext_Internal(TCS_CONTEXT_HANDLE * hContext) /* out */ +{ + *hContext = make_context(); + if (*hContext == 0) + return TCSERR(TSS_E_OUTOFMEMORY); + + return TSS_SUCCESS; +} + +TSS_RESULT +TCS_CloseContext_Internal(TCS_CONTEXT_HANDLE hContext) /* in */ +{ + TSS_RESULT result; + + LogDebug("Closing context %.8X", hContext); + + if ((result = ctx_verify_context(hContext))) + return result; + + destroy_context(hContext); + + /* close all auth handles associated with hContext */ + auth_mgr_close_context(hContext); + + KEY_MGR_ref_count(); + + LogDebug("Context %.8X closed", hContext); + return TSS_SUCCESS; +} + +TSS_RESULT +TCS_FreeMemory_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + BYTE *pMemory) /* in */ +{ + free(pMemory); + + return TSS_SUCCESS; +} diff --git a/src/tcs/tcsi_counter.c b/src/tcs/tcsi_counter.c new file mode 100644 index 0000000..edba088 --- /dev/null +++ b/src/tcs/tcsi_counter.c @@ -0,0 +1,212 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsps.h" +#include "req_mgr.h" + + +TSS_RESULT +TCSP_ReadCounter_Internal(TCS_CONTEXT_HANDLE hContext, + TSS_COUNTER_ID idCounter, + TPM_COUNTER_VALUE* counterValue) +{ + TSS_RESULT result; + UINT32 paramSize; + UINT64 offset = 0; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + if ((result = ctx_verify_context(hContext))) + return result; + + if ((result = tpm_rqu_build(TPM_ORD_ReadCounter, &offset, txBlob, idCounter, NULL))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + goto out; + + if ((result = UnloadBlob_Header(txBlob, ¶mSize))) { + LogDebugFn("TPM_ReadCounter failed: rc=0x%x", result); + goto out; + } + + if (!result) { + result = tpm_rsp_parse(TPM_ORD_ReadCounter, txBlob, paramSize, NULL, counterValue, + NULL); + } + +out: + return result; +} + +TSS_RESULT +TCSP_CreateCounter_Internal(TCS_CONTEXT_HANDLE hContext, + UINT32 LabelSize, + BYTE* pLabel, + TPM_ENCAUTH CounterAuth, + TPM_AUTH* pOwnerAuth, + TSS_COUNTER_ID* idCounter, + TPM_COUNTER_VALUE* counterValue) +{ + TSS_RESULT result; + UINT32 paramSize; + UINT64 offset = 0; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + if (LabelSize != 4) { + LogDebugFn("BAD_PARAMETER: LabelSize != 4"); + return TCSERR(TSS_E_BAD_PARAMETER); + } + + if ((result = ctx_verify_context(hContext))) + return result; + + if ((result = auth_mgr_check(hContext, &pOwnerAuth->AuthHandle))) + return result; + + if ((result = tpm_rqu_build(TPM_ORD_CreateCounter, &offset, txBlob, CounterAuth.authdata, + LabelSize, pLabel, pOwnerAuth))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + goto out; + + if ((result = UnloadBlob_Header(txBlob, ¶mSize))) { + LogDebugFn("TPM_CreateCounter failed: rc=0x%x", result); + goto out; + } + + if (!result) { + result = tpm_rsp_parse(TPM_ORD_CreateCounter, txBlob, paramSize, idCounter, + counterValue, pOwnerAuth); + } + +out: + return result; +} + +TSS_RESULT +TCSP_IncrementCounter_Internal(TCS_CONTEXT_HANDLE hContext, + TSS_COUNTER_ID idCounter, + TPM_AUTH* pCounterAuth, + TPM_COUNTER_VALUE* counterValue) +{ + TSS_RESULT result; + UINT32 paramSize; + UINT64 offset = 0; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + if ((result = ctx_verify_context(hContext))) + return result; + + if ((result = auth_mgr_check(hContext, &pCounterAuth->AuthHandle))) + return result; + + if ((result = tpm_rqu_build(TPM_ORD_IncrementCounter, &offset, txBlob, idCounter, + pCounterAuth))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + goto out; + + if ((result = UnloadBlob_Header(txBlob, ¶mSize))) { + LogDebugFn("UnloadBlob_Header failed: rc=0x%x", result); + goto out; + } + + if (!result) { + result = tpm_rsp_parse(TPM_ORD_IncrementCounter, txBlob, paramSize, NULL, + counterValue, pCounterAuth); + } +out: + return result; +} + +TSS_RESULT +TCSP_ReleaseCounter_Internal(TCS_CONTEXT_HANDLE hContext, + TSS_COUNTER_ID idCounter, + TPM_AUTH* pCounterAuth) +{ + TSS_RESULT result; + UINT32 paramSize; + UINT64 offset = 0; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + if ((result = ctx_verify_context(hContext))) + return result; + + if ((result = auth_mgr_check(hContext, &pCounterAuth->AuthHandle))) + return result; + + if ((result = tpm_rqu_build(TPM_ORD_ReleaseCounter, &offset, txBlob, idCounter, + pCounterAuth))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + goto out; + + if ((result = UnloadBlob_Header(txBlob, ¶mSize))) { + LogDebugFn("UnloadBlob_Header failed: rc=0x%x", result); + goto out; + } + + if (!result) { + result = tpm_rsp_parse(TPM_ORD_ReleaseCounter, txBlob, paramSize, pCounterAuth); + } +out: + return result; +} + +TSS_RESULT +TCSP_ReleaseCounterOwner_Internal(TCS_CONTEXT_HANDLE hContext, + TSS_COUNTER_ID idCounter, + TPM_AUTH* pOwnerAuth) +{ + TSS_RESULT result; + UINT32 paramSize; + UINT64 offset = 0; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + if ((result = ctx_verify_context(hContext))) + return result; + + if ((result = auth_mgr_check(hContext, &pOwnerAuth->AuthHandle))) + return result; + + if ((result = tpm_rqu_build(TPM_ORD_ReleaseCounterOwner, &offset, txBlob, idCounter, + pOwnerAuth))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + goto out; + + if ((result = UnloadBlob_Header(txBlob, ¶mSize))) { + LogDebugFn("UnloadBlob_Header failed: rc=0x%x", result); + goto out; + } + + if (!result) { + result = tpm_rsp_parse(TPM_ORD_ReleaseCounterOwner, txBlob, paramSize, pOwnerAuth); + } +out: + return result; +} + diff --git a/src/tcs/tcsi_daa.c b/src/tcs/tcsi_daa.c new file mode 100644 index 0000000..293f4b3 --- /dev/null +++ b/src/tcs/tcsi_daa.c @@ -0,0 +1,192 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcsps.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "req_mgr.h" +#include "tcsd_wrap.h" +#include "tcsd.h" + + +TSS_RESULT +TCSP_DaaJoin_internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TPM_HANDLE handle, /* in */ + BYTE stage, /* in */ + UINT32 inputSize0, /* in */ + BYTE *inputData0, /* in */ + UINT32 inputSize1, /* in */ + BYTE *inputData1, /* in */ + TPM_AUTH * ownerAuth, /* in, out */ + UINT32 *outputSize, /* out */ + BYTE **outputData) /* out */ +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebugFn("Enter"); + if ( (result = ctx_verify_context(hContext)) != TSS_SUCCESS) + return result; + if( (result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)) != TSS_SUCCESS) + goto done; + +#if 0 + offset = 10; + LoadBlob_UINT32( &offset, handle, txBlob); + LogDebug("load BYTE: stage: %x", stage); + LoadBlob( &offset, sizeof(BYTE), txBlob, &stage); + + LogDebug("load UNIT32: inputSize0: %x (oldOffset=%" PRIu64 ")", inputSize0, offset); + LoadBlob_UINT32(&offset, inputSize0, txBlob); + LogDebug("load Data: inputData0: %X (oldOffset=%" PRIu64 ")", (int)inputData0, offset); + LoadBlob(&offset, inputSize0, txBlob, inputData0); + LogDebug("load UINT32: inputSize1:%x (oldOffset=%" PRIu64 ")", inputSize1, offset); + LoadBlob_UINT32(&offset, inputSize1, txBlob); + if( inputSize1>0) { + LogDebug("load Data: inputData1: %X (oldOffset=%" PRIu64 ")", (int)inputData1, offset); + LoadBlob(&offset, inputSize1, txBlob, inputData1); + } + LogDebug("load Auth: ownerAuth: %X (oldOffset=%" PRIu64 ")", (int)ownerAuth, offset); + LoadBlob_Auth(&offset, txBlob, ownerAuth); + + LogDebug("load Header: ordinal: %X (oldOffset=%" PRIu64 ")", TPM_ORD_DAA_Join, offset); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, offset, TPM_ORD_DAA_Join, txBlob); +#else + if ((result = tpm_rqu_build(TPM_ORD_DAA_Join, &offset, txBlob, handle, stage, inputSize0, + inputData0, inputSize1, inputData1, ownerAuth))) + goto done; +#endif + + LogDebug("req_mgr_submit_req (oldOffset=%" PRIu64 ")", offset); + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + LogDebug("UnloadBlob (paramSize=%d) result=%d", paramSize, result); + if (!result) { +#if 0 + offset = 10; + UnloadBlob_UINT32( &offset, outputSize, txBlob); + LogDebug("Unload outputSize=%d", *outputSize); + *outputData = malloc(*outputSize); + if( *outputData == NULL) { + LogError("malloc of %u bytes failed.", *outputSize); + result = TCSERR(TSS_E_OUTOFMEMORY); + goto done; + } + LogDebug("Unload outputData"); + UnloadBlob( &offset, *outputSize, txBlob, *outputData); + LogDebug("Unload Auth"); + UnloadBlob_Auth(&offset, txBlob, ownerAuth); +#else + result = tpm_rsp_parse(TPM_ORD_DAA_Join, txBlob, paramSize, outputSize, outputData, + ownerAuth); +#endif + } +done: + LogDebug("Leaving DaaJoin with result:%d", result); + auth_mgr_release_auth(ownerAuth, NULL, hContext); + return result; +} + +TSS_RESULT TCSP_DaaSign_internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TPM_HANDLE handle, /* in */ + BYTE stage, /* in */ + UINT32 inputSize0, /* in */ + BYTE *inputData0, /* in */ + UINT32 inputSize1, /* in */ + BYTE *inputData1, /* in */ + TPM_AUTH * ownerAuth, /* in, out */ + UINT32 *outputSize, /* out */ + BYTE **outputData) /* out */ +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebugFn("Enter"); + if ( (result = ctx_verify_context(hContext)) != TSS_SUCCESS) + return result; + + if( (result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)) != TSS_SUCCESS) + goto done; + +#if 0 + offset = 10; + LoadBlob_UINT32( &offset, handle, txBlob); + LogDebug("load BYTE: stage: %x", stage); + LoadBlob( &offset, sizeof(BYTE), txBlob, &stage); + + LogDebug("load UNIT32: inputSize0: %x (oldOffset=%" PRIu64 ")", inputSize0, offset); + LoadBlob_UINT32(&offset, inputSize0, txBlob); + LogDebug("load Data: inputData0: %X (oldOffset=%" PRIu64 ")", (int)inputData0, offset); + LoadBlob(&offset, inputSize0, txBlob, inputData0); + LogDebug("load UINT32: inputSize1:%x (oldOffset=%" PRIu64 ")", inputSize1, offset); + LoadBlob_UINT32(&offset, inputSize1, txBlob); + if( inputSize1>0) { + LogDebug("load Data: inputData1: %X (oldOffset=%" PRIu64 ")", (int)inputData1, offset); + LoadBlob(&offset, inputSize1, txBlob, inputData1); + } + LogDebug("load Auth: ownerAuth: %X (oldOffset=%" PRIu64 ")", (int)ownerAuth, offset); + LoadBlob_Auth(&offset, txBlob, ownerAuth); + + LogDebug("load Header: ordinal: %X (oldOffset=%" PRIu64 ")", TPM_ORD_DAA_Sign, offset); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, offset, TPM_ORD_DAA_Sign, txBlob); +#else + if ((result = tpm_rqu_build(TPM_ORD_DAA_Sign, &offset, txBlob, handle, stage, inputSize0, + inputData0, inputSize1, inputData1, ownerAuth))) + goto done; +#endif + + LogDebug("req_mgr_submit_req (oldOffset=%" PRIu64 ")", offset); + if ((result = req_mgr_submit_req(txBlob))) goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + LogDebug("UnloadBlob (paramSize=%d) result=%d", paramSize, result); + if (!result) { +#if 0 + offset = 10; + UnloadBlob_UINT32( &offset, outputSize, txBlob); + LogDebug("Unload outputSize=%d", *outputSize); + *outputData = malloc(*outputSize); + if( *outputData == NULL) { + LogError("malloc of %u bytes failed.", *outputSize); + result = TCSERR(TSS_E_OUTOFMEMORY); + goto done; + } + LogDebug("Unload outputData"); + UnloadBlob(&offset, *outputSize, txBlob, *outputData); + LogDebug("Unload Auth"); + UnloadBlob_Auth(&offset, txBlob, ownerAuth); +#else + result = tpm_rsp_parse(TPM_ORD_DAA_Sign, txBlob, paramSize, outputSize, outputData, + ownerAuth); +#endif + } +done: + LogDebug("Leaving DaaSign with result:%d", result); + auth_mgr_release_auth(ownerAuth, NULL, hContext); + return result; +} + diff --git a/src/tcs/tcsi_delegate.c b/src/tcs/tcsi_delegate.c new file mode 100644 index 0000000..b46501c --- /dev/null +++ b/src/tcs/tcsi_delegate.c @@ -0,0 +1,366 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_utils.h" +#include "tcslog.h" +#include "req_mgr.h" + +TSS_RESULT +TCSP_Delegate_Manage_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TPM_FAMILY_ID familyID, /* in */ + TPM_FAMILY_OPERATION opFlag, /* in */ + UINT32 opDataSize, /* in */ + BYTE *opData, /* in */ + TPM_AUTH *ownerAuth, /* in/out */ + UINT32 *retDataSize, /* out */ + BYTE **retData) /* out */ +{ + TSS_RESULT result; + UINT64 offset = 0; + UINT32 paramSize; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebugFn("Enter"); + + if ((result = ctx_verify_context(hContext))) + return result; + + if (ownerAuth) { + if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) + return result; + } + + if ((result = tpm_rqu_build(TPM_ORD_Delegate_Manage, &offset, txBlob, familyID, opFlag, + opDataSize, opData, ownerAuth))) + goto done; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_Delegate_Manage, txBlob, paramSize, retDataSize, + retData, ownerAuth, NULL); + } + + LogResult("Delegate_Manage", result); + +done: + auth_mgr_release_auth(ownerAuth, NULL, hContext); + + return result; +} + +TSS_RESULT +TCSP_Delegate_CreateKeyDelegation_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE hKey, /* in */ + UINT32 publicInfoSize, /* in */ + BYTE *publicInfo, /* in */ + TPM_ENCAUTH *encDelAuth, /* in */ + TPM_AUTH *keyAuth, /* in, out */ + UINT32 *blobSize, /* out */ + BYTE **blob) /* out */ +{ + TSS_RESULT result; + TCPA_KEY_HANDLE keySlot; + UINT64 offset = 0; + UINT32 paramSize; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebugFn("Enter"); + + if ((result = ctx_verify_context(hContext))) + return result; + + if (keyAuth) { + if ((result = auth_mgr_check(hContext, &keyAuth->AuthHandle))) + return result; + } + + if ((result = ensureKeyIsLoaded(hContext, hKey, &keySlot))) + goto done; + + if ((result = tpm_rqu_build(TPM_ORD_Delegate_CreateKeyDelegation, &offset, txBlob, keySlot, + publicInfoSize, publicInfo, encDelAuth, keyAuth))) + goto done; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_Delegate_CreateKeyDelegation, txBlob, paramSize, + blobSize, blob, keyAuth, NULL); + } + + LogResult("Delegate_CreateKeyDelegation", result); + +done: + auth_mgr_release_auth(keyAuth, NULL, hContext); + + return result; +} + +TSS_RESULT +TCSP_Delegate_CreateOwnerDelegation_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TSS_BOOL increment, /* in */ + UINT32 publicInfoSize, /* in */ + BYTE *publicInfo, /* in */ + TPM_ENCAUTH *encDelAuth, /* in */ + TPM_AUTH *ownerAuth, /* in, out */ + UINT32 *blobSize, /* out */ + BYTE **blob) /* out */ +{ + TSS_RESULT result; + UINT64 offset = 0; + UINT32 paramSize; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebugFn("Enter"); + + if ((result = ctx_verify_context(hContext))) + return result; + + if (ownerAuth) { + if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) + return result; + } + + if ((result = tpm_rqu_build(TPM_ORD_Delegate_CreateOwnerDelegation, &offset, txBlob, + increment, publicInfoSize, publicInfo, encDelAuth, ownerAuth))) + goto done; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_Delegate_CreateOwnerDelegation, txBlob, paramSize, + blobSize, blob, ownerAuth, NULL); + } + + LogResult("Delegate_CreateOwnerDelegation", result); + +done: + auth_mgr_release_auth(ownerAuth, NULL, hContext); + + return result; +} + +TSS_RESULT +TCSP_Delegate_LoadOwnerDelegation_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TPM_DELEGATE_INDEX index, /* in */ + UINT32 blobSize, /* in */ + BYTE *blob, /* in */ + TPM_AUTH *ownerAuth) /* in, out */ +{ + TSS_RESULT result; + UINT64 offset = 0; + UINT32 paramSize; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebugFn("Enter"); + + if ((result = ctx_verify_context(hContext))) + return result; + + if (ownerAuth) { + if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) + return result; + } + + if ((result = tpm_rqu_build(TPM_ORD_Delegate_LoadOwnerDelegation, &offset, txBlob, index, + blobSize, blob, ownerAuth))) + goto done; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_Delegate_LoadOwnerDelegation, txBlob, paramSize, + ownerAuth); + } + + LogResult("Delegate_LoadOwnerDelegation", result); + +done: + auth_mgr_release_auth(ownerAuth, NULL, hContext); + + return result; +} + +TSS_RESULT +TCSP_Delegate_ReadTable_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 *familyTableSize, /* out */ + BYTE **familyTable, /* out */ + UINT32 *delegateTableSize, /* out */ + BYTE **delegateTable) /* out */ +{ + TSS_RESULT result; + UINT64 offset = 0; + UINT32 paramSize; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebugFn("Enter"); + + if ((result = ctx_verify_context(hContext))) + return result; + + if ((result = tpm_rqu_build(TPM_ORD_Delegate_ReadTable, &offset, txBlob, NULL))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + return result; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_Delegate_ReadTable, txBlob, paramSize, + familyTableSize, familyTable, delegateTableSize, + delegateTable, NULL, NULL); + } + + LogResult("Delegate_ReadTable", result); + + return result; +} + +TSS_RESULT +TCSP_Delegate_UpdateVerificationCount_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 inputSize, /* in */ + BYTE *input, /* in */ + TPM_AUTH *ownerAuth, /* in, out */ + UINT32 *outputSize, /* out */ + BYTE **output) /* out */ +{ + TSS_RESULT result; + UINT64 offset = 0; + UINT32 paramSize; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebugFn("Enter"); + + if ((result = ctx_verify_context(hContext))) + return result; + + if (ownerAuth) { + if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) + return result; + } + + if ((result = tpm_rqu_build(TPM_ORD_Delegate_UpdateVerification, &offset, txBlob, inputSize, + inputSize, input, ownerAuth, NULL))) + goto done; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_Delegate_UpdateVerification, txBlob, paramSize, + outputSize, output, ownerAuth, NULL); + } + + LogResult("Delegate_UpdateVerificationCount", result); + +done: + auth_mgr_release_auth(ownerAuth, NULL, hContext); + + return result; +} + +TSS_RESULT +TCSP_Delegate_VerifyDelegation_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 delegateSize, /* in */ + BYTE *delegate) /* in */ +{ + TSS_RESULT result; + UINT64 offset = 0; + UINT32 paramSize; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebugFn("Enter"); + + if ((result = ctx_verify_context(hContext))) + return result; + + if ((result = tpm_rqu_build(TPM_ORD_Delegate_VerifyDelegation, &offset, txBlob, + delegateSize, delegateSize, delegate, NULL, NULL))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + return result; + + result = UnloadBlob_Header(txBlob, ¶mSize); + + LogResult("Delegate_VerifyDelegation", result); + + return result; +} + +TSS_RESULT +TCSP_DSAP_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TPM_ENTITY_TYPE entityType, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + TPM_NONCE *nonceOddDSAP, /* in */ + UINT32 entityValueSize, /* in */ + BYTE *entityValue, /* in */ + TCS_AUTHHANDLE *authHandle, /* out */ + TPM_NONCE *nonceEven, /* out */ + TPM_NONCE *nonceEvenDSAP) /* out */ +{ + TSS_RESULT result; + UINT64 offset = 0; + UINT32 paramSize; + TPM_KEY_HANDLE tpmKeyHandle; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebugFn("Enter"); + + if ((result = ctx_verify_context(hContext))) + return result; + + if (ensureKeyIsLoaded(hContext, keyHandle, &tpmKeyHandle)) + return TCSERR(TSS_E_KEY_NOT_LOADED); + + /* are the maximum number of auth sessions open? */ + if (auth_mgr_req_new(hContext) == FALSE) { + if ((result = auth_mgr_swap_out(hContext))) + goto done; + } + + if ((result = tpm_rqu_build(TPM_ORD_DSAP, &offset, txBlob, entityType, tpmKeyHandle, + nonceOddDSAP, entityValueSize, entityValue))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + return result; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + if ((result = tpm_rsp_parse(TPM_ORD_DSAP, txBlob, paramSize, authHandle, + nonceEven->nonce, nonceEvenDSAP->nonce))) + goto done; + + /* success, add an entry to the table */ + result = auth_mgr_add(hContext, *authHandle); + } +done: + LogResult("DSAP", result); + + return result; +} diff --git a/src/tcs/tcsi_dir.c b/src/tcs/tcsi_dir.c new file mode 100644 index 0000000..9d5030a --- /dev/null +++ b/src/tcs/tcsi_dir.c @@ -0,0 +1,103 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcsps.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "req_mgr.h" +#include "tcsd_wrap.h" +#include "tcsd.h" + +TSS_RESULT +TCSP_DirWriteAuth_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_DIRINDEX dirIndex, /* in */ + TCPA_DIRVALUE newContents, /* in */ + TPM_AUTH * ownerAuth) /* in, out */ +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering dirwriteauth"); + if ((result = ctx_verify_context(hContext))) + goto done; + + if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) + goto done; + + if (dirIndex > tpm_metrics.num_dirs) { + result = TCSERR(TSS_E_BAD_PARAMETER); + goto done; + } + + if ((result = tpm_rqu_build(TPM_ORD_DirWriteAuth, &offset, txBlob, dirIndex, + TPM_DIGEST_SIZE, newContents.digest, ownerAuth, NULL))) + goto done; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + + if (!result) { + result = tpm_rsp_parse(TPM_ORD_DirWriteAuth, txBlob, paramSize, ownerAuth); + } + LogResult("DirWriteAuth", result); +done: + auth_mgr_release_auth(ownerAuth, NULL, hContext); + return result; +} + +TSS_RESULT +TCSP_DirRead_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_DIRINDEX dirIndex, /* in */ + TCPA_DIRVALUE * dirValue) /* out */ +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering DirRead"); + if ((result = ctx_verify_context(hContext))) + return result; + + if (dirValue == NULL) + return TCSERR(TSS_E_BAD_PARAMETER); + + if (dirIndex > tpm_metrics.num_dirs) + return TCSERR(TSS_E_BAD_PARAMETER); + + if ((result = tpm_rqu_build(TPM_ORD_DirRead, &offset, txBlob, dirIndex, NULL))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + return result; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_DirRead, txBlob, paramSize, NULL, dirValue->digest); + } + LogResult("DirRead", result); + return result; +} + diff --git a/src/tcs/tcsi_ek.c b/src/tcs/tcsi_ek.c new file mode 100644 index 0000000..34388da --- /dev/null +++ b/src/tcs/tcsi_ek.c @@ -0,0 +1,226 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004, 2007 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcsps.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "req_mgr.h" +#include "tcsd_wrap.h" +#include "tcsd.h" + +TSS_RESULT +TCSP_CreateEndorsementKeyPair_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_NONCE antiReplay, /* in */ + UINT32 endorsementKeyInfoSize, /* in */ + BYTE * endorsementKeyInfo, /* in */ + UINT32 * endorsementKeySize, /* out */ + BYTE ** endorsementKey, /* out */ + TCPA_DIGEST * checksum) /* out */ +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + if ((result = ctx_verify_context(hContext))) + return result; + + if ((result = tpm_rqu_build(TPM_ORD_CreateEndorsementKeyPair, &offset, txBlob, + antiReplay.nonce, endorsementKeyInfoSize, + endorsementKeyInfo))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + return result; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_CreateEndorsementKeyPair, txBlob, paramSize, + endorsementKeySize, endorsementKey, checksum->digest); + } + LogDebug("Leaving CreateEKPair with result: 0x%x", result); + return result; +} + +TSS_RESULT +TCSP_ReadPubek_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_NONCE antiReplay, /* in */ + UINT32 * pubEndorsementKeySize, /* out */ + BYTE ** pubEndorsementKey, /* out */ + TCPA_DIGEST * checksum) /* out */ +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebugFn("Enter"); + + if ((result = ctx_verify_context(hContext))) + return result; + + if ((result = tpm_rqu_build(TPM_ORD_ReadPubek, &offset, txBlob, TPM_NONCE_SIZE, + antiReplay.nonce))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + return result; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_ReadPubek, txBlob, paramSize, pubEndorsementKeySize, + pubEndorsementKey, checksum->digest); + } + LogDebugFn("result: 0x%x", result); + return result; +} + +TSS_RESULT +TCSP_DisablePubekRead_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TPM_AUTH * ownerAuth) /* in, out */ +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("DisablePubekRead"); + + if ((result = ctx_verify_context(hContext))) + goto done; + + if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) + goto done; + + if ((result = tpm_rqu_build(TPM_ORD_DisablePubekRead, &offset, txBlob, ownerAuth))) + goto done; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_DisablePubekRead, txBlob, paramSize, ownerAuth); + } +done: + auth_mgr_release_auth(ownerAuth, NULL, hContext); + return result; +} + +TSS_RESULT +TCSP_OwnerReadPubek_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TPM_AUTH * ownerAuth, /* in, out */ + UINT32 * pubEndorsementKeySize, /* out */ + BYTE ** pubEndorsementKey) /* out */ +{ + UINT32 paramSize; + TSS_RESULT result; + UINT64 offset = 0; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering OwnerReadPubek"); + + if ((result = ctx_verify_context(hContext))) + goto done; + + if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) + goto done; + + if ((result = tpm_rqu_build(TPM_ORD_OwnerReadPubek, &offset, txBlob, ownerAuth))) + goto done; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + + if (!result) { + result = tpm_rsp_parse(TPM_ORD_OwnerReadPubek, txBlob, paramSize, + pubEndorsementKeySize, pubEndorsementKey, ownerAuth); + } + LogResult("Owner Read Pubek", result); +done: + auth_mgr_release_auth(ownerAuth, NULL, hContext); + return result; +} + +TSS_RESULT +TCSP_CreateRevocableEndorsementKeyPair_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TPM_NONCE antiReplay, /* in */ + UINT32 endorsementKeyInfoSize, /* in */ + BYTE * endorsementKeyInfo, /* in */ + TSS_BOOL genResetAuth, /* in */ + TPM_DIGEST * eKResetAuth, /* in, out */ + UINT32 * endorsementKeySize, /* out */ + BYTE ** endorsementKey, /* out */ + TPM_DIGEST * checksum) /* out */ +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + if ((result = ctx_verify_context(hContext))) + return result; + + if ((result = tpm_rqu_build(TPM_ORD_CreateRevocableEK, &offset, txBlob, + antiReplay.nonce, endorsementKeyInfoSize, + endorsementKeyInfo, genResetAuth, eKResetAuth->digest))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + return result; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_CreateRevocableEK, txBlob, paramSize, + endorsementKeySize, endorsementKey, checksum->digest, + eKResetAuth->digest); + } + + LogDebug("Leaving CreateRevocableEKPair with result: 0x%x", result); + return result; +} + +TSS_RESULT +TCSP_RevokeEndorsementKeyPair_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TPM_DIGEST EKResetAuth) /* in */ +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + if ((result = ctx_verify_context(hContext))) + return result; + + if ((result = tpm_rqu_build(TPM_ORD_RevokeTrust, &offset, txBlob, EKResetAuth.digest))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + return result; + + result = UnloadBlob_Header(txBlob, ¶mSize); + + LogDebug("Leaving RevokeEKPair with result: 0x%x", result); + return result; +} + diff --git a/src/tcs/tcsi_evlog.c b/src/tcs/tcsi_evlog.c new file mode 100644 index 0000000..7d49600 --- /dev/null +++ b/src/tcs/tcsi_evlog.c @@ -0,0 +1,388 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcslog.h" +#include "tcsem.h" + + +TSS_RESULT +TCS_LogPcrEvent_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TSS_PCR_EVENT Event, /* in */ + UINT32 *pNumber) /* out */ +{ + TSS_RESULT result; + + if((result = ctx_verify_context(hContext))) + return result; + + if(Event.ulPcrIndex >= tpm_metrics.num_pcrs) + return TCSERR(TSS_E_BAD_PARAMETER); + + if (tcsd_options.kernel_pcrs & (1 << Event.ulPcrIndex)) { + LogInfo("PCR %d is configured to be kernel controlled. Event logging denied.", + Event.ulPcrIndex); + return TCSERR(TSS_E_FAIL); + } + + if (tcsd_options.firmware_pcrs & (1 << Event.ulPcrIndex)) { + LogInfo("PCR %d is configured to be firmware controlled. Event logging denied.", + Event.ulPcrIndex); + return TCSERR(TSS_E_FAIL); + } + + return event_log_add(&Event, pNumber); +} + +/* This routine will handle creating the TSS_PCR_EVENT structures from log + * data produced by an external source. The external source in mind here + * is the log of PCR extends done by the kernel from beneath the TSS + * (via direct calls to the device driver). + */ +TSS_RESULT +TCS_GetExternalPcrEvent(UINT32 PcrIndex, /* in */ + UINT32 *pNumber, /* in, out */ + TSS_PCR_EVENT **ppEvent) /* out */ +{ + FILE *log_handle; + char *source; + + if (tcsd_options.kernel_pcrs & (1 << PcrIndex)) { + source = tcsd_options.kernel_log_file; + + if (tcs_event_log->kernel_source != NULL) { + if (tcs_event_log->kernel_source->open((void *)source, + (FILE **) &log_handle)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (tcs_event_log->kernel_source->get_entry(log_handle, PcrIndex, + pNumber, ppEvent)) { + tcs_event_log->kernel_source->close(log_handle); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + tcs_event_log->kernel_source->close(log_handle); + } else { + LogError("No source for externel kernel events was compiled in, but " + "the tcsd is configured to use one! (see %s)", + tcsd_config_file); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } else if (tcsd_options.firmware_pcrs & (1 << PcrIndex)) { + source = tcsd_options.firmware_log_file; + + if (tcs_event_log->firmware_source != NULL) { + if (tcs_event_log->firmware_source->open((void *)source, &log_handle)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (tcs_event_log->firmware_source->get_entry(log_handle, PcrIndex, + pNumber, ppEvent)) { + tcs_event_log->firmware_source->close(log_handle); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + tcs_event_log->firmware_source->close(log_handle); + } else { + LogError("No source for externel firmware events was compiled in, but " + "the tcsd is configured to use one! (see %s)", + tcsd_config_file); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } else { + LogError("PCR index %d not flagged as kernel or firmware controlled.", PcrIndex); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + return TSS_SUCCESS; +} + +TSS_RESULT +TCS_GetPcrEvent_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 PcrIndex, /* in */ + UINT32 *pNumber, /* in, out */ + TSS_PCR_EVENT **ppEvent) /* out */ +{ + TSS_RESULT result; + TSS_PCR_EVENT *event; + + if ((result = ctx_verify_context(hContext))) + return result; + + if(PcrIndex >= tpm_metrics.num_pcrs) + return TCSERR(TSS_E_BAD_PARAMETER); + + /* if this is a kernel or firmware controlled PCR, call an external routine */ + if ((tcsd_options.kernel_pcrs & (1 << PcrIndex)) || + (tcsd_options.firmware_pcrs & (1 << PcrIndex))) { + MUTEX_LOCK(tcs_event_log->lock); + result = TCS_GetExternalPcrEvent(PcrIndex, pNumber, ppEvent); + MUTEX_UNLOCK(tcs_event_log->lock); + + return result; + } + + if (ppEvent == NULL) { + MUTEX_LOCK(tcs_event_log->lock); + + *pNumber = get_num_events(PcrIndex); + + MUTEX_UNLOCK(tcs_event_log->lock); + } else { + *ppEvent = calloc(1, sizeof(TSS_PCR_EVENT)); + if (*ppEvent == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(TSS_PCR_EVENT)); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + event = get_pcr_event(PcrIndex, *pNumber); + if (event == NULL) { + free(*ppEvent); + return TCSERR(TSS_E_BAD_PARAMETER); + } + + if ((result = copy_pcr_event(*ppEvent, event))) { + free(*ppEvent); + return result; + } + } + + return TSS_SUCCESS; +} + +/* This routine will handle creating the TSS_PCR_EVENT structures from log + * data produced by an external source. The external source in mind here + * is the log of PCR extends done by the kernel from beneath the TSS + * (via direct calls to the device driver). + */ +TSS_RESULT +TCS_GetExternalPcrEventsByPcr(UINT32 PcrIndex, /* in */ + UINT32 FirstEvent, /* in */ + UINT32 *pEventCount, /* in, out */ + TSS_PCR_EVENT **ppEvents) /* out */ +{ + FILE *log_handle; + char *source; + + if (tcsd_options.kernel_pcrs & (1 << PcrIndex)) { + source = tcsd_options.kernel_log_file; + + if (tcs_event_log->kernel_source != NULL) { + if (tcs_event_log->kernel_source->open((void *)source, &log_handle)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (tcs_event_log->kernel_source->get_entries_by_pcr(log_handle, PcrIndex, + FirstEvent, pEventCount, ppEvents)) { + tcs_event_log->kernel_source->close(log_handle); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + tcs_event_log->kernel_source->close(log_handle); + } else { + LogError("No source for externel kernel events was compiled in, but " + "the tcsd is configured to use one! (see %s)", + tcsd_config_file); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } else if (tcsd_options.firmware_pcrs & (1 << PcrIndex)) { + source = tcsd_options.firmware_log_file; + + if (tcs_event_log->firmware_source != NULL) { + if (tcs_event_log->firmware_source->open((void *)source, &log_handle)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (tcs_event_log->firmware_source->get_entries_by_pcr(log_handle, PcrIndex, + FirstEvent, pEventCount, ppEvents)) { + tcs_event_log->firmware_source->close(log_handle); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + tcs_event_log->firmware_source->close(log_handle); + } else { + LogError("No source for externel firmware events was compiled in, but " + "the tcsd is configured to use one! (see %s)", + tcsd_config_file); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } else { + LogError("PCR index %d not flagged as kernel or firmware controlled.", PcrIndex); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + return TSS_SUCCESS; +} + +TSS_RESULT +TCS_GetPcrEventsByPcr_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 PcrIndex, /* in */ + UINT32 FirstEvent, /* in */ + UINT32 *pEventCount, /* in, out */ + TSS_PCR_EVENT **ppEvents) /* out */ +{ + UINT32 lastEventNumber, i, eventIndex; + TSS_RESULT result; + struct event_wrapper *tmp; + + if ((result = ctx_verify_context(hContext))) + return result; + + if (PcrIndex >= tpm_metrics.num_pcrs) + return TCSERR(TSS_E_BAD_PARAMETER); + + /* if this is a kernel or firmware controlled PCR, call an external routine */ + if ((tcsd_options.kernel_pcrs & (1 << PcrIndex)) || + (tcsd_options.firmware_pcrs & (1 << PcrIndex))) { + MUTEX_LOCK(tcs_event_log->lock); + result = TCS_GetExternalPcrEventsByPcr(PcrIndex, FirstEvent, + pEventCount, ppEvents); + MUTEX_UNLOCK(tcs_event_log->lock); + + return result; + } + + MUTEX_LOCK(tcs_event_log->lock); + + lastEventNumber = get_num_events(PcrIndex); + + MUTEX_UNLOCK(tcs_event_log->lock); + + /* if pEventCount is larger than the number of events to return, just return less. + * *pEventCount will be set to the number returned below. + */ + lastEventNumber = MIN(lastEventNumber, FirstEvent + *pEventCount); + + if (FirstEvent > lastEventNumber) + return TCSERR(TSS_E_BAD_PARAMETER); + + if (lastEventNumber == 0) { + *pEventCount = 0; + *ppEvents = NULL; + return TSS_SUCCESS; + } + + /* FirstEvent is 0 indexed see TSS 1.1b spec section 4.7.2.2.3. That means that + * the following calculation is not off by one. :-) + */ + *ppEvents = calloc((lastEventNumber - FirstEvent), sizeof(TSS_PCR_EVENT)); + if (*ppEvents == NULL) { + LogError("malloc of %zd bytes failed.", + sizeof(TSS_PCR_EVENT) * (lastEventNumber - FirstEvent)); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + MUTEX_LOCK(tcs_event_log->lock); + + tmp = tcs_event_log->lists[PcrIndex]; + + /* move through the list until we get to the first event requested */ + for (i = 0; i < FirstEvent; i++) + tmp = tmp->next; + + /* copy events from the first requested to the last requested */ + for (eventIndex = 0; i < lastEventNumber; eventIndex++, i++) { + copy_pcr_event(&((*ppEvents)[eventIndex]), &(tmp->event)); + tmp = tmp->next; + } + + MUTEX_UNLOCK(tcs_event_log->lock); + + *pEventCount = eventIndex; + + return TSS_SUCCESS; +} + +TSS_RESULT +TCS_GetPcrEventLog_Internal(TCS_CONTEXT_HANDLE hContext,/* in */ + UINT32 *pEventCount, /* out */ + TSS_PCR_EVENT **ppEvents) /* out */ +{ + TSS_RESULT result; + UINT32 i, j, event_count, aggregate_count = 0; + struct event_wrapper *tmp; + TSS_PCR_EVENT *event_list = NULL, *aggregate_list = NULL; + + if ((result = ctx_verify_context(hContext))) + return result; + + MUTEX_LOCK(tcs_event_log->lock); + + /* for each PCR index, if its externally controlled, get the total number of events + * externally, else copy the events from the TCSD list. Then tack that list onto a + * master list to returned. */ + for (i = 0; i < tpm_metrics.num_pcrs; i++) { + if ((tcsd_options.kernel_pcrs & (1 << i)) || + (tcsd_options.firmware_pcrs & (1 << i))) { + /* A kernel or firmware controlled PCR event list */ + event_count = UINT_MAX; + if ((result = TCS_GetExternalPcrEventsByPcr(i, 0, &event_count, + &event_list))) { + LogDebug("Getting External event list for PCR %u failed", i); + free(aggregate_list); + goto error; + } + LogDebug("Retrieved %u events from PCR %u (external)", event_count, i); + } else { + /* A TCSD controlled PCR event list */ + event_count = get_num_events(i); + + if (event_count == 0) + continue; + + if ((event_list = calloc(event_count, sizeof(TSS_PCR_EVENT))) == NULL) { + LogError("malloc of %zd bytes failed", + event_count * sizeof(TSS_PCR_EVENT)); + result = TCSERR(TSS_E_OUTOFMEMORY); + free(aggregate_list); + goto error; + } + + tmp = tcs_event_log->lists[i]; + for (j = 0; j < event_count; j++) { + copy_pcr_event(&event_list[j], &(tmp->event)); + tmp = tmp->next; + } + } + + if (event_count == 0) + continue; + + /* Tack the list onto the aggregate_list */ + aggregate_list = concat_pcr_events(&aggregate_list, aggregate_count, event_list, + event_count); + if (aggregate_list == NULL) { + free(event_list); + result = TCSERR(TSS_E_OUTOFMEMORY); + goto error; + } + aggregate_count += event_count; + free(event_list); + } + + *ppEvents = aggregate_list; + *pEventCount = aggregate_count; + result = TSS_SUCCESS; +error: + MUTEX_UNLOCK(tcs_event_log->lock); + + return result; +} + diff --git a/src/tcs/tcsi_key.c b/src/tcs/tcsi_key.c new file mode 100644 index 0000000..984e046 --- /dev/null +++ b/src/tcs/tcsi_key.c @@ -0,0 +1,388 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsps.h" +#include "req_mgr.h" + + +TSS_RESULT +TCSP_LoadKeyByBlob_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE hUnwrappingKey, /* in */ + UINT32 cWrappedKeyBlobSize, /* in */ + BYTE * rgbWrappedKeyBlob, /* in */ + TPM_AUTH * pAuth, /* in, out */ + TCS_KEY_HANDLE * phKeyTCSI, /* out */ + TCS_KEY_HANDLE * phKeyHMAC) /* out */ +{ + return LoadKeyByBlob_Internal(TPM_ORD_LoadKey, hContext, hUnwrappingKey, + cWrappedKeyBlobSize, rgbWrappedKeyBlob, pAuth, phKeyTCSI, + phKeyHMAC); +} + +TSS_RESULT +TCSP_LoadKey2ByBlob_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE hUnwrappingKey, /* in */ + UINT32 cWrappedKeyBlobSize, /* in */ + BYTE * rgbWrappedKeyBlob, /* in */ + TPM_AUTH * pAuth, /* in, out */ + TCS_KEY_HANDLE * phKeyTCSI) /* out */ +{ + return LoadKeyByBlob_Internal(TPM_ORD_LoadKey2, hContext, hUnwrappingKey, + cWrappedKeyBlobSize, rgbWrappedKeyBlob, pAuth, phKeyTCSI, + NULL); +} + +TSS_RESULT +LoadKeyByBlob_Internal(UINT32 ord, /* The ordinal to use, LoadKey or LoadKey2 */ + TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE hUnwrappingKey, /* in */ + UINT32 cWrappedKeyBlobSize, /* in */ + BYTE * rgbWrappedKeyBlob, /* in */ + TPM_AUTH * pAuth, /* in, out */ + TCS_KEY_HANDLE * phKeyTCSI, /* out */ + TCS_KEY_HANDLE * phKeyHMAC) /* out */ +{ + UINT64 offset; + TSS_RESULT result; + UINT32 paramSize; + TPM_KEY_HANDLE parentSlot, newSlot; + TCS_KEY_HANDLE newHandle = NULL_TCS_HANDLE; + TSS_BOOL canLoad; + TSS_KEY key; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + if ((result = ctx_verify_context(hContext))) + return result; + + LogDebugFn("Enter"); + LogDebugUnrollKey(rgbWrappedKeyBlob); + + if ((result = get_slot(hContext, hUnwrappingKey, &parentSlot))) + return result; + + offset = 0; + memset(&key, 0, sizeof(TSS_KEY)); + if ((result = UnloadBlob_TSS_KEY(&offset, rgbWrappedKeyBlob, &key))) + return result; + + if (!pAuth) { + LogDebugFn("Checking if LoadKeyByBlob can be avoided by using existing key"); + + if ((newHandle = mc_get_handle_by_pub(&key.pubKey, hUnwrappingKey))) { + LogDebugFn("tcs key handle exists"); + + newSlot = mc_get_slot_by_handle(newHandle); + if (newSlot && (isKeyLoaded(newSlot) == TRUE)) { + LogDebugFn("Don't need to reload this key."); + *phKeyTCSI = newHandle; + if (phKeyHMAC) + *phKeyHMAC = newSlot; + return TSS_SUCCESS; + } + } + } + + LogDebugFn("calling canILoadThisKey"); + if ((result = canILoadThisKey(&(key.algorithmParms), &canLoad))) + goto error; + + if (canLoad == FALSE) { + LogDebugFn("calling evictFirstKey"); + /* Evict a key that isn't the parent */ + if ((result = evictFirstKey(hUnwrappingKey))) + goto error; + } + + offset = 0; + if ((result = tpm_rqu_build(ord, &offset, txBlob, parentSlot, cWrappedKeyBlobSize, + rgbWrappedKeyBlob, pAuth, NULL))) + goto error; + + LogDebugFn("Submitting request to the TPM"); + if ((result = req_mgr_submit_req(txBlob))) + goto error; + + if ((result = UnloadBlob_Header(txBlob, ¶mSize))) { + LogDebugFn("UnloadBlob_Header failed: rc=0x%x", result); + goto error; + } + + if ((result = tpm_rsp_parse(ord, txBlob, paramSize, &newSlot, pAuth))) + goto error; + + if ((result = load_key_final(hContext, hUnwrappingKey, &newHandle, rgbWrappedKeyBlob, + newSlot))) + goto error; + + /* Setup the outHandles */ + *phKeyTCSI = newHandle; + if (phKeyHMAC) + *phKeyHMAC = newSlot; + + LogDebugFn("Key handles for loadKeyByBlob slot:%.8X tcshandle:%.8X", newSlot, newHandle); +error: + auth_mgr_release_auth(pAuth, NULL, hContext); + return result; +} + +TSS_RESULT +TCSP_EvictKey_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE hKey) /* in */ +{ + TSS_RESULT result; + TCPA_KEY_HANDLE tpm_handle; + + if ((result = ctx_verify_context(hContext))) + return result; + + tpm_handle = mc_get_slot_by_handle(hKey); + if (tpm_handle == NULL_TPM_HANDLE) + return TSS_SUCCESS; /*let's call this success if the key is already evicted */ + + if ((result = internal_EvictByKeySlot(tpm_handle))) + return result; + + result = mc_set_slot_by_slot(tpm_handle, NULL_TPM_HANDLE); + + return result; +} + +TSS_RESULT +TCSP_CreateWrapKey_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE hWrappingKey, /* in */ + TCPA_ENCAUTH KeyUsageAuth, /* in */ + TCPA_ENCAUTH KeyMigrationAuth, /* in */ + UINT32 keyInfoSize, /* in */ + BYTE * keyInfo, /* in */ + UINT32 * keyDataSize, /* out */ + BYTE ** keyData, /* out */ + TPM_AUTH * pAuth) /* in, out */ +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + TCPA_KEY_HANDLE parentSlot; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering Create Wrap Key"); + + if ((result = ctx_verify_context(hContext))) + goto done; + + if (pAuth) { + if ((result = auth_mgr_check(hContext, &pAuth->AuthHandle))) + goto done; + } + + /* Since hWrappingKey must already be loaded, we can fail immediately if + * mc_get_slot_by_handle_lock() fails.*/ + parentSlot = mc_get_slot_by_handle_lock(hWrappingKey); + if (parentSlot == NULL_TPM_HANDLE) { + result = TCSERR(TSS_E_FAIL); + goto done; + } + + if ((result = tpm_rqu_build(TPM_ORD_CreateWrapKey, &offset, txBlob, parentSlot, + KeyUsageAuth.authdata, KeyMigrationAuth.authdata, keyInfoSize, + keyInfo, pAuth))) + goto done; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_CreateWrapKey, txBlob, paramSize, keyDataSize, + keyData, pAuth); + } + LogResult("Create Wrap Key", result); + +done: + auth_mgr_release_auth(pAuth, NULL, hContext); + return result; +} + +TSS_RESULT +TCSP_GetPubKey_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE hKey, /* in */ + TPM_AUTH * pAuth, /* in, out */ + UINT32 * pcPubKeySize, /* out */ + BYTE ** prgbPubKey) /* out */ +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + TCPA_KEY_HANDLE keySlot; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering Get pub key"); + if ((result = ctx_verify_context(hContext))) + goto done; + + if (pAuth != NULL) { + LogDebug("Auth Used"); + if ((result = auth_mgr_check(hContext, &pAuth->AuthHandle))) + goto done; + } else { + LogDebug("No Auth"); + } + + if (ensureKeyIsLoaded(hContext, hKey, &keySlot)) { + result = TCSERR(TCS_E_KM_LOADFAILED); + goto done; + } + + LogDebug("GetPubKey: handle: 0x%x, slot: 0x%x", hKey, keySlot); + if ((result = tpm_rqu_build(TPM_ORD_GetPubKey, &offset, txBlob, keySlot, pAuth))) + goto done; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + offset = 10; + result = UnloadBlob_Header(txBlob, ¶mSize); + + if (!result) { + result = tpm_rsp_parse(TPM_ORD_GetPubKey, txBlob, paramSize, pcPubKeySize, + prgbPubKey, pAuth); + } + LogResult("Get Public Key", result); +done: + auth_mgr_release_auth(pAuth, NULL, hContext); + return result; +} + +TSS_RESULT +TCSP_OwnerReadInternalPub_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE hKey, /* in */ + TPM_AUTH * pOwnerAuth, /* in, out */ + UINT32 * punPubKeySize, /* out */ + BYTE ** ppbPubKeyData) /* out */ +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering OwnerReadInternalPub"); + if ((result = ctx_verify_context(hContext))) + goto done; + + LogDebug("OwnerReadInternalPub: handle: 0x%x", hKey); + if (hKey != TPM_KH_SRK && hKey != TPM_KH_EK) { + result = TCSERR(TSS_E_FAIL); + LogDebug("OwnerReadInternalPub - Unsupported Key Handle"); + goto done; + } + + if ((result = auth_mgr_check(hContext, &pOwnerAuth->AuthHandle))) + goto done; + + if ((result = tpm_rqu_build(TPM_ORD_OwnerReadInternalPub, &offset, txBlob, hKey, + pOwnerAuth))) + goto done; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_OwnerReadInternalPub, txBlob, paramSize, + punPubKeySize, ppbPubKeyData, pOwnerAuth); + } + LogResult("OwnerReadInternalPub", result); +done: + auth_mgr_release_auth(pOwnerAuth, NULL, hContext); + return result; +} + +TSS_RESULT +TCSP_KeyControlOwner_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE hTcsKey, /* in */ + UINT32 ulPubKeyLength, /* in */ + BYTE* rgbPubKey, /* in */ + UINT32 attribName, /* in */ + TSS_BOOL attribValue, /* in */ + TPM_AUTH* pOwnerAuth, /* in,out */ + TSS_UUID* pUuidData) /* out */ +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + TPM_KEY_HANDLE hTpmKey; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebugFn("Enter"); + if ((result = ctx_verify_context(hContext))) { + LogDebug("Invalid TSS Context"); + goto done; + } + + if ((result = get_slot_lite(hContext, hTcsKey, &hTpmKey))) { + LogDebug("Can't get TPM Keyhandle for TCS key 0x%x", hTcsKey); + goto done; + } + LogDebugFn("TCS hKey=0x%x, TPM hKey=0x%x", hTcsKey, hTpmKey); + + if ((result = auth_mgr_check(hContext, &pOwnerAuth->AuthHandle))) { + LogDebug("Owner Authentication failed"); + goto done; + } + + if ((result = mc_find_next_ownerevict_uuid(pUuidData))) { + LogDebugFn("mc_find_next_ownerevict_uuid failed: rc=0x%x", result); + goto done; + } + + if ((result = tpm_rqu_build(TPM_ORD_KeyControlOwner, &offset, txBlob, hTpmKey, + ulPubKeyLength, rgbPubKey, attribName, attribValue, + pOwnerAuth))) { + LogDebugFn("rqu build failed"); + goto done; + } + + if ((result = req_mgr_submit_req(txBlob))) { + LogDebugFn("Request submission failed"); + goto done; + } + + if ((result = UnloadBlob_Header(txBlob, ¶mSize))) { + LogDebugFn("UnloadBlob_Header failed: rc=0x%x", result); + goto done; + } + + if ((result = tpm_rsp_parse(TPM_ORD_KeyControlOwner, txBlob, paramSize, pOwnerAuth))) { + LogDebugFn("tpm_rsp_parse failed: rc=0x%x", result); + goto done; + } + + if ((result = mc_set_uuid(hTcsKey, pUuidData))){ + LogDebugFn("mc_set_uuid failed: rc=0x%x", result); + goto done; + } + + LogResult("KeyControlOwner", result); +done: + auth_mgr_release_auth(pOwnerAuth, NULL, hContext); + return result; +} + diff --git a/src/tcs/tcsi_maint.c b/src/tcs/tcsi_maint.c new file mode 100644 index 0000000..fea756d --- /dev/null +++ b/src/tcs/tcsi_maint.c @@ -0,0 +1,197 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcsps.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "req_mgr.h" +#include "tcsd_wrap.h" +#include "tcsd.h" + +TSS_RESULT +TCSP_CreateMaintenanceArchive_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TSS_BOOL generateRandom, /* in */ + TPM_AUTH * ownerAuth, /* in, out */ + UINT32 * randomSize, /* out */ + BYTE ** random, /* out */ + UINT32 * archiveSize, /* out */ + BYTE ** archive) /* out */ +{ + TSS_RESULT result; + UINT32 paramSize; + UINT64 offset = 0; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Create Main Archive"); + + if ((result = ctx_verify_context(hContext))) + goto done; + + if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) + goto done; + + if ((result = tpm_rqu_build(TPM_ORD_CreateMaintenanceArchive, &offset, txBlob, + generateRandom, ownerAuth))) + goto done; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_CreateMaintenanceArchive, txBlob, paramSize, + randomSize, random, archiveSize, archive, ownerAuth); + } + LogResult("Create Main Archive", result); +done: + auth_mgr_release_auth(ownerAuth, NULL, hContext); + return result; +} + +TSS_RESULT +TCSP_LoadMaintenanceArchive_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 dataInSize, /* in */ + BYTE * dataIn, /* in */ + TPM_AUTH * ownerAuth, /* in, out */ + UINT32 * dataOutSize, /* out */ + BYTE ** dataOut) /* out */ +{ + TSS_RESULT result; + UINT32 paramSize; + UINT64 offset = 0; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Load Maint Archive"); + + if ((result = ctx_verify_context(hContext))) + goto done; + + if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) + goto done; + + if ((result = tpm_rqu_build(TPM_ORD_LoadMaintenanceArchive, &offset, txBlob, dataInSize, + dataInSize, dataIn, ownerAuth, NULL))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_LoadMaintenanceArchive, txBlob, paramSize, + dataOutSize, dataOut, ownerAuth, NULL); + } + LogResult("Load Maint Archive", result); +done: + auth_mgr_release_auth(ownerAuth, NULL, hContext); + return result; +} + +TSS_RESULT +TCSP_KillMaintenanceFeature_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TPM_AUTH * ownerAuth) /* in, out */ +{ + TSS_RESULT result; + UINT32 paramSize; + UINT64 offset = 0; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + if ((result = ctx_verify_context(hContext))) + goto done; + + if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) + goto done; + + if ((result = tpm_rqu_build(TPM_ORD_KillMaintenanceFeature, &offset, txBlob, ownerAuth))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + + if (!result) { + result = tpm_rsp_parse(TPM_ORD_KillMaintenanceFeature, txBlob, paramSize, + ownerAuth); + } +done: + auth_mgr_release_auth(ownerAuth, NULL, hContext); + return result; +} + +TSS_RESULT +TCSP_LoadManuMaintPub_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_NONCE antiReplay, /* in */ + UINT32 PubKeySize, /* in */ + BYTE * PubKey, /* in */ + TCPA_DIGEST * checksum) /* out */ +{ + TSS_RESULT result; + UINT32 paramSize; + UINT64 offset = 0; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering Load Manu Maint Pub"); + + if ((result = tpm_rqu_build(TPM_ORD_LoadManuMaintPub, &offset, txBlob, TPM_NONCE_SIZE, + antiReplay.nonce, PubKeySize, PubKey, NULL))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + return result; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_LoadManuMaintPub, txBlob, paramSize, NULL, + checksum->digest); + } + LogResult("Load Manu Maint Pub", result); + return result; +} + +TSS_RESULT +TCSP_ReadManuMaintPub_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_NONCE antiReplay, /* in */ + TCPA_DIGEST * checksum) /* out */ +{ + TSS_RESULT result; + UINT32 paramSize; + UINT64 offset = 0; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering Read Manu Maint Pub"); + + if ((result = tpm_rqu_build(TPM_ORD_ReadManuMaintPub, &offset, txBlob, TPM_NONCE_SIZE, + antiReplay.nonce))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + return result; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_ReadManuMaintPub, txBlob, paramSize, NULL, + checksum->digest); + } + LogResult("Read Manu Maint Pub", result); + return result; +} + diff --git a/src/tcs/tcsi_migration.c b/src/tcs/tcsi_migration.c new file mode 100644 index 0000000..8467f02 --- /dev/null +++ b/src/tcs/tcsi_migration.c @@ -0,0 +1,217 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcsps.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "req_mgr.h" +#include "tcsd_wrap.h" +#include "tcsd.h" + +TSS_RESULT +TCSP_CreateMigrationBlob_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE parentHandle, /* in */ + TSS_MIGRATE_SCHEME migrationType, /* in */ + UINT32 MigrationKeyAuthSize, /* in */ + BYTE * MigrationKeyAuth, /* in */ + UINT32 encDataSize, /* in */ + BYTE * encData, /* in */ + TPM_AUTH * parentAuth, /* in, out */ + TPM_AUTH * entityAuth, /* in, out */ + UINT32 * randomSize, /* out */ + BYTE ** random, /* out */ + UINT32 * outDataSize, /* out */ + BYTE ** outData) /* out */ +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + TCPA_KEY_HANDLE keyHandle; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering TPM_CreateMigrationBlob"); + + if ((result = ctx_verify_context(hContext))) + goto done; + + if (parentAuth != NULL) { + if ((result = auth_mgr_check(hContext, &parentAuth->AuthHandle))) + goto done; + } + + if ((result = auth_mgr_check(hContext, &entityAuth->AuthHandle))) + goto done; + + if ((result = ensureKeyIsLoaded(hContext, parentHandle, &keyHandle))) + goto done; + + switch (migrationType) { + case TSS_MS_MIGRATE: + migrationType = TCPA_MS_MIGRATE; + break; + case TSS_MS_REWRAP: + migrationType = TCPA_MS_REWRAP; + break; + case TSS_MS_MAINT: + migrationType = TCPA_MS_MAINT; + break; + default: + /* Let the TPM return an error */ + break; + } + + if ((result = tpm_rqu_build(TPM_ORD_CreateMigrationBlob, &offset, txBlob, keyHandle, + migrationType, MigrationKeyAuthSize, MigrationKeyAuth, + encDataSize, encData, parentAuth, entityAuth))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (result == TSS_SUCCESS) { + result = tpm_rsp_parse(TPM_ORD_CreateMigrationBlob, txBlob, paramSize, randomSize, + random, outDataSize, outData, parentAuth, entityAuth); + } + LogResult("TPM_CreateMigrationBlob", result); + +done: + auth_mgr_release_auth(entityAuth, parentAuth, hContext); + return result; +} + +TSS_RESULT +TCSP_ConvertMigrationBlob_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE parentHandle, /* in */ + UINT32 inDataSize, /* in */ + BYTE * inData, /* in */ + UINT32 randomSize, /* in */ + BYTE * random, /* in */ + TPM_AUTH * parentAuth, /* in, out */ + UINT32 * outDataSize, /* out */ + BYTE ** outData) /* out */ +{ + TSS_RESULT result; + UINT32 paramSize; + UINT64 offset = 0; + TCPA_KEY_HANDLE keySlot; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("ConvertMigBlob"); + if ((result = ctx_verify_context(hContext))) + goto done; + + if (parentAuth != NULL) { + LogDebug("Auth Used"); + if ((result = auth_mgr_check(hContext, &parentAuth->AuthHandle))) + goto done; + } else { + LogDebug("No Auth"); + } + if ((result = ensureKeyIsLoaded(hContext, parentHandle, &keySlot))) + goto done; + + if ((result = tpm_rqu_build(TPM_ORD_ConvertMigrationBlob, &offset, txBlob, keySlot, + inDataSize, inData, randomSize, random, parentAuth))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + offset = 10; + result = UnloadBlob_Header(txBlob, ¶mSize); + + if (!result) { + result = tpm_rsp_parse(TPM_ORD_ConvertMigrationBlob, txBlob, paramSize, outDataSize, + outData, parentAuth, NULL); + } + LogResult("***Leaving ConvertMigrationBlob with result ", result); +done: + auth_mgr_release_auth(parentAuth, NULL, hContext); + return result; +} + +TSS_RESULT +TCSP_AuthorizeMigrationKey_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TSS_MIGRATE_SCHEME migrateScheme, /* in */ + UINT32 MigrationKeySize, /* in */ + BYTE * MigrationKey, /* in */ + TPM_AUTH * ownerAuth, /* in, out */ + UINT32 * MigrationKeyAuthSize, /* out */ + BYTE ** MigrationKeyAuth) /* out */ +{ + + TSS_RESULT result; + UINT32 paramSize; + UINT64 offset = 0; + //TCPA_MIGRATIONKEYAUTH container; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("TCSP_AuthorizeMigrationKey"); + if ((result = ctx_verify_context(hContext))) + goto done; + + if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) + goto done; + + switch (migrateScheme) { + case TSS_MS_MIGRATE: + migrateScheme = TCPA_MS_MIGRATE; + break; + case TSS_MS_REWRAP: + migrateScheme = TCPA_MS_REWRAP; + break; + case TSS_MS_MAINT: + migrateScheme = TCPA_MS_MAINT; + break; +#ifdef TSS_BUILD_CMK + case TSS_MS_RESTRICT_MIGRATE: + migrateScheme = TPM_MS_RESTRICT_MIGRATE; + break; + + case TSS_MS_RESTRICT_APPROVE_DOUBLE: + migrateScheme = TPM_MS_RESTRICT_APPROVE_DOUBLE; + break; +#endif + default: + /* Let the TPM return an error */ + break; + } + + if ((result = tpm_rqu_build(TPM_ORD_AuthorizeMigrationKey, &offset, txBlob, migrateScheme, + MigrationKeySize, MigrationKey, ownerAuth))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_AuthorizeMigrationKey, txBlob, paramSize, + MigrationKeyAuthSize, MigrationKeyAuth, ownerAuth); + } + LogDebugFn("TPM_AuthorizeMigrationKey result: 0x%x", result); +done: + auth_mgr_release_auth(ownerAuth, NULL, hContext); + return result; + +} + diff --git a/src/tcs/tcsi_nv.c b/src/tcs/tcsi_nv.c new file mode 100644 index 0000000..cd88f20 --- /dev/null +++ b/src/tcs/tcsi_nv.c @@ -0,0 +1,242 @@ + +/* + * The Initial Developer of the Original Code is Intel Corporation. + * Portions created by Intel Corporation are Copyright (C) 2007 Intel Corporation. + * All Rights Reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the Common Public License as published by + * IBM Corporation; either version 1 of the License, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * Common Public License for more details. + * + * You should have received a copy of the Common Public License + * along with this program; if not, a copy can be viewed at + * http://www.opensource.org/licenses/cpl1.0.php. + * + * trousers - An open source TCG Software Stack + * + * Author: james.xu@intel.com Rossey.liu@intel.com + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcsps.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "req_mgr.h" +#include "tcsd_wrap.h" +#include "tcsd.h" + +TSS_RESULT +TCSP_NV_DefineOrReleaseSpace_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 cPubInfoSize, /* in */ + BYTE* pPubInfo, /* in */ + TPM_ENCAUTH encAuth, /* in */ + TPM_AUTH* pAuth) /* in, out */ +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebugFn("Enter"); + if ((result = ctx_verify_context(hContext))) + return result; + + if (pAuth) { + if ((result = auth_mgr_check(hContext, &pAuth->AuthHandle))) + goto done; + } + + if ((result = tpm_rqu_build(TPM_ORD_NV_DefineSpace, &offset, txBlob, cPubInfoSize, pPubInfo, + TPM_ENCAUTH_SIZE, encAuth.authdata, pAuth))) + return result; + + LogDebug("req_mgr_submit_req (oldOffset=%" PRIu64 ")", offset); + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + LogDebug("UnloadBlob (paramSize=%u) result=%u", paramSize, result); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_NV_DefineSpace, txBlob, paramSize, pAuth); + } +done: + LogDebug("Leaving DefineSpace with result:%u", result); + auth_mgr_release_auth(pAuth, NULL, hContext); + return result; +} + +TSS_RESULT +TCSP_NV_WriteValue_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TSS_NV_INDEX hNVStore, /* in */ + UINT32 offset, /* in */ + UINT32 ulDataLength, /* in */ + BYTE * rgbDataToWrite, /* in */ + TPM_AUTH * privAuth) /* in, out */ +{ + UINT64 off_set = 0; + UINT32 paramSize; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebugFn("Enter"); + if ( (result = ctx_verify_context(hContext))) + return result; + if (privAuth) { + if ((result = auth_mgr_check(hContext, &privAuth->AuthHandle))) + goto done; + } + + if ((result = tpm_rqu_build(TPM_ORD_NV_WriteValue, &off_set, txBlob, hNVStore, offset, + ulDataLength, rgbDataToWrite, privAuth))) + return result; + + LogDebug("req_mgr_submit_req (oldOffset=%" PRIu64 ")", off_set); + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + LogDebug("UnloadBlob (paramSize=%u) result=%u", paramSize, result); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_NV_WriteValue, txBlob, paramSize, privAuth); + } +done: + LogDebug("Leaving NVWriteValue with result:%u", result); + auth_mgr_release_auth(privAuth, NULL, hContext); + return result; +} + +TSS_RESULT +TCSP_NV_WriteValueAuth_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TSS_NV_INDEX hNVStore, /* in */ + UINT32 offset, /* in */ + UINT32 ulDataLength, /* in */ + BYTE * rgbDataToWrite, /* in */ + TPM_AUTH * NVAuth) /* in, out */ +{ + UINT64 off_set = 0; + UINT32 paramSize; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebugFn("Enter"); + if ((result = ctx_verify_context(hContext))) + return result; + if ((result = auth_mgr_check(hContext, &NVAuth->AuthHandle))) + goto done; + + if ((result = tpm_rqu_build(TPM_ORD_NV_WriteValueAuth, &off_set, txBlob, hNVStore, offset, + ulDataLength, rgbDataToWrite, NVAuth))) + return result; + + LogDebug("req_mgr_submit_req (oldOffset=%" PRIu64 ")", off_set); + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + LogDebug("UnloadBlob (paramSize=%u) result=%u", paramSize, result); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_NV_WriteValueAuth, txBlob, paramSize, NVAuth); + } +done: + LogDebug("Leaving NVWriteValueAuth with result:%u", result); + auth_mgr_release_auth(NVAuth, NULL, hContext); + return result; +} + +TSS_RESULT +TCSP_NV_ReadValue_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TSS_NV_INDEX hNVStore, /* in */ + UINT32 offset, /* in */ + UINT32 * pulDataLength, /* in, out */ + TPM_AUTH * privAuth, /* in, out */ + BYTE ** rgbDataRead) /* out */ +{ + UINT64 off_set = 0; + UINT32 paramSize; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebugFn("Enter"); + if ((result = ctx_verify_context(hContext))) + return result; + + if (privAuth) { + if ((result = auth_mgr_check(hContext, &privAuth->AuthHandle))) + goto done; + } + + if ((result = tpm_rqu_build(TPM_ORD_NV_ReadValue, &off_set, txBlob, hNVStore, offset, + *pulDataLength, privAuth))) + return result; + + LogDebug("req_mgr_submit_req (oldOffset=%" PRIu64 ")", off_set); + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + LogDebug("UnloadBlob (paramSize=%u) result=%u", paramSize, result); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_NV_ReadValue, txBlob, paramSize, pulDataLength, + rgbDataRead, privAuth, NULL); + } +done: + LogDebug("Leaving NVReadValue with result:%u", result); + auth_mgr_release_auth(privAuth, NULL, hContext); + return result; +} + +TSS_RESULT +TCSP_NV_ReadValueAuth_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TSS_NV_INDEX hNVStore, /* in */ + UINT32 offset, /* in */ + UINT32 * pulDataLength, /* in, out */ + TPM_AUTH * NVAuth, /* in, out */ + BYTE ** rgbDataRead) /* out */ +{ + UINT64 off_set = 0; + UINT32 paramSize; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebugFn("Enter"); + if ((result = ctx_verify_context(hContext))) + return result; + if ((result = auth_mgr_check(hContext, &NVAuth->AuthHandle))) + goto done; + + if ((result = tpm_rqu_build(TPM_ORD_NV_ReadValueAuth, &off_set, txBlob, hNVStore, offset, + *pulDataLength, NVAuth))) + return result; + + LogDebug("req_mgr_submit_req (oldOffset=%" PRIu64 ")", off_set); + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + LogDebug("UnloadBlob (paramSize=%u) result=%u", paramSize, result); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_NV_ReadValueAuth, txBlob, paramSize, pulDataLength, + rgbDataRead, NVAuth, NULL); + } +done: + LogDebug("Leaving NVReadValueAuth with result:%u", result); + auth_mgr_release_auth(NVAuth, NULL, hContext); + return result; +} + diff --git a/src/tcs/tcsi_oper.c b/src/tcs/tcsi_oper.c new file mode 100644 index 0000000..eee6c76 --- /dev/null +++ b/src/tcs/tcsi_oper.c @@ -0,0 +1,49 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_utils.h" +#include "tcslog.h" +#include "req_mgr.h" + +TSS_RESULT +TCSP_SetOperatorAuth_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_SECRET *operatorAuth) /* in */ +{ + TSS_RESULT result; + UINT64 offset = 0; + UINT32 paramSize; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebugFn("Enter"); + + if ((result = ctx_verify_context(hContext))) + return result; + + if ((result = tpm_rqu_build(TPM_ORD_SetOperatorAuth, &offset, txBlob, TPM_AUTHDATA_SIZE, + operatorAuth->authdata))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + + LogResult("SetOperatorAuth", result); +done: + return result; +} + diff --git a/src/tcs/tcsi_own.c b/src/tcs/tcsi_own.c new file mode 100644 index 0000000..48361d4 --- /dev/null +++ b/src/tcs/tcsi_own.c @@ -0,0 +1,169 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsps.h" +#include "req_mgr.h" + + +TSS_RESULT +TCSP_TakeOwnership_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT16 protocolID, /* in */ + UINT32 encOwnerAuthSize, /* in */ + BYTE * encOwnerAuth, /* in */ + UINT32 encSrkAuthSize, /* in */ + BYTE * encSrkAuth, /* in */ + UINT32 srkInfoSize, /*in */ + BYTE * srkInfo, /*in */ + TPM_AUTH * ownerAuth, /* in, out */ + UINT32 * srkKeySize, /*out */ + BYTE ** srkKey) /*out */ +{ + UINT64 offset; + UINT32 paramSize; + TSS_RESULT result; + TSS_KEY srkKeyContainer; + BYTE fake_pubkey[256] = { 0, }, fake_srk[2048] = { 0, }; + BYTE oldAuthDataUsage; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + if ((result = ctx_verify_context(hContext))) + goto done; + + if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) + goto done; + + /* Check on the Atmel Bug Patch */ + offset = 0; + UnloadBlob_TSS_KEY(&offset, srkInfo, &srkKeyContainer); + oldAuthDataUsage = srkKeyContainer.authDataUsage; + LogDebug("auth data usage is %.2X", oldAuthDataUsage); + + offset = 0; + if ((result = tpm_rqu_build(TPM_ORD_TakeOwnership, &offset, txBlob, protocolID, + encOwnerAuthSize, encOwnerAuth, encSrkAuthSize, encSrkAuth, + srkInfoSize, srkInfo, ownerAuth))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + if ((result = tpm_rsp_parse(TPM_ORD_TakeOwnership, txBlob, paramSize, srkKeySize, + srkKey, ownerAuth))) + goto done; + + offset = 0; + if ((result = UnloadBlob_TSS_KEY(&offset, *srkKey, &srkKeyContainer))) { + *srkKeySize = 0; + free(*srkKey); + goto done; + } + + if (srkKeyContainer.authDataUsage != oldAuthDataUsage) { + LogDebug("AuthDataUsage was changed by TPM. Atmel Bug. Fixing it in PS"); + srkKeyContainer.authDataUsage = oldAuthDataUsage; + } + +#ifdef TSS_BUILD_PS + { + BYTE *save; + + /* Once the key file is created, it stays forever. There could be + * migratable keys in the hierarchy that are still useful to someone. + */ + result = ps_remove_key(&SRK_UUID); + if (result != TSS_SUCCESS && result != TCSERR(TSS_E_PS_KEY_NOTFOUND)) { + destroy_key_refs(&srkKeyContainer); + LogError("Error removing SRK from key file."); + *srkKeySize = 0; + free(*srkKey); + goto done; + } + + /* Set the SRK pubkey to all 0's before writing the SRK to disk, this is for + * privacy reasons as outlined in the TSS spec */ + save = srkKeyContainer.pubKey.key; + srkKeyContainer.pubKey.key = fake_pubkey; + offset = 0; + LoadBlob_TSS_KEY(&offset, fake_srk, &srkKeyContainer); + + if ((result = ps_write_key(&SRK_UUID, &NULL_UUID, NULL, 0, fake_srk, + offset))) { + destroy_key_refs(&srkKeyContainer); + LogError("Error writing SRK to disk"); + *srkKeySize = 0; + free(*srkKey); + goto done; + } + + srkKeyContainer.pubKey.key = save; + } +#endif + if ((result = mc_add_entry_init(SRK_TPM_HANDLE, SRK_TPM_HANDLE, &srkKeyContainer, + &SRK_UUID))) { + destroy_key_refs(&srkKeyContainer); + LogError("Error creating SRK mem cache entry"); + *srkKeySize = 0; + free(*srkKey); + } + destroy_key_refs(&srkKeyContainer); + } + LogResult("TakeOwnership", result); +done: + auth_mgr_release_auth(ownerAuth, NULL, hContext); + return result; +} + +TSS_RESULT +TCSP_OwnerClear_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TPM_AUTH * ownerAuth) /* in, out */ +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering OwnerClear"); + + if ((result = ctx_verify_context(hContext))) + goto done; + + if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) + goto done; + + if ((result = tpm_rqu_build(TPM_ORD_OwnerClear, &offset, txBlob, ownerAuth))) + goto done; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_OwnerClear, txBlob, paramSize, ownerAuth); + } + LogResult("Ownerclear", result); +done: + auth_mgr_release_auth(ownerAuth, NULL, hContext); + return result; +} + diff --git a/src/tcs/tcsi_pcr.c b/src/tcs/tcsi_pcr.c new file mode 100644 index 0000000..2cb97e3 --- /dev/null +++ b/src/tcs/tcsi_pcr.c @@ -0,0 +1,134 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * (C) Christian Kummer 2007 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcsps.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "req_mgr.h" +#include "tcsd_wrap.h" +#include "tcsd.h" + + +TSS_RESULT +TCSP_Extend_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_PCRINDEX pcrNum, /* in */ + TCPA_DIGEST inDigest, /* in */ + TCPA_PCRVALUE * outDigest) /* out */ +{ + UINT64 offset = 0; + TSS_RESULT result; + UINT32 paramSize; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering Extend"); + if ((result = ctx_verify_context(hContext))) + return result; + + /* PCRs are numbered 0 - (NUM_PCRS - 1), thus the >= */ + if (pcrNum >= tpm_metrics.num_pcrs) + return TCSERR(TSS_E_BAD_PARAMETER); + + if (tcsd_options.kernel_pcrs & (1 << pcrNum)) { + LogInfo("PCR %d is configured to be kernel controlled. Extend request denied.", + pcrNum); + return TCSERR(TSS_E_FAIL); + } + + if (tcsd_options.firmware_pcrs & (1 << pcrNum)) { + LogInfo("PCR %d is configured to be firmware controlled. Extend request denied.", + pcrNum); + return TCSERR(TSS_E_FAIL); + } + + if ((result = tpm_rqu_build(TPM_ORD_Extend, &offset, txBlob, pcrNum, TPM_DIGEST_SIZE, + inDigest.digest, NULL, NULL))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + return result; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_Extend, txBlob, paramSize, NULL, outDigest->digest); + } + LogResult("Extend", result); + return result; +} + +TSS_RESULT +TCSP_PcrRead_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_PCRINDEX pcrNum, /* in */ + TCPA_PCRVALUE * outDigest) /* out */ +{ + UINT64 offset = 0; + TSS_RESULT result; + UINT32 paramSize; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering PCRRead"); + + if ((result = ctx_verify_context(hContext))) + return result; + + /* PCRs are numbered 0 - (NUM_PCRS - 1), thus the >= */ + if (pcrNum >= tpm_metrics.num_pcrs) + return TCSERR(TSS_E_BAD_PARAMETER); + + if ((result = tpm_rqu_build(TPM_ORD_PcrRead, &offset, txBlob, pcrNum, NULL))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + return result; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_PcrRead, txBlob, paramSize, NULL, outDigest->digest); + } + LogResult("PCR Read", result); + return result; +} + +TSS_RESULT +TCSP_PcrReset_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 pcrDataSizeIn, /* in */ + BYTE * pcrDataIn) /* in */ +{ + UINT64 offset = 0; + TSS_RESULT result; + UINT32 paramSize; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering PCRReset"); + + if ((result = ctx_verify_context(hContext))) + return result; + + if ((result = tpm_rqu_build(TPM_ORD_PCR_Reset, &offset, txBlob, pcrDataSizeIn, pcrDataIn))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + return result; + + result = UnloadBlob_Header(txBlob, ¶mSize); + LogResult("PCR Reset", result); + return result; +} diff --git a/src/tcs/tcsi_ps.c b/src/tcs/tcsi_ps.c new file mode 100644 index 0000000..87db219 --- /dev/null +++ b/src/tcs/tcsi_ps.c @@ -0,0 +1,636 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsps.h" + +TSS_RESULT +TCS_RegisterKey_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TSS_UUID *WrappingKeyUUID, /* in */ + TSS_UUID *KeyUUID, /* in */ + UINT32 cKeySize, /* in */ + BYTE * rgbKey, /* in */ + UINT32 cVendorData, /* in */ + BYTE * gbVendorData) /* in */ +{ + TSS_RESULT result; + TSS_BOOL is_reg; + + if ((result = ctx_verify_context(hContext))) + return result; + + /* Check if key is already regisitered */ + if (isUUIDRegistered(KeyUUID, &is_reg) != TSS_SUCCESS) { + LogError("Failed checking if UUID is registered."); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (is_reg == TRUE || TSS_UUID_IS_OWNEREVICT(KeyUUID)) { + LogDebug("UUID is already registered"); + return TCSERR(TSS_E_KEY_ALREADY_REGISTERED); + } + + LogDebugUnrollKey(rgbKey); + + /* Go ahead and store it in system persistant storage */ + if ((result = ps_write_key(KeyUUID, WrappingKeyUUID, gbVendorData, cVendorData, rgbKey, + cKeySize))) { + LogError("Error writing key to file"); + return result; + } + + return TSS_SUCCESS; +} + +TSS_RESULT +TCS_UnregisterKey_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TSS_UUID KeyUUID) /* in */ +{ + TSS_RESULT result; + + if ((result = ctx_verify_context(hContext))) + return result; + + return ps_remove_key(&KeyUUID); +} + +TSS_RESULT +TCS_EnumRegisteredKeys_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TSS_UUID * pKeyUUID, /* in */ + UINT32 * pcKeyHierarchySize, /* out */ + TSS_KM_KEYINFO ** ppKeyHierarchy) /* out */ +{ + TSS_RESULT result = TSS_SUCCESS; + UINT32 count = 0, i; + TSS_KM_KEYINFO *ret = NULL; + TSS_UUID tmp_uuid; + struct key_disk_cache *disk_ptr, *tmp_ptrs[MAX_KEY_CHILDREN]; + struct key_mem_cache *mem_ptr; + TSS_BOOL is_reg = FALSE; + + LogDebug("Enum Reg Keys"); + + if (pcKeyHierarchySize == NULL || ppKeyHierarchy == NULL) + return TCSERR(TSS_E_BAD_PARAMETER); + + if ((result = ctx_verify_context(hContext))) + return result; + + if (pKeyUUID != NULL) { + /* First have to verify the key is registered */ + if ((result = isUUIDRegistered(pKeyUUID, &is_reg))) + return result; + + if (is_reg == FALSE) { + /* This return code is not listed as possible in the TSS 1.1 spec, + * but it makes more sense than just TCS_SUCCESS or TSS_E_FAIL */ + return TCSERR(TSS_E_PS_KEY_NOTFOUND); + } + } + + /* this entire operation needs to be atomic wrt registered keys. We must + * lock the mem cache as well to test if a given key is loaded. */ + MUTEX_LOCK(disk_cache_lock); + MUTEX_LOCK(mem_cache_lock); + + /* return an array of all registered keys if pKeyUUID == NULL */ + if (pKeyUUID == NULL) { + /* determine the number of registered keys */ + for (disk_ptr = key_disk_cache_head; disk_ptr; disk_ptr = disk_ptr->next) { + if (disk_ptr->flags & CACHE_FLAG_VALID) + count++; + } + + /* malloc a structure for each of them */ + if (count != 0) { + ret = calloc(count, sizeof(TSS_KM_KEYINFO)); + if (ret == NULL) { + LogError("malloc of %zd bytes failed.", + (count * sizeof(TSS_KM_KEYINFO))); + count = 0; + result = TCSERR(TSS_E_OUTOFMEMORY); + goto done; + } + } else { + goto done; + } + + /* fill out the structure for each key */ + i = 0; + for (disk_ptr = key_disk_cache_head; disk_ptr; disk_ptr = disk_ptr->next) { + if (disk_ptr->flags & CACHE_FLAG_VALID) { + /* look for a mem cache entry to check if its loaded */ + for (mem_ptr = key_mem_cache_head; mem_ptr; mem_ptr = mem_ptr->next) { + if (!memcmp(&mem_ptr->uuid, &disk_ptr->uuid, sizeof(TSS_UUID))) { + if ((result = fill_key_info(disk_ptr, mem_ptr, &ret[i]))) { + free(ret); + ret = NULL; + count = 0; + goto done; + } + break; + } + } + /* if there is no mem cache entry for this key, go ahead and call + * fill_key_info(), it will pull everything from disk */ + if (mem_ptr == NULL) { + if ((result = fill_key_info(disk_ptr, NULL, &ret[i]))) { + free(ret); + ret = NULL; + count = 0; + goto done; + } + } + i++; + } + } + } else { + /* return a chain of a key and its parents up to the SRK */ + /* determine the number of keys in the chain */ + memcpy(&tmp_uuid, pKeyUUID, sizeof(TSS_UUID)); + disk_ptr = key_disk_cache_head; + while (disk_ptr != NULL && count < MAX_KEY_CHILDREN) + { + if (disk_ptr->flags & CACHE_FLAG_VALID && + !memcmp(&disk_ptr->uuid, &tmp_uuid, sizeof(TSS_UUID))) + { + /* increment count, then search for the parent */ + count++; + /* save a pointer to this cache entry */ + tmp_ptrs[count - 1] = disk_ptr; + /* if the parent of this key is NULL, we're at the root of the tree */ + if (!memcmp(&disk_ptr->parent_uuid, &NULL_UUID, sizeof(TSS_UUID))) + break; + /* overwrite tmp_uuid with the parent, which we will now search for */ + memcpy(&tmp_uuid, &disk_ptr->parent_uuid, sizeof(TSS_UUID)); + disk_ptr = key_disk_cache_head; + continue; + } + disk_ptr = disk_ptr->next; + } + /* when we reach this point, we have an array of TSS_UUID's that leads from the + * requested key up to the SRK*/ + + /* malloc a structure for each of them */ + if (count != 0) { + ret = calloc(count, sizeof(TSS_KM_KEYINFO)); + if (ret == NULL) { + LogError("malloc of %zd bytes failed.", + (count * sizeof(TSS_KM_KEYINFO))); + count = 0; + result = TCSERR(TSS_E_OUTOFMEMORY); + goto done; + } + } else { + goto done; + } + + for (i = 0; i < count; i++) { + /* look for a mem cache entry to check if its loaded */ + for (mem_ptr = key_mem_cache_head; mem_ptr; mem_ptr = mem_ptr->next) { + if (!memcmp(&mem_ptr->uuid, &tmp_ptrs[i]->uuid, sizeof(TSS_UUID))) { + if ((result = fill_key_info(tmp_ptrs[i], mem_ptr, &ret[i]))) { + free(ret); + ret = NULL; + count = 0; + goto done; + } + break; + } + } + /* if there is no mem cache entry for this key, go ahead and call + * fill_key_info(), it will pull everything from disk */ + if (mem_ptr == NULL) { + if ((result = fill_key_info(tmp_ptrs[i], NULL, &ret[i]))) { + free(ret); + ret = NULL; + count = 0; + goto done; + } + } + } + } +done: + + MUTEX_UNLOCK(disk_cache_lock); + MUTEX_UNLOCK(mem_cache_lock); + + *ppKeyHierarchy = ret; + *pcKeyHierarchySize = count; + + return result; +} + +TSS_RESULT +TCS_EnumRegisteredKeys_Internal2(TCS_CONTEXT_HANDLE hContext, /* in */ + TSS_UUID * pKeyUUID, /* in */ + UINT32 * pcKeyHierarchySize, /* out */ + TSS_KM_KEYINFO2 ** ppKeyHierarchy) /* out */ +{ + TSS_RESULT result = TSS_SUCCESS; + UINT32 count = 0, i; + TSS_KM_KEYINFO2 *ret = NULL; + TSS_UUID tmp_uuid; + struct key_disk_cache *disk_ptr, *tmp_ptrs[MAX_KEY_CHILDREN]; + struct key_mem_cache *mem_ptr; + TSS_BOOL is_reg = FALSE; + + LogDebug("Enum Reg Keys2"); + + if (pcKeyHierarchySize == NULL || ppKeyHierarchy == NULL) + return TCSERR(TSS_E_BAD_PARAMETER); + + if ((result = ctx_verify_context(hContext))) + return result; + + if (pKeyUUID != NULL) { + /* First have to verify the key is registered */ + if ((result = isUUIDRegistered(pKeyUUID, &is_reg))) + return result; + + if (is_reg == FALSE) { + /* This return code is not listed as possible in the TSS 1.1 spec, + * but it makes more sense than just TCS_SUCCESS or TSS_E_FAIL */ + return TCSERR(TSS_E_PS_KEY_NOTFOUND); + } + } + + /* this entire operation needs to be atomic wrt registered keys. We must + * lock the mem cache as well to test if a given key is loaded. */ + MUTEX_LOCK(disk_cache_lock); + MUTEX_LOCK(mem_cache_lock); + + /* return an array of all registered keys if pKeyUUID == NULL */ + if (pKeyUUID == NULL) { + /* determine the number of registered keys */ + for (disk_ptr = key_disk_cache_head; disk_ptr; disk_ptr = disk_ptr->next) { + if (disk_ptr->flags & CACHE_FLAG_VALID) + count++; + } + + /* malloc a structure for each of them */ + if (count != 0) { + ret = calloc(count, sizeof(TSS_KM_KEYINFO2)); + if (ret == NULL) { + LogError("malloc of %zd bytes failed.", + (count * sizeof(TSS_KM_KEYINFO2))); + count = 0; + result = TCSERR(TSS_E_OUTOFMEMORY); + goto done; + } + } else { + goto done; + } + + /* fill out the structure for each key */ + i = 0; + for (disk_ptr = key_disk_cache_head; disk_ptr; disk_ptr = disk_ptr->next) { + if (disk_ptr->flags & CACHE_FLAG_VALID) { + /* look for a mem cache entry to check if its loaded */ + for (mem_ptr = key_mem_cache_head; mem_ptr; mem_ptr = mem_ptr->next) { + if (!memcmp(&mem_ptr->uuid, &disk_ptr->uuid, sizeof(TSS_UUID))) { + if ((result = fill_key_info2(disk_ptr, mem_ptr, &ret[i]))) { + free(ret); + ret = NULL; + count = 0; + goto done; + } + break; + } + } + /* if there is no mem cache entry for this key, go ahead and call + * fill_key_info2(), it will pull everything from disk */ + if (mem_ptr == NULL) { + if ((result = fill_key_info2(disk_ptr, NULL, &ret[i]))) { + free(ret); + ret = NULL; + count = 0; + goto done; + } + } + i++; + } + } + } else { + /* return a chain of a key and its parents up to the SRK */ + /* determine the number of keys in the chain */ + memcpy(&tmp_uuid, pKeyUUID, sizeof(TSS_UUID)); + disk_ptr = key_disk_cache_head; + while (disk_ptr != NULL && count < MAX_KEY_CHILDREN) + { + if (disk_ptr->flags & CACHE_FLAG_VALID && + !memcmp(&disk_ptr->uuid, &tmp_uuid, sizeof(TSS_UUID))) + { + /* increment count, then search for the parent */ + count++; + /* save a pointer to this cache entry */ + tmp_ptrs[count - 1] = disk_ptr; + /* if the parent of this key is NULL, we're at the root of the tree */ + if (!memcmp(&disk_ptr->parent_uuid, &NULL_UUID, sizeof(TSS_UUID))) + break; + /* overwrite tmp_uuid with the parent, which we will now search for */ + memcpy(&tmp_uuid, &disk_ptr->parent_uuid, sizeof(TSS_UUID)); + disk_ptr = key_disk_cache_head; + continue; + } + disk_ptr = disk_ptr->next; + } + /* when we reach this point, we have an array of TSS_UUID's that leads from the + * requested key up to the SRK*/ + + /* malloc a structure for each of them */ + if (count != 0) { + ret = calloc(count, sizeof(TSS_KM_KEYINFO2)); + if (ret == NULL) { + LogError("malloc of %zd bytes failed.", + (count * sizeof(TSS_KM_KEYINFO2))); + count = 0; + result = TCSERR(TSS_E_OUTOFMEMORY); + goto done; + } + } else { + goto done; + } + + for (i = 0; i < count; i++) { + /* look for a mem cache entry to check if its loaded */ + for (mem_ptr = key_mem_cache_head; mem_ptr; mem_ptr = mem_ptr->next) { + if (!memcmp(&mem_ptr->uuid, &tmp_ptrs[i]->uuid, sizeof(TSS_UUID))) { + if ((result = fill_key_info2(tmp_ptrs[i], mem_ptr, &ret[i]))) { + free(ret); + ret = NULL; + count = 0; + goto done; + } + break; + } + } + /* if there is no mem cache entry for this key, go ahead and call + * fill_key_info(), it will pull everything from disk */ + if (mem_ptr == NULL) { + if ((result = fill_key_info2(tmp_ptrs[i], NULL, &ret[i]))) { + free(ret); + ret = NULL; + count = 0; + goto done; + } + } + } + } +done: + + MUTEX_UNLOCK(disk_cache_lock); + MUTEX_UNLOCK(mem_cache_lock); + + *ppKeyHierarchy = ret; + *pcKeyHierarchySize = count; + + return result; +} + +TSS_RESULT +TCS_GetRegisteredKey_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TSS_UUID *KeyUUID, /* in */ + TSS_KM_KEYINFO ** ppKeyInfo) /* out */ +{ + TSS_RESULT result; + UINT64 offset; + BYTE tcpaKeyBlob[1024]; + TSS_KEY tcpaKey; + UINT16 keySize = sizeof (tcpaKeyBlob); + TSS_UUID parentUUID; + + /* This should be set in case we return before the malloc */ + *ppKeyInfo = NULL; + + if ((result = ctx_verify_context(hContext))) + return result; + + if ((result = ps_get_key_by_uuid(KeyUUID, tcpaKeyBlob, &keySize))) { + return TCSERR(TSS_E_PS_KEY_NOTFOUND); + } + + if ((result = getParentUUIDByUUID(KeyUUID, &parentUUID))) + return TCSERR(TSS_E_FAIL); + + *ppKeyInfo = malloc(sizeof(TSS_KM_KEYINFO)); + if (*ppKeyInfo == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(TSS_KM_KEYINFO)); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + offset = 0; + UnloadBlob_TSS_KEY(&offset, tcpaKeyBlob, &tcpaKey); + + (*ppKeyInfo)->bAuthDataUsage = tcpaKey.authDataUsage; + + (*ppKeyInfo)->fIsLoaded = FALSE; + + if (tcpaKey.hdr.key12.tag == TPM_TAG_KEY12) { + (*ppKeyInfo)->versionInfo.bMajor = TSS_SPEC_MAJOR; + (*ppKeyInfo)->versionInfo.bMinor = TSS_SPEC_MINOR; + (*ppKeyInfo)->versionInfo.bRevMajor = 0; + (*ppKeyInfo)->versionInfo.bRevMinor = 0; + } else { + (*ppKeyInfo)->versionInfo.bMajor = tcpaKey.hdr.key11.ver.major; + (*ppKeyInfo)->versionInfo.bMinor = tcpaKey.hdr.key11.ver.minor; + (*ppKeyInfo)->versionInfo.bRevMajor = tcpaKey.hdr.key11.ver.revMajor; + (*ppKeyInfo)->versionInfo.bRevMinor = tcpaKey.hdr.key11.ver.revMinor; + } + + memcpy(&((*ppKeyInfo)->keyUUID), KeyUUID, sizeof(TSS_UUID)); + + (*ppKeyInfo)->ulVendorDataLength = 0; + (*ppKeyInfo)->rgbVendorData = 0; + + memcpy(&((*ppKeyInfo)->parentKeyUUID), &parentUUID, sizeof(TSS_UUID)); + return TSS_SUCCESS; +} + +TSS_RESULT +TCS_GetRegisteredKeyBlob_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TSS_UUID *KeyUUID, /* in */ + UINT32 * pcKeySize, /* out */ + BYTE ** prgbKey) /* out */ +{ + UINT16 keySize; + BYTE buffer[4096]; + TSS_RESULT result; + + if ((result = ctx_verify_context(hContext))) + return result; + + keySize = sizeof(buffer); + if ((result = ps_get_key_by_uuid(KeyUUID, buffer, &keySize))) + return TCSERR(TSS_E_PS_KEY_NOTFOUND); + + *prgbKey = calloc(1, keySize); + if (*prgbKey == NULL) { + LogError("malloc of %d bytes failed.", keySize); + return TCSERR(TSS_E_OUTOFMEMORY); + } else { + memcpy(*prgbKey, buffer, keySize); + } + *pcKeySize = keySize; + + return TSS_SUCCESS; +} + +TSS_RESULT +TCSP_LoadKeyByUUID_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TSS_UUID *KeyUUID, /* in */ + TCS_LOADKEY_INFO * pLoadKeyInfo, /* in, out */ + TCS_KEY_HANDLE * phKeyTCSI) /* out */ +{ + UINT32 keyslot = 0, keySize; + UINT32 ordinal; + TSS_RESULT result; + TSS_UUID parentUuid; + BYTE keyBlob[0x1000]; + UINT16 blobSize = sizeof(keyBlob); + UINT64 offset; + TCS_KEY_HANDLE parentTCSKeyHandle; + + if (TPM_VERSION_IS(1,2)) + ordinal = TPM_ORD_LoadKey2; + else + ordinal = TPM_ORD_LoadKey; + + LogDebugFn("Enter: uuid: 0x%lx auth? 0x%x ***********", (unsigned long)KeyUUID, + pLoadKeyInfo == NULL ? 0xdeadbeef : pLoadKeyInfo->authData.AuthHandle); + + if ((result = ctx_verify_context(hContext))) + return result; + + memset(&parentUuid, 0, sizeof(TSS_UUID)); + + if (pLoadKeyInfo && + memcmp(&pLoadKeyInfo->parentKeyUUID, &parentUuid, sizeof(TSS_UUID))) { + if (ps_get_key_by_uuid(&pLoadKeyInfo->keyUUID, keyBlob, &blobSize)) + return TCSERR(TSS_E_PS_KEY_NOTFOUND); + + if (mc_get_handles_by_uuid(&pLoadKeyInfo->parentKeyUUID, &parentTCSKeyHandle, + &keyslot)) + return TCSERR(TCS_E_KM_LOADFAILED); + + return LoadKeyByBlob_Internal(ordinal, hContext, parentTCSKeyHandle, + blobSize, keyBlob, + &pLoadKeyInfo->authData, + phKeyTCSI, &keyslot); + } + + /* if KeyUUID is already loaded, increment the ref count and return */ + if (mc_get_handles_by_uuid(KeyUUID, phKeyTCSI, &keyslot) == TSS_SUCCESS) { + if (keyslot) { + if (ctx_mark_key_loaded(hContext, *phKeyTCSI)) { + LogError("Error marking key as loaded"); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + return TSS_SUCCESS; + } + } + /********************************************************************* + * The first thing to do in this func is setup all the info and make sure + * that we get it all from either the keyfile or the keyCache + * also, it's important to return if the key is already loaded + ***********************************************************************/ + LogDebugFn("calling ps_get_key_by_uuid"); + if (ps_get_key_by_uuid(KeyUUID, keyBlob, &blobSize)) + return TCSERR(TSS_E_PS_KEY_NOTFOUND); + /* convert UINT16 to UIN32 */ + keySize = blobSize; + + LogDebugFn("calling getParentUUIDByUUID"); + /*--- Get my parent's UUID. Since My key is registered, my parent should be as well. */ + if ((result = getParentUUIDByUUID(KeyUUID, &parentUuid))) + return TCSERR(TCS_E_KM_LOADFAILED); + + if ((result = TCSP_LoadKeyByUUID_Internal(hContext, &parentUuid, + pLoadKeyInfo, &parentTCSKeyHandle))) + return result; + + LogDebugFn("calling LoadKeyByBlob_Internal"); + /******************************************************* + * If no errors have happend up till now, then the parent is loaded and ready for use. + * The parent's TCS Handle should be in parentTCSKeyHandle. + ******************************************************/ + if ((result = LoadKeyByBlob_Internal(ordinal, hContext, parentTCSKeyHandle, + keySize, keyBlob, + NULL, + phKeyTCSI, &keyslot))) { + LogDebugFn("LoadKeyByBlob_Internal returned 0x%x", result); + if (result == TCPA_E_AUTHFAIL && pLoadKeyInfo) { + BYTE blob[1000]; + + /* set up a load key info struct */ + memcpy(&pLoadKeyInfo->parentKeyUUID, &parentUuid, sizeof(TSS_UUID)); + memcpy(&pLoadKeyInfo->keyUUID, KeyUUID, sizeof(TSS_UUID)); + + /* calculate the paramDigest */ + offset = 0; + LoadBlob_UINT32(&offset, ordinal, blob); + LoadBlob(&offset, keySize, blob, keyBlob); + if (Hash(TSS_HASH_SHA1, offset, blob, + (BYTE *)&pLoadKeyInfo->paramDigest.digest)) + result = TCSERR(TSS_E_INTERNAL_ERROR); + + result = TCSERR(TCS_E_KM_LOADFAILED); + } + } + + return result; +} + +TSS_RESULT +TCSP_GetRegisteredKeyByPublicInfo_Internal(TCS_CONTEXT_HANDLE tcsContext, /* in */ + TCPA_ALGORITHM_ID algID, /* in */ + UINT32 ulPublicInfoLength, /* in */ + BYTE * rgbPublicInfo, /* in */ + UINT32 * keySize, /* out */ + BYTE ** keyBlob) /* out */ +{ + TCPA_STORE_PUBKEY pubKey; + TSS_RESULT result = TCSERR(TSS_E_FAIL); + + if ((result = ctx_verify_context(tcsContext))) + return result; + + if (algID == TCPA_ALG_RSA) { + /*--- Convert Public info to a structure */ + pubKey.keyLength = ulPublicInfoLength; + pubKey.key = malloc(pubKey.keyLength); + if (pubKey.key == NULL) { + LogError("malloc of %d bytes failed.", pubKey.keyLength); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + memcpy(pubKey.key, rgbPublicInfo, pubKey.keyLength); + + if ((result = ps_get_key_by_pub(&pubKey, keySize, keyBlob))) { + LogDebug("Public key data not found in PS"); + free(pubKey.key); + return TCSERR(TSS_E_PS_KEY_NOTFOUND); + } + } + free(pubKey.key); + + return result; +} diff --git a/src/tcs/tcsi_quote.c b/src/tcs/tcsi_quote.c new file mode 100644 index 0000000..632b0cc --- /dev/null +++ b/src/tcs/tcsi_quote.c @@ -0,0 +1,81 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2006 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcsps.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "req_mgr.h" +#include "tcsd_wrap.h" +#include "tcsd.h" + + +TSS_RESULT +TCSP_Quote_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + TCPA_NONCE antiReplay, /* in */ + UINT32 pcrDataSizeIn, /* in */ + BYTE * pcrDataIn, /* in */ + TPM_AUTH * privAuth, /* in, out */ + UINT32 * pcrDataSizeOut, /* out */ + BYTE ** pcrDataOut, /* out */ + UINT32 * sigSize, /* out */ + BYTE ** sig) /* out */ +{ + + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + UINT32 keySlot; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering quote"); + + if ((result = ctx_verify_context(hContext))) + goto done; + + if (privAuth != NULL) { + LogDebug("Auth Used"); + if ((result = auth_mgr_check(hContext, &privAuth->AuthHandle))) + goto done; + } else { + LogDebug("No Auth"); + } + if ((result = ensureKeyIsLoaded(hContext, keyHandle, &keySlot))) + goto done; + + if ((result = tpm_rqu_build(TPM_ORD_Quote, &offset, txBlob, keySlot, antiReplay.nonce, + pcrDataSizeIn, pcrDataIn, privAuth))) + goto done; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_Quote, txBlob, paramSize, pcrDataSizeOut, pcrDataOut, + sigSize, sig, privAuth); + } + LogResult("Quote", result); +done: + auth_mgr_release_auth(privAuth, NULL, hContext); + return result; +} + diff --git a/src/tcs/tcsi_quote2.c b/src/tcs/tcsi_quote2.c new file mode 100644 index 0000000..0ced27f --- /dev/null +++ b/src/tcs/tcsi_quote2.c @@ -0,0 +1,86 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcsps.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "req_mgr.h" +#include "tcsd_wrap.h" +#include "tcsd.h" + + +TSS_RESULT +TCSP_Quote2_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + TCPA_NONCE antiReplay, /* in */ + UINT32 pcrDataSizeIn, /* in */ + BYTE * pcrDataIn, /* in */ + TSS_BOOL addVersion, /* in */ + TPM_AUTH * privAuth, /* in, out */ + UINT32 * pcrDataSizeOut, /* out */ + BYTE ** pcrDataOut, /* out */ + UINT32 * versionInfoSize, /* out */ + BYTE ** versionInfo, /* out */ + UINT32 * sigSize, /* out */ + BYTE ** sig) /* out */ +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + UINT32 keySlot; + + /* Command packet to be sent to the TPM */ + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering quote2"); + + if ((result = ctx_verify_context(hContext))) + goto done; + + if (privAuth != NULL) { + LogDebug("Auth Used"); + if ((result = auth_mgr_check(hContext, &privAuth->AuthHandle))) + goto done; + } else { + LogDebug("No Auth"); + } + if ((result = ensureKeyIsLoaded(hContext, keyHandle, &keySlot))) + goto done; + + if ((result = tpm_rqu_build(TPM_ORD_Quote2, &offset, txBlob, keySlot, antiReplay.nonce, + pcrDataSizeIn, pcrDataIn, &addVersion, privAuth))) + goto done; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_Quote2, txBlob, paramSize, pcrDataSizeOut, + pcrDataOut, &addVersion, versionInfoSize, versionInfo, + sigSize, sig, privAuth); + } + LogResult("Quote2", result); +done: + auth_mgr_release_auth(privAuth, NULL, hContext); + return result; +} + diff --git a/src/tcs/tcsi_random.c b/src/tcs/tcsi_random.c new file mode 100644 index 0000000..9670df4 --- /dev/null +++ b/src/tcs/tcsi_random.c @@ -0,0 +1,147 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcsps.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "req_mgr.h" +#include "tcsd_wrap.h" +#include "tcsd.h" + + +/* + * Get a random number generated by the TPM. Most (all?) TPMs return a maximum number of random + * bytes that's less than the max allowed to be returned at the TSP level, which is 4K bytes. + * According to the TPM compliance work posted here: http://www.prosec.rub.de/tpmcompliance.html, + * some TPMs return as little as 132 bytes per query, which would require about 30 loops to get 4K. + * We'll be extremely conservative here and loop 50 times, since it won't affect performance on + * TPMs that return more bytes. + */ +TSS_RESULT +TCSP_GetRandom_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 * bytesRequested, /* in, out */ + BYTE ** randomBytes) /* out */ +{ + UINT64 offset; + TSS_RESULT result; + UINT32 paramSize, totalReturned = 0, bytesReturned, retries = 50; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE], *rnd_tmp = NULL, *rnd_tmp2 = NULL; + + LogDebugFn("%u bytes", *bytesRequested); + + if ((result = ctx_verify_context(hContext))) + return result; + + do { + offset = 0; + if ((result = tpm_rqu_build(TPM_ORD_GetRandom, &offset, txBlob, + *bytesRequested - totalReturned, NULL))) + break; + + if ((result = req_mgr_submit_req(txBlob))) + break;; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { +#if 0 + offset = 10; + UnloadBlob_UINT32(&offset, &bytesReturned, txBlob); + + LogDebugFn("received %u bytes from the TPM", bytesReturned); + + rnd_tmp = realloc(rnd_tmp, totalReturned + bytesReturned); + if (rnd_tmp == NULL) { + LogError("malloc of %u bytes failed.", bytesReturned); + return TCSERR(TSS_E_OUTOFMEMORY); + } + UnloadBlob(&offset, bytesReturned, txBlob, &rnd_tmp[totalReturned]); +#else + /* XXX */ + if ((result = tpm_rsp_parse(TPM_ORD_GetRandom, txBlob, paramSize, + &bytesReturned, &rnd_tmp, NULL, NULL))) + break; + + rnd_tmp2 = realloc(*randomBytes, totalReturned + bytesReturned); + if (rnd_tmp2 == NULL) { + free(rnd_tmp); + rnd_tmp = NULL; + LogError("malloc of %u bytes failed.", bytesReturned); + result = TCSERR(TSS_E_OUTOFMEMORY); + break; + } + *randomBytes = rnd_tmp2; + memcpy(*randomBytes + totalReturned, rnd_tmp, bytesReturned); + free(rnd_tmp); + rnd_tmp = NULL; +#endif + totalReturned += bytesReturned; + } else { + free(rnd_tmp); + return result; + } + } while (totalReturned < *bytesRequested && retries--); + + if (totalReturned != *bytesRequested) { + LogDebugFn("Only %u random bytes recieved from TPM.", totalReturned); + free(rnd_tmp); + result = TCSERR(TSS_E_FAIL); +#if 0 + } else + *randomBytes = rnd_tmp; +#else + } +#endif + + return result; +} + +TSS_RESULT +TCSP_StirRandom_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 inDataSize, /* in */ + BYTE * inData) /* in */ +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering stir random"); + + if (inDataSize > 255) { + LogDebugFn("inData is too large! (%u bytes)", inDataSize); + return TCSERR(TSS_E_BAD_PARAMETER); + } + + if ((result = ctx_verify_context(hContext))) + return result; + + if ((result = tpm_rqu_build(TPM_ORD_StirRandom, &offset, txBlob, inDataSize, inDataSize, + inData, NULL, NULL))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + return result; + + result = UnloadBlob_Header(txBlob, ¶mSize); + LogResult("Stir random", result); + return result; +} + diff --git a/src/tcs/tcsi_seal.c b/src/tcs/tcsi_seal.c new file mode 100644 index 0000000..bc72ecd --- /dev/null +++ b/src/tcs/tcsi_seal.c @@ -0,0 +1,149 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcsps.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "req_mgr.h" +#include "tcsd_wrap.h" +#include "tcsd.h" + +TSS_RESULT +TCSP_Seal_Internal(UINT32 sealOrdinal, /* in */ + TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + TCPA_ENCAUTH encAuth, /* in */ + UINT32 pcrInfoSize, /* in */ + BYTE * PcrInfo, /* in */ + UINT32 inDataSize, /* in */ + BYTE * inData, /* in */ + TPM_AUTH * pubAuth, /* in, out */ + UINT32 * SealedDataSize, /* out */ + BYTE ** SealedData) /* out */ +{ + UINT64 offset = 0; + TSS_RESULT result; + UINT32 paramSize; + TCPA_KEY_HANDLE keySlot; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering Seal"); + if (!pubAuth) + return TCSERR(TSS_E_BAD_PARAMETER); + + if ((result = ctx_verify_context(hContext))) + goto done; + + if ((result = auth_mgr_check(hContext, &pubAuth->AuthHandle))) + goto done; + + if ((result = ensureKeyIsLoaded(hContext, keyHandle, &keySlot))) + goto done; + + /* XXX What's this check for? */ + if (keySlot == 0) { + result = TCSERR(TSS_E_FAIL); + goto done; + } + + if ((result = tpm_rqu_build(sealOrdinal, &offset, txBlob, keySlot, encAuth.authdata, + pcrInfoSize, PcrInfo, inDataSize, inData, pubAuth))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + offset = 10; + result = UnloadBlob_Header(txBlob, ¶mSize); + + if (!result) { + result = tpm_rsp_parse(sealOrdinal, txBlob, paramSize, SealedDataSize, + SealedData, pubAuth); + } + LogResult("Seal", result); +done: + auth_mgr_release_auth(pubAuth, NULL, hContext); + return result; +} + +TSS_RESULT +TCSP_Unseal_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE parentHandle, /* in */ + UINT32 SealedDataSize, /* in */ + BYTE * SealedData, /* in */ + TPM_AUTH * parentAuth, /* in, out */ + TPM_AUTH * dataAuth, /* in, out */ + UINT32 * DataSize, /* out */ + BYTE ** Data) /* out */ +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + TCPA_KEY_HANDLE keySlot; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering Unseal"); + + if (dataAuth == NULL) + return TCSERR(TSS_E_BAD_PARAMETER); + + if ((result = ctx_verify_context(hContext))) + goto done; + + if (parentAuth != NULL) { + LogDebug("Auth used"); + if ((result = auth_mgr_check(hContext, &parentAuth->AuthHandle))) + goto done; + } else { + LogDebug("No Auth"); + } + + if ((result = auth_mgr_check(hContext, &dataAuth->AuthHandle))) + goto done; + + if ((result = ensureKeyIsLoaded(hContext, parentHandle, &keySlot))) + goto done; + + /* XXX What's this check for? */ + if (keySlot == 0) { + result = TCSERR(TSS_E_FAIL); + goto done; + } + + if ((result = tpm_rqu_build(TPM_ORD_Unseal, &offset, txBlob, keySlot, SealedDataSize, + SealedData, parentAuth, dataAuth))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + offset = 10; + result = UnloadBlob_Header(txBlob, ¶mSize); + + if (!result) { + result = tpm_rsp_parse(TPM_ORD_Unseal, txBlob, paramSize, DataSize, Data, + parentAuth, dataAuth); + } + LogResult("Unseal", result); +done: + auth_mgr_release_auth(parentAuth, dataAuth, hContext); + return result; +} diff --git a/src/tcs/tcsi_selftest.c b/src/tcs/tcsi_selftest.c new file mode 100644 index 0000000..95869bc --- /dev/null +++ b/src/tcs/tcsi_selftest.c @@ -0,0 +1,129 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcsps.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "req_mgr.h" +#include "tcsd_wrap.h" +#include "tcsd.h" + + +TSS_RESULT +TCSP_SelfTestFull_Internal(TCS_CONTEXT_HANDLE hContext) /* in */ +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering Self Test Full"); + if ((result = ctx_verify_context(hContext))) + return result; + + if ((result = tpm_rqu_build(TPM_ORD_SelfTestFull, &offset, txBlob, NULL))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + return result; + + result = UnloadBlob_Header(txBlob, ¶mSize); + LogResult("Self Test Full", result); + return result; +} + +TSS_RESULT +TCSP_CertifySelfTest_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + TCPA_NONCE antiReplay, /* in */ + TPM_AUTH * privAuth, /* in, out */ + UINT32 * sigSize, /* out */ + BYTE ** sig) /* out */ +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + TCPA_KEY_HANDLE keySlot; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering Certify Self Test"); + + if ((result = ctx_verify_context(hContext))) + goto done; + + if (privAuth != NULL) { + LogDebug("Auth Used"); + if ((result = auth_mgr_check(hContext, &privAuth->AuthHandle))) + goto done; + } else { + LogDebug("No Auth"); + } + + if ((result = ensureKeyIsLoaded(hContext, keyHandle, &keySlot))) + goto done; + + if ((result = tpm_rqu_build(TPM_ORD_CertifySelfTest, &offset, txBlob, keySlot, + TPM_NONCE_SIZE, antiReplay.nonce, privAuth, NULL))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_CertifySelfTest, txBlob, paramSize, sigSize, sig, + privAuth, NULL); + } + LogResult("Certify Self Test", result); +done: + auth_mgr_release_auth(privAuth, NULL, hContext); + return result; +} + +TSS_RESULT +TCSP_GetTestResult_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 * outDataSize, /* out */ + BYTE ** outData) /* out */ +{ + TSS_RESULT result; + UINT32 paramSize; + UINT64 offset = 0; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering Get Test Result"); + if ((result = ctx_verify_context(hContext))) + return result; + + if ((result = tpm_rqu_build(TPM_ORD_GetTestResult, &offset, txBlob, NULL))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + return result; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_GetTestResult, txBlob, paramSize, outDataSize, + outData, NULL, NULL); + } + LogResult("Get Test Result", result); + return result; +} + diff --git a/src/tcs/tcsi_sign.c b/src/tcs/tcsi_sign.c new file mode 100644 index 0000000..3671fb1 --- /dev/null +++ b/src/tcs/tcsi_sign.c @@ -0,0 +1,78 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcsps.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "req_mgr.h" +#include "tcsd_wrap.h" +#include "tcsd.h" + + +TSS_RESULT +TCSP_Sign_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + UINT32 areaToSignSize, /* in */ + BYTE * areaToSign, /* in */ + TPM_AUTH * privAuth, /* in, out */ + UINT32 * sigSize, /* out */ + BYTE ** sig /* out */ + ) +{ + UINT64 offset = 0; + UINT32 paramSize; + TSS_RESULT result; + TCPA_KEY_HANDLE keySlot; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering Sign"); + if ((result = ctx_verify_context(hContext))) + return result; + + if (privAuth != NULL) { + LogDebug("Auth Used"); + if ((result = auth_mgr_check(hContext, &privAuth->AuthHandle))) + goto done; + } else { + LogDebug("No Auth"); + } + + if ((result = ensureKeyIsLoaded(hContext, keyHandle, &keySlot))) + goto done; + + if ((result = tpm_rqu_build(TPM_ORD_Sign, &offset, txBlob, keySlot, areaToSignSize, + areaToSign, privAuth))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + result = tpm_rsp_parse(TPM_ORD_Sign, txBlob, paramSize, sigSize, sig, privAuth, + NULL); + } + LogResult("sign", result); +done: + auth_mgr_release_auth(privAuth, NULL, hContext); + return result; +} + diff --git a/src/tcs/tcsi_tick.c b/src/tcs/tcsi_tick.c new file mode 100644 index 0000000..b752e83 --- /dev/null +++ b/src/tcs/tcsi_tick.c @@ -0,0 +1,119 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsps.h" +#include "req_mgr.h" + + +TSS_RESULT +TCSP_ReadCurrentTicks_Internal(TCS_CONTEXT_HANDLE hContext, + UINT32* pulCurrentTime, + BYTE** prgbCurrentTime) +{ + TSS_RESULT result; + UINT32 paramSize; + UINT64 offset = 0; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + if ((result = ctx_verify_context(hContext))) + return result; + + if ((result = tpm_rqu_build(TPM_ORD_GetTicks, &offset, txBlob, NULL))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) + result = tpm_rsp_parse(TPM_ORD_GetTicks, txBlob, paramSize, pulCurrentTime, + prgbCurrentTime, NULL); + +done: + return result; +} + +TSS_RESULT +TCSP_TickStampBlob_Internal(TCS_CONTEXT_HANDLE hContext, + TCS_KEY_HANDLE hKey, + TPM_NONCE* antiReplay, + TPM_DIGEST* digestToStamp, + TPM_AUTH* privAuth, + UINT32* pulSignatureLength, + BYTE** prgbSignature, + UINT32* pulTickCountLength, + BYTE** prgbTickCount) +{ + TSS_RESULT result; + UINT32 paramSize; + UINT64 offset = 0; + TPM_KEY_HANDLE keySlot; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + if ((result = ctx_verify_context(hContext))) + return result; + + if (privAuth) { + if ((result = auth_mgr_check(hContext, &privAuth->AuthHandle))) + goto done; + } + + if ((result = ensureKeyIsLoaded(hContext, hKey, &keySlot))) + goto done; + + if ((result = tpm_rqu_build(TPM_ORD_TickStampBlob, &offset, txBlob, keySlot, antiReplay, + digestToStamp, privAuth))) + return result; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + if ((result = UnloadBlob_Header(txBlob, ¶mSize))) { + LogDebugFn("UnloadBlob_Header failed: rc=0x%x", result); + goto done; + } + + if (!result) { + result = tpm_rsp_parse(TPM_ORD_TickStampBlob, txBlob, paramSize, pulTickCountLength, + prgbTickCount, pulSignatureLength, prgbSignature, privAuth); + } +done: + return result; +} + +void +UnloadBlob_CURRENT_TICKS(UINT64 *offset, BYTE *b, TPM_CURRENT_TICKS *t) +{ + if (!t) { + UnloadBlob_UINT16(offset, NULL, b); + UnloadBlob_UINT64(offset, NULL, b); + UnloadBlob_UINT16(offset, NULL, b); + UnloadBlob(offset, sizeof(TPM_NONCE), b, NULL); + + return; + } + + UnloadBlob_UINT16(offset, &t->tag, b); + UnloadBlob_UINT64(offset, &t->currentTicks, b); + UnloadBlob_UINT16(offset, &t->tickRate, b); + UnloadBlob(offset, sizeof(TPM_NONCE), b, (BYTE *)&t->tickNonce); +} diff --git a/src/tcs/tcsi_transport.c b/src/tcs/tcsi_transport.c new file mode 100644 index 0000000..38a3b32 --- /dev/null +++ b/src/tcs/tcsi_transport.c @@ -0,0 +1,513 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsps.h" +#include "req_mgr.h" + + +TSS_RESULT +TCSP_EstablishTransport_Internal(TCS_CONTEXT_HANDLE hContext, + UINT32 ulTransControlFlags, + TCS_KEY_HANDLE hEncKey, + UINT32 ulTransSessionInfoSize, + BYTE* rgbTransSessionInfo, + UINT32 ulSecretSize, + BYTE* rgbSecret, + TPM_AUTH* pEncKeyAuth, + TPM_MODIFIER_INDICATOR* pbLocality, + TCS_HANDLE* hTransSession, + UINT32* ulCurrentTicks, + BYTE** prgbCurrentTicks, + TPM_NONCE* pTransNonce) +{ + TSS_RESULT result; + UINT32 paramSize; + UINT64 offset; + TPM_KEY_HANDLE keySlot; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + if ((result = ctx_verify_context(hContext))) + return result; + + if (ulTransControlFlags == TSS_TCSATTRIB_TRANSPORT_EXCLUSIVE) { + if ((result = ctx_req_exclusive_transport(hContext))) + return result; + } + + if (pEncKeyAuth) { + if ((result = auth_mgr_check(hContext, &pEncKeyAuth->AuthHandle))) + return result; + } + + /* if hEncKey is set to TPM_KH_TRANSPORT, that's the signal to the TPM that this will be + * an unencrypted transport session, so we don't need to check that its loaded */ + if (hEncKey != TPM_KH_TRANSPORT) { + if ((result = ensureKeyIsLoaded(hContext, hEncKey, &keySlot))) + return result; + } + + offset = TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob_UINT32(&offset, keySlot, txBlob); + LoadBlob(&offset, ulTransSessionInfoSize, txBlob, rgbTransSessionInfo); + LoadBlob_UINT32(&offset, ulSecretSize, txBlob); + LoadBlob(&offset, ulSecretSize, txBlob, rgbSecret); + if (pEncKeyAuth) { + LoadBlob_Auth(&offset, txBlob, pEncKeyAuth); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, offset, TPM_ORD_EstablishTransport, + txBlob); + } else + LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset, TPM_ORD_EstablishTransport, txBlob); + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + if ((result = UnloadBlob_Header(txBlob, ¶mSize))) { + LogDebugFn("UnloadBlob_Header failed: rc=0x%x", result); + goto done; + } + + offset = TSS_TPM_TXBLOB_HDR_LEN; + UnloadBlob_UINT32(&offset, hTransSession, txBlob); + UnloadBlob_UINT32(&offset, pbLocality, txBlob); + + *ulCurrentTicks = sizeof(TPM_STRUCTURE_TAG) + + sizeof(UINT64) + + sizeof(UINT16) + + sizeof(TPM_NONCE); + + *prgbCurrentTicks = malloc(*ulCurrentTicks); + if (*prgbCurrentTicks == NULL) { + result = TCSERR(TSS_E_OUTOFMEMORY); + goto done; + } + + UnloadBlob(&offset, *ulCurrentTicks, txBlob, *prgbCurrentTicks); + UnloadBlob(&offset, sizeof(TPM_NONCE), txBlob, (BYTE *)pTransNonce); + if (pEncKeyAuth) + UnloadBlob_Auth(&offset, txBlob, pEncKeyAuth); + + ctx_set_transport_enabled(hContext, *hTransSession); +done: + auth_mgr_release_auth(pEncKeyAuth, NULL, hContext); + return result; +} + +TSS_RESULT +TCSP_ExecuteTransport_Internal(TCS_CONTEXT_HANDLE hContext, + TPM_COMMAND_CODE unWrappedCommandOrdinal, + UINT32 ulWrappedCmdParamInSize, + BYTE* rgbWrappedCmdParamIn, + UINT32* pulHandleListSize, /* in, out */ + TCS_HANDLE** rghHandles, /* in, out */ + TPM_AUTH* pWrappedCmdAuth1, /* in, out */ + TPM_AUTH* pWrappedCmdAuth2, /* in, out */ + TPM_AUTH* pTransAuth, /* in, out */ + UINT64* punCurrentTicks, + TPM_MODIFIER_INDICATOR* pbLocality, + TPM_RESULT* pulWrappedCmdReturnCode, + UINT32* ulWrappedCmdParamOutSize, + BYTE** rgbWrappedCmdParamOut) +{ + TSS_RESULT result; + UINT32 paramSize, wrappedSize, val1 = 0, val2 = 0, *pVal1 = NULL, *pVal2 = NULL; + TCS_HANDLE handle1 = 0, handle2 = 0; + UINT64 offset, wrappedOffset = 0; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + + if (*pulHandleListSize > 2) { + LogDebugFn("************ EXPAND KEYSLOT SIZE *********"); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if ((result = ctx_verify_context(hContext))) + return result; + + if (pWrappedCmdAuth1) + if ((result = auth_mgr_check(hContext, &pWrappedCmdAuth1->AuthHandle))) + goto done; + + if (pWrappedCmdAuth2) + if ((result = auth_mgr_check(hContext, &pWrappedCmdAuth2->AuthHandle))) + goto done; + + switch (unWrappedCommandOrdinal) { + /* If the command is FlushSpecific, we get handle that needs to be freed, but we don't know + * what type it is. */ + case TPM_ORD_FlushSpecific: + if (*pulHandleListSize == 0) { /* invalid */ + result = TCSERR(TSS_E_BAD_PARAMETER); + goto done; + } + + /* If this is a transport handle, remove the context's reference to the session */ + ctx_set_transport_disabled(hContext, rghHandles[0]); + + /* Is it a key? If so, jump to the get_slot_lite and key management calls below */ + if (ctx_has_key_loaded(hContext, *rghHandles[0])) + goto map_key_handles; + + /* fall through */ + case TPM_ORD_Terminate_Handle: + if (!auth_mgr_check(hContext, rghHandles[0])) + auth_mgr_release_auth_handle(*rghHandles[0], hContext, FALSE); + + /* If the handle is an auth handle or any other kind of handle, there's no + * mapping done in the TCS, so pass its value straight to the TPM and jump over + * the switch statement below where we assume FLushSpecific is being done on a + * key */ + handle1 = val1 = *rghHandles[0]; + pVal1 = &val1; + + goto build_command; + default: + break; + } + +map_key_handles: + if (*pulHandleListSize == 2) { + handle2 = (*rghHandles)[1]; + + if ((result = get_slot_lite(hContext, handle2, &val2))) { + *pulHandleListSize = 0; + goto done; + } + + pVal2 = &val2; + } + + if (*pulHandleListSize >= 1) { + handle1 = *rghHandles[0]; + + *pulHandleListSize = 0; + + if ((result = get_slot_lite(hContext, handle1, &val1))) + goto done; + + pVal1 = &val1; + } + + switch (unWrappedCommandOrdinal) { + case TPM_ORD_EvictKey: + case TPM_ORD_FlushSpecific: + { + if ((result = ctx_remove_key_loaded(hContext, handle1))) + goto done; + + if ((result = key_mgr_dec_ref_count(handle1))) + goto done; + + /* we can't call key_mgr_ref_cnt() here since it calls TPM_EvictKey directly */ + mc_set_slot_by_handle(handle1, NULL_TPM_HANDLE); + break; + } + case TPM_ORD_OIAP: + { + /* are the maximum number of auth sessions open? */ + if (auth_mgr_req_new(hContext) == FALSE) { + if ((result = auth_mgr_swap_out(hContext))) + goto done; + } + + break; + } + case TPM_ORD_OSAP: + { + UINT16 entityType; + UINT32 entityValue, newEntValue; + + /* are the maximum number of auth sessions open? */ + if (auth_mgr_req_new(hContext) == FALSE) { + if ((result = auth_mgr_swap_out(hContext))) + goto done; + } + + offset = 0; + UnloadBlob_UINT16(&offset, &entityType, rgbWrappedCmdParamIn); + UnloadBlob_UINT32(&offset, &entityValue, rgbWrappedCmdParamIn); + + if (entityType == TCPA_ET_KEYHANDLE || entityType == TCPA_ET_KEY) { + if (ensureKeyIsLoaded(hContext, entityValue, &newEntValue)) + return TCSERR(TSS_E_KEY_NOT_LOADED); + + /* OSAP is never encrypted in a transport session, so changing + * rgbWrappedCmdParamIn is ok here */ + offset = sizeof(UINT16); + LoadBlob_UINT32(&offset, newEntValue, rgbWrappedCmdParamIn); + } + + break; + } + case TPM_ORD_DSAP: + { + UINT16 entityType; + UINT32 keyHandle, tpmKeyHandle; + + /* are the maximum number of auth sessions open? */ + if (auth_mgr_req_new(hContext) == FALSE) { + if ((result = auth_mgr_swap_out(hContext))) + goto done; + } + + offset = 0; + UnloadBlob_UINT16(&offset, &entityType, rgbWrappedCmdParamIn); + UnloadBlob_UINT32(&offset, &keyHandle, rgbWrappedCmdParamIn); + + if (ensureKeyIsLoaded(hContext, keyHandle, &tpmKeyHandle)) { + result = TCSERR(TSS_E_KEY_NOT_LOADED); + goto done; + } + + /* DSAP's only encrypted paramter is entityValue, so replacing keyHandle inside + * rgbWrappedCmdParamIn is ok */ + offset = sizeof(UINT16); + LoadBlob_UINT32(&offset, tpmKeyHandle, rgbWrappedCmdParamIn); + } + default: + break; + } + +build_command: + if ((result = tpm_rqu_build(TPM_ORD_ExecuteTransport, &wrappedOffset, + &txBlob[TSS_TXBLOB_WRAPPEDCMD_OFFSET], unWrappedCommandOrdinal, + pVal1, pVal2, ulWrappedCmdParamInSize, rgbWrappedCmdParamIn, + pWrappedCmdAuth1, pWrappedCmdAuth2))) + goto done; + + /* The blob we'll load here looks like this: + * + * |TAGet|LENet|ORDet|wrappedCmdSize|wrappedCmd|AUTHet| + * + * wrappedCmd looks like this: + * + * |TAGw|LENw|ORDw|HANDLESw|DATAw|AUTH1w|AUTH2w| + * + * w = wrapped command info + * et = execute transport command info + * + * Note that the wrapped command was loaded into the blob by the tpm_rqu_build call + * above. + * + */ + offset = TSS_TPM_TXBLOB_HDR_LEN; + /* Load wrapped command size: |wrappedCmdSize| */ + LoadBlob_UINT32(&offset, wrappedOffset, txBlob); + + /* offset + wrappedOffset is the position of the execute transport auth struct */ + offset += wrappedOffset; + + if (pTransAuth) { + /* Load the auth for the execute transport command: |AUTHet| */ + LoadBlob_Auth(&offset, txBlob, pTransAuth); + /* Load the outer header: |TAGet|LENet|ORDet| */ + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, offset, TPM_ORD_ExecuteTransport, + txBlob); + } else { + /* Load the outer header: |TAGet|LENet|ORDet| */ + LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset, TPM_ORD_ExecuteTransport, txBlob); + } + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + /* Unload the Execute Transport (outer) header */ + if ((result = UnloadBlob_Header(txBlob, ¶mSize))) { + LogDebugFn("UnloadBlob_Header failed: rc=0x%x", result); + goto done; + } + + /* The response from the TPM looks like this: + * + * |TAGet|LENet|RCet|currentTicks|locality|wrappedRspSize|wrappedRsp|AUTHet| + * + * and wrappedRsp looks like: + * + * |TAGw|LENw|RCw|HANDLESw|DATAw|AUTH1w|AUTH2w| + */ + + offset = TSS_TPM_TXBLOB_HDR_LEN; + UnloadBlob_UINT64(&offset, punCurrentTicks, txBlob); + UnloadBlob_UINT32(&offset, pbLocality, txBlob); + + /* Unload the wrapped response size: |wrappedRspSize| */ + UnloadBlob_UINT32(&offset, &wrappedSize, txBlob); + + /* We've parsed right up to wrappedRsp, so save off this offset for later */ + wrappedOffset = offset; + + /* The current offset + the response size will be the offset of |AUTHet| */ + offset += wrappedSize; + if (pTransAuth) + UnloadBlob_Auth(&offset, txBlob, pTransAuth); + + /* Now parse through the returned response @ wrappedOffset */ + if ((result = UnloadBlob_Header(&txBlob[wrappedOffset], ¶mSize))) { + LogDebugFn("Wrapped command (Ordinal 0x%x) failed: rc=0x%x", + unWrappedCommandOrdinal, result); + + /* This is the result of the wrapped command. If its not success, return its value + * in the pulWrappedCmdReturnCode variable and return indicating that the execute + * transport command was successful */ + *pulWrappedCmdReturnCode = result; + *ulWrappedCmdParamOutSize = 0; + *rgbWrappedCmdParamOut = NULL; + auth_mgr_release_auth(pWrappedCmdAuth1, pWrappedCmdAuth2, hContext); + + return TSS_SUCCESS; + } + + *pulWrappedCmdReturnCode = TSS_SUCCESS; + + pVal1 = pVal2 = NULL; + switch (unWrappedCommandOrdinal) { + /* The commands below have 1 outgoing handle */ + case TPM_ORD_LoadKey2: + pVal1 = &val1; + break; + default: + break; + } + + result = tpm_rsp_parse(TPM_ORD_ExecuteTransport, &txBlob[wrappedOffset], paramSize, + pVal1, pVal2, ulWrappedCmdParamOutSize, rgbWrappedCmdParamOut, + pWrappedCmdAuth1, pWrappedCmdAuth2); + + offset = 0; + switch (unWrappedCommandOrdinal) { + case TPM_ORD_LoadKey2: + { + TCS_KEY_HANDLE tcs_handle = NULL_TCS_HANDLE; + + if ((result = load_key_final(hContext, handle1, &tcs_handle, NULL, val1))) + goto done; + + *rghHandles[0] = tcs_handle; + *pulHandleListSize = 1; + break; + } + case TPM_ORD_DSAP: + case TPM_ORD_OSAP: + case TPM_ORD_OIAP: + { + UINT32 handle; + + UnloadBlob_UINT32(&offset, &handle, *rgbWrappedCmdParamOut); + result = auth_mgr_add(hContext, handle); + break; + } + default: + break; + } + +done: + auth_mgr_release_auth(pWrappedCmdAuth1, pWrappedCmdAuth2, hContext); + return result; +} + +TSS_RESULT +TCSP_ReleaseTransportSigned_Internal(TCS_CONTEXT_HANDLE hContext, + TCS_KEY_HANDLE hSignatureKey, + TPM_NONCE* AntiReplayNonce, + TPM_AUTH* pKeyAuth, /* in, out */ + TPM_AUTH* pTransAuth, /* in, out */ + TPM_MODIFIER_INDICATOR* pbLocality, + UINT32* pulCurrentTicksSize, + BYTE** prgbCurrentTicks, + UINT32* pulSignatureSize, + BYTE** prgbSignature) +{ + TSS_RESULT result; + UINT32 paramSize; + UINT64 offset; + TPM_KEY_HANDLE keySlot; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + if ((result = ctx_verify_context(hContext))) + return result; + + if (pKeyAuth) { + if ((result = auth_mgr_check(hContext, &pKeyAuth->AuthHandle))) + return result; + } + + if ((result = ensureKeyIsLoaded(hContext, hSignatureKey, &keySlot))) + return result; + + offset = TSS_TPM_TXBLOB_HDR_LEN; + LoadBlob_UINT32(&offset, keySlot, txBlob); + LoadBlob(&offset, sizeof(TPM_NONCE), txBlob, (BYTE *)AntiReplayNonce); + if (pKeyAuth) { + LoadBlob_Auth(&offset, txBlob, pKeyAuth); + LoadBlob_Auth(&offset, txBlob, pTransAuth); + LoadBlob_Header(TPM_TAG_RQU_AUTH2_COMMAND, offset, TPM_ORD_ReleaseTransportSigned, + txBlob); + } else { + LoadBlob_Auth(&offset, txBlob, pTransAuth); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, offset, TPM_ORD_ReleaseTransportSigned, + txBlob); + } + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + if ((result = UnloadBlob_Header(txBlob, ¶mSize))) { + LogDebugFn("UnloadBlob_Header failed: rc=0x%x", result); + goto done; + } + + /* unconditionally disable our accounting of the session */ + ctx_set_transport_disabled(hContext, NULL); + + offset = TSS_TPM_TXBLOB_HDR_LEN; + UnloadBlob_UINT32(&offset, pbLocality, txBlob); + + *pulCurrentTicksSize = sizeof(TPM_STRUCTURE_TAG) + + sizeof(UINT64) + + sizeof(UINT16) + + sizeof(TPM_NONCE); + + *prgbCurrentTicks = malloc(*pulCurrentTicksSize); + if (*prgbCurrentTicks == NULL) { + result = TCSERR(TSS_E_OUTOFMEMORY); + goto done; + } + + UnloadBlob(&offset, *pulCurrentTicksSize, txBlob, *prgbCurrentTicks); + UnloadBlob_UINT32(&offset, pulSignatureSize, txBlob); + + *prgbSignature = malloc(*pulSignatureSize); + if (*prgbSignature == NULL) { + free(*prgbCurrentTicks); + result = TCSERR(TSS_E_OUTOFMEMORY); + goto done; + } + + UnloadBlob(&offset, *pulSignatureSize, txBlob, *prgbSignature); + + if (pKeyAuth) + UnloadBlob_Auth(&offset, txBlob, pKeyAuth); + UnloadBlob_Auth(&offset, txBlob, pTransAuth); + +done: + auth_mgr_release_auth(pKeyAuth, NULL, hContext); + return result; +} diff --git a/src/tcsd/Makefile.am b/src/tcsd/Makefile.am new file mode 100644 index 0000000..ff61a21 --- /dev/null +++ b/src/tcsd/Makefile.am @@ -0,0 +1,13 @@ +sbin_PROGRAMS=tcsd + +tcsd_CFLAGS=-DAPPID=\"TCSD\" -DVAR_PREFIX=\"@localstatedir@\" -DETC_PREFIX=\"@sysconfdir@\" -I${top_srcdir}/src/include +tcsd_LDADD=${top_builddir}/src/tcs/libtcs.a ${top_builddir}/src/tddl/libtddl.a -lpthread @CRYPTOLIB@ + +tcsd_SOURCES=svrside.c tcsd_conf.c tcsd_threads.c platform.c + +if TSS_BUILD_PS +tcsd_CFLAGS+=-DTSS_BUILD_PS +endif +if TSS_BUILD_PCR_EVENTS +tcsd_CFLAGS+=-DTSS_BUILD_PCR_EVENTS +endif diff --git a/src/tcsd/Makefile.in b/src/tcsd/Makefile.in new file mode 100644 index 0000000..6ef1b00 --- /dev/null +++ b/src/tcsd/Makefile.in @@ -0,0 +1,589 @@ +# Makefile.in generated by automake 1.11.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +target_triplet = @target@ +sbin_PROGRAMS = tcsd$(EXEEXT) +@TSS_BUILD_PS_TRUE@am__append_1 = -DTSS_BUILD_PS +@TSS_BUILD_PCR_EVENTS_TRUE@am__append_2 = -DTSS_BUILD_PCR_EVENTS +subdir = src/tcsd +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__installdirs = "$(DESTDIR)$(sbindir)" +PROGRAMS = $(sbin_PROGRAMS) +am_tcsd_OBJECTS = tcsd-svrside.$(OBJEXT) tcsd-tcsd_conf.$(OBJEXT) \ + tcsd-tcsd_threads.$(OBJEXT) tcsd-platform.$(OBJEXT) +tcsd_OBJECTS = $(am_tcsd_OBJECTS) +tcsd_DEPENDENCIES = ${top_builddir}/src/tcs/libtcs.a \ + ${top_builddir}/src/tddl/libtddl.a +tcsd_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(tcsd_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(tcsd_SOURCES) +DIST_SOURCES = $(tcsd_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CRYPTOLIB = @CRYPTOLIB@ +CRYPTO_PACKAGE = @CRYPTO_PACKAGE@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GREP = @GREP@ +GTK_CFLAGS = @GTK_CFLAGS@ +GTK_LIBS = @GTK_LIBS@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENSSL_LIB_DIR = @OPENSSL_LIB_DIR@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +RANLIB = @RANLIB@ +RPC = @RPC@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +TCSD_DEFAULT_PORT = @TCSD_DEFAULT_PORT@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target = @target@ +target_alias = @target_alias@ +target_cpu = @target_cpu@ +target_os = @target_os@ +target_vendor = @target_vendor@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +tcsd_CFLAGS = -DAPPID=\"TCSD\" -DVAR_PREFIX=\"@localstatedir@\" \ + -DETC_PREFIX=\"@sysconfdir@\" -I${top_srcdir}/src/include \ + $(am__append_1) $(am__append_2) +tcsd_LDADD = ${top_builddir}/src/tcs/libtcs.a ${top_builddir}/src/tddl/libtddl.a -lpthread @CRYPTOLIB@ +tcsd_SOURCES = svrside.c tcsd_conf.c tcsd_threads.c platform.c +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/tcsd/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign src/tcsd/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-sbinPROGRAMS: $(sbin_PROGRAMS) + @$(NORMAL_INSTALL) + test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)" + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \ + } \ + ; done + +uninstall-sbinPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(sbindir)" && rm -f $$files + +clean-sbinPROGRAMS: + @list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +tcsd$(EXEEXT): $(tcsd_OBJECTS) $(tcsd_DEPENDENCIES) + @rm -f tcsd$(EXEEXT) + $(tcsd_LINK) $(tcsd_OBJECTS) $(tcsd_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tcsd-platform.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tcsd-svrside.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tcsd-tcsd_conf.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tcsd-tcsd_threads.Po@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +tcsd-svrside.o: svrside.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tcsd_CFLAGS) $(CFLAGS) -MT tcsd-svrside.o -MD -MP -MF $(DEPDIR)/tcsd-svrside.Tpo -c -o tcsd-svrside.o `test -f 'svrside.c' || echo '$(srcdir)/'`svrside.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/tcsd-svrside.Tpo $(DEPDIR)/tcsd-svrside.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='svrside.c' object='tcsd-svrside.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tcsd_CFLAGS) $(CFLAGS) -c -o tcsd-svrside.o `test -f 'svrside.c' || echo '$(srcdir)/'`svrside.c + +tcsd-svrside.obj: svrside.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tcsd_CFLAGS) $(CFLAGS) -MT tcsd-svrside.obj -MD -MP -MF $(DEPDIR)/tcsd-svrside.Tpo -c -o tcsd-svrside.obj `if test -f 'svrside.c'; then $(CYGPATH_W) 'svrside.c'; else $(CYGPATH_W) '$(srcdir)/svrside.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/tcsd-svrside.Tpo $(DEPDIR)/tcsd-svrside.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='svrside.c' object='tcsd-svrside.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tcsd_CFLAGS) $(CFLAGS) -c -o tcsd-svrside.obj `if test -f 'svrside.c'; then $(CYGPATH_W) 'svrside.c'; else $(CYGPATH_W) '$(srcdir)/svrside.c'; fi` + +tcsd-tcsd_conf.o: tcsd_conf.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tcsd_CFLAGS) $(CFLAGS) -MT tcsd-tcsd_conf.o -MD -MP -MF $(DEPDIR)/tcsd-tcsd_conf.Tpo -c -o tcsd-tcsd_conf.o `test -f 'tcsd_conf.c' || echo '$(srcdir)/'`tcsd_conf.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/tcsd-tcsd_conf.Tpo $(DEPDIR)/tcsd-tcsd_conf.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsd_conf.c' object='tcsd-tcsd_conf.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tcsd_CFLAGS) $(CFLAGS) -c -o tcsd-tcsd_conf.o `test -f 'tcsd_conf.c' || echo '$(srcdir)/'`tcsd_conf.c + +tcsd-tcsd_conf.obj: tcsd_conf.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tcsd_CFLAGS) $(CFLAGS) -MT tcsd-tcsd_conf.obj -MD -MP -MF $(DEPDIR)/tcsd-tcsd_conf.Tpo -c -o tcsd-tcsd_conf.obj `if test -f 'tcsd_conf.c'; then $(CYGPATH_W) 'tcsd_conf.c'; else $(CYGPATH_W) '$(srcdir)/tcsd_conf.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/tcsd-tcsd_conf.Tpo $(DEPDIR)/tcsd-tcsd_conf.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsd_conf.c' object='tcsd-tcsd_conf.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tcsd_CFLAGS) $(CFLAGS) -c -o tcsd-tcsd_conf.obj `if test -f 'tcsd_conf.c'; then $(CYGPATH_W) 'tcsd_conf.c'; else $(CYGPATH_W) '$(srcdir)/tcsd_conf.c'; fi` + +tcsd-tcsd_threads.o: tcsd_threads.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tcsd_CFLAGS) $(CFLAGS) -MT tcsd-tcsd_threads.o -MD -MP -MF $(DEPDIR)/tcsd-tcsd_threads.Tpo -c -o tcsd-tcsd_threads.o `test -f 'tcsd_threads.c' || echo '$(srcdir)/'`tcsd_threads.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/tcsd-tcsd_threads.Tpo $(DEPDIR)/tcsd-tcsd_threads.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsd_threads.c' object='tcsd-tcsd_threads.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tcsd_CFLAGS) $(CFLAGS) -c -o tcsd-tcsd_threads.o `test -f 'tcsd_threads.c' || echo '$(srcdir)/'`tcsd_threads.c + +tcsd-tcsd_threads.obj: tcsd_threads.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tcsd_CFLAGS) $(CFLAGS) -MT tcsd-tcsd_threads.obj -MD -MP -MF $(DEPDIR)/tcsd-tcsd_threads.Tpo -c -o tcsd-tcsd_threads.obj `if test -f 'tcsd_threads.c'; then $(CYGPATH_W) 'tcsd_threads.c'; else $(CYGPATH_W) '$(srcdir)/tcsd_threads.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/tcsd-tcsd_threads.Tpo $(DEPDIR)/tcsd-tcsd_threads.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tcsd_threads.c' object='tcsd-tcsd_threads.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tcsd_CFLAGS) $(CFLAGS) -c -o tcsd-tcsd_threads.obj `if test -f 'tcsd_threads.c'; then $(CYGPATH_W) 'tcsd_threads.c'; else $(CYGPATH_W) '$(srcdir)/tcsd_threads.c'; fi` + +tcsd-platform.o: platform.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tcsd_CFLAGS) $(CFLAGS) -MT tcsd-platform.o -MD -MP -MF $(DEPDIR)/tcsd-platform.Tpo -c -o tcsd-platform.o `test -f 'platform.c' || echo '$(srcdir)/'`platform.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/tcsd-platform.Tpo $(DEPDIR)/tcsd-platform.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='platform.c' object='tcsd-platform.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tcsd_CFLAGS) $(CFLAGS) -c -o tcsd-platform.o `test -f 'platform.c' || echo '$(srcdir)/'`platform.c + +tcsd-platform.obj: platform.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tcsd_CFLAGS) $(CFLAGS) -MT tcsd-platform.obj -MD -MP -MF $(DEPDIR)/tcsd-platform.Tpo -c -o tcsd-platform.obj `if test -f 'platform.c'; then $(CYGPATH_W) 'platform.c'; else $(CYGPATH_W) '$(srcdir)/platform.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/tcsd-platform.Tpo $(DEPDIR)/tcsd-platform.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='platform.c' object='tcsd-platform.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tcsd_CFLAGS) $(CFLAGS) -c -o tcsd-platform.obj `if test -f 'platform.c'; then $(CYGPATH_W) 'platform.c'; else $(CYGPATH_W) '$(srcdir)/platform.c'; fi` + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(PROGRAMS) +installdirs: + for dir in "$(DESTDIR)$(sbindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-sbinPROGRAMS \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: install-sbinPROGRAMS + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-sbinPROGRAMS + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-sbinPROGRAMS ctags distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-sbinPROGRAMS install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-sbinPROGRAMS + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/tcsd/platform.c b/src/tcsd/platform.c new file mode 100644 index 0000000..c7a1c80 --- /dev/null +++ b/src/tcsd/platform.c @@ -0,0 +1,134 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004, 2005 + * + */ + + +#if (defined (__FreeBSD__) || defined (__OpenBSD__)) +#include +#include +#include +#elif (defined (__linux) || defined (linux) || defined(__GLIBC__)) +#include +#elif (defined (SOLARIS)) +#include +#endif + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcsps.h" +#include "tcslog.h" + + +#if (defined (__linux) || defined (linux) || defined(__GLIBC__)) +MUTEX_DECLARE_INIT(utmp_lock); + +char +platform_get_runlevel() +{ + char runlevel; + struct utmp ut, save, *next = NULL; + struct timeval tv; + int flag = 0, counter = 0; + + MUTEX_LOCK(utmp_lock); + + memset(&ut, 0, sizeof(struct utmp)); + memset(&save, 0, sizeof(struct utmp)); + memset(&tv, 0, sizeof(struct timeval)); + + ut.ut_type = RUN_LVL; + + next = getutid(&ut); + + while (next != NULL) { + if (next->ut_tv.tv_sec > tv.tv_sec) { + memcpy(&save, next, sizeof(*next)); + flag = 1; + } else if (next->ut_tv.tv_sec == tv.tv_sec) { + if (next->ut_tv.tv_usec > tv.tv_usec) { + memcpy(&save, next, sizeof(*next)); + flag = 1; + } + } + + counter++; + next = getutid(&ut); + } + + if (flag) { + //printf("prev_runlevel=%c, runlevel=%c\n", save.ut_pid / 256, save.ut_pid % 256); + runlevel = save.ut_pid % 256; + } else { + //printf("unknown\n"); + runlevel = 'u'; + } + + MUTEX_UNLOCK(utmp_lock); + + return runlevel; +} +#elif (defined (__FreeBSD__) || defined (__OpenBSD__)) + +char +platform_get_runlevel() +{ + int mib[2], rlevel = -1; + size_t len; + + mib[0] = CTL_KERN; + mib[1] = KERN_SECURELVL; + + len = sizeof(rlevel); + if (sysctl(mib,2,&rlevel,&len, NULL,0) == -1) { + err(1,"Could not get runlevel"); + return 'u'; + } +#if defined (__OpenBSD__) + if (rlevel == 0) +#else + if (rlevel == -1) +#endif + return 's'; + + return rlevel + '0'; +} +#elif (defined (SOLARIS)) + +MUTEX_DECLARE_INIT(utmp_lock); +char +platform_get_runlevel() +{ + char runlevel; + struct utmpx ut, *utp = NULL; + + MUTEX_LOCK(utmp_lock); + + memset(&ut, 0, sizeof(ut)); + ut.ut_type = RUN_LVL; + + setutxent(); + utp = getutxid(&ut); + if (utp->ut_type == RUN_LVL && + sscanf(utp->ut_line, "run-level %c", &runlevel) != 1) + runlevel = 'u'; + endutxent(); + + MUTEX_UNLOCK(utmp_lock); + + return runlevel; +} +#endif diff --git a/src/tcsd/svrside.c b/src/tcsd/svrside.c new file mode 100644 index 0000000..08ca1c8 --- /dev/null +++ b/src/tcsd/svrside.c @@ -0,0 +1,355 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#if (defined (__OpenBSD__) || defined (__FreeBSD__)) +#include +#endif +#include +#include +#include +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsps.h" +#include "tcsd.h" +#include "req_mgr.h" + +struct tcsd_config tcsd_options; +struct tpm_properties tpm_metrics; +static volatile int hup = 0, term = 0; +extern char *optarg; +int sd; +char *tcsd_config_file = NULL; + +static void +tcsd_shutdown(void) +{ + /* order is important here: + * allow all threads to complete their current request */ + tcsd_threads_final(); + PS_close_disk_cache(); + auth_mgr_final(); + (void)req_mgr_final(); + conf_file_final(&tcsd_options); + EVENT_LOG_final(); +} + +static void +tcsd_signal_term(int signal) +{ + term = 1; + close(sd); +} + +void +tcsd_signal_hup(int signal) +{ + hup = 1; +} + +static TSS_RESULT +signals_init(void) +{ + int rc; + sigset_t sigmask; + struct sigaction sa; + + sigemptyset(&sigmask); + if ((rc = sigaddset(&sigmask, SIGTERM))) { + LogError("sigaddset: %s", strerror(errno)); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if ((rc = sigaddset(&sigmask, SIGHUP))) { + LogError("sigaddset: %s", strerror(errno)); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if ((rc = THREAD_SET_SIGNAL_MASK(SIG_UNBLOCK, &sigmask, NULL))) { + LogError("Setting thread signal mask: %s", strerror(rc)); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + sa.sa_flags = 0; + sigemptyset(&sa.sa_mask); + sa.sa_handler = tcsd_signal_term; + if ((rc = sigaction(SIGTERM, &sa, NULL))) { + LogError("signal SIGTERM not registered: %s", strerror(errno)); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + sa.sa_handler = tcsd_signal_hup; + if ((rc = sigaction(SIGHUP, &sa, NULL))) { + LogError("signal SIGHUP not registered: %s", strerror(errno)); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + return TSS_SUCCESS; +} + +static TSS_RESULT +tcsd_startup(void) +{ + TSS_RESULT result; + +#ifdef TSS_DEBUG + /* Set stdout to be unbuffered to match stderr and interleave output correctly */ + setvbuf(stdout, (char *)NULL, _IONBF, 0); +#endif + + if ((result = signals_init())) + return result; + + if ((result = conf_file_init(&tcsd_options))) + return result; + + if ((result = tcsd_threads_init())) { + conf_file_final(&tcsd_options); + return result; + } + + if ((result = req_mgr_init())) { + conf_file_final(&tcsd_options); + return result; + } + + if ((result = ps_dirs_init())) { + conf_file_final(&tcsd_options); + (void)req_mgr_final(); + return result; + } + + result = PS_init_disk_cache(); + if (result != TSS_SUCCESS) { + conf_file_final(&tcsd_options); + (void)req_mgr_final(); + return result; + } + + if ((result = get_tpm_metrics(&tpm_metrics))) { + conf_file_final(&tcsd_options); + PS_close_disk_cache(); + (void)req_mgr_final(); + return result; + } + + /* must happen after get_tpm_metrics() */ + if ((result = auth_mgr_init())) { + conf_file_final(&tcsd_options); + PS_close_disk_cache(); + (void)req_mgr_final(); + return result; + } + + result = EVENT_LOG_init(); + if (result != TSS_SUCCESS) { + auth_mgr_final(); + conf_file_final(&tcsd_options); + PS_close_disk_cache(); + (void)req_mgr_final(); + return result; + } + + result = owner_evict_init(); + if (result != TSS_SUCCESS) { + auth_mgr_final(); + conf_file_final(&tcsd_options); + PS_close_disk_cache(); + (void)req_mgr_final(); + return result; + } + + return TSS_SUCCESS; +} + + +void +usage(void) +{ + fprintf(stderr, "\tusage: tcsd [-f] [-e] [-c [-h]\n\n"); + fprintf(stderr, "\t-f|--foreground\trun in the foreground. Logging goes to stderr " + "instead of syslog.\n"); + fprintf(stderr, "\t-e| attempts to connect to software TPMs over TCP\n"); + fprintf(stderr, "\t-c|--config\tpath to configuration file\n"); + fprintf(stderr, "\t-h|--help\tdisplay this help message\n"); + fprintf(stderr, "\n"); +} + +static TSS_RESULT +reload_config(void) +{ + TSS_RESULT result; + hup = 0; + + // FIXME: reload the config - work in progress + result = TSS_SUCCESS; + + return result; +} + + +int +main(int argc, char **argv) +{ + struct sockaddr_in serv_addr, client_addr; + TSS_RESULT result; + int newsd, c, option_index = 0; + unsigned client_len; + char *hostname = NULL; + struct passwd *pwd; + struct hostent *client_hostent = NULL; + struct option long_options[] = { + {"help", 0, NULL, 'h'}, + {"foreground", 0, NULL, 'f'}, + {"config", 1, NULL, 'c'}, + {0, 0, 0, 0} + }; + + unsetenv("TCSD_USE_TCP_DEVICE"); + while ((c = getopt_long(argc, argv, "fhec:", long_options, &option_index)) != -1) { + switch (c) { + case 'f': + setenv("TCSD_FOREGROUND", "1", 1); + break; + case 'c': + tcsd_config_file = optarg; + break; + case 'e': + setenv("TCSD_USE_TCP_DEVICE", "1", 1); + break; + case 'h': + /* fall through */ + default: + usage(); + return -1; + break; + } + } + + if (!tcsd_config_file) + tcsd_config_file = TCSD_DEFAULT_CONFIG_FILE; + + if ((result = tcsd_startup())) + return (int)result; + + sd = socket(AF_INET, SOCK_STREAM, 0); + if (sd < 0) { + LogError("Failed socket: %s", strerror(errno)); + return -1; + } + + memset(&serv_addr, 0, sizeof (serv_addr)); + serv_addr.sin_family = AF_INET; + serv_addr.sin_port = htons(tcsd_options.port); + + /* If no remote_ops are defined, restrict connections to localhost + * only at the socket. */ + if (tcsd_options.remote_ops[0] == 0) + serv_addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + else + serv_addr.sin_addr.s_addr = htonl(INADDR_ANY); + + c = 1; + setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, &c, sizeof(c)); + if (bind(sd, (struct sockaddr *) &serv_addr, sizeof (serv_addr)) < 0) { + LogError("Failed bind: %s", strerror(errno)); + return -1; + } +#ifndef SOLARIS + pwd = getpwnam(TSS_USER_NAME); + if (pwd == NULL) { + if (errno == 0) { + LogError("User \"%s\" not found, please add this user" + " manually.", TSS_USER_NAME); + } else { + LogError("getpwnam(%s): %s", TSS_USER_NAME, strerror(errno)); + } + return TCSERR(TSS_E_INTERNAL_ERROR); + } + setuid(pwd->pw_uid); +#endif + if (listen(sd, TCSD_MAX_SOCKETS_QUEUED) < 0) { + LogError("Failed listen: %s", strerror(errno)); + return -1; + } + client_len = (unsigned)sizeof(client_addr); + + if (getenv("TCSD_FOREGROUND") == NULL) { + if (daemon(0, 0) == -1) { + perror("daemon"); + tcsd_shutdown(); + return -1; + } + } + + LogInfo("%s: TCSD up and running.", PACKAGE_STRING); + do { + newsd = accept(sd, (struct sockaddr *) &client_addr, &client_len); + if (newsd < 0) { + if (errno == EINTR) { + if (term) + break; + else if (hup) { + if (reload_config() != TSS_SUCCESS) + LogError("Failed reloading config"); + } + continue; + } else { + LogError("Failed accept: %s", strerror(errno)); + continue; + } + } + LogDebug("accepted socket %i", newsd); + + if ((client_hostent = gethostbyaddr((char *) &client_addr.sin_addr, + sizeof(client_addr.sin_addr), + AF_INET)) == NULL) { + char buf[16]; + uint32_t addr = htonl(client_addr.sin_addr.s_addr); + + snprintf(buf, 16, "%d.%d.%d.%d", (addr & 0xff000000) >> 24, + (addr & 0x00ff0000) >> 16, (addr & 0x0000ff00) >> 8, + addr & 0x000000ff); + + LogWarn("Host name for connecting IP %s could not be resolved", buf); + hostname = strdup(buf); + } else { + hostname = strdup(client_hostent->h_name); + } + + tcsd_thread_create(newsd, hostname); + hostname = NULL; + if (hup) { + if (reload_config() != TSS_SUCCESS) + LogError("Failed reloading config"); + } + } while (term ==0); + + /* To close correctly, we must receive a SIGTERM */ + tcsd_shutdown(); + return 0; +} diff --git a/src/tcsd/tcsd_conf.c b/src/tcsd/tcsd_conf.c new file mode 100644 index 0000000..afc1dcb --- /dev/null +++ b/src/tcsd/tcsd_conf.c @@ -0,0 +1,852 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifdef SOLARIS +#include +#endif + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcsps.h" +#include "tcslog.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcsd_ops.h" + + +struct tcsd_config_options options_list[] = { + {"port", opt_port}, + {"num_threads", opt_max_threads}, + {"system_ps_file", opt_system_ps_file}, + {"firmware_log_file", opt_firmware_log}, + {"firmware_pcrs", opt_firmware_pcrs}, + {"kernel_log_file", opt_kernel_log}, + {"kernel_pcrs", opt_kernel_pcrs}, + {"platform_cred", opt_platform_cred}, + {"conformance_cred", opt_conformance_cred}, + {"endorsement_cred", opt_endorsement_cred}, + {"remote_ops", opt_remote_ops}, + {"enforce_exclusive_transport", opt_exclusive_transport}, + {"host_platform_class", opt_host_platform_class}, + {"all_platform_classes", opt_all_platform_classes}, + {NULL, 0} +}; + +struct tcg_platform_spec tcg_platform_specs[] = { + {"PC_11", TPM_PS_PC_11, TPM_PS_PC_11_URI}, + {"PC_12", TPM_PS_PC_12, TPM_PS_PC_12_URI}, + {"PDA_12", TPM_PS_PDA_12, TPM_PS_PDA_12_URI}, + {"SERVER_12", TPM_PS_Server_12, TPM_PS_Server_12_URI}, + {"MOBILE_12", TPM_PS_Mobile_12, TPM_PS_Mobile_12_URI}, + {NULL, 0, 0} +}; + + +void +init_tcsd_config(struct tcsd_config *conf) +{ + conf->port = -1; + conf->num_threads = -1; + conf->system_ps_file = NULL; + conf->system_ps_dir = NULL; + conf->firmware_log_file = NULL; + conf->firmware_pcrs = 0; + conf->kernel_log_file = NULL; + conf->kernel_pcrs = 0; + conf->platform_cred = NULL; + conf->conformance_cred = NULL; + conf->endorsement_cred = NULL; + memset(conf->remote_ops, 0, sizeof(conf->remote_ops)); + conf->unset = 0xffffffff; + conf->exclusive_transport = 0; + conf->host_platform_class = NULL; + conf->all_platform_classes = NULL; +} + +TSS_RESULT +platform_class_list_append(struct tcsd_config *conf, char *specName, TSS_BOOL is_main) +{ + int i; + struct platform_class *tmp, *new_class; + + LogDebugFn("platform_class_list_append start:"); + for (i = 0; tcg_platform_specs[i].name; i++) { + if (!strncasecmp(specName, tcg_platform_specs[i].name, + strlen(tcg_platform_specs[i].name))) { + /* Allocate the new structure */ + new_class = malloc(sizeof(struct platform_class)); + if (new_class == NULL) { + LogError("malloc of %zd bytes failed", + sizeof(struct platform_class)); + return TCSERR(TSS_E_OUTOFMEMORY); + } + new_class->simpleID = tcg_platform_specs[i].specNo; + new_class->classURISize = strlen(tcg_platform_specs[i].specURI) + 1; + new_class->classURI = malloc(new_class->classURISize); + if (new_class->classURI == NULL) { + LogError("malloc of %u bytes failed", new_class->classURISize); + return TCSERR(TSS_E_OUTOFMEMORY); + } + memcpy(new_class->classURI, tcg_platform_specs[i].specURI, + new_class->classURISize); + + /* Append to the start of the list */ + if (is_main) { + tmp = conf->host_platform_class; + conf->host_platform_class = new_class; + } else { + tmp = conf->all_platform_classes; + conf->all_platform_classes = new_class; + } + new_class->next = tmp; + + LogDebugFn("Platform Class Added."); + return TSS_SUCCESS; + } + } + + LogError("TCG Specification not supported: \"%s\"", specName); + return TCSERR(TSS_E_INTERNAL_ERROR); +} + +void +config_set_defaults(struct tcsd_config *conf) +{ + /* give all unset options their default values */ + if (conf->unset & TCSD_OPTION_PORT) + conf->port = TCSD_DEFAULT_PORT; + + if (conf->unset & TCSD_OPTION_MAX_THREADS) + conf->num_threads = TCSD_DEFAULT_MAX_THREADS; + + if (conf->unset & TCSD_OPTION_FIRMWARE_PCRS) + conf->firmware_pcrs = TCSD_DEFAULT_FIRMWARE_PCRS; + + if (conf->unset & TCSD_OPTION_KERNEL_PCRS) + conf->kernel_pcrs = TCSD_DEFAULT_KERNEL_PCRS; + + /* these are strdup'd so we know we can free them at shutdown time */ + if (conf->unset & TCSD_OPTION_SYSTEM_PSFILE) { + conf->system_ps_file = strdup(TCSD_DEFAULT_SYSTEM_PS_FILE); + conf->system_ps_dir = strdup(TCSD_DEFAULT_SYSTEM_PS_DIR); + } + + if (conf->unset & TCSD_OPTION_FIRMWARE_LOGFILE) + conf->firmware_log_file = strdup(TCSD_DEFAULT_FIRMWARE_LOG_FILE); + + if (conf->unset & TCSD_OPTION_KERNEL_LOGFILE) + conf->kernel_log_file = strdup(TCSD_DEFAULT_KERNEL_LOG_FILE); + + if (conf->unset & TCSD_OPTION_HOST_PLATFORM_CLASS) + platform_class_list_append(conf, "PC_12", TRUE); +} + +int +get_config_option(char *ptr, char **arg) +{ + int i; + + for (i = 0; options_list[i].name; i++) { + if (!strncasecmp(ptr, options_list[i].name, strlen(options_list[i].name))) { + /* move ptr past our recognized token */ + ptr += strlen(options_list[i].name); + + /* try to move ptr to the start of the option's argument */ + while (*ptr == '=' || *ptr == ' ' || *ptr == '\t') + ptr++; + + *arg = ptr; + return options_list[i].option; + } + } + /* on error we'll print the whole line to the log */ + *arg = ptr; + return 0; +} + +/* copy a file path from a string into a newly malloc'd string */ +int +get_file_path(char *ptr, char **dest) +{ + char tmp_buf[1024]; + int i = 0; + + while (isalpha(*ptr) || isdigit(*ptr) || + *ptr == '/' || *ptr == '.' || *ptr == '#' || *ptr == '_' || *ptr == '-') + { + tmp_buf[i] = *ptr; + ptr++; + i++; + } + + /* move through whitespace after the path */ + while (*ptr == ' ' || *ptr == '\t') + ptr++; + + /* if we're not at a comment or EOL, there's junk */ + if (*ptr != '#' && *ptr != '\n') { + *dest = ptr; + return 1; + } + + /* too short a path */ + if (i == 0) + return -1; + + tmp_buf[i] = '\0'; + *dest = strdup(tmp_buf); + if (*dest == NULL) { + LogError("malloc of %zd bytes failed", strlen(tmp_buf)); + } + + return 0; +} + +/* add an op ordinal, checking for duplicates along the way */ +void +tcsd_add_op(int *remote_ops, int *op) +{ + int i = 0, j; + + while (op[i] != 0) { + j = 0; + while (remote_ops[j] != 0) { + if (remote_ops[j] == op[i]) { + break; + } + j++; + } + remote_ops[j] = op[i]; + i++; + } +} + +int +tcsd_set_remote_op(struct tcsd_config *conf, char *op_name) +{ + int i = 0; + + while(tcsd_ops[i]) { + if (!strcasecmp(tcsd_ops[i]->name, op_name)) { + /* match found */ + tcsd_add_op(conf->remote_ops, tcsd_ops[i]->op); + return 0; + } + i++; + } + + /* fail, op not found */ + return 1; +} + +TSS_RESULT +read_conf_line(char *buf, int line_num, struct tcsd_config *conf) +{ + char *ptr = buf, *tmp_ptr = NULL, *arg, *comma; + int option, tmp_int; + TSS_RESULT result; + + if (ptr == NULL || *ptr == '\0' || *ptr == '#' || *ptr == '\n') + return TSS_SUCCESS; + + /* read through whitespace */ + while (*ptr == ' ' || *ptr == '\t') + ptr++; + + /* ignore comments */ + if (*ptr == '#') + return TSS_SUCCESS; + + option = get_config_option(ptr, &arg); + + switch (option) { + case opt_port: + tmp_int = atoi(arg); + if (tmp_int < 0 || tmp_int > 65535) { + LogError("Config option \"port\" out of range. %s:%d: \"%d\"", + tcsd_config_file, line_num, tmp_int); + return TCSERR(TSS_E_INTERNAL_ERROR); + } else { + conf->port = tmp_int; + conf->unset &= ~TCSD_OPTION_PORT; + } + break; + case opt_max_threads: + tmp_int = atoi(arg); + if (tmp_int <= 0) { + LogError("Config option \"num_threads\" out of range. %s:%d: \"%d\"", + tcsd_config_file, line_num, tmp_int); + return TCSERR(TSS_E_INTERNAL_ERROR); + } else { + conf->num_threads = tmp_int; + conf->unset &= ~TCSD_OPTION_MAX_THREADS; + } + break; + case opt_firmware_pcrs: + conf->unset &= ~TCSD_OPTION_FIRMWARE_PCRS; + while (1) { + comma = rindex(arg, ','); + + if (comma == NULL) { + if (!isdigit(*arg)) + break; + + comma = arg; + tmp_int = atoi(comma); + if (tmp_int >= 0 && tmp_int < TCSD_MAX_PCRS) + conf->firmware_pcrs |= (1 << tmp_int); + else + LogError("Config option \"firmware_pcrs\" is out of range." + "%s:%d: \"%d\"", tcsd_config_file, line_num, + tmp_int); + break; + } + + *comma++ = '\0'; + tmp_int = atoi(comma); + if (tmp_int >= 0 && tmp_int < TCSD_MAX_PCRS) + conf->firmware_pcrs |= (1 << tmp_int); + else + LogError("Config option \"firmware_pcrs\" is out of range. " + "%s:%d: \"%d\"", tcsd_config_file, line_num, tmp_int); + } + break; + case opt_kernel_pcrs: + conf->unset &= ~TCSD_OPTION_KERNEL_PCRS; + while (1) { + comma = rindex(arg, ','); + + if (comma == NULL) { + if (!isdigit(*arg)) + break; + + comma = arg; + tmp_int = atoi(comma); + if (tmp_int >= 0 && tmp_int < TCSD_MAX_PCRS) + conf->kernel_pcrs |= (1 << tmp_int); + else + LogError("Config option \"kernel_pcrs\" is out of range. " + "%s:%d: \"%d\"", tcsd_config_file, line_num, + tmp_int); + break; + } + + *comma++ = '\0'; + tmp_int = atoi(comma); + if (tmp_int >= 0 && tmp_int < TCSD_MAX_PCRS) + conf->kernel_pcrs |= (1 << tmp_int); + else + LogError("Config option \"kernel_pcrs\" is out of range. " + "%s:%d: \"%d\"", tcsd_config_file, line_num, tmp_int); + } + break; + case opt_system_ps_file: + if (*arg != '/') { + LogError("Config option \"system_ps_dir\" must be an absolute path name. " + "%s:%d: \"%s\"", tcsd_config_file, line_num, arg); + } else { + char *dir_ptr; + int rc; + + if ((rc = get_file_path(arg, &tmp_ptr)) < 0) { + LogError("Config option \"system_ps_file\" is invalid." + " %s:%d: \"%s\"", tcsd_config_file, line_num, arg); + return TCSERR(TSS_E_INTERNAL_ERROR); + } else if (rc > 0) { + LogError("Config option \"system_ps_file\" is invalid. %s:%d:" + " \"%s\"", tcsd_config_file, line_num, tmp_ptr); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (tmp_ptr == NULL) + return TCSERR(TSS_E_OUTOFMEMORY); + + if (conf->system_ps_file) + free(conf->system_ps_file); + if (conf->system_ps_dir) + free(conf->system_ps_dir); + + /* break out the system ps directory from the file path */ + dir_ptr = rindex(tmp_ptr, '/'); + *dir_ptr = '\0'; + if (strlen(tmp_ptr) == 0) + conf->system_ps_dir = strdup("/"); + else + conf->system_ps_dir = strdup(tmp_ptr); + + if (conf->system_ps_dir == NULL) { + LogError("malloc failed."); + free(tmp_ptr); + return TCSERR(TSS_E_OUTOFMEMORY); + } + *dir_ptr = '/'; + conf->system_ps_file = tmp_ptr; + conf->unset &= ~TCSD_OPTION_SYSTEM_PSFILE; + } + break; + case opt_kernel_log: + if (*arg != '/') { + LogError("Config option \"kernel_log\" must be an absolute path name." + " %s:%d: \"%s\"", tcsd_config_file, line_num, arg); + } else { + int rc; + + if ((rc = get_file_path(arg, &tmp_ptr)) < 0) { + LogError("Config option \"kernel_log\" is invalid. %s:%d: \"%s\"", + tcsd_config_file, line_num, arg); + return TCSERR(TSS_E_INTERNAL_ERROR); + } else if (rc > 0) { + LogError("Config option \"kernel_log\" is invalid. %s:%d: \"%s\"", + tcsd_config_file, line_num, tmp_ptr); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (tmp_ptr == NULL) + return TCSERR(TSS_E_OUTOFMEMORY); + + if (conf->kernel_log_file) + free(conf->kernel_log_file); + + conf->kernel_log_file = tmp_ptr; + conf->unset &= ~TCSD_OPTION_KERNEL_LOGFILE; + } + break; + case opt_firmware_log: + if (*arg != '/') { + LogError("Config option \"firmware_log\" must be an absolute path name." + " %s:%d: \"%s\"", tcsd_config_file, line_num, arg); + } else { + int rc; + + if ((rc = get_file_path(arg, &tmp_ptr)) < 0) { + LogError("Config option \"firmware_log\" is invalid. %s:%d: \"%s\"", + tcsd_config_file, line_num, arg); + return TCSERR(TSS_E_INTERNAL_ERROR); + } else if (rc > 0) { + LogError("Config option \"firmware_log\" is invalid. %s:%d: \"%s\"", + tcsd_config_file, line_num, tmp_ptr); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (tmp_ptr == NULL) + return TCSERR(TSS_E_OUTOFMEMORY); + + if (conf->firmware_log_file) + free(conf->firmware_log_file); + + conf->firmware_log_file = tmp_ptr; + conf->unset &= ~TCSD_OPTION_FIRMWARE_LOGFILE; + } + break; + case opt_platform_cred: + if (*arg != '/') { + LogError("Config option \"platform_cred\" must be an absolute path name. " + "%s:%d: \"%s\"", tcsd_config_file, line_num, arg); + } else { + int rc; + + if ((rc = get_file_path(arg, &tmp_ptr)) < 0) { + LogError("Config option \"platform_cred\" is invalid. %s:%d: " + "\"%s\"", tcsd_config_file, line_num, arg); + return TCSERR(TSS_E_INTERNAL_ERROR); + } else if (rc > 0) { + LogError("Config option \"platform_cred\" is invalid. %s:%d: " + "\"%s\"", tcsd_config_file, line_num, tmp_ptr); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (tmp_ptr == NULL) + return TCSERR(TSS_E_OUTOFMEMORY); + + if (conf->platform_cred) + free(conf->platform_cred); + + conf->platform_cred = tmp_ptr; + conf->unset &= ~TCSD_OPTION_PLATFORM_CRED; + } + break; + case opt_conformance_cred: + if (*arg != '/') { + LogError("Config option \"conformance_cred\" must be an absolute path name." + " %s:%d: \"%s\"", tcsd_config_file, line_num, arg); + } else { + int rc; + + if ((rc = get_file_path(arg, &tmp_ptr)) < 0) { + LogError("Config option \"conformance_cred\" is invalid. %s:%d: " + "\"%s\"", tcsd_config_file, line_num, arg); + return TCSERR(TSS_E_INTERNAL_ERROR); + } else if (rc > 0) { + LogError("Config option \"conformance_cred\" is invalid. %s:%d: " + "\"%s\"", tcsd_config_file, line_num, tmp_ptr); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (tmp_ptr == NULL) + return TCSERR(TSS_E_OUTOFMEMORY); + + if (conf->conformance_cred) + free(conf->conformance_cred); + + conf->conformance_cred = tmp_ptr; + conf->unset &= ~TCSD_OPTION_CONFORMANCE_CRED; + } + break; + case opt_endorsement_cred: + if (*arg != '/') { + LogError("Config option \"endorsement_cred\" must be an absolute path name." + " %s:%d: \"%s\"", tcsd_config_file, line_num, arg); + } else { + int rc; + + if ((rc = get_file_path(arg, &tmp_ptr)) < 0) { + LogError("Config option \"endorsement_cred\" is invalid. %s:%d: " + "\"%s\"", tcsd_config_file, line_num, arg); + return TCSERR(TSS_E_INTERNAL_ERROR); + } else if (rc > 0) { + LogError("Config option \"endorsement_cred\" is invalid. %s:%d: " + "\"%s\"", tcsd_config_file, line_num, tmp_ptr); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (tmp_ptr == NULL) + return TCSERR(TSS_E_OUTOFMEMORY); + + if (conf->endorsement_cred) + free(conf->endorsement_cred); + + conf->endorsement_cred = tmp_ptr; + conf->unset &= ~TCSD_OPTION_ENDORSEMENT_CRED; + } + break; + case opt_remote_ops: + conf->unset &= ~TCSD_OPTION_REMOTE_OPS; + comma = rindex(arg, '\n'); + *comma = '\0'; + while (1) { + comma = rindex(arg, ','); + + if (comma == NULL) { + comma = arg; + + if (comma != NULL) { + if (tcsd_set_remote_op(conf, comma)) { + LogError("Config option \"remote_ops\" is invalid. " + "%s:%d: \"%s\"", tcsd_config_file, + line_num, comma); + } + } + break; + } + + *comma++ = '\0'; + if (tcsd_set_remote_op(conf, comma)) { + LogError("Config option \"remote_ops\" is invalid. " + "%s:%d: \"%s\"", tcsd_config_file, line_num, comma); + } + } + break; + case opt_exclusive_transport: + tmp_int = atoi(arg); + if (tmp_int < 0 || tmp_int > 1) { + LogError("Config option \"enforce_exclusive_transport\" out of range." + " %s:%d: \"%d\"", tcsd_config_file, line_num, tmp_int); + return TCSERR(TSS_E_INTERNAL_ERROR); + } else { + conf->exclusive_transport = tmp_int; + conf->unset &= ~TCSD_OPTION_EXCLUSIVE_TRANSPORT; + } + break; + case opt_host_platform_class: + /* append the host class on the list */ + conf->unset &= ~TCSD_OPTION_HOST_PLATFORM_CLASS; + comma = rindex(arg,'\n'); + *comma = '\0'; + + comma = rindex(arg,','); + /* At least one comma: error - more than one host class defined */ + if (comma != NULL) { + LogError("Config option \"host_platform_class\" error: more than one " + "defined. %s:%d: \"%s\"", tcsd_config_file, line_num, comma); + return TCSERR(TSS_E_INTERNAL_ERROR); + } else { + comma = arg; + /* Add the platform class on the list */ + if ((result = platform_class_list_append(conf, comma, TRUE))){ + LogError("Config option \"host_platform_class\" invalid. " + "%s:%d: \"%s\"", tcsd_config_file, line_num, comma); + return result; + } + } + break; + case opt_all_platform_classes: + /* append each of the comma separated values on the list */ + comma = rindex(arg, '\n'); + *comma = '\0'; + while (1) { + comma = rindex(arg, ','); + + if (comma == NULL) { + comma = arg; + + if (comma != NULL) { + /* Add the platform class on the list */ + if ((result = platform_class_list_append(conf, comma, + FALSE))) { + LogError("Config option \"all_platform_class\" " + "invalid. %s:%d: \"%s\"", tcsd_config_file, + line_num, comma); + return result; + } + } + break; + } + *comma++ = '\0'; + /* Add the platform class on the list */ + if ((result = platform_class_list_append(conf, comma, FALSE))) { + LogError("Config option \"all_platform_class\" invalid. " + "%s:%d: \"%s\"", tcsd_config_file, line_num, comma); + return result; + } + } + break; + default: + /* bail out on any unknown option */ + LogError("Unknown config option %s:%d \"%s\"!", tcsd_config_file, line_num, arg); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + return TSS_SUCCESS; +} + +TSS_RESULT +read_conf_file(FILE *f, struct tcsd_config *conf) +{ + int line_num = 0; + char buf[1024]; + + while (fgets(buf, 1024, f)) { + line_num++; + if (read_conf_line(buf, line_num, conf)) + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + return TSS_SUCCESS; +} + +void +free_platform_lists(struct platform_class *list) +{ + struct platform_class *tmp; + + while (list != NULL){ + if (list->classURISize > 0) + free(list->classURI); + tmp = list->next; + free(list); + list = tmp; + } +} + +void +conf_file_final(struct tcsd_config *conf) +{ + free(conf->system_ps_file); + free(conf->system_ps_dir); + free(conf->kernel_log_file); + free(conf->firmware_log_file); + free(conf->platform_cred); + free(conf->conformance_cred); + free(conf->endorsement_cred); + free_platform_lists(conf->host_platform_class); + free_platform_lists(conf->all_platform_classes); +} + +#ifdef SOLARIS +static int +get_smf_prop(const char *var, boolean_t def_val) +{ + scf_simple_prop_t *prop; + uint8_t *val; + boolean_t res = def_val; + prop = scf_simple_prop_get(NULL, "svc:/application/security/tcsd:default", + "config", var); + if (prop) { + if ((val = scf_simple_prop_next_boolean(prop)) != NULL) + res = (*val == 0) ? B_FALSE : B_TRUE; + scf_simple_prop_free(prop); + } + if (prop == NULL || val == NULL) { + syslog(LOG_ALERT, "no value for config/%s (%s). " + "Using default \"%s\"", var, scf_strerror(scf_error()), + def_val ? "true" : "false"); + } + return (res); +} +#endif + +TSS_RESULT +conf_file_init(struct tcsd_config *conf) +{ + FILE *f = NULL; + struct stat stat_buf; +#ifndef SOLARIS + struct group *grp; + struct passwd *pw; + mode_t mode = (S_IRUSR|S_IWUSR); +#endif /* SOLARIS */ + TSS_RESULT result; + + init_tcsd_config(conf); + +#ifdef SOLARIS + /* + * Solaris runs as Rajiv Andrade pw_uid != stat_buf.st_uid || grp->gr_gid != stat_buf.st_gid) { + LogError("TCSD config file (%s) must be user/group %s/%s", tcsd_config_file, + TSS_USER_NAME, TSS_GROUP_NAME); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + /* make sure only the tss user can manipulate the config file */ + if (((stat_buf.st_mode & 0777) ^ mode) != 0) { + LogError("TCSD config file (%s) must be mode 0600", tcsd_config_file); + return TCSERR(TSS_E_INTERNAL_ERROR); + } +#endif /* SOLARIS */ + + if ((f = fopen(tcsd_config_file, "r")) == NULL) { + LogError("fopen(%s): %s", tcsd_config_file, strerror(errno)); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + result = read_conf_file(f, conf); + fclose(f); + + /* fill out any uninitialized options */ + config_set_defaults(conf); + +#ifdef SOLARIS + /* + * The SMF value for "local_only" overrides the config file and + * disables all remote operations. + */ +if (get_smf_prop("local_only", B_TRUE)) { + (void) memset(conf->remote_ops, 0, sizeof(conf->remote_ops)); + conf->unset |= TCSD_OPTION_REMOTE_OPS; + + } +#endif + return result; +} + +TSS_RESULT +ps_dirs_init() +{ + struct stat stat_buf; + mode_t mode = S_IRWXU; /* 0700 */ + + /* query the key storage directory to make sure it exists and is of the right mode */ + if (stat(tcsd_options.system_ps_dir, &stat_buf) == -1) { + if (errno == ENOENT) { + /* The dir DNE, create it with mode drwxrwxrwt */ + if (mkdir(tcsd_options.system_ps_dir, mode) == -1) { + LogError("mkdir(%s) failed: %s. If you'd like to use %s to " + "store your system persistent data, please" + " create it. Otherwise, change the location" + " in your tcsd config file.", + tcsd_options.system_ps_dir, strerror(errno), + tcsd_options.system_ps_dir); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } else { + LogError("stat failed: %s", strerror(errno)); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + + /* stat should not fail now */ + if (stat(tcsd_options.system_ps_dir, &stat_buf) == -1) { + LogError("stat %s failed: %s", tcsd_options.system_ps_dir, strerror(errno)); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + /* tcsd_options.system_ps_dir should be a directory with mode equal to mode */ + if (!S_ISDIR(stat_buf.st_mode)) { + LogError("PS dir %s is not a directory! Exiting.", tcsd_options.system_ps_dir); + return TCSERR(TSS_E_INTERNAL_ERROR); + } else if (((stat_buf.st_mode & 0777) ^ mode) != 0) { + /* This path is likely to be hit since open &'s mode with ~umask */ + LogInfo("resetting mode of %s from %o to: %o", tcsd_options.system_ps_dir, + (unsigned int) stat_buf.st_mode, (unsigned int) mode); + if (chmod(tcsd_options.system_ps_dir, mode) == -1) { + LogError("chmod(%s) failed: %s", tcsd_options.system_ps_dir, + strerror(errno)); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } + + return TSS_SUCCESS; +} + diff --git a/src/tcsd/tcsd_threads.c b/src/tcsd/tcsd_threads.c new file mode 100644 index 0000000..66a1ac7 --- /dev/null +++ b/src/tcsd/tcsd_threads.c @@ -0,0 +1,457 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_int_literals.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "tcslog.h" +#include "rpc_tcstp_tcs.h" + +struct tcsd_thread_mgr *tm = NULL; + +TSS_RESULT +tcsd_threads_final() +{ + int rc; + UINT32 i; + + MUTEX_LOCK(tm->lock); + + tm->shutdown = 1; + + MUTEX_UNLOCK(tm->lock); + + /* wait for all currently running threads to exit */ + for (i = 0; i < tm->max_threads; i++) { + if (tm->thread_data[i].thread_id != THREAD_NULL) { + if ((rc = THREAD_JOIN(*(tm->thread_data[i].thread_id), NULL))) { + LogError("Thread join failed: error: %d", rc); + } + } + } + + free(tm->thread_data); + free(tm); + + return TSS_SUCCESS; +} + +TSS_RESULT +tcsd_threads_init(void) +{ + /* allocate the thread mgmt structure */ + tm = calloc(1, sizeof(struct tcsd_thread_mgr)); + if (tm == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(struct tcsd_thread_mgr)); + return TCSERR(TSS_E_OUTOFMEMORY); + } + /* initialize mutex */ + MUTEX_INIT(tm->lock); + + /* set the max threads variable from config */ + tm->max_threads = tcsd_options.num_threads; + + /* allocate each thread's data structure */ + tm->thread_data = calloc(tcsd_options.num_threads, sizeof(struct tcsd_thread_data)); + if (tm->thread_data == NULL) { + LogError("malloc of %zu bytes failed.", + tcsd_options.num_threads * sizeof(struct tcsd_thread_data)); + free(tm); + return TCSERR(TSS_E_OUTOFMEMORY); + } + + return TSS_SUCCESS; +} + + +TSS_RESULT +tcsd_thread_create(int socket, char *hostname) +{ + UINT32 thread_num = -1; + int rc = TCS_SUCCESS; +#ifndef TCSD_SINGLE_THREAD_DEBUG + THREAD_ATTR_DECLARE(tcsd_thread_attr); + + /* init the thread attribute */ + if ((rc = THREAD_ATTR_INIT(tcsd_thread_attr))) { + LogError("Initializing thread attribute failed: error=%d: %s", rc, strerror(rc)); + rc = TCSERR(TSS_E_INTERNAL_ERROR); + goto out; + } + /* make all threads joinable */ + if ((rc = THREAD_ATTR_SETJOINABLE(tcsd_thread_attr))) { + LogError("Making thread attribute joinable failed: error=%d: %s", rc, strerror(rc)); + rc = TCSERR(TSS_E_INTERNAL_ERROR); + goto out; + } + + MUTEX_LOCK(tm->lock); +#endif + if (tm->num_active_threads == tm->max_threads) { + if (hostname != NULL) { + LogError("max number of connections reached (%d), new connection" + " from %s refused.", tm->max_threads, hostname); + } else { + LogError("max number of connections reached (%d), new connection" + " refused.", tm->max_threads); + } + rc = TCSERR(TSS_E_CONNECTION_FAILED); +#ifndef TCSD_SINGLE_THREAD_DEBUG + goto out_unlock; +#else + goto out; +#endif + } + + /* search for an open slot to store the thread data in */ + for (thread_num = 0; thread_num < tm->max_threads; thread_num++) { + if (tm->thread_data[thread_num].thread_id == THREAD_NULL) + break; + } + + DBG_ASSERT(thread_num != tm->max_threads); + + tm->thread_data[thread_num].sock = socket; + tm->thread_data[thread_num].context = NULL_TCS_HANDLE; + if (hostname != NULL) + tm->thread_data[thread_num].hostname = hostname; + +#ifdef TCSD_SINGLE_THREAD_DEBUG + (void)tcsd_thread_run((void *)(&(tm->thread_data[thread_num]))); +#else + tm->thread_data[thread_num].thread_id = calloc(1, sizeof(THREAD_TYPE)); + if (tm->thread_data[thread_num].thread_id == NULL) { + rc = TCSERR(TSS_E_OUTOFMEMORY); + LogError("malloc of %zd bytes failed.", sizeof(THREAD_TYPE)); + goto out_unlock; + } + + if ((rc = THREAD_CREATE(tm->thread_data[thread_num].thread_id, + &tcsd_thread_attr, + tcsd_thread_run, + (void *)(&(tm->thread_data[thread_num]))))) { + LogError("Thread create failed: %d", rc); + rc = TCSERR(TSS_E_INTERNAL_ERROR); + goto out_unlock; + } + + tm->num_active_threads++; + +out_unlock: + MUTEX_UNLOCK(tm->lock); +#endif +out: + /* cleanup in case of error */ + if (rc != TCS_SUCCESS) { + if (hostname != NULL) { + tm->thread_data[thread_num].hostname = NULL; + free(hostname); + } + close(socket); + } + return rc; +} + +/* Since we don't want any of the worker threads to catch any signals, we must mask off any + * potential signals here after creating the threads. If any of the created threads catch a signal, + * they'd eventually call join on themselves, causing a deadlock. + */ +void +thread_signal_init() +{ + sigset_t thread_sigmask; + int rc; + + if ((rc = sigfillset(&thread_sigmask))) { + LogError("sigfillset failed: error=%d: %s", rc, strerror(rc)); + LogError("worker thread %ld is exiting prematurely", THREAD_ID); + THREAD_EXIT(NULL); + } + + if ((rc = THREAD_SET_SIGNAL_MASK(SIG_BLOCK, &thread_sigmask, NULL))) { + LogError("Setting thread sigmask failed: error=%d: %s", rc, strerror(rc)); + LogError("worker thread %ld is exiting prematurely", THREAD_ID); + THREAD_EXIT(NULL); + } +} +#if 0 +void * +tcsd_thread_run(void *v) +{ + struct tcsd_thread_data *data = (struct tcsd_thread_data *)v; + BYTE buffer[TCSD_TXBUF_SIZE]; + struct tcsd_packet_hdr *ret_buf = NULL; + TSS_RESULT result; + int sizeToSend, sent_total, sent; + UINT64 offset; +#ifndef TCSD_SINGLE_THREAD_DEBUG + int rc; + + thread_signal_init(); +#endif + + if ((data->buf_size = recv(data->sock, buffer, TCSD_TXBUF_SIZE, 0)) < 0) { + LogError("Failed Receive: %s", strerror(errno)); + goto done; + } + LogDebug("Rx'd packet"); + + data->buf = buffer; + + while (1) { + sent_total = 0; + if (data->buf_size > TCSD_TXBUF_SIZE) { + LogError("Packet received from socket %d was too large (%u bytes)", + data->sock, data->buf_size); + goto done; + } else if (data->buf_size < (int)((2 * sizeof(UINT32)) + sizeof(UINT16))) { + LogError("Packet received from socket %d was too small (%u bytes)", + data->sock, data->buf_size); + goto done; + } + + if ((result = getTCSDPacket(data, &ret_buf)) != TSS_SUCCESS) { + /* something internal to the TCSD went wrong in preparing the packet + * to return to the TSP. Use our already allocated buffer to return a + * TSS_E_INTERNAL_ERROR return code to the TSP. In the non-error path, + * these LoadBlob's are done in getTCSDPacket(). + */ + offset = 0; + /* load result */ + LoadBlob_UINT32(&offset, result, buffer); + /* load packet size */ + LoadBlob_UINT32(&offset, sizeof(struct tcsd_packet_hdr), buffer); + /* load num parms */ + LoadBlob_UINT16(&offset, 0, buffer); + + sizeToSend = sizeof(struct tcsd_packet_hdr); + LogDebug("Sending 0x%X bytes back", sizeToSend); + + while (sent_total < sizeToSend) { + if ((sent = send(data->sock, + &data->buf[sent_total], + sizeToSend - sent_total, 0)) < 0) { + LogError("Packet send to TSP failed: send: %s. Thread exiting.", + strerror(errno)); + goto done; + } + sent_total += sent; + } + } else { + sizeToSend = Decode_UINT32((BYTE *)&(ret_buf->packet_size)); + + LogDebug("Sending 0x%X bytes back", sizeToSend); + + while (sent_total < sizeToSend) { + if ((sent = send(data->sock, + &(((BYTE *)ret_buf)[sent_total]), + sizeToSend - sent_total, 0)) < 0) { + LogError("response to TSP failed: send: %s. Thread exiting.", + strerror(errno)); + free(ret_buf); + ret_buf = NULL; + goto done; + } + sent_total += sent; + } + free(ret_buf); + ret_buf = NULL; + } + + if (tm->shutdown) { + LogDebug("Thread %zd exiting via shutdown signal!", THREAD_ID); + break; + } + + /* receive the next packet */ + if ((data->buf_size = recv(data->sock, buffer, TCSD_TXBUF_SIZE, 0)) < 0) { + LogError("TSP has closed its connection: %s. Thread exiting.", + strerror(errno)); + break; + } else if (data->buf_size == 0) { + LogDebug("The TSP has closed the socket's connection. Thread exiting."); + break; + } + } + +done: + /* Closing connection to TSP */ + close(data->sock); + data->sock = -1; + data->buf = NULL; + data->buf_size = -1; + /* If the connection was not shut down cleanly, free TCS resources here */ + if (data->context != NULL_TCS_HANDLE) { + TCS_CloseContext_Internal(data->context); + data->context = NULL_TCS_HANDLE; + } + +#ifndef TCSD_SINGLE_THREAD_DEBUG + MUTEX_LOCK(tm->lock); + tm->num_active_threads--; + /* if we're not in shutdown mode, then nobody is waiting to join this thread, so + * detach it so that its resources are free at THREAD_EXIT() time. */ + if (!tm->shutdown) { + if ((rc = THREAD_DETACH(*(data->thread_id)))) { + LogError("Thread detach failed (errno %d)." + " Resources may not be properly released.", rc); + } + } + free(data->hostname); + data->hostname = NULL; + data->thread_id = THREAD_NULL; + MUTEX_UNLOCK(tm->lock); + THREAD_EXIT(NULL); +#else + return NULL; +#endif +} +#else +void * +tcsd_thread_run(void *v) +{ + struct tcsd_thread_data *data = (struct tcsd_thread_data *)v; + BYTE *buffer; + int recv_size, send_size; + TSS_RESULT result; + UINT64 offset; +#ifndef TCSD_SINGLE_THREAD_DEBUG + int rc; + + thread_signal_init(); +#endif + + data->comm.buf_size = TCSD_INIT_TXBUF_SIZE; + data->comm.buf = calloc(1, data->comm.buf_size); + while (data->comm.buf) { + /* get the packet header to get the size of the incoming packet */ + buffer = data->comm.buf; + recv_size = sizeof(struct tcsd_packet_hdr); + if ((recv_size = recv_from_socket(data->sock, buffer, recv_size)) < 0) + break; + buffer += sizeof(struct tcsd_packet_hdr); /* increment the buffer pointer */ + + /* check the packet size */ + recv_size = Decode_UINT32(data->comm.buf); + if (recv_size < (int)sizeof(struct tcsd_packet_hdr)) { + LogError("Packet to receive from socket %d is too small (%d bytes)", + data->sock, recv_size); + break; + } + + if (recv_size > (int) data->comm.buf_size ) { + BYTE *new_buffer; + + LogDebug("Increasing communication buffer to %d bytes.", recv_size); + new_buffer = realloc(data->comm.buf, recv_size); + if (new_buffer == NULL) { + LogError("realloc of %d bytes failed.", recv_size); + break; + } + buffer = new_buffer + sizeof(struct tcsd_packet_hdr); + data->comm.buf_size = recv_size; + data->comm.buf = new_buffer; + } + + /* get the rest of the packet */ + recv_size -= sizeof(struct tcsd_packet_hdr); /* already received the header */ + if ((recv_size = recv_from_socket(data->sock, buffer, recv_size)) < 0) + break; + LogDebug("Rx'd packet"); + + /* create a platform version of the tcsd header */ + offset = 0; + UnloadBlob_UINT32(&offset, &data->comm.hdr.packet_size, data->comm.buf); + UnloadBlob_UINT32(&offset, &data->comm.hdr.u.result, data->comm.buf); + UnloadBlob_UINT32(&offset, &data->comm.hdr.num_parms, data->comm.buf); + UnloadBlob_UINT32(&offset, &data->comm.hdr.type_size, data->comm.buf); + UnloadBlob_UINT32(&offset, &data->comm.hdr.type_offset, data->comm.buf); + UnloadBlob_UINT32(&offset, &data->comm.hdr.parm_size, data->comm.buf); + UnloadBlob_UINT32(&offset, &data->comm.hdr.parm_offset, data->comm.buf); + + if ((result = getTCSDPacket(data)) != TSS_SUCCESS) { + /* something internal to the TCSD went wrong in preparing the packet + * to return to the TSP. Use our already allocated buffer to return a + * TSS_E_INTERNAL_ERROR return code to the TSP. In the non-error path, + * these LoadBlob's are done in getTCSDPacket(). + */ + /* set everything to zero, fill in what is non-zero */ + memset(data->comm.buf, 0, data->comm.buf_size); + offset = 0; + /* load packet size */ + LoadBlob_UINT32(&offset, sizeof(struct tcsd_packet_hdr), data->comm.buf); + /* load result */ + LoadBlob_UINT32(&offset, result, data->comm.buf); + } + send_size = Decode_UINT32(data->comm.buf); + LogDebug("Sending 0x%X bytes back", send_size); + send_size = send_to_socket(data->sock, data->comm.buf, send_size); + if (send_size < 0) + break; + + /* check for shutdown */ + if (tm->shutdown) { + LogDebug("Thread %ld exiting via shutdown signal!", THREAD_ID); + break; + } + } + + LogDebug("Thread exiting."); + + /* Closing connection to TSP */ + close(data->sock); + data->sock = -1; + free(data->comm.buf); + data->comm.buf = NULL; + data->comm.buf_size = -1; + /* If the connection was not shut down cleanly, free TCS resources here */ + if (data->context != NULL_TCS_HANDLE) { + TCS_CloseContext_Internal(data->context); + data->context = NULL_TCS_HANDLE; + } + if(data->hostname != NULL) { + free(data->hostname); + data->hostname = NULL; + } + +#ifndef TCSD_SINGLE_THREAD_DEBUG + pthread_mutex_lock(&(tm->lock)); + tm->num_active_threads--; + /* if we're not in shutdown mode, then nobody is waiting to join this thread, so + * detach it so that its resources are free at pthread_exit() time. */ + if (!tm->shutdown) { + if ((rc = pthread_detach(*(data->thread_id)))) { + LogError("pthread_detach failed (errno %d)." + " Resources may not be properly released.", rc); + } + } + free(data->thread_id); + data->thread_id = THREAD_NULL; + pthread_mutex_unlock(&(tm->lock)); + pthread_exit(NULL); +#endif + return NULL; +} + +#endif diff --git a/src/tddl/Makefile.am b/src/tddl/Makefile.am new file mode 100644 index 0000000..1dbff9f --- /dev/null +++ b/src/tddl/Makefile.am @@ -0,0 +1,4 @@ +lib_LIBRARIES=libtddl.a + +libtddl_a_SOURCES=tddl.c +libtddl_a_CFLAGS=-DAPPID=\"TCSD\ TDDL\" -I${top_srcdir}/src/include diff --git a/src/tddl/Makefile.in b/src/tddl/Makefile.in new file mode 100644 index 0000000..c9515bc --- /dev/null +++ b/src/tddl/Makefile.in @@ -0,0 +1,547 @@ +# Makefile.in generated by automake 1.11.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +target_triplet = @target@ +subdir = src/tddl +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(libdir)" +LIBRARIES = $(lib_LIBRARIES) +ARFLAGS = cru +libtddl_a_AR = $(AR) $(ARFLAGS) +libtddl_a_LIBADD = +am_libtddl_a_OBJECTS = libtddl_a-tddl.$(OBJEXT) +libtddl_a_OBJECTS = $(am_libtddl_a_OBJECTS) +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libtddl_a_SOURCES) +DIST_SOURCES = $(libtddl_a_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CRYPTOLIB = @CRYPTOLIB@ +CRYPTO_PACKAGE = @CRYPTO_PACKAGE@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GREP = @GREP@ +GTK_CFLAGS = @GTK_CFLAGS@ +GTK_LIBS = @GTK_LIBS@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENSSL_LIB_DIR = @OPENSSL_LIB_DIR@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +RANLIB = @RANLIB@ +RPC = @RPC@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +TCSD_DEFAULT_PORT = @TCSD_DEFAULT_PORT@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target = @target@ +target_alias = @target_alias@ +target_cpu = @target_cpu@ +target_os = @target_os@ +target_vendor = @target_vendor@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +lib_LIBRARIES = libtddl.a +libtddl_a_SOURCES = tddl.c +libtddl_a_CFLAGS = -DAPPID=\"TCSD\ TDDL\" -I${top_srcdir}/src/include +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/tddl/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign src/tddl/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-libLIBRARIES: $(lib_LIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" + @list='$(lib_LIBRARIES)'; test -n "$(libdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(INSTALL_DATA) $$list2 '$(DESTDIR)$(libdir)'"; \ + $(INSTALL_DATA) $$list2 "$(DESTDIR)$(libdir)" || exit $$?; } + @$(POST_INSTALL) + @list='$(lib_LIBRARIES)'; test -n "$(libdir)" || list=; \ + for p in $$list; do \ + if test -f $$p; then \ + $(am__strip_dir) \ + echo " ( cd '$(DESTDIR)$(libdir)' && $(RANLIB) $$f )"; \ + ( cd "$(DESTDIR)$(libdir)" && $(RANLIB) $$f ) || exit $$?; \ + else :; fi; \ + done + +uninstall-libLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(lib_LIBRARIES)'; test -n "$(libdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(libdir)' && rm -f "$$files" )"; \ + cd "$(DESTDIR)$(libdir)" && rm -f $$files + +clean-libLIBRARIES: + -test -z "$(lib_LIBRARIES)" || rm -f $(lib_LIBRARIES) +libtddl.a: $(libtddl_a_OBJECTS) $(libtddl_a_DEPENDENCIES) + -rm -f libtddl.a + $(libtddl_a_AR) libtddl.a $(libtddl_a_OBJECTS) $(libtddl_a_LIBADD) + $(RANLIB) libtddl.a + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtddl_a-tddl.Po@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +libtddl_a-tddl.o: tddl.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtddl_a_CFLAGS) $(CFLAGS) -MT libtddl_a-tddl.o -MD -MP -MF $(DEPDIR)/libtddl_a-tddl.Tpo -c -o libtddl_a-tddl.o `test -f 'tddl.c' || echo '$(srcdir)/'`tddl.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtddl_a-tddl.Tpo $(DEPDIR)/libtddl_a-tddl.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tddl.c' object='libtddl_a-tddl.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtddl_a_CFLAGS) $(CFLAGS) -c -o libtddl_a-tddl.o `test -f 'tddl.c' || echo '$(srcdir)/'`tddl.c + +libtddl_a-tddl.obj: tddl.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtddl_a_CFLAGS) $(CFLAGS) -MT libtddl_a-tddl.obj -MD -MP -MF $(DEPDIR)/libtddl_a-tddl.Tpo -c -o libtddl_a-tddl.obj `if test -f 'tddl.c'; then $(CYGPATH_W) 'tddl.c'; else $(CYGPATH_W) '$(srcdir)/tddl.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtddl_a-tddl.Tpo $(DEPDIR)/libtddl_a-tddl.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tddl.c' object='libtddl_a-tddl.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtddl_a_CFLAGS) $(CFLAGS) -c -o libtddl_a-tddl.obj `if test -f 'tddl.c'; then $(CYGPATH_W) 'tddl.c'; else $(CYGPATH_W) '$(srcdir)/tddl.c'; fi` + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(libdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libLIBRARIES clean-libtool \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: install-libLIBRARIES + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-libLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libLIBRARIES clean-libtool ctags distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am \ + install-libLIBRARIES install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-libLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/tddl/tddl.c b/src/tddl/tddl.c new file mode 100644 index 0000000..b4f95b2 --- /dev/null +++ b/src/tddl/tddl.c @@ -0,0 +1,273 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004, 2005 + * + */ + + +#include +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "linux/tpm.h" +#include "tcslog.h" +#include "tddl.h" + +struct tpm_device_node tpm_device_nodes[] = { + {"/dev/tpm0", TDDL_UNDEF, TDDL_UNDEF}, + {"/udev/tpm0", TDDL_UNDEF, TDDL_UNDEF}, + {"/dev/tpm", TDDL_UNDEF, TDDL_UNDEF}, + {NULL, 0, 0} +}; + +struct tpm_device_node *opened_device = NULL; + +BYTE txBuffer[TDDL_TXBUF_SIZE]; +TSS_BOOL use_in_socket = FALSE; +struct tcsd_config *_tcsd_options = NULL; + +#include +#include +#include +#include +#include +#include + + +int +open_device() +{ + int i = 0, fd = -1, tcp_device_port; + char *tcp_device_hostname = NULL; + char *un_socket_device_path = NULL; + char *tcp_device_port_string = NULL; + + if (getenv("TCSD_USE_TCP_DEVICE")) { + if ((tcp_device_hostname = getenv("TCSD_TCP_DEVICE_HOSTNAME")) == NULL) + tcp_device_hostname = "localhost"; + if ((un_socket_device_path = getenv("TCSD_UN_SOCKET_DEVICE_PATH")) == NULL) + un_socket_device_path = "/var/run/tpm/tpmd_socket:0"; + if ((tcp_device_port_string = getenv("TCSD_TCP_DEVICE_PORT")) != NULL) + tcp_device_port = atoi(tcp_device_port_string); + else + tcp_device_port = 6545; + + + fd = socket(AF_INET, SOCK_STREAM, 0); + if (fd > 0) { + struct hostent *host = gethostbyname(tcp_device_hostname); + if (host != NULL) { + struct sockaddr_in addr; + memset(&addr, 0x0, sizeof(addr)); + addr.sin_family = host->h_addrtype; + addr.sin_port = htons(tcp_device_port); + memcpy(&addr.sin_addr, + host->h_addr, + host->h_length); + if (connect(fd, (struct sockaddr *)&addr, + sizeof(addr)) < 0) { + close(fd); + fd = -1; + } else + use_in_socket = TRUE; + } else { + close (fd); + fd = -1; + } + } + + if (fd < 0) { + struct sockaddr_un addr; + + fd = socket(AF_UNIX, SOCK_STREAM, 0); + if (fd >= 0) { + addr.sun_family = AF_UNIX; + strncpy(addr.sun_path, un_socket_device_path, + sizeof(addr.sun_path)); + if (connect(fd, (void *)&addr, sizeof(addr)) < 0) { + close(fd); + fd = -1; + } + } + } + } + + if (fd < 0) { + /* tpm_device_paths is filled out in tddl.h */ + for (i = 0; tpm_device_nodes[i].path != NULL; i++) { + errno = 0; + if ((fd = open(tpm_device_nodes[i].path, O_RDWR)) >= 0) + break; + } + } + + if (fd > 0) { + opened_device = &(tpm_device_nodes[i]); + tpm_device_nodes[i].fd = fd; + } + return fd; +} + +TSS_RESULT +Tddli_Open() +{ + int rc; + + if (opened_device != NULL) { + LogDebug("attempted to re-open the TPM driver!"); + return TDDLERR(TDDL_E_ALREADY_OPENED); + } + + rc = open_device(); + if (rc < 0) { + LogError("Could not find a device to open!"); + if (errno == ENOENT) { + /* File DNE */ + return TDDLERR(TDDL_E_COMPONENT_NOT_FOUND); + } + + return TDDLERR(TDDL_E_FAIL); + } + + return TSS_SUCCESS; +} + +TSS_RESULT +Tddli_Close() +{ + if (opened_device == NULL) { + LogDebug("attempted to re-close the TPM driver!"); + return TDDLERR(TDDL_E_ALREADY_CLOSED); + } + + close(opened_device->fd); + opened_device->fd = TDDL_UNDEF; + opened_device = NULL; + + return TSS_SUCCESS; +} + +TSS_RESULT +Tddli_TransmitData(BYTE * pTransmitBuf, UINT32 TransmitBufLen, BYTE * pReceiveBuf, + UINT32 * pReceiveBufLen) +{ + int sizeResult; + + if (TransmitBufLen > TDDL_TXBUF_SIZE) { + LogError("buffer size handed to TDDL is too large! (%u bytes)", TransmitBufLen); + return TDDLERR(TDDL_E_FAIL); + } + + memcpy(txBuffer, pTransmitBuf, TransmitBufLen); + LogDebug("Calling write to driver"); + + if (use_in_socket) { + Tddli_Close(); + if (Tddli_Open()) + return TDDLERR(TDDL_E_IOERROR); + } + + switch (opened_device->transmit) { + case TDDL_UNDEF: + /* fall through */ + case TDDL_TRANSMIT_IOCTL: + errno = 0; + if ((sizeResult = ioctl(opened_device->fd, TPMIOC_TRANSMIT, txBuffer)) != -1) { + opened_device->transmit = TDDL_TRANSMIT_IOCTL; + break; + } + LogWarn("ioctl: (%d) %s", errno, strerror(errno)); + LogInfo("Falling back to Read/Write device support."); + /* fall through */ + case TDDL_TRANSMIT_RW: + if ((sizeResult = write(opened_device->fd, + txBuffer, + TransmitBufLen)) == (int)TransmitBufLen) { + opened_device->transmit = TDDL_TRANSMIT_RW; + sizeResult = read(opened_device->fd, txBuffer, + TDDL_TXBUF_SIZE); + break; + } else { + if (sizeResult == -1) { + LogError("write to device %s failed: %s", + opened_device->path, + strerror(errno)); + } else { + LogError("wrote %d bytes to %s (tried " + "to write %d)", sizeResult, + opened_device->path, + TransmitBufLen); + } + } + /* fall through */ + default: + return TDDLERR(TDDL_E_IOERROR); + } + + if (sizeResult < 0) { + LogError("read from device %s failed: %s", opened_device->path, strerror(errno)); + return TDDLERR(TDDL_E_IOERROR); + } else if (sizeResult == 0) { + LogError("Zero bytes read from device %s", opened_device->path); + return TDDLERR(TDDL_E_IOERROR); + } + + if ((unsigned)sizeResult > *pReceiveBufLen) { + LogError("read %d bytes from device %s, (only room for %d)", sizeResult, + opened_device->path, *pReceiveBufLen); + return TDDLERR(TDDL_E_INSUFFICIENT_BUFFER); + } + + *pReceiveBufLen = sizeResult; + + memcpy(pReceiveBuf, txBuffer, *pReceiveBufLen); + return TSS_SUCCESS; +} + +TSS_RESULT +Tddli_GetStatus(UINT32 ReqStatusType, UINT32 *pStatus) +{ + return TDDLERR(TSS_E_NOTIMPL); +} + +TSS_RESULT +Tddli_SetCapability(UINT32 CapArea, UINT32 SubCap, + BYTE *pSetCapBuf, UINT32 SetCapBufLen) +{ + return TDDLERR(TSS_E_NOTIMPL); +} + +TSS_RESULT +Tddli_GetCapability(UINT32 CapArea, UINT32 SubCap, + BYTE *pCapBuf, UINT32 *pCapBufLen) +{ + return TDDLERR(TSS_E_NOTIMPL); +} + +TSS_RESULT Tddli_Cancel(void) +{ + int rc; + + if (opened_device->transmit == TDDL_TRANSMIT_IOCTL) { + if ((rc = ioctl(opened_device->fd, TPMIOC_CANCEL, NULL)) == -1) { + LogError("ioctl: (%d) %s", errno, strerror(errno)); + return TDDLERR(TDDL_E_FAIL); + } else if (rc == -EIO) { + /* The driver timed out while trying to tell the chip to cancel */ + return TDDLERR(TDDL_E_COMMAND_COMPLETED); + } + + return TSS_SUCCESS; + } else { + return TDDLERR(TSS_E_NOTIMPL); + } +} diff --git a/src/trspi/Makefile.am b/src/trspi/Makefile.am new file mode 100644 index 0000000..300e492 --- /dev/null +++ b/src/trspi/Makefile.am @@ -0,0 +1,11 @@ +noinst_LTLIBRARIES=libtrousers.la + +libtrousers_la_SOURCES=trousers.c crypto/@CRYPTO_PACKAGE@/hash.c +libtrousers_la_CFLAGS=-DAPPID=\"TSPI\" -I${top_srcdir}/src/include + +if TSS_BUILD_ASYM_CRYPTO +libtrousers_la_SOURCES+=crypto/@CRYPTO_PACKAGE@/rsa.c +endif +if TSS_BUILD_SYM_CRYPTO +libtrousers_la_SOURCES+=crypto/@CRYPTO_PACKAGE@/symmetric.c +endif diff --git a/src/trspi/Makefile.in b/src/trspi/Makefile.in new file mode 100644 index 0000000..5681451 --- /dev/null +++ b/src/trspi/Makefile.in @@ -0,0 +1,524 @@ +# Makefile.in generated by automake 1.11.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +target_triplet = @target@ +@TSS_BUILD_ASYM_CRYPTO_TRUE@am__append_1 = crypto/@CRYPTO_PACKAGE@/rsa.c +@TSS_BUILD_SYM_CRYPTO_TRUE@am__append_2 = crypto/@CRYPTO_PACKAGE@/symmetric.c +subdir = src/trspi +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +LTLIBRARIES = $(noinst_LTLIBRARIES) +libtrousers_la_LIBADD = +am__libtrousers_la_SOURCES_DIST = trousers.c \ + crypto/@CRYPTO_PACKAGE@/hash.c crypto/@CRYPTO_PACKAGE@/rsa.c \ + crypto/@CRYPTO_PACKAGE@/symmetric.c +@TSS_BUILD_ASYM_CRYPTO_TRUE@am__objects_1 = libtrousers_la-rsa.lo +@TSS_BUILD_SYM_CRYPTO_TRUE@am__objects_2 = \ +@TSS_BUILD_SYM_CRYPTO_TRUE@ libtrousers_la-symmetric.lo +am_libtrousers_la_OBJECTS = libtrousers_la-trousers.lo \ + libtrousers_la-hash.lo $(am__objects_1) $(am__objects_2) +libtrousers_la_OBJECTS = $(am_libtrousers_la_OBJECTS) +libtrousers_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(libtrousers_la_CFLAGS) \ + $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libtrousers_la_SOURCES) +DIST_SOURCES = $(am__libtrousers_la_SOURCES_DIST) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CRYPTOLIB = @CRYPTOLIB@ +CRYPTO_PACKAGE = @CRYPTO_PACKAGE@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GREP = @GREP@ +GTK_CFLAGS = @GTK_CFLAGS@ +GTK_LIBS = @GTK_LIBS@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENSSL_LIB_DIR = @OPENSSL_LIB_DIR@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +RANLIB = @RANLIB@ +RPC = @RPC@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +TCSD_DEFAULT_PORT = @TCSD_DEFAULT_PORT@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target = @target@ +target_alias = @target_alias@ +target_cpu = @target_cpu@ +target_os = @target_os@ +target_vendor = @target_vendor@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +noinst_LTLIBRARIES = libtrousers.la +libtrousers_la_SOURCES = trousers.c crypto/@CRYPTO_PACKAGE@/hash.c \ + $(am__append_1) $(am__append_2) +libtrousers_la_CFLAGS = -DAPPID=\"TSPI\" -I${top_srcdir}/src/include +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/trspi/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign src/trspi/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libtrousers.la: $(libtrousers_la_OBJECTS) $(libtrousers_la_DEPENDENCIES) + $(libtrousers_la_LINK) $(libtrousers_la_OBJECTS) $(libtrousers_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtrousers_la-hash.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtrousers_la-rsa.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtrousers_la-symmetric.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtrousers_la-trousers.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +libtrousers_la-trousers.lo: trousers.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrousers_la_CFLAGS) $(CFLAGS) -MT libtrousers_la-trousers.lo -MD -MP -MF $(DEPDIR)/libtrousers_la-trousers.Tpo -c -o libtrousers_la-trousers.lo `test -f 'trousers.c' || echo '$(srcdir)/'`trousers.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtrousers_la-trousers.Tpo $(DEPDIR)/libtrousers_la-trousers.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='trousers.c' object='libtrousers_la-trousers.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrousers_la_CFLAGS) $(CFLAGS) -c -o libtrousers_la-trousers.lo `test -f 'trousers.c' || echo '$(srcdir)/'`trousers.c + +libtrousers_la-hash.lo: crypto/@CRYPTO_PACKAGE@/hash.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrousers_la_CFLAGS) $(CFLAGS) -MT libtrousers_la-hash.lo -MD -MP -MF $(DEPDIR)/libtrousers_la-hash.Tpo -c -o libtrousers_la-hash.lo `test -f 'crypto/@CRYPTO_PACKAGE@/hash.c' || echo '$(srcdir)/'`crypto/@CRYPTO_PACKAGE@/hash.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtrousers_la-hash.Tpo $(DEPDIR)/libtrousers_la-hash.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/@CRYPTO_PACKAGE@/hash.c' object='libtrousers_la-hash.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrousers_la_CFLAGS) $(CFLAGS) -c -o libtrousers_la-hash.lo `test -f 'crypto/@CRYPTO_PACKAGE@/hash.c' || echo '$(srcdir)/'`crypto/@CRYPTO_PACKAGE@/hash.c + +libtrousers_la-rsa.lo: crypto/@CRYPTO_PACKAGE@/rsa.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrousers_la_CFLAGS) $(CFLAGS) -MT libtrousers_la-rsa.lo -MD -MP -MF $(DEPDIR)/libtrousers_la-rsa.Tpo -c -o libtrousers_la-rsa.lo `test -f 'crypto/@CRYPTO_PACKAGE@/rsa.c' || echo '$(srcdir)/'`crypto/@CRYPTO_PACKAGE@/rsa.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtrousers_la-rsa.Tpo $(DEPDIR)/libtrousers_la-rsa.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/@CRYPTO_PACKAGE@/rsa.c' object='libtrousers_la-rsa.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrousers_la_CFLAGS) $(CFLAGS) -c -o libtrousers_la-rsa.lo `test -f 'crypto/@CRYPTO_PACKAGE@/rsa.c' || echo '$(srcdir)/'`crypto/@CRYPTO_PACKAGE@/rsa.c + +libtrousers_la-symmetric.lo: crypto/@CRYPTO_PACKAGE@/symmetric.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrousers_la_CFLAGS) $(CFLAGS) -MT libtrousers_la-symmetric.lo -MD -MP -MF $(DEPDIR)/libtrousers_la-symmetric.Tpo -c -o libtrousers_la-symmetric.lo `test -f 'crypto/@CRYPTO_PACKAGE@/symmetric.c' || echo '$(srcdir)/'`crypto/@CRYPTO_PACKAGE@/symmetric.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtrousers_la-symmetric.Tpo $(DEPDIR)/libtrousers_la-symmetric.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/@CRYPTO_PACKAGE@/symmetric.c' object='libtrousers_la-symmetric.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrousers_la_CFLAGS) $(CFLAGS) -c -o libtrousers_la-symmetric.lo `test -f 'crypto/@CRYPTO_PACKAGE@/symmetric.c' || echo '$(srcdir)/'`crypto/@CRYPTO_PACKAGE@/symmetric.c + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-noinstLTLIBRARIES ctags distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/trspi/crypto/Makefile.am b/src/trspi/crypto/Makefile.am new file mode 100644 index 0000000..bc3bf86 --- /dev/null +++ b/src/trspi/crypto/Makefile.am @@ -0,0 +1 @@ +SUBDIRS = openssl diff --git a/src/trspi/crypto/openssl/hash.c b/src/trspi/crypto/openssl/hash.c new file mode 100644 index 0000000..f6cf3dc --- /dev/null +++ b/src/trspi/crypto/openssl/hash.c @@ -0,0 +1,218 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +/* + * hash.c - openssl TSS crypto routines + * + * Kent Yoder + * + */ + +#include + +#include +#include // for some reason the MGF1 prototype is in here +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "tsplog.h" + +#ifdef TSS_DEBUG +#define DEBUG_print_openssl_errors() \ + do { \ + ERR_load_crypto_strings(); \ + ERR_print_errors_fp(stderr); \ + } while (0) +#else +#define DEBUG_print_openssl_errors() +#endif + +#if (OPENSSL_VERSION_NUMBER >= 0x0090800FL) +#define OpenSSL_MGF1(m,mlen,s,slen,md) PKCS1_MGF1(m,mlen,s,slen,md) +#else +int MGF1(unsigned char *, long, const unsigned char *, long); +#define OpenSSL_MGF1(m,mlen,s,slen,md) MGF1(m,mlen,s,slen) +#endif + +/* + * Hopefully this will make the code clearer since + * OpenSSL returns 1 on success + */ +#define EVP_SUCCESS 1 + +TSS_RESULT +Trspi_Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest) +{ + EVP_MD_CTX md_ctx; + unsigned int result_size; + int rv; + + switch (HashType) { + case TSS_HASH_SHA1: + rv = EVP_DigestInit(&md_ctx, EVP_sha1()); + break; + default: + rv = TSPERR(TSS_E_BAD_PARAMETER); + goto out; + break; + } + + if (rv != EVP_SUCCESS) { + rv = TSPERR(TSS_E_INTERNAL_ERROR); + goto err; + } + + rv = EVP_DigestUpdate(&md_ctx, Buf, BufSize); + if (rv != EVP_SUCCESS) { + rv = TSPERR(TSS_E_INTERNAL_ERROR); + goto err; + } + + result_size = EVP_MD_CTX_size(&md_ctx); + rv = EVP_DigestFinal(&md_ctx, Digest, &result_size); + if (rv != EVP_SUCCESS) { + rv = TSPERR(TSS_E_INTERNAL_ERROR); + goto err; + } else + rv = TSS_SUCCESS; + + goto out; + +err: + DEBUG_print_openssl_errors(); +out: + return rv; +} + +TSS_RESULT +Trspi_HashInit(Trspi_HashCtx *ctx, UINT32 HashType) +{ + int rv; + EVP_MD *md; + + switch (HashType) { + case TSS_HASH_SHA1: + md = (EVP_MD *)EVP_sha1(); + break; + default: + return TSPERR(TSS_E_BAD_PARAMETER); + break; + } + + if ((ctx->ctx = malloc(sizeof(EVP_MD_CTX))) == NULL) + return TSPERR(TSS_E_OUTOFMEMORY); + + rv = EVP_DigestInit((EVP_MD_CTX *)ctx->ctx, (const EVP_MD *)md); + + if (rv != EVP_SUCCESS) { + DEBUG_print_openssl_errors(); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + return TSS_SUCCESS; +} + +TSS_RESULT +Trspi_HashUpdate(Trspi_HashCtx *ctx, UINT32 size, BYTE *data) +{ + int rv; + + if (ctx == NULL || ctx->ctx == NULL) + return TSPERR(TSS_E_INTERNAL_ERROR); + + if (data == NULL && size) + return TSPERR(TSS_E_BAD_PARAMETER); + + if (!size) + return TSS_SUCCESS; + + rv = EVP_DigestUpdate(ctx->ctx, data, size); + if (rv != EVP_SUCCESS) { + DEBUG_print_openssl_errors(); + free(ctx->ctx); + ctx->ctx = NULL; + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + return TSS_SUCCESS; +} + +TSS_RESULT +Trspi_HashFinal(Trspi_HashCtx *ctx, BYTE *digest) +{ + int rv; + UINT32 result_size; + + if (ctx == NULL || ctx->ctx == NULL) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result_size = EVP_MD_CTX_size((EVP_MD_CTX *)ctx->ctx); + rv = EVP_DigestFinal(ctx->ctx, digest, &result_size); + if (rv != EVP_SUCCESS) + return TSPERR(TSS_E_INTERNAL_ERROR); + + free(ctx->ctx); + ctx->ctx = NULL; + + return TSS_SUCCESS; +} + +UINT32 +Trspi_HMAC(UINT32 HashType, UINT32 SecretSize, BYTE* Secret, UINT32 BufSize, BYTE* Buf, BYTE* hmacOut) +{ + /*HMAC_CTX hmac_ctx;*/ + const EVP_MD *md; + unsigned int len; + int rv = TSS_SUCCESS; + + switch (HashType) { + case TSS_HASH_SHA1: + md = EVP_sha1(); + break; + default: + rv = TSPERR(TSS_E_BAD_PARAMETER); + goto out; + break; + } + + len = EVP_MD_size(md); + + HMAC(md, Secret, SecretSize, Buf, BufSize, hmacOut, &len); +out: + return rv; +} + +TSS_RESULT +Trspi_MGF1(UINT32 alg, UINT32 seedLen, BYTE *seed, UINT32 outLen, BYTE *out) +{ + const EVP_MD *md; + long olen = outLen, slen = seedLen; + int rv = TSS_SUCCESS; + + switch (alg) { + case TSS_HASH_SHA1: + md = EVP_sha1(); + break; + default: + rv = TSPERR(TSS_E_BAD_PARAMETER); + goto out; + break; + } + + rv = OpenSSL_MGF1(out, olen, seed, slen, md); +out: + return rv; +} diff --git a/src/trspi/crypto/openssl/rsa.c b/src/trspi/crypto/openssl/rsa.c new file mode 100644 index 0000000..0bd1e89 --- /dev/null +++ b/src/trspi/crypto/openssl/rsa.c @@ -0,0 +1,266 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +/* + * rsa.c - openssl TSS crypto routines + * + * Kent Yoder + * + */ + +#include + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "tsplog.h" + +#ifdef TSS_DEBUG +#define DEBUG_print_openssl_errors() \ + do { \ + ERR_load_crypto_strings(); \ + ERR_print_errors_fp(stderr); \ + } while (0) +#else +#define DEBUG_print_openssl_errors() +#endif + + +/* + * Hopefully this will make the code clearer since + * OpenSSL returns 1 on success + */ +#define EVP_SUCCESS 1 + +/* XXX int set to unsigned int values */ +int +Trspi_RSA_Encrypt(unsigned char *dataToEncrypt, /* in */ + unsigned int dataToEncryptLen, /* in */ + unsigned char *encryptedData, /* out */ + unsigned int *encryptedDataLen, /* out */ + unsigned char *publicKey, + unsigned int keysize) +{ + int rv; + unsigned char exp[] = { 0x01, 0x00, 0x01 }; /* 65537 hex */ + unsigned char oaepPad[] = "TCPA"; + int oaepPadLen = 4; + RSA *rsa = RSA_new(); + BYTE encodedData[256]; + int encodedDataLen; + + if (rsa == NULL) { + rv = TSPERR(TSS_E_OUTOFMEMORY); + goto err; + } + + /* set the public key value in the OpenSSL object */ + rsa->n = BN_bin2bn(publicKey, keysize, rsa->n); + /* set the public exponent */ + rsa->e = BN_bin2bn(exp, sizeof(exp), rsa->e); + + if (rsa->n == NULL || rsa->e == NULL) { + rv = TSPERR(TSS_E_OUTOFMEMORY); + goto err; + } + + /* padding constraint for PKCS#1 OAEP padding */ + if ((int)dataToEncryptLen >= (RSA_size(rsa) - ((2 * SHA_DIGEST_LENGTH) + 1))) { + rv = TSPERR(TSS_E_INTERNAL_ERROR); + goto err; + } + + encodedDataLen = MIN(RSA_size(rsa), 256); + + /* perform our OAEP padding here with custom padding parameter */ + rv = RSA_padding_add_PKCS1_OAEP(encodedData, encodedDataLen, dataToEncrypt, + dataToEncryptLen, oaepPad, oaepPadLen); + if (rv != EVP_SUCCESS) { + rv = TSPERR(TSS_E_INTERNAL_ERROR); + goto err; + } + + /* call OpenSSL with no additional padding */ + rv = RSA_public_encrypt(encodedDataLen, encodedData, + encryptedData, rsa, RSA_NO_PADDING); + if (rv == -1) { + rv = TSPERR(TSS_E_INTERNAL_ERROR); + goto err; + } + + /* RSA_public_encrypt returns the size of the encrypted data */ + *encryptedDataLen = rv; + rv = TSS_SUCCESS; + goto out; + +err: + DEBUG_print_openssl_errors(); +out: + if (rsa) + RSA_free(rsa); + return rv; +} + +TSS_RESULT +Trspi_Verify(UINT32 HashType, BYTE *pHash, UINT32 iHashLength, + unsigned char *pModulus, int iKeyLength, + BYTE *pSignature, UINT32 sig_len) +{ + int rv, nid; + unsigned char exp[] = { 0x01, 0x00, 0x01 }; /* The default public exponent for the TPM */ + unsigned char buf[256]; + RSA *rsa = RSA_new(); + + if (rsa == NULL) { + rv = TSPERR(TSS_E_OUTOFMEMORY); + goto err; + } + + /* We assume we're verifying data from a TPM, so there are only + * two options, SHA1 data and PKCSv1.5 encoded signature data. + */ + switch (HashType) { + case TSS_HASH_SHA1: + nid = NID_sha1; + break; + case TSS_HASH_OTHER: + nid = NID_undef; + break; + default: + rv = TSPERR(TSS_E_BAD_PARAMETER); + goto out; + break; + } + + /* set the public key value in the OpenSSL object */ + rsa->n = BN_bin2bn(pModulus, iKeyLength, rsa->n); + /* set the public exponent */ + rsa->e = BN_bin2bn(exp, sizeof(exp), rsa->e); + + if (rsa->n == NULL || rsa->e == NULL) { + rv = TSPERR(TSS_E_OUTOFMEMORY); + goto err; + } + + /* if we don't know the structure of the data we're verifying, do a public decrypt + * and compare manually. If we know we're looking for a SHA1 hash, allow OpenSSL + * to do the work for us. + */ + if (nid == NID_undef) { + rv = RSA_public_decrypt(sig_len, pSignature, buf, rsa, RSA_PKCS1_PADDING); + if ((UINT32)rv != iHashLength) { + rv = TSPERR(TSS_E_FAIL); + goto out; + } else if (memcmp(pHash, buf, iHashLength)) { + rv = TSPERR(TSS_E_FAIL); + goto out; + } + } else { + if ((rv = RSA_verify(nid, pHash, iHashLength, pSignature, sig_len, rsa)) == 0) { + rv = TSPERR(TSS_E_FAIL); + goto out; + } + } + + rv = TSS_SUCCESS; + goto out; + +err: + DEBUG_print_openssl_errors(); +out: + if (rsa) + RSA_free(rsa); + return rv; +} + +int +Trspi_RSA_Public_Encrypt(unsigned char *in, unsigned int inlen, + unsigned char *out, unsigned int *outlen, + unsigned char *pubkey, unsigned int pubsize, + unsigned int e, int padding) +{ + int rv, e_size = 3; + unsigned char exp[] = { 0x01, 0x00, 0x01 }; + RSA *rsa = RSA_new(); + + if (rsa == NULL) { + rv = TSPERR(TSS_E_OUTOFMEMORY); + goto err; + } + + switch (e) { + case 0: + /* fall through */ + case 65537: + break; + case 17: + exp[0] = 17; + e_size = 1; + break; + case 3: + exp[0] = 3; + e_size = 1; + break; + default: + rv = TSPERR(TSS_E_INTERNAL_ERROR); + goto out; + break; + } + + switch (padding) { + case TR_RSA_PKCS1_OAEP_PADDING: + padding = RSA_PKCS1_OAEP_PADDING; + break; + case TR_RSA_PKCS1_PADDING: + padding = RSA_PKCS1_PADDING; + break; + case TR_RSA_NO_PADDING: + padding = RSA_NO_PADDING; + break; + default: + rv = TSPERR(TSS_E_INTERNAL_ERROR); + goto out; + break; + } + + /* set the public key value in the OpenSSL object */ + rsa->n = BN_bin2bn(pubkey, pubsize, rsa->n); + /* set the public exponent */ + rsa->e = BN_bin2bn(exp, e_size, rsa->e); + + if (rsa->n == NULL || rsa->e == NULL) { + rv = TSPERR(TSS_E_OUTOFMEMORY); + goto err; + } + + rv = RSA_public_encrypt(inlen, in, out, rsa, padding); + if (rv == -1) { + rv = TSPERR(TSS_E_INTERNAL_ERROR); + goto err; + } + + /* RSA_public_encrypt returns the size of the encrypted data */ + *outlen = rv; + rv = TSS_SUCCESS; + goto out; + +err: + DEBUG_print_openssl_errors(); +out: + if (rsa) + RSA_free(rsa); + return rv; +} diff --git a/src/trspi/crypto/openssl/symmetric.c b/src/trspi/crypto/openssl/symmetric.c new file mode 100644 index 0000000..f5c3836 --- /dev/null +++ b/src/trspi/crypto/openssl/symmetric.c @@ -0,0 +1,388 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +/* + * symmetric.c - openssl TSS crypto routines + * + * Kent Yoder + * + */ + +#include +#include + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "tsplog.h" + + +#ifdef TSS_DEBUG +#define DEBUG_print_openssl_errors() \ + do { \ + ERR_load_crypto_strings(); \ + ERR_print_errors_fp(stderr); \ + } while (0) +#else +#define DEBUG_print_openssl_errors() +#endif + + +/* + * Hopefully this will make the code clearer since + * OpenSSL returns 1 on success + */ +#define EVP_SUCCESS 1 + +TSS_RESULT +Trspi_Encrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out, + UINT32 *out_len) +{ + TSS_RESULT result = TSS_SUCCESS; + EVP_CIPHER_CTX ctx; + UINT32 tmp; + + switch (alg) { + case TSS_ALG_AES: + break; + default: + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + break; + } + + EVP_CIPHER_CTX_init(&ctx); + + if (!EVP_EncryptInit(&ctx, EVP_aes_256_ecb(), key, NULL)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + DEBUG_print_openssl_errors(); + goto done; + } + + if (*out_len < in_len + EVP_CIPHER_CTX_block_size(&ctx) - 1) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + if (!EVP_EncryptUpdate(&ctx, out, (int *)out_len, in, in_len)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + DEBUG_print_openssl_errors(); + goto done; + } + + if (!EVP_EncryptFinal(&ctx, out + *out_len, (int *)&tmp)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + DEBUG_print_openssl_errors(); + goto done; + } + *out_len += tmp; +done: + EVP_CIPHER_CTX_cleanup(&ctx); + return result; +} + +TSS_RESULT +Trspi_Decrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out, + UINT32 *out_len) +{ + TSS_RESULT result = TSS_SUCCESS; + EVP_CIPHER_CTX ctx; + UINT32 tmp; + + switch (alg) { + case TSS_ALG_AES: + break; + default: + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + break; + } + + EVP_CIPHER_CTX_init(&ctx); + + if (!EVP_DecryptInit(&ctx, EVP_aes_256_ecb(), key, NULL)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + DEBUG_print_openssl_errors(); + goto done; + } + + if (!EVP_DecryptUpdate(&ctx, out, (int *)out_len, in, in_len)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + DEBUG_print_openssl_errors(); + goto done; + } + + if (!EVP_DecryptFinal(&ctx, out + *out_len, (int *)&tmp)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + DEBUG_print_openssl_errors(); + goto done; + } + *out_len += tmp; +done: + EVP_CIPHER_CTX_cleanup(&ctx); + return result; +} + +EVP_CIPHER * +get_openssl_cipher(UINT16 alg, UINT16 mode) +{ + EVP_CIPHER *cipher = NULL; + + switch (alg) { + case TSS_ALG_AES: + case TCPA_ALG_AES: + switch (mode) { + case TPM_ES_NONE: + case TSS_ES_NONE: + case TPM_ES_SYM_CBC_PKCS5PAD: + LogDebug("XXX Make sure this is really PKCS5 padded"); + case TR_SYM_MODE_CBC: + cipher = (EVP_CIPHER *)EVP_aes_128_cbc(); + break; + case TPM_ES_SYM_OFB: + cipher = (EVP_CIPHER *)EVP_aes_128_ofb(); + break; + case TPM_ES_SYM_CNT: + LogDebug("XXX AES128 in CTR mode unsupp by openssl EVP"); + default: + LogDebug("Invalid mode in doing symmetric encryption"); + break; + } + break; + case TSS_ALG_DES: + case TCPA_ALG_DES: + switch (mode) { + case TPM_ES_NONE: + case TSS_ES_NONE: + case TPM_ES_SYM_CBC_PKCS5PAD: + LogDebug("XXX Make sure this is really PKCS5 padded"); + case TR_SYM_MODE_CBC: + cipher = (EVP_CIPHER *)EVP_des_cbc(); + break; + case TPM_ES_SYM_OFB: + cipher = (EVP_CIPHER *)EVP_des_ofb(); + break; + case TPM_ES_SYM_CNT: + LogDebug("XXX DES in CTR mode unsupp by openssl EVP"); + default: + LogDebug("Invalid mode in doing symmetric encryption"); + break; + } + break; + case TSS_ALG_3DES: + case TCPA_ALG_3DES: + switch (mode) { + case TPM_ES_NONE: + case TSS_ES_NONE: + case TPM_ES_SYM_CBC_PKCS5PAD: + LogDebug("XXX Make sure this is really PKCS5 padded"); + case TR_SYM_MODE_CBC: + cipher = (EVP_CIPHER *)EVP_des_ede3_cbc(); + break; + case TPM_ES_SYM_OFB: + cipher = (EVP_CIPHER *)EVP_des_ede3_ofb(); + break; + case TPM_ES_SYM_CNT: + LogDebug("XXX 3DES in CTR mode unsupp by openssl EVP"); + default: + LogDebug("Invalid mode in doing symmetric encryption"); + break; + } + break; + case TPM_ALG_AES192: + case TSS_ALG_AES192: + switch (mode) { + case TPM_ES_NONE: + case TSS_ES_NONE: + case TPM_ES_SYM_CBC_PKCS5PAD: + LogDebug("XXX Make sure this is really PKCS5 padded"); + case TR_SYM_MODE_CBC: + cipher = (EVP_CIPHER *)EVP_aes_192_cbc(); + break; + case TPM_ES_SYM_OFB: + cipher = (EVP_CIPHER *)EVP_aes_192_ofb(); + break; + case TPM_ES_SYM_CNT: + LogDebug("XXX AES192 in CTR mode unsupp by openssl EVP"); + default: + LogDebug("Invalid mode in doing symmetric encryption"); + break; + } + break; + case TPM_ALG_AES256: + case TSS_ALG_AES256: + switch (mode) { + case TPM_ES_NONE: + case TSS_ES_NONE: + case TPM_ES_SYM_CBC_PKCS5PAD: + LogDebug("XXX Make sure this is really PKCS5 padded"); + case TR_SYM_MODE_CBC: + cipher = (EVP_CIPHER *)EVP_aes_256_cbc(); + break; + case TPM_ES_SYM_OFB: + cipher = (EVP_CIPHER *)EVP_aes_256_ofb(); + break; + case TPM_ES_SYM_CNT: + LogDebug("XXX AES256 in CTR mode unsupp by openssl EVP"); + default: + LogDebug("Invalid mode in doing symmetric encryption"); + break; + } + break; + default: + LogDebug("Invalid algorithm in doing symmetric encryption"); + break; + } + + return cipher; +} + +TSS_RESULT +Trspi_SymEncrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32 in_len, BYTE *out, + UINT32 *out_len) +{ + TSS_RESULT result = TSS_SUCCESS; + EVP_CIPHER_CTX ctx; + EVP_CIPHER *cipher; + BYTE *def_iv = NULL, *outiv_ptr; + UINT32 tmp; + int iv_len, outiv_len; + + if (*out_len > INT_MAX) + outiv_len = INT_MAX; + else + outiv_len = *(int *)out_len; + + if ((cipher = get_openssl_cipher(alg, mode)) == NULL) + return TSPERR(TSS_E_INTERNAL_ERROR); + + EVP_CIPHER_CTX_init(&ctx); + + /* If the iv passed in is NULL, create a new random iv and prepend it to the ciphertext */ + iv_len = EVP_CIPHER_iv_length(cipher); + if (iv == NULL) { + def_iv = malloc(iv_len); + if (def_iv == NULL) { + LogError("malloc of %d bytes failed.", iv_len); + return TSPERR(TSS_E_OUTOFMEMORY); + } + RAND_bytes(def_iv, iv_len); + + memcpy(out, def_iv, iv_len); + outiv_ptr = &out[iv_len]; + outiv_len -= iv_len; + } else { + def_iv = iv; + outiv_ptr = out; + } + + if (!EVP_EncryptInit(&ctx, (const EVP_CIPHER *)cipher, key, def_iv)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + DEBUG_print_openssl_errors(); + goto done; + } + + if ((UINT32)outiv_len < in_len + (EVP_CIPHER_CTX_block_size(&ctx) * 2) - 1) { + LogDebug("Not enough space to do symmetric encryption"); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + if (!EVP_EncryptUpdate(&ctx, outiv_ptr, &outiv_len, in, in_len)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + DEBUG_print_openssl_errors(); + goto done; + } + + if (!EVP_EncryptFinal(&ctx, outiv_ptr + outiv_len, (int *)&tmp)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + DEBUG_print_openssl_errors(); + goto done; + } + + outiv_len += tmp; + *out_len = outiv_len; +done: + if (def_iv != iv) { + *out_len += iv_len; + free(def_iv); + } + EVP_CIPHER_CTX_cleanup(&ctx); + return result; +} + +TSS_RESULT +Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32 in_len, BYTE *out, + UINT32 *out_len) +{ + TSS_RESULT result = TSS_SUCCESS; + EVP_CIPHER_CTX ctx; + EVP_CIPHER *cipher; + BYTE *def_iv = NULL, *iniv_ptr; + UINT32 tmp; + int iv_len, iniv_len; + + if (in_len > INT_MAX) + return TSS_E_BAD_PARAMETER; + + if ((cipher = get_openssl_cipher(alg, mode)) == NULL) + return TSPERR(TSS_E_INTERNAL_ERROR); + + EVP_CIPHER_CTX_init(&ctx); + + /* If the iv is NULL, assume that its prepended to the ciphertext */ + if (iv == NULL) { + iv_len = EVP_CIPHER_iv_length(cipher); + def_iv = malloc(iv_len); + if (def_iv == NULL) { + LogError("malloc of %d bytes failed.", iv_len); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + memcpy(def_iv, in, iv_len); + iniv_ptr = &in[iv_len]; + iniv_len = in_len - iv_len; + } else { + def_iv = iv; + iniv_ptr = in; + iniv_len = in_len; + } + + if (!EVP_DecryptInit(&ctx, cipher, key, def_iv)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + DEBUG_print_openssl_errors(); + goto done; + } + + if (!EVP_DecryptUpdate(&ctx, out, (int *)out_len, iniv_ptr, iniv_len)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + DEBUG_print_openssl_errors(); + goto done; + } + + if (!EVP_DecryptFinal(&ctx, out + *out_len, (int *)&tmp)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + DEBUG_print_openssl_errors(); + goto done; + } + + *out_len += tmp; +done: + if (def_iv != iv) + free(def_iv); + EVP_CIPHER_CTX_cleanup(&ctx); + return result; +} diff --git a/src/trspi/trousers.c b/src/trspi/trousers.c new file mode 100644 index 0000000..04156a5 --- /dev/null +++ b/src/trspi/trousers.c @@ -0,0 +1,2840 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" +#include "tcs_tsp.h" + +void +Trspi_UnloadBlob_NONCE(UINT64 *offset, BYTE *blob, TPM_NONCE *n) +{ + if (!n) { + (*offset) += TPM_SHA1_160_HASH_LEN; + return; + } + + Trspi_UnloadBlob(offset, TPM_SHA1_160_HASH_LEN, blob, n->nonce); +} + +void +Trspi_LoadBlob_NONCE(UINT64 *offset, BYTE *blob, TPM_NONCE *n) +{ + Trspi_LoadBlob(offset, TPM_SHA1_160_HASH_LEN, blob, n->nonce); +} + +void +Trspi_LoadBlob_DIGEST(UINT64 *offset, BYTE *blob, TPM_DIGEST *digest) +{ + Trspi_LoadBlob(offset, TPM_SHA1_160_HASH_LEN, blob, digest->digest); +} + +void +Trspi_UnloadBlob_DIGEST(UINT64 *offset, BYTE *blob, TPM_DIGEST *digest) +{ + if (!digest) { + (*offset) += TPM_SHA1_160_HASH_LEN; + return; + } + + Trspi_UnloadBlob(offset, TPM_SHA1_160_HASH_LEN, blob, digest->digest); +} + +void +Trspi_LoadBlob_PUBKEY(UINT64 *offset, BYTE *blob, TCPA_PUBKEY *pubKey) +{ + Trspi_LoadBlob_KEY_PARMS(offset, blob, &pubKey->algorithmParms); + Trspi_LoadBlob_STORE_PUBKEY(offset, blob, &pubKey->pubKey); +} + +TSS_RESULT +Trspi_UnloadBlob_PUBKEY(UINT64 *offset, BYTE *blob, TCPA_PUBKEY *pubKey) +{ + TSS_RESULT result; + + if (!pubKey) { + (void)Trspi_UnloadBlob_KEY_PARMS(offset, blob, NULL); + (void)Trspi_UnloadBlob_STORE_PUBKEY(offset, blob, NULL); + + return TSS_SUCCESS; + } + + if ((result = Trspi_UnloadBlob_KEY_PARMS(offset, blob, &pubKey->algorithmParms))) + return result; + if ((result = Trspi_UnloadBlob_STORE_PUBKEY(offset, blob, &pubKey->pubKey))) { + free(pubKey->pubKey.key); + free(pubKey->algorithmParms.parms); + pubKey->pubKey.key = NULL; + pubKey->pubKey.keyLength = 0; + pubKey->algorithmParms.parms = NULL; + pubKey->algorithmParms.parmSize = 0; + return result; + } + + return TSS_SUCCESS; +} + +void +Trspi_LoadBlob(UINT64 *offset, size_t size, BYTE *to, BYTE *from) +{ + if (size == 0) + return; + + if ((*offset + size) > TSS_TPM_TXBLOB_SIZE) + return; + + if (to) + memcpy(&to[(*offset)], from, size); + (*offset) += size; +} + +void +Trspi_UnloadBlob(UINT64 *offset, size_t size, BYTE *from, BYTE *to) +{ + if (size <= 0) + return; + + if ((*offset + size) > TSS_TPM_TXBLOB_SIZE) + return; + + if (to) + memcpy(to, &from[*offset], size); + (*offset) += size; +} + +void +Trspi_LoadBlob_BYTE(UINT64 *offset, BYTE data, BYTE *blob) +{ + if ((*offset + sizeof(BYTE)) > TSS_TPM_TXBLOB_SIZE) + return; + + if (blob) + blob[*offset] = data; + (*offset)++; +} + +void +Trspi_UnloadBlob_BYTE(UINT64 *offset, BYTE *dataOut, BYTE *blob) +{ + if ((*offset + sizeof(BYTE)) > TSS_TPM_TXBLOB_SIZE) + return; + + if (dataOut) + *dataOut = blob[*offset]; + (*offset)++; +} + +void +Trspi_LoadBlob_BOOL(UINT64 *offset, TSS_BOOL data, BYTE *blob) +{ + if (blob) + blob[*offset] = (BYTE) data; + (*offset)++; +} + +void +Trspi_UnloadBlob_BOOL(UINT64 *offset, TSS_BOOL *dataOut, BYTE *blob) +{ + if (dataOut) + *dataOut = blob[*offset]; + (*offset)++; +} + +void +Trspi_LoadBlob_UINT64(UINT64 *offset, UINT64 in, BYTE *blob) +{ + if ((*offset + sizeof(UINT64)) > TSS_TPM_TXBLOB_SIZE) + return; + + if (blob) + UINT64ToArray(in, &blob[*offset]); + (*offset) += sizeof(UINT64); +} + +void +Trspi_LoadBlob_UINT32(UINT64 *offset, UINT32 in, BYTE *blob) +{ + if ((*offset + sizeof(UINT32)) > TSS_TPM_TXBLOB_SIZE) + return; + + if (blob) + UINT32ToArray(in, &blob[*offset]); + (*offset) += sizeof(UINT32); +} + +void +Trspi_LoadBlob_UINT16(UINT64 *offset, UINT16 in, BYTE *blob) +{ + if ((*offset + sizeof(UINT16)) > TSS_TPM_TXBLOB_SIZE) + return; + + if (blob) + UINT16ToArray(in, &blob[*offset]); + (*offset) += sizeof(UINT16); +} + +void +Trspi_UnloadBlob_UINT64(UINT64 *offset, UINT64 *out, BYTE *blob) +{ + if ((*offset + sizeof(UINT64)) > TSS_TPM_TXBLOB_SIZE) + return; + + if (out) + *out = Decode_UINT64(&blob[*offset]); + (*offset) += sizeof(UINT64); +} + +void +Trspi_UnloadBlob_UINT32(UINT64 *offset, UINT32 *out, BYTE *blob) +{ + if ((*offset + sizeof(UINT32)) > TSS_TPM_TXBLOB_SIZE) + return; + + if (out) + *out = Decode_UINT32(&blob[*offset]); + (*offset) += sizeof(UINT32); +} + +void +Trspi_UnloadBlob_UINT16(UINT64 *offset, UINT16 *out, BYTE *blob) +{ + if ((*offset + sizeof(UINT16)) > TSS_TPM_TXBLOB_SIZE) + return; + + if (out) + *out = Decode_UINT16(&blob[*offset]); + (*offset) += sizeof(UINT16); +} + +void +Trspi_LoadBlob_RSA_KEY_PARMS(UINT64 *offset, BYTE *blob, TCPA_RSA_KEY_PARMS *parms) +{ + Trspi_LoadBlob_UINT32(offset, parms->keyLength, blob); + Trspi_LoadBlob_UINT32(offset, parms->numPrimes, blob); + Trspi_LoadBlob_UINT32(offset, parms->exponentSize, blob); + + if (parms->exponentSize > 0) + Trspi_LoadBlob(offset, parms->exponentSize, blob, parms->exponent); +} + +void +Trspi_UnloadBlob_TSS_VERSION(UINT64 *offset, BYTE *blob, TSS_VERSION *out) +{ + if (!out) { + Trspi_UnloadBlob_BYTE(offset, NULL, blob); + Trspi_UnloadBlob_BYTE(offset, NULL, blob); + Trspi_UnloadBlob_BYTE(offset, NULL, blob); + Trspi_UnloadBlob_BYTE(offset, NULL, blob); + + return; + } + + Trspi_UnloadBlob_BYTE(offset, &out->bMajor, blob); + Trspi_UnloadBlob_BYTE(offset, &out->bMinor, blob); + Trspi_UnloadBlob_BYTE(offset, &out->bRevMajor, blob); + Trspi_UnloadBlob_BYTE(offset, &out->bRevMinor, blob); +} + +void +Trspi_LoadBlob_TSS_VERSION(UINT64 *offset, BYTE *blob, TSS_VERSION version) +{ + Trspi_LoadBlob_BYTE(offset, version.bMajor, blob); + Trspi_LoadBlob_BYTE(offset, version.bMinor, blob); + Trspi_LoadBlob_BYTE(offset, version.bRevMajor, blob); + Trspi_LoadBlob_BYTE(offset, version.bRevMinor, blob); +} + +void +Trspi_UnloadBlob_TCPA_VERSION(UINT64 *offset, BYTE *blob, TCPA_VERSION *out) +{ + if (!out) { + Trspi_UnloadBlob_BYTE(offset, NULL, blob); + Trspi_UnloadBlob_BYTE(offset, NULL, blob); + Trspi_UnloadBlob_BYTE(offset, NULL, blob); + Trspi_UnloadBlob_BYTE(offset, NULL, blob); + + return; + } + + Trspi_UnloadBlob_BYTE(offset, &out->major, blob); + Trspi_UnloadBlob_BYTE(offset, &out->minor, blob); + Trspi_UnloadBlob_BYTE(offset, &out->revMajor, blob); + Trspi_UnloadBlob_BYTE(offset, &out->revMinor, blob); +} + +void +Trspi_LoadBlob_TCPA_VERSION(UINT64 *offset, BYTE *blob, TCPA_VERSION version) +{ + Trspi_LoadBlob_BYTE(offset, version.major, blob); + Trspi_LoadBlob_BYTE(offset, version.minor, blob); + Trspi_LoadBlob_BYTE(offset, version.revMajor, blob); + Trspi_LoadBlob_BYTE(offset, version.revMinor, blob); +} + +TSS_RESULT +Trspi_UnloadBlob_PCR_INFO(UINT64 *offset, BYTE *blob, TCPA_PCR_INFO *pcr) +{ + TSS_RESULT result; + + if (!pcr) { + (void)Trspi_UnloadBlob_PCR_SELECTION(offset, blob, NULL); + Trspi_UnloadBlob_DIGEST(offset, blob, NULL); + Trspi_UnloadBlob_DIGEST(offset, blob, NULL); + + return TSS_SUCCESS; + } + + if ((result = Trspi_UnloadBlob_PCR_SELECTION(offset, blob, &pcr->pcrSelection))) + return result; + Trspi_UnloadBlob_DIGEST(offset, blob, &pcr->digestAtRelease); + Trspi_UnloadBlob_DIGEST(offset, blob, &pcr->digestAtCreation); + + return TSS_SUCCESS; +} + +void +Trspi_LoadBlob_PCR_INFO(UINT64 *offset, BYTE *blob, TCPA_PCR_INFO *pcr) +{ + Trspi_LoadBlob_PCR_SELECTION(offset, blob, &pcr->pcrSelection); + Trspi_LoadBlob_DIGEST(offset, blob, &pcr->digestAtRelease); + Trspi_LoadBlob_DIGEST(offset, blob, &pcr->digestAtCreation); +} + +TSS_RESULT +Trspi_UnloadBlob_PCR_INFO_LONG(UINT64 *offset, BYTE *blob, TPM_PCR_INFO_LONG *pcr) +{ + TSS_RESULT result; + + if (!pcr) { + Trspi_UnloadBlob_UINT16(offset, NULL, blob); + Trspi_UnloadBlob_BYTE(offset, NULL, blob); + Trspi_UnloadBlob_BYTE(offset, NULL, blob); + Trspi_UnloadBlob_PCR_SELECTION(offset, blob, NULL); + Trspi_UnloadBlob_PCR_SELECTION(offset, blob, NULL); + Trspi_UnloadBlob_DIGEST(offset, blob, NULL); + Trspi_UnloadBlob_DIGEST(offset, blob, NULL); + + return TSS_SUCCESS; + } + + Trspi_UnloadBlob_UINT16(offset, &pcr->tag, blob); + Trspi_UnloadBlob_BYTE(offset, &pcr->localityAtCreation, blob); + Trspi_UnloadBlob_BYTE(offset, &pcr->localityAtRelease, blob); + if ((result = Trspi_UnloadBlob_PCR_SELECTION(offset, blob, &pcr->creationPCRSelection))) + return result; + if ((result = Trspi_UnloadBlob_PCR_SELECTION(offset, blob, &pcr->releasePCRSelection))) + return result; + Trspi_UnloadBlob_DIGEST(offset, blob, &pcr->digestAtCreation); + Trspi_UnloadBlob_DIGEST(offset, blob, &pcr->digestAtRelease); + + return TSS_SUCCESS; +} + +void +Trspi_LoadBlob_PCR_INFO_LONG(UINT64 *offset, BYTE *blob, TPM_PCR_INFO_LONG *pcr) +{ + Trspi_LoadBlob_UINT16(offset, pcr->tag, blob); + Trspi_LoadBlob_BYTE(offset, pcr->localityAtCreation, blob); + Trspi_LoadBlob_BYTE(offset, pcr->localityAtRelease, blob); + Trspi_LoadBlob_PCR_SELECTION(offset, blob, &pcr->creationPCRSelection); + Trspi_LoadBlob_PCR_SELECTION(offset, blob, &pcr->releasePCRSelection); + Trspi_LoadBlob_DIGEST(offset, blob, &pcr->digestAtCreation); + Trspi_LoadBlob_DIGEST(offset, blob, &pcr->digestAtRelease); +} + +TSS_RESULT +Trspi_UnloadBlob_PCR_INFO_SHORT(UINT64 *offset, BYTE *blob, TPM_PCR_INFO_SHORT *pcr) +{ + TSS_RESULT result; + + if (!pcr) { + Trspi_UnloadBlob_PCR_SELECTION(offset, blob, NULL); + Trspi_UnloadBlob_BYTE(offset, NULL, blob); + Trspi_UnloadBlob_DIGEST(offset, blob, NULL); + + return TSS_SUCCESS; + } + + if ((result = Trspi_UnloadBlob_PCR_SELECTION(offset, blob, &pcr->pcrSelection))) + return result; + Trspi_UnloadBlob_BYTE(offset, &pcr->localityAtRelease, blob); + Trspi_UnloadBlob_DIGEST(offset, blob, &pcr->digestAtRelease); + + return TSS_SUCCESS; +} + +void +Trspi_LoadBlob_PCR_INFO_SHORT(UINT64 *offset, BYTE *blob, TPM_PCR_INFO_SHORT *pcr) +{ + Trspi_LoadBlob_PCR_SELECTION(offset, blob, &pcr->pcrSelection); + Trspi_LoadBlob_BYTE(offset, pcr->localityAtRelease, blob); + Trspi_LoadBlob_DIGEST(offset, blob, &pcr->digestAtRelease); +} + +TSS_RESULT +Trspi_UnloadBlob_PCR_SELECTION(UINT64 *offset, BYTE *blob, TCPA_PCR_SELECTION *pcr) +{ + if (!pcr) { + UINT16 sizeOfSelect; + + Trspi_UnloadBlob_UINT16(offset, &sizeOfSelect, blob); + Trspi_UnloadBlob(offset, sizeOfSelect, blob, NULL); + + return TSS_SUCCESS; + } + + Trspi_UnloadBlob_UINT16(offset, &pcr->sizeOfSelect, blob); + + if (pcr->sizeOfSelect > 0) { + pcr->pcrSelect = calloc(1, pcr->sizeOfSelect); + if (pcr->pcrSelect == NULL) { + LogError("malloc of %u bytes failed.", pcr->sizeOfSelect); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + Trspi_UnloadBlob(offset, pcr->sizeOfSelect, blob, pcr->pcrSelect); + } else { + pcr->pcrSelect = NULL; + } + + return TSS_SUCCESS; +} + +void +Trspi_LoadBlob_PCR_SELECTION(UINT64 *offset, BYTE *blob, TCPA_PCR_SELECTION *pcr) +{ + UINT16 i; + + Trspi_LoadBlob_UINT16(offset, pcr->sizeOfSelect, blob); + for (i = 0; i < pcr->sizeOfSelect; i++) + Trspi_LoadBlob_BYTE(offset, pcr->pcrSelect[i], blob); +} + +void +Trspi_LoadBlob_KEY12(UINT64 *offset, BYTE *blob, TPM_KEY12 *key) +{ + Trspi_LoadBlob_UINT16(offset, key->tag, blob); + Trspi_LoadBlob_UINT16(offset, key->fill, blob); + Trspi_LoadBlob_UINT16(offset, key->keyUsage, blob); + Trspi_LoadBlob_KEY_FLAGS(offset, blob, &key->keyFlags); + Trspi_LoadBlob_BYTE(offset, key->authDataUsage, blob); + Trspi_LoadBlob_KEY_PARMS(offset, blob, &key->algorithmParms); + Trspi_LoadBlob_UINT32(offset, key->PCRInfoSize, blob); + Trspi_LoadBlob(offset, key->PCRInfoSize, blob, key->PCRInfo); + Trspi_LoadBlob_STORE_PUBKEY(offset, blob, &key->pubKey); + Trspi_LoadBlob_UINT32(offset, key->encSize, blob); + Trspi_LoadBlob(offset, key->encSize, blob, key->encData); +} + +void +Trspi_LoadBlob_KEY(UINT64 *offset, BYTE *blob, TCPA_KEY *key) +{ + Trspi_LoadBlob_TCPA_VERSION(offset, blob, key->ver); + Trspi_LoadBlob_UINT16(offset, key->keyUsage, blob); + Trspi_LoadBlob_KEY_FLAGS(offset, blob, &key->keyFlags); + Trspi_LoadBlob_BYTE(offset, key->authDataUsage, blob); + Trspi_LoadBlob_KEY_PARMS(offset, blob, &key->algorithmParms); + Trspi_LoadBlob_UINT32(offset, key->PCRInfoSize, blob); + Trspi_LoadBlob(offset, key->PCRInfoSize, blob, key->PCRInfo); + Trspi_LoadBlob_STORE_PUBKEY(offset, blob, &key->pubKey); + Trspi_LoadBlob_UINT32(offset, key->encSize, blob); + Trspi_LoadBlob(offset, key->encSize, blob, key->encData); +} + +void +Trspi_LoadBlob_KEY_FLAGS(UINT64 *offset, BYTE *blob, TCPA_KEY_FLAGS *flags) +{ + Trspi_LoadBlob_UINT32(offset, *flags, blob); +} + +void +Trspi_UnloadBlob_KEY_FLAGS(UINT64 *offset, BYTE *blob, TCPA_KEY_FLAGS *flags) +{ + Trspi_UnloadBlob_UINT32(offset, flags, blob); +} + +void +Trspi_LoadBlob_KEY_PARMS(UINT64 *offset, BYTE *blob, TCPA_KEY_PARMS *keyInfo) +{ + Trspi_LoadBlob_UINT32(offset, keyInfo->algorithmID, blob); + Trspi_LoadBlob_UINT16(offset, keyInfo->encScheme, blob); + Trspi_LoadBlob_UINT16(offset, keyInfo->sigScheme, blob); + Trspi_LoadBlob_UINT32(offset, keyInfo->parmSize, blob); + + if (keyInfo->parmSize > 0) + Trspi_LoadBlob(offset, keyInfo->parmSize, blob, keyInfo->parms); +} + +void +Trspi_LoadBlob_STORE_PUBKEY(UINT64 *offset, BYTE *blob, TCPA_STORE_PUBKEY *store) +{ + Trspi_LoadBlob_UINT32(offset, store->keyLength, blob); + Trspi_LoadBlob(offset, store->keyLength, blob, store->key); +} + +void +Trspi_LoadBlob_UUID(UINT64 *offset, BYTE *blob, TSS_UUID uuid) +{ + Trspi_LoadBlob_UINT32(offset, uuid.ulTimeLow, blob); + Trspi_LoadBlob_UINT16(offset, uuid.usTimeMid, blob); + Trspi_LoadBlob_UINT16(offset, uuid.usTimeHigh, blob); + Trspi_LoadBlob_BYTE(offset, uuid.bClockSeqHigh, blob); + Trspi_LoadBlob_BYTE(offset, uuid.bClockSeqLow, blob); + Trspi_LoadBlob(offset, 6, blob, uuid.rgbNode); +} + +void +Trspi_UnloadBlob_UUID(UINT64 *offset, BYTE *blob, TSS_UUID *uuid) +{ + if (!uuid) { + Trspi_UnloadBlob_UINT32(offset, NULL, blob); + Trspi_UnloadBlob_UINT16(offset, NULL, blob); + Trspi_UnloadBlob_UINT16(offset, NULL, blob); + Trspi_UnloadBlob_BYTE(offset, NULL, blob); + Trspi_UnloadBlob_BYTE(offset, NULL, blob); + Trspi_UnloadBlob(offset, 6, blob, NULL); + + return; + } + + memset(uuid, 0, sizeof(TSS_UUID)); + Trspi_UnloadBlob_UINT32(offset, &uuid->ulTimeLow, blob); + Trspi_UnloadBlob_UINT16(offset, &uuid->usTimeMid, blob); + Trspi_UnloadBlob_UINT16(offset, &uuid->usTimeHigh, blob); + Trspi_UnloadBlob_BYTE(offset, &uuid->bClockSeqHigh, blob); + Trspi_UnloadBlob_BYTE(offset, &uuid->bClockSeqLow, blob); + Trspi_UnloadBlob(offset, 6, blob, uuid->rgbNode); +} + +TSS_RESULT +Trspi_UnloadBlob_KEY_PARMS(UINT64 *offset, BYTE *blob, TCPA_KEY_PARMS *keyParms) +{ + if (!keyParms) { + UINT32 parmSize; + + Trspi_UnloadBlob_UINT32(offset, NULL, blob); + Trspi_UnloadBlob_UINT16(offset, NULL, blob); + Trspi_UnloadBlob_UINT16(offset, NULL, blob); + Trspi_UnloadBlob_UINT32(offset, &parmSize, blob); + + (*offset) += parmSize; + + return TSS_SUCCESS; + } + + Trspi_UnloadBlob_UINT32(offset, &keyParms->algorithmID, blob); + Trspi_UnloadBlob_UINT16(offset, &keyParms->encScheme, blob); + Trspi_UnloadBlob_UINT16(offset, &keyParms->sigScheme, blob); + Trspi_UnloadBlob_UINT32(offset, &keyParms->parmSize, blob); + + if (keyParms->parmSize > 0) { + keyParms->parms = malloc(keyParms->parmSize); + if (keyParms->parms == NULL) { + LogError("malloc of %u bytes failed.", keyParms->parmSize); + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(offset, keyParms->parmSize, blob, keyParms->parms); + } else { + keyParms->parms = NULL; + } + + return TSS_SUCCESS; +} + +TSS_RESULT +Trspi_UnloadBlob_KEY12(UINT64 *offset, BYTE *blob, TPM_KEY12 *key) +{ + TSS_RESULT result; + + if (!key) { + UINT32 PCRInfoSize, encSize; + + Trspi_UnloadBlob_UINT16(offset, NULL, blob); + Trspi_UnloadBlob_UINT16(offset, NULL, blob); + Trspi_UnloadBlob_UINT16(offset, NULL, blob); + Trspi_UnloadBlob_KEY_FLAGS(offset, blob, NULL); + Trspi_UnloadBlob_BYTE(offset, NULL, blob); + Trspi_UnloadBlob_KEY_PARMS(offset, blob, NULL); + Trspi_UnloadBlob_UINT32(offset, &PCRInfoSize, blob); + Trspi_UnloadBlob(offset, PCRInfoSize, blob, NULL); + Trspi_UnloadBlob_STORE_PUBKEY(offset, blob, NULL); + Trspi_UnloadBlob_UINT32(offset, &encSize, blob); + Trspi_UnloadBlob(offset, encSize, blob, NULL); + + return TSS_SUCCESS; + } + + Trspi_UnloadBlob_UINT16(offset, &key->tag, blob); + Trspi_UnloadBlob_UINT16(offset, &key->fill, blob); + Trspi_UnloadBlob_UINT16(offset, &key->keyUsage, blob); + Trspi_UnloadBlob_KEY_FLAGS(offset, blob, &key->keyFlags); + Trspi_UnloadBlob_BYTE(offset, &key->authDataUsage, blob); + if ((result = Trspi_UnloadBlob_KEY_PARMS(offset, (BYTE *) blob, &key->algorithmParms))) + return result; + Trspi_UnloadBlob_UINT32(offset, &key->PCRInfoSize, blob); + + if (key->PCRInfoSize > 0) { + key->PCRInfo = malloc(key->PCRInfoSize); + if (key->PCRInfo == NULL) { + LogError("malloc of %d bytes failed.", key->PCRInfoSize); + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(offset, key->PCRInfoSize, blob, key->PCRInfo); + } else { + key->PCRInfo = NULL; + } + + if ((result = Trspi_UnloadBlob_STORE_PUBKEY(offset, blob, &key->pubKey))) + return result; + Trspi_UnloadBlob_UINT32(offset, &key->encSize, blob); + + if (key->encSize > 0) { + key->encData = malloc(key->encSize); + if (key->encData == NULL) { + LogError("malloc of %d bytes failed.", key->encSize); + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(offset, key->encSize, blob, key->encData); + } else { + key->encData = NULL; + } + + return result; +} + +TSS_RESULT +Trspi_UnloadBlob_KEY(UINT64 *offset, BYTE *blob, TCPA_KEY *key) +{ + TSS_RESULT result; + + if (!key) { + UINT32 PCRInfoSize, encSize; + + Trspi_UnloadBlob_TCPA_VERSION(offset, blob, NULL); + Trspi_UnloadBlob_UINT16(offset, NULL, blob); + Trspi_UnloadBlob_KEY_FLAGS(offset, blob, NULL); + Trspi_UnloadBlob_BYTE(offset, NULL, blob); + Trspi_UnloadBlob_KEY_PARMS(offset, blob, NULL); + Trspi_UnloadBlob_UINT32(offset, &PCRInfoSize, blob); + Trspi_UnloadBlob(offset, PCRInfoSize, blob, NULL); + Trspi_UnloadBlob_STORE_PUBKEY(offset, blob, NULL); + Trspi_UnloadBlob_UINT32(offset, &encSize, blob); + Trspi_UnloadBlob(offset, encSize, blob, NULL); + + return TSS_SUCCESS; + } + + Trspi_UnloadBlob_TCPA_VERSION(offset, blob, &key->ver); + Trspi_UnloadBlob_UINT16(offset, &key->keyUsage, blob); + Trspi_UnloadBlob_KEY_FLAGS(offset, blob, &key->keyFlags); + Trspi_UnloadBlob_BYTE(offset, &key->authDataUsage, blob); + if ((result = Trspi_UnloadBlob_KEY_PARMS(offset, (BYTE *) blob, &key->algorithmParms))) + return result; + Trspi_UnloadBlob_UINT32(offset, &key->PCRInfoSize, blob); + + if (key->PCRInfoSize > 0) { + key->PCRInfo = malloc(key->PCRInfoSize); + if (key->PCRInfo == NULL) { + LogError("malloc of %d bytes failed.", key->PCRInfoSize); + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(offset, key->PCRInfoSize, blob, key->PCRInfo); + } else { + key->PCRInfo = NULL; + } + + if ((result = Trspi_UnloadBlob_STORE_PUBKEY(offset, blob, &key->pubKey))) + return result; + Trspi_UnloadBlob_UINT32(offset, &key->encSize, blob); + + if (key->encSize > 0) { + key->encData = malloc(key->encSize); + if (key->encData == NULL) { + LogError("malloc of %d bytes failed.", key->encSize); + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(offset, key->encSize, blob, key->encData); + } else { + key->encData = NULL; + } + + return result; +} + +TSS_RESULT +Trspi_UnloadBlob_STORE_PUBKEY(UINT64 *offset, BYTE *blob, TCPA_STORE_PUBKEY *store) +{ + if (!store) { + UINT32 keyLength; + + Trspi_UnloadBlob_UINT32(offset, &keyLength, blob); + Trspi_UnloadBlob(offset, keyLength, blob, NULL); + + return TSS_SUCCESS; + } + + Trspi_UnloadBlob_UINT32(offset, &store->keyLength, blob); + + if (store->keyLength > 0) { + store->key = malloc(store->keyLength); + if (store->key == NULL) { + LogError("malloc of %d bytes failed.", store->keyLength); + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(offset, store->keyLength, blob, store->key); + } else { + store->key = NULL; + } + + return TSS_SUCCESS; +} + +void +Trspi_UnloadBlob_VERSION(UINT64 *offset, BYTE *blob, TCPA_VERSION *out) +{ + if (!out) { + Trspi_UnloadBlob_BYTE(offset, NULL, blob); + Trspi_UnloadBlob_BYTE(offset, NULL, blob); + Trspi_UnloadBlob_BYTE(offset, NULL, blob); + Trspi_UnloadBlob_BYTE(offset, NULL, blob); + + return; + } + + Trspi_UnloadBlob_BYTE(offset, &out->major, blob); + Trspi_UnloadBlob_BYTE(offset, &out->minor, blob); + Trspi_UnloadBlob_BYTE(offset, &out->revMajor, blob); + Trspi_UnloadBlob_BYTE(offset, &out->revMinor, blob); +} + +TSS_RESULT +Trspi_UnloadBlob_KM_KEYINFO(UINT64 *offset, BYTE *blob, TSS_KM_KEYINFO *info) +{ + if (!info) { + UINT32 ulVendorDataLength; + + Trspi_UnloadBlob_TSS_VERSION(offset, blob, NULL); + Trspi_UnloadBlob_UUID(offset, blob, NULL); + Trspi_UnloadBlob_UUID(offset, blob, NULL); + Trspi_UnloadBlob_BYTE(offset, NULL, blob); + Trspi_UnloadBlob_BOOL(offset, NULL, blob); + Trspi_UnloadBlob_UINT32(offset, &ulVendorDataLength, blob); + + (*offset) += ulVendorDataLength; + + return TSS_SUCCESS; + } + + Trspi_UnloadBlob_TSS_VERSION(offset, blob, &info->versionInfo); + Trspi_UnloadBlob_UUID(offset, blob, &info->keyUUID); + Trspi_UnloadBlob_UUID(offset, blob, &info->parentKeyUUID); + Trspi_UnloadBlob_BYTE(offset, &info->bAuthDataUsage, blob); + Trspi_UnloadBlob_BOOL(offset, &info->fIsLoaded, blob); + Trspi_UnloadBlob_UINT32(offset, &info->ulVendorDataLength, blob); + if (info->ulVendorDataLength > 0){ + /* allocate space for vendor data */ + info->rgbVendorData = malloc(info->ulVendorDataLength); + if (info->rgbVendorData == NULL) { + LogError("malloc of %u bytes failed.", info->ulVendorDataLength); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + Trspi_UnloadBlob(offset, info->ulVendorDataLength, blob, info->rgbVendorData); + } else + info->rgbVendorData = NULL; + + return TSS_SUCCESS; +} + +TSS_RESULT +Trspi_UnloadBlob_KM_KEYINFO2(UINT64 *offset, BYTE *blob, TSS_KM_KEYINFO2 *info) +{ + if (!info) { + UINT32 ulVendorDataLength; + + Trspi_UnloadBlob_TSS_VERSION(offset, blob, NULL); + Trspi_UnloadBlob_UUID(offset, blob, NULL); + Trspi_UnloadBlob_UUID(offset, blob, NULL); + Trspi_UnloadBlob_BYTE(offset, NULL, blob); + Trspi_UnloadBlob_UINT32(offset, NULL, blob); + Trspi_UnloadBlob_UINT32(offset, NULL, blob); + Trspi_UnloadBlob_BOOL(offset, NULL, blob); + Trspi_UnloadBlob_UINT32(offset, &ulVendorDataLength, blob); + + (*offset) += ulVendorDataLength; + + return TSS_SUCCESS; + } + + Trspi_UnloadBlob_TSS_VERSION(offset, blob, &info->versionInfo); + Trspi_UnloadBlob_UUID(offset, blob, &info->keyUUID); + Trspi_UnloadBlob_UUID(offset, blob, &info->parentKeyUUID); + Trspi_UnloadBlob_BYTE(offset, &info->bAuthDataUsage, blob); + /* Takes data regarding the new 2 fields of TSS_KM_KEYINFO2 */ + Trspi_UnloadBlob_UINT32(offset, &info->persistentStorageType, blob); + Trspi_UnloadBlob_UINT32(offset, &info->persistentStorageTypeParent, blob); + Trspi_UnloadBlob_BOOL(offset, &info->fIsLoaded, blob); + Trspi_UnloadBlob_UINT32(offset, &info->ulVendorDataLength, blob); + if (info->ulVendorDataLength > 0) { + /* allocate space for vendor data */ + info->rgbVendorData = malloc(info->ulVendorDataLength); + if (info->rgbVendorData == NULL) { + LogError("malloc of %u bytes failed.", info->ulVendorDataLength); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + Trspi_UnloadBlob(offset, info->ulVendorDataLength, blob, info->rgbVendorData); + } else + info->rgbVendorData = NULL; + + return TSS_SUCCESS; +} + +void +Trspi_LoadBlob_PCR_EVENT(UINT64 *offset, BYTE *blob, TSS_PCR_EVENT *event) +{ + Trspi_LoadBlob_TCPA_VERSION(offset, blob, *(TCPA_VERSION *)(&event->versionInfo)); + Trspi_LoadBlob_UINT32(offset, event->ulPcrIndex, blob); + Trspi_LoadBlob_UINT32(offset, event->eventType, blob); + + Trspi_LoadBlob_UINT32(offset, event->ulPcrValueLength, blob); + if (event->ulPcrValueLength > 0) + Trspi_LoadBlob(offset, event->ulPcrValueLength, blob, event->rgbPcrValue); + + Trspi_LoadBlob_UINT32(offset, event->ulEventLength, blob); + if (event->ulEventLength > 0) + Trspi_LoadBlob(offset, event->ulEventLength, blob, event->rgbEvent); + +} + +TSS_RESULT +Trspi_UnloadBlob_PCR_EVENT(UINT64 *offset, BYTE *blob, TSS_PCR_EVENT *event) +{ + if (!event) { + UINT32 ulPcrValueLength, ulEventLength; + + Trspi_UnloadBlob_VERSION(offset, blob, NULL); + Trspi_UnloadBlob_UINT32(offset, NULL, blob); + Trspi_UnloadBlob_UINT32(offset, NULL, blob); + + Trspi_UnloadBlob_UINT32(offset, &ulPcrValueLength, blob); + (*offset) += ulPcrValueLength; + + Trspi_UnloadBlob_UINT32(offset, &ulEventLength, blob); + (*offset) += ulEventLength; + + return TSS_SUCCESS; + } + + Trspi_UnloadBlob_VERSION(offset, blob, (TCPA_VERSION *)&(event->versionInfo)); + Trspi_UnloadBlob_UINT32(offset, &event->ulPcrIndex, blob); + Trspi_UnloadBlob_UINT32(offset, &event->eventType, blob); + + Trspi_UnloadBlob_UINT32(offset, &event->ulPcrValueLength, blob); + if (event->ulPcrValueLength > 0) { + event->rgbPcrValue = malloc(event->ulPcrValueLength); + if (event->rgbPcrValue == NULL) { + LogError("malloc of %u bytes failed.", event->ulPcrValueLength); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + Trspi_UnloadBlob(offset, event->ulPcrValueLength, blob, event->rgbPcrValue); + } else { + event->rgbPcrValue = NULL; + } + + Trspi_UnloadBlob_UINT32(offset, &event->ulEventLength, blob); + if (event->ulEventLength > 0) { + event->rgbEvent = malloc(event->ulEventLength); + if (event->rgbEvent == NULL) { + LogError("malloc of %d bytes failed.", event->ulEventLength); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + Trspi_UnloadBlob(offset, event->ulEventLength, blob, event->rgbEvent); + } else { + event->rgbEvent = NULL; + } + + return TSS_SUCCESS; +} + +/* loads a blob with the info needed to hash when creating the private key area + * of a TPM_KEY(12) from an external source + */ +void +Trspi_LoadBlob_PRIVKEY_DIGEST12(UINT64 *offset, BYTE *blob, TPM_KEY12 *key) +{ + Trspi_LoadBlob_UINT16(offset, key->tag, blob); + Trspi_LoadBlob_UINT16(offset, key->fill, blob); + Trspi_LoadBlob_UINT16(offset, key->keyUsage, blob); + Trspi_LoadBlob_KEY_FLAGS(offset, blob, &key->keyFlags); + Trspi_LoadBlob_BYTE(offset, key->authDataUsage, blob); + Trspi_LoadBlob_KEY_PARMS(offset, blob, &key->algorithmParms); + + Trspi_LoadBlob_UINT32(offset, key->PCRInfoSize, blob); + /* exclude pcrInfo when PCRInfoSize is 0 as spec'd in TPM 1.1b spec p.71 */ + if (key->PCRInfoSize != 0) + Trspi_LoadBlob(offset, key->PCRInfoSize, blob, key->PCRInfo); + + Trspi_LoadBlob_STORE_PUBKEY(offset, blob, &key->pubKey); + /* exclude encSize, encData as spec'd in TPM 1.1b spec p.71 */ +} + +void +Trspi_LoadBlob_PRIVKEY_DIGEST(UINT64 *offset, BYTE *blob, TCPA_KEY *key) +{ + Trspi_LoadBlob_TCPA_VERSION(offset, blob, key->ver); + Trspi_LoadBlob_UINT16(offset, key->keyUsage, blob); + Trspi_LoadBlob_KEY_FLAGS(offset, blob, &key->keyFlags); + Trspi_LoadBlob_BYTE(offset, key->authDataUsage, blob); + Trspi_LoadBlob_KEY_PARMS(offset, blob, &key->algorithmParms); + + Trspi_LoadBlob_UINT32(offset, key->PCRInfoSize, blob); + /* exclude pcrInfo when PCRInfoSize is 0 as spec'd in TPM 1.1b spec p.71 */ + if (key->PCRInfoSize != 0) + Trspi_LoadBlob(offset, key->PCRInfoSize, blob, key->PCRInfo); + + Trspi_LoadBlob_STORE_PUBKEY(offset, blob, &key->pubKey); + /* exclude encSize, encData as spec'd in TPM 1.1b spec p.71 */ +} + +void +Trspi_LoadBlob_SYMMETRIC_KEY(UINT64 *offset, BYTE *blob, TCPA_SYMMETRIC_KEY *key) +{ + Trspi_LoadBlob_UINT32(offset, key->algId, blob); + Trspi_LoadBlob_UINT16(offset, key->encScheme, blob); + Trspi_LoadBlob_UINT16(offset, key->size, blob); + + if (key->size > 0) + Trspi_LoadBlob(offset, key->size, blob, key->data); +} + +TSS_RESULT +Trspi_UnloadBlob_SYMMETRIC_KEY(UINT64 *offset, BYTE *blob, TCPA_SYMMETRIC_KEY *key) +{ + if (!key) { + UINT16 size; + + Trspi_UnloadBlob_UINT32(offset, NULL, blob); + Trspi_UnloadBlob_UINT16(offset, NULL, blob); + Trspi_UnloadBlob_UINT16(offset, &size, blob); + (*offset) += size; + + return TSS_SUCCESS; + } + + Trspi_UnloadBlob_UINT32(offset, &key->algId, blob); + Trspi_UnloadBlob_UINT16(offset, &key->encScheme, blob); + Trspi_UnloadBlob_UINT16(offset, &key->size, blob); + + if (key->size > 0) { + key->data = malloc(key->size); + if (key->data == NULL) { + key->size = 0; + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(offset, key->size, blob, key->data); + } else { + key->data = NULL; + } + + return TSS_SUCCESS; +} + +void +Trspi_LoadBlob_IDENTITY_REQ(UINT64 *offset, BYTE *blob, TCPA_IDENTITY_REQ *req) +{ + Trspi_LoadBlob_UINT32(offset, req->asymSize, blob); + Trspi_LoadBlob_UINT32(offset, req->symSize, blob); + Trspi_LoadBlob_KEY_PARMS(offset, blob, &req->asymAlgorithm); + Trspi_LoadBlob_KEY_PARMS(offset, blob, &req->symAlgorithm); + Trspi_LoadBlob(offset, req->asymSize, blob, req->asymBlob); + Trspi_LoadBlob(offset, req->symSize, blob, req->symBlob); +} + +void +Trspi_LoadBlob_CHANGEAUTH_VALIDATE(UINT64 *offset, BYTE *blob, TPM_CHANGEAUTH_VALIDATE *caValidate) +{ + Trspi_LoadBlob(offset, TCPA_SHA1_160_HASH_LEN, blob, caValidate->newAuthSecret.authdata); + Trspi_LoadBlob(offset, TCPA_SHA1_160_HASH_LEN, blob, caValidate->n1.nonce); +} + +TSS_RESULT +Trspi_UnloadBlob_IDENTITY_REQ(UINT64 *offset, BYTE *blob, TCPA_IDENTITY_REQ *req) +{ + TSS_RESULT result; + + if (!req) { + UINT32 asymSize, symSize; + + Trspi_UnloadBlob_UINT32(offset, &asymSize, blob); + Trspi_UnloadBlob_UINT32(offset, &symSize, blob); + (void)Trspi_UnloadBlob_KEY_PARMS(offset, blob, NULL); + (void)Trspi_UnloadBlob_KEY_PARMS(offset, blob, NULL); + + (*offset) += asymSize; + (*offset) += symSize; + + return TSS_SUCCESS; + } + + Trspi_UnloadBlob_UINT32(offset, &req->asymSize, blob); + Trspi_UnloadBlob_UINT32(offset, &req->symSize, blob); + if ((result = Trspi_UnloadBlob_KEY_PARMS(offset, blob, &req->asymAlgorithm))) + return result; + if ((Trspi_UnloadBlob_KEY_PARMS(offset, blob, &req->symAlgorithm))) { + free(req->asymAlgorithm.parms); + req->asymAlgorithm.parmSize = 0; + return result; + } + + if (req->asymSize > 0) { + req->asymBlob = malloc(req->asymSize); + if (req->asymBlob == NULL) { + req->asymSize = 0; + req->asymAlgorithm.parmSize = 0; + free(req->asymAlgorithm.parms); + req->symAlgorithm.parmSize = 0; + free(req->symAlgorithm.parms); + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(offset, req->asymSize, blob, req->asymBlob); + } else { + req->asymBlob = NULL; + } + + if (req->symSize > 0) { + req->symBlob = malloc(req->symSize); + if (req->symBlob == NULL) { + req->symSize = 0; + req->asymSize = 0; + free(req->asymBlob); + req->asymBlob = NULL; + req->asymAlgorithm.parmSize = 0; + free(req->asymAlgorithm.parms); + req->symAlgorithm.parmSize = 0; + free(req->symAlgorithm.parms); + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(offset, req->symSize, blob, req->symBlob); + } else { + req->symBlob = NULL; + } + + return TSS_SUCCESS; +} + +TSS_RESULT +Trspi_UnloadBlob_IDENTITY_PROOF(UINT64 *offset, BYTE *blob, TCPA_IDENTITY_PROOF *proof) +{ + TSS_RESULT result; + + if (!proof) { + UINT32 labelSize, identityBindingSize, endorsementSize, platformSize; + UINT32 conformanceSize; + + Trspi_UnloadBlob_VERSION(offset, blob, NULL); + Trspi_UnloadBlob_UINT32(offset, &labelSize, blob); + Trspi_UnloadBlob_UINT32(offset, &identityBindingSize, blob); + Trspi_UnloadBlob_UINT32(offset, &endorsementSize, blob); + Trspi_UnloadBlob_UINT32(offset, &platformSize, blob); + Trspi_UnloadBlob_UINT32(offset, &conformanceSize, blob); + + (void)Trspi_UnloadBlob_PUBKEY(offset, blob, NULL); + + (*offset) += labelSize; + (*offset) += identityBindingSize; + (*offset) += endorsementSize; + (*offset) += platformSize; + (*offset) += conformanceSize; + + return TSS_SUCCESS; + } + + /* helps when an error occurs */ + memset(proof, 0, sizeof(TCPA_IDENTITY_PROOF)); + + Trspi_UnloadBlob_VERSION(offset, blob, (TCPA_VERSION *)&proof->ver); + Trspi_UnloadBlob_UINT32(offset, &proof->labelSize, blob); + Trspi_UnloadBlob_UINT32(offset, &proof->identityBindingSize, blob); + Trspi_UnloadBlob_UINT32(offset, &proof->endorsementSize, blob); + Trspi_UnloadBlob_UINT32(offset, &proof->platformSize, blob); + Trspi_UnloadBlob_UINT32(offset, &proof->conformanceSize, blob); + + if ((result = Trspi_UnloadBlob_PUBKEY(offset, blob, + &proof->identityKey))) { + proof->labelSize = 0; + proof->identityBindingSize = 0; + proof->endorsementSize = 0; + proof->platformSize = 0; + proof->conformanceSize = 0; + return result; + } + + if (proof->labelSize > 0) { + proof->labelArea = malloc(proof->labelSize); + if (proof->labelArea == NULL) { + result = TSPERR(TSS_E_OUTOFMEMORY); + goto error; + } + Trspi_UnloadBlob(offset, proof->labelSize, blob, proof->labelArea); + } else { + proof->labelArea = NULL; + } + + if (proof->identityBindingSize > 0) { + proof->identityBinding = malloc(proof->identityBindingSize); + if (proof->identityBinding == NULL) { + result = TSPERR(TSS_E_OUTOFMEMORY); + goto error; + } + Trspi_UnloadBlob(offset, proof->identityBindingSize, blob, + proof->identityBinding); + } else { + proof->identityBinding = NULL; + } + + if (proof->endorsementSize > 0) { + proof->endorsementCredential = malloc(proof->endorsementSize); + if (proof->endorsementCredential == NULL) { + result = TSPERR(TSS_E_OUTOFMEMORY); + goto error; + } + Trspi_UnloadBlob(offset, proof->endorsementSize, blob, + proof->endorsementCredential); + } else { + proof->endorsementCredential = NULL; + } + + if (proof->platformSize > 0) { + proof->platformCredential = malloc(proof->platformSize); + if (proof->platformCredential == NULL) { + result = TSPERR(TSS_E_OUTOFMEMORY); + goto error; + } + Trspi_UnloadBlob(offset, proof->platformSize, blob, + proof->platformCredential); + } else { + proof->platformCredential = NULL; + } + + if (proof->conformanceSize > 0) { + proof->conformanceCredential = malloc(proof->conformanceSize); + if (proof->conformanceCredential == NULL) { + result = TSPERR(TSS_E_OUTOFMEMORY); + goto error; + } + Trspi_UnloadBlob(offset, proof->conformanceSize, blob, + proof->conformanceCredential); + } else { + proof->conformanceCredential = NULL; + } + + return TSS_SUCCESS; +error: + proof->labelSize = 0; + proof->identityBindingSize = 0; + proof->endorsementSize = 0; + proof->platformSize = 0; + proof->conformanceSize = 0; + free(proof->labelArea); + proof->labelArea = NULL; + free(proof->identityBinding); + proof->identityBinding = NULL; + free(proof->endorsementCredential); + proof->endorsementCredential = NULL; + free(proof->conformanceCredential); + proof->conformanceCredential = NULL; + /* free identityKey */ + free(proof->identityKey.pubKey.key); + free(proof->identityKey.algorithmParms.parms); + proof->identityKey.pubKey.key = NULL; + proof->identityKey.pubKey.keyLength = 0; + proof->identityKey.algorithmParms.parms = NULL; + proof->identityKey.algorithmParms.parmSize = 0; + + return result; +} + +void +Trspi_LoadBlob_SYM_CA_ATTESTATION(UINT64 *offset, BYTE *blob, TCPA_SYM_CA_ATTESTATION *sym) +{ + Trspi_LoadBlob_UINT32(offset, sym->credSize, blob); + Trspi_LoadBlob_KEY_PARMS(offset, blob, &sym->algorithm); + Trspi_LoadBlob(offset, sym->credSize, blob, sym->credential); +} + +TSS_RESULT +Trspi_UnloadBlob_SYM_CA_ATTESTATION(UINT64 *offset, BYTE *blob, TCPA_SYM_CA_ATTESTATION *sym) +{ + TSS_RESULT result; + + if (!sym) { + UINT32 credSize; + + Trspi_UnloadBlob_UINT32(offset, &credSize, blob); + (void)Trspi_UnloadBlob_KEY_PARMS(offset, blob, NULL); + + (*offset) += credSize; + + return TSS_SUCCESS; + } + + Trspi_UnloadBlob_UINT32(offset, &sym->credSize, blob); + if ((result = Trspi_UnloadBlob_KEY_PARMS(offset, blob, &sym->algorithm))) { + sym->credSize = 0; + return result; + } + + if (sym->credSize > 0) { + if ((sym->credential = malloc(sym->credSize)) == NULL) { + free(sym->algorithm.parms); + sym->algorithm.parmSize = 0; + sym->credSize = 0; + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(offset, sym->credSize, blob, sym->credential); + } else { + sym->credential = NULL; + } + + return TSS_SUCCESS; +} + +void +Trspi_LoadBlob_ASYM_CA_CONTENTS(UINT64 *offset, BYTE *blob, TCPA_ASYM_CA_CONTENTS *asym) +{ + Trspi_LoadBlob_SYMMETRIC_KEY(offset, blob, &asym->sessionKey); + Trspi_LoadBlob(offset, TCPA_SHA1_160_HASH_LEN, blob, + (BYTE *)&asym->idDigest); +} + +TSS_RESULT +Trspi_UnloadBlob_ASYM_CA_CONTENTS(UINT64 *offset, BYTE *blob, TCPA_ASYM_CA_CONTENTS *asym) +{ + TSS_RESULT result; + + if (!asym) { + (void)Trspi_UnloadBlob_SYMMETRIC_KEY(offset, blob, NULL); + Trspi_UnloadBlob(offset, TCPA_SHA1_160_HASH_LEN, blob, NULL); + + return TSS_SUCCESS; + } + + if ((result = Trspi_UnloadBlob_SYMMETRIC_KEY(offset, blob, &asym->sessionKey))) + return result; + + Trspi_UnloadBlob(offset, TCPA_SHA1_160_HASH_LEN, blob, (BYTE *)&asym->idDigest); + + return TSS_SUCCESS; +} + +void +Trspi_LoadBlob_BOUND_DATA(UINT64 *offset, TCPA_BOUND_DATA bd, UINT32 payloadLength, BYTE *blob) +{ + Trspi_LoadBlob_TCPA_VERSION(offset, blob, bd.ver); + Trspi_LoadBlob(offset, 1, blob, &bd.payload); + Trspi_LoadBlob(offset, payloadLength, blob, bd.payloadData); +} + +/* function to mimic strerror with TSS error codes */ +char * +Trspi_Error_String(TSS_RESULT r) +{ + /* Check the return code to see if it is common to all layers. + * If so, return it. + */ + switch (TSS_ERROR_CODE(r)) { + case TSS_SUCCESS: return "Success"; + default: + break; + } + + /* The return code is either unknown, or specific to a layer */ + if (TSS_ERROR_LAYER(r) == TSS_LAYER_TPM) { + switch (TSS_ERROR_CODE(r)) { + case TPM_E_AUTHFAIL: return "Authentication failed"; + case TPM_E_BAD_PARAMETER: return "Bad Parameter"; + case TPM_E_BADINDEX: return "Bad memory index"; + case TPM_E_AUDITFAILURE: return "Audit failure"; + case TPM_E_CLEAR_DISABLED: return "Clear has been disabled"; + case TPM_E_DEACTIVATED: return "TPM is deactivated"; + case TPM_E_DISABLED: return "TPM is disabled"; + case TPM_E_FAIL: return "Operation failed"; + case TPM_E_BAD_ORDINAL: return "Ordinal was unknown or inconsistent"; + case TPM_E_INSTALL_DISABLED: return "Owner install disabled"; + case TPM_E_INVALID_KEYHANDLE: return "Invalid keyhandle"; + case TPM_E_KEYNOTFOUND: return "Key not found"; + case TPM_E_INAPPROPRIATE_ENC: return "Bad encryption scheme"; + case TPM_E_MIGRATEFAIL: return "Migration authorization failed"; + case TPM_E_INVALID_PCR_INFO: return "PCR information uninterpretable"; + case TPM_E_NOSPACE: return "No space to load key"; + case TPM_E_NOSRK: return "No SRK"; + case TPM_E_NOTSEALED_BLOB: return "Encrypted blob invalid"; + case TPM_E_OWNER_SET: return "Owner already set"; + case TPM_E_RESOURCES: return "Insufficient TPM resources"; + case TPM_E_SHORTRANDOM: return "Random string too short"; + case TPM_E_SIZE: return "TPM out of space"; + case TPM_E_WRONGPCRVAL: return "Wrong PCR value"; + case TPM_E_BAD_PARAM_SIZE: return "Bad input size"; + case TPM_E_SHA_THREAD: return "No existing SHA-1 thread"; + case TPM_E_SHA_ERROR: return "SHA-1 error"; + case TPM_E_FAILEDSELFTEST: return "Self-test failed, TPM shutdown"; + case TPM_E_AUTH2FAIL: return "Second authorization session failed"; + case TPM_E_BADTAG: return "Invalid tag"; + case TPM_E_IOERROR: return "I/O error"; + case TPM_E_ENCRYPT_ERROR: return "Encryption error"; + case TPM_E_DECRYPT_ERROR: return "Decryption error"; + case TPM_E_INVALID_AUTHHANDLE: return "Invalid authorization handle"; + case TPM_E_NO_ENDORSEMENT: return "No EK"; + case TPM_E_INVALID_KEYUSAGE: return "Invalid key usage"; + case TPM_E_WRONG_ENTITYTYPE: return "Invalid entity type"; + case TPM_E_INVALID_POSTINIT: return "Invalid POST init sequence"; + case TPM_E_INAPPROPRIATE_SIG: return "Invalid signature format"; + case TPM_E_BAD_KEY_PROPERTY: return "Unsupported key parameters"; + case TPM_E_BAD_MIGRATION: return "Invalid migration properties"; + case TPM_E_BAD_SCHEME: return "Invalid signature or encryption scheme"; + case TPM_E_BAD_DATASIZE: return "Invalid data size"; + case TPM_E_BAD_MODE: return "Bad mode parameter"; + case TPM_E_BAD_PRESENCE: return "Bad physical presence value"; + case TPM_E_BAD_VERSION: return "Invalid version"; + case TPM_E_NO_WRAP_TRANSPORT: return "TPM does not allow for wrapped transport sessions"; + case TPM_E_AUDITFAIL_UNSUCCESSFUL: return "TPM audit construction failed and the underlying command was returning a failure code also"; + case TPM_E_AUDITFAIL_SUCCESSFUL: return "TPM audit construction failed and the underlying command was returning success"; + case TPM_E_NOTRESETABLE: return "Attempt to reset a PCR register that does not have the resettable attribute"; + case TPM_E_NOTLOCAL: return "Attempt to reset a PCR register that requires locality and locality modifier not part of command transport"; + case TPM_E_BAD_TYPE: return "Make identity blob not properly typed"; + case TPM_E_INVALID_RESOURCE: return "When saving context identified resource type does not match actual resource"; + case TPM_E_NOTFIPS: return "TPM is attempting to execute a command only available when in FIPS mode"; + case TPM_E_INVALID_FAMILY: return "Command is attempting to use an invalid family ID"; + case TPM_E_NO_NV_PERMISSION: return "Permission to manipulate the NV storage is not available"; + case TPM_E_REQUIRES_SIGN: return "Operation requires a signed command"; + case TPM_E_KEY_NOTSUPPORTED: return "Wrong operation to load an NV key"; + case TPM_E_AUTH_CONFLICT: return "NV_LoadKey blob requires both owner and blob authorization"; + case TPM_E_AREA_LOCKED: return "NV area is locked and not writable"; + case TPM_E_BAD_LOCALITY: return "Locality is incorrect for attempted operation"; + case TPM_E_READ_ONLY: return "NV area is read only and can't be written to"; + case TPM_E_PER_NOWRITE: return "There is no protection on write to NV area"; + case TPM_E_FAMILYCOUNT: return "Family count value does not match"; + case TPM_E_WRITE_LOCKED: return "NV area has already been written to"; + case TPM_E_BAD_ATTRIBUTES: return "NV area attributes conflict"; + case TPM_E_INVALID_STRUCTURE: return "Structure tag and version are invalid or inconsistent"; + case TPM_E_KEY_OWNER_CONTROL: return "Key is under control of TPM Owner and can only be evicted by TPM Owner"; + case TPM_E_BAD_COUNTER: return "Counter handle is incorrect"; + case TPM_E_NOT_FULLWRITE: return "Write is not a complete write of area"; + case TPM_E_CONTEXT_GAP: return "Gap between saved context counts is too large"; + case TPM_E_MAXNVWRITES: return "Maximum number of NV writes without an owner has been exceeded"; + case TPM_E_NOOPERATOR: return "No operator AuthData value is set"; + case TPM_E_RESOURCEMISSING: return "Resource pointed to by context is not loaded"; + case TPM_E_DELEGATE_LOCK: return "Delegate administration is locked"; + case TPM_E_DELEGATE_FAMILY: return "Attempt to manage a family other then delegated family"; + case TPM_E_DELEGATE_ADMIN: return "Delegation table management not enabled"; + case TPM_E_TRANSPORT_NOTEXCLUSIVE: return "A command was executed outside of an exclusive transport session"; + case TPM_E_OWNER_CONTROL: return "Attempt to context save an owner evict-controlled key"; + case TPM_E_DAA_RESOURCES: return "DAA command has no resources available to execute command"; + case TPM_E_DAA_INPUT_DATA0: return "Consistency check on DAA parameter inputData0 has failed"; + case TPM_E_DAA_INPUT_DATA1: return "Consistency check on DAA parameter inputData1 has failed"; + case TPM_E_DAA_ISSUER_SETTINGS: return "Consistency check on DAA_issuerSettings has failed"; + case TPM_E_DAA_TPM_SETTINGS: return "Consistency check on DAA_tpmSpecific has failed"; + case TPM_E_DAA_STAGE: return "Atomic process indicated by submitted DAA command is not expected process"; + case TPM_E_DAA_ISSUER_VALIDITY: return "Issuer's validity check has detected an inconsistency"; + case TPM_E_DAA_WRONG_W: return "Consistency check on w has failed"; + case TPM_E_BAD_HANDLE: return "Handle is incorrect"; + case TPM_E_BAD_DELEGATE: return "Delegation is not correct"; + case TPM_E_BADCONTEXT: return "Context blob is invalid"; + case TPM_E_TOOMANYCONTEXTS: return "Too many contexts held by TPM"; + case TPM_E_MA_TICKET_SIGNATURE: return "Migration authority signature validation failure"; + case TPM_E_MA_DESTINATION: return "Migration destination not authenticated"; + case TPM_E_MA_SOURCE: return "Migration source incorrect"; + case TPM_E_MA_AUTHORITY: return "Incorrect migration authority"; + case TPM_E_PERMANENTEK: return "Attempt to revoke EK but EK is not revocable"; + case TPM_E_BAD_SIGNATURE: return "Bad signature of CMK ticket"; + case TPM_E_NOCONTEXTSPACE: return "No room in context list for additional contexts"; + case TPM_E_RETRY: return "TPM busy: Retry command at a later time"; + case TPM_E_NEEDS_SELFTEST: return "SelfTestFull has not been run"; + case TPM_E_DOING_SELFTEST: return "TPM is currently executing a full selftest"; + case TPM_E_DEFEND_LOCK_RUNNING: return "TPM is defending against dictionary attacks and is in some time-out period"; + case TPM_E_DISABLED_CMD: return "The TPM target command has been disabled"; + default: return "Unknown error"; + } + } else if (TSS_ERROR_LAYER(r) == TSS_LAYER_TDDL) { + switch (TSS_ERROR_CODE(r)) { + case TSS_E_FAIL: return "General failure"; + case TSS_E_BAD_PARAMETER: return "Bad parameter"; + case TSS_E_INTERNAL_ERROR: return "Internal software error"; + case TSS_E_NOTIMPL: return "Not implemented"; + case TSS_E_PS_KEY_NOTFOUND: return "Key not found in persistent storage"; + case TSS_E_KEY_ALREADY_REGISTERED: return "UUID already registered"; + case TSS_E_CANCELED: return "The action was cancelled by request"; + case TSS_E_TIMEOUT: return "The operation has timed out"; + case TSS_E_OUTOFMEMORY: return "Out of memory"; + case TSS_E_TPM_UNEXPECTED: return "Unexpected TPM output"; + case TSS_E_COMM_FAILURE: return "Communication failure"; + case TSS_E_TPM_UNSUPPORTED_FEATURE: return "Unsupported feature"; + case TDDL_E_COMPONENT_NOT_FOUND: return "Connection to TPM device failed"; + case TDDL_E_ALREADY_OPENED: return "Device already opened"; + case TDDL_E_BADTAG: return "Invalid or unsupported capability"; + case TDDL_E_INSUFFICIENT_BUFFER: return "Receive buffer too small"; + case TDDL_E_COMMAND_COMPLETED: return "Command has already completed"; + case TDDL_E_COMMAND_ABORTED: return "TPM aborted processing of command"; + case TDDL_E_ALREADY_CLOSED: return "Device driver already closed"; + case TDDL_E_IOERROR: return "I/O error"; + default: return "Unknown"; + } + } else if (TSS_ERROR_LAYER(r) == TSS_LAYER_TCS) { + switch (TSS_ERROR_CODE(r)) { + case TSS_E_FAIL: return "General failure"; + case TSS_E_BAD_PARAMETER: return "Bad parameter"; + case TSS_E_INTERNAL_ERROR: return "Internal software error"; + case TSS_E_NOTIMPL: return "Not implemented"; + case TSS_E_PS_KEY_NOTFOUND: return "Key not found in persistent storage"; + case TSS_E_KEY_ALREADY_REGISTERED: return "UUID already registered"; + case TSS_E_CANCELED: return "The action was cancelled by request"; + case TSS_E_TIMEOUT: return "The operation has timed out"; + case TSS_E_OUTOFMEMORY: return "Out of memory"; + case TSS_E_TPM_UNEXPECTED: return "Unexpected TPM output"; + case TSS_E_COMM_FAILURE: return "Communication failure"; + case TSS_E_TPM_UNSUPPORTED_FEATURE: return "Unsupported feature"; + case TCS_E_KEY_MISMATCH: return "UUID does not match key handle"; + case TCS_E_KM_LOADFAILED: return "Key load failed: parent key requires authorization"; + case TCS_E_KEY_CONTEXT_RELOAD: return "Reload of key context failed"; + case TCS_E_BAD_INDEX: return "Bad memory index"; + case TCS_E_INVALID_CONTEXTHANDLE: return "Invalid context handle"; + case TCS_E_INVALID_KEYHANDLE: return "Invalid key handle"; + case TCS_E_INVALID_AUTHHANDLE: return "Invalid authorization session handle"; + case TCS_E_INVALID_AUTHSESSION: return "Authorization session has been closed by TPM"; + case TCS_E_INVALID_KEY: return "Invalid key"; + default: return "Unknown"; + } + } else { + switch (TSS_ERROR_CODE(r)) { + case TSS_E_FAIL: return "General failure"; + case TSS_E_BAD_PARAMETER: return "Bad parameter"; + case TSS_E_INTERNAL_ERROR: return "Internal software error"; + case TSS_E_NOTIMPL: return "Not implemented"; + case TSS_E_PS_KEY_NOTFOUND: return "Key not found in persistent storage"; + case TSS_E_KEY_ALREADY_REGISTERED: return "UUID already registered"; + case TSS_E_CANCELED: return "The action was cancelled by request"; + case TSS_E_TIMEOUT: return "The operation has timed out"; + case TSS_E_OUTOFMEMORY: return "Out of memory"; + case TSS_E_TPM_UNEXPECTED: return "Unexpected TPM output"; + case TSS_E_COMM_FAILURE: return "Communication failure"; + case TSS_E_TPM_UNSUPPORTED_FEATURE: return "Unsupported feature"; + case TSS_E_INVALID_OBJECT_TYPE: return "Object type not valid for this operation"; + case TSS_E_INVALID_OBJECT_INITFLAG: return "Wrong flag information for object creation"; + case TSS_E_INVALID_HANDLE: return "Invalid handle"; + case TSS_E_NO_CONNECTION: return "Core service connection doesn't exist"; + case TSS_E_CONNECTION_FAILED: return "Core service connection failed"; + case TSS_E_CONNECTION_BROKEN: return "Communication with core services failed"; + case TSS_E_HASH_INVALID_ALG: return "Invalid hash algorithm"; + case TSS_E_HASH_INVALID_LENGTH: return "Hash length is inconsistent with algorithm"; + case TSS_E_HASH_NO_DATA: return "Hash object has no internal hash value"; + case TSS_E_SILENT_CONTEXT: return "A silent context requires user input"; + case TSS_E_INVALID_ATTRIB_FLAG: return "Flag value for attrib-functions inconsistent"; + case TSS_E_INVALID_ATTRIB_SUBFLAG: return "Sub-flag value for attrib-functions inconsistent"; + case TSS_E_INVALID_ATTRIB_DATA: return "Data for attrib-functions invalid"; + case TSS_E_NO_PCRS_SET: return "No PCR registers are selected or set"; + case TSS_E_KEY_NOT_LOADED: return "The addressed key is not currently loaded"; + case TSS_E_KEY_NOT_SET: return "No key informatio is currently available"; + case TSS_E_VALIDATION_FAILED: return "Internal validation of data failed"; + case TSS_E_TSP_AUTHREQUIRED: return "Authorization is required"; + case TSS_E_TSP_AUTH2REQUIRED: return "Multiple authorizations are required"; + case TSS_E_TSP_AUTHFAIL: return "Authorization failed"; + case TSS_E_TSP_AUTH2FAIL: return "Multiple authorization failed"; + case TSS_E_KEY_NO_MIGRATION_POLICY: return "Addressed key has no migration policy"; + case TSS_E_POLICY_NO_SECRET: return "No secret information available for the address policy"; + case TSS_E_INVALID_OBJ_ACCESS: return "Accessed object is in an inconsistent state"; + case TSS_E_INVALID_ENCSCHEME: return "Invalid encryption scheme"; + case TSS_E_INVALID_SIGSCHEME: return "Invalid signature scheme"; + case TSS_E_ENC_INVALID_LENGTH: return "Invalid length for encrypted data object"; + case TSS_E_ENC_NO_DATA: return "Encrypted data object contains no data"; + case TSS_E_ENC_INVALID_TYPE: return "Invalid type for encrypted data object"; + case TSS_E_INVALID_KEYUSAGE: return "Invalid usage of key"; + case TSS_E_VERIFICATION_FAILED: return "Internal validation of data failed"; + case TSS_E_HASH_NO_IDENTIFIER: return "Hash algorithm identifier not set"; + case TSS_E_NV_AREA_EXIST: return "NVRAM area already exists"; + case TSS_E_NV_AREA_NOT_EXIST: return "NVRAM area does not exist"; + default: return "Unknown"; + } + } +} + +char * +Trspi_Error_Layer(TSS_RESULT r) +{ + switch (TSS_ERROR_LAYER(r)) { + case TSS_LAYER_TPM: return "tpm"; + case TSS_LAYER_TDDL: return "tddl"; + case TSS_LAYER_TCS: return "tcs"; + case TSS_LAYER_TSP: return "tsp"; + default: return "unknown"; + } +} + +TSS_RESULT +Trspi_Error_Code(TSS_RESULT r) +{ + return TSS_ERROR_CODE(r); +} + +static int +hacky_strlen(char *codeset, BYTE *string) +{ + BYTE *ptr = string; + int len = 0; + + if (strcmp("UTF-16", codeset) == 0) { + while (!(ptr[0] == '\0' && ptr[1] == '\0')) { + len += 2; + ptr += 2; + } + } else if (strcmp("UTF-32", codeset) == 0) { + while (!(ptr[0] == '\0' && ptr[1] == '\0' && + ptr[2] == '\0' && ptr[3] == '\0')) { + len += 4; + ptr += 4; + } + } else { + /* default to 8bit chars */ + while (*ptr++ != '\0') { + len++; + } + } + + return len; +} + +static inline int +char_width(char *codeset) +{ + if (strcmp("UTF-16", codeset) == 0) { + return 2; + } else if (strcmp("UTF-32", codeset) == 0) { + return 4; + } + + return 1; +} + +#define MAX_BUF_SIZE 4096 + +BYTE * +Trspi_Native_To_UNICODE(BYTE *string, unsigned *size) +{ + char *ret, *outbuf, tmpbuf[MAX_BUF_SIZE] = { 0, }; + BSD_CONST char *ptr; + unsigned len = 0, tmplen; + iconv_t cd = 0; + size_t rc, outbytesleft, inbytesleft; + + if (string == NULL) + goto alloc_string; + + if ((cd = iconv_open("UTF-16LE", nl_langinfo(CODESET))) == (iconv_t)-1) { + LogDebug("iconv_open: %s", strerror(errno)); + return NULL; + } + + if ((tmplen = hacky_strlen(nl_langinfo(CODESET), string)) == 0) { + LogDebug("hacky_strlen returned 0"); + goto alloc_string; + } + + do { + len++; + outbytesleft = len; + inbytesleft = tmplen; + outbuf = tmpbuf; + ptr = (char *)string; + errno = 0; + + rc = iconv(cd, (BSD_CONST char **)&ptr, &inbytesleft, &outbuf, &outbytesleft); + } while (rc == (size_t)-1 && errno == E2BIG); + + if (len > MAX_BUF_SIZE) { + LogDebug("string too long."); + iconv_close(cd); + return NULL; + } + +alloc_string: + /* add terminating bytes of the correct width */ + len += char_width("UTF-16"); + if ((ret = calloc(1, len)) == NULL) { + LogDebug("malloc of %u bytes failed.", len); + iconv_close(cd); + return NULL; + } + + memcpy(ret, &tmpbuf, len); + if (size) + *size = len; + + if (cd) + iconv_close(cd); + + return (BYTE *)ret; + +} + +BYTE * +Trspi_UNICODE_To_Native(BYTE *string, unsigned *size) +{ + char *ret, *outbuf, tmpbuf[MAX_BUF_SIZE] = { 0, }; + BSD_CONST char *ptr; + unsigned len = 0, tmplen; + iconv_t cd; + size_t rc, outbytesleft, inbytesleft; + + if (string == NULL) { + if (size) + *size = 0; + return NULL; + } + + if ((cd = iconv_open(nl_langinfo(CODESET), "UTF-16LE")) == (iconv_t)-1) { + LogDebug("iconv_open: %s", strerror(errno)); + return NULL; + } + + if ((tmplen = hacky_strlen("UTF-16", string)) == 0) { + LogDebug("hacky_strlen returned 0"); + return 0; + } + + do { + len++; + outbytesleft = len; + inbytesleft = tmplen; + outbuf = tmpbuf; + ptr = (char *)string; + errno = 0; + + rc = iconv(cd, (BSD_CONST char **)&ptr, &inbytesleft, &outbuf, &outbytesleft); + } while (rc == (size_t)-1 && errno == E2BIG); + + /* add terminating bytes of the correct width */ + len += char_width(nl_langinfo(CODESET)); + if (len > MAX_BUF_SIZE) { + LogDebug("string too long."); + iconv_close(cd); + return NULL; + } + + if ((ret = calloc(1, len)) == NULL) { + LogDebug("malloc of %d bytes failed.", len); + iconv_close(cd); + return NULL; + } + + memcpy(ret, &tmpbuf, len); + if (size) + *size = len; + iconv_close(cd); + + return (BYTE *)ret; +} + +/* Functions to support incremental hashing */ +TSS_RESULT +Trspi_Hash_UINT16(Trspi_HashCtx *c, UINT16 i) +{ + BYTE bytes[sizeof(UINT16)]; + + UINT16ToArray(i, bytes); + return Trspi_HashUpdate(c, sizeof(UINT16), bytes); +} + +TSS_RESULT +Trspi_Hash_UINT32(Trspi_HashCtx *c, UINT32 i) +{ + BYTE bytes[sizeof(UINT32)]; + + UINT32ToArray(i, bytes); + return Trspi_HashUpdate(c, sizeof(UINT32), bytes); +} + +TSS_RESULT +Trspi_Hash_UINT64(Trspi_HashCtx *c, UINT64 i) +{ + BYTE bytes[sizeof(UINT64)]; + + UINT64ToArray(i, bytes); + return Trspi_HashUpdate(c, sizeof(UINT64), bytes); +} + +TSS_RESULT +Trspi_Hash_BYTE(Trspi_HashCtx *c, BYTE data) +{ + return Trspi_HashUpdate(c, sizeof(BYTE), &data); +} + +TSS_RESULT +Trspi_Hash_BOOL(Trspi_HashCtx *c, TSS_BOOL data) +{ + return Trspi_HashUpdate(c, (UINT32)sizeof(TSS_BOOL), (BYTE *)&data); +} + +TSS_RESULT +Trspi_Hash_VERSION(Trspi_HashCtx *c, TSS_VERSION *version) +{ + TSS_RESULT result; + + result = Trspi_Hash_BYTE(c, version->bMajor); + result |= Trspi_Hash_BYTE(c, version->bMinor); + result |= Trspi_Hash_BYTE(c, version->bRevMajor); + result |= Trspi_Hash_BYTE(c, version->bRevMinor); + + return result; +} + +TSS_RESULT +Trspi_Hash_DAA_PK(Trspi_HashCtx *c, TSS_DAA_PK *pk) +{ + UINT32 i; + TSS_RESULT result; + + result = Trspi_Hash_VERSION(c, &pk->versionInfo); + + result |= Trspi_Hash_UINT32(c, pk->modulusLength); + result |= Trspi_HashUpdate(c, pk->modulusLength, pk->modulus); + + result |= Trspi_Hash_UINT32(c, pk->capitalSLength); + result |= Trspi_HashUpdate(c, pk->capitalSLength, pk->capitalS); + + result |= Trspi_Hash_UINT32(c, pk->capitalZLength); + result |= Trspi_HashUpdate(c, pk->capitalZLength, pk->capitalZ); + + result |= Trspi_Hash_UINT32(c, pk->capitalR0Length); + result |= Trspi_HashUpdate(c, pk->capitalR0Length, pk->capitalR0); + + result |= Trspi_Hash_UINT32(c, pk->capitalR1Length); + result |= Trspi_HashUpdate(c, pk->capitalR1Length, pk->capitalR1); + + result |= Trspi_Hash_UINT32(c, pk->gammaLength); + result |= Trspi_HashUpdate(c, pk->gammaLength, pk->gamma); + + result |= Trspi_Hash_UINT32(c, pk->capitalGammaLength); + result |= Trspi_HashUpdate(c, pk->capitalGammaLength, pk->capitalGamma); + + result |= Trspi_Hash_UINT32(c, pk->rhoLength); + result |= Trspi_HashUpdate(c, pk->rhoLength, pk->rho); + + for (i = 0; i < pk->capitalYLength; i++) + result |= Trspi_HashUpdate(c, pk->capitalYLength2, pk->capitalY[i]); + + result |= Trspi_Hash_UINT32(c, pk->capitalYPlatformLength); + + result |= Trspi_Hash_UINT32(c, pk->issuerBaseNameLength); + result |= Trspi_HashUpdate(c, pk->issuerBaseNameLength, pk->issuerBaseName); + + return result; +} + +TSS_RESULT +Trspi_Hash_RSA_KEY_PARMS(Trspi_HashCtx *c, TCPA_RSA_KEY_PARMS *parms) +{ + TSS_RESULT result; + + result = Trspi_Hash_UINT32(c, parms->keyLength); + result |= Trspi_Hash_UINT32(c, parms->numPrimes); + result |= Trspi_Hash_UINT32(c, parms->exponentSize); + + if (parms->exponentSize > 0) + result |= Trspi_HashUpdate(c, parms->exponentSize, parms->exponent); + + return result; +} + +TSS_RESULT +Trspi_Hash_STORE_PUBKEY(Trspi_HashCtx *c, TCPA_STORE_PUBKEY *store) +{ + TSS_RESULT result; + + result = Trspi_Hash_UINT32(c, store->keyLength); + result |= Trspi_HashUpdate(c, store->keyLength, store->key); + + return result; +} + +TSS_RESULT +Trspi_Hash_KEY_PARMS(Trspi_HashCtx *c, TCPA_KEY_PARMS *keyInfo) +{ + TSS_RESULT result; + + result = Trspi_Hash_UINT32(c, keyInfo->algorithmID); + result |= Trspi_Hash_UINT16(c, keyInfo->encScheme); + result |= Trspi_Hash_UINT16(c, keyInfo->sigScheme); + result |= Trspi_Hash_UINT32(c, keyInfo->parmSize); + + if (keyInfo->parmSize > 0) + result |= Trspi_HashUpdate(c, keyInfo->parmSize, keyInfo->parms); + + return result; +} + +TSS_RESULT +Trspi_Hash_PUBKEY(Trspi_HashCtx *c, TCPA_PUBKEY *pubKey) +{ + TSS_RESULT result; + + result = Trspi_Hash_KEY_PARMS(c, &pubKey->algorithmParms); + result |= Trspi_Hash_STORE_PUBKEY(c, &pubKey->pubKey); + + return result; +} + +TSS_RESULT +Trspi_Hash_STORED_DATA(Trspi_HashCtx *c, TCPA_STORED_DATA *data) +{ + TSS_RESULT result; + + result = Trspi_Hash_VERSION(c, (TSS_VERSION *)&data->ver); + result |= Trspi_Hash_UINT32(c, data->sealInfoSize); + result |= Trspi_HashUpdate(c, data->sealInfoSize, data->sealInfo); + result |= Trspi_Hash_UINT32(c, data->encDataSize); + result |= Trspi_HashUpdate(c, data->encDataSize, data->encData); + + return result; +} + +TSS_RESULT +Trspi_Hash_PCR_SELECTION(Trspi_HashCtx *c, TCPA_PCR_SELECTION *pcr) +{ + TSS_RESULT result; + UINT16 i; + + result = Trspi_Hash_UINT16(c, pcr->sizeOfSelect); + + for (i = 0; i < pcr->sizeOfSelect; i++) + result |= Trspi_Hash_BYTE(c, pcr->pcrSelect[i]); + + return result; +} + +TSS_RESULT +Trspi_Hash_KEY_FLAGS(Trspi_HashCtx *c, TCPA_KEY_FLAGS *flags) +{ + return Trspi_Hash_UINT32(c, *flags); +} + +TSS_RESULT +Trspi_Hash_KEY12(Trspi_HashCtx *c, TPM_KEY12 *key) +{ + TSS_RESULT result; + + result = Trspi_Hash_UINT16(c, key->tag); + result |= Trspi_Hash_UINT16(c, key->fill); + result |= Trspi_Hash_UINT16(c, key->keyUsage); + result |= Trspi_Hash_KEY_FLAGS(c, &key->keyFlags); + result |= Trspi_Hash_BYTE(c, key->authDataUsage); + result |= Trspi_Hash_KEY_PARMS(c, &key->algorithmParms); + result |= Trspi_Hash_UINT32(c, key->PCRInfoSize); + result |= Trspi_HashUpdate(c, key->PCRInfoSize, key->PCRInfo); + result |= Trspi_Hash_STORE_PUBKEY(c, &key->pubKey); + result |= Trspi_Hash_UINT32(c, key->encSize); + result |= Trspi_HashUpdate(c, key->encSize, key->encData); + + return result; +} + +TSS_RESULT +Trspi_Hash_KEY(Trspi_HashCtx *c, TCPA_KEY *key) +{ + TSS_RESULT result; + + result = Trspi_Hash_VERSION(c, (TSS_VERSION *)&key->ver); + result |= Trspi_Hash_UINT16(c, key->keyUsage); + result |= Trspi_Hash_KEY_FLAGS(c, &key->keyFlags); + result |= Trspi_Hash_BYTE(c, key->authDataUsage); + result |= Trspi_Hash_KEY_PARMS(c, &key->algorithmParms); + result |= Trspi_Hash_UINT32(c, key->PCRInfoSize); + result |= Trspi_HashUpdate(c, key->PCRInfoSize, key->PCRInfo); + result |= Trspi_Hash_STORE_PUBKEY(c, &key->pubKey); + result |= Trspi_Hash_UINT32(c, key->encSize); + result |= Trspi_HashUpdate(c, key->encSize, key->encData); + + return result; +} + +TSS_RESULT +Trspi_Hash_UUID(Trspi_HashCtx *c, TSS_UUID uuid) +{ + TSS_RESULT result; + + result = Trspi_Hash_UINT32(c, uuid.ulTimeLow); + result |= Trspi_Hash_UINT16(c, uuid.usTimeMid); + result |= Trspi_Hash_UINT16(c, uuid.usTimeHigh); + result |= Trspi_Hash_BYTE(c, uuid.bClockSeqHigh); + result |= Trspi_Hash_BYTE(c, uuid.bClockSeqLow); + result |= Trspi_HashUpdate(c, sizeof(uuid.rgbNode), uuid.rgbNode); + + return result; +} + +TSS_RESULT +Trspi_Hash_PCR_EVENT(Trspi_HashCtx *c, TSS_PCR_EVENT *event) +{ + TSS_RESULT result; + + result = Trspi_Hash_VERSION(c, &event->versionInfo); + result |= Trspi_Hash_UINT32(c, event->ulPcrIndex); + result |= Trspi_Hash_UINT32(c, event->eventType); + + Trspi_Hash_UINT32(c, event->ulPcrValueLength); + if (event->ulPcrValueLength > 0) + result |= Trspi_HashUpdate(c, event->ulPcrValueLength, event->rgbPcrValue); + + result |= Trspi_Hash_UINT32(c, event->ulEventLength); + if (event->ulEventLength > 0) + result |= Trspi_HashUpdate(c, event->ulEventLength, event->rgbEvent); + + + return result; +} + +TSS_RESULT +Trspi_Hash_PRIVKEY_DIGEST12(Trspi_HashCtx *c, TPM_KEY12 *key) +{ + TSS_RESULT result; + + result = Trspi_Hash_UINT16(c, key->tag); + result |= Trspi_Hash_UINT16(c, key->fill); + result |= Trspi_Hash_UINT16(c, key->keyUsage); + result |= Trspi_Hash_KEY_FLAGS(c, &key->keyFlags); + result |= Trspi_Hash_BYTE(c, key->authDataUsage); + result |= Trspi_Hash_KEY_PARMS(c, &key->algorithmParms); + + result |= Trspi_Hash_UINT32(c, key->PCRInfoSize); + /* exclude pcrInfo when PCRInfoSize is 0 as spec'd in TPM 1.1b spec p.71 */ + if (key->PCRInfoSize != 0) + result |= Trspi_HashUpdate(c, key->PCRInfoSize, key->PCRInfo); + + Trspi_Hash_STORE_PUBKEY(c, &key->pubKey); + /* exclude encSize, encData as spec'd in TPM 1.1b spec p.71 */ + + return result; +} + +TSS_RESULT +Trspi_Hash_PRIVKEY_DIGEST(Trspi_HashCtx *c, TCPA_KEY *key) +{ + TSS_RESULT result; + + result = Trspi_Hash_VERSION(c, (TSS_VERSION *)&key->ver); + result |= Trspi_Hash_UINT16(c, key->keyUsage); + result |= Trspi_Hash_KEY_FLAGS(c, &key->keyFlags); + result |= Trspi_Hash_BYTE(c, key->authDataUsage); + result |= Trspi_Hash_KEY_PARMS(c, &key->algorithmParms); + + result |= Trspi_Hash_UINT32(c, key->PCRInfoSize); + /* exclude pcrInfo when PCRInfoSize is 0 as spec'd in TPM 1.1b spec p.71 */ + if (key->PCRInfoSize != 0) + result |= Trspi_HashUpdate(c, key->PCRInfoSize, key->PCRInfo); + + Trspi_Hash_STORE_PUBKEY(c, &key->pubKey); + /* exclude encSize, encData as spec'd in TPM 1.1b spec p.71 */ + + return result; +} + +TSS_RESULT +Trspi_Hash_SYMMETRIC_KEY(Trspi_HashCtx *c, TCPA_SYMMETRIC_KEY *key) +{ + TSS_RESULT result; + + result = Trspi_Hash_UINT32(c, key->algId); + result |= Trspi_Hash_UINT16(c, key->encScheme); + result |= Trspi_Hash_UINT16(c, key->size); + + if (key->size > 0) + result |= Trspi_HashUpdate(c, key->size, key->data); + + return result; +} + +TSS_RESULT +Trspi_Hash_IDENTITY_REQ(Trspi_HashCtx *c, TCPA_IDENTITY_REQ *req) +{ + TSS_RESULT result; + + result = Trspi_Hash_UINT32(c, req->asymSize); + result |= Trspi_Hash_UINT32(c, req->symSize); + result |= Trspi_Hash_KEY_PARMS(c, &req->asymAlgorithm); + result |= Trspi_Hash_KEY_PARMS(c, &req->symAlgorithm); + result |= Trspi_HashUpdate(c, req->asymSize, req->asymBlob); + result |= Trspi_HashUpdate(c, req->symSize, req->symBlob); + + return result; +} + +TSS_RESULT +Trspi_Hash_CHANGEAUTH_VALIDATE(Trspi_HashCtx *c, TPM_CHANGEAUTH_VALIDATE *caValidate) +{ + TSS_RESULT result; + + result = Trspi_HashUpdate(c, TCPA_SHA1_160_HASH_LEN, caValidate->newAuthSecret.authdata); + result |= Trspi_HashUpdate(c, TCPA_SHA1_160_HASH_LEN, caValidate->n1.nonce); + + return result; +} + +TSS_RESULT +Trspi_Hash_SYM_CA_ATTESTATION(Trspi_HashCtx *c, TCPA_SYM_CA_ATTESTATION *sym) +{ + TSS_RESULT result; + + result = Trspi_Hash_UINT32(c, sym->credSize); + result |= Trspi_Hash_KEY_PARMS(c, &sym->algorithm); + result |= Trspi_HashUpdate(c, sym->credSize, sym->credential); + + return result; +} + +TSS_RESULT +Trspi_Hash_ASYM_CA_CONTENTS(Trspi_HashCtx *c, TCPA_ASYM_CA_CONTENTS *asym) +{ + TSS_RESULT result; + + result = Trspi_Hash_SYMMETRIC_KEY(c, &asym->sessionKey); + result |= Trspi_HashUpdate(c, TCPA_SHA1_160_HASH_LEN, (BYTE *)&asym->idDigest); + + return result; +} + +TSS_RESULT +Trspi_Hash_BOUND_DATA(Trspi_HashCtx *c, TCPA_BOUND_DATA *bd, UINT32 payloadLength) +{ + TSS_RESULT result; + + result = Trspi_Hash_VERSION(c, (TSS_VERSION *)&bd->ver); + result |= Trspi_Hash_BYTE(c, bd->payload); + result |= Trspi_HashUpdate(c, payloadLength, bd->payloadData); + + return result; +} + +TSS_RESULT +Trspi_Hash_TRANSPORT_AUTH(Trspi_HashCtx *c, TPM_TRANSPORT_AUTH *a) +{ + TSS_RESULT result; + + result = Trspi_Hash_UINT16(c, a->tag); + result |= Trspi_HashUpdate(c, TPM_SHA1_160_HASH_LEN, a->authData.authdata); + + return result; +} + +TSS_RESULT +Trspi_Hash_TRANSPORT_LOG_IN(Trspi_HashCtx *c, TPM_TRANSPORT_LOG_IN *l) +{ + TSS_RESULT result; + + result = Trspi_Hash_UINT16(c, l->tag); + result |= Trspi_Hash_DIGEST(c, l->parameters.digest); + result |= Trspi_Hash_DIGEST(c, l->pubKeyHash.digest); + + return result; +} + +TSS_RESULT +Trspi_Hash_TRANSPORT_LOG_OUT(Trspi_HashCtx *c, TPM_TRANSPORT_LOG_OUT *l) +{ + TSS_RESULT result; + + result = Trspi_Hash_UINT16(c, l->tag); + result |= Trspi_Hash_CURRENT_TICKS(c, &l->currentTicks); + result |= Trspi_Hash_DIGEST(c, l->parameters.digest); + result |= Trspi_Hash_UINT32(c, l->locality); + + return result; +} + +TSS_RESULT +Trspi_Hash_CURRENT_TICKS(Trspi_HashCtx *c, TPM_CURRENT_TICKS *t) +{ + TSS_RESULT result; + + result = Trspi_Hash_UINT16(c, t->tag); + result |= Trspi_Hash_UINT64(c, t->currentTicks); + result |= Trspi_Hash_UINT16(c, t->tickRate); + result |= Trspi_Hash_NONCE(c, t->tickNonce.nonce); + + return result; +} + +TSS_RESULT +Trspi_Hash_SIGN_INFO(Trspi_HashCtx *c, TPM_SIGN_INFO *s) +{ + TSS_RESULT result; + + result = Trspi_Hash_UINT16(c, s->tag); + result |= Trspi_HashUpdate(c, 4, s->fixed); + result |= Trspi_Hash_NONCE(c, s->replay.nonce); + result |= Trspi_Hash_UINT32(c, s->dataLen); + result |= Trspi_HashUpdate(c, s->dataLen, s->data); + + return result; +} + +void +Trspi_UnloadBlob_COUNTER_VALUE(UINT64 *offset, BYTE *blob, TPM_COUNTER_VALUE *ctr) +{ + if (!ctr) { + Trspi_UnloadBlob_UINT16(offset, NULL, blob); + /* '4' is hard-coded in the spec */ + Trspi_UnloadBlob(offset, 4, blob, NULL); + Trspi_UnloadBlob_UINT32(offset, NULL, blob); + + return; + } + + Trspi_UnloadBlob_UINT16(offset, &ctr->tag, blob); + /* '4' is hard-coded in the spec */ + Trspi_UnloadBlob(offset, 4, blob, (BYTE *)&ctr->label); + Trspi_UnloadBlob_UINT32(offset, &ctr->counter, blob); +} + +void +Trspi_LoadBlob_COUNTER_VALUE(UINT64 *offset, BYTE *blob, TPM_COUNTER_VALUE *ctr) +{ + Trspi_LoadBlob_UINT16(offset, ctr->tag, blob); + Trspi_LoadBlob(offset, 4, blob, (BYTE *)&ctr->label); + Trspi_LoadBlob_UINT32(offset, ctr->counter, blob); +} + +void +Trspi_UnloadBlob_CURRENT_TICKS(UINT64 *offset, BYTE *blob, TPM_CURRENT_TICKS *ticks) +{ + if (!ticks) { + Trspi_UnloadBlob_UINT16(offset, NULL, blob); + Trspi_UnloadBlob_UINT64(offset, NULL, blob); + Trspi_UnloadBlob_UINT16(offset, NULL, blob); + Trspi_UnloadBlob(offset, sizeof(TPM_NONCE), blob, NULL); + + return; + } + + Trspi_UnloadBlob_UINT16(offset, &ticks->tag, blob); + Trspi_UnloadBlob_UINT64(offset, &ticks->currentTicks, blob); + Trspi_UnloadBlob_UINT16(offset, &ticks->tickRate, blob); + Trspi_UnloadBlob(offset, sizeof(TPM_NONCE), blob, (BYTE *)&ticks->tickNonce); +} + +void +Trspi_UnloadBlob_TRANSPORT_PUBLIC(UINT64 *offset, BYTE *blob, TPM_TRANSPORT_PUBLIC *t) +{ + Trspi_UnloadBlob_UINT16(offset, &t->tag, blob); + Trspi_UnloadBlob_UINT32(offset, &t->transAttributes, blob); + Trspi_UnloadBlob_UINT32(offset, &t->algId, blob); + Trspi_UnloadBlob_UINT16(offset, &t->encScheme, blob); +} + +void +Trspi_LoadBlob_TRANSPORT_PUBLIC(UINT64 *offset, BYTE *blob, TPM_TRANSPORT_PUBLIC *t) +{ + Trspi_LoadBlob_UINT16(offset, t->tag, blob); + Trspi_LoadBlob_UINT32(offset, t->transAttributes, blob); + Trspi_LoadBlob_UINT32(offset, t->algId, blob); + Trspi_LoadBlob_UINT16(offset, t->encScheme, blob); +} + +void +Trspi_LoadBlob_TRANSPORT_AUTH(UINT64 *offset, BYTE *blob, TPM_TRANSPORT_AUTH *t) +{ + Trspi_LoadBlob_UINT16(offset, t->tag, blob); + Trspi_LoadBlob(offset, TPM_SHA1_160_HASH_LEN, blob, t->authData.authdata); +} + +void +Trspi_LoadBlob_SIGN_INFO(UINT64 *offset, BYTE *blob, TPM_SIGN_INFO *s) +{ + Trspi_LoadBlob_UINT16(offset, s->tag, blob); + Trspi_LoadBlob(offset, 4, blob, s->fixed); + Trspi_LoadBlob(offset, TPM_SHA1_160_HASH_LEN, blob, s->replay.nonce); + Trspi_LoadBlob_UINT32(offset, s->dataLen, blob); + Trspi_LoadBlob(offset, s->dataLen, blob, s->data); +} + +TSS_RESULT +Trspi_UnloadBlob_CERTIFY_INFO(UINT64 *offset, BYTE *blob, TPM_CERTIFY_INFO *c) +{ + TSS_RESULT result; + + if (!c) { + UINT32 pcrInfoSize; + + Trspi_UnloadBlob_VERSION(offset, blob, NULL); + Trspi_UnloadBlob_UINT16(offset, NULL, blob); + Trspi_UnloadBlob_UINT32(offset, NULL, blob); + Trspi_UnloadBlob_BYTE(offset, NULL, blob); + Trspi_UnloadBlob_KEY_PARMS(offset, blob, NULL); + Trspi_UnloadBlob_DIGEST(offset, blob, NULL); + Trspi_UnloadBlob_NONCE(offset, blob, NULL); + Trspi_UnloadBlob_BOOL(offset, NULL, blob); + Trspi_UnloadBlob_UINT32(offset, &pcrInfoSize, blob); + + (*offset) += pcrInfoSize; + + return TSS_SUCCESS; + } + + Trspi_UnloadBlob_VERSION(offset, blob, &c->version); + Trspi_UnloadBlob_UINT16(offset, &c->keyUsage, blob); + Trspi_UnloadBlob_UINT32(offset, &c->keyFlags, blob); + Trspi_UnloadBlob_BYTE(offset, &c->authDataUsage, blob); + if ((result = Trspi_UnloadBlob_KEY_PARMS(offset, blob, &c->algorithmParms))) + return result; + Trspi_UnloadBlob_DIGEST(offset, blob, &c->pubkeyDigest); + Trspi_UnloadBlob_NONCE(offset, blob, &c->data); + Trspi_UnloadBlob_BOOL(offset, (TSS_BOOL *)&c->parentPCRStatus, blob); + Trspi_UnloadBlob_UINT32(offset, &c->PCRInfoSize, blob); + if (c->PCRInfoSize != 0) { + c->PCRInfo = malloc(sizeof(TPM_PCR_INFO)); + if (c->PCRInfo == NULL) { + LogError("malloc of %lu bytes failed.", sizeof(TPM_PCR_INFO)); + return TSPERR(TSS_E_OUTOFMEMORY); + } + } else { + c->PCRInfo = NULL; + } + Trspi_UnloadBlob_PCR_INFO(offset, blob, (TPM_PCR_INFO *)c->PCRInfo); + + return TSS_SUCCESS; +} + +void +Trspi_UnloadBlob_TPM_FAMILY_LABEL(UINT64 *offset, BYTE *blob, TPM_FAMILY_LABEL *label) +{ + if (!label) { + Trspi_UnloadBlob_BYTE(offset, NULL, blob); + + return; + } + + Trspi_UnloadBlob_BYTE(offset, &label->label, blob); +} + +void +Trspi_LoadBlob_TPM_FAMILY_LABEL(UINT64 *offset, BYTE *blob, TPM_FAMILY_LABEL *label) +{ + Trspi_LoadBlob_BYTE(offset, label->label, blob); +} + +void +Trspi_UnloadBlob_TPM_FAMILY_TABLE_ENTRY(UINT64 *offset, BYTE *blob, TPM_FAMILY_TABLE_ENTRY *entry) +{ + if (!entry) { + Trspi_UnloadBlob_UINT16(offset, NULL, blob); + Trspi_UnloadBlob_TPM_FAMILY_LABEL(offset, blob, NULL); + Trspi_UnloadBlob_UINT32(offset, NULL, blob); + Trspi_UnloadBlob_UINT32(offset, NULL, blob); + Trspi_UnloadBlob_UINT32(offset, NULL, blob); + + return; + } + + Trspi_UnloadBlob_UINT16(offset, &entry->tag, blob); + Trspi_UnloadBlob_TPM_FAMILY_LABEL(offset, blob, &entry->label); + Trspi_UnloadBlob_UINT32(offset, &entry->familyID, blob); + Trspi_UnloadBlob_UINT32(offset, &entry->verificationCount, blob); + Trspi_UnloadBlob_UINT32(offset, &entry->flags, blob); +} + +void +Trspi_LoadBlob_TPM_FAMILY_TABLE_ENTRY(UINT64 *offset, BYTE *blob, TPM_FAMILY_TABLE_ENTRY *entry) +{ + Trspi_LoadBlob_UINT16(offset, entry->tag, blob); + Trspi_LoadBlob_TPM_FAMILY_LABEL(offset, blob, &entry->label); + Trspi_LoadBlob_UINT32(offset, entry->familyID, blob); + Trspi_LoadBlob_UINT32(offset, entry->verificationCount, blob); + Trspi_LoadBlob_UINT32(offset, entry->flags, blob); +} + +void +Trspi_UnloadBlob_TPM_DELEGATE_LABEL(UINT64 *offset, BYTE *blob, TPM_DELEGATE_LABEL *label) +{ + if (!label) { + Trspi_UnloadBlob_BYTE(offset, NULL, blob); + + return; + } + + Trspi_UnloadBlob_BYTE(offset, &label->label, blob); +} + +void +Trspi_LoadBlob_TPM_DELEGATE_LABEL(UINT64 *offset, BYTE *blob, TPM_DELEGATE_LABEL *label) +{ + Trspi_LoadBlob_BYTE(offset, label->label, blob); +} + +void +Trspi_UnloadBlob_TPM_DELEGATIONS(UINT64 *offset, BYTE *blob, TPM_DELEGATIONS *delegations) +{ + if (!delegations) { + Trspi_UnloadBlob_UINT16(offset, NULL, blob); + Trspi_UnloadBlob_UINT32(offset, NULL, blob); + Trspi_UnloadBlob_UINT32(offset, NULL, blob); + Trspi_UnloadBlob_UINT32(offset, NULL, blob); + + return; + } + + Trspi_UnloadBlob_UINT16(offset, &delegations->tag, blob); + Trspi_UnloadBlob_UINT32(offset, &delegations->delegateType, blob); + Trspi_UnloadBlob_UINT32(offset, &delegations->per1, blob); + Trspi_UnloadBlob_UINT32(offset, &delegations->per2, blob); +} + +void +Trspi_LoadBlob_TPM_DELEGATIONS(UINT64 *offset, BYTE *blob, TPM_DELEGATIONS *delegations) +{ + Trspi_LoadBlob_UINT16(offset, delegations->tag, blob); + Trspi_LoadBlob_UINT32(offset, delegations->delegateType, blob); + Trspi_LoadBlob_UINT32(offset, delegations->per1, blob); + Trspi_LoadBlob_UINT32(offset, delegations->per2, blob); +} + +TSS_RESULT +Trspi_UnloadBlob_TPM_DELEGATE_PUBLIC(UINT64 *offset, BYTE *blob, TPM_DELEGATE_PUBLIC *pub) +{ + TSS_RESULT result; + + if (!pub) { + Trspi_UnloadBlob_UINT16(offset, NULL, blob); + Trspi_UnloadBlob_TPM_DELEGATE_LABEL(offset, blob, NULL); + (void)Trspi_UnloadBlob_PCR_INFO_SHORT(offset, blob, NULL); + Trspi_UnloadBlob_TPM_DELEGATIONS(offset, blob, NULL); + Trspi_UnloadBlob_UINT32(offset, NULL, blob); + Trspi_UnloadBlob_UINT32(offset, NULL, blob); + + return TSS_SUCCESS; + } + + Trspi_UnloadBlob_UINT16(offset, &pub->tag, blob); + Trspi_UnloadBlob_TPM_DELEGATE_LABEL(offset, blob, &pub->label); + if ((result = Trspi_UnloadBlob_PCR_INFO_SHORT(offset, blob, &pub->pcrInfo))) + return result; + Trspi_UnloadBlob_TPM_DELEGATIONS(offset, blob, &pub->permissions); + Trspi_UnloadBlob_UINT32(offset, &pub->familyID, blob); + Trspi_UnloadBlob_UINT32(offset, &pub->verificationCount, blob); + + return TSS_SUCCESS; +} + +void +Trspi_LoadBlob_TPM_DELEGATE_PUBLIC(UINT64 *offset, BYTE *blob, TPM_DELEGATE_PUBLIC *pub) +{ + Trspi_LoadBlob_UINT16(offset, pub->tag, blob); + Trspi_LoadBlob_TPM_DELEGATE_LABEL(offset, blob, &pub->label); + Trspi_LoadBlob_PCR_INFO_SHORT(offset, blob, &pub->pcrInfo); + Trspi_LoadBlob_TPM_DELEGATIONS(offset, blob, &pub->permissions); + Trspi_LoadBlob_UINT32(offset, pub->familyID, blob); + Trspi_LoadBlob_UINT32(offset, pub->verificationCount, blob); +} + +TSS_RESULT +Trspi_UnloadBlob_TPM_DELEGATE_OWNER_BLOB(UINT64 *offset, BYTE *blob, TPM_DELEGATE_OWNER_BLOB *owner) +{ + TSS_RESULT result; + + if (!owner) { + UINT32 additionalSize, sensitiveSize; + + Trspi_UnloadBlob_UINT16(offset, NULL, blob); + (void)Trspi_UnloadBlob_TPM_DELEGATE_PUBLIC(offset, blob, NULL); + Trspi_UnloadBlob_DIGEST(offset, blob, NULL); + Trspi_UnloadBlob_UINT32(offset, &additionalSize, blob); + (void)Trspi_UnloadBlob(offset, additionalSize, blob, NULL); + Trspi_UnloadBlob_UINT32(offset, &sensitiveSize, blob); + (void)Trspi_UnloadBlob(offset, sensitiveSize, blob, NULL); + + return TSS_SUCCESS; + } + + Trspi_UnloadBlob_UINT16(offset, &owner->tag, blob); + if ((result = Trspi_UnloadBlob_TPM_DELEGATE_PUBLIC(offset, blob, &owner->pub))) + return result; + Trspi_UnloadBlob_DIGEST(offset, blob, &owner->integrityDigest); + Trspi_UnloadBlob_UINT32(offset, &owner->additionalSize, blob); + if (owner->additionalSize > 0) { + owner->additionalArea = malloc(owner->additionalSize); + if (owner->additionalArea == NULL) { + LogError("malloc of %u bytes failed.", owner->additionalSize); + free(owner->pub.pcrInfo.pcrSelection.pcrSelect); + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(offset, owner->additionalSize, blob, owner->additionalArea); + } + Trspi_UnloadBlob_UINT32(offset, &owner->sensitiveSize, blob); + if (owner->sensitiveSize > 0) { + owner->sensitiveArea = malloc(owner->sensitiveSize); + if (owner->sensitiveArea == NULL) { + LogError("malloc of %u bytes failed.", owner->sensitiveSize); + free(owner->pub.pcrInfo.pcrSelection.pcrSelect); + free(owner->additionalArea); + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(offset, owner->sensitiveSize, blob, owner->sensitiveArea); + } + + return TSS_SUCCESS; +} + +void +Trspi_LoadBlob_TPM_DELEGATE_OWNER_BLOB(UINT64 *offset, BYTE *blob, TPM_DELEGATE_OWNER_BLOB *owner) +{ + Trspi_LoadBlob_UINT16(offset, owner->tag, blob); + Trspi_LoadBlob_TPM_DELEGATE_PUBLIC(offset, blob, &owner->pub); + Trspi_LoadBlob_DIGEST(offset, blob, &owner->integrityDigest); + Trspi_LoadBlob_UINT32(offset, owner->additionalSize, blob); + Trspi_LoadBlob(offset, owner->additionalSize, blob, owner->additionalArea); + Trspi_LoadBlob_UINT32(offset, owner->sensitiveSize, blob); + Trspi_LoadBlob(offset, owner->sensitiveSize, blob, owner->sensitiveArea); +} + +TSS_RESULT +Trspi_UnloadBlob_TPM_DELEGATE_KEY_BLOB(UINT64 *offset, BYTE *blob, TPM_DELEGATE_KEY_BLOB *key) +{ + TSS_RESULT result; + + if (!key) { + UINT32 additionalSize, sensitiveSize; + + Trspi_UnloadBlob_UINT16(offset, NULL, blob); + (void)Trspi_UnloadBlob_TPM_DELEGATE_PUBLIC(offset, blob, NULL); + Trspi_UnloadBlob_DIGEST(offset, blob, NULL); + Trspi_UnloadBlob_DIGEST(offset, blob, NULL); + Trspi_UnloadBlob_UINT32(offset, &additionalSize, blob); + (void)Trspi_UnloadBlob(offset, additionalSize, blob, NULL); + Trspi_UnloadBlob_UINT32(offset, &sensitiveSize, blob); + (void)Trspi_UnloadBlob(offset, sensitiveSize, blob, NULL); + + return TSS_SUCCESS; + } + + Trspi_UnloadBlob_UINT16(offset, &key->tag, blob); + if ((result = Trspi_UnloadBlob_TPM_DELEGATE_PUBLIC(offset, blob, &key->pub))) + return result; + Trspi_UnloadBlob_DIGEST(offset, blob, &key->integrityDigest); + Trspi_UnloadBlob_DIGEST(offset, blob, &key->pubKeyDigest); + Trspi_UnloadBlob_UINT32(offset, &key->additionalSize, blob); + if (key->additionalSize > 0) { + key->additionalArea = malloc(key->additionalSize); + if (key->additionalArea == NULL) { + LogError("malloc of %u bytes failed.", key->additionalSize); + free(key->pub.pcrInfo.pcrSelection.pcrSelect); + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(offset, key->additionalSize, blob, key->additionalArea); + } + Trspi_UnloadBlob_UINT32(offset, &key->sensitiveSize, blob); + if (key->sensitiveSize > 0) { + key->sensitiveArea = malloc(key->sensitiveSize); + if (key->sensitiveArea == NULL) { + LogError("malloc of %u bytes failed.", key->sensitiveSize); + free(key->pub.pcrInfo.pcrSelection.pcrSelect); + free(key->additionalArea); + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(offset, key->sensitiveSize, blob, key->sensitiveArea); + } + + return TSS_SUCCESS; +} + +void +Trspi_LoadBlob_TPM_DELEGATE_KEY_BLOB(UINT64 *offset, BYTE *blob, TPM_DELEGATE_KEY_BLOB *key) +{ + Trspi_LoadBlob_UINT16(offset, key->tag, blob); + Trspi_LoadBlob_TPM_DELEGATE_PUBLIC(offset, blob, &key->pub); + Trspi_LoadBlob_DIGEST(offset, blob, &key->integrityDigest); + Trspi_LoadBlob_DIGEST(offset, blob, &key->pubKeyDigest); + Trspi_LoadBlob_UINT32(offset, key->additionalSize, blob); + Trspi_LoadBlob(offset, key->additionalSize, blob, key->additionalArea); + Trspi_LoadBlob_UINT32(offset, key->sensitiveSize, blob); + Trspi_LoadBlob(offset, key->sensitiveSize, blob, key->sensitiveArea); +} + +void +Trspi_UnloadBlob_TSS_FAMILY_TABLE_ENTRY(UINT64 *offset, BYTE *blob, TSS_FAMILY_TABLE_ENTRY *entry) +{ + if (!entry) { + Trspi_UnloadBlob_UINT32(offset, NULL, blob); + Trspi_UnloadBlob_BYTE(offset, NULL, blob); + Trspi_UnloadBlob_UINT32(offset, NULL, blob); + Trspi_UnloadBlob_BOOL(offset, NULL, blob); + Trspi_UnloadBlob_BOOL(offset, NULL, blob); + + return; + } + + Trspi_UnloadBlob_UINT32(offset, &entry->familyID, blob); + Trspi_UnloadBlob_BYTE(offset, &entry->label, blob); + Trspi_UnloadBlob_UINT32(offset, &entry->verificationCount, blob); + Trspi_UnloadBlob_BOOL(offset, &entry->enabled, blob); + Trspi_UnloadBlob_BOOL(offset, &entry->locked, blob); +} + +void +Trspi_LoadBlob_TSS_FAMILY_TABLE_ENTRY(UINT64 *offset, BYTE *blob, TSS_FAMILY_TABLE_ENTRY *entry) +{ + Trspi_LoadBlob_UINT32(offset, entry->familyID, blob); + Trspi_LoadBlob_BYTE(offset, entry->label, blob); + Trspi_LoadBlob_UINT32(offset, entry->verificationCount, blob); + Trspi_LoadBlob_BOOL(offset, entry->enabled, blob); + Trspi_LoadBlob_BOOL(offset, entry->locked, blob); +} + +TSS_RESULT +Trspi_UnloadBlob_TSS_PCR_INFO_SHORT(UINT64 *offset, BYTE *blob, TSS_PCR_INFO_SHORT *pcr) +{ + if (!pcr) { + UINT32 sizeOfSelect, sizeOfDigestAtRelease; + + Trspi_UnloadBlob_UINT32(offset, &sizeOfSelect, blob); + (void)Trspi_UnloadBlob(offset, sizeOfSelect, blob, NULL); + Trspi_UnloadBlob_BYTE(offset, NULL, blob); + Trspi_UnloadBlob_UINT32(offset, &sizeOfDigestAtRelease, blob); + (void)Trspi_UnloadBlob(offset, sizeOfDigestAtRelease, blob, NULL); + + return TSS_SUCCESS; + } + + Trspi_UnloadBlob_UINT32(offset, &pcr->sizeOfSelect, blob); + if (pcr->sizeOfSelect > 0) { + pcr->selection = malloc(pcr->sizeOfSelect); + if (pcr->selection == NULL) { + LogError("malloc of %u bytes failed.", pcr->sizeOfSelect); + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(offset, pcr->sizeOfSelect, blob, pcr->selection); + } else { + pcr->selection = NULL; + } + Trspi_UnloadBlob_BYTE(offset, &pcr->localityAtRelease, blob); + Trspi_UnloadBlob_UINT32(offset, &pcr->sizeOfDigestAtRelease, blob); + if (pcr->sizeOfDigestAtRelease > 0) { + pcr->digestAtRelease = malloc(pcr->sizeOfDigestAtRelease); + if (pcr->digestAtRelease == NULL) { + LogError("malloc of %u bytes failed.", pcr->sizeOfDigestAtRelease); + free(pcr->selection); + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(offset, pcr->sizeOfDigestAtRelease, blob, pcr->digestAtRelease); + } else { + pcr->digestAtRelease = NULL; + } + + return TSS_SUCCESS; +} + +void +Trspi_LoadBlob_TSS_PCR_INFO_SHORT(UINT64 *offset, BYTE *blob, TSS_PCR_INFO_SHORT *pcr) +{ + Trspi_LoadBlob_UINT32(offset, pcr->sizeOfSelect, blob); + Trspi_LoadBlob(offset, pcr->sizeOfSelect, blob, pcr->selection); + Trspi_LoadBlob_BYTE(offset, pcr->localityAtRelease, blob); + Trspi_LoadBlob_UINT32(offset, pcr->sizeOfDigestAtRelease, blob); + Trspi_LoadBlob(offset, pcr->sizeOfDigestAtRelease, blob, pcr->digestAtRelease); +} + +TSS_RESULT +Trspi_UnloadBlob_TSS_DELEGATION_TABLE_ENTRY(UINT64 *offset, BYTE *blob, + TSS_DELEGATION_TABLE_ENTRY *entry) +{ + TSS_RESULT result; + + if (!entry) { + Trspi_UnloadBlob_UINT32(offset, NULL, blob); + Trspi_UnloadBlob_BYTE(offset, NULL, blob); + (void)Trspi_UnloadBlob_TSS_PCR_INFO_SHORT(offset, blob, NULL); + Trspi_UnloadBlob_UINT32(offset, NULL, blob); + Trspi_UnloadBlob_UINT32(offset, NULL, blob); + Trspi_UnloadBlob_UINT32(offset, NULL, blob); + Trspi_UnloadBlob_UINT32(offset, NULL, blob); + + return TSS_SUCCESS; + } + + Trspi_UnloadBlob_UINT32(offset, &entry->tableIndex, blob); + Trspi_UnloadBlob_BYTE(offset, &entry->label, blob); + if ((result = Trspi_UnloadBlob_TSS_PCR_INFO_SHORT(offset, blob, &entry->pcrInfo))) + return result; + Trspi_UnloadBlob_UINT32(offset, &entry->per1, blob); + Trspi_UnloadBlob_UINT32(offset, &entry->per2, blob); + Trspi_UnloadBlob_UINT32(offset, &entry->familyID, blob); + Trspi_UnloadBlob_UINT32(offset, &entry->verificationCount, blob); + + return TSS_SUCCESS; +} + +void +Trspi_LoadBlob_TSS_DELEGATION_TABLE_ENTRY(UINT64 *offset, BYTE *blob, + TSS_DELEGATION_TABLE_ENTRY *entry) +{ + Trspi_LoadBlob_UINT32(offset, entry->tableIndex, blob); + Trspi_LoadBlob_BYTE(offset, entry->label, blob); + Trspi_LoadBlob_TSS_PCR_INFO_SHORT(offset, blob, &entry->pcrInfo); + Trspi_LoadBlob_UINT32(offset, entry->per1, blob); + Trspi_LoadBlob_UINT32(offset, entry->per2, blob); + Trspi_LoadBlob_UINT32(offset, entry->familyID, blob); + Trspi_LoadBlob_UINT32(offset, entry->verificationCount, blob); +} + +TSS_RESULT +Trspi_UnloadBlob_PCR_COMPOSITE(UINT64 *offset, BYTE *blob, TCPA_PCR_COMPOSITE *out) +{ + TSS_RESULT result; + + if (!out) { + UINT32 valueSize; + + Trspi_UnloadBlob_PCR_SELECTION(offset, blob, NULL); + Trspi_UnloadBlob_UINT32(offset, &valueSize, blob); + Trspi_UnloadBlob(offset, valueSize, blob, NULL); + + return TSS_SUCCESS; + } + + if ((result = Trspi_UnloadBlob_PCR_SELECTION(offset, blob, &out->select))) + return result; + + Trspi_UnloadBlob_UINT32(offset, &out->valueSize, blob); + out->pcrValue = malloc(out->valueSize); + if (out->pcrValue == NULL) { + LogError("malloc of %u bytes failed.", out->valueSize); + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(offset, out->valueSize, blob, (BYTE *)out->pcrValue); + + return TSS_SUCCESS; +} + +TSS_RESULT +Trspi_UnloadBlob_MIGRATIONKEYAUTH(UINT64 *offset, BYTE *blob, TPM_MIGRATIONKEYAUTH *migAuth) +{ + TSS_RESULT result; + + if (!migAuth) { + (void)Trspi_UnloadBlob_PUBKEY(offset, blob, NULL); + Trspi_UnloadBlob_UINT16(offset, NULL, blob); + Trspi_UnloadBlob_DIGEST(offset, blob, NULL); + + return TSS_SUCCESS; + } + + if ((result = Trspi_UnloadBlob_PUBKEY(offset, blob, &migAuth->migrationKey))) + return result; + + Trspi_UnloadBlob_UINT16(offset, &migAuth->migrationScheme, blob); + Trspi_UnloadBlob_DIGEST(offset, blob, &migAuth->digest); + + return TSS_SUCCESS; +} + +void +Trspi_LoadBlob_MIGRATIONKEYAUTH(UINT64 *offset, BYTE *blob, TPM_MIGRATIONKEYAUTH *migAuth) +{ + Trspi_LoadBlob_PUBKEY(offset, blob, &migAuth->migrationKey); + Trspi_LoadBlob_UINT16(offset, migAuth->migrationScheme, blob); + Trspi_LoadBlob_DIGEST(offset, blob, &migAuth->digest); +} + +void +Trspi_LoadBlob_MSA_COMPOSITE(UINT64 *offset, BYTE *blob, TPM_MSA_COMPOSITE *msaComp) +{ + UINT32 i; + + Trspi_LoadBlob_UINT32(offset, msaComp->MSAlist, blob); + for (i = 0; i < msaComp->MSAlist; i++) + Trspi_LoadBlob_DIGEST(offset, blob, &msaComp->migAuthDigest[i]); +} + +void +Trspi_LoadBlob_CMK_AUTH(UINT64 *offset, BYTE *blob, TPM_CMK_AUTH *cmkAuth) +{ + Trspi_LoadBlob_DIGEST(offset, blob, &cmkAuth->migrationAuthorityDigest); + Trspi_LoadBlob_DIGEST(offset, blob, &cmkAuth->destinationKeyDigest); + Trspi_LoadBlob_DIGEST(offset, blob, &cmkAuth->sourceKeyDigest); +} + +TSS_RESULT +Trspi_Hash_MSA_COMPOSITE(Trspi_HashCtx *c, TPM_MSA_COMPOSITE *m) +{ + UINT32 i; + TPM_DIGEST *digest; + TSS_RESULT result; + + result = Trspi_Hash_UINT32(c, m->MSAlist); + digest = m->migAuthDigest; + for (i = 0; i < m->MSAlist; i++) { + result |= Trspi_Hash_DIGEST(c, digest->digest); + digest++; + } + + return result; +} + +TSS_RESULT +Trspi_UnloadBlob_TSS_PLATFORM_CLASS(UINT64 *offset, BYTE *blob, TSS_PLATFORM_CLASS *platClass) +{ + if (!platClass){ + UINT32 classURISize; + + Trspi_UnloadBlob_UINT32(offset, NULL, blob); + Trspi_UnloadBlob_UINT32(offset, &classURISize, blob); + Trspi_UnloadBlob(offset, classURISize, blob, NULL); + + return TSS_SUCCESS; + } + Trspi_UnloadBlob_UINT32(offset, &platClass->platformClassSimpleIdentifier, blob); + Trspi_UnloadBlob_UINT32(offset, &platClass->platformClassURISize, blob); + + platClass->pPlatformClassURI = malloc(platClass->platformClassURISize); + if (platClass->pPlatformClassURI == NULL) { + LogError("malloc of %u bytes failed.", platClass->platformClassURISize); + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(offset, platClass->platformClassURISize, blob, + (BYTE *)platClass->pPlatformClassURI); + + return TSS_SUCCESS; +} + +void +Trspi_LoadBlob_CAP_VERSION_INFO(UINT64 *offset, BYTE *blob, TPM_CAP_VERSION_INFO *v) +{ + Trspi_LoadBlob_UINT16(offset, v->tag, blob); + Trspi_LoadBlob_TCPA_VERSION(offset, blob, *(TCPA_VERSION *)(&v->version)); + Trspi_LoadBlob_UINT16(offset, v->specLevel, blob); + Trspi_LoadBlob_BYTE(offset, v->errataRev, blob); + Trspi_LoadBlob(offset, sizeof(v->tpmVendorID), blob, v->tpmVendorID); + Trspi_LoadBlob_UINT16(offset, v->vendorSpecificSize, blob); + Trspi_LoadBlob(offset, v->vendorSpecificSize, blob, v->vendorSpecific); +} + +TSS_RESULT +Trspi_UnloadBlob_CAP_VERSION_INFO(UINT64 *offset, BYTE *blob, TPM_CAP_VERSION_INFO *v) +{ + if (!v) { + UINT16 vendorSpecificSize; + + Trspi_UnloadBlob_UINT16(offset, NULL, blob); + Trspi_UnloadBlob_VERSION(offset, blob, NULL); + Trspi_UnloadBlob_UINT16(offset, NULL, blob); + Trspi_UnloadBlob_BYTE(offset, NULL, blob); + Trspi_UnloadBlob(offset, 4, blob, NULL); + Trspi_UnloadBlob_UINT16(offset, &vendorSpecificSize, blob); + + (*offset) += vendorSpecificSize; + + return TSS_SUCCESS; + } + + Trspi_UnloadBlob_UINT16(offset, &v->tag, blob); + Trspi_UnloadBlob_VERSION(offset, blob, (TCPA_VERSION *)&v->version); + Trspi_UnloadBlob_UINT16(offset, &v->specLevel, blob); + Trspi_UnloadBlob_BYTE(offset, &v->errataRev, blob); + Trspi_UnloadBlob(offset, sizeof(v->tpmVendorID), blob, v->tpmVendorID); + Trspi_UnloadBlob_UINT16(offset, &v->vendorSpecificSize, blob); + + if (v->vendorSpecificSize > 0) { + if ((v->vendorSpecific = malloc(v->vendorSpecificSize)) == NULL) { + LogError("malloc of %u bytes failed.", v->vendorSpecificSize); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + Trspi_UnloadBlob(offset, v->vendorSpecificSize, blob, v->vendorSpecific); + } else { + v->vendorSpecific = NULL; + } + + return TSS_SUCCESS; +} + +TSS_RESULT +Trspi_UnloadBlob_NV_INDEX(UINT64 *offset, BYTE *blob, TPM_NV_INDEX *v) +{ + if (!v) { + Trspi_UnloadBlob_UINT32(offset, NULL, blob); + + return TSS_SUCCESS; + } + + Trspi_UnloadBlob_UINT32(offset, v, blob); + + return TSS_SUCCESS; +} + +TSS_RESULT +Trspi_UnloadBlob_NV_ATTRIBUTES(UINT64 *offset, BYTE *blob, TPM_NV_ATTRIBUTES *v) +{ + if (!v) { + Trspi_UnloadBlob_UINT16(offset, NULL, blob); + Trspi_UnloadBlob_UINT32(offset, NULL, blob); + + return TSS_SUCCESS; + } + + Trspi_UnloadBlob_UINT16(offset, &v->tag, blob); + Trspi_UnloadBlob_UINT32(offset, &v->attributes, blob); + + return TSS_SUCCESS; +} + +TSS_RESULT +Trspi_UnloadBlob_NV_DATA_PUBLIC(UINT64 *offset, BYTE *blob, TPM_NV_DATA_PUBLIC *v) +{ + if (!v) { + Trspi_UnloadBlob_UINT16(offset, NULL, blob); + Trspi_UnloadBlob_NV_INDEX(offset, blob, NULL); + Trspi_UnloadBlob_PCR_INFO_SHORT(offset, blob, NULL); + Trspi_UnloadBlob_PCR_INFO_SHORT(offset, blob, NULL); + Trspi_UnloadBlob_NV_ATTRIBUTES(offset, blob, NULL); + Trspi_UnloadBlob_BYTE(offset, NULL, blob); + Trspi_UnloadBlob_BYTE(offset, NULL, blob); + Trspi_UnloadBlob_BYTE(offset, NULL, blob); + Trspi_UnloadBlob_UINT32(offset, NULL, blob); + + return TSS_SUCCESS; + } + + Trspi_UnloadBlob_UINT16(offset, &v->tag, blob); + Trspi_UnloadBlob_NV_INDEX(offset, blob, &v->nvIndex); + Trspi_UnloadBlob_PCR_INFO_SHORT(offset, blob, &v->pcrInfoRead); + Trspi_UnloadBlob_PCR_INFO_SHORT(offset, blob, &v->pcrInfoWrite); + Trspi_UnloadBlob_NV_ATTRIBUTES(offset, blob, &v->permission); + Trspi_UnloadBlob_BYTE(offset, &v->bReadSTClear, blob); + Trspi_UnloadBlob_BYTE(offset, &v->bWriteSTClear, blob); + Trspi_UnloadBlob_BYTE(offset, &v->bWriteDefine, blob); + Trspi_UnloadBlob_UINT32(offset, &v->dataSize, blob); + + return TSS_SUCCESS; +} diff --git a/src/tspi/Makefile.am b/src/tspi/Makefile.am new file mode 100644 index 0000000..6b31e51 --- /dev/null +++ b/src/tspi/Makefile.am @@ -0,0 +1,235 @@ +lib_LTLIBRARIES=libtspi.la + +libtspi_la_LIBADD=${top_builddir}/src/trspi/libtrousers.la + +# On setting -version-info, from the libtool manual: +# +# -version-info current:revision:age +# +# 1. Start with version information of 0:0:0 for each libtool library. +# 2. Update the version information only immediately before a public release of your software. +# More frequent updates are unnecessary, and only guarantee that the current interface +# number gets larger faster. +# 3. If the library source code has changed at all since the last update, then increment +# revision (c:r:a becomes c:r+1:a). +# 4. If any interfaces have been added, removed, or changed since the last update, increment +# current, and set revision to 0. +# 5. If any interfaces have been added since the last public release, then increment age. +# 6. If any interfaces have been removed since the last public release, then set age to 0. + +libtspi_la_LDFLAGS=-version-info 3:0:2 -lpthread @CRYPTOLIB@ + +libtspi_la_CFLAGS=-I$(top_srcdir)/src/include -DAPPID=\"TSPI\" -DVAR_PREFIX=\"@localstatedir@\" -DETC_PREFIX=\"@sysconfdir@\" + +libtspi_la_SOURCES=log.c \ + spi_utils.c \ + obj.c \ + obj_policy.c \ + tsp_policy.c \ + obj_tpm.c \ + obj_context.c \ + tsp_context_mem.c \ + tspi_context.c \ + rpc/@RPC@/rpc_context.c \ + rpc/tcs_api.c \ + rpc/hosttable.c \ + rpc/@RPC@/rpc.c + +if TSS_BUILD_ASYM_CRYPTO +libtspi_la_SOURCES+=tsp_asym.c +endif +if TSS_BUILD_TSS12 +# This is for individual APIs that exist outside TSS 1.2, but may have some TSS 1.2 internal +# features/options such as Tspi_TPM_SetStatus +libtspi_la_SOURCES+=tspi_oper.c tsp_oper.c rpc/@RPC@/rpc_oper.c +libtspi_la_CFLAGS+=-DTSS_BUILD_TSS12 +endif +if TSS_BUILD_TRANSPORT +libtspi_la_SOURCES+=tspi_transport.c rpc/@RPC@/rpc_transport.c +libtspi_la_CFLAGS+=-DTSS_BUILD_TRANSPORT +endif +if TSS_BUILD_TICK +libtspi_la_SOURCES+=tspi_tick.c tsp_tick.c rpc/@RPC@/rpc_tick.c +libtspi_la_CFLAGS+=-DTSS_BUILD_TICK +endif +if TSS_BUILD_COUNTER +libtspi_la_SOURCES+=tspi_counter.c tsp_counter.c rpc/@RPC@/rpc_counter.c +libtspi_la_CFLAGS+=-DTSS_BUILD_COUNTER +endif +if TSS_BUILD_PCR_COMP12 +libtspi_la_SOURCES+=tspi_pcr_comp12.c +endif +if TSS_BUILD_AUTH +libtspi_la_SOURCES+=tsp_auth.c rpc/@RPC@/rpc_auth.c +libtspi_la_CFLAGS+=-DTSS_BUILD_AUTH +endif +if TSS_BUILD_GETSET +libtspi_la_SOURCES+=tspi_getset.c +libtspi_la_CFLAGS+=-DTSS_BUILD_GETSET +endif +if TSS_BUILD_RANDOM +libtspi_la_SOURCES+=tspi_random.c tsp_random.c rpc/@RPC@/rpc_random.c +libtspi_la_CFLAGS+=-DTSS_BUILD_RANDOM +endif +if TSS_BUILD_CAPS +libtspi_la_SOURCES+=tspi_caps.c tsp_caps.c rpc/@RPC@/rpc_caps.c +libtspi_la_CFLAGS+=-DTSS_BUILD_CAPS +endif +if TSS_BUILD_CAPS_TPM +libtspi_la_SOURCES+=tspi_caps_tpm.c tsp_caps_tpm.c rpc/@RPC@/rpc_caps_tpm.c +libtspi_la_CFLAGS+=-DTSS_BUILD_CAPS_TPM +endif +if TSS_BUILD_POLICY +libtspi_la_SOURCES+=tspi_policy.c +libtspi_la_CFLAGS+=-DTSS_BUILD_POLICY +endif +if TSS_BUILD_DIR +libtspi_la_SOURCES+=tspi_dir.c tsp_dir.c rpc/@RPC@/rpc_dir.c +libtspi_la_CFLAGS+=-DTSS_BUILD_DIR +endif +if TSS_BUILD_PCR_EVENTS +libtspi_la_SOURCES+=tspi_pcr_events.c rpc/@RPC@/rpc_evlog.c +libtspi_la_CFLAGS+=-DTSS_BUILD_PCR_EVENTS +endif +if TSS_BUILD_HASH +libtspi_la_SOURCES+=tspi_hash.c +libtspi_la_CFLAGS+=-DTSS_BUILD_HASH +endif +if TSS_BUILD_SIGN +libtspi_la_SOURCES+=tspi_sign.c tsp_sign.c rpc/@RPC@/rpc_sign.c +libtspi_la_CFLAGS+=-DTSS_BUILD_SIGN +endif +if TSS_BUILD_QUOTE +libtspi_la_SOURCES+=tspi_quote.c tsp_quote.c rpc/@RPC@/rpc_quote.c +libtspi_la_CFLAGS+=-DTSS_BUILD_QUOTE +endif +if TSS_BUILD_PCR_COMP +libtspi_la_SOURCES+=tspi_pcr_comp.c +libtspi_la_CFLAGS+=-DTSS_BUILD_PCR_COMP +endif +if TSS_BUILD_SEAL +libtspi_la_SOURCES+=tspi_seal.c rpc/@RPC@/rpc_seal.c +libtspi_la_CFLAGS+=-DTSS_BUILD_SEAL +endif +if TSS_BUILD_CHANGEAUTH +libtspi_la_SOURCES+=tspi_changeauth.c tsp_changeauth.c rpc/@RPC@/rpc_changeauth.c +libtspi_la_CFLAGS+=-DTSS_BUILD_CHANGEAUTH +endif +if TSS_BUILD_BIND +libtspi_la_SOURCES+=tspi_bind.c tsp_bind.c rpc/@RPC@/rpc_bind.c +libtspi_la_CFLAGS+=-DTSS_BUILD_BIND +endif +if TSS_BUILD_OWN +libtspi_la_SOURCES+=tsp_own.c tspi_own.c rpc/@RPC@/rpc_own.c +libtspi_la_CFLAGS+=-DTSS_BUILD_OWN +endif +if TSS_BUILD_PS +libtspi_la_SOURCES+=ps/ps_utils.c ps/tspps.c tspi_ps.c rpc/@RPC@/rpc_ps.c tsp_ps.c +libtspi_la_CFLAGS+=-DTSS_BUILD_PS +endif +if TSS_BUILD_ADMIN +libtspi_la_SOURCES+=tspi_admin.c tsp_admin.c rpc/@RPC@/rpc_admin.c +libtspi_la_CFLAGS+=-DTSS_BUILD_ADMIN +endif +if TSS_BUILD_AIK +libtspi_la_SOURCES+=tspi_aik.c tsp_aik.c rpc/@RPC@/rpc_aik.c +libtspi_la_CFLAGS+=-DTSS_BUILD_AIK +endif +if TSS_BUILD_EK +libtspi_la_SOURCES+=tspi_ek.c tsp_ek.c rpc/@RPC@/rpc_ek.c +libtspi_la_CFLAGS+=-DTSS_BUILD_EK +endif +if TSS_BUILD_CERTIFY +libtspi_la_SOURCES+=tspi_certify.c tsp_certify.c rpc/@RPC@/rpc_certify.c +libtspi_la_CFLAGS+=-DTSS_BUILD_CERTIFY +endif +if TSS_BUILD_KEY +libtspi_la_SOURCES+=tspi_key.c rpc/@RPC@/rpc_key.c +libtspi_la_CFLAGS+=-DTSS_BUILD_KEY +endif +if TSS_BUILD_MAINT +libtspi_la_SOURCES+=tspi_maint.c tsp_maint.c rpc/@RPC@/rpc_maint.c +libtspi_la_CFLAGS+=-DTSS_BUILD_MAINT +endif +if TSS_BUILD_MIGRATION +libtspi_la_SOURCES+=tspi_migration.c tsp_migration.c rpc/@RPC@/rpc_migration.c +libtspi_la_CFLAGS+=-DTSS_BUILD_MIGRATION +endif +if TSS_BUILD_PCR_EXTEND +libtspi_la_SOURCES+=tspi_pcr_extend.c tsp_pcr_extend.c rpc/@RPC@/rpc_pcr_extend.c +libtspi_la_CFLAGS+=-DTSS_BUILD_PCR_EXTEND +endif +if TSS_BUILD_SELFTEST +libtspi_la_SOURCES+=tspi_selftest.c tsp_selftest.c rpc/@RPC@/rpc_selftest.c +libtspi_la_CFLAGS+=-DTSS_BUILD_SELFTEST +endif +if TSS_BUILD_DAA +libtspi_la_SOURCES+=tspi_daa.c tsp_daa.c \ + rpc/@RPC@/rpc_daa.c \ + daa/daa_issuer/keypair_generator.c daa/daa_issuer/prime_gen.c \ + daa/daa_issuer/key_correctness_proof.c daa/daa_platform/platform.c \ + daa/daa_issuer/issuer_init.c daa/daa_issuer/issue_credential.c \ + daa/daa_verifier/verifier_transaction.c daa/daa_verifier/verifier.c \ + daa/daa_structs.c daa/daa_parameter.c daa/big_integer/bi_gmp.c \ + daa/big_integer/bi_openssl.c daa/daa_anonymityrevocation/csencryption_result.c \ + daa/big_integer/bi.c daa/utils/list.c +libtspi_la_CFLAGS+=-DTSS_BUILD_DAA +endif +if TSS_BUILD_GET_FLAGS +libtspi_la_SOURCES+=tsp_get_flags.c +endif +if TSS_BUILD_PCRS_LIST +libtspi_la_SOURCES+=obj_pcrs.c tsp_pcr.c +libtspi_la_CFLAGS+=-DTSS_BUILD_PCRS_LIST +endif +if TSS_BUILD_HASH_LIST +libtspi_la_SOURCES+=obj_hash.c +libtspi_la_CFLAGS+=-DTSS_BUILD_HASH_LIST +endif +if TSS_BUILD_ENCDATA_LIST +libtspi_la_SOURCES+=obj_encdata.c +libtspi_la_CFLAGS+=-DTSS_BUILD_ENCDATA_LIST +endif +if TSS_BUILD_RSAKEY_LIST +libtspi_la_SOURCES+=obj_rsakey.c tsp_key.c +libtspi_la_CFLAGS+=-DTSS_BUILD_RSAKEY_LIST +endif +if TSS_BUILD_ASN1 +libtspi_la_SOURCES+=tspi_asn1.c +libtspi_la_CFLAGS+=-DTSS_BUILD_ASN1 +endif +if TSS_BUILD_AUDIT +libtspi_la_SOURCES+=tspi_audit.c tsp_audit.c rpc/@RPC@/rpc_audit.c +libtspi_la_CFLAGS+=-DTSS_BUILD_AUDIT +endif +if TSS_BUILD_SEALX +libtspi_la_SOURCES+=tsp_seal.c +libtspi_la_CFLAGS+=-DTSS_BUILD_SEALX +endif +if TSS_BUILD_QUOTE2 +libtspi_la_SOURCES+=tspi_quote2.c tsp_quote2.c rpc/@RPC@/rpc_quote2.c +libtspi_la_CFLAGS+=-DTSS_BUILD_QUOTE2 +endif + +if HAVE_GTK +libtspi_la_CFLAGS+=@GTK_CFLAGS@ +libtspi_la_LDFLAGS+=@GTK_LIBS@ +libtspi_la_SOURCES+=gtk/main.c gtk/support.c gtk/interface.c gtk/callbacks.c +endif +if OPENSSL_UI +libtspi_la_LDFLAGS+=-lssl +libtspi_la_SOURCES+=ssl_ui.c +endif + +if TSS_BUILD_NV +libtspi_la_SOURCES+=tspi_nv.c obj_nv.c tsp_nv.c rpc/@RPC@/rpc_nv.c +libtspi_la_CFLAGS+=-DTSS_BUILD_NV +endif +if TSS_BUILD_DELEGATION +libtspi_la_SOURCES+=tspi_delegate.c tsp_delegate.c obj_delfamily.c rpc/@RPC@/rpc_delegate.c +libtspi_la_CFLAGS+=-DTSS_BUILD_DELEGATION +endif +if TSS_BUILD_CMK +libtspi_la_SOURCES+=tspi_cmk.c obj_migdata.c rpc/@RPC@/rpc_cmk.c +libtspi_la_CFLAGS+=-DTSS_BUILD_CMK +endif diff --git a/src/tspi/Makefile.in b/src/tspi/Makefile.in new file mode 100644 index 0000000..1d4bd1d --- /dev/null +++ b/src/tspi/Makefile.in @@ -0,0 +1,2030 @@ +# Makefile.in generated by automake 1.11.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +target_triplet = @target@ +@TSS_BUILD_ASYM_CRYPTO_TRUE@am__append_1 = tsp_asym.c +# This is for individual APIs that exist outside TSS 1.2, but may have some TSS 1.2 internal +# features/options such as Tspi_TPM_SetStatus +@TSS_BUILD_TSS12_TRUE@am__append_2 = tspi_oper.c tsp_oper.c rpc/@RPC@/rpc_oper.c +@TSS_BUILD_TSS12_TRUE@am__append_3 = -DTSS_BUILD_TSS12 +@TSS_BUILD_TRANSPORT_TRUE@am__append_4 = tspi_transport.c rpc/@RPC@/rpc_transport.c +@TSS_BUILD_TRANSPORT_TRUE@am__append_5 = -DTSS_BUILD_TRANSPORT +@TSS_BUILD_TICK_TRUE@am__append_6 = tspi_tick.c tsp_tick.c rpc/@RPC@/rpc_tick.c +@TSS_BUILD_TICK_TRUE@am__append_7 = -DTSS_BUILD_TICK +@TSS_BUILD_COUNTER_TRUE@am__append_8 = tspi_counter.c tsp_counter.c rpc/@RPC@/rpc_counter.c +@TSS_BUILD_COUNTER_TRUE@am__append_9 = -DTSS_BUILD_COUNTER +@TSS_BUILD_PCR_COMP12_TRUE@am__append_10 = tspi_pcr_comp12.c +@TSS_BUILD_AUTH_TRUE@am__append_11 = tsp_auth.c rpc/@RPC@/rpc_auth.c +@TSS_BUILD_AUTH_TRUE@am__append_12 = -DTSS_BUILD_AUTH +@TSS_BUILD_GETSET_TRUE@am__append_13 = tspi_getset.c +@TSS_BUILD_GETSET_TRUE@am__append_14 = -DTSS_BUILD_GETSET +@TSS_BUILD_RANDOM_TRUE@am__append_15 = tspi_random.c tsp_random.c rpc/@RPC@/rpc_random.c +@TSS_BUILD_RANDOM_TRUE@am__append_16 = -DTSS_BUILD_RANDOM +@TSS_BUILD_CAPS_TRUE@am__append_17 = tspi_caps.c tsp_caps.c rpc/@RPC@/rpc_caps.c +@TSS_BUILD_CAPS_TRUE@am__append_18 = -DTSS_BUILD_CAPS +@TSS_BUILD_CAPS_TPM_TRUE@am__append_19 = tspi_caps_tpm.c tsp_caps_tpm.c rpc/@RPC@/rpc_caps_tpm.c +@TSS_BUILD_CAPS_TPM_TRUE@am__append_20 = -DTSS_BUILD_CAPS_TPM +@TSS_BUILD_POLICY_TRUE@am__append_21 = tspi_policy.c +@TSS_BUILD_POLICY_TRUE@am__append_22 = -DTSS_BUILD_POLICY +@TSS_BUILD_DIR_TRUE@am__append_23 = tspi_dir.c tsp_dir.c rpc/@RPC@/rpc_dir.c +@TSS_BUILD_DIR_TRUE@am__append_24 = -DTSS_BUILD_DIR +@TSS_BUILD_PCR_EVENTS_TRUE@am__append_25 = tspi_pcr_events.c rpc/@RPC@/rpc_evlog.c +@TSS_BUILD_PCR_EVENTS_TRUE@am__append_26 = -DTSS_BUILD_PCR_EVENTS +@TSS_BUILD_HASH_TRUE@am__append_27 = tspi_hash.c +@TSS_BUILD_HASH_TRUE@am__append_28 = -DTSS_BUILD_HASH +@TSS_BUILD_SIGN_TRUE@am__append_29 = tspi_sign.c tsp_sign.c rpc/@RPC@/rpc_sign.c +@TSS_BUILD_SIGN_TRUE@am__append_30 = -DTSS_BUILD_SIGN +@TSS_BUILD_QUOTE_TRUE@am__append_31 = tspi_quote.c tsp_quote.c rpc/@RPC@/rpc_quote.c +@TSS_BUILD_QUOTE_TRUE@am__append_32 = -DTSS_BUILD_QUOTE +@TSS_BUILD_PCR_COMP_TRUE@am__append_33 = tspi_pcr_comp.c +@TSS_BUILD_PCR_COMP_TRUE@am__append_34 = -DTSS_BUILD_PCR_COMP +@TSS_BUILD_SEAL_TRUE@am__append_35 = tspi_seal.c rpc/@RPC@/rpc_seal.c +@TSS_BUILD_SEAL_TRUE@am__append_36 = -DTSS_BUILD_SEAL +@TSS_BUILD_CHANGEAUTH_TRUE@am__append_37 = tspi_changeauth.c tsp_changeauth.c rpc/@RPC@/rpc_changeauth.c +@TSS_BUILD_CHANGEAUTH_TRUE@am__append_38 = -DTSS_BUILD_CHANGEAUTH +@TSS_BUILD_BIND_TRUE@am__append_39 = tspi_bind.c tsp_bind.c rpc/@RPC@/rpc_bind.c +@TSS_BUILD_BIND_TRUE@am__append_40 = -DTSS_BUILD_BIND +@TSS_BUILD_OWN_TRUE@am__append_41 = tsp_own.c tspi_own.c rpc/@RPC@/rpc_own.c +@TSS_BUILD_OWN_TRUE@am__append_42 = -DTSS_BUILD_OWN +@TSS_BUILD_PS_TRUE@am__append_43 = ps/ps_utils.c ps/tspps.c tspi_ps.c rpc/@RPC@/rpc_ps.c tsp_ps.c +@TSS_BUILD_PS_TRUE@am__append_44 = -DTSS_BUILD_PS +@TSS_BUILD_ADMIN_TRUE@am__append_45 = tspi_admin.c tsp_admin.c rpc/@RPC@/rpc_admin.c +@TSS_BUILD_ADMIN_TRUE@am__append_46 = -DTSS_BUILD_ADMIN +@TSS_BUILD_AIK_TRUE@am__append_47 = tspi_aik.c tsp_aik.c rpc/@RPC@/rpc_aik.c +@TSS_BUILD_AIK_TRUE@am__append_48 = -DTSS_BUILD_AIK +@TSS_BUILD_EK_TRUE@am__append_49 = tspi_ek.c tsp_ek.c rpc/@RPC@/rpc_ek.c +@TSS_BUILD_EK_TRUE@am__append_50 = -DTSS_BUILD_EK +@TSS_BUILD_CERTIFY_TRUE@am__append_51 = tspi_certify.c tsp_certify.c rpc/@RPC@/rpc_certify.c +@TSS_BUILD_CERTIFY_TRUE@am__append_52 = -DTSS_BUILD_CERTIFY +@TSS_BUILD_KEY_TRUE@am__append_53 = tspi_key.c rpc/@RPC@/rpc_key.c +@TSS_BUILD_KEY_TRUE@am__append_54 = -DTSS_BUILD_KEY +@TSS_BUILD_MAINT_TRUE@am__append_55 = tspi_maint.c tsp_maint.c rpc/@RPC@/rpc_maint.c +@TSS_BUILD_MAINT_TRUE@am__append_56 = -DTSS_BUILD_MAINT +@TSS_BUILD_MIGRATION_TRUE@am__append_57 = tspi_migration.c tsp_migration.c rpc/@RPC@/rpc_migration.c +@TSS_BUILD_MIGRATION_TRUE@am__append_58 = -DTSS_BUILD_MIGRATION +@TSS_BUILD_PCR_EXTEND_TRUE@am__append_59 = tspi_pcr_extend.c tsp_pcr_extend.c rpc/@RPC@/rpc_pcr_extend.c +@TSS_BUILD_PCR_EXTEND_TRUE@am__append_60 = -DTSS_BUILD_PCR_EXTEND +@TSS_BUILD_SELFTEST_TRUE@am__append_61 = tspi_selftest.c tsp_selftest.c rpc/@RPC@/rpc_selftest.c +@TSS_BUILD_SELFTEST_TRUE@am__append_62 = -DTSS_BUILD_SELFTEST +@TSS_BUILD_DAA_TRUE@am__append_63 = tspi_daa.c tsp_daa.c \ +@TSS_BUILD_DAA_TRUE@ rpc/@RPC@/rpc_daa.c \ +@TSS_BUILD_DAA_TRUE@ daa/daa_issuer/keypair_generator.c daa/daa_issuer/prime_gen.c \ +@TSS_BUILD_DAA_TRUE@ daa/daa_issuer/key_correctness_proof.c daa/daa_platform/platform.c \ +@TSS_BUILD_DAA_TRUE@ daa/daa_issuer/issuer_init.c daa/daa_issuer/issue_credential.c \ +@TSS_BUILD_DAA_TRUE@ daa/daa_verifier/verifier_transaction.c daa/daa_verifier/verifier.c \ +@TSS_BUILD_DAA_TRUE@ daa/daa_structs.c daa/daa_parameter.c daa/big_integer/bi_gmp.c \ +@TSS_BUILD_DAA_TRUE@ daa/big_integer/bi_openssl.c daa/daa_anonymityrevocation/csencryption_result.c \ +@TSS_BUILD_DAA_TRUE@ daa/big_integer/bi.c daa/utils/list.c + +@TSS_BUILD_DAA_TRUE@am__append_64 = -DTSS_BUILD_DAA +@TSS_BUILD_GET_FLAGS_TRUE@am__append_65 = tsp_get_flags.c +@TSS_BUILD_PCRS_LIST_TRUE@am__append_66 = obj_pcrs.c tsp_pcr.c +@TSS_BUILD_PCRS_LIST_TRUE@am__append_67 = -DTSS_BUILD_PCRS_LIST +@TSS_BUILD_HASH_LIST_TRUE@am__append_68 = obj_hash.c +@TSS_BUILD_HASH_LIST_TRUE@am__append_69 = -DTSS_BUILD_HASH_LIST +@TSS_BUILD_ENCDATA_LIST_TRUE@am__append_70 = obj_encdata.c +@TSS_BUILD_ENCDATA_LIST_TRUE@am__append_71 = -DTSS_BUILD_ENCDATA_LIST +@TSS_BUILD_RSAKEY_LIST_TRUE@am__append_72 = obj_rsakey.c tsp_key.c +@TSS_BUILD_RSAKEY_LIST_TRUE@am__append_73 = -DTSS_BUILD_RSAKEY_LIST +@TSS_BUILD_ASN1_TRUE@am__append_74 = tspi_asn1.c +@TSS_BUILD_ASN1_TRUE@am__append_75 = -DTSS_BUILD_ASN1 +@TSS_BUILD_AUDIT_TRUE@am__append_76 = tspi_audit.c tsp_audit.c rpc/@RPC@/rpc_audit.c +@TSS_BUILD_AUDIT_TRUE@am__append_77 = -DTSS_BUILD_AUDIT +@TSS_BUILD_SEALX_TRUE@am__append_78 = tsp_seal.c +@TSS_BUILD_SEALX_TRUE@am__append_79 = -DTSS_BUILD_SEALX +@TSS_BUILD_QUOTE2_TRUE@am__append_80 = tspi_quote2.c tsp_quote2.c rpc/@RPC@/rpc_quote2.c +@TSS_BUILD_QUOTE2_TRUE@am__append_81 = -DTSS_BUILD_QUOTE2 +@HAVE_GTK_TRUE@am__append_82 = @GTK_CFLAGS@ +@HAVE_GTK_TRUE@am__append_83 = @GTK_LIBS@ +@HAVE_GTK_TRUE@am__append_84 = gtk/main.c gtk/support.c gtk/interface.c gtk/callbacks.c +@OPENSSL_UI_TRUE@am__append_85 = -lssl +@OPENSSL_UI_TRUE@am__append_86 = ssl_ui.c +@TSS_BUILD_NV_TRUE@am__append_87 = tspi_nv.c obj_nv.c tsp_nv.c rpc/@RPC@/rpc_nv.c +@TSS_BUILD_NV_TRUE@am__append_88 = -DTSS_BUILD_NV +@TSS_BUILD_DELEGATION_TRUE@am__append_89 = tspi_delegate.c tsp_delegate.c obj_delfamily.c rpc/@RPC@/rpc_delegate.c +@TSS_BUILD_DELEGATION_TRUE@am__append_90 = -DTSS_BUILD_DELEGATION +@TSS_BUILD_CMK_TRUE@am__append_91 = tspi_cmk.c obj_migdata.c rpc/@RPC@/rpc_cmk.c +@TSS_BUILD_CMK_TRUE@am__append_92 = -DTSS_BUILD_CMK +subdir = src/tspi +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(libdir)" +LTLIBRARIES = $(lib_LTLIBRARIES) +libtspi_la_DEPENDENCIES = ${top_builddir}/src/trspi/libtrousers.la +am__libtspi_la_SOURCES_DIST = log.c spi_utils.c obj.c obj_policy.c \ + tsp_policy.c obj_tpm.c obj_context.c tsp_context_mem.c \ + tspi_context.c rpc/@RPC@/rpc_context.c rpc/tcs_api.c \ + rpc/hosttable.c rpc/@RPC@/rpc.c tsp_asym.c tspi_oper.c \ + tsp_oper.c rpc/@RPC@/rpc_oper.c tspi_transport.c \ + rpc/@RPC@/rpc_transport.c tspi_tick.c tsp_tick.c \ + rpc/@RPC@/rpc_tick.c tspi_counter.c tsp_counter.c \ + rpc/@RPC@/rpc_counter.c tspi_pcr_comp12.c tsp_auth.c \ + rpc/@RPC@/rpc_auth.c tspi_getset.c tspi_random.c tsp_random.c \ + rpc/@RPC@/rpc_random.c tspi_caps.c tsp_caps.c \ + rpc/@RPC@/rpc_caps.c tspi_caps_tpm.c tsp_caps_tpm.c \ + rpc/@RPC@/rpc_caps_tpm.c tspi_policy.c tspi_dir.c tsp_dir.c \ + rpc/@RPC@/rpc_dir.c tspi_pcr_events.c rpc/@RPC@/rpc_evlog.c \ + tspi_hash.c tspi_sign.c tsp_sign.c rpc/@RPC@/rpc_sign.c \ + tspi_quote.c tsp_quote.c rpc/@RPC@/rpc_quote.c tspi_pcr_comp.c \ + tspi_seal.c rpc/@RPC@/rpc_seal.c tspi_changeauth.c \ + tsp_changeauth.c rpc/@RPC@/rpc_changeauth.c tspi_bind.c \ + tsp_bind.c rpc/@RPC@/rpc_bind.c tsp_own.c tspi_own.c \ + rpc/@RPC@/rpc_own.c ps/ps_utils.c ps/tspps.c tspi_ps.c \ + rpc/@RPC@/rpc_ps.c tsp_ps.c tspi_admin.c tsp_admin.c \ + rpc/@RPC@/rpc_admin.c tspi_aik.c tsp_aik.c rpc/@RPC@/rpc_aik.c \ + tspi_ek.c tsp_ek.c rpc/@RPC@/rpc_ek.c tspi_certify.c \ + tsp_certify.c rpc/@RPC@/rpc_certify.c tspi_key.c \ + rpc/@RPC@/rpc_key.c tspi_maint.c tsp_maint.c \ + rpc/@RPC@/rpc_maint.c tspi_migration.c tsp_migration.c \ + rpc/@RPC@/rpc_migration.c tspi_pcr_extend.c tsp_pcr_extend.c \ + rpc/@RPC@/rpc_pcr_extend.c tspi_selftest.c tsp_selftest.c \ + rpc/@RPC@/rpc_selftest.c tspi_daa.c tsp_daa.c \ + rpc/@RPC@/rpc_daa.c daa/daa_issuer/keypair_generator.c \ + daa/daa_issuer/prime_gen.c \ + daa/daa_issuer/key_correctness_proof.c \ + daa/daa_platform/platform.c daa/daa_issuer/issuer_init.c \ + daa/daa_issuer/issue_credential.c \ + daa/daa_verifier/verifier_transaction.c \ + daa/daa_verifier/verifier.c daa/daa_structs.c \ + daa/daa_parameter.c daa/big_integer/bi_gmp.c \ + daa/big_integer/bi_openssl.c \ + daa/daa_anonymityrevocation/csencryption_result.c \ + daa/big_integer/bi.c daa/utils/list.c tsp_get_flags.c \ + obj_pcrs.c tsp_pcr.c obj_hash.c obj_encdata.c obj_rsakey.c \ + tsp_key.c tspi_asn1.c tspi_audit.c tsp_audit.c \ + rpc/@RPC@/rpc_audit.c tsp_seal.c tspi_quote2.c tsp_quote2.c \ + rpc/@RPC@/rpc_quote2.c gtk/main.c gtk/support.c \ + gtk/interface.c gtk/callbacks.c ssl_ui.c tspi_nv.c obj_nv.c \ + tsp_nv.c rpc/@RPC@/rpc_nv.c tspi_delegate.c tsp_delegate.c \ + obj_delfamily.c rpc/@RPC@/rpc_delegate.c tspi_cmk.c \ + obj_migdata.c rpc/@RPC@/rpc_cmk.c +@TSS_BUILD_ASYM_CRYPTO_TRUE@am__objects_1 = libtspi_la-tsp_asym.lo +@TSS_BUILD_TSS12_TRUE@am__objects_2 = libtspi_la-tspi_oper.lo \ +@TSS_BUILD_TSS12_TRUE@ libtspi_la-tsp_oper.lo \ +@TSS_BUILD_TSS12_TRUE@ libtspi_la-rpc_oper.lo +@TSS_BUILD_TRANSPORT_TRUE@am__objects_3 = \ +@TSS_BUILD_TRANSPORT_TRUE@ libtspi_la-tspi_transport.lo \ +@TSS_BUILD_TRANSPORT_TRUE@ libtspi_la-rpc_transport.lo +@TSS_BUILD_TICK_TRUE@am__objects_4 = libtspi_la-tspi_tick.lo \ +@TSS_BUILD_TICK_TRUE@ libtspi_la-tsp_tick.lo \ +@TSS_BUILD_TICK_TRUE@ libtspi_la-rpc_tick.lo +@TSS_BUILD_COUNTER_TRUE@am__objects_5 = libtspi_la-tspi_counter.lo \ +@TSS_BUILD_COUNTER_TRUE@ libtspi_la-tsp_counter.lo \ +@TSS_BUILD_COUNTER_TRUE@ libtspi_la-rpc_counter.lo +@TSS_BUILD_PCR_COMP12_TRUE@am__objects_6 = \ +@TSS_BUILD_PCR_COMP12_TRUE@ libtspi_la-tspi_pcr_comp12.lo +@TSS_BUILD_AUTH_TRUE@am__objects_7 = libtspi_la-tsp_auth.lo \ +@TSS_BUILD_AUTH_TRUE@ libtspi_la-rpc_auth.lo +@TSS_BUILD_GETSET_TRUE@am__objects_8 = libtspi_la-tspi_getset.lo +@TSS_BUILD_RANDOM_TRUE@am__objects_9 = libtspi_la-tspi_random.lo \ +@TSS_BUILD_RANDOM_TRUE@ libtspi_la-tsp_random.lo \ +@TSS_BUILD_RANDOM_TRUE@ libtspi_la-rpc_random.lo +@TSS_BUILD_CAPS_TRUE@am__objects_10 = libtspi_la-tspi_caps.lo \ +@TSS_BUILD_CAPS_TRUE@ libtspi_la-tsp_caps.lo \ +@TSS_BUILD_CAPS_TRUE@ libtspi_la-rpc_caps.lo +@TSS_BUILD_CAPS_TPM_TRUE@am__objects_11 = libtspi_la-tspi_caps_tpm.lo \ +@TSS_BUILD_CAPS_TPM_TRUE@ libtspi_la-tsp_caps_tpm.lo \ +@TSS_BUILD_CAPS_TPM_TRUE@ libtspi_la-rpc_caps_tpm.lo +@TSS_BUILD_POLICY_TRUE@am__objects_12 = libtspi_la-tspi_policy.lo +@TSS_BUILD_DIR_TRUE@am__objects_13 = libtspi_la-tspi_dir.lo \ +@TSS_BUILD_DIR_TRUE@ libtspi_la-tsp_dir.lo \ +@TSS_BUILD_DIR_TRUE@ libtspi_la-rpc_dir.lo +@TSS_BUILD_PCR_EVENTS_TRUE@am__objects_14 = \ +@TSS_BUILD_PCR_EVENTS_TRUE@ libtspi_la-tspi_pcr_events.lo \ +@TSS_BUILD_PCR_EVENTS_TRUE@ libtspi_la-rpc_evlog.lo +@TSS_BUILD_HASH_TRUE@am__objects_15 = libtspi_la-tspi_hash.lo +@TSS_BUILD_SIGN_TRUE@am__objects_16 = libtspi_la-tspi_sign.lo \ +@TSS_BUILD_SIGN_TRUE@ libtspi_la-tsp_sign.lo \ +@TSS_BUILD_SIGN_TRUE@ libtspi_la-rpc_sign.lo +@TSS_BUILD_QUOTE_TRUE@am__objects_17 = libtspi_la-tspi_quote.lo \ +@TSS_BUILD_QUOTE_TRUE@ libtspi_la-tsp_quote.lo \ +@TSS_BUILD_QUOTE_TRUE@ libtspi_la-rpc_quote.lo +@TSS_BUILD_PCR_COMP_TRUE@am__objects_18 = libtspi_la-tspi_pcr_comp.lo +@TSS_BUILD_SEAL_TRUE@am__objects_19 = libtspi_la-tspi_seal.lo \ +@TSS_BUILD_SEAL_TRUE@ libtspi_la-rpc_seal.lo +@TSS_BUILD_CHANGEAUTH_TRUE@am__objects_20 = \ +@TSS_BUILD_CHANGEAUTH_TRUE@ libtspi_la-tspi_changeauth.lo \ +@TSS_BUILD_CHANGEAUTH_TRUE@ libtspi_la-tsp_changeauth.lo \ +@TSS_BUILD_CHANGEAUTH_TRUE@ libtspi_la-rpc_changeauth.lo +@TSS_BUILD_BIND_TRUE@am__objects_21 = libtspi_la-tspi_bind.lo \ +@TSS_BUILD_BIND_TRUE@ libtspi_la-tsp_bind.lo \ +@TSS_BUILD_BIND_TRUE@ libtspi_la-rpc_bind.lo +@TSS_BUILD_OWN_TRUE@am__objects_22 = libtspi_la-tsp_own.lo \ +@TSS_BUILD_OWN_TRUE@ libtspi_la-tspi_own.lo \ +@TSS_BUILD_OWN_TRUE@ libtspi_la-rpc_own.lo +@TSS_BUILD_PS_TRUE@am__objects_23 = libtspi_la-ps_utils.lo \ +@TSS_BUILD_PS_TRUE@ libtspi_la-tspps.lo libtspi_la-tspi_ps.lo \ +@TSS_BUILD_PS_TRUE@ libtspi_la-rpc_ps.lo libtspi_la-tsp_ps.lo +@TSS_BUILD_ADMIN_TRUE@am__objects_24 = libtspi_la-tspi_admin.lo \ +@TSS_BUILD_ADMIN_TRUE@ libtspi_la-tsp_admin.lo \ +@TSS_BUILD_ADMIN_TRUE@ libtspi_la-rpc_admin.lo +@TSS_BUILD_AIK_TRUE@am__objects_25 = libtspi_la-tspi_aik.lo \ +@TSS_BUILD_AIK_TRUE@ libtspi_la-tsp_aik.lo \ +@TSS_BUILD_AIK_TRUE@ libtspi_la-rpc_aik.lo +@TSS_BUILD_EK_TRUE@am__objects_26 = libtspi_la-tspi_ek.lo \ +@TSS_BUILD_EK_TRUE@ libtspi_la-tsp_ek.lo libtspi_la-rpc_ek.lo +@TSS_BUILD_CERTIFY_TRUE@am__objects_27 = libtspi_la-tspi_certify.lo \ +@TSS_BUILD_CERTIFY_TRUE@ libtspi_la-tsp_certify.lo \ +@TSS_BUILD_CERTIFY_TRUE@ libtspi_la-rpc_certify.lo +@TSS_BUILD_KEY_TRUE@am__objects_28 = libtspi_la-tspi_key.lo \ +@TSS_BUILD_KEY_TRUE@ libtspi_la-rpc_key.lo +@TSS_BUILD_MAINT_TRUE@am__objects_29 = libtspi_la-tspi_maint.lo \ +@TSS_BUILD_MAINT_TRUE@ libtspi_la-tsp_maint.lo \ +@TSS_BUILD_MAINT_TRUE@ libtspi_la-rpc_maint.lo +@TSS_BUILD_MIGRATION_TRUE@am__objects_30 = \ +@TSS_BUILD_MIGRATION_TRUE@ libtspi_la-tspi_migration.lo \ +@TSS_BUILD_MIGRATION_TRUE@ libtspi_la-tsp_migration.lo \ +@TSS_BUILD_MIGRATION_TRUE@ libtspi_la-rpc_migration.lo +@TSS_BUILD_PCR_EXTEND_TRUE@am__objects_31 = \ +@TSS_BUILD_PCR_EXTEND_TRUE@ libtspi_la-tspi_pcr_extend.lo \ +@TSS_BUILD_PCR_EXTEND_TRUE@ libtspi_la-tsp_pcr_extend.lo \ +@TSS_BUILD_PCR_EXTEND_TRUE@ libtspi_la-rpc_pcr_extend.lo +@TSS_BUILD_SELFTEST_TRUE@am__objects_32 = libtspi_la-tspi_selftest.lo \ +@TSS_BUILD_SELFTEST_TRUE@ libtspi_la-tsp_selftest.lo \ +@TSS_BUILD_SELFTEST_TRUE@ libtspi_la-rpc_selftest.lo +@TSS_BUILD_DAA_TRUE@am__objects_33 = libtspi_la-tspi_daa.lo \ +@TSS_BUILD_DAA_TRUE@ libtspi_la-tsp_daa.lo \ +@TSS_BUILD_DAA_TRUE@ libtspi_la-rpc_daa.lo \ +@TSS_BUILD_DAA_TRUE@ libtspi_la-keypair_generator.lo \ +@TSS_BUILD_DAA_TRUE@ libtspi_la-prime_gen.lo \ +@TSS_BUILD_DAA_TRUE@ libtspi_la-key_correctness_proof.lo \ +@TSS_BUILD_DAA_TRUE@ libtspi_la-platform.lo \ +@TSS_BUILD_DAA_TRUE@ libtspi_la-issuer_init.lo \ +@TSS_BUILD_DAA_TRUE@ libtspi_la-issue_credential.lo \ +@TSS_BUILD_DAA_TRUE@ libtspi_la-verifier_transaction.lo \ +@TSS_BUILD_DAA_TRUE@ libtspi_la-verifier.lo \ +@TSS_BUILD_DAA_TRUE@ libtspi_la-daa_structs.lo \ +@TSS_BUILD_DAA_TRUE@ libtspi_la-daa_parameter.lo \ +@TSS_BUILD_DAA_TRUE@ libtspi_la-bi_gmp.lo \ +@TSS_BUILD_DAA_TRUE@ libtspi_la-bi_openssl.lo \ +@TSS_BUILD_DAA_TRUE@ libtspi_la-csencryption_result.lo \ +@TSS_BUILD_DAA_TRUE@ libtspi_la-bi.lo libtspi_la-list.lo +@TSS_BUILD_GET_FLAGS_TRUE@am__objects_34 = \ +@TSS_BUILD_GET_FLAGS_TRUE@ libtspi_la-tsp_get_flags.lo +@TSS_BUILD_PCRS_LIST_TRUE@am__objects_35 = libtspi_la-obj_pcrs.lo \ +@TSS_BUILD_PCRS_LIST_TRUE@ libtspi_la-tsp_pcr.lo +@TSS_BUILD_HASH_LIST_TRUE@am__objects_36 = libtspi_la-obj_hash.lo +@TSS_BUILD_ENCDATA_LIST_TRUE@am__objects_37 = \ +@TSS_BUILD_ENCDATA_LIST_TRUE@ libtspi_la-obj_encdata.lo +@TSS_BUILD_RSAKEY_LIST_TRUE@am__objects_38 = libtspi_la-obj_rsakey.lo \ +@TSS_BUILD_RSAKEY_LIST_TRUE@ libtspi_la-tsp_key.lo +@TSS_BUILD_ASN1_TRUE@am__objects_39 = libtspi_la-tspi_asn1.lo +@TSS_BUILD_AUDIT_TRUE@am__objects_40 = libtspi_la-tspi_audit.lo \ +@TSS_BUILD_AUDIT_TRUE@ libtspi_la-tsp_audit.lo \ +@TSS_BUILD_AUDIT_TRUE@ libtspi_la-rpc_audit.lo +@TSS_BUILD_SEALX_TRUE@am__objects_41 = libtspi_la-tsp_seal.lo +@TSS_BUILD_QUOTE2_TRUE@am__objects_42 = libtspi_la-tspi_quote2.lo \ +@TSS_BUILD_QUOTE2_TRUE@ libtspi_la-tsp_quote2.lo \ +@TSS_BUILD_QUOTE2_TRUE@ libtspi_la-rpc_quote2.lo +@HAVE_GTK_TRUE@am__objects_43 = libtspi_la-main.lo \ +@HAVE_GTK_TRUE@ libtspi_la-support.lo libtspi_la-interface.lo \ +@HAVE_GTK_TRUE@ libtspi_la-callbacks.lo +@OPENSSL_UI_TRUE@am__objects_44 = libtspi_la-ssl_ui.lo +@TSS_BUILD_NV_TRUE@am__objects_45 = libtspi_la-tspi_nv.lo \ +@TSS_BUILD_NV_TRUE@ libtspi_la-obj_nv.lo libtspi_la-tsp_nv.lo \ +@TSS_BUILD_NV_TRUE@ libtspi_la-rpc_nv.lo +@TSS_BUILD_DELEGATION_TRUE@am__objects_46 = \ +@TSS_BUILD_DELEGATION_TRUE@ libtspi_la-tspi_delegate.lo \ +@TSS_BUILD_DELEGATION_TRUE@ libtspi_la-tsp_delegate.lo \ +@TSS_BUILD_DELEGATION_TRUE@ libtspi_la-obj_delfamily.lo \ +@TSS_BUILD_DELEGATION_TRUE@ libtspi_la-rpc_delegate.lo +@TSS_BUILD_CMK_TRUE@am__objects_47 = libtspi_la-tspi_cmk.lo \ +@TSS_BUILD_CMK_TRUE@ libtspi_la-obj_migdata.lo \ +@TSS_BUILD_CMK_TRUE@ libtspi_la-rpc_cmk.lo +am_libtspi_la_OBJECTS = libtspi_la-log.lo libtspi_la-spi_utils.lo \ + libtspi_la-obj.lo libtspi_la-obj_policy.lo \ + libtspi_la-tsp_policy.lo libtspi_la-obj_tpm.lo \ + libtspi_la-obj_context.lo libtspi_la-tsp_context_mem.lo \ + libtspi_la-tspi_context.lo libtspi_la-rpc_context.lo \ + libtspi_la-tcs_api.lo libtspi_la-hosttable.lo \ + libtspi_la-rpc.lo $(am__objects_1) $(am__objects_2) \ + $(am__objects_3) $(am__objects_4) $(am__objects_5) \ + $(am__objects_6) $(am__objects_7) $(am__objects_8) \ + $(am__objects_9) $(am__objects_10) $(am__objects_11) \ + $(am__objects_12) $(am__objects_13) $(am__objects_14) \ + $(am__objects_15) $(am__objects_16) $(am__objects_17) \ + $(am__objects_18) $(am__objects_19) $(am__objects_20) \ + $(am__objects_21) $(am__objects_22) $(am__objects_23) \ + $(am__objects_24) $(am__objects_25) $(am__objects_26) \ + $(am__objects_27) $(am__objects_28) $(am__objects_29) \ + $(am__objects_30) $(am__objects_31) $(am__objects_32) \ + $(am__objects_33) $(am__objects_34) $(am__objects_35) \ + $(am__objects_36) $(am__objects_37) $(am__objects_38) \ + $(am__objects_39) $(am__objects_40) $(am__objects_41) \ + $(am__objects_42) $(am__objects_43) $(am__objects_44) \ + $(am__objects_45) $(am__objects_46) $(am__objects_47) +libtspi_la_OBJECTS = $(am_libtspi_la_OBJECTS) +libtspi_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(libtspi_la_CFLAGS) \ + $(CFLAGS) $(libtspi_la_LDFLAGS) $(LDFLAGS) -o $@ +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libtspi_la_SOURCES) +DIST_SOURCES = $(am__libtspi_la_SOURCES_DIST) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CRYPTOLIB = @CRYPTOLIB@ +CRYPTO_PACKAGE = @CRYPTO_PACKAGE@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GREP = @GREP@ +GTK_CFLAGS = @GTK_CFLAGS@ +GTK_LIBS = @GTK_LIBS@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENSSL_LIB_DIR = @OPENSSL_LIB_DIR@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +RANLIB = @RANLIB@ +RPC = @RPC@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +TCSD_DEFAULT_PORT = @TCSD_DEFAULT_PORT@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target = @target@ +target_alias = @target_alias@ +target_cpu = @target_cpu@ +target_os = @target_os@ +target_vendor = @target_vendor@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +lib_LTLIBRARIES = libtspi.la +libtspi_la_LIBADD = ${top_builddir}/src/trspi/libtrousers.la + +# On setting -version-info, from the libtool manual: +# +# -version-info current:revision:age +# +# 1. Start with version information of 0:0:0 for each libtool library. +# 2. Update the version information only immediately before a public release of your software. +# More frequent updates are unnecessary, and only guarantee that the current interface +# number gets larger faster. +# 3. If the library source code has changed at all since the last update, then increment +# revision (c:r:a becomes c:r+1:a). +# 4. If any interfaces have been added, removed, or changed since the last update, increment +# current, and set revision to 0. +# 5. If any interfaces have been added since the last public release, then increment age. +# 6. If any interfaces have been removed since the last public release, then set age to 0. +libtspi_la_LDFLAGS = -version-info 3:0:2 -lpthread @CRYPTOLIB@ \ + $(am__append_83) $(am__append_85) +libtspi_la_CFLAGS = -I$(top_srcdir)/src/include -DAPPID=\"TSPI\" \ + -DVAR_PREFIX=\"@localstatedir@\" -DETC_PREFIX=\"@sysconfdir@\" \ + $(am__append_3) $(am__append_5) $(am__append_7) \ + $(am__append_9) $(am__append_12) $(am__append_14) \ + $(am__append_16) $(am__append_18) $(am__append_20) \ + $(am__append_22) $(am__append_24) $(am__append_26) \ + $(am__append_28) $(am__append_30) $(am__append_32) \ + $(am__append_34) $(am__append_36) $(am__append_38) \ + $(am__append_40) $(am__append_42) $(am__append_44) \ + $(am__append_46) $(am__append_48) $(am__append_50) \ + $(am__append_52) $(am__append_54) $(am__append_56) \ + $(am__append_58) $(am__append_60) $(am__append_62) \ + $(am__append_64) $(am__append_67) $(am__append_69) \ + $(am__append_71) $(am__append_73) $(am__append_75) \ + $(am__append_77) $(am__append_79) $(am__append_81) \ + $(am__append_82) $(am__append_88) $(am__append_90) \ + $(am__append_92) +libtspi_la_SOURCES = log.c spi_utils.c obj.c obj_policy.c tsp_policy.c \ + obj_tpm.c obj_context.c tsp_context_mem.c tspi_context.c \ + rpc/@RPC@/rpc_context.c rpc/tcs_api.c rpc/hosttable.c \ + rpc/@RPC@/rpc.c $(am__append_1) $(am__append_2) \ + $(am__append_4) $(am__append_6) $(am__append_8) \ + $(am__append_10) $(am__append_11) $(am__append_13) \ + $(am__append_15) $(am__append_17) $(am__append_19) \ + $(am__append_21) $(am__append_23) $(am__append_25) \ + $(am__append_27) $(am__append_29) $(am__append_31) \ + $(am__append_33) $(am__append_35) $(am__append_37) \ + $(am__append_39) $(am__append_41) $(am__append_43) \ + $(am__append_45) $(am__append_47) $(am__append_49) \ + $(am__append_51) $(am__append_53) $(am__append_55) \ + $(am__append_57) $(am__append_59) $(am__append_61) \ + $(am__append_63) $(am__append_65) $(am__append_66) \ + $(am__append_68) $(am__append_70) $(am__append_72) \ + $(am__append_74) $(am__append_76) $(am__append_78) \ + $(am__append_80) $(am__append_84) $(am__append_86) \ + $(am__append_87) $(am__append_89) $(am__append_91) +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/tspi/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign src/tspi/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-libLTLIBRARIES: $(lib_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ + } + +uninstall-libLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ + done + +clean-libLTLIBRARIES: + -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) + @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libtspi.la: $(libtspi_la_OBJECTS) $(libtspi_la_DEPENDENCIES) + $(libtspi_la_LINK) -rpath $(libdir) $(libtspi_la_OBJECTS) $(libtspi_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-bi.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-bi_gmp.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-bi_openssl.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-callbacks.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-csencryption_result.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-daa_parameter.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-daa_structs.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-hosttable.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-interface.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-issue_credential.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-issuer_init.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-key_correctness_proof.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-keypair_generator.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-list.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-log.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-main.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-obj.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-obj_context.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-obj_delfamily.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-obj_encdata.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-obj_hash.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-obj_migdata.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-obj_nv.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-obj_pcrs.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-obj_policy.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-obj_rsakey.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-obj_tpm.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-platform.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-prime_gen.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-ps_utils.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-rpc.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-rpc_admin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-rpc_aik.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-rpc_audit.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-rpc_auth.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-rpc_bind.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-rpc_caps.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-rpc_caps_tpm.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-rpc_certify.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-rpc_changeauth.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-rpc_cmk.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-rpc_context.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-rpc_counter.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-rpc_daa.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-rpc_delegate.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-rpc_dir.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-rpc_ek.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-rpc_evlog.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-rpc_key.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-rpc_maint.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-rpc_migration.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-rpc_nv.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-rpc_oper.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-rpc_own.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-rpc_pcr_extend.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-rpc_ps.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-rpc_quote.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-rpc_quote2.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-rpc_random.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-rpc_seal.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-rpc_selftest.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-rpc_sign.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-rpc_tick.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-rpc_transport.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-spi_utils.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-ssl_ui.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-support.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tcs_api.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tsp_admin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tsp_aik.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tsp_asym.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tsp_audit.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tsp_auth.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tsp_bind.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tsp_caps.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tsp_caps_tpm.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tsp_certify.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tsp_changeauth.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tsp_context_mem.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tsp_counter.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tsp_daa.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tsp_delegate.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tsp_dir.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tsp_ek.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tsp_get_flags.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tsp_key.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tsp_maint.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tsp_migration.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tsp_nv.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tsp_oper.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tsp_own.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tsp_pcr.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tsp_pcr_extend.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tsp_policy.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tsp_ps.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tsp_quote.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tsp_quote2.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tsp_random.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tsp_seal.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tsp_selftest.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tsp_sign.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tsp_tick.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_admin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_aik.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_asn1.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_audit.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_bind.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_caps.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_caps_tpm.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_certify.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_changeauth.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_cmk.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_context.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_counter.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_daa.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_delegate.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_dir.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_ek.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_getset.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_hash.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_key.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_maint.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_migration.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_nv.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_oper.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_own.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_pcr_comp.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_pcr_comp12.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_pcr_events.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_pcr_extend.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_policy.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_ps.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_quote.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_quote2.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_random.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_seal.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_selftest.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_sign.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_tick.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspi_transport.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-tspps.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-verifier.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtspi_la-verifier_transaction.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +libtspi_la-log.lo: log.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-log.lo -MD -MP -MF $(DEPDIR)/libtspi_la-log.Tpo -c -o libtspi_la-log.lo `test -f 'log.c' || echo '$(srcdir)/'`log.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-log.Tpo $(DEPDIR)/libtspi_la-log.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='log.c' object='libtspi_la-log.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-log.lo `test -f 'log.c' || echo '$(srcdir)/'`log.c + +libtspi_la-spi_utils.lo: spi_utils.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-spi_utils.lo -MD -MP -MF $(DEPDIR)/libtspi_la-spi_utils.Tpo -c -o libtspi_la-spi_utils.lo `test -f 'spi_utils.c' || echo '$(srcdir)/'`spi_utils.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-spi_utils.Tpo $(DEPDIR)/libtspi_la-spi_utils.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='spi_utils.c' object='libtspi_la-spi_utils.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-spi_utils.lo `test -f 'spi_utils.c' || echo '$(srcdir)/'`spi_utils.c + +libtspi_la-obj.lo: obj.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-obj.lo -MD -MP -MF $(DEPDIR)/libtspi_la-obj.Tpo -c -o libtspi_la-obj.lo `test -f 'obj.c' || echo '$(srcdir)/'`obj.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-obj.Tpo $(DEPDIR)/libtspi_la-obj.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='obj.c' object='libtspi_la-obj.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-obj.lo `test -f 'obj.c' || echo '$(srcdir)/'`obj.c + +libtspi_la-obj_policy.lo: obj_policy.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-obj_policy.lo -MD -MP -MF $(DEPDIR)/libtspi_la-obj_policy.Tpo -c -o libtspi_la-obj_policy.lo `test -f 'obj_policy.c' || echo '$(srcdir)/'`obj_policy.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-obj_policy.Tpo $(DEPDIR)/libtspi_la-obj_policy.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='obj_policy.c' object='libtspi_la-obj_policy.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-obj_policy.lo `test -f 'obj_policy.c' || echo '$(srcdir)/'`obj_policy.c + +libtspi_la-tsp_policy.lo: tsp_policy.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tsp_policy.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tsp_policy.Tpo -c -o libtspi_la-tsp_policy.lo `test -f 'tsp_policy.c' || echo '$(srcdir)/'`tsp_policy.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tsp_policy.Tpo $(DEPDIR)/libtspi_la-tsp_policy.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tsp_policy.c' object='libtspi_la-tsp_policy.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tsp_policy.lo `test -f 'tsp_policy.c' || echo '$(srcdir)/'`tsp_policy.c + +libtspi_la-obj_tpm.lo: obj_tpm.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-obj_tpm.lo -MD -MP -MF $(DEPDIR)/libtspi_la-obj_tpm.Tpo -c -o libtspi_la-obj_tpm.lo `test -f 'obj_tpm.c' || echo '$(srcdir)/'`obj_tpm.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-obj_tpm.Tpo $(DEPDIR)/libtspi_la-obj_tpm.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='obj_tpm.c' object='libtspi_la-obj_tpm.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-obj_tpm.lo `test -f 'obj_tpm.c' || echo '$(srcdir)/'`obj_tpm.c + +libtspi_la-obj_context.lo: obj_context.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-obj_context.lo -MD -MP -MF $(DEPDIR)/libtspi_la-obj_context.Tpo -c -o libtspi_la-obj_context.lo `test -f 'obj_context.c' || echo '$(srcdir)/'`obj_context.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-obj_context.Tpo $(DEPDIR)/libtspi_la-obj_context.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='obj_context.c' object='libtspi_la-obj_context.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-obj_context.lo `test -f 'obj_context.c' || echo '$(srcdir)/'`obj_context.c + +libtspi_la-tsp_context_mem.lo: tsp_context_mem.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tsp_context_mem.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tsp_context_mem.Tpo -c -o libtspi_la-tsp_context_mem.lo `test -f 'tsp_context_mem.c' || echo '$(srcdir)/'`tsp_context_mem.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tsp_context_mem.Tpo $(DEPDIR)/libtspi_la-tsp_context_mem.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tsp_context_mem.c' object='libtspi_la-tsp_context_mem.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tsp_context_mem.lo `test -f 'tsp_context_mem.c' || echo '$(srcdir)/'`tsp_context_mem.c + +libtspi_la-tspi_context.lo: tspi_context.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_context.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_context.Tpo -c -o libtspi_la-tspi_context.lo `test -f 'tspi_context.c' || echo '$(srcdir)/'`tspi_context.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_context.Tpo $(DEPDIR)/libtspi_la-tspi_context.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_context.c' object='libtspi_la-tspi_context.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_context.lo `test -f 'tspi_context.c' || echo '$(srcdir)/'`tspi_context.c + +libtspi_la-rpc_context.lo: rpc/@RPC@/rpc_context.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-rpc_context.lo -MD -MP -MF $(DEPDIR)/libtspi_la-rpc_context.Tpo -c -o libtspi_la-rpc_context.lo `test -f 'rpc/@RPC@/rpc_context.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_context.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-rpc_context.Tpo $(DEPDIR)/libtspi_la-rpc_context.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_context.c' object='libtspi_la-rpc_context.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-rpc_context.lo `test -f 'rpc/@RPC@/rpc_context.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_context.c + +libtspi_la-tcs_api.lo: rpc/tcs_api.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tcs_api.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tcs_api.Tpo -c -o libtspi_la-tcs_api.lo `test -f 'rpc/tcs_api.c' || echo '$(srcdir)/'`rpc/tcs_api.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tcs_api.Tpo $(DEPDIR)/libtspi_la-tcs_api.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/tcs_api.c' object='libtspi_la-tcs_api.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tcs_api.lo `test -f 'rpc/tcs_api.c' || echo '$(srcdir)/'`rpc/tcs_api.c + +libtspi_la-hosttable.lo: rpc/hosttable.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-hosttable.lo -MD -MP -MF $(DEPDIR)/libtspi_la-hosttable.Tpo -c -o libtspi_la-hosttable.lo `test -f 'rpc/hosttable.c' || echo '$(srcdir)/'`rpc/hosttable.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-hosttable.Tpo $(DEPDIR)/libtspi_la-hosttable.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/hosttable.c' object='libtspi_la-hosttable.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-hosttable.lo `test -f 'rpc/hosttable.c' || echo '$(srcdir)/'`rpc/hosttable.c + +libtspi_la-rpc.lo: rpc/@RPC@/rpc.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-rpc.lo -MD -MP -MF $(DEPDIR)/libtspi_la-rpc.Tpo -c -o libtspi_la-rpc.lo `test -f 'rpc/@RPC@/rpc.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-rpc.Tpo $(DEPDIR)/libtspi_la-rpc.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc.c' object='libtspi_la-rpc.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-rpc.lo `test -f 'rpc/@RPC@/rpc.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc.c + +libtspi_la-tsp_asym.lo: tsp_asym.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tsp_asym.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tsp_asym.Tpo -c -o libtspi_la-tsp_asym.lo `test -f 'tsp_asym.c' || echo '$(srcdir)/'`tsp_asym.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tsp_asym.Tpo $(DEPDIR)/libtspi_la-tsp_asym.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tsp_asym.c' object='libtspi_la-tsp_asym.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tsp_asym.lo `test -f 'tsp_asym.c' || echo '$(srcdir)/'`tsp_asym.c + +libtspi_la-tspi_oper.lo: tspi_oper.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_oper.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_oper.Tpo -c -o libtspi_la-tspi_oper.lo `test -f 'tspi_oper.c' || echo '$(srcdir)/'`tspi_oper.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_oper.Tpo $(DEPDIR)/libtspi_la-tspi_oper.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_oper.c' object='libtspi_la-tspi_oper.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_oper.lo `test -f 'tspi_oper.c' || echo '$(srcdir)/'`tspi_oper.c + +libtspi_la-tsp_oper.lo: tsp_oper.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tsp_oper.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tsp_oper.Tpo -c -o libtspi_la-tsp_oper.lo `test -f 'tsp_oper.c' || echo '$(srcdir)/'`tsp_oper.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tsp_oper.Tpo $(DEPDIR)/libtspi_la-tsp_oper.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tsp_oper.c' object='libtspi_la-tsp_oper.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tsp_oper.lo `test -f 'tsp_oper.c' || echo '$(srcdir)/'`tsp_oper.c + +libtspi_la-rpc_oper.lo: rpc/@RPC@/rpc_oper.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-rpc_oper.lo -MD -MP -MF $(DEPDIR)/libtspi_la-rpc_oper.Tpo -c -o libtspi_la-rpc_oper.lo `test -f 'rpc/@RPC@/rpc_oper.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_oper.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-rpc_oper.Tpo $(DEPDIR)/libtspi_la-rpc_oper.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_oper.c' object='libtspi_la-rpc_oper.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-rpc_oper.lo `test -f 'rpc/@RPC@/rpc_oper.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_oper.c + +libtspi_la-tspi_transport.lo: tspi_transport.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_transport.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_transport.Tpo -c -o libtspi_la-tspi_transport.lo `test -f 'tspi_transport.c' || echo '$(srcdir)/'`tspi_transport.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_transport.Tpo $(DEPDIR)/libtspi_la-tspi_transport.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_transport.c' object='libtspi_la-tspi_transport.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_transport.lo `test -f 'tspi_transport.c' || echo '$(srcdir)/'`tspi_transport.c + +libtspi_la-rpc_transport.lo: rpc/@RPC@/rpc_transport.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-rpc_transport.lo -MD -MP -MF $(DEPDIR)/libtspi_la-rpc_transport.Tpo -c -o libtspi_la-rpc_transport.lo `test -f 'rpc/@RPC@/rpc_transport.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_transport.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-rpc_transport.Tpo $(DEPDIR)/libtspi_la-rpc_transport.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_transport.c' object='libtspi_la-rpc_transport.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-rpc_transport.lo `test -f 'rpc/@RPC@/rpc_transport.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_transport.c + +libtspi_la-tspi_tick.lo: tspi_tick.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_tick.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_tick.Tpo -c -o libtspi_la-tspi_tick.lo `test -f 'tspi_tick.c' || echo '$(srcdir)/'`tspi_tick.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_tick.Tpo $(DEPDIR)/libtspi_la-tspi_tick.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_tick.c' object='libtspi_la-tspi_tick.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_tick.lo `test -f 'tspi_tick.c' || echo '$(srcdir)/'`tspi_tick.c + +libtspi_la-tsp_tick.lo: tsp_tick.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tsp_tick.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tsp_tick.Tpo -c -o libtspi_la-tsp_tick.lo `test -f 'tsp_tick.c' || echo '$(srcdir)/'`tsp_tick.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tsp_tick.Tpo $(DEPDIR)/libtspi_la-tsp_tick.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tsp_tick.c' object='libtspi_la-tsp_tick.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tsp_tick.lo `test -f 'tsp_tick.c' || echo '$(srcdir)/'`tsp_tick.c + +libtspi_la-rpc_tick.lo: rpc/@RPC@/rpc_tick.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-rpc_tick.lo -MD -MP -MF $(DEPDIR)/libtspi_la-rpc_tick.Tpo -c -o libtspi_la-rpc_tick.lo `test -f 'rpc/@RPC@/rpc_tick.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_tick.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-rpc_tick.Tpo $(DEPDIR)/libtspi_la-rpc_tick.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_tick.c' object='libtspi_la-rpc_tick.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-rpc_tick.lo `test -f 'rpc/@RPC@/rpc_tick.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_tick.c + +libtspi_la-tspi_counter.lo: tspi_counter.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_counter.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_counter.Tpo -c -o libtspi_la-tspi_counter.lo `test -f 'tspi_counter.c' || echo '$(srcdir)/'`tspi_counter.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_counter.Tpo $(DEPDIR)/libtspi_la-tspi_counter.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_counter.c' object='libtspi_la-tspi_counter.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_counter.lo `test -f 'tspi_counter.c' || echo '$(srcdir)/'`tspi_counter.c + +libtspi_la-tsp_counter.lo: tsp_counter.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tsp_counter.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tsp_counter.Tpo -c -o libtspi_la-tsp_counter.lo `test -f 'tsp_counter.c' || echo '$(srcdir)/'`tsp_counter.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tsp_counter.Tpo $(DEPDIR)/libtspi_la-tsp_counter.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tsp_counter.c' object='libtspi_la-tsp_counter.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tsp_counter.lo `test -f 'tsp_counter.c' || echo '$(srcdir)/'`tsp_counter.c + +libtspi_la-rpc_counter.lo: rpc/@RPC@/rpc_counter.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-rpc_counter.lo -MD -MP -MF $(DEPDIR)/libtspi_la-rpc_counter.Tpo -c -o libtspi_la-rpc_counter.lo `test -f 'rpc/@RPC@/rpc_counter.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_counter.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-rpc_counter.Tpo $(DEPDIR)/libtspi_la-rpc_counter.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_counter.c' object='libtspi_la-rpc_counter.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-rpc_counter.lo `test -f 'rpc/@RPC@/rpc_counter.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_counter.c + +libtspi_la-tspi_pcr_comp12.lo: tspi_pcr_comp12.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_pcr_comp12.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_pcr_comp12.Tpo -c -o libtspi_la-tspi_pcr_comp12.lo `test -f 'tspi_pcr_comp12.c' || echo '$(srcdir)/'`tspi_pcr_comp12.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_pcr_comp12.Tpo $(DEPDIR)/libtspi_la-tspi_pcr_comp12.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_pcr_comp12.c' object='libtspi_la-tspi_pcr_comp12.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_pcr_comp12.lo `test -f 'tspi_pcr_comp12.c' || echo '$(srcdir)/'`tspi_pcr_comp12.c + +libtspi_la-tsp_auth.lo: tsp_auth.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tsp_auth.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tsp_auth.Tpo -c -o libtspi_la-tsp_auth.lo `test -f 'tsp_auth.c' || echo '$(srcdir)/'`tsp_auth.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tsp_auth.Tpo $(DEPDIR)/libtspi_la-tsp_auth.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tsp_auth.c' object='libtspi_la-tsp_auth.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tsp_auth.lo `test -f 'tsp_auth.c' || echo '$(srcdir)/'`tsp_auth.c + +libtspi_la-rpc_auth.lo: rpc/@RPC@/rpc_auth.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-rpc_auth.lo -MD -MP -MF $(DEPDIR)/libtspi_la-rpc_auth.Tpo -c -o libtspi_la-rpc_auth.lo `test -f 'rpc/@RPC@/rpc_auth.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_auth.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-rpc_auth.Tpo $(DEPDIR)/libtspi_la-rpc_auth.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_auth.c' object='libtspi_la-rpc_auth.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-rpc_auth.lo `test -f 'rpc/@RPC@/rpc_auth.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_auth.c + +libtspi_la-tspi_getset.lo: tspi_getset.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_getset.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_getset.Tpo -c -o libtspi_la-tspi_getset.lo `test -f 'tspi_getset.c' || echo '$(srcdir)/'`tspi_getset.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_getset.Tpo $(DEPDIR)/libtspi_la-tspi_getset.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_getset.c' object='libtspi_la-tspi_getset.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_getset.lo `test -f 'tspi_getset.c' || echo '$(srcdir)/'`tspi_getset.c + +libtspi_la-tspi_random.lo: tspi_random.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_random.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_random.Tpo -c -o libtspi_la-tspi_random.lo `test -f 'tspi_random.c' || echo '$(srcdir)/'`tspi_random.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_random.Tpo $(DEPDIR)/libtspi_la-tspi_random.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_random.c' object='libtspi_la-tspi_random.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_random.lo `test -f 'tspi_random.c' || echo '$(srcdir)/'`tspi_random.c + +libtspi_la-tsp_random.lo: tsp_random.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tsp_random.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tsp_random.Tpo -c -o libtspi_la-tsp_random.lo `test -f 'tsp_random.c' || echo '$(srcdir)/'`tsp_random.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tsp_random.Tpo $(DEPDIR)/libtspi_la-tsp_random.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tsp_random.c' object='libtspi_la-tsp_random.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tsp_random.lo `test -f 'tsp_random.c' || echo '$(srcdir)/'`tsp_random.c + +libtspi_la-rpc_random.lo: rpc/@RPC@/rpc_random.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-rpc_random.lo -MD -MP -MF $(DEPDIR)/libtspi_la-rpc_random.Tpo -c -o libtspi_la-rpc_random.lo `test -f 'rpc/@RPC@/rpc_random.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_random.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-rpc_random.Tpo $(DEPDIR)/libtspi_la-rpc_random.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_random.c' object='libtspi_la-rpc_random.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-rpc_random.lo `test -f 'rpc/@RPC@/rpc_random.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_random.c + +libtspi_la-tspi_caps.lo: tspi_caps.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_caps.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_caps.Tpo -c -o libtspi_la-tspi_caps.lo `test -f 'tspi_caps.c' || echo '$(srcdir)/'`tspi_caps.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_caps.Tpo $(DEPDIR)/libtspi_la-tspi_caps.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_caps.c' object='libtspi_la-tspi_caps.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_caps.lo `test -f 'tspi_caps.c' || echo '$(srcdir)/'`tspi_caps.c + +libtspi_la-tsp_caps.lo: tsp_caps.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tsp_caps.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tsp_caps.Tpo -c -o libtspi_la-tsp_caps.lo `test -f 'tsp_caps.c' || echo '$(srcdir)/'`tsp_caps.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tsp_caps.Tpo $(DEPDIR)/libtspi_la-tsp_caps.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tsp_caps.c' object='libtspi_la-tsp_caps.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tsp_caps.lo `test -f 'tsp_caps.c' || echo '$(srcdir)/'`tsp_caps.c + +libtspi_la-rpc_caps.lo: rpc/@RPC@/rpc_caps.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-rpc_caps.lo -MD -MP -MF $(DEPDIR)/libtspi_la-rpc_caps.Tpo -c -o libtspi_la-rpc_caps.lo `test -f 'rpc/@RPC@/rpc_caps.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_caps.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-rpc_caps.Tpo $(DEPDIR)/libtspi_la-rpc_caps.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_caps.c' object='libtspi_la-rpc_caps.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-rpc_caps.lo `test -f 'rpc/@RPC@/rpc_caps.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_caps.c + +libtspi_la-tspi_caps_tpm.lo: tspi_caps_tpm.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_caps_tpm.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_caps_tpm.Tpo -c -o libtspi_la-tspi_caps_tpm.lo `test -f 'tspi_caps_tpm.c' || echo '$(srcdir)/'`tspi_caps_tpm.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_caps_tpm.Tpo $(DEPDIR)/libtspi_la-tspi_caps_tpm.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_caps_tpm.c' object='libtspi_la-tspi_caps_tpm.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_caps_tpm.lo `test -f 'tspi_caps_tpm.c' || echo '$(srcdir)/'`tspi_caps_tpm.c + +libtspi_la-tsp_caps_tpm.lo: tsp_caps_tpm.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tsp_caps_tpm.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tsp_caps_tpm.Tpo -c -o libtspi_la-tsp_caps_tpm.lo `test -f 'tsp_caps_tpm.c' || echo '$(srcdir)/'`tsp_caps_tpm.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tsp_caps_tpm.Tpo $(DEPDIR)/libtspi_la-tsp_caps_tpm.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tsp_caps_tpm.c' object='libtspi_la-tsp_caps_tpm.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tsp_caps_tpm.lo `test -f 'tsp_caps_tpm.c' || echo '$(srcdir)/'`tsp_caps_tpm.c + +libtspi_la-rpc_caps_tpm.lo: rpc/@RPC@/rpc_caps_tpm.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-rpc_caps_tpm.lo -MD -MP -MF $(DEPDIR)/libtspi_la-rpc_caps_tpm.Tpo -c -o libtspi_la-rpc_caps_tpm.lo `test -f 'rpc/@RPC@/rpc_caps_tpm.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_caps_tpm.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-rpc_caps_tpm.Tpo $(DEPDIR)/libtspi_la-rpc_caps_tpm.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_caps_tpm.c' object='libtspi_la-rpc_caps_tpm.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-rpc_caps_tpm.lo `test -f 'rpc/@RPC@/rpc_caps_tpm.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_caps_tpm.c + +libtspi_la-tspi_policy.lo: tspi_policy.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_policy.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_policy.Tpo -c -o libtspi_la-tspi_policy.lo `test -f 'tspi_policy.c' || echo '$(srcdir)/'`tspi_policy.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_policy.Tpo $(DEPDIR)/libtspi_la-tspi_policy.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_policy.c' object='libtspi_la-tspi_policy.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_policy.lo `test -f 'tspi_policy.c' || echo '$(srcdir)/'`tspi_policy.c + +libtspi_la-tspi_dir.lo: tspi_dir.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_dir.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_dir.Tpo -c -o libtspi_la-tspi_dir.lo `test -f 'tspi_dir.c' || echo '$(srcdir)/'`tspi_dir.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_dir.Tpo $(DEPDIR)/libtspi_la-tspi_dir.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_dir.c' object='libtspi_la-tspi_dir.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_dir.lo `test -f 'tspi_dir.c' || echo '$(srcdir)/'`tspi_dir.c + +libtspi_la-tsp_dir.lo: tsp_dir.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tsp_dir.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tsp_dir.Tpo -c -o libtspi_la-tsp_dir.lo `test -f 'tsp_dir.c' || echo '$(srcdir)/'`tsp_dir.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tsp_dir.Tpo $(DEPDIR)/libtspi_la-tsp_dir.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tsp_dir.c' object='libtspi_la-tsp_dir.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tsp_dir.lo `test -f 'tsp_dir.c' || echo '$(srcdir)/'`tsp_dir.c + +libtspi_la-rpc_dir.lo: rpc/@RPC@/rpc_dir.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-rpc_dir.lo -MD -MP -MF $(DEPDIR)/libtspi_la-rpc_dir.Tpo -c -o libtspi_la-rpc_dir.lo `test -f 'rpc/@RPC@/rpc_dir.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_dir.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-rpc_dir.Tpo $(DEPDIR)/libtspi_la-rpc_dir.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_dir.c' object='libtspi_la-rpc_dir.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-rpc_dir.lo `test -f 'rpc/@RPC@/rpc_dir.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_dir.c + +libtspi_la-tspi_pcr_events.lo: tspi_pcr_events.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_pcr_events.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_pcr_events.Tpo -c -o libtspi_la-tspi_pcr_events.lo `test -f 'tspi_pcr_events.c' || echo '$(srcdir)/'`tspi_pcr_events.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_pcr_events.Tpo $(DEPDIR)/libtspi_la-tspi_pcr_events.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_pcr_events.c' object='libtspi_la-tspi_pcr_events.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_pcr_events.lo `test -f 'tspi_pcr_events.c' || echo '$(srcdir)/'`tspi_pcr_events.c + +libtspi_la-rpc_evlog.lo: rpc/@RPC@/rpc_evlog.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-rpc_evlog.lo -MD -MP -MF $(DEPDIR)/libtspi_la-rpc_evlog.Tpo -c -o libtspi_la-rpc_evlog.lo `test -f 'rpc/@RPC@/rpc_evlog.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_evlog.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-rpc_evlog.Tpo $(DEPDIR)/libtspi_la-rpc_evlog.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_evlog.c' object='libtspi_la-rpc_evlog.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-rpc_evlog.lo `test -f 'rpc/@RPC@/rpc_evlog.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_evlog.c + +libtspi_la-tspi_hash.lo: tspi_hash.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_hash.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_hash.Tpo -c -o libtspi_la-tspi_hash.lo `test -f 'tspi_hash.c' || echo '$(srcdir)/'`tspi_hash.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_hash.Tpo $(DEPDIR)/libtspi_la-tspi_hash.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_hash.c' object='libtspi_la-tspi_hash.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_hash.lo `test -f 'tspi_hash.c' || echo '$(srcdir)/'`tspi_hash.c + +libtspi_la-tspi_sign.lo: tspi_sign.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_sign.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_sign.Tpo -c -o libtspi_la-tspi_sign.lo `test -f 'tspi_sign.c' || echo '$(srcdir)/'`tspi_sign.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_sign.Tpo $(DEPDIR)/libtspi_la-tspi_sign.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_sign.c' object='libtspi_la-tspi_sign.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_sign.lo `test -f 'tspi_sign.c' || echo '$(srcdir)/'`tspi_sign.c + +libtspi_la-tsp_sign.lo: tsp_sign.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tsp_sign.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tsp_sign.Tpo -c -o libtspi_la-tsp_sign.lo `test -f 'tsp_sign.c' || echo '$(srcdir)/'`tsp_sign.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tsp_sign.Tpo $(DEPDIR)/libtspi_la-tsp_sign.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tsp_sign.c' object='libtspi_la-tsp_sign.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tsp_sign.lo `test -f 'tsp_sign.c' || echo '$(srcdir)/'`tsp_sign.c + +libtspi_la-rpc_sign.lo: rpc/@RPC@/rpc_sign.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-rpc_sign.lo -MD -MP -MF $(DEPDIR)/libtspi_la-rpc_sign.Tpo -c -o libtspi_la-rpc_sign.lo `test -f 'rpc/@RPC@/rpc_sign.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_sign.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-rpc_sign.Tpo $(DEPDIR)/libtspi_la-rpc_sign.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_sign.c' object='libtspi_la-rpc_sign.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-rpc_sign.lo `test -f 'rpc/@RPC@/rpc_sign.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_sign.c + +libtspi_la-tspi_quote.lo: tspi_quote.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_quote.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_quote.Tpo -c -o libtspi_la-tspi_quote.lo `test -f 'tspi_quote.c' || echo '$(srcdir)/'`tspi_quote.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_quote.Tpo $(DEPDIR)/libtspi_la-tspi_quote.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_quote.c' object='libtspi_la-tspi_quote.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_quote.lo `test -f 'tspi_quote.c' || echo '$(srcdir)/'`tspi_quote.c + +libtspi_la-tsp_quote.lo: tsp_quote.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tsp_quote.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tsp_quote.Tpo -c -o libtspi_la-tsp_quote.lo `test -f 'tsp_quote.c' || echo '$(srcdir)/'`tsp_quote.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tsp_quote.Tpo $(DEPDIR)/libtspi_la-tsp_quote.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tsp_quote.c' object='libtspi_la-tsp_quote.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tsp_quote.lo `test -f 'tsp_quote.c' || echo '$(srcdir)/'`tsp_quote.c + +libtspi_la-rpc_quote.lo: rpc/@RPC@/rpc_quote.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-rpc_quote.lo -MD -MP -MF $(DEPDIR)/libtspi_la-rpc_quote.Tpo -c -o libtspi_la-rpc_quote.lo `test -f 'rpc/@RPC@/rpc_quote.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_quote.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-rpc_quote.Tpo $(DEPDIR)/libtspi_la-rpc_quote.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_quote.c' object='libtspi_la-rpc_quote.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-rpc_quote.lo `test -f 'rpc/@RPC@/rpc_quote.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_quote.c + +libtspi_la-tspi_pcr_comp.lo: tspi_pcr_comp.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_pcr_comp.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_pcr_comp.Tpo -c -o libtspi_la-tspi_pcr_comp.lo `test -f 'tspi_pcr_comp.c' || echo '$(srcdir)/'`tspi_pcr_comp.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_pcr_comp.Tpo $(DEPDIR)/libtspi_la-tspi_pcr_comp.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_pcr_comp.c' object='libtspi_la-tspi_pcr_comp.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_pcr_comp.lo `test -f 'tspi_pcr_comp.c' || echo '$(srcdir)/'`tspi_pcr_comp.c + +libtspi_la-tspi_seal.lo: tspi_seal.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_seal.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_seal.Tpo -c -o libtspi_la-tspi_seal.lo `test -f 'tspi_seal.c' || echo '$(srcdir)/'`tspi_seal.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_seal.Tpo $(DEPDIR)/libtspi_la-tspi_seal.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_seal.c' object='libtspi_la-tspi_seal.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_seal.lo `test -f 'tspi_seal.c' || echo '$(srcdir)/'`tspi_seal.c + +libtspi_la-rpc_seal.lo: rpc/@RPC@/rpc_seal.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-rpc_seal.lo -MD -MP -MF $(DEPDIR)/libtspi_la-rpc_seal.Tpo -c -o libtspi_la-rpc_seal.lo `test -f 'rpc/@RPC@/rpc_seal.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_seal.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-rpc_seal.Tpo $(DEPDIR)/libtspi_la-rpc_seal.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_seal.c' object='libtspi_la-rpc_seal.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-rpc_seal.lo `test -f 'rpc/@RPC@/rpc_seal.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_seal.c + +libtspi_la-tspi_changeauth.lo: tspi_changeauth.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_changeauth.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_changeauth.Tpo -c -o libtspi_la-tspi_changeauth.lo `test -f 'tspi_changeauth.c' || echo '$(srcdir)/'`tspi_changeauth.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_changeauth.Tpo $(DEPDIR)/libtspi_la-tspi_changeauth.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_changeauth.c' object='libtspi_la-tspi_changeauth.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_changeauth.lo `test -f 'tspi_changeauth.c' || echo '$(srcdir)/'`tspi_changeauth.c + +libtspi_la-tsp_changeauth.lo: tsp_changeauth.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tsp_changeauth.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tsp_changeauth.Tpo -c -o libtspi_la-tsp_changeauth.lo `test -f 'tsp_changeauth.c' || echo '$(srcdir)/'`tsp_changeauth.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tsp_changeauth.Tpo $(DEPDIR)/libtspi_la-tsp_changeauth.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tsp_changeauth.c' object='libtspi_la-tsp_changeauth.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tsp_changeauth.lo `test -f 'tsp_changeauth.c' || echo '$(srcdir)/'`tsp_changeauth.c + +libtspi_la-rpc_changeauth.lo: rpc/@RPC@/rpc_changeauth.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-rpc_changeauth.lo -MD -MP -MF $(DEPDIR)/libtspi_la-rpc_changeauth.Tpo -c -o libtspi_la-rpc_changeauth.lo `test -f 'rpc/@RPC@/rpc_changeauth.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_changeauth.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-rpc_changeauth.Tpo $(DEPDIR)/libtspi_la-rpc_changeauth.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_changeauth.c' object='libtspi_la-rpc_changeauth.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-rpc_changeauth.lo `test -f 'rpc/@RPC@/rpc_changeauth.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_changeauth.c + +libtspi_la-tspi_bind.lo: tspi_bind.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_bind.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_bind.Tpo -c -o libtspi_la-tspi_bind.lo `test -f 'tspi_bind.c' || echo '$(srcdir)/'`tspi_bind.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_bind.Tpo $(DEPDIR)/libtspi_la-tspi_bind.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_bind.c' object='libtspi_la-tspi_bind.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_bind.lo `test -f 'tspi_bind.c' || echo '$(srcdir)/'`tspi_bind.c + +libtspi_la-tsp_bind.lo: tsp_bind.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tsp_bind.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tsp_bind.Tpo -c -o libtspi_la-tsp_bind.lo `test -f 'tsp_bind.c' || echo '$(srcdir)/'`tsp_bind.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tsp_bind.Tpo $(DEPDIR)/libtspi_la-tsp_bind.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tsp_bind.c' object='libtspi_la-tsp_bind.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tsp_bind.lo `test -f 'tsp_bind.c' || echo '$(srcdir)/'`tsp_bind.c + +libtspi_la-rpc_bind.lo: rpc/@RPC@/rpc_bind.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-rpc_bind.lo -MD -MP -MF $(DEPDIR)/libtspi_la-rpc_bind.Tpo -c -o libtspi_la-rpc_bind.lo `test -f 'rpc/@RPC@/rpc_bind.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_bind.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-rpc_bind.Tpo $(DEPDIR)/libtspi_la-rpc_bind.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_bind.c' object='libtspi_la-rpc_bind.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-rpc_bind.lo `test -f 'rpc/@RPC@/rpc_bind.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_bind.c + +libtspi_la-tsp_own.lo: tsp_own.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tsp_own.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tsp_own.Tpo -c -o libtspi_la-tsp_own.lo `test -f 'tsp_own.c' || echo '$(srcdir)/'`tsp_own.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tsp_own.Tpo $(DEPDIR)/libtspi_la-tsp_own.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tsp_own.c' object='libtspi_la-tsp_own.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tsp_own.lo `test -f 'tsp_own.c' || echo '$(srcdir)/'`tsp_own.c + +libtspi_la-tspi_own.lo: tspi_own.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_own.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_own.Tpo -c -o libtspi_la-tspi_own.lo `test -f 'tspi_own.c' || echo '$(srcdir)/'`tspi_own.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_own.Tpo $(DEPDIR)/libtspi_la-tspi_own.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_own.c' object='libtspi_la-tspi_own.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_own.lo `test -f 'tspi_own.c' || echo '$(srcdir)/'`tspi_own.c + +libtspi_la-rpc_own.lo: rpc/@RPC@/rpc_own.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-rpc_own.lo -MD -MP -MF $(DEPDIR)/libtspi_la-rpc_own.Tpo -c -o libtspi_la-rpc_own.lo `test -f 'rpc/@RPC@/rpc_own.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_own.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-rpc_own.Tpo $(DEPDIR)/libtspi_la-rpc_own.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_own.c' object='libtspi_la-rpc_own.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-rpc_own.lo `test -f 'rpc/@RPC@/rpc_own.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_own.c + +libtspi_la-ps_utils.lo: ps/ps_utils.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-ps_utils.lo -MD -MP -MF $(DEPDIR)/libtspi_la-ps_utils.Tpo -c -o libtspi_la-ps_utils.lo `test -f 'ps/ps_utils.c' || echo '$(srcdir)/'`ps/ps_utils.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-ps_utils.Tpo $(DEPDIR)/libtspi_la-ps_utils.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ps/ps_utils.c' object='libtspi_la-ps_utils.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-ps_utils.lo `test -f 'ps/ps_utils.c' || echo '$(srcdir)/'`ps/ps_utils.c + +libtspi_la-tspps.lo: ps/tspps.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspps.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspps.Tpo -c -o libtspi_la-tspps.lo `test -f 'ps/tspps.c' || echo '$(srcdir)/'`ps/tspps.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspps.Tpo $(DEPDIR)/libtspi_la-tspps.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ps/tspps.c' object='libtspi_la-tspps.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspps.lo `test -f 'ps/tspps.c' || echo '$(srcdir)/'`ps/tspps.c + +libtspi_la-tspi_ps.lo: tspi_ps.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_ps.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_ps.Tpo -c -o libtspi_la-tspi_ps.lo `test -f 'tspi_ps.c' || echo '$(srcdir)/'`tspi_ps.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_ps.Tpo $(DEPDIR)/libtspi_la-tspi_ps.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_ps.c' object='libtspi_la-tspi_ps.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_ps.lo `test -f 'tspi_ps.c' || echo '$(srcdir)/'`tspi_ps.c + +libtspi_la-rpc_ps.lo: rpc/@RPC@/rpc_ps.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-rpc_ps.lo -MD -MP -MF $(DEPDIR)/libtspi_la-rpc_ps.Tpo -c -o libtspi_la-rpc_ps.lo `test -f 'rpc/@RPC@/rpc_ps.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_ps.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-rpc_ps.Tpo $(DEPDIR)/libtspi_la-rpc_ps.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_ps.c' object='libtspi_la-rpc_ps.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-rpc_ps.lo `test -f 'rpc/@RPC@/rpc_ps.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_ps.c + +libtspi_la-tsp_ps.lo: tsp_ps.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tsp_ps.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tsp_ps.Tpo -c -o libtspi_la-tsp_ps.lo `test -f 'tsp_ps.c' || echo '$(srcdir)/'`tsp_ps.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tsp_ps.Tpo $(DEPDIR)/libtspi_la-tsp_ps.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tsp_ps.c' object='libtspi_la-tsp_ps.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tsp_ps.lo `test -f 'tsp_ps.c' || echo '$(srcdir)/'`tsp_ps.c + +libtspi_la-tspi_admin.lo: tspi_admin.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_admin.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_admin.Tpo -c -o libtspi_la-tspi_admin.lo `test -f 'tspi_admin.c' || echo '$(srcdir)/'`tspi_admin.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_admin.Tpo $(DEPDIR)/libtspi_la-tspi_admin.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_admin.c' object='libtspi_la-tspi_admin.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_admin.lo `test -f 'tspi_admin.c' || echo '$(srcdir)/'`tspi_admin.c + +libtspi_la-tsp_admin.lo: tsp_admin.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tsp_admin.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tsp_admin.Tpo -c -o libtspi_la-tsp_admin.lo `test -f 'tsp_admin.c' || echo '$(srcdir)/'`tsp_admin.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tsp_admin.Tpo $(DEPDIR)/libtspi_la-tsp_admin.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tsp_admin.c' object='libtspi_la-tsp_admin.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tsp_admin.lo `test -f 'tsp_admin.c' || echo '$(srcdir)/'`tsp_admin.c + +libtspi_la-rpc_admin.lo: rpc/@RPC@/rpc_admin.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-rpc_admin.lo -MD -MP -MF $(DEPDIR)/libtspi_la-rpc_admin.Tpo -c -o libtspi_la-rpc_admin.lo `test -f 'rpc/@RPC@/rpc_admin.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_admin.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-rpc_admin.Tpo $(DEPDIR)/libtspi_la-rpc_admin.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_admin.c' object='libtspi_la-rpc_admin.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-rpc_admin.lo `test -f 'rpc/@RPC@/rpc_admin.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_admin.c + +libtspi_la-tspi_aik.lo: tspi_aik.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_aik.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_aik.Tpo -c -o libtspi_la-tspi_aik.lo `test -f 'tspi_aik.c' || echo '$(srcdir)/'`tspi_aik.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_aik.Tpo $(DEPDIR)/libtspi_la-tspi_aik.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_aik.c' object='libtspi_la-tspi_aik.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_aik.lo `test -f 'tspi_aik.c' || echo '$(srcdir)/'`tspi_aik.c + +libtspi_la-tsp_aik.lo: tsp_aik.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tsp_aik.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tsp_aik.Tpo -c -o libtspi_la-tsp_aik.lo `test -f 'tsp_aik.c' || echo '$(srcdir)/'`tsp_aik.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tsp_aik.Tpo $(DEPDIR)/libtspi_la-tsp_aik.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tsp_aik.c' object='libtspi_la-tsp_aik.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tsp_aik.lo `test -f 'tsp_aik.c' || echo '$(srcdir)/'`tsp_aik.c + +libtspi_la-rpc_aik.lo: rpc/@RPC@/rpc_aik.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-rpc_aik.lo -MD -MP -MF $(DEPDIR)/libtspi_la-rpc_aik.Tpo -c -o libtspi_la-rpc_aik.lo `test -f 'rpc/@RPC@/rpc_aik.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_aik.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-rpc_aik.Tpo $(DEPDIR)/libtspi_la-rpc_aik.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_aik.c' object='libtspi_la-rpc_aik.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-rpc_aik.lo `test -f 'rpc/@RPC@/rpc_aik.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_aik.c + +libtspi_la-tspi_ek.lo: tspi_ek.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_ek.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_ek.Tpo -c -o libtspi_la-tspi_ek.lo `test -f 'tspi_ek.c' || echo '$(srcdir)/'`tspi_ek.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_ek.Tpo $(DEPDIR)/libtspi_la-tspi_ek.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_ek.c' object='libtspi_la-tspi_ek.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_ek.lo `test -f 'tspi_ek.c' || echo '$(srcdir)/'`tspi_ek.c + +libtspi_la-tsp_ek.lo: tsp_ek.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tsp_ek.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tsp_ek.Tpo -c -o libtspi_la-tsp_ek.lo `test -f 'tsp_ek.c' || echo '$(srcdir)/'`tsp_ek.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tsp_ek.Tpo $(DEPDIR)/libtspi_la-tsp_ek.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tsp_ek.c' object='libtspi_la-tsp_ek.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tsp_ek.lo `test -f 'tsp_ek.c' || echo '$(srcdir)/'`tsp_ek.c + +libtspi_la-rpc_ek.lo: rpc/@RPC@/rpc_ek.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-rpc_ek.lo -MD -MP -MF $(DEPDIR)/libtspi_la-rpc_ek.Tpo -c -o libtspi_la-rpc_ek.lo `test -f 'rpc/@RPC@/rpc_ek.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_ek.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-rpc_ek.Tpo $(DEPDIR)/libtspi_la-rpc_ek.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_ek.c' object='libtspi_la-rpc_ek.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-rpc_ek.lo `test -f 'rpc/@RPC@/rpc_ek.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_ek.c + +libtspi_la-tspi_certify.lo: tspi_certify.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_certify.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_certify.Tpo -c -o libtspi_la-tspi_certify.lo `test -f 'tspi_certify.c' || echo '$(srcdir)/'`tspi_certify.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_certify.Tpo $(DEPDIR)/libtspi_la-tspi_certify.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_certify.c' object='libtspi_la-tspi_certify.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_certify.lo `test -f 'tspi_certify.c' || echo '$(srcdir)/'`tspi_certify.c + +libtspi_la-tsp_certify.lo: tsp_certify.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tsp_certify.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tsp_certify.Tpo -c -o libtspi_la-tsp_certify.lo `test -f 'tsp_certify.c' || echo '$(srcdir)/'`tsp_certify.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tsp_certify.Tpo $(DEPDIR)/libtspi_la-tsp_certify.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tsp_certify.c' object='libtspi_la-tsp_certify.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tsp_certify.lo `test -f 'tsp_certify.c' || echo '$(srcdir)/'`tsp_certify.c + +libtspi_la-rpc_certify.lo: rpc/@RPC@/rpc_certify.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-rpc_certify.lo -MD -MP -MF $(DEPDIR)/libtspi_la-rpc_certify.Tpo -c -o libtspi_la-rpc_certify.lo `test -f 'rpc/@RPC@/rpc_certify.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_certify.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-rpc_certify.Tpo $(DEPDIR)/libtspi_la-rpc_certify.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_certify.c' object='libtspi_la-rpc_certify.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-rpc_certify.lo `test -f 'rpc/@RPC@/rpc_certify.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_certify.c + +libtspi_la-tspi_key.lo: tspi_key.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_key.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_key.Tpo -c -o libtspi_la-tspi_key.lo `test -f 'tspi_key.c' || echo '$(srcdir)/'`tspi_key.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_key.Tpo $(DEPDIR)/libtspi_la-tspi_key.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_key.c' object='libtspi_la-tspi_key.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_key.lo `test -f 'tspi_key.c' || echo '$(srcdir)/'`tspi_key.c + +libtspi_la-rpc_key.lo: rpc/@RPC@/rpc_key.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-rpc_key.lo -MD -MP -MF $(DEPDIR)/libtspi_la-rpc_key.Tpo -c -o libtspi_la-rpc_key.lo `test -f 'rpc/@RPC@/rpc_key.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_key.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-rpc_key.Tpo $(DEPDIR)/libtspi_la-rpc_key.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_key.c' object='libtspi_la-rpc_key.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-rpc_key.lo `test -f 'rpc/@RPC@/rpc_key.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_key.c + +libtspi_la-tspi_maint.lo: tspi_maint.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_maint.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_maint.Tpo -c -o libtspi_la-tspi_maint.lo `test -f 'tspi_maint.c' || echo '$(srcdir)/'`tspi_maint.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_maint.Tpo $(DEPDIR)/libtspi_la-tspi_maint.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_maint.c' object='libtspi_la-tspi_maint.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_maint.lo `test -f 'tspi_maint.c' || echo '$(srcdir)/'`tspi_maint.c + +libtspi_la-tsp_maint.lo: tsp_maint.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tsp_maint.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tsp_maint.Tpo -c -o libtspi_la-tsp_maint.lo `test -f 'tsp_maint.c' || echo '$(srcdir)/'`tsp_maint.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tsp_maint.Tpo $(DEPDIR)/libtspi_la-tsp_maint.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tsp_maint.c' object='libtspi_la-tsp_maint.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tsp_maint.lo `test -f 'tsp_maint.c' || echo '$(srcdir)/'`tsp_maint.c + +libtspi_la-rpc_maint.lo: rpc/@RPC@/rpc_maint.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-rpc_maint.lo -MD -MP -MF $(DEPDIR)/libtspi_la-rpc_maint.Tpo -c -o libtspi_la-rpc_maint.lo `test -f 'rpc/@RPC@/rpc_maint.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_maint.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-rpc_maint.Tpo $(DEPDIR)/libtspi_la-rpc_maint.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_maint.c' object='libtspi_la-rpc_maint.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-rpc_maint.lo `test -f 'rpc/@RPC@/rpc_maint.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_maint.c + +libtspi_la-tspi_migration.lo: tspi_migration.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_migration.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_migration.Tpo -c -o libtspi_la-tspi_migration.lo `test -f 'tspi_migration.c' || echo '$(srcdir)/'`tspi_migration.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_migration.Tpo $(DEPDIR)/libtspi_la-tspi_migration.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_migration.c' object='libtspi_la-tspi_migration.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_migration.lo `test -f 'tspi_migration.c' || echo '$(srcdir)/'`tspi_migration.c + +libtspi_la-tsp_migration.lo: tsp_migration.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tsp_migration.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tsp_migration.Tpo -c -o libtspi_la-tsp_migration.lo `test -f 'tsp_migration.c' || echo '$(srcdir)/'`tsp_migration.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tsp_migration.Tpo $(DEPDIR)/libtspi_la-tsp_migration.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tsp_migration.c' object='libtspi_la-tsp_migration.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tsp_migration.lo `test -f 'tsp_migration.c' || echo '$(srcdir)/'`tsp_migration.c + +libtspi_la-rpc_migration.lo: rpc/@RPC@/rpc_migration.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-rpc_migration.lo -MD -MP -MF $(DEPDIR)/libtspi_la-rpc_migration.Tpo -c -o libtspi_la-rpc_migration.lo `test -f 'rpc/@RPC@/rpc_migration.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_migration.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-rpc_migration.Tpo $(DEPDIR)/libtspi_la-rpc_migration.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_migration.c' object='libtspi_la-rpc_migration.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-rpc_migration.lo `test -f 'rpc/@RPC@/rpc_migration.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_migration.c + +libtspi_la-tspi_pcr_extend.lo: tspi_pcr_extend.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_pcr_extend.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_pcr_extend.Tpo -c -o libtspi_la-tspi_pcr_extend.lo `test -f 'tspi_pcr_extend.c' || echo '$(srcdir)/'`tspi_pcr_extend.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_pcr_extend.Tpo $(DEPDIR)/libtspi_la-tspi_pcr_extend.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_pcr_extend.c' object='libtspi_la-tspi_pcr_extend.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_pcr_extend.lo `test -f 'tspi_pcr_extend.c' || echo '$(srcdir)/'`tspi_pcr_extend.c + +libtspi_la-tsp_pcr_extend.lo: tsp_pcr_extend.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tsp_pcr_extend.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tsp_pcr_extend.Tpo -c -o libtspi_la-tsp_pcr_extend.lo `test -f 'tsp_pcr_extend.c' || echo '$(srcdir)/'`tsp_pcr_extend.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tsp_pcr_extend.Tpo $(DEPDIR)/libtspi_la-tsp_pcr_extend.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tsp_pcr_extend.c' object='libtspi_la-tsp_pcr_extend.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tsp_pcr_extend.lo `test -f 'tsp_pcr_extend.c' || echo '$(srcdir)/'`tsp_pcr_extend.c + +libtspi_la-rpc_pcr_extend.lo: rpc/@RPC@/rpc_pcr_extend.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-rpc_pcr_extend.lo -MD -MP -MF $(DEPDIR)/libtspi_la-rpc_pcr_extend.Tpo -c -o libtspi_la-rpc_pcr_extend.lo `test -f 'rpc/@RPC@/rpc_pcr_extend.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_pcr_extend.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-rpc_pcr_extend.Tpo $(DEPDIR)/libtspi_la-rpc_pcr_extend.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_pcr_extend.c' object='libtspi_la-rpc_pcr_extend.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-rpc_pcr_extend.lo `test -f 'rpc/@RPC@/rpc_pcr_extend.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_pcr_extend.c + +libtspi_la-tspi_selftest.lo: tspi_selftest.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_selftest.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_selftest.Tpo -c -o libtspi_la-tspi_selftest.lo `test -f 'tspi_selftest.c' || echo '$(srcdir)/'`tspi_selftest.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_selftest.Tpo $(DEPDIR)/libtspi_la-tspi_selftest.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_selftest.c' object='libtspi_la-tspi_selftest.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_selftest.lo `test -f 'tspi_selftest.c' || echo '$(srcdir)/'`tspi_selftest.c + +libtspi_la-tsp_selftest.lo: tsp_selftest.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tsp_selftest.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tsp_selftest.Tpo -c -o libtspi_la-tsp_selftest.lo `test -f 'tsp_selftest.c' || echo '$(srcdir)/'`tsp_selftest.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tsp_selftest.Tpo $(DEPDIR)/libtspi_la-tsp_selftest.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tsp_selftest.c' object='libtspi_la-tsp_selftest.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tsp_selftest.lo `test -f 'tsp_selftest.c' || echo '$(srcdir)/'`tsp_selftest.c + +libtspi_la-rpc_selftest.lo: rpc/@RPC@/rpc_selftest.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-rpc_selftest.lo -MD -MP -MF $(DEPDIR)/libtspi_la-rpc_selftest.Tpo -c -o libtspi_la-rpc_selftest.lo `test -f 'rpc/@RPC@/rpc_selftest.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_selftest.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-rpc_selftest.Tpo $(DEPDIR)/libtspi_la-rpc_selftest.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_selftest.c' object='libtspi_la-rpc_selftest.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-rpc_selftest.lo `test -f 'rpc/@RPC@/rpc_selftest.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_selftest.c + +libtspi_la-tspi_daa.lo: tspi_daa.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_daa.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_daa.Tpo -c -o libtspi_la-tspi_daa.lo `test -f 'tspi_daa.c' || echo '$(srcdir)/'`tspi_daa.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_daa.Tpo $(DEPDIR)/libtspi_la-tspi_daa.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_daa.c' object='libtspi_la-tspi_daa.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_daa.lo `test -f 'tspi_daa.c' || echo '$(srcdir)/'`tspi_daa.c + +libtspi_la-tsp_daa.lo: tsp_daa.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tsp_daa.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tsp_daa.Tpo -c -o libtspi_la-tsp_daa.lo `test -f 'tsp_daa.c' || echo '$(srcdir)/'`tsp_daa.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tsp_daa.Tpo $(DEPDIR)/libtspi_la-tsp_daa.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tsp_daa.c' object='libtspi_la-tsp_daa.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tsp_daa.lo `test -f 'tsp_daa.c' || echo '$(srcdir)/'`tsp_daa.c + +libtspi_la-rpc_daa.lo: rpc/@RPC@/rpc_daa.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-rpc_daa.lo -MD -MP -MF $(DEPDIR)/libtspi_la-rpc_daa.Tpo -c -o libtspi_la-rpc_daa.lo `test -f 'rpc/@RPC@/rpc_daa.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_daa.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-rpc_daa.Tpo $(DEPDIR)/libtspi_la-rpc_daa.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_daa.c' object='libtspi_la-rpc_daa.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-rpc_daa.lo `test -f 'rpc/@RPC@/rpc_daa.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_daa.c + +libtspi_la-keypair_generator.lo: daa/daa_issuer/keypair_generator.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-keypair_generator.lo -MD -MP -MF $(DEPDIR)/libtspi_la-keypair_generator.Tpo -c -o libtspi_la-keypair_generator.lo `test -f 'daa/daa_issuer/keypair_generator.c' || echo '$(srcdir)/'`daa/daa_issuer/keypair_generator.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-keypair_generator.Tpo $(DEPDIR)/libtspi_la-keypair_generator.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='daa/daa_issuer/keypair_generator.c' object='libtspi_la-keypair_generator.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-keypair_generator.lo `test -f 'daa/daa_issuer/keypair_generator.c' || echo '$(srcdir)/'`daa/daa_issuer/keypair_generator.c + +libtspi_la-prime_gen.lo: daa/daa_issuer/prime_gen.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-prime_gen.lo -MD -MP -MF $(DEPDIR)/libtspi_la-prime_gen.Tpo -c -o libtspi_la-prime_gen.lo `test -f 'daa/daa_issuer/prime_gen.c' || echo '$(srcdir)/'`daa/daa_issuer/prime_gen.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-prime_gen.Tpo $(DEPDIR)/libtspi_la-prime_gen.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='daa/daa_issuer/prime_gen.c' object='libtspi_la-prime_gen.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-prime_gen.lo `test -f 'daa/daa_issuer/prime_gen.c' || echo '$(srcdir)/'`daa/daa_issuer/prime_gen.c + +libtspi_la-key_correctness_proof.lo: daa/daa_issuer/key_correctness_proof.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-key_correctness_proof.lo -MD -MP -MF $(DEPDIR)/libtspi_la-key_correctness_proof.Tpo -c -o libtspi_la-key_correctness_proof.lo `test -f 'daa/daa_issuer/key_correctness_proof.c' || echo '$(srcdir)/'`daa/daa_issuer/key_correctness_proof.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-key_correctness_proof.Tpo $(DEPDIR)/libtspi_la-key_correctness_proof.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='daa/daa_issuer/key_correctness_proof.c' object='libtspi_la-key_correctness_proof.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-key_correctness_proof.lo `test -f 'daa/daa_issuer/key_correctness_proof.c' || echo '$(srcdir)/'`daa/daa_issuer/key_correctness_proof.c + +libtspi_la-platform.lo: daa/daa_platform/platform.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-platform.lo -MD -MP -MF $(DEPDIR)/libtspi_la-platform.Tpo -c -o libtspi_la-platform.lo `test -f 'daa/daa_platform/platform.c' || echo '$(srcdir)/'`daa/daa_platform/platform.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-platform.Tpo $(DEPDIR)/libtspi_la-platform.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='daa/daa_platform/platform.c' object='libtspi_la-platform.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-platform.lo `test -f 'daa/daa_platform/platform.c' || echo '$(srcdir)/'`daa/daa_platform/platform.c + +libtspi_la-issuer_init.lo: daa/daa_issuer/issuer_init.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-issuer_init.lo -MD -MP -MF $(DEPDIR)/libtspi_la-issuer_init.Tpo -c -o libtspi_la-issuer_init.lo `test -f 'daa/daa_issuer/issuer_init.c' || echo '$(srcdir)/'`daa/daa_issuer/issuer_init.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-issuer_init.Tpo $(DEPDIR)/libtspi_la-issuer_init.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='daa/daa_issuer/issuer_init.c' object='libtspi_la-issuer_init.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-issuer_init.lo `test -f 'daa/daa_issuer/issuer_init.c' || echo '$(srcdir)/'`daa/daa_issuer/issuer_init.c + +libtspi_la-issue_credential.lo: daa/daa_issuer/issue_credential.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-issue_credential.lo -MD -MP -MF $(DEPDIR)/libtspi_la-issue_credential.Tpo -c -o libtspi_la-issue_credential.lo `test -f 'daa/daa_issuer/issue_credential.c' || echo '$(srcdir)/'`daa/daa_issuer/issue_credential.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-issue_credential.Tpo $(DEPDIR)/libtspi_la-issue_credential.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='daa/daa_issuer/issue_credential.c' object='libtspi_la-issue_credential.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-issue_credential.lo `test -f 'daa/daa_issuer/issue_credential.c' || echo '$(srcdir)/'`daa/daa_issuer/issue_credential.c + +libtspi_la-verifier_transaction.lo: daa/daa_verifier/verifier_transaction.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-verifier_transaction.lo -MD -MP -MF $(DEPDIR)/libtspi_la-verifier_transaction.Tpo -c -o libtspi_la-verifier_transaction.lo `test -f 'daa/daa_verifier/verifier_transaction.c' || echo '$(srcdir)/'`daa/daa_verifier/verifier_transaction.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-verifier_transaction.Tpo $(DEPDIR)/libtspi_la-verifier_transaction.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='daa/daa_verifier/verifier_transaction.c' object='libtspi_la-verifier_transaction.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-verifier_transaction.lo `test -f 'daa/daa_verifier/verifier_transaction.c' || echo '$(srcdir)/'`daa/daa_verifier/verifier_transaction.c + +libtspi_la-verifier.lo: daa/daa_verifier/verifier.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-verifier.lo -MD -MP -MF $(DEPDIR)/libtspi_la-verifier.Tpo -c -o libtspi_la-verifier.lo `test -f 'daa/daa_verifier/verifier.c' || echo '$(srcdir)/'`daa/daa_verifier/verifier.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-verifier.Tpo $(DEPDIR)/libtspi_la-verifier.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='daa/daa_verifier/verifier.c' object='libtspi_la-verifier.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-verifier.lo `test -f 'daa/daa_verifier/verifier.c' || echo '$(srcdir)/'`daa/daa_verifier/verifier.c + +libtspi_la-daa_structs.lo: daa/daa_structs.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-daa_structs.lo -MD -MP -MF $(DEPDIR)/libtspi_la-daa_structs.Tpo -c -o libtspi_la-daa_structs.lo `test -f 'daa/daa_structs.c' || echo '$(srcdir)/'`daa/daa_structs.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-daa_structs.Tpo $(DEPDIR)/libtspi_la-daa_structs.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='daa/daa_structs.c' object='libtspi_la-daa_structs.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-daa_structs.lo `test -f 'daa/daa_structs.c' || echo '$(srcdir)/'`daa/daa_structs.c + +libtspi_la-daa_parameter.lo: daa/daa_parameter.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-daa_parameter.lo -MD -MP -MF $(DEPDIR)/libtspi_la-daa_parameter.Tpo -c -o libtspi_la-daa_parameter.lo `test -f 'daa/daa_parameter.c' || echo '$(srcdir)/'`daa/daa_parameter.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-daa_parameter.Tpo $(DEPDIR)/libtspi_la-daa_parameter.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='daa/daa_parameter.c' object='libtspi_la-daa_parameter.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-daa_parameter.lo `test -f 'daa/daa_parameter.c' || echo '$(srcdir)/'`daa/daa_parameter.c + +libtspi_la-bi_gmp.lo: daa/big_integer/bi_gmp.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-bi_gmp.lo -MD -MP -MF $(DEPDIR)/libtspi_la-bi_gmp.Tpo -c -o libtspi_la-bi_gmp.lo `test -f 'daa/big_integer/bi_gmp.c' || echo '$(srcdir)/'`daa/big_integer/bi_gmp.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-bi_gmp.Tpo $(DEPDIR)/libtspi_la-bi_gmp.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='daa/big_integer/bi_gmp.c' object='libtspi_la-bi_gmp.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-bi_gmp.lo `test -f 'daa/big_integer/bi_gmp.c' || echo '$(srcdir)/'`daa/big_integer/bi_gmp.c + +libtspi_la-bi_openssl.lo: daa/big_integer/bi_openssl.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-bi_openssl.lo -MD -MP -MF $(DEPDIR)/libtspi_la-bi_openssl.Tpo -c -o libtspi_la-bi_openssl.lo `test -f 'daa/big_integer/bi_openssl.c' || echo '$(srcdir)/'`daa/big_integer/bi_openssl.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-bi_openssl.Tpo $(DEPDIR)/libtspi_la-bi_openssl.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='daa/big_integer/bi_openssl.c' object='libtspi_la-bi_openssl.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-bi_openssl.lo `test -f 'daa/big_integer/bi_openssl.c' || echo '$(srcdir)/'`daa/big_integer/bi_openssl.c + +libtspi_la-csencryption_result.lo: daa/daa_anonymityrevocation/csencryption_result.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-csencryption_result.lo -MD -MP -MF $(DEPDIR)/libtspi_la-csencryption_result.Tpo -c -o libtspi_la-csencryption_result.lo `test -f 'daa/daa_anonymityrevocation/csencryption_result.c' || echo '$(srcdir)/'`daa/daa_anonymityrevocation/csencryption_result.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-csencryption_result.Tpo $(DEPDIR)/libtspi_la-csencryption_result.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='daa/daa_anonymityrevocation/csencryption_result.c' object='libtspi_la-csencryption_result.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-csencryption_result.lo `test -f 'daa/daa_anonymityrevocation/csencryption_result.c' || echo '$(srcdir)/'`daa/daa_anonymityrevocation/csencryption_result.c + +libtspi_la-bi.lo: daa/big_integer/bi.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-bi.lo -MD -MP -MF $(DEPDIR)/libtspi_la-bi.Tpo -c -o libtspi_la-bi.lo `test -f 'daa/big_integer/bi.c' || echo '$(srcdir)/'`daa/big_integer/bi.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-bi.Tpo $(DEPDIR)/libtspi_la-bi.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='daa/big_integer/bi.c' object='libtspi_la-bi.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-bi.lo `test -f 'daa/big_integer/bi.c' || echo '$(srcdir)/'`daa/big_integer/bi.c + +libtspi_la-list.lo: daa/utils/list.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-list.lo -MD -MP -MF $(DEPDIR)/libtspi_la-list.Tpo -c -o libtspi_la-list.lo `test -f 'daa/utils/list.c' || echo '$(srcdir)/'`daa/utils/list.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-list.Tpo $(DEPDIR)/libtspi_la-list.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='daa/utils/list.c' object='libtspi_la-list.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-list.lo `test -f 'daa/utils/list.c' || echo '$(srcdir)/'`daa/utils/list.c + +libtspi_la-tsp_get_flags.lo: tsp_get_flags.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tsp_get_flags.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tsp_get_flags.Tpo -c -o libtspi_la-tsp_get_flags.lo `test -f 'tsp_get_flags.c' || echo '$(srcdir)/'`tsp_get_flags.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tsp_get_flags.Tpo $(DEPDIR)/libtspi_la-tsp_get_flags.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tsp_get_flags.c' object='libtspi_la-tsp_get_flags.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tsp_get_flags.lo `test -f 'tsp_get_flags.c' || echo '$(srcdir)/'`tsp_get_flags.c + +libtspi_la-obj_pcrs.lo: obj_pcrs.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-obj_pcrs.lo -MD -MP -MF $(DEPDIR)/libtspi_la-obj_pcrs.Tpo -c -o libtspi_la-obj_pcrs.lo `test -f 'obj_pcrs.c' || echo '$(srcdir)/'`obj_pcrs.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-obj_pcrs.Tpo $(DEPDIR)/libtspi_la-obj_pcrs.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='obj_pcrs.c' object='libtspi_la-obj_pcrs.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-obj_pcrs.lo `test -f 'obj_pcrs.c' || echo '$(srcdir)/'`obj_pcrs.c + +libtspi_la-tsp_pcr.lo: tsp_pcr.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tsp_pcr.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tsp_pcr.Tpo -c -o libtspi_la-tsp_pcr.lo `test -f 'tsp_pcr.c' || echo '$(srcdir)/'`tsp_pcr.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tsp_pcr.Tpo $(DEPDIR)/libtspi_la-tsp_pcr.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tsp_pcr.c' object='libtspi_la-tsp_pcr.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tsp_pcr.lo `test -f 'tsp_pcr.c' || echo '$(srcdir)/'`tsp_pcr.c + +libtspi_la-obj_hash.lo: obj_hash.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-obj_hash.lo -MD -MP -MF $(DEPDIR)/libtspi_la-obj_hash.Tpo -c -o libtspi_la-obj_hash.lo `test -f 'obj_hash.c' || echo '$(srcdir)/'`obj_hash.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-obj_hash.Tpo $(DEPDIR)/libtspi_la-obj_hash.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='obj_hash.c' object='libtspi_la-obj_hash.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-obj_hash.lo `test -f 'obj_hash.c' || echo '$(srcdir)/'`obj_hash.c + +libtspi_la-obj_encdata.lo: obj_encdata.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-obj_encdata.lo -MD -MP -MF $(DEPDIR)/libtspi_la-obj_encdata.Tpo -c -o libtspi_la-obj_encdata.lo `test -f 'obj_encdata.c' || echo '$(srcdir)/'`obj_encdata.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-obj_encdata.Tpo $(DEPDIR)/libtspi_la-obj_encdata.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='obj_encdata.c' object='libtspi_la-obj_encdata.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-obj_encdata.lo `test -f 'obj_encdata.c' || echo '$(srcdir)/'`obj_encdata.c + +libtspi_la-obj_rsakey.lo: obj_rsakey.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-obj_rsakey.lo -MD -MP -MF $(DEPDIR)/libtspi_la-obj_rsakey.Tpo -c -o libtspi_la-obj_rsakey.lo `test -f 'obj_rsakey.c' || echo '$(srcdir)/'`obj_rsakey.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-obj_rsakey.Tpo $(DEPDIR)/libtspi_la-obj_rsakey.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='obj_rsakey.c' object='libtspi_la-obj_rsakey.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-obj_rsakey.lo `test -f 'obj_rsakey.c' || echo '$(srcdir)/'`obj_rsakey.c + +libtspi_la-tsp_key.lo: tsp_key.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tsp_key.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tsp_key.Tpo -c -o libtspi_la-tsp_key.lo `test -f 'tsp_key.c' || echo '$(srcdir)/'`tsp_key.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tsp_key.Tpo $(DEPDIR)/libtspi_la-tsp_key.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tsp_key.c' object='libtspi_la-tsp_key.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tsp_key.lo `test -f 'tsp_key.c' || echo '$(srcdir)/'`tsp_key.c + +libtspi_la-tspi_asn1.lo: tspi_asn1.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_asn1.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_asn1.Tpo -c -o libtspi_la-tspi_asn1.lo `test -f 'tspi_asn1.c' || echo '$(srcdir)/'`tspi_asn1.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_asn1.Tpo $(DEPDIR)/libtspi_la-tspi_asn1.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_asn1.c' object='libtspi_la-tspi_asn1.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_asn1.lo `test -f 'tspi_asn1.c' || echo '$(srcdir)/'`tspi_asn1.c + +libtspi_la-tspi_audit.lo: tspi_audit.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_audit.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_audit.Tpo -c -o libtspi_la-tspi_audit.lo `test -f 'tspi_audit.c' || echo '$(srcdir)/'`tspi_audit.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_audit.Tpo $(DEPDIR)/libtspi_la-tspi_audit.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_audit.c' object='libtspi_la-tspi_audit.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_audit.lo `test -f 'tspi_audit.c' || echo '$(srcdir)/'`tspi_audit.c + +libtspi_la-tsp_audit.lo: tsp_audit.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tsp_audit.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tsp_audit.Tpo -c -o libtspi_la-tsp_audit.lo `test -f 'tsp_audit.c' || echo '$(srcdir)/'`tsp_audit.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tsp_audit.Tpo $(DEPDIR)/libtspi_la-tsp_audit.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tsp_audit.c' object='libtspi_la-tsp_audit.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tsp_audit.lo `test -f 'tsp_audit.c' || echo '$(srcdir)/'`tsp_audit.c + +libtspi_la-rpc_audit.lo: rpc/@RPC@/rpc_audit.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-rpc_audit.lo -MD -MP -MF $(DEPDIR)/libtspi_la-rpc_audit.Tpo -c -o libtspi_la-rpc_audit.lo `test -f 'rpc/@RPC@/rpc_audit.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_audit.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-rpc_audit.Tpo $(DEPDIR)/libtspi_la-rpc_audit.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_audit.c' object='libtspi_la-rpc_audit.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-rpc_audit.lo `test -f 'rpc/@RPC@/rpc_audit.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_audit.c + +libtspi_la-tsp_seal.lo: tsp_seal.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tsp_seal.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tsp_seal.Tpo -c -o libtspi_la-tsp_seal.lo `test -f 'tsp_seal.c' || echo '$(srcdir)/'`tsp_seal.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tsp_seal.Tpo $(DEPDIR)/libtspi_la-tsp_seal.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tsp_seal.c' object='libtspi_la-tsp_seal.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tsp_seal.lo `test -f 'tsp_seal.c' || echo '$(srcdir)/'`tsp_seal.c + +libtspi_la-tspi_quote2.lo: tspi_quote2.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_quote2.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_quote2.Tpo -c -o libtspi_la-tspi_quote2.lo `test -f 'tspi_quote2.c' || echo '$(srcdir)/'`tspi_quote2.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_quote2.Tpo $(DEPDIR)/libtspi_la-tspi_quote2.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_quote2.c' object='libtspi_la-tspi_quote2.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_quote2.lo `test -f 'tspi_quote2.c' || echo '$(srcdir)/'`tspi_quote2.c + +libtspi_la-tsp_quote2.lo: tsp_quote2.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tsp_quote2.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tsp_quote2.Tpo -c -o libtspi_la-tsp_quote2.lo `test -f 'tsp_quote2.c' || echo '$(srcdir)/'`tsp_quote2.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tsp_quote2.Tpo $(DEPDIR)/libtspi_la-tsp_quote2.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tsp_quote2.c' object='libtspi_la-tsp_quote2.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tsp_quote2.lo `test -f 'tsp_quote2.c' || echo '$(srcdir)/'`tsp_quote2.c + +libtspi_la-rpc_quote2.lo: rpc/@RPC@/rpc_quote2.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-rpc_quote2.lo -MD -MP -MF $(DEPDIR)/libtspi_la-rpc_quote2.Tpo -c -o libtspi_la-rpc_quote2.lo `test -f 'rpc/@RPC@/rpc_quote2.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_quote2.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-rpc_quote2.Tpo $(DEPDIR)/libtspi_la-rpc_quote2.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_quote2.c' object='libtspi_la-rpc_quote2.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-rpc_quote2.lo `test -f 'rpc/@RPC@/rpc_quote2.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_quote2.c + +libtspi_la-main.lo: gtk/main.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-main.lo -MD -MP -MF $(DEPDIR)/libtspi_la-main.Tpo -c -o libtspi_la-main.lo `test -f 'gtk/main.c' || echo '$(srcdir)/'`gtk/main.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-main.Tpo $(DEPDIR)/libtspi_la-main.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='gtk/main.c' object='libtspi_la-main.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-main.lo `test -f 'gtk/main.c' || echo '$(srcdir)/'`gtk/main.c + +libtspi_la-support.lo: gtk/support.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-support.lo -MD -MP -MF $(DEPDIR)/libtspi_la-support.Tpo -c -o libtspi_la-support.lo `test -f 'gtk/support.c' || echo '$(srcdir)/'`gtk/support.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-support.Tpo $(DEPDIR)/libtspi_la-support.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='gtk/support.c' object='libtspi_la-support.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-support.lo `test -f 'gtk/support.c' || echo '$(srcdir)/'`gtk/support.c + +libtspi_la-interface.lo: gtk/interface.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-interface.lo -MD -MP -MF $(DEPDIR)/libtspi_la-interface.Tpo -c -o libtspi_la-interface.lo `test -f 'gtk/interface.c' || echo '$(srcdir)/'`gtk/interface.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-interface.Tpo $(DEPDIR)/libtspi_la-interface.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='gtk/interface.c' object='libtspi_la-interface.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-interface.lo `test -f 'gtk/interface.c' || echo '$(srcdir)/'`gtk/interface.c + +libtspi_la-callbacks.lo: gtk/callbacks.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-callbacks.lo -MD -MP -MF $(DEPDIR)/libtspi_la-callbacks.Tpo -c -o libtspi_la-callbacks.lo `test -f 'gtk/callbacks.c' || echo '$(srcdir)/'`gtk/callbacks.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-callbacks.Tpo $(DEPDIR)/libtspi_la-callbacks.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='gtk/callbacks.c' object='libtspi_la-callbacks.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-callbacks.lo `test -f 'gtk/callbacks.c' || echo '$(srcdir)/'`gtk/callbacks.c + +libtspi_la-ssl_ui.lo: ssl_ui.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-ssl_ui.lo -MD -MP -MF $(DEPDIR)/libtspi_la-ssl_ui.Tpo -c -o libtspi_la-ssl_ui.lo `test -f 'ssl_ui.c' || echo '$(srcdir)/'`ssl_ui.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-ssl_ui.Tpo $(DEPDIR)/libtspi_la-ssl_ui.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ssl_ui.c' object='libtspi_la-ssl_ui.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-ssl_ui.lo `test -f 'ssl_ui.c' || echo '$(srcdir)/'`ssl_ui.c + +libtspi_la-tspi_nv.lo: tspi_nv.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_nv.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_nv.Tpo -c -o libtspi_la-tspi_nv.lo `test -f 'tspi_nv.c' || echo '$(srcdir)/'`tspi_nv.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_nv.Tpo $(DEPDIR)/libtspi_la-tspi_nv.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_nv.c' object='libtspi_la-tspi_nv.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_nv.lo `test -f 'tspi_nv.c' || echo '$(srcdir)/'`tspi_nv.c + +libtspi_la-obj_nv.lo: obj_nv.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-obj_nv.lo -MD -MP -MF $(DEPDIR)/libtspi_la-obj_nv.Tpo -c -o libtspi_la-obj_nv.lo `test -f 'obj_nv.c' || echo '$(srcdir)/'`obj_nv.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-obj_nv.Tpo $(DEPDIR)/libtspi_la-obj_nv.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='obj_nv.c' object='libtspi_la-obj_nv.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-obj_nv.lo `test -f 'obj_nv.c' || echo '$(srcdir)/'`obj_nv.c + +libtspi_la-tsp_nv.lo: tsp_nv.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tsp_nv.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tsp_nv.Tpo -c -o libtspi_la-tsp_nv.lo `test -f 'tsp_nv.c' || echo '$(srcdir)/'`tsp_nv.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tsp_nv.Tpo $(DEPDIR)/libtspi_la-tsp_nv.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tsp_nv.c' object='libtspi_la-tsp_nv.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tsp_nv.lo `test -f 'tsp_nv.c' || echo '$(srcdir)/'`tsp_nv.c + +libtspi_la-rpc_nv.lo: rpc/@RPC@/rpc_nv.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-rpc_nv.lo -MD -MP -MF $(DEPDIR)/libtspi_la-rpc_nv.Tpo -c -o libtspi_la-rpc_nv.lo `test -f 'rpc/@RPC@/rpc_nv.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_nv.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-rpc_nv.Tpo $(DEPDIR)/libtspi_la-rpc_nv.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_nv.c' object='libtspi_la-rpc_nv.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-rpc_nv.lo `test -f 'rpc/@RPC@/rpc_nv.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_nv.c + +libtspi_la-tspi_delegate.lo: tspi_delegate.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_delegate.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_delegate.Tpo -c -o libtspi_la-tspi_delegate.lo `test -f 'tspi_delegate.c' || echo '$(srcdir)/'`tspi_delegate.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_delegate.Tpo $(DEPDIR)/libtspi_la-tspi_delegate.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_delegate.c' object='libtspi_la-tspi_delegate.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_delegate.lo `test -f 'tspi_delegate.c' || echo '$(srcdir)/'`tspi_delegate.c + +libtspi_la-tsp_delegate.lo: tsp_delegate.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tsp_delegate.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tsp_delegate.Tpo -c -o libtspi_la-tsp_delegate.lo `test -f 'tsp_delegate.c' || echo '$(srcdir)/'`tsp_delegate.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tsp_delegate.Tpo $(DEPDIR)/libtspi_la-tsp_delegate.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tsp_delegate.c' object='libtspi_la-tsp_delegate.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tsp_delegate.lo `test -f 'tsp_delegate.c' || echo '$(srcdir)/'`tsp_delegate.c + +libtspi_la-obj_delfamily.lo: obj_delfamily.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-obj_delfamily.lo -MD -MP -MF $(DEPDIR)/libtspi_la-obj_delfamily.Tpo -c -o libtspi_la-obj_delfamily.lo `test -f 'obj_delfamily.c' || echo '$(srcdir)/'`obj_delfamily.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-obj_delfamily.Tpo $(DEPDIR)/libtspi_la-obj_delfamily.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='obj_delfamily.c' object='libtspi_la-obj_delfamily.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-obj_delfamily.lo `test -f 'obj_delfamily.c' || echo '$(srcdir)/'`obj_delfamily.c + +libtspi_la-rpc_delegate.lo: rpc/@RPC@/rpc_delegate.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-rpc_delegate.lo -MD -MP -MF $(DEPDIR)/libtspi_la-rpc_delegate.Tpo -c -o libtspi_la-rpc_delegate.lo `test -f 'rpc/@RPC@/rpc_delegate.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_delegate.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-rpc_delegate.Tpo $(DEPDIR)/libtspi_la-rpc_delegate.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_delegate.c' object='libtspi_la-rpc_delegate.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-rpc_delegate.lo `test -f 'rpc/@RPC@/rpc_delegate.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_delegate.c + +libtspi_la-tspi_cmk.lo: tspi_cmk.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-tspi_cmk.lo -MD -MP -MF $(DEPDIR)/libtspi_la-tspi_cmk.Tpo -c -o libtspi_la-tspi_cmk.lo `test -f 'tspi_cmk.c' || echo '$(srcdir)/'`tspi_cmk.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-tspi_cmk.Tpo $(DEPDIR)/libtspi_la-tspi_cmk.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tspi_cmk.c' object='libtspi_la-tspi_cmk.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-tspi_cmk.lo `test -f 'tspi_cmk.c' || echo '$(srcdir)/'`tspi_cmk.c + +libtspi_la-obj_migdata.lo: obj_migdata.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-obj_migdata.lo -MD -MP -MF $(DEPDIR)/libtspi_la-obj_migdata.Tpo -c -o libtspi_la-obj_migdata.lo `test -f 'obj_migdata.c' || echo '$(srcdir)/'`obj_migdata.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-obj_migdata.Tpo $(DEPDIR)/libtspi_la-obj_migdata.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='obj_migdata.c' object='libtspi_la-obj_migdata.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-obj_migdata.lo `test -f 'obj_migdata.c' || echo '$(srcdir)/'`obj_migdata.c + +libtspi_la-rpc_cmk.lo: rpc/@RPC@/rpc_cmk.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -MT libtspi_la-rpc_cmk.lo -MD -MP -MF $(DEPDIR)/libtspi_la-rpc_cmk.Tpo -c -o libtspi_la-rpc_cmk.lo `test -f 'rpc/@RPC@/rpc_cmk.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_cmk.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtspi_la-rpc_cmk.Tpo $(DEPDIR)/libtspi_la-rpc_cmk.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rpc/@RPC@/rpc_cmk.c' object='libtspi_la-rpc_cmk.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtspi_la_CFLAGS) $(CFLAGS) -c -o libtspi_la-rpc_cmk.lo `test -f 'rpc/@RPC@/rpc_cmk.c' || echo '$(srcdir)/'`rpc/@RPC@/rpc_cmk.c + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(libdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: install-libLTLIBRARIES + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-libLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libLTLIBRARIES clean-libtool ctags distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am \ + install-libLTLIBRARIES install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-libLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/tspi/daa/Makefile.am b/src/tspi/daa/Makefile.am new file mode 100644 index 0000000..b02bbde --- /dev/null +++ b/src/tspi/daa/Makefile.am @@ -0,0 +1,31 @@ +bin_PROGRAMS=issuer_setup key_verification test test_tpm test_join test_sign +#todel + +test_SOURCES=big_integer/bi_gmp.c big_integer/bi_openssl.c big_integer/bi.c utils/list.c big_integer/test/test.c big_integer/test/multi_exp.c +test_CFLAGS=-I../../include/daa -I../../include -DBI_DEBUG -g -DAPPID=\"BI\" +test_LDFLAGS=-lcrypto + +issuer_setup_SOURCES = daa_issuer/issuer_setup.c +issuer_setup_CFLAGS=-I../../include/daa -I../../include -DBI_DEBUG -DAPPID=\"DAA_ISSUER_SETUP\" +issuer_setup_LDFLAGS=-lcrypto ../libtspi.la ../libdaa.la + +key_verification_SOURCES=daa_issuer/key_verification.c +key_verification_CFLAGS=-I../../include/daa -I../../include -DBI_DEBUG -DAPPID=\"DAA_KEY_VERIFICATION\" +key_verification_LDFLAGS=-lcrypto ../libtspi.la ../libdaa.la + +test_tpm_SOURCES = daa_platform/test.c +test_tpm_CFLAGS=-I../../include/daa -I../../include +test_tpm_LDFLAGS=-lcrypto ../libtspi.la ../libdaa.la + +test_join_SOURCES = daa_platform/test_join.c +test_join_CFLAGS=-I../../include/daa -I../../include -DBI_DEBUG -DAPPID=\"DAA_JOIN\" +test_join_LDFLAGS=-lcrypto ../libtspi.la ../libdaa.la + +test_sign_SOURCES = test_sign.c +test_sign_CFLAGS=-I../../include/daa -I../../include -DBI_DEBUG -DAPPID=\"DAA_JOIN\" +test_sign_LDFLAGS=-lcrypto ../libtspi.la ../libdaa.la + +#todel_SOURCES = todel.c +#todel_CFLAGS=-I../../include/daa -I../../include -DBI_DEBUG -DAPPID=\"DAA_JOIN\" +#todel_LDFLAGS=-lcrypto ../libtspi.la ../libdaa.la + diff --git a/src/tspi/daa/big_integer/bi.c b/src/tspi/daa/big_integer/bi.c new file mode 100644 index 0000000..b86b2c1 --- /dev/null +++ b/src/tspi/daa/big_integer/bi.c @@ -0,0 +1,237 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2006 + * + */ + +#include + +#include "tcslog.h" + +#undef INLINE_DECL +#define INLINE_DECL + +/*********************************************************************************** + CONSTANT +*************************************************************************************/ + +bi_t bi_0; +bi_t bi_1; +bi_t bi_2; + +/*********************************************************************************** + WORK VARIABLE +*************************************************************************************/ + +// Buffer to load bi from a file . A static field is used, this should not be +// refere in any SPI calls. +#define BUFFER_SIZE 10000 +static char buffer[BUFFER_SIZE]; // used for loading bi + +#define SAFETY_PARAM 80 + +// keep the list of allocated memory, usually used for the format functions +list_ptr allocs = NULL; + +/*********************************************************************************** + DUMP LIB +*************************************************************************************/ + +// !! to use only for debugging +// do not used it in the same call, as a static buffer is used +char *dump_byte_array(int len, unsigned char *array) { + int i, j=0; + char c, str[3]; + + for( i=0; i and return it into a byte array of length */ +unsigned char *retrieve_byte_array( int *len, const char *strings) { + int index_str = 0, index_result = 0; + int str_len = strlen( strings); + char read_buffer[3]; + int c; + unsigned char *result; + + read_buffer[2]=0; + *len = ( str_len >> 1); + #ifdef BI_DEBUG + printf("[%s]\n", strings); + printf("[retrieve_byte_array] strlen=%d len=%d\n", str_len, *len); + #endif + result = (unsigned char *)malloc( *len+1); + if( result == NULL) { + LogError("malloc of %d bytes failed", *len+1); + return NULL; + } + if( (str_len & 1) ==1) { + // impair => 1 12 23 -> 01 12 23 + read_buffer[0]='0'; + read_buffer[1]=strings[index_str++]; + sscanf( read_buffer, "%2X", &c); + #ifdef BI_DEBUG + printf("[c'=%2X|%s]", (int)(c & 0xFF), read_buffer); + #endif + result[index_result++] = c&0xFF; + (*len)++; + } + while( index_str < str_len) { + read_buffer[0] = strings[ index_str++]; + read_buffer[1] = strings[ index_str++]; + sscanf( read_buffer, "%02X", &c); + #ifdef BI_DEBUG + printf("[c'=%2X|%s]", (int)(c & 0xFF), read_buffer); + #endif + result[index_result++] = c&0xFF; + } + return result; +} + +/* create a array */ +INLINE_DECL void bi_new_array( bi_array array, const int length) { + int i=0; + + bi_new_array2( array, length); + if( array->array == NULL) return; + for( i = 0; i< length; i++) { + array->array[i] = bi_new_ptr(); + } +} + +/* create a array */ +INLINE_DECL void bi_new_array2( bi_array array, const int length) { + array->length = length; + array->array = (bi_ptr *)malloc( sizeof(bi_ptr) * length); + if( array->array == NULL) { + LogError("malloc of %d bytes failed", sizeof(bi_ptr)*length); + return; + } +} + +/* free resources allocated to the big integer */ +INLINE_DECL void bi_free_array(bi_array array) { + int length = array->length; + int i=0; + + for( i = 0; i< length; i++) { + bi_free_ptr( array->array[i]); + } + free( array->array); +} + +/* copy length pointers from the array to array */ +INLINE_DECL void bi_copy_array(bi_array_ptr src, + int offset_src, + bi_array_ptr dest, + int offset_dest, + int length) { + int i=0; + + for( i = 0; i< length; i++) { + dest->array[ offset_dest + i] = src->array[ offset_src + i]; + } +} + +/* debug function -> dump a field of type bi_array */ +void dump_bi_array( char *field, const bi_array_ptr array) { + int i; + + for( i=0; ilength; i++) { + printf("%s->array[%d] = %s\n", field, i, bi_2_hex_char(array->array[i])); + } +} + +/*********************************************************************************** + SAFE RANDOM +*************************************************************************************/ + +/* Returns a random number in the range of [0,element-1] */ +bi_ptr compute_random_number( bi_ptr result, const bi_ptr element) { + bi_urandom( result, bi_length( element) + SAFETY_PARAM); + bi_mod( result, result, element); + return result; +} + +/*********************************************************************************** + SAVE / LOAD +*************************************************************************************/ + +/* load an big integer from an open file handler */ +void bi_load( bi_ptr bi, FILE *file) { + int i=0; + char c; + + fgets( buffer, BUFFER_SIZE, file); + do { + c = buffer[i]; + i++; + } while( c != 0 && c != ' '); + buffer[i-1] = 0; + bi_set_as_hex( bi, buffer); +} + +/* load an big integer array from an open file handler */ +void bi_load_array( bi_array_ptr array, FILE *file) { + int i, j = 0, length; + char c; + + fgets( buffer, BUFFER_SIZE, file); + do { + c = buffer[ j]; + j++; + } while( c != 0 && c != ' '); + buffer[ j -1] = 0; + sscanf( buffer, "%d", &length); + bi_new_array( array, length); + for( i=0; ilength; i++) { + bi_load( array->array[i], file); + } +} + +/* save an big integer to an open file handler */ +void bi_save( const bi_ptr bi, const char *name, FILE *file) { + fprintf( file, "%s # %s [%ld]\n", bi_2_hex_char( bi), name, bi_nbin_size( bi)); +} + +/* save an big integer array to an open file handler */ +void bi_save_array( const bi_array_ptr array, const char *name, FILE *file) { + int i; + char new_name[100]; + + fprintf(file, "%d # %s.length\n", array->length, name); + for( i=0; ilength; i++) { + sprintf( new_name, "%s[%d]", name, i); + bi_save( array->array[i], new_name, file); + } +} + +/* convert to a byte array of length result, the beginning of */ +/* this buffer is feel with '0' if needed */ +void bi_2_byte_array( unsigned char *result, int length, bi_ptr bi) { + int i, result_length; + + bi_2_nbin1( &result_length, buffer, bi); + int delta = length - result_length; + #ifdef BI_DEBUG + fprintf( stderr, "[bi_2_byte_array] result_length=%d length=%d\n", result_length, length); + #endif + if( delta < 0) { + LogError( "[bi_2_byte_array] asked length:%d found:%d\n", length, result_length); + return; + } + for( i=0; i +#include +#include + +#include + +#undef INLINE_DECL +#define INLINE_DECL + +gmp_randstate_t state; + +/* + reps controls how many tests should be done in mpz_probable_prime_p: + 5 to 10 are reasonable number +*/ +static int reps = 20; + +static int initialized = 0; +void * (*bi_alloc)(size_t size); + +/*********************************************************************************** + BITS OPERATION +*************************************************************************************/ + +// for conversion from and to byte[] see mpz_export and mpz_import + +/* return the size of a network byte order representation of */ +long bi_nbin_size(const bi_ptr i) { + int word_size = 1; // 1 byte per word + int numb = 8 * word_size - 0; + int count = (mpz_sizeinbase ( i, 2) + numb-1) / numb; + + return count * word_size; +} + +/* return a BYTE * - in network byte order - and update the length */ +unsigned char *bi_2_nbin( int *length, const bi_ptr i) { + unsigned char *buffer = (unsigned char *)bi_alloc( bi_nbin_size( i)); + + if( buffer == NULL) return NULL; + mpz_export(buffer, length, 1, 1, 1, 0, i); + return buffer; +} + +/* return a BYTE * - in network byte order - and update the length */ +/* different from bi_2_nbin: you should reserve enough memory for the storage */ +void bi_2_nbin1( int *length, unsigned char *buffer, const bi_ptr i) { + mpz_export(buffer, length, 1, 1, 1, 0, i); +} + +/* return a bi_ptr that correspond to the big endian encoded BYTE array of length */ +INLINE_DECL bi_ptr bi_set_as_nbin( const unsigned long length, const unsigned char *buffer) { + bi_ptr ret = bi_new_ptr(); + + if( ret == NULL) return NULL; + mpz_import( ret, length, 1, 1, 1, 0, buffer); + return ret; +} + + +/*********************************************************************************** + BASIC MATH OPERATION +*************************************************************************************/ + +/* multiple-exponentiation */ +/* := mod( Multi( i, i), number of byte ) with 0 <= i <= */ +bi_ptr bi_multi_mod_exp( bi_ptr result, + const int n, + const bi_t g[], + const long e[], + const int m) { + mpz_t temp, bi_m; + int i; + + mpz_init( temp); + mpz_init( bi_m); + mpz_set_si( bi_m, m); + // result := (g[0] ^ e[0]) mod m + mpz_powm_ui( result, g[0], e[0], bi_m); + for( i=1; i bits */ +INLINE_DECL bi_ptr bi_generate_prime( bi_ptr result, const long length) { + do { + mpz_urandomb( result, state, length); // i := random( length) + bi_setbit( result, 0); + bi_setbit( result, length - 1); + bi_setbit( result, length - 2); + mpz_nextprime( result, result); // i := nextPrime( i) + } while( mpz_sizeinbase( result, 2) != (unsigned long)length && + bi_is_probable_prime( result) ); + return result; +} + +/* generate a safe prime number of bits */ +/* by safe we mean a prime p so that (p-1)/2 is also prime */ +INLINE_DECL bi_ptr bi_generate_safe_prime( bi_ptr result, long length) { + mpz_t temp; + + mpz_init(temp); + do { + bi_generate_prime( result, length); + mpz_sub_ui( temp, result, 1); // temp := result - 1 + mpz_div_2exp( temp, temp, 1); // temp := temp / 2 + } while( mpz_probab_prime_p( temp, 10) == 0); +#ifdef BI_DEBUG + printf("GENERATE SAFE PRIME DONE");fflush(stdout); +#endif + mpz_clear( temp); + return result; +} + +/* return true if is a probably prime */ +INLINE_DECL int bi_is_probable_prime( bi_ptr i) { + /* + This function does some trial divisions and after some Miller-Rabin probabilistic + primality tests. The second parameter controls how many tests should be done, + 5 to 10 are reasonable number + */ + return mpz_probab_prime_p( i, reps)>=1 ? 1 : 0; +} + +/* return in the greatest common divisor of and */ +/* := gcd( , ) */ +INLINE_DECL bi_ptr bi_gcd( bi_ptr result, bi_ptr a, bi_ptr b) { + // result := gcd( a, b) + mpz_gcd( result, a, b); + return result; +} + + +/*********************************************************************************** + INIT/RELEASE LIBRARY +*************************************************************************************/ + +/* bi_alloc_p allocation function used only for exporting a bi struct, so for bi_2_nbin +if define as NULL, a stdlib malloc() will be used */ +void bi_init( void * (*bi_alloc_p)(size_t size)) { + time_t start; + unsigned long seed; + FILE *f; +#ifdef INTERACTIVE + int c, i; +#endif + + if( initialized == 1) return; + if( bi_alloc_p == NULL) bi_alloc = &malloc; + else bi_alloc = bi_alloc_p; + mpz_init( bi_0); + mpz_set_ui( bi_0, 0); + mpz_init( bi_1); + mpz_set_ui( bi_1, 1); + mpz_init( bi_2); + mpz_set_ui( bi_2, 2); + allocs = list_new(); + if( allocs == NULL) { + LogError("malloc of list failed"); + return; + } +#ifdef BI_DEBUG + printf("bi_init() -> gmp lib\n"); +#endif + time( &start); + // first try /dev/random, the most secure random generator + f = fopen("/dev/random", "r"); + // in case of failure, but les secure :( + if( f== NULL) f = fopen("/dev/urandom", "r"); + if( f != NULL) { + fread( &seed, sizeof(unsigned long int), 1, f); + fclose(f); + } +#ifdef INTERACTIVE + else { + printf("! devices /dev/random and /dev/urandom not found\n"); + printf("type some characters to generate a random seed (follow by enter)\n"); + fflush(stdout); + i=0; + while( (c = fgetc(stdin)) != 10) { + time_t temps; + time( &temps); + seed += temps +( c << i); + i++; + } + time_t temps; + time( &temps); + seed += temps; +#ifdef BI_DEBUG + printf("temps=%lx\n", temps - start); +#endif // BI_DEBUG + seed = (long)( temps * start); + } +#endif // INTERACTIVE +#ifdef BI_DEBUG + printf("seed=%lx\n", seed); +#endif + gmp_randinit_default( state); + gmp_randseed_ui( state, seed); + initialized = 1; +} + +void bi_release(void) { + if( initialized) { + bi_flush_memory(); + bi_free( bi_0); + bi_free( bi_1); + bi_free( bi_2); + initialized = 0; + } +} +void bi_flush_memory(void) { + node_t *current; + list_ptr list = allocs; + + if( list->head == NULL) return; // list is empty + else { + current = list->head; // go to first node + do { + LogDebug("[flush memory] free %lx\n", current->obj); + free( current->obj); + current = current->next; // traverse through the list + } while(current != NULL); // until current node is NULL + } + list_freeall( allocs); + allocs = list_new(); + if( allocs == NULL) { + LogError("malloc of list failed"); + return; + } +} + + +int bi_is_initialized(void) { + return initialized; +} + +#endif diff --git a/src/tspi/daa/big_integer/bi_openssl.c b/src/tspi/daa/big_integer/bi_openssl.c new file mode 100644 index 0000000..50ef030 --- /dev/null +++ b/src/tspi/daa/big_integer/bi_openssl.c @@ -0,0 +1,181 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2006 + * + */ + +#ifdef BI_OPENSSL + +#define INSIDE_LIB + +#include +#include +#include + +#include + +#include "tcslog.h" + +#undef INLINE_DECL +#define INLINE_DECL + +#include +#include + +BN_CTX *context; +static int initialized = 0; + +void * (*bi_alloc)(size_t size); + +/* return true if is a probably prime */ +INLINE_DECL int bi_is_probable_prime( const bi_ptr i) { + /* + * start tests using some small prime numbers. Continue by performing a Miller-Rabin + * probabilistic primality test with checks iterations, and with some iterations that + * yields a false positive rate of at most 2^-80 for random input. + * return: + * 0 if the number is composite + * 1 if it is prime with an error probability of less than 0.25^checks, and on error. + */ + return BN_is_prime_fasttest( i, BN_prime_checks, NULL, context, NULL, 1); +} + +/* := ( ^ ) mod */ +INLINE_DECL bi_ptr bi_mod_exp_si( bi_ptr result, const bi_ptr g, const bi_ptr e, const long m) { + bi_t bi_tmp; + + bi_new( bi_tmp); + BN_set_word( bi_tmp, m); +#ifdef BI_DEBUG + printf("[bi_mod_exp] (g=%s ^ e=%s) mod=%s\n", + BN_bn2dec( g), + BN_bn2dec( e), + BN_bn2dec( bi_tmp)); +#endif + BN_mod_exp( result, g, e, bi_tmp, context); // result := (g ^ e) mod bi_tmp9 +#ifdef BI_DEBUG + printf("[bi_mod_exp] res=%s\n", BN_bn2dec( result)); +#endif + bi_free( bi_tmp); + return result; +} + +/* multiple-exponentiation */ +/* := mod( Multi( i, i), number of byte ) with 0 <= i <= */ +bi_ptr bi_multi_mod_exp( bi_ptr result, + const int n, + const bi_t g[], + const long e[], + const int m +) { + BIGNUM *temp = BN_new(); + BIGNUM *bi_m = BN_new(); + BIGNUM *bi_e = BN_new(); + int i; + + BN_set_word( bi_m, m); + BN_set_word( bi_e, e[0]); + // result := (g[0] ^ e[0]) mod bi_m + BN_mod_exp( result, g[0], bi_e, bi_m, context); + for( i=1; i openssl lib\n"); + LogDebug("bi_init() -> seed status = %d\n", RAND_status()); + context = BN_CTX_new(); + if( RAND_status() != 1) { + LogError("! PRNG has not been seeded with enough data\n"); +#ifdef INTERACTIVE + printf("type some characters to regenerate a random seed\n"); + fflush(stdout); + int c, i=0, seed; + char str[2] = "a"; + while( RAND_status() !=1 ) { + c = fgetc(stdin); + time_t temps; + time( &temps); + seed += temps +( c << i); + i++; + str[0]=c; + RAND_seed( str, 1); + } +#endif + } + initialized = 1; +} + +void bi_release(void) { + if( initialized) { + bi_flush_memory(); + bi_free( bi_0); + bi_free( bi_1); + bi_free( bi_2); + BN_CTX_free( context); + initialized = 0; + } +} + +void bi_flush_memory(void) { + node_t *current; + list_ptr list = allocs; + + if( list->head == NULL) return; // list is empty + else { + current = list->head; // go to first node + do { + LogDebug("[flush memory] free %lx\n", (long)current->obj); + free( current->obj); + current = current->next; // traverse through the list + } while(current != NULL); // until current node is NULL + } + list_freeall( allocs); + allocs = list_new(); + if( allocs == NULL) { + LogError("malloc of list failed"); + return; + } +} + +int bi_is_initialized(void) { + return initialized; +} + +#endif diff --git a/src/tspi/daa/big_integer/test/Makefile.am b/src/tspi/daa/big_integer/test/Makefile.am new file mode 100644 index 0000000..d631c2a --- /dev/null +++ b/src/tspi/daa/big_integer/test/Makefile.am @@ -0,0 +1,9 @@ +bin_PROGRAMS = test + + +test_SOURCES=test.c multi_exp.c ../bi_gmp.c ../bi_openssl.c ../bi.c \ + ../../../include/bi.h ../../../include/bi_openssl.h ../../../include/bi_gmp.h +test_CFLAGS=-G + +# test_CFLAGS=-I../../../include -DBI_OPENSSL + diff --git a/src/tspi/daa/big_integer/test/multi_exp.c b/src/tspi/daa/big_integer/test/multi_exp.c new file mode 100644 index 0000000..2ff80fc --- /dev/null +++ b/src/tspi/daa/big_integer/test/multi_exp.c @@ -0,0 +1,29 @@ +#include + +#include + +// use standard C definition to avoid .h +int test_exp_multi(void) { + bi_t result; + bi_t g[3]; + unsigned long e[3]; + + bi_new( result); + bi_new( g[0]); + bi_new( g[1]); + bi_new( g[2]); + // result = (2^2 * 5^4 * 7^7) mod 56 -> should give 28 + bi_set_as_dec( g[0], "2"); + bi_set_as_dec( g[1], "5"); + bi_set_as_dec( g[2], "7"); + e[0] = 2L; + e[1] = 4L; + e[2] = 7L; + bi_multi_mod_exp( result, 3, g, e, 56); + printf("multi-exponentiation =%s\n", bi_2_dec_char(result)); + bi_free( g[0]); + bi_free( g[1]); + bi_free( g[2]); + bi_free( result); + return 0; +} diff --git a/src/tspi/daa/big_integer/test/test.c b/src/tspi/daa/big_integer/test/test.c new file mode 100644 index 0000000..4cc3a7f --- /dev/null +++ b/src/tspi/daa/big_integer/test/test.c @@ -0,0 +1,296 @@ +#include +#include +#include +#include + +#include + +/* for the logging system used by TSS */ +setenv("TCSD_FOREGROUND", "1", 1); + + /* + * standard bit length extension to obtain a uniformly distributed number + * [0,element] + */ +int test_exp_multi(void); + +void foo (bi_t result, const bi_ptr param, unsigned long n) { + unsigned long i; + + bi_set( result, param); + bi_mul_si( result, result, n); + for (i = 1; i < n; i++) bi_add_si( result, result, i*7); +} + +void *my_malloc(size_t size) { + void *ret = malloc( size); + + printf("my_malloc() -> %ld\n", (long)ret); + return ret; +} + + /** + * Returns a random number in the range of [0,element-1]. + * + * @param element + * the upper limit + * @param random + * the secure random source + * @return the random number + */ +void computeRandomNumber(bi_t res, const bi_ptr element) { + int length = 80 + bi_length( res); // give the length + bi_urandom( res, length); // res = random( of length); + int element_length = bi_length( element); + bi_mod_si( res, res, element_length); // res = res mod +} + +int main (int argc, char **argv) { + bi_t bi_tmp, bi_tmp1, bi_tmp2, bi_tmp3, bi_tmp4, bi_tmp5, bi_tmp6; + bi_t r; + bi_t n; + int i; + unsigned char result1[5]; + int len; + char *byte_array; + FILE *file; + unsigned char ret[] = { (unsigned char)1, 0, (unsigned char)254 }; + int length; + unsigned char *buffer; + unsigned char byte; + bi_ptr nn; + + bi_init( &my_malloc); + printf("test(%s,%s)\n", __DATE__, __TIME__); + #ifdef BI_GMP + printf("using BMP\n"); + #endif + #ifdef BI_OPENSSL + printf("using OPENSSL\n"); + #endif + + bi_new( bi_tmp); + bi_new( bi_tmp1); + bi_new( bi_tmp2); + bi_new( bi_tmp3); + bi_new( bi_tmp4); + bi_new( bi_tmp5); + bi_new( bi_tmp6); + bi_new( n); + bi_new( r); + bi_set_as_hex( n, "75E8F38669C531EB78C7ACD62CCDEFFB5E5BE15E2AA55B3AD28B1A35F6E937097CE09A49C689AC335FBA669205CEF209275CFF273F8F81C5B864E5029EECDFA0743BC15D6E4D2C2CB0DED2DC7119A7E0D61669D417BB3B12BA1D10FD40326A49CA6C9E77F8585F25D8C897D9C73284152E103582C018C964F02ADDBA56CB1161A949AAE2847ADE8BC1152716C8B4AF37A87011C2569F646FD3EDA83099048B9525A6401C47A372F3EA43C91066AD5851AE11DEF1EAC7108FFB06AD94D0B849C339A5E8793C4C054456D3D22D30ACCCF7EF33EF7A7D65799E7908D95B0538A9EFC91BF104CE5008D79625394DB1E5883B2F202B95320BBD868BF65C996FC0DFC5"); + bi_set_as_hex( r, "35A624E6607CFD37162C6052547450B2267ECC749F10CDAEB5C294491321EEB47CA0229F423ADCEF3FA7806F5C4DB3C3445D8E7039EBC457149A1343BECF3B1078385C06EE74351A476BE0D5203633C81F7B8D68548DB763F0C096B20615B6016C180291EF32CC064A173BB22F6B46B3240ACC0B50D8338757FA28D5B0313BC4201CD2B35472842E71994C8FCA557B08004B2495304D13A93D796134BB8078E2EE371707DE5809D72474A7CCE1F865ECD8876105D3DB9AFA9426052D0120C755C60F56A0C0F30FAED2053CEB3129FAB6F57F6E209A8E7B2A559D734B339E19E1F2A147BC94DB2FF491CB5ACCEEEED7F2EA75AFF7CAD33E1E420A09135D9C5C1F"); + DUMP_BI( n); + DUMP_BI( r); + printf("big number n=n*r\n"); + bi_mul( n, n, r); + DUMP_BI( n); + bi_set_as_hex( r, "D7E7028DA181DADAC29C95143C865702453465115AFA7576AADF1E57DD84DA7FF4C8F66530D1E9D1AB69BC12342B89FA0A9755F9F4EE1DA445D50016CEF50622ED905CC9B987FCC7910CAA841641814C1994BC442A15CB05FE5C145626F1454E90435FBC6A529856EF29BDBCBFCB62FB69EDBD11DC33357667867278E1679EABCDBEEA02E9A6911804DF47ACA6B2D63A31E258AD542D71A8178A5E072F5E221EADBB10E16D5533AE427101FF94C5967575FABCD18305C5F15C103CEA1A8ACD01898E88426EDA7C0DF58AA48435808A840F6EEE1D7205D33F356E20FE0D4136B401BF386F11869C3CE4A808B96435694748EF3706F58756548A71E4CF4D2BE157"); + bi_mod( n, n, r); + printf("mod big number n=n mod r\n"); + DUMP_BI( n); + if( bi_get_si( bi_set_as_si( n, 13)) != 13) { + printf("!!! bi_set_as_si 13(%s) = 13\n", bi_2_dec_char( n )); + exit(-1); + } + if( bi_get_si( bi_set_as_si( n, -13)) != -13) { + printf("!!! bi_set_as_si -13(%s) = -13\n", bi_2_dec_char( n )); + exit(-1); + } + if( bi_get_si( bi_inc(bi_set_as_si( n, 13))) != 14) { + puts("!!! bi_inc 13++ = 14\n"); + exit(-1); + } + if( bi_get_si( bi_dec(bi_set_as_si( n, 13))) != 12) { + puts("!!! bi_dec 13-- = 12\n"); + exit(-1); + } + if( bi_get_si( bi_setbit(bi_set_as_si( n, 0), 10)) != 1024) { + puts("!!! bi_setbit set[10] = 1024\n"); + exit(-1); + } + if( bi_get_si( bi_mod_si(bi_tmp, bi_set_as_si( n, 12), 10)) != 2) { + puts("!!! bi_mod_si 12 mod 10 = 2\n"); + exit(-1); + } + if( bi_get_si( bi_mul_si(bi_tmp, bi_set_as_si( n, 12), 10)) != 120) { + puts("!!! bi_mul_si 12 * 10 = 120\n"); + exit(-1); + } + if( bi_get_si( bi_mul(bi_tmp, bi_set_as_si( n, 12), bi_set_as_si( bi_tmp1, 10))) != 120) { + puts("!!! bi_mul_si 12 * 10 = 120\n"); + exit(-1); + } + if( bi_get_si( bi_mod_exp_si(bi_tmp, bi_set_as_si( bi_tmp1, 4), bi_2, 10)) != 6) { + puts("!!! bi_mod_exp_si 4 ^ 2 mod 10 = 6\n"); + exit(-1); + } + if( bi_get_si( bi_mod_exp(bi_tmp, bi_set_as_si( bi_tmp1, 4), bi_2, bi_set_as_si( bi_tmp2, 10))) != 6) { + puts("!!! bi_mod_exp 4 ^ 2 mod 10 = 6\n"); + exit(-1); + } + if( bi_get_si( bi_mod(bi_tmp, bi_set_as_si( n, 12), bi_set_as_si(bi_tmp1, 10))) != 2) { printf("!!! bi_mod 12 mod 10 = 2 [%s]\n",bi_2_dec_char( bi_tmp)); exit(-1); } + if( bi_get_si( bi_mod(bi_tmp, bi_set_as_si( n, -12), bi_set_as_si(bi_tmp1, 10))) != 8) { printf("!!! bi_mod -12 mod 10 = 8 [%s]\n",bi_2_dec_char( bi_tmp)); exit(-1); } + if( bi_get_si( bi_mod(bi_tmp, bi_set_as_si( n, -27), bi_set_as_si(bi_tmp1, 10))) != 3) { printf("!!! bi_mod -27 mod 10 = 3 [%s]\n",bi_2_dec_char( bi_tmp)); exit(-1); } + bi_set_as_si(n, 0x12345678); + bi_2_byte_array( result1, 5, n); + if( result1[0] != 0x00 || result1[1] != 0x12 || result1[2] != 0x34 || result1[3] != 0x56 || result1[4] != 0x78 ) { + printf("!!! bi_2_byte_array[0x123456578] [0]=%x [1]=%x [2]=%x [3]=%x [4]=%x \n", result1[0], result1[1], result1[2], result1[3], result1[4]); + exit( -1); + } + byte_array = retrieve_byte_array( &len, "12345"); + printf("test dump_byte_array len=%d \n", len); + printf("test dump_byte_array(\"12345\")=%s\n", dump_byte_array( len, byte_array)); + free( byte_array); + byte_array = retrieve_byte_array( &len, "12345678"); + printf("test dump_byte_array len=%d \n", len); + printf("test dump_byte_array(\"12345678\")=%s\n", dump_byte_array( len, byte_array)); + + // test save end load of bi_t and bi_array + ///////////////////////////////////////////////////////////////////////////////////// + bi_array result; + bi_new_array( result, 2); + bi_set_as_si( bi_tmp, 6); + bi_set_as_si( result->array[0], 314159); + bi_set_as_si( result->array[1], 123456789); + file = fopen("/tmp/test.todel", "w"); + bi_save_array( result, "result", file); + bi_save( bi_tmp, "bi_tmp", file); + fclose( file); + bi_set_as_si( result->array[0], 0); + bi_set_as_si( result->array[1], 0); + bi_set_as_si( bi_tmp, 0); + file = fopen("/tmp/test.todel", "r"); + bi_load_array( result, file); + bi_load( bi_tmp, file); + fclose( file); + if( bi_get_si( result->array[0]) != 314159) { puts("!!! save/load array[0] = 314159\n"); exit(-1); } + if( bi_get_si( result->array[1]) != 123456789) { puts("!!! save/load array[1] = 123456789\n"); exit(-1); } + if( bi_get_si( bi_tmp) != 6) { puts("!!! save/load bi_tmp = 6\n"); exit(-1); } + + // conversion from bi_t 2 big endian BYTE* + ///////////////////////////////////////////////////////////////////////////////////// + bi_set_as_si( n, 254+(1 << 16)); + buffer = bi_2_nbin( &length, n); + printf("value 2 convert=%s length=%ld\n", bi_2_hex_char( n), bi_nbin_size( n)); + for( i=0; i> 5 = %s\n", bi_2_dec_char( bi_shift_right(bi_tmp, bi_shift_left(bi_tmp1, n, 10), 5))); + bi_set_as_si(n, 1); + printf("[* (1 << 10) >> 5 *] = (2^10) / (2^5) -> %s\n", bi_2_dec_char( bi_shift_right( bi_tmp, ( bi_shift_left( bi_tmp1, n, 10)), 5))); + bi_set_as_si( n, 10); + printf(" (2^10) = %s\n", bi_2_dec_char( bi_mod_exp_si( bi_tmp, bi_2, n, 2000))); + printf(" (1<<5) = %s\n", bi_2_dec_char( bi_shift_left( bi_tmp, bi_set_as_si( bi_tmp1, 1), 5))); + printf(" 1024 / 500 = %s\n", bi_2_dec_char( bi_div( bi_tmp, bi_set_as_si( bi_tmp1, 1024), bi_set_as_si( bi_tmp2, 500)))); + printf(" 1024 / 500 = %s\n", bi_2_dec_char( bi_div_si( bi_tmp, bi_set_as_si( bi_tmp1, 1024), 500))); + printf(" (1 << 10) >> 5 = [* (2^10) / (2^5) *] -> %s\n", bi_2_dec_char( bi_div( bi_tmp1, + bi_mod_exp_si( bi_tmp2, bi_2, bi_set_as_si( bi_tmp3, 10), 2000), + bi_mod_exp_si( bi_tmp4, bi_2, bi_set_as_si( bi_tmp5, 5), 2000) ))); + + printf("(1 << 10) >> 5 = (2^10) / (1<<5) -> %d\n", bi_equals( bi_shift_right( bi_tmp, ( bi_shift_left( bi_tmp1, bi_1, 10)), 5), + bi_div( bi_tmp2, + bi_mod_exp_si( bi_tmp3, bi_2, bi_set_as_si( bi_tmp4, 10), 2000), + bi_mod_exp_si( bi_tmp5, bi_2, bi_set_as_si( bi_tmp6, 5), 2000)))); + printf("( 45 ^ -5 ) %% 10 == ( 1 / ( (45 ^ 5) %% 10) ) %% 10\n"); + bi_set_as_si( bi_tmp, 45); + bi_set_as_si( bi_tmp1, 5); + // bi_negate( bi_tmp1); + bi_set_as_si( bi_tmp2, 10); + bi_mod_exp( bi_tmp3, bi_tmp, bi_tmp1, bi_tmp2); + bi_set_as_si( bi_tmp1, 5); + bi_mod_exp( bi_tmp4, bi_tmp, bi_tmp1, bi_tmp2); + printf("\t( 45 ^ -5 ) %% 10 = %s\n", bi_2_dec_char( bi_tmp3)); + printf("\t( 1 / ( (45 ^ 5) %% 10) ) %% 10 = %s\n", bi_2_dec_char( bi_tmp4)); + if( bi_equals( bi_tmp3, bi_tmp4) == 0) { + printf("!!! error !\n"); + exit( -1); + } + for( i=0; i<5; i++) { + bi_generate_prime( bi_tmp, 1024); + printf("bi=%s\n", bi_2_hex_char( bi_tmp)); + printf("bi.length=%ld \n", bi_length( bi_tmp)); + if( bi_length( bi_tmp) != 1024) { puts("!!! length(random(1024)) != 1024\n"); exit(-1); } + } + bi_set_as_si(n, 0); + bi_setbit( n, 10); + printf("setbit(10) = %s\n", bi_2_dec_char( n)); + bi_set_as_dec(n, "123456"); + foo( r, n, 20L); + printf("TEST:%s\n", bi_2_dec_char( r)); + bi_urandom( n, 1024); + bi_urandom( r, 1024); + computeRandomNumber( r, n); + printf("r:%s n:%s\n", bi_2_hex_char( r), bi_2_hex_char( n)); + bi_generate_prime( r, 1024); + printf("prime:%s\nIs probable prime:%d\n", bi_2_hex_char( r), bi_is_probable_prime( r)); + int error = bi_invert_mod( r, r, n); + printf("Invert mod return:%d\nInvert(r):%s\n", error, bi_2_hex_char( r)); + bi_negate( r); + printf("negate(r):%s\n", bi_2_hex_char( r)); + bi_generate_safe_prime( r, 128); + bi_sub_si( n, r, 1); // n= r - 1 + bi_shift_right( n, n, 1); // n = n / 2 + printf("safe prime(r):%s probable_prime:%d\n", bi_2_hex_char( r), bi_is_probable_prime( r)); + printf("safe prime( (r-1)/2):%s probable_prime:%d\n", bi_2_hex_char( n), bi_is_probable_prime( n)); + test_exp_multi(); + bi_free( r); + bi_free( n); + + bi_set_as_si( result->array[0], 1); + printf("result-> 1<<20:%s\n", bi_2_dec_char( bi_shift_left( result->array[0], result->array[0], 20))); + bi_set_as_si( result->array[1], 1); + printf("result1-> 1<<10:%s\n", bi_2_dec_char( bi_shift_right( result->array[1], result->array[0], 10))); + // copy arrays + bi_array new_result; bi_new_array2( new_result, 4); + bi_new_array2( new_result, 4); + bi_copy_array( result, 0, new_result, 0, 2); + bi_copy_array( result, 0, new_result, 2, 2); + for( i = 0; i<4; i++) { + printf("new_result[%d]-> [even-> 1<<20] [odd-> 1<<10] :%s\n", i, bi_2_dec_char( new_result->array[i])); + } + + bi_free( bi_tmp); + bi_free( bi_tmp1); + bi_free( bi_tmp2); + bi_free( bi_tmp3); + bi_free( bi_tmp4); + bi_free( bi_tmp5); + bi_free( bi_tmp6); + bi_release(); + printf("THE END [%s,%s]\n", __DATE__, __TIME__); + fflush(stdout); + return 0; + +} + diff --git a/src/tspi/daa/daa_anonymityrevocation/csencryption_result.c b/src/tspi/daa/daa_anonymityrevocation/csencryption_result.c new file mode 100644 index 0000000..9750e7e --- /dev/null +++ b/src/tspi/daa/daa_anonymityrevocation/csencryption_result.c @@ -0,0 +1,211 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2006 + * + */ + +#include "daa_parameter.h" +#include "daa_structs.h" +#include "anonymity_revocation.h" +#include "verifier.h" +#include "tsplog.h" + +CS_ENCRYPTION_RESULT *create_CS_ENCRYPTION_RESULT( + bi_ptr c1, + bi_ptr c2, + bi_ptr c3, + bi_ptr c4 +) { + CS_ENCRYPTION_RESULT *result = + (CS_ENCRYPTION_RESULT *)malloc( sizeof(CS_ENCRYPTION_RESULT)); + + if (result == NULL) { + LogError("malloc of %d bytes failed", sizeof(CS_ENCRYPTION_RESULT)); + return NULL; + } + result->c1 = c1; + result->c2 = c2; + result->c3 = c3; + result->c4 = c4; + return result; +} + +CS_ENCRYPTION_RESULT_RANDOMNESS *create_CS_ENCRYPTION_RESULT_RANDOMNESS( + CS_ENCRYPTION_RESULT *cs_encryption_result, + bi_ptr randomness +) { + CS_ENCRYPTION_RESULT_RANDOMNESS *result = + (CS_ENCRYPTION_RESULT_RANDOMNESS *) + malloc(sizeof(CS_ENCRYPTION_RESULT_RANDOMNESS)); + + if (result == NULL) { + LogError("malloc of %d bytes failed", + sizeof(CS_ENCRYPTION_RESULT_RANDOMNESS)); + return NULL; + } + result->randomness = randomness; + result->result = cs_encryption_result; + return result; +} + +bi_ptr compute_u( const EVP_MD *digest, + const bi_ptr c1, + const bi_ptr c2, + const bi_ptr c3, + const BYTE *condition, + const int conditionLength +) { + BYTE *buffer, *bytes; + int c1_size = bi_nbin_size( c1); + int c2_size = bi_nbin_size( c2); + int c3_size = bi_nbin_size( c3); + int index = 0; + int length; + bi_ptr value; + int bufferLength = c1_size + c2_size + c3_size + conditionLength; + + buffer = (BYTE *)malloc( bufferLength); + if (buffer == NULL) { + LogError("malloc of %d bytes failed", bufferLength); + return NULL; + } + bi_2_byte_array( &buffer[index], c1_size, c1); + index += c1_size; + bi_2_byte_array( &buffer[index], c2_size, c2); + index += c2_size; + bi_2_byte_array( &buffer[index], c3_size, c3); + index += c3_size; + memcpy( &buffer[index], condition, conditionLength); + index += conditionLength; + length = DAA_PARAM_LENGTH_MFG1_ANONYMITY_REVOCATION / 8; // 25 /8 + bytes = compute_bytes( bufferLength, buffer, length, digest); + if( bytes == NULL) return NULL; + value = bi_set_as_nbin( length, bytes); + free( bytes); + free( buffer); + return value; +} + +CS_ENCRYPTION_RESULT_RANDOMNESS* internal_compute_encryption_proof( + const bi_ptr msg, + const bi_ptr delta1, + const bi_ptr delta2, + const bi_ptr delta3, + const bi_ptr randomness, + const CS_PUBLIC_KEY *key, + const struct tdTSS_DAA_PK_internal *daa_key, + const BYTE *condition, + const int conditionLength, + const EVP_MD *digest +) { + bi_ptr modulus = daa_key->modulus; + bi_ptr gamma = daa_key->gamma; + bi_ptr c1 = bi_new_ptr( ); + bi_ptr c2 = bi_new_ptr( ); + bi_ptr c3 = bi_new_ptr( ); + bi_ptr c4; + bi_ptr exp; + bi_t bi_tmp; + bi_t bi_tmp1; + + bi_new( bi_tmp); + bi_new( bi_tmp1); + if( bi_cmp( msg, modulus) >= 0) { + LogError("IllegalArgument: msg to big for key size"); + bi_free_ptr( c1); + bi_free_ptr( c2); + bi_free_ptr( c3); + bi_free( bi_tmp); + bi_free( bi_tmp1); + return NULL; + } + bi_mod_exp( c1, gamma, randomness, modulus); + bi_mod_exp( c2, key->eta, randomness, modulus); + // c3=msg * (key->lambda3 ^ randomness) % mopdulus) + bi_mul( c3, msg, bi_mod_exp( bi_tmp, key->lambda3, randomness, modulus)); + bi_mod( c3, c3, modulus); // c3 = c3 % modulus + if( delta1 != NULL) { + if( !( delta2!=NULL && delta3!=NULL)) { + LogError("Illegal Arguments: delta2==NULL or delta3==NULL"); + bi_free_ptr( c1); + bi_free_ptr( c2); + bi_free_ptr( c3); + bi_free( bi_tmp); + bi_free( bi_tmp1); + return NULL; + } + exp = compute_u( digest, delta1, delta2, delta3, condition, conditionLength); + } else { + if( !( delta2==NULL && delta3==NULL)) { + LogError("Illegal Arguments: delta2!=NULL or delta3!=NULL"); + bi_free_ptr( c1); + bi_free_ptr( c2); + bi_free_ptr( c3); + bi_free( bi_tmp); + bi_free( bi_tmp1); + return NULL; + } + exp = compute_u( digest, c1, c2, c3, condition, conditionLength); + } + // exp = exp * randomness + bi_mul( exp, exp, randomness); + // exp = exp % daa_key->rho + bi_mod( exp, exp, daa_key->rho); + // bi_tmp = (key->lambda1 ^ randomness) % modulus + bi_mod_exp( bi_tmp, key->lambda1, randomness, modulus); + // bi_tmp1 = (key->lambda2 ^ exp) % modulus + bi_mod_exp( bi_tmp1, key->lambda2, exp, modulus); + c4 = bi_new_ptr(); + // c4 = bi_tmp * bi_tmp1 + bi_mul( c4, bi_tmp, bi_tmp1); + // c4 = c4 % modulus + bi_mod( c4, c4, modulus); + bi_free_ptr( exp); + bi_free( bi_tmp1); + bi_free( bi_tmp); + return create_CS_ENCRYPTION_RESULT_RANDOMNESS( + create_CS_ENCRYPTION_RESULT( c1, c2, c3, c4), + randomness); +} + +/* +Cramer-Shoup EncryptionProof +from com.ibm.zurich.tcg.daa.anonymityrevocation.CSEncryptionProof + */ +CS_ENCRYPTION_RESULT_RANDOMNESS *compute_ecryption_proof( + const bi_ptr msg, + const bi_ptr delta1, + const bi_ptr delta2, + const bi_ptr delta3, + const bi_ptr randomness, + const CS_PUBLIC_KEY *key, + const struct tdTSS_DAA_PK_internal *daa_key, + const BYTE *condition, + const int conditionLength, + const EVP_MD *digest +) { + if( delta1 == NULL || delta2 == NULL || delta3 == NULL) { + LogError("Illegal Argument: deltas (delta1:%ld delta2:%ld delta3:%ld)", + (long)delta1, (long)delta2, (long)delta3); + return NULL; + } + if( bi_cmp( randomness, daa_key->rho) >=0 || bi_cmp_si( randomness, 0) < 0) { + LogError("randomness >= rho || randomness < 0 \n\trandomness:%s\n\trho:%s\n", + bi_2_dec_char( randomness), bi_2_dec_char( daa_key->rho)); + return NULL; + } + return internal_compute_encryption_proof( msg, + delta1, + delta2, + delta3, + randomness, + key, + daa_key, + condition, + conditionLength, + digest); +} diff --git a/src/tspi/daa/daa_debug.c b/src/tspi/daa/daa_debug.c new file mode 100644 index 0000000..d39273b --- /dev/null +++ b/src/tspi/daa/daa_debug.c @@ -0,0 +1,294 @@ + + +/******************************************************************************************** +* KEY PAIR WITH PROOF +********************************************************************************************/ + +int +save_KEY_PAIR_WITH_PROOF(FILE *file, + KEY_PAIR_WITH_PROOF_internal *key_pair_with_proof) +{ + save_DAA_PK_internal( file, key_pair_with_proof->pk); + save_DAA_PRIVATE_KEY( file, key_pair_with_proof->private_key); + save_DAA_PK_PROOF_internal( file, key_pair_with_proof->proof); + + return 0; +} + +KEY_PAIR_WITH_PROOF_internal * +load_KEY_PAIR_WITH_PROOF(FILE *file) +{ + KEY_PAIR_WITH_PROOF_internal *key_pair_with_proof = + (KEY_PAIR_WITH_PROOF_internal *)malloc(sizeof(KEY_PAIR_WITH_PROOF_internal)); + + key_pair_with_proof->pk = load_DAA_PK_internal(file); + key_pair_with_proof->private_key = load_DAA_PRIVATE_KEY(file); + key_pair_with_proof->proof = load_DAA_PK_PROOF_internal(file); + + return key_pair_with_proof; +} + +int +save_DAA_PK_internal(FILE *file, const TSS_DAA_PK_internal *pk_internal) +{ + char *buffer; + + LogDebug("-> save_DAA_PK_internal"); + + BI_SAVE( pk_internal->modulus, file); + BI_SAVE( pk_internal->capitalS, file); + BI_SAVE( pk_internal->capitalZ, file); + BI_SAVE( pk_internal->capitalR0, file); + BI_SAVE( pk_internal->capitalR1, file); + BI_SAVE( pk_internal->gamma, file); + BI_SAVE( pk_internal->capitalGamma, file); + BI_SAVE( pk_internal->rho, file); + BI_SAVE_ARRAY( pk_internal->capitalRReceiver, file); + BI_SAVE_ARRAY( pk_internal->capitalRIssuer, file); + fprintf( file, "%d\n", pk_internal->issuerBaseNameLength); + buffer = (char *)malloc( pk_internal->issuerBaseNameLength + 1); + memcpy( buffer, pk_internal->issuerBaseName, pk_internal->issuerBaseNameLength); + buffer[ pk_internal->issuerBaseNameLength] = 0; + fprintf( file, "%s\n", buffer); + free( buffer); + + LogDebug("<- save_DAA_PK_internal"); + + return 0; +} + +TSS_DAA_PK_internal * +load_DAA_PK_internal(FILE *file) +{ + TSS_DAA_PK_internal *pk_internal = + (TSS_DAA_PK_internal *)malloc(sizeof(TSS_DAA_PK_internal)); + char *read_buffer; + + pk_internal->modulus = bi_new_ptr(); + BI_LOAD( pk_internal->modulus, file); + pk_internal->capitalS = bi_new_ptr(); + BI_LOAD( pk_internal->capitalS, file); + pk_internal->capitalZ = bi_new_ptr(); + BI_LOAD( pk_internal->capitalZ, file); + pk_internal->capitalR0 = bi_new_ptr(); + BI_LOAD( pk_internal->capitalR0, file); + pk_internal->capitalR1 = bi_new_ptr(); + BI_LOAD( pk_internal->capitalR1, file); + pk_internal->gamma = bi_new_ptr(); + BI_LOAD( pk_internal->gamma, file); + pk_internal->capitalGamma = bi_new_ptr(); + BI_LOAD( pk_internal->capitalGamma, file); + pk_internal->rho = bi_new_ptr(); + BI_LOAD( pk_internal->rho, file); + pk_internal->capitalRReceiver = ALLOC_BI_ARRAY(); + BI_LOAD_ARRAY( pk_internal->capitalRReceiver, file); + pk_internal->capitalRIssuer = ALLOC_BI_ARRAY(); + BI_LOAD_ARRAY( pk_internal->capitalRIssuer, file); + pk_internal->capitalY = ALLOC_BI_ARRAY(); + populate_capitalY( pk_internal); + pk_internal->issuerBaseNameLength = read_int( file); + read_buffer = read_str( file); + pk_internal->issuerBaseName = malloc( pk_internal->issuerBaseNameLength); + memcpy( pk_internal->issuerBaseName, read_buffer, pk_internal->issuerBaseNameLength); + compute_capitalSprime( pk_internal); + return pk_internal; +} + +int +save_DAA_PK_PROOF_internal(FILE *file, TSS_DAA_PK_PROOF_internal *proof) +{ + int i; + +#ifdef DAA_DEBUG + printf("save_DAA_PK_PROOF_internal"); +#endif + fprintf(file, "%d # %s.length\n", proof->length_challenge, "challenge"); + fprintf(file, "%s\n", dump_byte_array( proof->length_challenge, + proof->challenge)); + fprintf(file, "%d # %s.length\n", proof->length_response, "response"); + for (i = 0; i < proof->length_response; i++) { + BI_SAVE_ARRAY( proof->response[i], file); + } + + return 0; +} + +/* load using */ +/* allocation of: */ +/* proof->challenge (BYTE*) */ +/* response (bi_array_ptr) */ +TSS_DAA_PK_PROOF_internal * +load_DAA_PK_PROOF_internal(FILE *file) +{ + TSS_DAA_PK_PROOF_internal *proof = + (TSS_DAA_PK_PROOF_internal *)malloc(sizeof(TSS_DAA_PK_PROOF_internal)); + char *read_buffer; + int i; + +#ifdef DAA_DEBUG + printf("load_DAA_PK_PROOF_internal"); +#endif + proof->length_challenge = read_int( file); + read_buffer = read_str( file); + proof->challenge = retrieve_byte_array( &(proof->length_challenge),read_buffer); + proof->length_response = read_int( file); + proof->response = (bi_array_ptr *)malloc( sizeof(bi_array_ptr) * proof->length_response); + for (i = 0; i < proof->length_response; i++) { + proof->response[i] = ALLOC_BI_ARRAY(); + BI_LOAD_ARRAY( proof->response[i], file); + } + return proof; +} + +TSS_DAA_CRED_ISSUER * +load_TSS_DAA_CRED_ISSUER(FILE *file) +{ + TSS_DAA_CRED_ISSUER *credential = + (TSS_DAA_CRED_ISSUER *)malloc(sizeof(TSS_DAA_CRED_ISSUER)); + char *read_buffer; + int i, len; + + init_tss_version( credential); + credential->capitalALength = read_int( file); + read_buffer = read_str( file); + credential->capitalA = retrieve_byte_array( &(credential->capitalALength), + read_buffer); + credential->eLength = read_int( file); + read_buffer = read_str( file); + credential->e = retrieve_byte_array( &(credential->eLength),read_buffer); + credential->vPrimePrimeLength = read_int( file); + read_buffer = read_str( file); + credential->vPrimePrime = retrieve_byte_array(&(credential->vPrimePrimeLength), + read_buffer); + // attributes issuer + credential->attributesIssuerLength = read_int( file); + credential->attributesIssuer = malloc(credential->attributesIssuerLength*sizeof(BYTE*)); + for( i=0; i < (int)credential->attributesIssuerLength; i++) { + credential->attributesIssuer[i] = retrieve_byte_array( &len, read_buffer); + } + credential->cPrimeLength = read_int( file); + read_buffer = read_str( file); + credential->cPrime = retrieve_byte_array( &(credential->cPrimeLength),read_buffer); + credential->sELength = read_int( file); + read_buffer = read_str( file); + credential->sE = retrieve_byte_array( &(credential->sELength),read_buffer); + return credential; +} + +int +save_TSS_DAA_CRED_ISSUER(FILE *file, TSS_DAA_CRED_ISSUER *credential) +{ + int i; + + fprintf(file, "%d # %s.length\n", credential->capitalALength, "capitalA"); + fprintf(file, "%s\n", dump_byte_array( credential->capitalALength, + credential->capitalA)); + fprintf(file, "%d # %s.length\n", credential->eLength, "e"); + fprintf(file, "%s\n", dump_byte_array( credential->eLength, + credential->e)); + fprintf(file, "%d # %s.length\n", credential->vPrimePrimeLength, "vPrimePrime"); + fprintf(file, "%s\n", dump_byte_array( credential->vPrimePrimeLength, + credential->vPrimePrime)); + fprintf(file, "%d # %s\n", credential->attributesIssuerLength, "attributesIssuerLength"); + for( i=0; i < (int)credential->attributesIssuerLength; i++) { + fprintf(file, "%s\n", dump_byte_array( DAA_PARAM_SIZE_F_I / 8, + credential->attributesIssuer[i])); + + } + fprintf(file, "%d # %s.length\n", credential->cPrimeLength, "cPrime"); + fprintf(file, "%s\n", dump_byte_array( credential->cPrimeLength, + credential->cPrime)); + fprintf(file, "%d # %s.length\n", credential->sELength, "sE"); + fprintf(file, "%s\n", dump_byte_array( credential->sELength, + credential->sE)); + return 0; +} + +TSS_DAA_CREDENTIAL * +load_TSS_DAA_CREDENTIAL(FILE *file) +{ + TSS_DAA_CREDENTIAL *credential = + (TSS_DAA_CREDENTIAL *)malloc(sizeof(TSS_DAA_CREDENTIAL)); + char *read_buffer; + int i, len; + TSS_DAA_PK_internal *pk_internal; + TSS_DAA_PK *pk; + + init_tss_version( credential); + credential->capitalALength = read_int( file); + read_buffer = read_str( file); + credential->capitalA = retrieve_byte_array( &(credential->capitalALength), + read_buffer); + credential->exponentLength = read_int( file); + read_buffer = read_str( file); + credential->exponent = retrieve_byte_array( &(credential->exponentLength), + read_buffer); + credential->vBar0Length = read_int( file); + read_buffer = read_str( file); + credential->vBar0 = retrieve_byte_array(&(credential->vBar0Length), + read_buffer); + credential->vBar1Length = read_int( file); + read_buffer = read_str( file); + credential->vBar1 = retrieve_byte_array(&(credential->vBar1Length), + read_buffer); + // attributes issuer + credential->attributesLength = read_int( file); + printf("attributesLength=%d\n", credential->attributesLength); + credential->attributes = malloc(credential->attributesLength * sizeof( BYTE *)); + for( i=0; i < (int)credential->attributesLength; i++) { + read_buffer = read_str( file); + credential->attributes[i] = retrieve_byte_array( &len, read_buffer); + if( len != DAA_PARAM_SIZE_F_I / 8) { + LogError("Error when parsing attributes"); + LogError("\tattribute length:%d", len); + LogError("\texpected length:%d", DAA_PARAM_SIZE_F_I / 8); + return NULL; + } + } + pk_internal = load_DAA_PK_internal( file); + pk = i_2_e_TSS_DAA_PK( pk_internal, &normal_malloc, (TSS_HOBJECT)NULL); + memcpy( &(credential->issuerPK), pk, sizeof(TSS_DAA_PK)); + free( pk); + free_TSS_DAA_PK_internal( pk_internal); + credential->tpmSpecificEncLength = read_int( file); + read_buffer = read_str( file); + credential->tpmSpecificEnc = retrieve_byte_array( &(credential->tpmSpecificEncLength), + read_buffer); + credential->daaCounter = read_int( file); + return credential; +} + +int +save_TSS_DAA_CREDENTIAL(FILE *file, + TSS_DAA_CREDENTIAL *credential) +{ + int i; + TSS_DAA_PK_internal *pk_internal; + + fprintf(file, "%d # %s.length\n", credential->capitalALength, "capitalA"); + fprintf(file, "%s\n", dump_byte_array( credential->capitalALength, + credential->capitalA)); + fprintf(file, "%d # %s.length\n", credential->exponentLength, "exponent"); + fprintf(file, "%s\n", dump_byte_array( credential->exponentLength, + credential->exponent)); + fprintf(file, "%d # %s.length\n", credential->vBar0Length, "vBar0"); + fprintf(file, "%s\n", dump_byte_array( credential->vBar0Length, + credential->vBar0)); + fprintf(file, "%d # %s.length\n", credential->vBar1Length, "vBar1"); + fprintf(file, "%s\n", dump_byte_array( credential->vBar1Length, + credential->vBar1)); + fprintf(file, "%d # %s\n", credential->attributesLength, "attributesLength"); + for( i=0; i < (int)credential->attributesLength; i++) { + fprintf(file, "%s\n", dump_byte_array( DAA_PARAM_SIZE_F_I / 8, + credential->attributes[i])); + } + pk_internal = e_2_i_TSS_DAA_PK( &(credential->issuerPK) ); + save_DAA_PK_internal( file, pk_internal); + free_TSS_DAA_PK_internal( pk_internal); + fprintf(file, "%d # %s.length\n", credential->tpmSpecificEncLength, "tpmSpecificEnc"); + fprintf(file, "%s\n", dump_byte_array( credential->tpmSpecificEncLength, + credential->tpmSpecificEnc)); + fprintf(file, "%d # daaCounter\n", credential->daaCounter); + return 0; +} + diff --git a/src/tspi/daa/daa_debug.h b/src/tspi/daa/daa_debug.h new file mode 100644 index 0000000..368dd3d --- /dev/null +++ b/src/tspi/daa/daa_debug.h @@ -0,0 +1,66 @@ + +/******************************************************************************************** + * KEY PAIR WITH PROOF + ********************************************************************************************/ + +typedef struct tdKEY_PAIR_WITH_PROOF_internal { + TSS_DAA_PK_internal *pk; + DAA_PRIVATE_KEY_internal *private_key; + TSS_DAA_PK_PROOF_internal *proof; +} KEY_PAIR_WITH_PROOF_internal; + +int save_KEY_PAIR_WITH_PROOF( + FILE *file, + KEY_PAIR_WITH_PROOF_internal *key_pair_with_proof +); + +KEY_PAIR_WITH_PROOF_internal *load_KEY_PAIR_WITH_PROOF( + FILE *file +); + +TSS_DAA_KEY_PAIR *get_TSS_DAA_KEY_PAIR( + KEY_PAIR_WITH_PROOF_internal *key_pair_with_proof, + void * (*daa_alloc)(size_t size, TSS_HOBJECT object), + TSS_HOBJECT param_alloc +); + + +int save_DAA_PK_internal( + FILE *file, + const TSS_DAA_PK_internal *pk_internal +); + +TSS_DAA_PK_internal *load_DAA_PK_internal( + FILE *file +); + +int save_DAA_PRIVATE_KEY( + FILE *file, + const DAA_PRIVATE_KEY_internal *private_key +); + +DAA_PRIVATE_KEY_internal *load_DAA_PRIVATE_KEY( + FILE *file +); + +int save_DAA_PK_PROOF_internal( + FILE *file, + TSS_DAA_PK_PROOF_internal *pk_internal +); + +TSS_DAA_PK_PROOF_internal *load_DAA_PK_PROOF_internal( + FILE *file +); + +TSS_DAA_CRED_ISSUER *load_TSS_DAA_CRED_ISSUER( FILE *file); + +int save_TSS_DAA_CRED_ISSUER( FILE *file, TSS_DAA_CRED_ISSUER *credential); + +TSS_DAA_CREDENTIAL *load_TSS_DAA_CREDENTIAL( FILE *file); + +int save_TSS_DAA_CREDENTIAL( + FILE *file, + TSS_DAA_CREDENTIAL *credential +); + + diff --git a/src/tspi/daa/daa_issuer/issue_credential.c b/src/tspi/daa/daa_issuer/issue_credential.c new file mode 100644 index 0000000..0602dcb --- /dev/null +++ b/src/tspi/daa/daa_issuer/issue_credential.c @@ -0,0 +1,787 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2006 + * + */ + + +#include +#include +#include + +// for message digest +#include + +#include +#include "daa_structs.h" +#include "daa_parameter.h" +#include "trousers/tss.h" +#include "spi_internal_types.h" +#include "spi_utils.h" +#include +#include +#include +#include "tsplog.h" +#include "tss/tcs.h" +#include "platform.h" +// to include compute_zeta +#include "verifier.h" + +// from UBigInteger (computePrime) +// remark: the type bi_t (bi_ptr) can not used a certaintity for probable_prime +// as used in UbigInteger. (certaintity: DAA_PARAM_SAFETY) +void compute_prime( bi_ptr e, int length, int interval) { + do { + bi_urandom( e, interval - 1); + bi_setbit( e, length - 1); + } while( bi_is_probable_prime( e) == 0); +} + +/* + code derived from verifyAuthenticity (IssuerTransaction.java) +*/ +TSS_RESULT verify_authentificity(TSS_DAA_CREDENTIAL_REQUEST *credentialRequest, + TSS_DAA_JOIN_ISSUER_SESSION *joinSession) { + EVP_MD_CTX mdctx; + BYTE *modulus_N0_bytes; + BYTE *digest_n0; + BYTE *contextHash; + BYTE *capitalUPrime_bytes; + BYTE *hash; + UINT32 digest_n0Length, contextHashLength, hashLength, daaCount; + bi_ptr capitalUPrime =NULL; + bi_ptr modulus_N0 = NULL; + TSS_RESULT result = TSS_SUCCESS; + char *buffer; + + modulus_N0 = bi_new_ptr(); + buffer = BN_bn2hex( ((RSA *)joinSession->issuerAuthPK)->n); + if( buffer == NULL) { + LogError("malloc of hexadecimal representation failed"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_set_as_hex( modulus_N0, buffer); + // in TPM, N0 is hashed by hashing the scratch (256 bytes) so it must + // be formatted according to the scratch size (TPM_DAA_SIZE_issuerModulus) + modulus_N0_bytes = (BYTE *)malloc( TPM_DAA_SIZE_issuerModulus); + if (modulus_N0_bytes == NULL) { + LogError("malloc of %d bytes failed", TPM_DAA_SIZE_issuerModulus); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_2_byte_array( modulus_N0_bytes, TPM_DAA_SIZE_issuerModulus, modulus_N0); + bi_free_ptr( modulus_N0); + + if( TPM_DAA_SIZE_issuerModulus * 8 != DAA_PARAM_KEY_SIZE) { + LogError("TPM_DAA_SIZE_issuerModulus * 8 (%d) != DAA_PARAM_KEY_SIZE(%d)", + TPM_DAA_SIZE_issuerModulus*8, DAA_PARAM_KEY_SIZE); + return TSS_E_INTERNAL_ERROR; + } + EVP_DigestInit(&mdctx, DAA_PARAM_get_message_digest()); + // digestN0 = hash( modulus_N0) see Appendix B of spec. and TPM join stage 7 and 8 + EVP_DigestUpdate(&mdctx, modulus_N0_bytes, TPM_DAA_SIZE_issuerModulus); + digest_n0Length = EVP_MD_CTX_size(&mdctx); + digest_n0 = (BYTE *)malloc( digest_n0Length); + if (digest_n0 == NULL) { + LogError("malloc of %d bytes failed", digest_n0Length); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + EVP_DigestFinal(&mdctx, digest_n0, NULL); + + // test if credentialRequest->authenticationProof = + // H( H( U, daaCount, H(n0), joinSession->nonceEncrypted)) + EVP_DigestInit(&mdctx, DAA_PARAM_get_message_digest()); + // enlarge capitalU to 256 (TPM_DAA_SIZE_issuerModulus) + // allocation + capitalUPrime = bi_set_as_nbin( joinSession->capitalUprimeLength, joinSession->capitalUprime); + capitalUPrime_bytes = (BYTE *)malloc( TPM_DAA_SIZE_issuerModulus); + if (capitalUPrime_bytes == NULL) { + LogError("malloc of %d bytes failed", TPM_DAA_SIZE_issuerModulus); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_2_byte_array( capitalUPrime_bytes, TPM_DAA_SIZE_issuerModulus, capitalUPrime); + EVP_DigestUpdate(&mdctx, capitalUPrime_bytes, TPM_DAA_SIZE_issuerModulus); + bi_free_ptr( capitalUPrime); + daaCount = htonl( joinSession->daaCounter); + EVP_DigestUpdate(&mdctx, &daaCount, sizeof(UINT32)); + EVP_DigestUpdate(&mdctx, digest_n0, digest_n0Length); + contextHashLength = EVP_MD_CTX_size(&mdctx); + contextHash = (BYTE *)malloc( contextHashLength); + if (contextHash == NULL) { + LogError("malloc of %d bytes failed", contextHashLength); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + EVP_DigestFinal(&mdctx, contextHash, NULL); + EVP_DigestInit(&mdctx, DAA_PARAM_get_message_digest()); + LogDebug("PK(0).n=%s", dump_byte_array( TPM_DAA_SIZE_issuerModulus, modulus_N0_bytes)); + LogDebug("digestN0h=%s", dump_byte_array( digest_n0Length, digest_n0)); + LogDebug("UPrime=%s", dump_byte_array( TPM_DAA_SIZE_issuerModulus, capitalUPrime_bytes)); + LogDebug("daaCount=%4x", daaCount); + + LogDebug("contextHash[%d]=%s", contextHashLength, dump_byte_array( contextHashLength, contextHash)); + EVP_DigestUpdate(&mdctx, contextHash, contextHashLength); + EVP_DigestUpdate(&mdctx, joinSession->nonceEncrypted, joinSession->nonceEncryptedLength); + hashLength = EVP_MD_CTX_size(&mdctx); + hash = (BYTE *)malloc( hashLength); + if (hash == NULL) { + LogError("malloc of %d bytes failed", hashLength); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + EVP_DigestFinal(&mdctx, hash, NULL); + if( credentialRequest->authenticationProofLength != hashLength || + memcmp( credentialRequest->authenticationProof, hash, hashLength) != 0) { + LogError("Verification of authenticationProof failed - Step 2.b"); + LogError("credentialRequest->authenticationProof[%d]=%s", + credentialRequest->authenticationProofLength, + dump_byte_array( credentialRequest->authenticationProofLength, + credentialRequest->authenticationProof)); + LogError("internal cByte[%d]=%s", + hashLength, + dump_byte_array( hashLength, hash)); + result = TSS_E_DAA_AUTHENTICATION_ERROR; + goto close; + } else + LogDebug("verify_authenticity Done:%s", + dump_byte_array( hashLength, hash)); +close: + free( contextHash); + free( digest_n0); + free( capitalUPrime_bytes); + free( hash); + return result; +} + +TSS_RESULT +compute_join_challenge_issuer( TSS_DAA_PK_internal *pk_intern, + bi_ptr v_prime_prime, + bi_ptr capitalA, + bi_ptr capital_Atilde, + UINT32 nonceReceiverLength, + BYTE *nonceReceiver, + UINT32 *c_primeLength, + BYTE **c_prime) { // out allocation + EVP_MD_CTX mdctx; + BYTE *encoded_pk; + BYTE *byte_array; + UINT32 encoded_pkLength; + + byte_array = (BYTE *)malloc( DAA_PARAM_SIZE_RND_VALUE_CERTIFICATE / 8); // allocation + if (byte_array == NULL) { + LogError("malloc of %d bytes failed", DAA_PARAM_SIZE_RND_VALUE_CERTIFICATE / 8); + return TSPERR(TSS_E_OUTOFMEMORY); + } + EVP_DigestInit(&mdctx, DAA_PARAM_get_message_digest()); + encoded_pk = encoded_DAA_PK_internal( &encoded_pkLength, pk_intern); + EVP_DigestUpdate(&mdctx, encoded_pk, encoded_pkLength); + LogDebug( "issuerPk: %s", dump_byte_array( encoded_pkLength, encoded_pk)); + bi_2_byte_array( byte_array, DAA_PARAM_SIZE_RND_VALUE_CERTIFICATE / 8, v_prime_prime); + EVP_DigestUpdate(&mdctx, byte_array, DAA_PARAM_SIZE_RND_VALUE_CERTIFICATE / 8); + LogDebug( "vPrimePrime: %s", + dump_byte_array( DAA_PARAM_SIZE_RND_VALUE_CERTIFICATE / 8, byte_array)); + free( byte_array); + // allocation + byte_array = (BYTE *)malloc( DAA_PARAM_SIZE_RSA_MODULUS / 8); + if (byte_array == NULL) { + LogError("malloc of %d bytes failed", DAA_PARAM_SIZE_RSA_MODULUS / 8); + return TSPERR(TSS_E_OUTOFMEMORY); + } + bi_2_byte_array( byte_array, DAA_PARAM_SIZE_RSA_MODULUS / 8, capitalA); + EVP_DigestUpdate(&mdctx, byte_array, DAA_PARAM_SIZE_RSA_MODULUS / 8); + LogDebug( "capitalA: %s", dump_byte_array( DAA_PARAM_SIZE_RSA_MODULUS / 8, byte_array)); + bi_2_byte_array( byte_array, DAA_PARAM_SIZE_RSA_MODULUS / 8, capital_Atilde); + EVP_DigestUpdate(&mdctx, byte_array, DAA_PARAM_SIZE_RSA_MODULUS / 8); + LogDebug( "capital_Atilde: %s", + dump_byte_array( DAA_PARAM_SIZE_RSA_MODULUS / 8, byte_array)); + EVP_DigestUpdate(&mdctx, nonceReceiver, nonceReceiverLength); + LogDebug( "nonceReceiver: %s", + dump_byte_array( nonceReceiverLength, nonceReceiver)); + *c_primeLength = EVP_MD_CTX_size(&mdctx); + *c_prime = (BYTE *)malloc( *c_primeLength); + if (*c_prime == NULL) { + LogError("malloc of %d bytes failed", *c_primeLength); + free( byte_array); + return TSPERR(TSS_E_OUTOFMEMORY); + } + LogDebug( "c_prime: %s", dump_byte_array( *c_primeLength, *c_prime)); + EVP_DigestFinal(&mdctx, *c_prime, NULL); + free( byte_array); + return TSS_SUCCESS; +} + +// inspired by computeCredentialProof (IssuerTransaction.java) +TSS_RESULT +compute_credential_proof( TSS_DAA_PK_internal *pk_intern, + bi_ptr capital_A, + bi_ptr fraction_A, + bi_ptr eInverse, + bi_ptr v_prime_prime, + bi_ptr productPQprime, + UINT32 noncePlatformLength, + BYTE *noncePlatform, + bi_ptr *c_prime, // out + bi_ptr *s_e // out +) { + bi_ptr random_E = bi_new_ptr(); + bi_ptr capital_Atilde = bi_new_ptr(); + BYTE *c_prime_bytes; + UINT32 c_primeLength; + + bi_urandom( random_E, bi_length( productPQprime) + DAA_PARAM_SAFETY_MARGIN * 8); + bi_mod( random_E, random_E, productPQprime); + bi_inc( random_E); + bi_mod_exp( capital_Atilde, fraction_A, random_E, pk_intern->modulus); + compute_join_challenge_issuer( pk_intern, + v_prime_prime, + capital_A, + capital_Atilde, + noncePlatformLength, + noncePlatform, + &c_primeLength, + &c_prime_bytes); // allocation + *c_prime = bi_set_as_nbin( c_primeLength, c_prime_bytes); // allocation + *s_e = bi_new_ptr(); + bi_mul( *s_e, *c_prime, eInverse); + bi_mod( *s_e, *s_e, productPQprime); + bi_sub( *s_e, random_E, *s_e); + bi_mod( *s_e, *s_e, productPQprime); + bi_free_ptr( capital_Atilde); + bi_free_ptr( random_E); + free( c_prime_bytes); + return TSS_SUCCESS; +} + +// from IssuerTransaction.java (joinStep2) +// stacks: TCGApplication.java (retrieveDAACredential) -> Issuer.java(issueCredential) +TSPICALL Tspi_DAA_IssueCredential_internal +( + TSS_HDAA hDAA, // in + UINT32 attributesIssuerLength, // in + BYTE** attributesIssuer, // in + TSS_DAA_CREDENTIAL_REQUEST credentialRequest, // in + TSS_DAA_JOIN_ISSUER_SESSION joinSession, // in + TSS_DAA_CRED_ISSUER* credIssuer // out +) { + TSS_RESULT result = TSS_SUCCESS; + TCS_CONTEXT_HANDLE tcsContext; + bi_ptr capitalU_hat_prime = NULL; + bi_ptr tmp1; + bi_ptr tmp2; + bi_ptr sa_i; + bi_ptr capitalU_prime = NULL; + bi_ptr c = NULL; + bi_ptr n = NULL; + bi_ptr sf0 = NULL; + bi_ptr sf1 = NULL; + bi_ptr sv_prime = NULL; + bi_ptr capitalR0 = NULL; + bi_ptr capitalR1 = NULL; + bi_ptr capitalS = NULL; + bi_ptr capitalU = NULL; + bi_ptr capitalU_hat = NULL; + bi_ptr capitalN_hat_i = NULL; + bi_ptr exp = NULL; + bi_ptr product_attr_receiver = NULL; + bi_ptr product_attr_issuer = NULL; + bi_ptr sv_tilde_prime = NULL; + bi_ptr capital_ni = NULL; + bi_ptr v_hat = NULL; + bi_ptr fraction_A = NULL; + bi_ptr capitalA = NULL; + bi_ptr e = NULL; + bi_ptr eInverse = NULL; + bi_ptr v_prime_prime = NULL; + bi_ptr c_prime = NULL; + bi_ptr s_e = NULL; + bi_ptr zeta = NULL; + TSS_DAA_PK *daa_pk_extern; + TSS_DAA_PK_internal *pk_intern; + TSS_DAA_PRIVATE_KEY *private_key; + UINT32 i, chLength, challengeLength, length, interval; + EVP_MD_CTX mdctx; + BYTE *ch = NULL, *challenge = NULL; + + tmp1 = bi_new_ptr(); + tmp2 = bi_new_ptr(); + if( tmp1 == NULL || tmp2 == NULL) { + LogError("malloc of BI <%s> failed", "tmp1, tmp2"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + if( (result = obj_daa_get_tsp_context( hDAA, &tcsContext)) != TSS_SUCCESS) goto close; + // 1 TODO Check the TPM rogue list + + // 2 verify the authentication proof of the TPM + result = verify_authentificity(&credentialRequest, &joinSession); + if( result != TSS_SUCCESS) goto close; + daa_pk_extern = (TSS_DAA_PK *)(((TSS_DAA_KEY_PAIR *)joinSession.issuerKeyPair)->public_key); + pk_intern = e_2_i_TSS_DAA_PK( daa_pk_extern); + n = bi_set_as_nbin( daa_pk_extern->modulusLength, + daa_pk_extern->modulus); // allocation + if( n == NULL) { + LogError("malloc of BI <%s> failed", "n"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + capitalR0 = bi_set_as_nbin( daa_pk_extern->capitalR0Length, + daa_pk_extern->capitalR0); // allocation + if( capitalR0 == NULL) { + LogError("malloc of BI <%s> failed", "capitalR0"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + capitalR1 = bi_set_as_nbin( daa_pk_extern->capitalR1Length, + daa_pk_extern->capitalR1); // allocation + if( capitalR1 == NULL) { + LogError("malloc of BI <%s> failed", "capitalR1"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + capitalS = bi_set_as_nbin( daa_pk_extern->capitalSLength, + daa_pk_extern->capitalS); // allocation + if( capitalS == NULL) { + LogError("malloc of BI <%s> failed", "capitalS"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + capitalU = bi_set_as_nbin( credentialRequest.capitalULength, + credentialRequest.capitalU); // allocation + if( capitalU == NULL) { + LogError("malloc of BI <%s> failed", "capitalU"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + sv_tilde_prime = bi_set_as_nbin( credentialRequest.sVtildePrimeLength, + credentialRequest.sVtildePrime); // allocation + if( sv_tilde_prime == NULL) { + LogError("malloc of BI <%s> failed", "sv_tilde_prime"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + capital_ni = bi_set_as_nbin( credentialRequest.capitalNiLength, + credentialRequest.capitalNi); // allocation + if( capital_ni == NULL) { + LogError("malloc of BI <%s> failed", "capital_ni"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + // 3 Verify the correctness proof of the credential request + // 3.a TODO commitments + + // 3.b + capitalU_prime = bi_set_as_nbin( joinSession.capitalUprimeLength, + joinSession.capitalUprime); // allocation + if( capitalU_prime == NULL) { + LogError("malloc of BI <%s> failed", "capitalU_prime"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + sf0 = bi_set_as_nbin( credentialRequest.sF0Length, + credentialRequest.sF0); // allocation + if( sf0 == NULL) { + LogError("malloc of BI <%s> failed", "sf0"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + sf1 = bi_set_as_nbin( credentialRequest.sF1Length, + credentialRequest.sF1); // allocation + if( sf1 == NULL) { + LogError("malloc of BI <%s> failed", "sf1"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + sv_prime = bi_set_as_nbin( credentialRequest.sVprimeLength, + credentialRequest.sVprime); // allocation + if( sv_prime == NULL) { + LogError("malloc of BI <%s> failed", "sv_prime"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + c = bi_set_as_nbin( credentialRequest.challengeLength, + credentialRequest.challenge); // allocation + if( c == NULL) { + LogError("malloc of BI <%s> failed", "c"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + capitalU_hat_prime = bi_new_ptr();// allocation + if( capitalU_hat_prime == NULL) { + LogError("malloc of BI <%s> failed", "c"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + // capitalU_hat_prime = capitalU_prime ~% n + bi_invert_mod( capitalU_hat_prime, capitalU_prime, n); + // capitalU_hat_prime = ( capitalU_hat_prime ^ c ) % n + bi_mod_exp( capitalU_hat_prime, capitalU_hat_prime, c, n); + // capitalU_hat_prime = ( capitalU_hat_prime * ( capitalR0 ^ sf0)) % n + bi_mod_exp( tmp1, capitalR0, sf0, n); + bi_mul( capitalU_hat_prime, capitalU_hat_prime, tmp1); + bi_mod( capitalU_hat_prime, capitalU_hat_prime, n); + // capitalU_hat_prime = ( capitalU_hat_prime * ( capitalR1 ^ sf1)) % n + bi_mod_exp( tmp1, capitalR1, sf1, n); + bi_mul( capitalU_hat_prime, capitalU_hat_prime, tmp1); + bi_mod( capitalU_hat_prime, capitalU_hat_prime, n); + // capitalU_hat_prime = ( capitalU_hat_prime * ( capitalS ^ sv_prime)) % n + bi_mod_exp( tmp1, capitalS, sv_prime, n); + bi_mul( capitalU_hat_prime, capitalU_hat_prime, tmp1); + bi_mod( capitalU_hat_prime, capitalU_hat_prime, n); + // verify blinded encoded attributes of the Receiver + product_attr_receiver = bi_new_ptr(); + bi_set( product_attr_receiver, bi_1); + length = ( DAA_PARAM_SIZE_RANDOMIZED_ATTRIBUTES + 7) / 8; + for( i=0; i failed", "sa_i"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_mod_exp( tmp1, pk_intern->capitalRReceiver->array[i], sa_i, n); + bi_mul( product_attr_receiver, product_attr_receiver, tmp1); + bi_mod( product_attr_receiver, product_attr_receiver, n); + bi_free_ptr( sa_i); + } + // tmp1 = ( 1 / capitalU ) % n + bi_invert_mod( tmp1, capitalU, n); + capitalU_hat = bi_new_ptr(); + if( capitalU_hat == NULL) { + LogError("malloc of BI <%s> failed", "capitalU_hat"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_mul( capitalU_hat, capitalU_prime, tmp1); + // capitalU_hat = capitalU_prime / capitalU + bi_mod( capitalU_hat, capitalU_hat, n); + // capital_Uhat = ( (capital_Uhat ^ c ) % n + bi_mod_exp( capitalU_hat, capitalU_hat, c, n); + // capital_Uhat = ( capital_Uhat * ( capitalS ^ sv_tilde_prime) % n ) % n + bi_mod_exp( tmp1, pk_intern->capitalS, sv_tilde_prime, n); + bi_mul( capitalU_hat, capitalU_hat, tmp1); + bi_mod( capitalU_hat, capitalU_hat, n); + bi_mul( capitalU_hat, capitalU_hat, product_attr_receiver); + bi_mod( capitalU_hat, capitalU_hat, n); + // capital_Nhat_i = (( capital_Ni ~% pk_intern->capitalGamma ) ^ c ) % pk_intern->capitalGamma + capitalN_hat_i = bi_new_ptr(); + bi_invert_mod( capitalN_hat_i, capital_ni, pk_intern->capitalGamma); + bi_mod_exp( capitalN_hat_i, capitalN_hat_i, c, pk_intern->capitalGamma); + // exp = sf1 << (DAA_PARAM_SIZE_F_I) + sf0 + exp = bi_new_ptr(); + if( exp == NULL) { + LogError("malloc of BI <%s> failed", "exp"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_shift_left( exp, sf1, DAA_PARAM_SIZE_F_I); + bi_add( exp, exp, sf0); + zeta = compute_zeta( pk_intern->issuerBaseNameLength, + pk_intern->issuerBaseName, + pk_intern); + // capital_Nhat_i = ( capital_Nhat_i * + // ( ( issuer.zeta ^ exp) % pk->capitalGamma) ) % pk->capitalGamma + bi_mod_exp( tmp1, zeta, exp, pk_intern->capitalGamma); + bi_mul( capitalN_hat_i, capitalN_hat_i, tmp1); + bi_mod( capitalN_hat_i, capitalN_hat_i, pk_intern->capitalGamma); + + LogDebug("calculation Uhat: capitalS:%s\n", bi_2_hex_char( pk_intern->capitalS)); + LogDebug("calculation Uhat: sv_tilde_prime:%s\n", bi_2_hex_char( sv_tilde_prime)); + LogDebug("calculation Uhat: n:%s\n", bi_2_hex_char( n)); + LogDebug("calculation Uhat: product_attributes:%s\n", bi_2_hex_char( product_attr_receiver)); + LogDebug("calculation NhatI: zeta:%s\n", bi_2_hex_char( zeta)); + LogDebug("calculation NhatI: exp:%s\n", bi_2_hex_char( exp)); + LogDebug("calculation NhatI: capitalGamma:%s\n", bi_2_hex_char( pk_intern->capitalGamma)); + // calculate challenge + result = compute_join_challenge_host(hDAA, + pk_intern, + capitalU, + capitalU_prime, + capitalU_hat, + capitalU_hat_prime, + capital_ni, + capitalN_hat_i, + 0, // TODO: commitmentsProofLength + NULL, // TODO: commits + joinSession.nonceIssuerLength, + joinSession.nonceIssuer, + &chLength, // out + &ch); // out allocation + if( result != TSS_SUCCESS) goto close; + LogDebug("JoinChallengeHost: %s", dump_byte_array( chLength, ch)); + EVP_DigestInit(&mdctx, DAA_PARAM_get_message_digest()); + EVP_DigestUpdate(&mdctx, ch, chLength); + challengeLength = EVP_MD_CTX_size( &mdctx); + challenge = (BYTE *)malloc( challengeLength); + if( challenge == NULL) { + LogError("malloc of %d bytes failed", challengeLength); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + EVP_DigestUpdate(&mdctx, credentialRequest.nonceTpm, credentialRequest.nonceTpmLength); + EVP_DigestFinal(&mdctx, challenge, NULL); + // checks + if( credentialRequest.challengeLength != challengeLength || + memcmp( credentialRequest.challenge, challenge, challengeLength)!=0) { + LogError("Verification of c failed - Step 3.f.i"); + LogError("credentialRequest.challenge[%d]=%s", + credentialRequest.challengeLength, + dump_byte_array( credentialRequest.challengeLength, + credentialRequest.challenge)); + LogError("challenge[%d]=%s", + challengeLength, + dump_byte_array( challengeLength, challenge)); + result = TSS_E_DAA_CREDENTIAL_REQUEST_PROOF_ERROR; + goto close; + } + // + 1 because the result of ( rA(43 bits) + c(20 bits) * a(13 bits)) can + // shift 1 bit above the normal size (43 bits) + length = DAA_PARAM_SIZE_RANDOMIZED_ATTRIBUTES + 1; + if( bi_length( sf0) > (long)length) { + LogError( "Verification of sF0 failed - Step 3.f.ii"); + LogError("\tsf0 bits length: %d expected maximum length:%d\n", + (int)bi_length( sf0), (int)length); + result = TSS_E_DAA_CREDENTIAL_REQUEST_PROOF_ERROR; + goto close; + } + if( bi_length( sf1) > (long)length) { + LogError( "Verification of sF1 failed - Step 3.f.ii"); + LogError("\tsf1 length: %d expected maximum length:%d\n", + (int)bi_length( sf1), (int)length); + result = TSS_E_DAA_CREDENTIAL_REQUEST_PROOF_ERROR; + goto close; + } + // blinded attributes + length = DAA_PARAM_SIZE_RANDOMIZED_ATTRIBUTES; + for( i=0; i failed", "sa_i"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + if( bi_length( sa_i) > (long)length) { + LogError("Verification of sA[%d] failed - Step 3.f.ii", i); + LogError("sA.length=%d length=%d", (int)bi_length( sa_i), length); + result = TSS_E_DAA_CREDENTIAL_REQUEST_PROOF_ERROR; + goto close; + } + bi_free_ptr( sa_i); + if( result != TSS_SUCCESS) goto close; + } + length = DAA_PARAM_SIZE_RSA_MODULUS + 2 * DAA_PARAM_SAFETY_MARGIN + + DAA_PARAM_SIZE_MESSAGE_DIGEST; + if( bi_length( sv_prime) > (int)length) { + LogError("Verification of sVprime failed - Step 3.f.iii\n"); + LogError("\tsv_prime bits length: %d expected maximum length:%d\n", + (int)bi_length( sv_prime), (int)length); + result = TSS_E_DAA_CREDENTIAL_REQUEST_PROOF_ERROR; + goto close; + } + if( bi_nbin_size( sv_tilde_prime) > (int)length) { + LogError("Verification of sVtildePrime failed - Step 3.f.iii"); + LogError("\tsv_tilde_prime bits length: %d expected maximum length:%d\n", + (int)bi_length( sv_tilde_prime), (int)length); + result = TSS_E_DAA_CREDENTIAL_REQUEST_PROOF_ERROR; + goto close; + } + // compute credential + v_hat = bi_new_ptr(); + if( v_hat == NULL) { + LogError("malloc of BI <%s> failed", "v_hat"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_urandom( v_hat, DAA_PARAM_SIZE_RND_VALUE_CERTIFICATE - 1); + length = DAA_PARAM_SIZE_EXPONENT_CERTIFICATE; + interval = DAA_PARAM_SIZE_INTERVAL_EXPONENT_CERTIFICATE; + e = bi_new_ptr(); + if( e == NULL) { + LogError("malloc of BI <%s> failed", "e"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + compute_prime( e, length, interval); + + // v'' = ( 1 << DAA_PARAM_SIZE_RND_VALUE_CERTIFICATE) + v_hat + v_prime_prime = bi_new_ptr(); + bi_shift_left( tmp1, bi_1, DAA_PARAM_SIZE_RND_VALUE_CERTIFICATE - 1); + bi_add( v_prime_prime, tmp1, v_hat); + + // fraction_A = (( pk->capitalS ^ v``) % n) * capitalU + fraction_A = bi_new_ptr(); + if( fraction_A == NULL) { + LogError("malloc of BI <%s> failed", "fraction_A"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_mod_exp( fraction_A, pk_intern->capitalS, v_prime_prime, n); + bi_mul( fraction_A, fraction_A, capitalU); + bi_mod( fraction_A, fraction_A, n); + + // encode attributes + bi_free_ptr( tmp1); + product_attr_issuer = bi_new_ptr(); + if( product_attr_issuer == NULL) { + LogError("malloc of BI <%s> failed", "product_attr_issuer"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_set( product_attr_issuer, bi_1); + for( i=0; i< attributesIssuerLength; i++) { + tmp1 = bi_set_as_nbin( DAA_PARAM_SIZE_F_I / 8, attributesIssuer[i]); // allocation + bi_mod_exp( tmp2, pk_intern->capitalRIssuer->array[i], tmp1, n); + bi_mul( product_attr_issuer, product_attr_issuer, tmp2); + bi_mod( product_attr_issuer, product_attr_issuer, n); + bi_free_ptr( tmp1); + } + tmp1 = bi_new_ptr(); + if( tmp1 == NULL) { + LogError("malloc of BI <%s> failed", "tmp1"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_mul( fraction_A, fraction_A, product_attr_issuer); + bi_mod( fraction_A, fraction_A, n); + + bi_invert_mod( fraction_A, fraction_A, n); + bi_mul( fraction_A, fraction_A, pk_intern->capitalZ); + bi_mod( fraction_A, fraction_A, n); + + private_key = (TSS_DAA_PRIVATE_KEY *) + (((TSS_DAA_KEY_PAIR *)joinSession.issuerKeyPair)->private_key); + bi_free_ptr( tmp2); + tmp2 = bi_set_as_nbin( private_key->productPQprimeLength, + private_key->productPQprime); // allocation + if( tmp2 == NULL) { + LogError("malloc of BI <%s> failed", "tmp2"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + eInverse = bi_new_ptr(); + if( eInverse == NULL) { + LogError("malloc of BI <%s> failed", "eInverse"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_invert_mod( eInverse, e, tmp2); + capitalA = bi_new_ptr(); + if( capitalA == NULL) { + LogError("malloc of BI <%s> failed", "capitalA"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + LogDebug("fraction_A[%ld]=%s", bi_nbin_size( fraction_A), bi_2_hex_char( fraction_A)); + LogDebug("eInverse[%ld]=%s", bi_nbin_size( eInverse), bi_2_hex_char( eInverse)); + LogDebug("productPQprime[%ld]=%s", bi_nbin_size( tmp2), bi_2_hex_char( tmp2)); + LogDebug("eInverse[%ld]=%s", bi_nbin_size( eInverse), bi_2_hex_char( eInverse)); + LogDebug("e[%ld]=%s", bi_nbin_size( e), bi_2_hex_char( e)); + LogDebug("n[%ld]=%s", bi_nbin_size( n), bi_2_hex_char( n)); + bi_mod_exp( capitalA, fraction_A, eInverse, n); + + compute_credential_proof( pk_intern, + capitalA, + fraction_A, + eInverse, + v_prime_prime, + tmp2, // productPQprime + credentialRequest.noncePlatformLength, + credentialRequest.noncePlatform, + &c_prime, // out: allocation + &s_e); // out: allocation + // populate credIssuer (TSS_DAA_CRED_ISSUER *) + credIssuer->capitalA = calloc_tspi( tcsContext, bi_nbin_size( capitalA)); + if( credIssuer->capitalA == NULL) { + LogError("malloc of %ld bytes failed", bi_nbin_size( capitalA)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_2_nbin1( &(credIssuer->capitalALength), credIssuer->capitalA, capitalA); + credIssuer->e = calloc_tspi( tcsContext, bi_nbin_size( e)); + if( credIssuer->e == NULL) { + LogError("malloc of %ld bytes failed", bi_nbin_size( e)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_2_nbin1( &(credIssuer->eLength), credIssuer->e, e); + credIssuer->vPrimePrime = calloc_tspi( tcsContext, bi_nbin_size( v_prime_prime)); + if( credIssuer->vPrimePrime == NULL) { + LogError("malloc of %ld bytes failed", bi_nbin_size( v_prime_prime)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_2_nbin1( &(credIssuer->vPrimePrimeLength), credIssuer->vPrimePrime, v_prime_prime); + // attributes issuer + credIssuer->attributesIssuerLength = attributesIssuerLength; + credIssuer->attributesIssuer = calloc_tspi( tcsContext, + attributesIssuerLength * sizeof( BYTE *)); + if( credIssuer->attributesIssuer == NULL) { + LogError("malloc of %d bytes failed", attributesIssuerLength * sizeof( BYTE *)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + for( i=0; i< attributesIssuerLength; i++) { + credIssuer->attributesIssuer[i] = calloc_tspi( tcsContext, DAA_PARAM_SIZE_F_I / 8); + if( credIssuer->attributesIssuer[i] == NULL) { + LogError("malloc of %d bytes failed", DAA_PARAM_SIZE_F_I / 8); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + memcpy( credIssuer->attributesIssuer[i], attributesIssuer[i], DAA_PARAM_SIZE_F_I / 8); + } + credIssuer->cPrime = calloc_tspi( tcsContext, bi_nbin_size( c_prime)); + if( credIssuer->cPrime == NULL) { + LogError("malloc of %ld bytes failed", bi_nbin_size( c_prime)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_2_nbin1( &(credIssuer->cPrimeLength), credIssuer->cPrime, c_prime); + credIssuer->sE = calloc_tspi( tcsContext, bi_nbin_size( s_e)); + if( credIssuer->sE == NULL) { + LogError("malloc of %ld bytes failed", bi_nbin_size( s_e)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_2_nbin1( &(credIssuer->sELength), credIssuer->sE, s_e); + +close: + //free_TSS_DAA_PK( daa_pk_extern); + if( ch != NULL) free( ch); + if( challenge != NULL) free( challenge); + FREE_BI( tmp1); + FREE_BI( tmp2); + FREE_BI( s_e); + FREE_BI( c_prime); + FREE_BI( capitalA); + FREE_BI( v_prime_prime); + FREE_BI( eInverse); + FREE_BI( e); + FREE_BI( fraction_A); + FREE_BI( v_hat); + FREE_BI( capital_ni); + FREE_BI( sv_tilde_prime); + FREE_BI( product_attr_receiver); + FREE_BI( product_attr_issuer); + FREE_BI( capitalU_hat_prime); + FREE_BI( capitalU_prime); + FREE_BI( sv_prime); + FREE_BI( exp); + FREE_BI( capitalN_hat_i); + FREE_BI( capitalU_hat); + FREE_BI( capitalU); + FREE_BI( capitalS); + FREE_BI( capitalR1); + FREE_BI( capitalR0); + FREE_BI( sf1); + FREE_BI( sf0); + FREE_BI( n); + FREE_BI( c); + FREE_BI( zeta); + return result; +} diff --git a/src/tspi/daa/daa_issuer/issuer_init.c b/src/tspi/daa/daa_issuer/issuer_init.c new file mode 100644 index 0000000..788bb8d --- /dev/null +++ b/src/tspi/daa/daa_issuer/issuer_init.c @@ -0,0 +1,142 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2006 + * + */ + +#include +#include +#include + +// for message digest +#include + +#include +#include "daa_structs.h" +#include "daa_parameter.h" +#include "trousers/tss.h" +#include "spi_internal_types.h" +#include "spi_utils.h" +#include +#include +#include +#include "tsplog.h" +#include "tss/tcs.h" + +/* +Verifies if the key is a valid endorsement key of a TPM. (TPM is good) +return 0 if correct + */ +int verify_ek_and_daaCounter( + UINT32 endorsementLength, + BYTE *endorsementCredential, + UINT32 daaCounter +) { + // TODO + return 0; +} + + +TSS_RESULT Tspi_DAA_IssueInit_internal( + TSS_HDAA hDAA, // in + TSS_HKEY issuerAuthPK, // in + TSS_HKEY issuerKeyPair, // in (TSS_DAA_KEY_PAIR *) + TSS_DAA_IDENTITY_PROOF identityProof, // in + UINT32 capitalUprimeLength, // in + BYTE* capitalUprime, // in + UINT32 daaCounter, // in + UINT32* nonceIssuerLength, // out + BYTE** nonceIssuer, // out + UINT32* authenticationChallengeLength, // out + BYTE** authenticationChallenge, // out + TSS_DAA_JOIN_ISSUER_SESSION* joinSession // out +) { + TCS_CONTEXT_HANDLE tcsContext; + TSS_RESULT result; + BYTE *ne, *buffer; + bi_t random; + int length_ne; + + if( (result = obj_daa_get_tsp_context( hDAA, &tcsContext)) != TSS_SUCCESS) + return result; + // 1 & 2 : verify EK (and associated credentials) of the platform + if( verify_ek_and_daaCounter( identityProof.endorsementLength, + identityProof.endorsementCredential, daaCounter) != 0) { + LogError("EK verification failed"); + return TSS_E_INTERNAL_ERROR; + } + + // 3 : choose a random nonce for the platform (ni) + bi_new( random); + bi_urandom( random, DAA_PARAM_LENGTH_MESSAGE_DIGEST * 8); + buffer = bi_2_nbin( nonceIssuerLength, random); + if( buffer == NULL) { + LogError("malloc of %d bytes failed", *nonceIssuerLength); + return TSPERR(TSS_E_OUTOFMEMORY); + } + *nonceIssuer = convert_alloc( tcsContext, *nonceIssuerLength, buffer); + if (*nonceIssuer == NULL) { + LogError("malloc of %d bytes failed", *nonceIssuerLength); + free( buffer); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + LogDebug("nonce Issuer[%d:%d]:%s", DAA_PARAM_LENGTH_MESSAGE_DIGEST, + *nonceIssuerLength, + dump_byte_array( *nonceIssuerLength , *nonceIssuer)); + + // 4 : choose a random nonce ne and encrypt it under EK + bi_urandom( random, DAA_PARAM_LENGTH_MESSAGE_DIGEST * 8); + ne = convert_alloc( tcsContext, length_ne, bi_2_nbin( &length_ne, random)); + if (ne == NULL) { + LogError("malloc of %d bytes failed", length_ne); + free( buffer); + free( nonceIssuer); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + bi_free( random); + *authenticationChallenge = (BYTE *)calloc_tspi( tcsContext, 256); // 256: RSA size + if (*authenticationChallenge == NULL) { + LogError("malloc of %d bytes failed", 256); + free( buffer); + free( nonceIssuer); + free( ne); + return TSPERR(TSS_E_OUTOFMEMORY); + } + result = Trspi_RSA_Encrypt( + ne, // message to encrypt + length_ne, // length message to encrypt + *authenticationChallenge, // destination + authenticationChallengeLength, // length destination + identityProof.endorsementCredential, // public key + identityProof.endorsementLength); // public key size + if( result != TSS_SUCCESS) { + LogError("Can not encrypt the Authentication Challenge"); + free( buffer); + free( nonceIssuer); + free( ne); + return TSS_E_INTERNAL_ERROR; + } + LogDebug("authenticationChallenge[%d:%d]:%s", DAA_PARAM_LENGTH_MESSAGE_DIGEST, + *authenticationChallengeLength, + dump_byte_array( *authenticationChallengeLength , *authenticationChallenge)); + + // 5 : save PK, PKDAA, (p', q'), U', daaCounter, ni, ne in joinSession + // EK is not a member of joinSession but is already saved in identityProof + joinSession->issuerAuthPK = issuerAuthPK; + joinSession->issuerKeyPair = issuerKeyPair; + memcpy( &(joinSession->identityProof), &identityProof, sizeof(TSS_DAA_IDENTITY_PROOF)); + joinSession->capitalUprimeLength = capitalUprimeLength; + joinSession->capitalUprime = capitalUprime; + joinSession->daaCounter = daaCounter; + joinSession->nonceIssuerLength = *nonceIssuerLength; + joinSession->nonceIssuer = *nonceIssuer; + joinSession->nonceEncryptedLength = length_ne; + joinSession->nonceEncrypted = ne; + return result; +} diff --git a/src/tspi/daa/daa_issuer/issuer_setup.c b/src/tspi/daa/daa_issuer/issuer_setup.c new file mode 100644 index 0000000..44e3679 --- /dev/null +++ b/src/tspi/daa/daa_issuer/issuer_setup.c @@ -0,0 +1,166 @@ +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2006 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "spi_internal_types.h" +#include "spi_utils.h" +#include "obj.h" +// #include "tcslog.h" +#include "bi.h" +#include "daa_parameter.h" +#include "issuer.h" + +static char *DEFAULT_FILENAME = "issuer.txt"; +static char *DEFAULT_ISSUER = "IBM-Issuer"; + +static const int DEFAULT_ISSUER_ATTRIBUTES = 2; // A1 A2 +static const int DEFAULT_RECEIVER_ATTRIBUTES = 3; // A3 A4 A5 + +int print_usage(char *cmd) { + fprintf(stderr, "usage: %s\n", cmd); + fprintf(stderr, " \t-npa,\t--nb_platform_attr\tnumber of attributes that the\ + Platform can choose and which will not be visible to the Issuer (default: %d)\n", + DEFAULT_ISSUER_ATTRIBUTES); + fprintf(stderr, " \t-nia,\t--nb_issuer_attr\tnumber of attributes that the issuer\ + can choose and which will be visible to both the Platform and the Issuer(default: %d)\n", + DEFAULT_RECEIVER_ATTRIBUTES); + fprintf(stderr, " \t-if,\t--issuer_file\tthe file that will contain all key pair\ + and proof to be used by the issuer (default: %s)\n", + DEFAULT_FILENAME); + fprintf(stderr, " \t-i,\t--issuer\tissuer identity (default: %s)\n", + DEFAULT_ISSUER); + return -1; +} + +int main(int argc, char *argv[]) { + int nb_platform_attr = DEFAULT_ISSUER_ATTRIBUTES; + int nb_issuer_attr = DEFAULT_RECEIVER_ATTRIBUTES; + char *filename = DEFAULT_FILENAME; + char *issuer = DEFAULT_ISSUER; + int i; + char *param; + TSS_HCONTEXT hContext; + TSS_DAA_KEY_PAIR *key_pair; + TSS_DAA_PK_PROOF *public_keyproof; + TSS_RESULT result; + TSS_HDAA hDAA; + TSS_DAA_PK_PROOF_internal *public_keyproof_internal; + TSS_DAA_PK_internal *pk; + TSS_DAA_PRIVATE_KEY *private_key; + DAA_PRIVATE_KEY_internal *private_key_internal; + KEY_PAIR_WITH_PROOF_internal *key_pair_with_proof; + + printf("Issuer Setup (%s:%s,%s)\n", argv[0], __DATE__, __TIME__); + i = 1; + while( i < argc) { + param = argv[ i]; + if ( strcmp( param, "-if") == 0 || strcmp( param, "--issuer_file")) { + i++; + if( i == argc) return print_usage( argv[0]); + filename = argv[i]; + } else if( strcmp( param, "-npa") == 0 || strcmp( param, "--nb_platform_attr")) { + i++; + if( i == argc) return print_usage( argv[0]); + nb_platform_attr = atoi( argv[i]); + } else if( strcmp( param, "-nia") == 0 || strcmp( param, "--nb_issuer_attr")) { + i++; + if( i == argc) return print_usage( argv[0]); + nb_issuer_attr = atoi(argv[i]); + } else if( strcmp( param, "-i") == 0 || strcmp( param, "--issuer")) { + i++; + if( i == argc) return print_usage( argv[0]); + issuer = argv[i]; + } else { + fprintf(stderr, "%s:unrecognized option `%s'\n", argv[0], param); + return print_usage( argv[0]); + } + i++; + } + bi_init( NULL); + // Create Context + printf("Create Context\n"); + result = Tspi_Context_Create( &hContext ); + if ( result != TSS_SUCCESS ) + { + fprintf( stderr, "Tspi_Context_Create %d\n", result ); + exit( result ); + } + + // Connect to Context + printf("Connect to the context\n"); + result = Tspi_Context_Connect( hContext, NULL ); + if ( result != TSS_SUCCESS ) + { + fprintf( stderr, "Tspi_Context_Connect error:%d\n", result ); + Tspi_Context_FreeMemory( hContext, NULL ); + Tspi_Context_Close( hContext ); + exit( result ); + } + //Create Object + result = obj_daa_add( hContext, &hDAA); + if (result != TSS_SUCCESS) { + goto close; + } + result = Tspi_DAA_IssueSetup( + hDAA, // in + strlen( issuer), // in + (BYTE *)issuer, // in + nb_platform_attr, // in + nb_issuer_attr, // in + (TSS_HKEY *)&key_pair, // out + &public_keyproof); // out + if( result != TSS_SUCCESS) goto close; + + // TSS_DAA_KEY_PAIR_internal *key_pair_internal = DAA_KEY_PAIR_2_internal( key_pair); + public_keyproof_internal = e_2_i_TSS_DAA_PK_PROOF( public_keyproof); + pk = e_2_i_TSS_DAA_PK( key_pair->public_key); + private_key = key_pair->private_key; + private_key_internal = e_2_i_TSS_DAA_PRIVATE_KEY( private_key); + key_pair_with_proof = + (KEY_PAIR_WITH_PROOF_internal *)malloc( sizeof(KEY_PAIR_WITH_PROOF_internal)); + if( key_pair_with_proof == NULL) { + fprintf("malloc of %d bytes failed", sizeof(KEY_PAIR_WITH_PROOF_internal)); + goto close; + } + key_pair_with_proof->pk = pk; + key_pair_with_proof->private_key = private_key_internal; + key_pair_with_proof->proof = public_keyproof_internal; + + printf("Saving key pair with proof -> \'%s\'", filename); + FILE *file = fopen( filename, "w"); + if( file == NULL) { + fprintf( stderr, "%s: Error when saving \'%s\': %s\n", + argv[0], + filename, + strerror( errno)); + return -1; + } + if( save_KEY_PAIR_WITH_PROOF( file, key_pair_with_proof) != 0) { + fprintf( stderr, "%s: Error when saving \'%s\': %s\n", + argv[0], + filename, + strerror( errno)); + return -1; + } + fclose( file); + printf("\nDone.\n"); +close: + obj_daa_remove( hDAA, hContext); + printf("Closing the context\n"); + Tspi_Context_FreeMemory( hContext, NULL ); + Tspi_Context_Close( hContext ); + bi_release(); + printf("Result: %d", result); + return result; +} diff --git a/src/tspi/daa/daa_issuer/key_correctness_proof.c b/src/tspi/daa/daa_issuer/key_correctness_proof.c new file mode 100644 index 0000000..505e760 --- /dev/null +++ b/src/tspi/daa/daa_issuer/key_correctness_proof.c @@ -0,0 +1,516 @@ +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2006 + * + */ + +#include +#include +#include + +// for little-big endian conversion +#include +// for message digest +#include + +#include "bi.h" + +#include "daa_parameter.h" +#include "list.h" +#include "daa_structs.h" + +#include "issuer.h" + +//standard bit length extension to obtain a uniformly distributed number [0,element] +static const int SAFETY_PARAM = 80; + +static bi_array_ptr get_generators( const TSS_DAA_PK_internal *pk) { + bi_array_ptr result = ALLOC_BI_ARRAY(); + int i; + + bi_new_array( result, 3 + pk->capitalY->length ); + for(i = 0; ilength; i++) { + result->array[i] = pk->capitalS; + } + return result; +} + +static bi_array_ptr get_verifiable_numbers( const TSS_DAA_PK_internal *pk) { + bi_array_ptr result = ALLOC_BI_ARRAY(); + int i; + + bi_new_array( result, 3 + pk->capitalY->length); + result->array[0] = pk->capitalZ; + result->array[1] = pk->capitalR0; + result->array[2] = pk->capitalR1; + // CAPITAL Y ( capitalRReceiver + capitalRIssuer) + for( i=0; icapitalY ->length; i++) + result->array[ 3+i] = pk->capitalY->array[i]; + return result; +} + +/* computes an array of random numbers in the range of [1,element] */ +void compute_random_numbers( bi_array_ptr result, int quantity, const bi_ptr element) { + int i=0; + + for( i=0; iarray[i], element); + bi_inc( result->array[i]); // array[i]++ + } +} + +int test_bit( int pos, BYTE* array, int length) { + return (((int)array[ length - (pos / 8) - 1]) & (1 << (pos % 8))) != 0; +} + +void toByteArray( BYTE *result, int length, bi_ptr bi, char *logMsg) { + LogDebug("-> toByteArray <%d> %s",(int)bi, logMsg); + LogDebug("lenghts <%d|%d>",length, (int)bi_nbin_size(bi)); + bi_2_byte_array( result, length, bi); + LogDebug("<- toByteArray result=%s [<%d|%d>] ", + dump_byte_array( length, result), + length, + (int)bi_nbin_size(bi)); +} + +/* +Compute the message digest used in the proof. (from DAA_Param, the digest +algorithm is RSA, but this is not available in openssl, the successor of RSA is SHA1 +*/ +TSS_RESULT +generateMessageDigest(BYTE *md_value, + int *md_len, + const TSS_DAA_PK_internal *pk, + bi_array_ptr *commitments, + const int commitments_size +) { + EVP_MD_CTX mdctx; + const EVP_MD *md; + int i, j; + int length = DAA_PARAM_SIZE_RSA_MODULUS / 8; + BYTE *array; + + // 10000 to be sure, and this memory will be released quite quickly + array = (BYTE *)malloc( 10000); + if (array == NULL) { + LogError("malloc of %d bytes failed", 10000); + return TSPERR(TSS_E_OUTOFMEMORY); + } + OpenSSL_add_all_digests(); + md = EVP_get_digestbyname( DAA_PARAM_MESSAGE_DIGEST_ALGORITHM); + EVP_MD_CTX_init(&mdctx); + EVP_DigestInit_ex(&mdctx, md, NULL); +#ifdef DAA_DEBUG + fprintf(stderr, "modulus=%s\n", bi_2_hex_char( pk->modulus)); +#endif + toByteArray( array, length, pk->modulus, + "!! [generateMessageDigest modulus] current_size=%d length=%d\n"); + EVP_DigestUpdate(&mdctx, array , length); + toByteArray( array, length, pk->capitalS, + "!! [generateMessageDigest capitalS] current_size=%d length=%d\n"); + EVP_DigestUpdate(&mdctx, array , length); + // add capitalZ, capitalR0, capitalR1, capitalY + LogDebug("capitalZ capitalR0 capitalY"); + toByteArray( array, length, pk->capitalZ, + "!! [generateMessageDigest capitalZ] current_size=%d length=%d\n"); + EVP_DigestUpdate(&mdctx, array , length); + toByteArray( array, length, pk->capitalR0, + "!! [generateMessageDigest capitalR0] current_size=%d length=%d\n"); + EVP_DigestUpdate(&mdctx, array , length); + toByteArray( array, length, pk->capitalR1, + "!! [generateMessageDigest capitalR1] current_size=%d length=%d\n"); + EVP_DigestUpdate(&mdctx, array , length); + // CAPITAL Y ( capitalRReceiver ) + LogDebug("capitalRReceiver"); + for( i=0; icapitalRReceiver->length; i++) { + toByteArray( array, length, pk->capitalRReceiver->array[i], + "!![generateMessageDigest capitalRReceiver] current_size=%d length=%d\n"); + EVP_DigestUpdate(&mdctx, array , length); + } + LogDebug("capitalRIssuer"); + // CAPITAL Y ( capitalRIssuer) + for( i=0; icapitalRIssuer->length; i++) { + toByteArray( array, length, pk->capitalRIssuer->array[i], + "!![generateMessageDigest capitalRReceiver] current_size=%d length=%d\n"); + EVP_DigestUpdate(&mdctx, array , length); + } + LogDebug("commitments"); + for( i=0; ilength; j++) { + toByteArray( array, length, commitments[i]->array[j], + "!! [generateMessageDigest commitments] current_size=%d length=%d\n"); + EVP_DigestUpdate(&mdctx, array , length); + } + } + EVP_DigestFinal_ex(&mdctx, md_value, md_len); + EVP_MD_CTX_cleanup(&mdctx); + free( array); + return TSS_SUCCESS; +} + +int is_range_correct( bi_ptr b, bi_ptr range) { + return bi_cmp( b, range) < 0 && bi_cmp( b, bi_0) >= 0; +} + +/* +Verifies if the parameters Z,R0,R1,RReceiver and RIssuer of the public key +were correctly computed. +pk: the public key, which one wants to verfy. +*/ +TSS_RESULT +is_pk_correct( TSS_DAA_PK_internal *public_key, + TSS_DAA_PK_PROOF_internal *proof, + int *isCorrect +) { + int bit_size_message_digest = DAA_PARAM_SIZE_MESSAGE_DIGEST; + bi_ptr n = public_key->modulus; + int num_of_variables; + int i,j; + TSS_RESULT result = TSS_SUCCESS; + BYTE verifiable_challenge[EVP_MAX_MD_SIZE]; + int length_challenge; + bi_array_ptr verifiable_numbers; + bi_array_ptr *verification_commitments = NULL; + bi_array_ptr generators = NULL; + bi_t tmp; + bi_t tmp1; +#ifdef DAA_DEBUG + FILE *f; + bi_array_ptr *commitments; +#endif + + bi_new( tmp); + bi_new( tmp1); + *isCorrect = 0; +#ifdef DAA_DEBUG + f=fopen("/tmp/commits", "r"); + commitments = (bi_array_ptr *)malloc( sizeof(bi_array_ptr) * num_of_variables); + if (commitments == NULL) { + LogError("malloc of %d bytes failed", sizeof(bi_array_ptr) * num_of_variables); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + for( i=0; icapitalGamma)) { + LogError( "pk->capitalGamma not prime\ncapitalGamma=\n%s", + bi_2_hex_char( public_key->capitalGamma)); + result = TSS_E_BAD_PARAMETER; + goto close; + } + if( !bi_is_probable_prime( public_key->rho)) { + LogError( "pk->rho not prime\nrho=\n%s", + bi_2_hex_char( public_key->rho)); + result = TSS_E_BAD_PARAMETER; + goto close; + } + // (capitalGamma - 1) % rho should be equal to 0 + if( !bi_equals( bi_mod( tmp1, bi_sub( tmp1, public_key->capitalGamma, bi_1), + public_key->rho), + bi_0)) { + LogError( "(capitalGamma - 1) %% rho != 0\nActual value:\n%s", + bi_2_hex_char( tmp1)); + result = TSS_E_BAD_PARAMETER; + } + // (gamma ^ rho) % capitalGamma should be equals to 1 + if ( !bi_equals( bi_mod_exp( tmp1, public_key->gamma, + public_key->rho, + public_key->capitalGamma), + bi_1) ) { + LogError( "(gamma ^ rho) %% capitalGamma != 1\nActual value:\n%s", + bi_2_hex_char( tmp1)); + result = TSS_E_BAD_PARAMETER; + goto close; + } + // (gamma ^ rho) % capitalGamma should be equal to 1 + if ( !bi_equals( bi_mod_exp( tmp1, + public_key->gamma, + public_key->rho, + public_key->capitalGamma), + bi_1) ) { + LogError( "(gamma ^ rho) %% capitalGamma != 1\nActual value:\n%s", + bi_2_hex_char( tmp1)); + result = TSS_E_BAD_PARAMETER; + goto close; + } + LogDebug("STEP 2 check whether all public key parameters have the required length"); + if( bi_nbin_size( n) != DAA_PARAM_SIZE_RSA_MODULUS / 8) { + LogError( "size( n)[%ld] != DAA_PARAM_SIZE_RSA_MODULUS[%d]", + bi_nbin_size( n), + DAA_PARAM_SIZE_RSA_MODULUS / 8); + result = TSS_E_BAD_PARAMETER; + goto close; + } + if( bi_cmp( n, bi_shift_left( tmp1, bi_1, DAA_PARAM_SIZE_RSA_MODULUS)) + >= 0) { + LogError( "n[%ld] != DAA_PARAM_SIZE_RSA_MODULUS[%d]", + bi_nbin_size( n), + DAA_PARAM_SIZE_RSA_MODULUS); + result = TSS_E_BAD_PARAMETER; + goto close; + } + if( bi_cmp( n, bi_shift_left( tmp1, bi_1, DAA_PARAM_SIZE_RSA_MODULUS - 1 )) + <= 0) { + LogError( "n[%ld] != DAA_PARAM_SIZE_RSA_MODULUS[%d]", + bi_nbin_size( n), + DAA_PARAM_SIZE_RSA_MODULUS); + result = TSS_E_BAD_PARAMETER; + goto close; + } + // rho + if( bi_nbin_size( public_key->rho) * 8 != DAA_PARAM_SIZE_RHO) { + LogError( "size( rho)[%ld] != DAA_PARAM_SIZE_RHO[%d]", + bi_nbin_size( public_key->rho) * 8, + DAA_PARAM_SIZE_RHO); + result = TSS_E_BAD_PARAMETER; + goto close; + } + // Gamma + if( bi_nbin_size( public_key->capitalGamma) * 8 != DAA_PARAM_SIZE_MODULUS_GAMMA) { + LogError( "size( rho)[%ld] != DAA_PARAM_SIZE_MODULUS_GAMMA[%d]", + bi_nbin_size( public_key->capitalGamma) * 8, + DAA_PARAM_SIZE_MODULUS_GAMMA); + result = TSS_E_BAD_PARAMETER; + goto close; + } + if( is_range_correct( public_key->capitalS, n) == 0) { + LogError( "range not correct( pk->capitalS)\ncapitalS=\n%s\nn=\n%s", + bi_2_hex_char( public_key->capitalS), + bi_2_hex_char( n)); + result = TSS_E_BAD_PARAMETER; + goto close; + } + if( is_range_correct( public_key->capitalZ, n) == 0) { + LogError( "range not correct( pk->capitalZ)\ncapitalZ=\n%s\nn=\n%s", + bi_2_hex_char( public_key->capitalZ), + bi_2_hex_char( n)); + result = TSS_E_BAD_PARAMETER; + goto close; + } + if( is_range_correct( public_key->capitalR0, n) == 0) { + LogError( "range not correct( pk->capitalR0)\ncapitalR0=\n%s\nn=\n%s", + bi_2_hex_char( public_key->capitalR0), + bi_2_hex_char( n)); + result = TSS_E_BAD_PARAMETER; + goto close; + } + if( is_range_correct( public_key->capitalR1, n) == 0) { + LogError( "range not correct( pk->capitalR1)\ncapitalR1=\n%s\nn=\n%s", + bi_2_hex_char( public_key->capitalR1), + bi_2_hex_char( n)); + result = TSS_E_BAD_PARAMETER; + goto close; + } + for( i=0; icapitalY->length; i++) { + if( is_range_correct( public_key->capitalY->array[i], n) == 0) { + LogError( "range not correct(pk->capitalY[%d])\ncapitalY[%d]=\n%s\nn=\n%s", + i, i, + bi_2_hex_char( public_key->capitalY->array[i]), + bi_2_hex_char( n)); + result = TSS_E_BAD_PARAMETER; + goto close; + } + } + LogDebug("STEP 3 - compute verification commitments"); + // only the array is allocated, but all refs are pointing to public_key numbers + generators = get_generators( public_key); + verifiable_numbers = get_verifiable_numbers( public_key); + num_of_variables = verifiable_numbers->length; + verification_commitments = (bi_array_ptr *)malloc( sizeof(bi_array_ptr)*num_of_variables); + if (verification_commitments == NULL) { + LogError("malloc of %d bytes failed", sizeof(bi_array_ptr)*num_of_variables); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + for( i = 0; ichallenge, proof->length_challenge)); +#endif + bi_mod_exp( verification_commitments[i]->array[j], + generators->array[i], + proof->response[i]->array[j], n); + if( test_bit( j, proof->challenge, proof->length_challenge)) { + bi_mul( verification_commitments[i]->array[j], + verification_commitments[i]->array[j], + verifiable_numbers->array[i]); +#ifdef DAA_DEBUG + DUMP_BI( verification_commitments[i]->array[j]); +#endif + bi_mod( verification_commitments[i]->array[j], + verification_commitments[i]->array[j], + n); + } +#ifdef DAA_DEBUG + if( commitments != NULL && + bi_equals( verification_commitments[i]->array[j], + commitments[i]->array[j]) ==0) { + LogError( "!! ERROR i=%d j=%d\n", i, j); + DUMP_BI( commitments[i]->array[j]); + DUMP_BI( verification_commitments[i]->array[j]); + DUMP_BI( generators->array[i]); + DUMP_BI( proof->response[i]->array[j]); + DUMP_BI( verifiable_numbers->array[i]); + } + printf( "o"); fflush( stdout); +#endif + } + } + // STEP 3 - d + generateMessageDigest( verifiable_challenge, + &length_challenge, + public_key, + verification_commitments, + num_of_variables); + LogDebug("verifiable challenge=%s", + dump_byte_array( length_challenge, verifiable_challenge)); + LogDebug(" challenge=%s", + dump_byte_array( proof->length_challenge, proof->challenge)); + if( length_challenge != proof->length_challenge) { + result = TSS_E_BAD_PARAMETER; + goto close; + } + for( i=0; ichallenge[i]) { + result = TSS_E_BAD_PARAMETER; + goto close; + } + } + *isCorrect = ( memcmp( verifiable_challenge, proof->challenge, length_challenge) == 0); +close: + if( verification_commitments != NULL) { + for( i = 0; imodulus; + int num_of_variables; + int bit_size_message_digest = DAA_PARAM_SIZE_MESSAGE_DIGEST; + bi_array_ptr *xTildes = NULL; + BYTE *challenge_param; + + bi_array_ptr exponents = ALLOC_BI_ARRAY(); + bi_new_array2( exponents, 3 + x->length); + exponents->array[0] = xz; exponents->array[1] = x0; exponents->array[2] = x1; + bi_copy_array( x, 0, exponents, 3, x->length); + num_of_variables = exponents->length; + LogDebug("Step a - choose random numbers"); + LogDebug("\nchoose random numbers\n"); + xTildes = (bi_array_ptr *)malloc( sizeof(bi_array_ptr) * num_of_variables); + if (xTildes == NULL) { + LogError("malloc of %d bytes failed", sizeof(bi_array_ptr) * num_of_variables); + return NULL; + } + for( i=0; iarray[j], + generators->array[i], + xTildes[i]->array[j], + n); + } + } +#ifdef DAA_DEBUG + FILE *f=fopen("/tmp/commits", "w"); + for( i=0; iarray[j], + xTildes[i]->array[j], + exponents->array[i]); + } else { + bi_set( response[i]->array[j], + xTildes[i]->array[j]); + } + bi_mod( response[i]->array[j], response[i]->array[j], product_PQ_prime); +#ifdef DAA_DEBUG + printf("#"); + fflush(stdout); +#endif + } + } + challenge_param = (BYTE *)malloc( length_challenge); + if (challenge_param == NULL) { + LogError("malloc of %d bytes failed", length_challenge); + return NULL; + } + memcpy( challenge_param, challenge, length_challenge); + + return create_DAA_PK_PROOF( challenge_param, + length_challenge, + response, + num_of_variables); +} diff --git a/src/tspi/daa/daa_issuer/key_verification.c b/src/tspi/daa/daa_issuer/key_verification.c new file mode 100644 index 0000000..d7584f0 --- /dev/null +++ b/src/tspi/daa/daa_issuer/key_verification.c @@ -0,0 +1,147 @@ +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2006 + * + */ + +#include +#include +#include +#include + +#include +#include "spi_internal_types.h" +#include "spi_utils.h" +#include "obj.h" +#include "issuer.h" + +static char *DEFAULT_FILENAME = "issuer.txt"; + +//static TSS_HCONTEXT _hContext; + +static void *intern_alloc( size_t size, TSS_HOBJECT param_alloc) { + // void *ret = calloc_tspi( , size); + void *ret = malloc( size); + LogDebug("[intern_alloc (%d)] -> %d", (int)size, (int)ret); + return ret; +} + +void isCorrect( TSS_HDAA hDAA, + TSS_DAA_PK_internal *pk_internal, + TSS_DAA_PK_PROOF_internal *proof_internal) +{ + TSS_BOOL isCorrect; + TSS_RESULT result; + TSS_DAA_PK *pk; + TSS_DAA_PK_PROOF *pk_proof; + + pk = i_2_e_TSS_DAA_PK( pk_internal, &intern_alloc, (TSS_HOBJECT)NULL); + pk_proof = i_2_e_TSS_DAA_PK_PROOF( proof_internal, + &intern_alloc, + (TSS_HOBJECT)NULL); + result = Tspi_DAA_IssuerKeyVerification( hDAA, + (TSS_HKEY)pk, + pk_proof, + &isCorrect); + if ( result != TSS_SUCCESS ) { + fprintf( stderr, "Tspi_DAA_IssuerKeyVerification error: %d\n", result ); + } + free_TSS_DAA_PK( pk); + printf("isCorrect=%d\n", isCorrect); +} + +int print_usage(char *cmd) { + fprintf(stderr, "usage: %s\n", cmd); + fprintf(stderr, "\t-if,\t--issuer_file\tthe file that will contain\ + all key pair and proof to be used by the issuer (default: %s)\n", DEFAULT_FILENAME); + return -1; +} + +int main(int argc, char *argv[]) { + char *filename = DEFAULT_FILENAME; + int i=1; + char *param; + TSS_RESULT result; + TSS_HCONTEXT hContext; + TSS_HDAA hDAA; + FILE *file; + +// foreground = 1; // for debug + printf("Key Verification (%s:%s,%s)\n", argv[0], __DATE__, __TIME__); + while( i < argc) { + param = argv[ i]; + if( strcmp( param, "-if") == 0 || strcmp( param, "--issuer_file")) { + i++; + if( i == argc) return print_usage( argv[0]); + filename = argv[i]; + } else { + fprintf(stderr, "%s:unrecognized option `%s'\n", argv[0], param); + return print_usage( argv[0]); + } + i++; + } + bi_init( NULL); + printf("Loading issuer info (keypair & proof) -> \'%s\'", filename); + file = fopen( filename, "r"); + if( file == NULL) { + fprintf( stderr, + "%s: Error when opening \'%s\': %s\n", + argv[0], + filename, + strerror( errno)); + return -1; + } + KEY_PAIR_WITH_PROOF_internal *key_pair_with_proof = load_KEY_PAIR_WITH_PROOF( file); + if( key_pair_with_proof == NULL) { + fprintf( stderr, + "%s: Error when reading \'%s\': %s\n", + argv[0], + filename, + strerror( errno)); + return -1; + } + fclose( file); + + // Create Context + printf("\nCreate Context\n"); + result = Tspi_Context_Create( &hContext ); + if ( result != TSS_SUCCESS ) + { + fprintf( stderr, "Tspi_Context_Create %d\n", result ); + exit( result ); + } + + // Connect to Context + printf("\nConnect to the context\n"); + result = Tspi_Context_Connect( hContext, NULL ); + if ( result != TSS_SUCCESS ) + { + fprintf( stderr, "Tspi_Context_Connect error:%d\n", result ); + Tspi_Context_FreeMemory( hContext, NULL ); + Tspi_Context_Close( hContext ); + exit( result ); + } + + //TODO save key in the persistent store + // result = ps_write_key( fd, ) + + //Create Object + result = obj_daa_add( hContext, &hDAA); + if (result != TSS_SUCCESS) { + LogError("Tspi_Context_CreateObject:%d", result); + Tspi_Context_Close(hContext); + LogError("issuer_setup: %s", err_string(result)); + exit(result); + } + + // TSS_HDAA, TSS_HKEY, TSS_DAA_PK_PROOF, TSS_BOOL* + isCorrect( hDAA, key_pair_with_proof->pk, key_pair_with_proof->proof); + obj_daa_remove( hDAA, hContext); + printf("\nClosing the context\n"); + Tspi_Context_FreeMemory( hContext, NULL ); + Tspi_Context_Close( hContext ); + exit( 0 ); +} diff --git a/src/tspi/daa/daa_issuer/keypair_generator.c b/src/tspi/daa/daa_issuer/keypair_generator.c new file mode 100644 index 0000000..9a67254 --- /dev/null +++ b/src/tspi/daa/daa_issuer/keypair_generator.c @@ -0,0 +1,397 @@ +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2006 + * + */ + +#include +#include +#include +#include + +#include "bi.h" +#include "list.h" +#include "daa_structs.h" +#include "daa_parameter.h" +#include "issuer.h" + +static const int ELEMENT = 0; +static const int EXPONENT = 1; + +extern void prime_init(); +extern void compute_safe_prime(bi_ptr result, int bit_length, int prime_certainty); + +bi_ptr +compute_random_number_star( bi_ptr result, const bi_ptr element) +{ + bi_t bi_tmp; + + bi_new(bi_tmp); + do { + compute_random_number(result, element); + } while (!bi_equals_si(bi_gcd(bi_tmp, result, element), 1)); + + bi_free(bi_tmp); + + return result; +} + +/* Compute a generator of the group of quadratic residue modulo n. The + * generator will not be part of the subgroup of size 2. + * n: modulus */ +void +compute_generator_quadratic_residue(bi_t qr, bi_t n) +{ + bi_t bi_tmp, bi_tmp1; + + bi_new(bi_tmp); + bi_new(bi_tmp1); + + do { + compute_random_number(qr, n); + // qr = (qr ^ bi_2) % n + bi_mod_exp(qr, qr, bi_2, n); + } while (bi_cmp_si(qr, 1) == 0 || + bi_cmp_si(bi_gcd(bi_tmp, n, bi_sub_si(bi_tmp1, qr, 1)), 1) != 0); + + bi_free(bi_tmp); + bi_free(bi_tmp1); +} + +void +compute_group_element(bi_ptr result[], + bi_ptr generator, + bi_ptr product_PQprime, + bi_ptr n) +{ + bi_t bi_tmp; + + bi_new(bi_tmp); + compute_random_number(bi_tmp, product_PQprime); + + // bi_tmp++ + bi_inc(bi_tmp); + + // result[ELEMENT] := (generator ^ bi_tmp) mod n + bi_mod_exp(result[ELEMENT], generator, bi_tmp, n); + bi_set(result[EXPONENT], bi_tmp); + bi_free(bi_tmp); +} + + +TSS_RESULT +generate_key_pair(UINT32 num_attributes_issuer, + UINT32 num_attributes_receiver, + UINT32 base_nameLength, + BYTE* base_name, + KEY_PAIR_WITH_PROOF_internal** key_pair_with_proof) +{ + TSS_RESULT result = TSS_SUCCESS; + int length_mod = DAA_PARAM_SIZE_RSA_MODULUS; + int length; + int i; + TSS_DAA_PK_internal *public_key = NULL; + BYTE *buffer = NULL; + bi_ptr pPrime = NULL; + bi_ptr qPrime = NULL; + bi_ptr n = NULL; + bi_ptr p = NULL; + bi_ptr q = NULL; + bi_ptr capital_s = NULL; + bi_ptr capital_z = NULL; + bi_ptr product_PQprime = NULL; + bi_ptr pair[2] = {NULL, NULL}; + bi_ptr xz = NULL; + bi_ptr capital_r0 = NULL; + bi_ptr x0 = NULL; + bi_ptr capital_r1 = NULL; + bi_ptr x1 = NULL; + bi_array_ptr x = NULL; + bi_array_ptr capital_r = NULL; + bi_array_ptr capitalRReceiver = NULL; + bi_array_ptr capitalRIssuer = NULL; + bi_ptr gamma = NULL; + bi_ptr capital_gamma = NULL; + bi_ptr rho = NULL; + bi_ptr r = NULL; + bi_ptr rho_double = NULL; + bi_t bi_tmp, bi_tmp1, bi_tmp2; + + bi_new(bi_tmp); + bi_new(bi_tmp1); + bi_new(bi_tmp2); + *key_pair_with_proof = NULL; + + // STEP 1 + LogDebug("Step 1 of 8 - compute modulus n (please wait: long process)\n"); + + // FUTURE USAGE if( IS_DEBUG==0) + prime_init(); + p = bi_new_ptr(); + q = bi_new_ptr(); + n = bi_new_ptr(); + + do { + // FUTURE USAGE + /* compute_safe_prime( p, length_mod / 2); + do { + compute_safe_prime( q, + length_mod - (length_mod >> 1)); + } while( bi_cmp( p, q) ==0); + } else */ + { + bi_generate_safe_prime(p, length_mod / 2); + bi_generate_safe_prime(q, length_mod - (length_mod / 2)); + LogDebug("."); + } + // n = p*q + bi_mul(n, p, q); + } while(bi_length(n) != length_mod); + + pPrime = bi_new_ptr(); + bi_sub(pPrime, p, bi_1); + + // pPrime = (p - 1) >> 1 + bi_shift_right(pPrime, pPrime, 1); + qPrime = bi_new_ptr(); + bi_sub(qPrime, q, bi_1); + + // qPrime = (q - 1) >> 1 + bi_shift_right( qPrime, qPrime, 1); + if (bi_is_probable_prime(pPrime) == 0) { + LogError("!! pPrime not a prime number: %s", bi_2_hex_char(pPrime)); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto close; + } + if (bi_is_probable_prime(qPrime) == 0) { + LogError("!! qPrime not a prime number: %s", bi_2_hex_char(qPrime)); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto close; + } + LogDebug("p=%s", bi_2_hex_char(p)); + LogDebug("q=%s", bi_2_hex_char(q)); + LogDebug("n=%s", bi_2_hex_char(n)); + + // STEP 2 + LogDebug("Step 2 - choose random generator of QR_n"); + capital_s = bi_new_ptr(); + compute_generator_quadratic_residue(capital_s, n); + LogDebug("capital_s=%s", bi_2_hex_char(capital_s)); + + // STEP 3 & 4 + LogDebug("Step 3 & 4 - compute group elements"); + product_PQprime = bi_new_ptr(); + bi_mul( product_PQprime, pPrime, qPrime); + pair[ELEMENT] = bi_new_ptr(); + pair[EXPONENT] = bi_new_ptr(); + + LogDebug("product_PQprime=%s [%ld]", bi_2_hex_char(product_PQprime), + bi_nbin_size(product_PQprime)); + + compute_group_element(pair, capital_s, product_PQprime, n); + capital_z = bi_new_ptr(); + bi_set(capital_z, pair[ELEMENT]); + xz = bi_new_ptr(); + bi_set(xz, pair[EXPONENT]); + + // attributes bases + compute_group_element(pair, capital_s, product_PQprime, n); + capital_r0 = bi_new_ptr(); + bi_set(capital_r0, pair[ELEMENT]); + x0 = bi_new_ptr(); + bi_set(x0, pair[EXPONENT]); + + compute_group_element(pair, capital_s, product_PQprime, n); + capital_r1 = bi_new_ptr(); + bi_set(capital_r1, pair[ELEMENT]); + x1 = bi_new_ptr(); + bi_set(x1, pair[EXPONENT]); + + // additional attribute bases + length = num_attributes_issuer + num_attributes_receiver; + x = ALLOC_BI_ARRAY(); + bi_new_array(x, length); + capital_r = ALLOC_BI_ARRAY(); + bi_new_array(capital_r, length); + + for (i = 0; i < length; i++) { + compute_group_element(pair, capital_s, product_PQprime, n); + bi_set(capital_r->array[i], pair[ELEMENT]); + bi_set(x->array[i], pair[EXPONENT]); + } + + // split capitalR into Receiver and Issuer part + capitalRReceiver = ALLOC_BI_ARRAY(); + bi_new_array2(capitalRReceiver, num_attributes_receiver); + for (i = 0; i < num_attributes_receiver; i++) + capitalRReceiver->array[i] = capital_r->array[i]; + capitalRIssuer = ALLOC_BI_ARRAY(); + bi_new_array2(capitalRIssuer, num_attributes_issuer); + for (i = 0; i < num_attributes_issuer; i++) + capitalRIssuer->array[i] = capital_r->array[i + num_attributes_receiver]; + + // STEP 6a + LogDebug("Step 6"); + gamma = bi_new_ptr(); + capital_gamma = bi_new_ptr(); + rho = bi_new_ptr(); + r = bi_new_ptr(); + rho_double = bi_new_ptr(); + + bi_generate_prime(rho, DAA_PARAM_SIZE_RHO); + if (bi_length(rho) != DAA_PARAM_SIZE_RHO) { + LogError("rho bit length=%ld", bi_length(rho)); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto close; + } + + do { + length = DAA_PARAM_SIZE_MODULUS_GAMMA - DAA_PARAM_SIZE_RHO; + do { + bi_urandom(r, length); + } while(bi_length(r) != length || bi_equals_si(bi_mod(bi_tmp, r, rho), 0)); + + // rho is not a dividor of r + bi_mul( capital_gamma, rho, r); + // capital_gamma ++ + bi_inc( capital_gamma); +#ifdef DAA_DEBUG + if (bi_length(capital_gamma) != DAA_PARAM_SIZE_MODULUS_GAMMA) { + printf("|"); fflush(stdout); + } else { + printf("."); fflush(stdout); + } +#endif + } while (bi_length(capital_gamma) != DAA_PARAM_SIZE_MODULUS_GAMMA || + bi_is_probable_prime(capital_gamma) == 0 ); + + // STEP 6b + if (bi_equals(bi_sub_si(bi_tmp, capital_gamma, 1), + bi_mod(bi_tmp1, bi_mul(bi_tmp2, rho, r), n)) == 0) { + LogWarn("capital_gamma-1 != (rho * r) mod n tmp=%s tmp1=%s", + bi_2_hex_char(bi_tmp), bi_2_hex_char(bi_tmp1)); + } + + if (bi_equals(bi_div(bi_tmp, bi_sub_si(bi_tmp1, capital_gamma, 1), rho), r ) == 0) { + LogWarn("( capital_gamma - 1)/rho != r"); + } + + LogDebug("capital_gamma=%s\n", bi_2_hex_char(capital_gamma)); + do { + compute_random_number_star(gamma, capital_gamma); + // gamma = (gamma ^ r) mod capital_gamma + bi_mod_exp(gamma, gamma, r, capital_gamma); + } while (bi_equals(gamma, bi_1)); + // STEP 7 + buffer = (BYTE *)malloc(base_nameLength); + if (buffer == NULL) { + LogError("malloc of %u bytes failed", base_nameLength); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + memcpy(buffer, base_name, base_nameLength); + // all fields are linked to the struct with direct reference + public_key = create_DAA_PK(n, capital_s, capital_z, capital_r0, capital_r1, gamma, + capital_gamma, rho, capitalRReceiver, capitalRIssuer, + base_nameLength, buffer); + + // STEP 8 + // TODO dynamically load DAAKeyCorrectnessProof + LogDebug("Step 8: generate proof (please wait: long process)"); + TSS_DAA_PK_PROOF_internal *correctness_proof = generate_proof(product_PQprime, public_key, + xz, x0, x1, x); + if (correctness_proof == NULL) { + LogError("creation of correctness_proof failed"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + + *key_pair_with_proof = (KEY_PAIR_WITH_PROOF_internal *) + malloc(sizeof(KEY_PAIR_WITH_PROOF_internal)); + if (*key_pair_with_proof == NULL) { + LogError("malloc of %zd bytes failed", sizeof(KEY_PAIR_WITH_PROOF_internal)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + + (*key_pair_with_proof)->pk = public_key; + (*key_pair_with_proof)->proof = correctness_proof; + // all fields are linked to the struct with direct reference + (*key_pair_with_proof)->private_key = create_TSS_DAA_PRIVATE_KEY(pPrime, qPrime); +close: + if (result != TSS_SUCCESS) { + // remove everything, even numbers that should be stored in a struct + FREE_BI(pPrime); // kept if no error + FREE_BI(qPrime); // kept if no error + FREE_BI(n); // kept if no error + // FREE_BI( p); + // FREE_BI( q); + FREE_BI(capital_s); // kept if no error + FREE_BI(capital_z); // kept if no error + // FREE_BI(product_PQprime); + // FREE_BI(pair[ELEMENT]); + // FREE_BI(pair[EXPONENT]); + // FREE_BI(xz); + FREE_BI(capital_r0); // kept if no error + // FREE_BI(x0); + FREE_BI(capital_r1); // kept if no error + // FREE_BI( x1); + // bi_array_ptr x = NULL; + // bi_array_ptr capital_r = NULL; + // bi_array_ptr capitalRReceiver = NULL; + // bi_array_ptr capitalRIssuer = NULL; + FREE_BI( gamma); // kept if no error + FREE_BI( capital_gamma); // kept if no error + FREE_BI( rho); // kept if no error + // FREE_BI( r); + // FREE_BI( rho_double); + if (buffer!=NULL) + free(buffer); + + if (public_key != NULL) + free(public_key); + + if (*key_pair_with_proof != NULL) + free(*key_pair_with_proof); + } + /* + Fields kept by structures + TSS_DAA_PK: n + capital_s + capital_z + capital_r0 + capital_r1 + gamma + capital_gamma + rho + capitalRReceiver + capitalRIssuer + base_nameLength + buffer + TSS_DAA_PRIVATE_KEY: + pPrime + qPrime + */ + bi_free(bi_tmp); + bi_free(bi_tmp1); + bi_free(bi_tmp2); + FREE_BI(p); + FREE_BI(q); + FREE_BI(product_PQprime); + FREE_BI(pair[ELEMENT]); + FREE_BI(pair[EXPONENT]); + FREE_BI(xz); + FREE_BI(x0); + FREE_BI(x0); + // bi_array_ptr x = NULL; + // bi_array_ptr capital_r = NULL; + // bi_array_ptr capitalRReceiver = NULL; + // bi_array_ptr capitalRIssuer = NULL; + FREE_BI(r); + FREE_BI(rho_double); + + return result; +} diff --git a/src/tspi/daa/daa_issuer/prime_gen.c b/src/tspi/daa/daa_issuer/prime_gen.c new file mode 100644 index 0000000..27c4026 --- /dev/null +++ b/src/tspi/daa/daa_issuer/prime_gen.c @@ -0,0 +1,327 @@ +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004, 2005 + * + */ + +#include +#include +#include + +#include "bi.h" +#include "list.h" +#include "tsplog.h" + +static unsigned long *primes; +static int primes_length; + +/* Generates a random number of bit_length bit length. The first two bits and the last bit of this + * number are always set, therefore the number is odd and >= (2^(bit_length-1)+2^(bit_length-2)+1) + * + * bit_length: The length of the number to be generated, in bits + * return: a random number of bitLength bit length with first and last bits set + */ +void +random_odd_bi(bi_ptr bi, int bit_length) +{ + if (bit_length > 0) { + bi_urandom(bi, bit_length); + //bi_generate_prime(bi, bit_length); + bi_setbit(bi, 0); + bi_setbit(bi, bit_length - 1); + bi_setbit(bi, bit_length - 2); + } +} + +/* This method generates small prime numbers up to a specified bounds using the Sieve of + * Eratosthenes algorithm. + * + * prime_bound: the upper bound for the primes to be generated + * starting_prime: the first prime in the list of primes that is returned + * return: list of primes up to the specified bound. Each prime is of type bi_ptr + */ +void +generate_small_primes(int prime_bound, int starting_prime) +{ + list_ptr res; + int length; + int *is_primes; + int i; + int k; + int prime; + node_t *current; + + primes_length = 0; + res = list_new(); + if (allocs == NULL) { + LogError("malloc of list failed"); + return; + } + if ((prime_bound <= 1) || (starting_prime > prime_bound)) + return; + + if (starting_prime <= 2) { + starting_prime = 2; + list_add(res, bi_2); + } + length = (prime_bound - 1) >> 1; // length = (prime_bound -1) / 2; + is_primes = (int *)malloc(sizeof(int)*length); + if (is_primes == NULL) { + LogError("malloc of %zd bytes failed", sizeof(int) * length); + return; + } + + for (i = 0; i < length; i++) + is_primes[i] = 1; + + for (i = 0; i < length; i++) { + if (is_primes[i] == 1) { + prime = 2 * i + 3; + for (k = i + prime; k < length; k+= prime) + is_primes[k] = 0; + + if (prime >= starting_prime) { + list_add(res, (void *)prime); + primes_length++; + } + } + } + // converti the list to a table + current = res->head; // go to first node + primes = (unsigned long *)malloc(sizeof(unsigned long) * primes_length); + if (primes == NULL) { + LogError("malloc of %d bytes failed", + sizeof(unsigned long)*primes_length); + return; + } + + i = 0; + while (current != NULL) { + primes[i++] = (unsigned long)current->obj; + current = current->next; // traverse through the list + } + + free(is_primes); + list_freeall(res); +} + +void +prime_init() +{ + generate_small_primes(16384, 3); +} + +/* Test whether the provided pDash or p = 2*pDash + 1 are divisible by any of the small primes + * saved in the listOfSmallPrimes. A limit for the largest prime to be tested against can be + * specified, but it will be ignored if it exeeds the number of precalculated primes. + * + * p_dash: the number to be tested (p_dash) + * prime_bound: the limit for the small primes to be tested against. + */ +static int +test_small_prime_factors(const bi_ptr p_dash, const unsigned long prime_bound) +{ + int sievePassed = 1; + unsigned long r; + unsigned long small_prime; + bi_t temp; bi_new(temp); + + small_prime = 1; + int i = 0; + while (i < primes_length && small_prime < prime_bound ) { + small_prime = primes[i++]; + // r = p_dash % small_prime + bi_mod_si(temp, p_dash, small_prime); + r = bi_get_si(temp); + // test if pDash = 0 (mod smallPrime) + if (r == 0) { + sievePassed = 0; + break; + } + // test if p = 0 (mod smallPrime) (or r == smallPrime - r - 1) + if (r == (small_prime - r - 1)) { + sievePassed = 0; + break; + } + } + bi_free(temp); + + return sievePassed; +} + +/* Tests if a is a Miller-Rabin witness for n + * + * a: number which is supposed to be the witness + * n: number to be tested against + * return: true if a is Miller-Rabin witness for n, false otherwise + */ +int +is_miller_rabin_witness(const bi_ptr a, const bi_ptr n) +{ + bi_t n_1; + bi_t temp; + bi_t _2_power_t; + bi_t u; + bi_t x0; + bi_t x1; + int t = -1; + int i; + + bi_new(n_1); + bi_new(temp); + bi_new(_2_power_t); + bi_new(u); + + // n1 = n - 1 + bi_sub_si(n_1, n, 1); + + // test if n-1 = 2^t*u with t >= 1 && u even + do { + t++; + // _2_power_t = bi_1 << t ( == 2 ^ t) + bi_shift_left(_2_power_t, bi_1, t); + // u = n_1 / (2 ^ t) + bi_div(u, n_1, _2_power_t); + } while (bi_equals_si(bi_mod(temp, u, bi_2), 0)); + + bi_new(x0); + bi_new(x1); + + // x1 = (a ^ u ) % n + bi_mod_exp(x1, a, u, n); + + // finished to use u, _2_power_t and temp + bi_free(u); + bi_free(_2_power_t); + bi_free(temp); + for (i = 0; i < t; i++) { + bi_set(x0, x1); + + // x1 = (x0 ^ 2) % n + bi_mod_exp(x1, x0, bi_2, n); + if (bi_equals_si(x1, 1) && !bi_equals_si(x0, 1) && !bi_equals(x0, n_1) != 0) { + bi_free(x0); + bi_free(x1); + bi_free(n_1); + return 1; + } + } + + bi_free(x0); + bi_free(x1); + bi_free(n_1); + + if (!bi_equals(x1, bi_1)) + return 1; + + return 0; +} + +bi_ptr +compute_trivial_safe_prime(bi_ptr result, int bit_length) +{ + LogDebugFn("Enter"); + do { + bi_generate_prime(result, bit_length-1); + bi_shift_left(result, result, 1); // result := result << 1 + bi_add_si(result, result, 1); // result := result -1 + if (getenv("TSS_DEBUG_OFF") == NULL) { + printf("."); + fflush(stdout); + } + } while (bi_is_probable_prime(result)==0); + + return result; +} + +/* The main method to compute a random safe prime of the specified bit length. + * IMPORTANT: The computer prime will have two first bits and the last bit set to 1 !! + * i.e. > (2^(bitLength-1)+2^(bitLength-2)+1). This is done to be sure that if two primes of + * bitLength n are multiplied, the result will have the bitLenght of 2*n exactly This + * implementation uses the algorithm proposed by Ronald Cramer and Victor Shoup in "Signature + * Schemes Based on the strong RSA Assumption" May 9, 2000. + * + * bitLength: the bit length of the safe prime to be computed. + * return: a number which is considered to be safe prime + */ +bi_ptr +compute_safe_prime(bi_ptr p, int bit_length) +{ + bi_ptr p_dash; + bi_ptr temp_p; + bi_ptr p_minus_1; + int stop; + unsigned long prime_bound; + + LogDebug("compute Safe Prime: length: %d bits\n", bit_length); + + p_dash = bi_new_ptr(); + temp_p = bi_new_ptr(); + p_minus_1 = bi_new_ptr(); + + /* some heuristic checks to limit the number of small primes to check against and the + * number of Miller-Rabin primality tests at the end */ + if (bit_length <= 256) { + prime_bound = 768; + } else if (bit_length <= 512) { + prime_bound = 3072; + } else if (bit_length <= 768) { + prime_bound = 6144; + } else if (bit_length <= 1024) { + prime_bound = 1024; + } else { + prime_bound = 16384; + } + + do { + stop = 0; + /* p_dash = generated random with basic bit settings (odd) */ + random_odd_bi(p_dash, bit_length - 1); + + if (test_small_prime_factors(p_dash, prime_bound) == 0) { + LogDebugFn("1"); + continue; + } + /* test if p_dash or p are divisible by some small primes */ + if (is_miller_rabin_witness(bi_2, p_dash)) { + LogDebugFn("2"); + continue; + } + /* test if 2^(pDash) = +1/-1 (mod p) + * bi can not handle negative operation, we compare to (p-1) instead of -1 + * calculate p = 2*pDash+1 -> (pDash << 1) + 1 + */ + bi_shift_left(p, p_dash, 1); + bi_add(p, p, bi_1); + + // p_minus_1:= p - 1 + bi_sub(p_minus_1, p, bi_1); + + // temp_p := ( 2 ^ p_dash ) mod p + bi_mod_exp(temp_p, bi_2, p_dash, p); + if (!bi_equals_si(temp_p, 1) && !bi_equals(temp_p, p_minus_1) ) { + LogDebugFn("3"); + continue; + } + + // test if pDash or p are divisible by some small primes + if (is_miller_rabin_witness(bi_2, p_dash)) { + LogDebugFn("4"); + continue; + } + // test the library dependent probable_prime + if (bi_is_probable_prime(p_dash)) + stop = 1; + } while (stop == 0); + + bi_free(p_minus_1); + bi_free(temp_p); + bi_free(p_dash); + + LogDebug("found Safe Prime: %s bits", bi_2_hex_char(p)); + + return p; +} diff --git a/src/tspi/daa/daa_parameter.c b/src/tspi/daa/daa_parameter.c new file mode 100644 index 0000000..58f240f --- /dev/null +++ b/src/tspi/daa/daa_parameter.c @@ -0,0 +1,184 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2006 + * + */ + +#include "daa_parameter.h" + +setenv("TCSD_FOREGROUND", "1", 1); + +static EVP_MD *digest = NULL; + +extern EVP_MD *DAA_PARAM_get_message_digest(void) { + if( digest == NULL) { + OpenSSL_add_all_digests(); + digest = EVP_get_digestbyname( DAA_PARAM_MESSAGE_DIGEST_ALGORITHM); + } + return digest; +} + +// from common.c (ltp-tss) +char *err_string(TSS_RESULT r) +{ + /* Check the return code to see if it is common to all layers. + * If so, return it. + */ + switch (TSS_ERROR_CODE(r)) { + case TSS_SUCCESS: return "TSS_SUCCESS"; + default: + break; + } + + /* The return code is either unknown, or specific to a layer */ + if (TSS_ERROR_LAYER(r) == TSS_LAYER_TPM) { + switch (TSS_ERROR_CODE(r)) { + case TCPA_E_AUTHFAIL: return "TCPA_E_AUTHFAIL"; + case TCPA_E_BADINDEX: return "TCPA_E_BADINDEX"; + case TCPA_E_AUDITFAILURE: return "TCPA_E_AUDITFAILURE"; + case TCPA_E_CLEAR_DISABLED: return "TCPA_E_CLEAR_DISABLED"; + case TCPA_E_DEACTIVATED: return "TCPA_E_DEACTIVATED"; + case TCPA_E_DISABLED: return "TCPA_E_DISABLED"; + case TCPA_E_DISABLED_CMD: return "TCPA_E_DISABLED_CMD"; + case TCPA_E_FAIL: return "TCPA_E_FAIL"; + case TCPA_E_INACTIVE: return "TCPA_E_INACTIVE"; + case TCPA_E_INSTALL_DISABLED: return "TCPA_E_INSTALL_DISABLED"; + case TCPA_E_INVALID_KEYHANDLE: return "TCPA_E_INVALID_KEYHANDLE"; + case TCPA_E_KEYNOTFOUND: return "TCPA_E_KEYNOTFOUND"; + case TCPA_E_NEED_SELFTEST: return "TCPA_E_NEED_SELFTEST"; + case TCPA_E_MIGRATEFAIL: return "TCPA_E_MIGRATEFAIL"; + case TCPA_E_NO_PCR_INFO: return "TCPA_E_NO_PCR_INFO"; + case TCPA_E_NOSPACE: return "TCPA_E_NOSPACE"; + case TCPA_E_NOSRK: return "TCPA_E_NOSRK"; + case TCPA_E_NOTSEALED_BLOB: return "TCPA_E_NOTSEALED_BLOB"; + case TCPA_E_OWNER_SET: return "TCPA_E_OWNER_SET"; + case TCPA_E_RESOURCES: return "TCPA_E_RESOURCES"; + case TCPA_E_SHORTRANDOM: return "TCPA_E_SHORTRANDOM"; + case TCPA_E_SIZE: return "TCPA_E_SIZE"; + case TCPA_E_WRONGPCRVAL: return "TCPA_E_WRONGPCRVAL"; + case TCPA_E_BAD_PARAM_SIZE: return "TCPA_E_BAD_PARAM_SIZE"; + case TCPA_E_SHA_THREAD: return "TCPA_E_SHA_THREAD"; + case TCPA_E_SHA_ERROR: return "TCPA_E_SHA_ERROR"; + case TCPA_E_FAILEDSELFTEST: return "TCPA_E_FAILEDSELFTEST"; + case TCPA_E_AUTH2FAIL: return "TCPA_E_AUTH2FAIL"; + case TCPA_E_BADTAG: return "TCPA_E_BADTAG"; + case TCPA_E_IOERROR: return "TCPA_E_IOERROR"; + case TCPA_E_ENCRYPT_ERROR: return "TCPA_E_ENCRYPT_ERROR"; + case TCPA_E_DECRYPT_ERROR: return "TCPA_E_DECRYPT_ERROR"; + case TCPA_E_INVALID_AUTHHANDLE: return "TCPA_E_INVALID_AUTHHANDLE"; + case TCPA_E_NO_ENDORSEMENT: return "TCPA_E_NO_ENDORSEMENT"; + case TCPA_E_INVALID_KEYUSAGE: return "TCPA_E_INVALID_KEYUSAGE"; + case TCPA_E_WRONG_ENTITYTYPE: return "TCPA_E_WRONG_ENTITYTYPE"; + case TCPA_E_INVALID_POSTINIT: return "TCPA_E_INVALID_POSTINIT"; + case TCPA_E_INAPPROPRIATE_SIG: return "TCPA_E_INAPPROPRIATE_SIG"; + case TCPA_E_BAD_KEY_PROPERTY: return "TCPA_E_BAD_KEY_PROPERTY"; + case TCPA_E_BAD_MIGRATION: return "TCPA_E_BAD_MIGRATION"; + case TCPA_E_BAD_SCHEME: return "TCPA_E_BAD_SCHEME"; + case TCPA_E_BAD_DATASIZE: return "TCPA_E_BAD_DATASIZE"; + case TCPA_E_BAD_MODE: return "TCPA_E_BAD_MODE"; + case TCPA_E_BAD_PRESENCE: return "TCPA_E_BAD_PRESENCE"; + case TCPA_E_BAD_VERSION: return "TCPA_E_BAD_VERSION"; + case TCPA_E_RETRY: return "TCPA_E_RETRY"; + default: return "UNKNOWN TPM ERROR"; + } + } else if (TSS_ERROR_LAYER(r) == TSS_LAYER_TDDL) { + switch (TSS_ERROR_CODE(r)) { + case TSS_E_FAIL: return "TSS_E_FAIL"; + case TSS_E_BAD_PARAMETER: return "TSS_E_BAD_PARAMETER"; + case TSS_E_INTERNAL_ERROR: return "TSS_E_INTERNAL_ERROR"; + case TSS_E_NOTIMPL: return "TSS_E_NOTIMPL"; + case TSS_E_PS_KEY_NOTFOUND: return "TSS_E_PS_KEY_NOTFOUND"; + case TSS_E_KEY_ALREADY_REGISTERED: return "TSS_E_KEY_ALREADY_REGISTERED"; + case TSS_E_CANCELED: return "TSS_E_CANCELED"; + case TSS_E_TIMEOUT: return "TSS_E_TIMEOUT"; + case TSS_E_OUTOFMEMORY: return "TSS_E_OUTOFMEMORY"; + case TSS_E_TPM_UNEXPECTED: return "TSS_E_TPM_UNEXPECTED"; + case TSS_E_COMM_FAILURE: return "TSS_E_COMM_FAILURE"; + case TSS_E_TPM_UNSUPPORTED_FEATURE: return "TSS_E_TPM_UNSUPPORTED_FEATURE"; + case TDDL_E_COMPONENT_NOT_FOUND: return "TDDL_E_COMPONENT_NOT_FOUND"; + case TDDL_E_ALREADY_OPENED: return "TDDL_E_ALREADY_OPENED"; + case TDDL_E_BADTAG: return "TDDL_E_BADTAG"; + case TDDL_E_INSUFFICIENT_BUFFER: return "TDDL_E_INSUFFICIENT_BUFFER"; + case TDDL_E_COMMAND_COMPLETED: return "TDDL_E_COMMAND_COMPLETED"; + case TDDL_E_ALREADY_CLOSED: return "TDDL_E_ALREADY_CLOSED"; + case TDDL_E_IOERROR: return "TDDL_E_IOERROR"; + default: return "UNKNOWN TDDL ERROR"; + } + } else if (TSS_ERROR_LAYER(r) == TSS_LAYER_TCS) { + switch (TSS_ERROR_CODE(r)) { + case TSS_E_FAIL: return "TSS_E_FAIL"; + case TSS_E_BAD_PARAMETER: return "TSS_E_BAD_PARAMETER"; + case TSS_E_INTERNAL_ERROR: return "TSS_E_INTERNAL_ERROR"; + case TSS_E_NOTIMPL: return "TSS_E_NOTIMPL"; + case TSS_E_PS_KEY_NOTFOUND: return "TSS_E_PS_KEY_NOTFOUND"; + case TSS_E_KEY_ALREADY_REGISTERED: return "TSS_E_KEY_ALREADY_REGISTERED"; + case TSS_E_CANCELED: return "TSS_E_CANCELED"; + case TSS_E_TIMEOUT: return "TSS_E_TIMEOUT"; + case TSS_E_OUTOFMEMORY: return "TSS_E_OUTOFMEMORY"; + case TSS_E_TPM_UNEXPECTED: return "TSS_E_TPM_UNEXPECTED"; + case TSS_E_COMM_FAILURE: return "TSS_E_COMM_FAILURE"; + case TSS_E_TPM_UNSUPPORTED_FEATURE: return "TSS_E_TPM_UNSUPPORTED_FEATURE"; + case TCS_E_KEY_MISMATCH: return "TCS_E_KEY_MISMATCH"; + case TCS_E_KM_LOADFAILED: return "TCS_E_KM_LOADFAILED"; + case TCS_E_KEY_CONTEXT_RELOAD: return "TCS_E_KEY_CONTEXT_RELOAD"; + case TCS_E_INVALID_CONTEXTHANDLE: return "TCS_E_INVALID_CONTEXTHANDLE"; + case TCS_E_INVALID_KEYHANDLE: return "TCS_E_INVALID_KEYHANDLE"; + case TCS_E_INVALID_AUTHHANDLE: return "TCS_E_INVALID_AUTHHANDLE"; + case TCS_E_INVALID_AUTHSESSION: return "TCS_E_INVALID_AUTHSESSION"; + case TCS_E_INVALID_KEY: return "TCS_E_INVALID_KEY"; + default: return "UNKNOWN TCS ERROR"; + } + } else { + switch (TSS_ERROR_CODE(r)) { + case TSS_E_FAIL: return "TSS_E_FAIL"; + case TSS_E_BAD_PARAMETER: return "TSS_E_BAD_PARAMETER"; + case TSS_E_INTERNAL_ERROR: return "TSS_E_INTERNAL_ERROR"; + case TSS_E_NOTIMPL: return "TSS_E_NOTIMPL"; + case TSS_E_PS_KEY_NOTFOUND: return "TSS_E_PS_KEY_NOTFOUND"; + case TSS_E_KEY_ALREADY_REGISTERED: return "TSS_E_KEY_ALREADY_REGISTERED"; + case TSS_E_CANCELED: return "TSS_E_CANCELED"; + case TSS_E_TIMEOUT: return "TSS_E_TIMEOUT"; + case TSS_E_OUTOFMEMORY: return "TSS_E_OUTOFMEMORY"; + case TSS_E_TPM_UNEXPECTED: return "TSS_E_TPM_UNEXPECTED"; + case TSS_E_COMM_FAILURE: return "TSS_E_COMM_FAILURE"; + case TSS_E_TPM_UNSUPPORTED_FEATURE: return "TSS_E_TPM_UNSUPPORTED_FEATURE"; + case TSS_E_INVALID_OBJECT_TYPE: return "TSS_E_INVALID_OBJECT_TYPE"; + case TSS_E_INVALID_OBJECT_INITFLAG: return "TSS_E_INVALID_OBJECT_INITFLAG"; + case TSS_E_INVALID_HANDLE: return "TSS_E_INVALID_HANDLE"; + case TSS_E_NO_CONNECTION: return "TSS_E_NO_CONNECTION"; + case TSS_E_CONNECTION_FAILED: return "TSS_E_CONNECTION_FAILED"; + case TSS_E_CONNECTION_BROKEN: return "TSS_E_CONNECTION_BROKEN"; + case TSS_E_HASH_INVALID_ALG: return "TSS_E_HASH_INVALID_ALG"; + case TSS_E_HASH_INVALID_LENGTH: return "TSS_E_HASH_INVALID_LENGTH"; + case TSS_E_HASH_NO_DATA: return "TSS_E_HASH_NO_DATA"; + case TSS_E_SILENT_CONTEXT: return "TSS_E_SILENT_CONTEXT"; + case TSS_E_INVALID_ATTRIB_FLAG: return "TSS_E_INVALID_ATTRIB_FLAG"; + case TSS_E_INVALID_ATTRIB_SUBFLAG: return "TSS_E_INVALID_ATTRIB_SUBFLAG"; + case TSS_E_INVALID_ATTRIB_DATA: return "TSS_E_INVALID_ATTRIB_DATA"; + case TSS_E_NO_PCRS_SET: return "TSS_E_NO_PCRS_SET"; + case TSS_E_KEY_NOT_LOADED: return "TSS_E_KEY_NOT_LOADED"; + case TSS_E_KEY_NOT_SET: return "TSS_E_KEY_NOT_SET"; + case TSS_E_VALIDATION_FAILED: return "TSS_E_VALIDATION_FAILED"; + case TSS_E_TSP_AUTHREQUIRED: return "TSS_E_TSP_AUTHREQUIRED"; + case TSS_E_TSP_AUTH2REQUIRED: return "TSS_E_TSP_AUTH2REQUIRED"; + case TSS_E_TSP_AUTHFAIL: return "TSS_E_TSP_AUTHFAIL"; + case TSS_E_TSP_AUTH2FAIL: return "TSS_E_TSP_AUTH2FAIL"; + case TSS_E_KEY_NO_MIGRATION_POLICY: return "TSS_E_KEY_NO_MIGRATION_POLICY"; + case TSS_E_POLICY_NO_SECRET: return "TSS_E_POLICY_NO_SECRET"; + case TSS_E_INVALID_OBJ_ACCESS: return "TSS_E_INVALID_OBJ_ACCESS"; + case TSS_E_INVALID_ENCSCHEME: return "TSS_E_INVALID_ENCSCHEME"; + case TSS_E_INVALID_SIGSCHEME: return "TSS_E_INVALID_SIGSCHEME"; + case TSS_E_ENC_INVALID_LENGTH: return "TSS_E_ENC_INVALID_LENGTH"; + case TSS_E_ENC_NO_DATA: return "TSS_E_ENC_NO_DATA"; + case TSS_E_ENC_INVALID_TYPE: return "TSS_E_ENC_INVALID_TYPE"; + case TSS_E_INVALID_KEYUSAGE: return "TSS_E_INVALID_KEYUSAGE"; + case TSS_E_VERIFICATION_FAILED: return "TSS_E_VERIFICATION_FAILED"; + case TSS_E_HASH_NO_IDENTIFIER: return "TSS_E_HASH_NO_IDENTIFIER"; + default: return "UNKNOWN TSS ERROR"; + } + } +} diff --git a/src/tspi/daa/daa_platform/platform.c b/src/tspi/daa/daa_platform/platform.c new file mode 100644 index 0000000..80180ca --- /dev/null +++ b/src/tspi/daa/daa_platform/platform.c @@ -0,0 +1,2644 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2006 + * + */ + + +#include +#include +#include + +// for message digest +#include +#include +#include +#include +#include + +#include + +#include "daa_structs.h" +#include "daa_parameter.h" +#include "trousers/tss.h" +#include "spi_internal_types.h" +#include "spi_utils.h" +#include +#include +#include +#include "tsplog.h" +#include "tss/tcs.h" +#include "platform.h" +#include "issuer.h" +#include "verifier.h" + +#define EVP_SUCCESS 1 + +TSS_RESULT +Tcsip_TPM_DAA_Join(TCS_CONTEXT_HANDLE tcsContext, // in + TSS_HDAA hDAA, // in + BYTE stage, // in + UINT32 inputSize0, // in + BYTE* inputData0, // in + UINT32 inputSize1, // in + BYTE* inputData1, // in + TPM_AUTH* ownerAuth, // in/out + UINT32* outputSize, // out + BYTE** outputData // out +) { + TSS_RESULT result; + TSS_HPOLICY hPolicy; + TCPA_DIGEST digest; + UINT16 offset = 0; + BYTE hashblob[10000]; + TPM_HANDLE hTPM; + TPM_HANDLE join_session; + // TPM_HANDLE hTPM; + + if( (result = obj_daa_get_handle_tpm( hDAA, &hTPM)) != TSS_SUCCESS) + return result; + if( (result = obj_daa_get_session_handle( hDAA, &join_session)) != TSS_SUCCESS) + return result; + LogDebug("Tcsip_TPM_DAA_Join(tcsContext=%x,hDAA=%x,join_session=%x, hTPM=%x stage=%d)", + tcsContext, + hDAA, + join_session, + hTPM, + stage); + + LogDebug("obj_tpm_get_policy(hTPM=%X)", hTPM); + if( (result = obj_tpm_get_policy( hTPM, &hPolicy)) != TSS_SUCCESS) + return result; + LogDebug("Trspi_LoadBlob_UINT32(&offset, TPM_ORD_DAA_Join, hashblob)"); + // hash TPM_COMMAND_CODE + Trspi_LoadBlob_UINT32(&offset, TPM_ORD_DAA_Join, hashblob); + LogDebug("Trspi_Hash(TSS_HASH_SHA1, offset, hashblob, digest.digest)"); + // hash stage + Trspi_LoadBlob_BYTE(&offset, stage, hashblob); + LogDebug("Trspi_LoadBlob_UINT32(&offset, 0, hashblob)"); + // hash inputSize0 + Trspi_LoadBlob_UINT32(&offset, inputSize0, hashblob); + LogDebug("Trspi_LoadBlob_UINT32(&offset, inputSize0:%d", inputSize0); + // hash inputData0 + Trspi_LoadBlob( &offset, inputSize0, hashblob, inputData0); + // hash inputSize1 + Trspi_LoadBlob_UINT32(&offset, inputSize1, hashblob); + LogDebug("Trspi_LoadBlob_UINT32(&offset, inputSize1:%d", inputSize1); + // hash inputData1 + Trspi_LoadBlob( &offset, inputSize1, hashblob, inputData1); + Trspi_Hash(TSS_HASH_SHA1, offset, hashblob, digest.digest); + + if ((result = secret_PerformAuth_OIAP(hTPM, TPM_ORD_DAA_Join, + hPolicy, &digest, + ownerAuth)) != TSS_SUCCESS) return result; + LogDebug("secret_PerformAuth_OIAP(hTPM, TPM_ORD_DAA_Join ret=%d", result); + LogDebug("TCSP_DAAJoin(%x,%x,stage=%x,%x,%x,%x,%x,%x)\n", + tcsContext, + hTPM, + stage, + inputSize0, + (int)inputData0, + inputSize1, + (int)inputData1, + (int)&ownerAuth); + /* step of the following call: + TCSP_DAAJoin tcsd_api/calltcsapi.c (define in spi_utils.h) + TCSP_DAAJoin_TP tcsd_api/tcstp.c (define in trctp.h) + */ + result = TCSP_DaaJoin( tcsContext, + join_session, + stage, + inputSize0, inputData0, + inputSize1, inputData1, + ownerAuth, + outputSize, outputData); + if( result != TSS_SUCCESS) return result; + + offset = 0; + Trspi_LoadBlob_UINT32(&offset, result, hashblob); + Trspi_LoadBlob_UINT32(&offset, TPM_ORD_DAA_Join, hashblob); + Trspi_LoadBlob_UINT32(&offset, *outputSize, hashblob); + Trspi_LoadBlob(&offset, *outputSize, hashblob, *outputData); + LogDebug("TCSP_DAAJoin stage=%d outputSize=%d outputData=%x RESULT=%d", + (int)stage, (int)*outputSize, (int)outputData, (int)result); + Trspi_Hash(TSS_HASH_SHA1, offset, hashblob, digest.digest); + if( (result = obj_policy_validate_auth_oiap( hPolicy, &digest, ownerAuth))) { + LogError("obj_policy_validate_auth=%d", result); + } + return result; +} + +TSS_RESULT Tcsip_TPM_DAA_Sign( TCS_CONTEXT_HANDLE hContext, // in + TPM_HANDLE handle, // in + BYTE stage, // in + UINT32 inputSize0, // in + BYTE* inputData0, // in + UINT32 inputSize1, // in + BYTE* inputData1, // in + TPM_AUTH* ownerAuth, // in, out + UINT32* outputSize, // out + BYTE** outputData // out +) { + TSS_RESULT result; + TSS_HPOLICY hPolicy; + TCPA_DIGEST digest; + UINT16 offset = 0; + BYTE hashblob[1000]; + TPM_HANDLE hTPM; + TPM_HANDLE session_handle; + TSS_HDAA hDAA = (TSS_HDAA)handle; + // TPM_HANDLE hTPM; + + if( (result = obj_daa_get_handle_tpm( hDAA, &hTPM)) != TSS_SUCCESS) + return result; + if( (result = obj_daa_get_session_handle( hDAA, &session_handle)) != TSS_SUCCESS) + return result; + LogDebug("Tcsip_TPM_DAA_Sign(tcsContext=%x,hDAA=%x,sign_session=%x, hTPM=%x stage=%d)", + hContext, + hDAA, + session_handle, + hTPM, + stage); + + LogDebug("obj_tpm_get_policy(hTPM=%X)", hTPM); + if( (result = obj_tpm_get_policy( hTPM, &hPolicy)) != TSS_SUCCESS) + return result; + LogDebug("Trspi_LoadBlob_UINT32(&offset, TPM_ORD_DAA_Sign, hashblob)"); + // hash TPM_COMMAND_CODE + Trspi_LoadBlob_UINT32(&offset, TPM_ORD_DAA_Sign, hashblob); + LogDebug("Trspi_Hash(TSS_HASH_SHA1, offset, hashblob, digest.digest)"); + // hash stage + Trspi_LoadBlob_BYTE(&offset, stage, hashblob); + LogDebug("Trspi_LoadBlob_UINT32(&offset, 0, hashblob)"); + // hash inputSize0 + Trspi_LoadBlob_UINT32(&offset, inputSize0, hashblob); + LogDebug("Trspi_LoadBlob_UINT32(&offset, inputSize0:%d", inputSize0); + // hash inputData0 + Trspi_LoadBlob( &offset, inputSize0, hashblob, inputData0); + // hash inputSize1 + Trspi_LoadBlob_UINT32(&offset, inputSize1, hashblob); + LogDebug("Trspi_LoadBlob_UINT32(&offset, inputSize1:%d", inputSize1); + // hash inputData1 + Trspi_LoadBlob( &offset, inputSize1, hashblob, inputData1); + Trspi_Hash(TSS_HASH_SHA1, offset, hashblob, digest.digest); + + if ((result = secret_PerformAuth_OIAP(hTPM, TPM_ORD_DAA_Join, + hPolicy, &digest, + ownerAuth)) != TSS_SUCCESS) return result; + LogDebug("secret_PerformAuth_OIAP(hTPM, TPM_ORD_DAA_Join ret=%d", result); + LogDebug("TCSP_DAASign(%x,%x,stage=%x,%x,%x,%x,%x,%x)", + hContext, + hTPM, + stage, + inputSize0,(int)inputData0, + inputSize1,(int)inputData1, + (int)&ownerAuth); + /* step of the following call: + TCSP_DAASign tcsd_api/calltcsapi.c (define in spi_utils.h) + TCSP_DAASign_TP tcsd_api/tcstp.c (define in trctp.h) + */ + result = TCSP_DaaSign( hContext, + session_handle, + stage, + inputSize0, inputData0, + inputSize1, inputData1, + ownerAuth, + outputSize, outputData); + if( result != TSS_SUCCESS) return result; + + offset = 0; + Trspi_LoadBlob_UINT32(&offset, result, hashblob); + Trspi_LoadBlob_UINT32(&offset, TPM_ORD_DAA_Sign, hashblob); + Trspi_LoadBlob_UINT32(&offset, *outputSize, hashblob); + Trspi_LoadBlob(&offset, *outputSize, hashblob, *outputData); + LogDebug("TCSP_DAASign stage=%d outputSize=%d outputData=%x RESULT=%d", + (int)stage, (int)*outputSize, (int)outputData, (int)result); + Trspi_Hash(TSS_HASH_SHA1, offset, hashblob, digest.digest); + if( (result = obj_policy_validate_auth_oiap( hPolicy, &digest, ownerAuth))) + { + LogError("obj_policy_validate_auth=%d", result); + } + return result; +} + +/** + Only used for the logging +*/ +static TSS_RESULT +Tcsip_TPM_DAA_Join_encapsulate(TCS_CONTEXT_HANDLE tcsContext, // in + TSS_HDAA hDAA, // in + BYTE stage, // in + UINT32 inputSize0, // in + BYTE* inputData0, // in + UINT32 inputSize1, // in + BYTE* inputData1, // in + TPM_AUTH* ownerAuth, // in/out + UINT32* outputSize, // out + BYTE** outputData // out +) { + TSS_RESULT result; + + LogDebug("Tcsip_DAA_Join(TCS_CONTEXT=%X,TSS_HDAA=%X,stage=%d,\ + inputSize0=%u,inputData0=%s\ninputSize1=%u,inputData1=%s,ownerAuth=%X)", + tcsContext, hDAA, stage, + inputSize0, dump_byte_array(inputSize0, inputData0), + inputSize1,dump_byte_array(inputSize1, inputData1), + (int)ownerAuth); + result = Tcsip_TPM_DAA_Join( + tcsContext, // in + hDAA, // in + stage, // in + inputSize0, // in + inputData0, // in + inputSize1, // in + inputData1, // in + ownerAuth, // in/out + outputSize, // out + outputData // out + ); + LogDebug("Tcsip_DAA_Join(stage=%d,outputSize=%u outputData=%s ownerAuth=%X) result=%d", + (int)stage, *outputSize, dump_byte_array( *outputSize, *outputData), (int)ownerAuth, result); + return result; +} + +#if 0 +/* from TSS.java */ +/* openssl RSA (struct rsa_st) could manage RSA Key */ +TSS_RESULT +Tspi_TPM_DAA_JoinInit_internal( TSS_HDAA hDAA, + TSS_HTPM hTPM, + int daa_counter, + TSS_DAA_PK *issuer_pk, + int issuer_authentication_PKLengh, + RSA **issuer_authentication_PK, + int issuer_authentication_PK_signaturesLength, + BYTE **issuer_authentication_PK_signatures, + int *capital_UprimeLength, + BYTE **capital_Uprime, + TSS_DAA_IDENTITY_PROOF *identity_proof, + TSS_DAA_JOIN_SESSION *join_session) +{ + // Optional: verification of the PKDAA and issuer settings (authen. by the RSA Public Key chain) + TSS_RESULT result; + TCS_CONTEXT_HANDLE tcsContext; + TPM_AUTH ownerAuth; + int i, modulus_length, outputSize, length, length1; + UINT32 return_join_session; + BYTE *outputData, *issuer_settings_bytes; + BYTE *buffer_modulus; + TPM_DAA_ISSUER *issuer_settings; + char buffer[1000], buffer1[1000]; + TSS_DAA_PK_internal *pk_internal = e_2_i_TSS_DAA_PK( issuer_pk); + bi_ptr issuer_authentication_PK_i = NULL; + + if( (result = obj_tpm_is_connected( hTPM, &tcsContext)) != TSS_SUCCESS) + return result; + obj_daa_set_handle_tpm( hDAA, hTPM); + + // stages 0-2 explained in the diagram "Keys of DAA Issuer" + // issuer_authentication_PKLengh should be converted to Network Based integer + i = htonl(issuer_authentication_PKLengh); + result = Tcsip_TPM_DAA_Join_encapsulate( tcsContext, hDAA, + 0, + sizeof(int), (BYTE *)(&i), + 0, NULL, + &ownerAuth, &outputSize, &outputData); + if( result != TSS_SUCCESS) { goto close;} + // set the sessionHandle to the returned value + return_join_session = ntohl( *((UINT32 *)outputData)); + free( outputData); + obj_daa_set_session_handle( hDAA, return_join_session); + + LogDebug("done join 0 settings join_session:%x\n", return_join_session); + modulus_length = DAA_PARAM_SIZE_RSA_MODULUS / 8; + buffer_modulus = malloc(modulus_length); + if (buffer_modulus == NULL) { + LogError("malloc of %d bytes failed", modulus_length); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + issuer_authentication_PK_i = bi_new_ptr(); + for(i =0; i< issuer_authentication_PKLengh; i++) { + bi_set_as_BIGNUM( issuer_authentication_PK_i, issuer_authentication_PK[i]->n); + bi_2_byte_array( buffer_modulus, + modulus_length, + issuer_authentication_PK_i); + if ( i==0) { + result = Tcsip_TPM_DAA_Join_encapsulate( + tcsContext, hDAA, + 1, + modulus_length, buffer_modulus, + 0, NULL, + &ownerAuth, &outputSize, &outputData); + if( result != TSS_SUCCESS) { + free( buffer_modulus); + goto close; + } + } else { + result = Tcsip_TPM_DAA_Join_encapsulate( + tcsContext, hDAA, + 1, + modulus_length, buffer_modulus, + DAA_PARAM_KEY_SIZE / 8, issuer_authentication_PK_signatures[i -1], + &ownerAuth, &outputSize, &outputData); + if( result != TSS_SUCCESS) { + free( buffer_modulus); + goto close; + } + } + } + free( buffer_modulus); + LogDebug("done join 1-%d\n", issuer_authentication_PKLengh); + // define issuer_settings + issuer_settings = convert2issuer_settings( pk_internal); + issuer_settings_bytes = issuer_2_byte_array( issuer_settings, &length); + result = Tcsip_TPM_DAA_Join_encapsulate( + tcsContext, hDAA, + 2, + length, issuer_settings_bytes, + modulus_length, + issuer_authentication_PK_signatures[issuer_authentication_PKLengh-1], + &ownerAuth, &outputSize, &outputData); + if( result != TSS_SUCCESS) { goto close;} + LogDebug("done join 2\n"); + i = htonl( daa_counter); + result = Tcsip_TPM_DAA_Join_encapsulate( + tcsContext, hDAA, + 3, + sizeof(UINT32), (BYTE *)(&i), + 0, NULL, + &ownerAuth, &outputSize, &outputData); + if( result != TSS_SUCCESS) { goto close;} + LogDebug("done join 3\n"); + // reserved another buffer for storing Big Integer + bi_2_nbin1( &length, buffer, pk_internal->capitalR0); + bi_2_nbin1( &length1, buffer1, pk_internal->modulus); + result = Tcsip_TPM_DAA_Join_encapsulate( + tcsContext, hDAA, + 4, + length, buffer, + length1, buffer1, + &ownerAuth, &outputSize, &outputData); + if( result != TSS_SUCCESS) { goto close;} + LogDebug("done join 4\n"); + bi_2_nbin1( &length, buffer, pk_internal->capitalR1); + result = Tcsip_TPM_DAA_Join_encapsulate( + tcsContext, hDAA, + 5, + length, buffer, + length1, buffer1, + &ownerAuth, &outputSize, &outputData); + if( result != TSS_SUCCESS) { goto close;} + LogDebug("done join 5\n"); + bi_2_nbin1( &length, buffer, pk_internal->capitalS); + result = Tcsip_TPM_DAA_Join_encapsulate( + tcsContext, hDAA, + 6, + length, buffer, + length1, buffer1, + &ownerAuth, &outputSize, &outputData); + if( result != TSS_SUCCESS) { goto close;} + LogDebug("done join 6\n"); + bi_2_nbin1( &length, buffer, pk_internal->capitalSprime); + // define Uprime + result = Tcsip_TPM_DAA_Join_encapsulate( + tcsContext, hDAA, + 7, + length, buffer, + length1, buffer1, + &ownerAuth, &outputSize, &outputData); + // 5 : save PKDAA, U, daaCount and sessionHandle in joinSession + join_session->issuerPk = (TSS_HKEY)issuer_pk; + if( result == TSS_SUCCESS) { + *capital_UprimeLength = outputSize; + *capital_Uprime = convert_alloc( tcsContext, outputSize, outputData); + if (*capital_Uprime == NULL) { + LogError("malloc of %d bytes failed", outputSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + join_session->capitalUPrime = copy_alloc( tcsContext, + *capital_UprimeLength, + *capital_Uprime); + if (join_session->capitalUPrime == NULL) { + LogError("malloc of %d bytes failed", *capital_UprimeLength); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + join_session->capitalUPrimeLength = *capital_UprimeLength; + } + join_session->sessionHandle = return_join_session; + // get the endorsement Key (public part) + result = get_public_EK( + hTPM, // in + &( identity_proof->endorsementLength), + &( identity_proof->endorsementCredential) + ); + +close: + FREE_BI( issuer_authentication_PK_i); + LogDebug("result = %d", result); + LogDebug("outputSize=%d", outputSize); + LogDebug("outputData=%s", dump_byte_array( outputSize, outputData)); + return result; +} +#else +TSS_RESULT +Tspi_TPM_DAA_JoinInit_internal(TSS_HTPM hTPM, + TSS_HDAA_ISSUER_KEY hIssuerKey + UINT32 daa_counter, + UINT32 issuerAuthPKsLength, + TSS_HKEY* issuerAuthPKs, + UINT32 issuerAuthPKSignaturesLength, + UINT32 issuerAuthPKSignaturesLength2, + BYTE** issuerAuthPKSignatures, + UINT32* capitalUprimeLength, + BYTE** capitalUprime, + TSS_DAA_IDENTITY_PROOF** identity_proof, + UINT32* joinSessionLength, + BYTE** joinSession) +{ + // Optional: verification of the PKDAA and issuer settings (authen. by the RSA Public Key chain) + TSS_RESULT result; + TSS_HCONTEXT tspContext; + TPM_AUTH ownerAuth; + int length, length1; + UINT32 i, modulus_length, outputSize, buf_len; + BYTE *outputData, *issuer_settings_bytes; + BYTE *modulus, stage, *buf; + //TPM_DAA_ISSUER *issuer_settings; + //char buffer[1000], buffer1[1000]; + //TSS_DAA_PK_internal *pk_internal = e_2_i_TSS_DAA_PK(issuer_pk); + bi_ptr issuerAuthPK = NULL; + TPM_HANDLE daaHandle; + Trspi_HashCtx hashCtx; + TPM_DIGEST digest; + TSS_DAA_IDENTITY_PROOF daaIdentityProof; + + if ((result = obj_tpm_is_connected(hTPM, &tspContext))) + return result; + + if ((result = obj_daaissuerkey_get_daa_handle(hIssuerKey, &daaHandle))) + return result; + + stage = 0; + inputSize0 = (UINT32)sizeof(UINT32); + inputData0 = issuerAuthPKsLength; + inputSize1 = 0; + inputData1 = NULL; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_DAA_Join); + result |= Trspi_Hash_BYTE(&hashCtx, stage); + result |= Trspi_Hash_UINT32(&hashCtx, inputSize0); + result |= Trspi_HashUpdate(&hashCtx, inputSize0, inputData0); + result |= Trspi_Hash_UINT32(&hashCtx, inputSize1); + result |= Trspi_HashUpdate(&hashCtx, inputSize1, inputData1); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + // stages 0-2 explained in the diagram "Keys of DAA Issuer" + if ((result = TCS_API(tspContext)->DaaJoin(tspContext, daaHandle, stage, inputSize1, + inputData0, inputSize1, inputData1, &ownerAuth, + &outputSize, &outputData))) + goto close; + + if (outputSize != sizeof(UINT32)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto close; + } + + // set the sessionHandle to the returned value + Trspi_UnloadBlob_UINT32(&offset, &daaHandle, outputData); + free(outputData); + if ((result = obj_daaissuerkey_set_daa_handle(hIssuerKey, daaHandle))) + goto close; + + LogDebug("done join 0 settings join_session:%x", daaHandle); + + modulus_length = DAA_PARAM_SIZE_RSA_MODULUS / 8; + if ((buffer_modulus = malloc(modulus_length)) == NULL) { + LogError("malloc of %d bytes failed", modulus_length); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + + stage = 1; + for (i = 0; i < issuerAuthPKsLength; i++) { + if ((result = obj_rsakey_get_modulus(issuerAuthPKs[i], &modulus_length, &modulus))) + goto close; + + outputData = NULL; + if (i==0) { + result = Tcsip_TPM_DAA_Join_encapsulate(tspContext, daaHandle, stage, + modulus_length, modulus, 0, NULL, + &ownerAuth, &outputSize, + &outputData); + } else { + result = Tcsip_TPM_DAA_Join_encapsulate(tspContext, daaHandle, stage, + modulus_length, modulus, + issuerAuthPKSignaturesLength2, + issuerAuthPKSignatures[i - 1], + &ownerAuth, &outputSize, + &outputData); + } + + free(outputData); + free_tspi(tspContext, modulus); + if (result != TSS_SUCCESS) { + LogDebugFn("Stage 1 iteration %u failed", i); + goto close; + } + } + + LogDebug("done join 1-%d\n", issuer_authentication_PKLengh); + + stage = 2; + // define issuer_settings +#if 0 + issuer_settings = convert2issuer_settings(pk_internal); + issuer_settings_bytes = issuer_2_byte_array(issuer_settings, &length); +#else + if ((result = obj_daaissuerkey_get_daa_issuer(hIssuerKey, &issuer_length, &issuer))) + goto close; + + if ((result = obj_daaissuerkey_get_modulus(hIssuerKey, &modulus_length, &modulus))) { + free_tspi(tspContext, issuer); + goto close; + } +#endif + if ((result = Tcsip_TPM_DAA_Join_encapsulate(tspContext, daaHandle, stage, issuer_length, + issuer, issuerAuthPKSignaturesLength2, + issuerAuthPKSignatures[i - 1], &ownerAuth, + &outputSize, &outputData))) { + free_tspi(tspContext, issuer); + free_tspi(tspContext, modulus); + goto close; + } + free_tspi(tspContext, issuer); + + LogDebug("done join 2\n"); + + stage = 3; + if ((result = Tcsip_TPM_DAA_Join_encapsulate(tspContext, daaHandle, stage, sizeof(UINT32), + (BYTE *)(&daa_counter), 0, NULL, &ownerAuth, + &outputSize, &outputData))) + goto close; + + LogDebug("done join 3\n"); + + stage = 4; +#if 0 + // reserved another buffer for storing Big Integer + bi_2_nbin1( &length, buffer, pk_internal->capitalR0); + bi_2_nbin1( &length1, buffer1, pk_internal->modulus); +#else + if ((result = obj_daaissuerkey_get_capitalR0(hIssuerKey, &buf_len, &buf))) + return result; +#endif + if ((result = Tcsip_TPM_DAA_Join_encapsulate(tspContext, daaHandle, stage, buf_len, buf, + modulus_length, modulus, &ownerAuth, + &outputSize, &outputData))) { + free_tspi(tspContext, buf); + free_tspi(tspContext, modulus); + goto close; + } + free_tspi(tspContext, buf); + + LogDebug("done join 4\n"); + + stage = 5; +#if 0 + bi_2_nbin1( &length, buffer, pk_internal->capitalR1); +#else + if ((result = obj_daaissuerkey_get_capitalR1(hIssuerKey, &buf_len, &buf))) + return result; +#endif + if ((result = Tcsip_TPM_DAA_Join_encapsulate(tspContext, daaHandle, stage, buf_len, + buf, modulus_length, modulus, &ownerAuth, + &outputSize, &outputData))) { + free_tspi(tspContext, buf); + free_tspi(tspContext, modulus); + goto close; + } + free_tspi(tspContext, buf); + + LogDebug("done join 5\n"); + + stage = 6; +#if 0 + bi_2_nbin1( &length, buffer, pk_internal->capitalS); +#else + if ((result = obj_daaissuerkey_get_capitalS(hIssuerKey, &buf_len, &buf))) + return result; +#endif + if ((result = Tcsip_TPM_DAA_Join_encapsulate(tspContext, daaHandle, stage, buf_len, buf, + modulus_length, modulus, &ownerAuth, + &outputSize, &outputData))) { + free_tspi(tspContext, buf); + free_tspi(tspContext, modulus); + goto close; + } + free_tspi(tspContext, buf); + + LogDebug("done join 6\n"); + + stage = 7; +#if 0 + bi_2_nbin1( &length, buffer, pk_internal->capitalSprime); +#else + if ((result = obj_daaissuerkey_get_capitalSprime(hIssuerKey, &buf_len, &buf))) + return result; +#endif + // define Uprime + if ((result = Tcsip_TPM_DAA_Join_encapsulate(tspContext, daaHandle, stage, buf_len, buf, + modulus_length, modulus, &ownerAuth, + &outputSize, &outputData))) { + free_tspi(tspContext, buf); + free_tspi(tspContext, modulus); + goto close; + } + free_tspi(tspContext, buf); + +#if 0 + // 5 : save PKDAA, U, daaCount and sessionHandle in joinSession + join_session->issuerPk = (TSS_HKEY)issuer_pk; + if( result == TSS_SUCCESS) { + *capital_UprimeLength = outputSize; + *capital_Uprime = convert_alloc( tspContext, outputSize, outputData); + if (*capital_Uprime == NULL) { + LogError("malloc of %d bytes failed", outputSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + join_session->capitalUPrime = copy_alloc( tspContext, + *capital_UprimeLength, + *capital_Uprime); + if (join_session->capitalUPrime == NULL) { + LogError("malloc of %d bytes failed", *capital_UprimeLength); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + join_session->capitalUPrimeLength = *capital_UprimeLength; + } + join_session->sessionHandle = return_join_session; + // get the endorsement Key (public part) + result = get_public_EK( + hTPM, // in + &( identity_proof->endorsementLength), + &( identity_proof->endorsementCredential) + ); +#else + /* fill out the identity proof struct */ + if ((result = TCS_API(obj->tspContext)->GetTPMCapability(obj->tspContext, TPM_CAP_VERSION, + 0, NULL, &buf_len, &buf))) + goto close; + + offset = 0; + Trspi_UnloadBlob_VERSION(&offset, buf, &daaIdentityProof.versionInfo); + free_tspi(tspContext, buf); + +#error set all 3 credentials in the daaIdentityProof struct here + + /* set the U data */ + if ((result = __tspi_add_mem_entry(tspContext, outputData))) + goto close; + *capitalUPrime = outputData; + *capitalUPrimeLength = outputSize; + + /* return the TSS specific stuff */ +#endif + +close: + FREE_BI( issuer_authentication_PK_i); + LogDebug("result = %d", result); + LogDebug("outputSize=%d", outputSize); + LogDebug("outputData=%s", dump_byte_array( outputSize, outputData)); + return result; +} +#endif + + +/* allocation: + endorsementKey as BYTE * +*/ +TSS_RESULT +get_public_EK(TSS_HTPM hTPM, + UINT32 *endorsementKeyLength, + BYTE **endorsementKey + +) { + TSS_RESULT result; + TSS_HKEY hEk; + TSS_HPOLICY hTpmPolicy; + UINT32 uiAttrSize; + BYTE *pAttr; + + if( (result = obj_tpm_get_policy( hTPM, &hTpmPolicy)) != TSS_SUCCESS) { + LogError("can not retrieve policy from the TPM handler"); + goto out_close; + } + + if( (result = Tspi_TPM_GetPubEndorsementKey(hTPM, TRUE, NULL, &hEk)) != TSS_SUCCESS) { + LogError("can not retrieve the Public endorsed Key"); + goto out_close; + } + + result = Tspi_GetAttribData( + hEk, + TSS_TSPATTRIB_KEY_INFO, + TSS_TSPATTRIB_KEYINFO_VERSION, + &uiAttrSize, + &pAttr); + + if (result != TSS_SUCCESS) goto out_close; + LogDebug("keyinfo:%s", dump_byte_array( uiAttrSize, pAttr)); + + result = Tspi_GetAttribData( + hEk, + TSS_TSPATTRIB_KEY_BLOB, + TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, + endorsementKeyLength, + endorsementKey); + + LogDebug("Public Endorsement Key:%s", + dump_byte_array( *endorsementKeyLength, *endorsementKey)); +out_close: + return result; +} + +// from TSS.java (479) +TSS_RESULT +compute_join_challenge_host(TSS_HDAA hDAA, + TSS_DAA_PK_internal *pk_internal, + bi_ptr capitalU, + bi_ptr capital_Uprime, + bi_ptr capital_utilde, + bi_ptr capital_utilde_prime, + bi_ptr capital_ni, + bi_ptr capital_ni_tilde, + UINT32 commitments_proofLength, + TSS_DAA_ATTRIB_COMMIT_internal * + commitments_proof, + UINT32 nonceIssuerLength, + BYTE* nonceIssuer, + UINT32 *resultLength, + BYTE **result) { + EVP_MD_CTX mdctx; + BYTE *encoded_pk = NULL, *buffer; + UINT32 encoded_pkLength; + int rv, length; + + buffer = (BYTE *)malloc( 10000); // to be sure, and it will be free quickly + if (buffer == NULL) { + LogError("malloc of %d bytes failed", 10000); + return TSPERR(TSS_E_OUTOFMEMORY); + } + // EVP_MD_CTX_init(&mdctx); + rv = EVP_DigestInit(&mdctx, DAA_PARAM_get_message_digest()); + if (rv != EVP_SUCCESS) goto err; + // allocation + encoded_pk = encoded_DAA_PK_internal( &encoded_pkLength, pk_internal); + LogDebug("encoded issuerPk[%d]: %s", + encoded_pkLength, + dump_byte_array( encoded_pkLength, encoded_pk)); + rv = EVP_DigestUpdate(&mdctx, encoded_pk, encoded_pkLength); + if (rv != EVP_SUCCESS) goto err; + // capitalU + length = DAA_PARAM_SIZE_RSA_MODULUS / 8; + bi_2_byte_array( buffer, length, capitalU); + LogDebug("capitalU[%ld]: %s", + bi_nbin_size(capitalU) , + dump_byte_array( length, buffer)); + rv = EVP_DigestUpdate(&mdctx, buffer, length); + if (rv != EVP_SUCCESS) goto err; + // capital UPrime + bi_2_byte_array( buffer, length, capital_Uprime); + LogDebug("capitalUPrime[%d]: %s", + length, + dump_byte_array( length, buffer)); + rv = EVP_DigestUpdate(&mdctx, buffer, length); + if (rv != EVP_SUCCESS) goto err; + // capital Utilde + bi_2_byte_array( buffer, length, capital_utilde); + LogDebug("capitalUTilde[%d]: %s", + length, + dump_byte_array( length, buffer)); + rv = EVP_DigestUpdate(&mdctx, buffer, length); + if (rv != EVP_SUCCESS) goto err; + // capital UtildePrime + bi_2_byte_array( buffer, length, capital_utilde_prime); + LogDebug("capital_utilde_prime[%d]: %s", + length, + dump_byte_array( length, buffer)); + rv = EVP_DigestUpdate(&mdctx, buffer, length); + if (rv != EVP_SUCCESS) goto err; + //capital_ni + length = DAA_PARAM_SIZE_MODULUS_GAMMA / 8; + bi_2_byte_array( buffer, length, capital_ni); + LogDebug("capital_ni[%d]: %s", + length, + dump_byte_array( length, buffer)); + rv = EVP_DigestUpdate(&mdctx, buffer, length); + if (rv != EVP_SUCCESS) goto err; + //capital_ni_tilde + bi_2_byte_array( buffer, length, capital_ni_tilde); + LogDebug("capital_ni_tilde[%d]: %s", + length, + dump_byte_array( length, buffer)); + rv = EVP_DigestUpdate(&mdctx, buffer, length); + if (rv != EVP_SUCCESS) goto err; + // TODO: commitments + LogDebug("nonceIssuer[%d]: %s", + nonceIssuerLength, + dump_byte_array( nonceIssuerLength, nonceIssuer)); + rv = EVP_DigestUpdate(&mdctx, nonceIssuer, nonceIssuerLength); + if (rv != EVP_SUCCESS) goto err; + *resultLength = EVP_MD_CTX_size(&mdctx); + *result = (BYTE *)malloc( *resultLength); + if (*result == NULL) { + LogError("malloc of %d bytes failed", *resultLength); + free( buffer); + free( encoded_pk); + return TSPERR(TSS_E_OUTOFMEMORY); + } + rv = EVP_DigestFinal(&mdctx, *result, NULL); + if (rv != EVP_SUCCESS) goto err; + free( buffer); + free( encoded_pk); + return TSS_SUCCESS; +err: + free( buffer); + free( encoded_pk); + DEBUG_print_openssl_errors(); + return TSPERR(TSS_E_INTERNAL_ERROR); +} + +/* +This is the second out of 3 functions to execute in order to receive a DAA Credential. It +computes the credential request for the DAA Issuer, which also includes the Platforms & DAA +public key and the attributes that were chosen by the Platform, and which are not visible to \ +the DAA Issuer. The Platform can commit to the attribute values it has chosen. +Code influenced by TSS.java (TssDaaCredentialRequest) +*/ +TSPICALL +Tspi_TPM_DAA_JoinCreateDaaPubKey_internal( + TSS_HDAA hDAA, // in + TSS_HTPM hTPM, // in + UINT32 authenticationChallengeLength, // in + BYTE* authenticationChallenge, // in + UINT32 nonceIssuerLength, // in + BYTE* nonceIssuer, // in + UINT32 attributesPlatformLength, // in + BYTE** attributesPlatform, // in + TSS_DAA_JOIN_SESSION* joinSession, // in, out + TSS_DAA_CREDENTIAL_REQUEST* credentialRequest // out +) { + TSS_RESULT result; + TCS_CONTEXT_HANDLE tcsContext; + TPM_AUTH ownerAuth; + bi_ptr tmp1 = bi_new_ptr(); + bi_ptr tmp2 = bi_new_ptr(); + bi_ptr capital_utilde = bi_new_ptr(); + bi_ptr v_tilde_prime = bi_new_ptr(); + bi_ptr rv_tilde_prime = bi_new_ptr(); + bi_ptr capitalU = bi_new_ptr(); + bi_ptr product_attributes = bi_new_ptr(); + bi_ptr capital_ni = NULL; + bi_ptr capital_utilde_prime = NULL; + bi_ptr capital_ni_tilde = NULL; + bi_ptr n = NULL; + bi_ptr attributePlatform = NULL; + bi_ptr c = NULL; + bi_ptr zeta = NULL; + bi_ptr capital_Uprime = NULL; + bi_ptr sv_tilde_prime = NULL; + bi_ptr s_f0 = NULL; + bi_ptr s_f1 = NULL; + bi_ptr sv_prime = NULL; + bi_ptr sv_prime1 = NULL; + bi_ptr sv_prime2 = NULL; + bi_array_ptr ra = NULL; + bi_array_ptr sa = NULL; + TSS_DAA_PK* pk_extern = (TSS_DAA_PK *)joinSession->issuerPk; + TSS_DAA_PK_internal* pk_internal = e_2_i_TSS_DAA_PK( pk_extern); + UINT32 i, outputSize, authentication_proofLength, nonce_tpmLength; + UINT32 capitalSprime_byte_arrayLength, size_bits, length, chLength, c_byteLength; + UINT32 internal_cbyteLength, noncePlatformLength; + BYTE *outputData, *authentication_proof, *capitalSprime_byte_array = NULL, *buffer; + BYTE *ch = NULL; + BYTE *c_byte, *noncePlatform, *nonce_tpm; + BYTE *internal_cbyte = NULL; + EVP_MD_CTX mdctx; + + if( tmp1 == NULL || tmp2 == NULL || capital_utilde == NULL || + v_tilde_prime == NULL || rv_tilde_prime == NULL || + capitalU == NULL || product_attributes == NULL) { + LogError("malloc of bi(s) failed"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + if( pk_internal == NULL) { + LogError("malloc of pk_internal failed"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + if( (result = obj_tpm_is_connected( hTPM, &tcsContext)) != TSS_SUCCESS) { + goto close; + } + obj_daa_set_handle_tpm( hDAA, hTPM); + // allocation + n = bi_set_as_nbin( pk_extern->modulusLength, pk_extern->modulus); + if( n == NULL) { + LogError("malloc of %d bytes failed", pk_extern->modulusLength); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + // allocation + capitalSprime_byte_array = bi_2_nbin( &capitalSprime_byte_arrayLength, + pk_internal->capitalSprime); + if( capitalSprime_byte_array == NULL) { + LogError("malloc of %d bytes failed", capitalSprime_byte_arrayLength); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + // compute second part of the credential request + // encode plateform attributes (the one visible only by the receiver) + bi_set( product_attributes, bi_1); + for( i=0; i failed", "attributePlatform"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + // bi_tmp1 = ( capitalRReceiver[i] ^ attributesPlatform ) % n + bi_mod_exp( tmp1, pk_internal->capitalRReceiver->array[i], attributePlatform, n); + // bi_tmp1 = bi_tmp1 * product_attributes + bi_mul( tmp1, tmp1, product_attributes); + // product_attributes = bi_tmp1 % n + bi_mod( product_attributes, tmp1, n); + bi_free_ptr( attributePlatform); + } + bi_urandom( v_tilde_prime, DAA_PARAM_SIZE_RSA_MODULUS + + DAA_PARAM_SAFETY_MARGIN); + // tmp1 = capitalUPrime * capitalS + bi_free_ptr( tmp1); + tmp1 = bi_set_as_nbin( joinSession->capitalUPrimeLength, + joinSession->capitalUPrime); // allocation + if( tmp1 == NULL) { + LogError("malloc of %d bytes failed", joinSession->capitalUPrimeLength); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + // U = ( U' * ( ( pk->S ^ v~' ) % n) ) % n + // tmp2 = ( pk->S ^ v~') % n + bi_mod_exp( tmp2, pk_internal->capitalS, v_tilde_prime, n); + // U = tmp1( U') * tmp2 + bi_mul( capitalU, tmp1, tmp2); + bi_mod( capitalU, capitalU, n); + // U = ( U * product_attributes ) % n + bi_mul( capitalU, capitalU, product_attributes); + bi_mod( capitalU, capitalU, n); + // 2 : call the TPM to compute authentication proof with U' + result = Tcsip_TPM_DAA_Join_encapsulate( tcsContext, hDAA, + 8, + authenticationChallengeLength, authenticationChallenge, + 0, NULL, + &ownerAuth, &outputSize, &outputData); + if( result != TSS_SUCCESS) goto close; + LogDebug("Done Join 8"); + authentication_proof = calloc_tspi( tcsContext, outputSize); + if( authentication_proof == NULL) { + LogError("malloc of %d bytes failed", outputSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + memcpy( authentication_proof, outputData, outputSize); + free( outputData); + authentication_proofLength = outputSize; + + // 3 : call the TPM to compute U' (first part of correctness proof of the credential + // request + result = Tcsip_TPM_DAA_Join_encapsulate( tcsContext, hDAA, + 9, + pk_extern->capitalR0Length, pk_extern->capitalR0, + pk_extern->modulusLength, pk_extern->modulus, + &ownerAuth, &outputSize, &outputData); + if( result != TSS_SUCCESS) goto close; + LogDebug("Done Join 9: capitalR0"); + free( outputData); + + result = Tcsip_TPM_DAA_Join_encapsulate( tcsContext, hDAA, + 10, + pk_extern->capitalR1Length, pk_extern->capitalR1, + pk_extern->modulusLength, pk_extern->modulus, + &ownerAuth, &outputSize, &outputData); + if( result != TSS_SUCCESS) goto close; + LogDebug("Done Join 10: capitalR1"); + free( outputData); + + result = Tcsip_TPM_DAA_Join_encapsulate( tcsContext, hDAA, + 11, + pk_extern->capitalSLength, pk_extern->capitalS, + pk_extern->modulusLength, pk_extern->modulus, + &ownerAuth, &outputSize, &outputData); + if( result != TSS_SUCCESS) goto close; + LogDebug("Done Join 11: capitalS"); + free( outputData); + + result = Tcsip_TPM_DAA_Join_encapsulate( tcsContext, hDAA, + 12, + capitalSprime_byte_arrayLength, capitalSprime_byte_array, + pk_extern->modulusLength, pk_extern->modulus, + &ownerAuth, &outputSize, &outputData); + if( result != TSS_SUCCESS) goto close; + LogDebug("Done Join 12: capitalUTildePrime"); + capital_utilde_prime = bi_set_as_nbin( outputSize, outputData); // allocation + if( capital_utilde_prime == NULL) { + LogError("malloc of %d bytes failed", outputSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + free( outputData); + // 4 compute pseudonym with respect to the DAA Issuer + // allocation + zeta = compute_zeta( pk_internal->issuerBaseNameLength, + pk_internal->issuerBaseName, + pk_internal); + if( zeta == NULL) { + LogError("malloc of bi <%s> failed", "zeta"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + buffer = (BYTE *)malloc( TPM_DAA_SIZE_w); + if( buffer == NULL) { + LogError("malloc of %d bytes failed", TPM_DAA_SIZE_w); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + LogDebug("zeta[%ld] = %s", bi_nbin_size( zeta), bi_2_hex_char( zeta)); + bi_2_byte_array( buffer, TPM_DAA_SIZE_w, zeta); + LogDebug("zeta[%d] = %s", TPM_DAA_SIZE_w, dump_byte_array( TPM_DAA_SIZE_w, buffer)); + + result = Tcsip_TPM_DAA_Join_encapsulate( tcsContext, hDAA, + 13, + pk_extern->capitalGammaLength, pk_extern->capitalGamma, + TPM_DAA_SIZE_w, buffer, // zeta + &ownerAuth, &outputSize, &outputData); + free( buffer); + if( result != TSS_SUCCESS) goto close; + LogDebug("Done Join 13: capitalGamma / zeta"); + free( outputData); + + result = Tcsip_TPM_DAA_Join_encapsulate( tcsContext, hDAA, + 14, + pk_extern->capitalGammaLength, pk_extern->capitalGamma, + 0, NULL, + &ownerAuth, &outputSize, &outputData); + if( result != TSS_SUCCESS) goto close; + LogDebug("Done Join 14: capitalGamma"); + capital_ni = bi_set_as_nbin( outputSize, outputData); // allocation + if( capital_ni == NULL) { + LogError("malloc of bi <%s> failed", "capital_ni"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + free( outputData); + + result = Tcsip_TPM_DAA_Join_encapsulate( tcsContext, hDAA, + 15, + pk_extern->capitalGammaLength, pk_extern->capitalGamma, + 0, NULL, + &ownerAuth, &outputSize, &outputData); + if( result != TSS_SUCCESS) goto close; + LogDebug("Done Join 15: capitalGamma"); + capital_ni_tilde = bi_set_as_nbin( outputSize, outputData); // allocation + if( capital_ni_tilde == NULL) { + LogError("malloc of bi <%s> failed", "capital_ni_tilde"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + free( outputData); + + // 5 : compute the second part of the correctness proof of the credential request + // (with attributes not visible to issuer) + // randomize/blind attributesReceiver + size_bits = DAA_PARAM_SIZE_RANDOMIZED_ATTRIBUTES; + bi_set( product_attributes, bi_1); + ra = (bi_array_ptr)malloc( sizeof( struct _bi_array)); + if( ra == NULL) { + LogError("malloc of %d bytes failed", sizeof( struct _bi_array)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_new_array( ra, attributesPlatformLength); + if( ra->array == NULL) { + LogError("malloc of bi_array <%s> failed", "ra"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + for( i=0; i < attributesPlatformLength; i++) { + bi_urandom( ra->array[i], size_bits); + LogDebug("ra[i]=%s size=%d", bi_2_hex_char( ra->array[i]), size_bits); + // product_attributes=(((capitalYplatform ^ ra[i]) % n)*)%n + bi_mod_exp( tmp1, pk_internal->capitalRReceiver->array[i], ra->array[i], n); + bi_mul( tmp1, tmp1, product_attributes); + bi_mod( product_attributes, tmp1, n); + } + size_bits = DAA_PARAM_SIZE_F_I+2*DAA_PARAM_SAFETY_MARGIN+DAA_PARAM_SIZE_MESSAGE_DIGEST; + bi_urandom( rv_tilde_prime, size_bits); + // capital_utilde = ( capitalS ^ rv_tilde_prime) % n + bi_mod_exp( capital_utilde, pk_internal->capitalS, rv_tilde_prime, n); + // capital_utilde = capital_utilde * product_attributes + bi_mul( capital_utilde, capital_utilde, product_attributes); + // capital_utilde = capital_utilde % n + bi_mod( capital_utilde, capital_utilde, n); + // 5e + capital_Uprime = bi_set_as_nbin( joinSession->capitalUPrimeLength, + joinSession->capitalUPrime); // allocation + if( capital_Uprime == NULL) { + LogError("malloc of bi <%s> failed", "capital_Uprime"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + LogDebug("calculation UTilde: capitalS:%s\n", bi_2_hex_char( pk_internal->capitalS)); + LogDebug("calculation UTilde: rv_tilde_prime:%s\n", bi_2_hex_char( rv_tilde_prime)); + LogDebug("calculation UTilde: n:%s\n", bi_2_hex_char( n)); + LogDebug("calculation UTilde: product_attributes:%s\n", bi_2_hex_char( product_attributes)); + LogDebug("calculation NItilde: ntilde:%s\n", bi_2_hex_char( capital_ni_tilde)); + + result = compute_join_challenge_host( + hDAA, + pk_internal, + capitalU, + capital_Uprime, + capital_utilde, + capital_utilde_prime, + capital_ni, + capital_ni_tilde, + 0, // TODO commitmentProofLength + NULL, // TODO commitment + nonceIssuerLength, + nonceIssuer, + &chLength, // out + &ch // out allocation + ); + if( result != TSS_SUCCESS) goto close; + + result = Tcsip_TPM_DAA_Join_encapsulate( tcsContext, hDAA, + 16, + chLength, ch, + 0, NULL, + &ownerAuth, &outputSize, &outputData); + if( result != TSS_SUCCESS) goto close; + nonce_tpm = outputData; + nonce_tpmLength = outputSize; + LogDebug("Done Join 16: compute_join_challenge_host return nonce_tpm:%s", + dump_byte_array(nonce_tpmLength, nonce_tpm)); + + result = Tcsip_TPM_DAA_Join_encapsulate( tcsContext, hDAA, + 17, + 0, NULL, + 0, NULL, + &ownerAuth, &outputSize, &outputData); + if( result != TSS_SUCCESS) goto close; + s_f0 = bi_set_as_nbin( outputSize, outputData); // allocation + if( s_f0 == NULL) { + LogError("malloc of %s failed", "s_f0"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + LogDebug("Done Join 17: return sF0:%s", dump_byte_array(outputSize, outputData) ); + free( outputData); + + result = Tcsip_TPM_DAA_Join_encapsulate( tcsContext, hDAA, + 18, + 0, NULL, + 0, NULL, + &ownerAuth, &outputSize, &outputData); + if( result != TSS_SUCCESS) goto close; + s_f1 = bi_set_as_nbin( outputSize, outputData); // allocation + if( s_f1 == NULL) { + LogError("malloc of %s failed", "s_f1"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + LogDebug("Done Join 18: return sF1:%s", dump_byte_array(outputSize, outputData) ); + free( outputData); + + result = Tcsip_TPM_DAA_Join_encapsulate( tcsContext, hDAA, + 19, + 0, NULL, + 0, NULL, + &ownerAuth, &outputSize, &outputData); + if( result != TSS_SUCCESS) goto close; + LogDebug("Done Join 19: return sv_prime1"); + sv_prime1 = bi_set_as_nbin( outputSize, outputData); // allocation + if( sv_prime1 == NULL) { + LogError("malloc of %s failed", "sv_prime1"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + free( outputData); + + result = Tcsip_TPM_DAA_Join_encapsulate( tcsContext, hDAA, + 20, + 0, NULL, + 0, NULL, + &ownerAuth, &outputSize, &outputData); + if( result != TSS_SUCCESS) goto close; + LogDebug("Done Join 20: return cByte"); + c_byte = (BYTE *)calloc_tspi( tcsContext, outputSize); + if( c_byte == NULL) { + LogError("malloc of %d bytes failed", outputSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + memcpy( c_byte, outputData, outputSize); + free( outputData); + c_byteLength = outputSize; + c = bi_set_as_nbin( c_byteLength, c_byte); // allocation + if( c == NULL) { + LogError("malloc of %s failed", "c"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + + // verify computation of c by TPM + EVP_DigestInit(&mdctx, DAA_PARAM_get_message_digest()); + EVP_DigestUpdate(&mdctx, ch, chLength); + EVP_DigestUpdate(&mdctx, nonce_tpm, nonce_tpmLength); + nonce_tpm = convert_alloc( tcsContext, nonce_tpmLength, nonce_tpm); // allocation + if( nonce_tpm == NULL) { + LogError("malloc of %d bytes failed", nonce_tpmLength); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + internal_cbyteLength = EVP_MD_CTX_size(&mdctx); + internal_cbyte = (BYTE *)malloc( internal_cbyteLength); + if( internal_cbyte == NULL) { + LogError("malloc of %d bytes failed", internal_cbyteLength); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + EVP_DigestFinal(&mdctx, internal_cbyte, NULL); + if( c_byteLength != internal_cbyteLength || + memcmp( c_byte, internal_cbyte, c_byteLength) != 0) { + LogError( "Computation of c in TPM DAA Join command is incorrect. Affected stages: 16,20\n"); + LogError( "\t c_byte[%d] %s", + c_byteLength, + dump_byte_array( c_byteLength, c_byte)); + LogError( "\tc_internal_byte[%d] %s", + internal_cbyteLength, + dump_byte_array( internal_cbyteLength, internal_cbyte)); + result = TSS_E_INTERNAL_ERROR; + goto close; + } + + // 5m) blind attributesReceiver + sa = (bi_array_ptr)malloc( sizeof( struct _bi_array)); + if( sa == NULL) { + LogError("malloc of %d bytes failed", sizeof( struct _bi_array)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_new_array( sa, attributesPlatformLength); + for( i=0; i < attributesPlatformLength; i++) { + attributePlatform = bi_set_as_nbin( DAA_PARAM_SIZE_F_I / 8, + attributesPlatform[i]); // allocation + if( attributePlatform == NULL) { + LogError("malloc of %s failed", "attributePlatform"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + LogDebug("calculating sa[%d]: raLength=%ld cLength=%ld attributesPlatformLength=%ld\n", + i, bi_nbin_size( ra->array[i]), bi_nbin_size( c), bi_nbin_size( attributePlatform)); + bi_add( sa->array[i], ra->array[i], bi_mul( tmp1, c, attributePlatform)); + bi_free_ptr( attributePlatform); + } + attributePlatform = NULL; + // 5o) Commitments + // TODO + + result = Tcsip_TPM_DAA_Join_encapsulate( tcsContext, hDAA, + 21, + 0, NULL, + 0, NULL, + &ownerAuth, &outputSize, &outputData); + if( result != TSS_SUCCESS) goto close; + LogDebug("Done Join 21: return sv_prime2"); + sv_prime2 = bi_set_as_nbin( outputSize, outputData); // allocation + if( sv_prime2 == NULL) { + LogError("malloc of %s failed", "sv_prime2"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + free( outputData); + sv_prime = bi_new_ptr(); + if( sv_prime == NULL) { + LogError("malloc of %s failed", "sv_prime"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + // sv_prime = sv_prime2 << DAA_PARAM_SIZE_SPLIT_EXPONENT + bi_shift_left( sv_prime, sv_prime2, DAA_PARAM_SIZE_SPLIT_EXPONENT); + // sv_prime = sv_prime + sv_prime1 + bi_add( sv_prime, sv_prime, sv_prime1); + + sv_tilde_prime = bi_new_ptr(); + // tmp1 = c * v_tilde_prime + bi_mul( tmp1, c, v_tilde_prime); + // sv_tilde_prime = rv_tilde_prime + tmp1 + bi_add( sv_tilde_prime, rv_tilde_prime, tmp1); + + // step 6) - choose nonce + bi_urandom( tmp1, DAA_PARAM_SAFETY_MARGIN * 8); + noncePlatform = (BYTE *)calloc_tspi( tcsContext, DAA_PARAM_SAFETY_MARGIN); + if( noncePlatform == NULL) { + LogError("malloc of %s failed", "noncePlatform"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_2_nbin1( &noncePlatformLength, noncePlatform, tmp1); + + LogDebug("challenge:%s", dump_byte_array( c_byteLength, c_byte)); + LogDebug("sF0 [%ld]:%s", bi_length( s_f0), bi_2_hex_char( s_f0)); + LogDebug("sF1 [%ld]:%s", bi_length( s_f1), bi_2_hex_char( s_f1)); + LogDebug("sv_prime [%ld]:%s", bi_length( sv_prime), bi_2_hex_char( sv_prime)); + LogDebug("sv_tilde_prime [%ld]:%s", bi_length( sv_tilde_prime), bi_2_hex_char( sv_tilde_prime)); + // update joinSession + joinSession->capitalU = calloc_tspi( tcsContext, bi_nbin_size( capitalU)); + if( joinSession->capitalU == NULL) { + LogError("malloc of %ld bytes failed", bi_nbin_size( capitalU)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_2_nbin1( &(joinSession->capitalULength), + joinSession->capitalU, + capitalU); + joinSession->attributesPlatformLength = attributesPlatformLength; + joinSession->attributesPlatform = calloc_tspi( tcsContext, sizeof(BYTE *)); + for( i=0; iattributesPlatformLength; i++) { + joinSession->attributesPlatform[i] = + calloc_tspi( tcsContext,DAA_PARAM_SIZE_F_I / 8); + memcpy( joinSession->attributesPlatform[i], + attributesPlatform[i], + DAA_PARAM_SIZE_F_I / 8); + } + joinSession->noncePlatform = noncePlatform; + joinSession->noncePlatformLength = noncePlatformLength; + joinSession->vTildePrime = calloc_tspi( tcsContext, bi_nbin_size( v_tilde_prime)); + if( joinSession->vTildePrime == NULL) { + LogError("malloc of %ld bytes failed", bi_nbin_size( v_tilde_prime)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_2_nbin1( &(joinSession->vTildePrimeLength), + joinSession->vTildePrime, + v_tilde_prime); + // update credentialRequest + credentialRequest->capitalU = calloc_tspi( tcsContext, bi_nbin_size( capitalU)); + if( credentialRequest->capitalU == NULL) { + LogError("malloc of %ld bytes failed", bi_nbin_size( capitalU)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_2_nbin1( &(credentialRequest->capitalULength), + credentialRequest->capitalU, + capitalU); + credentialRequest->capitalNi = calloc_tspi( tcsContext, bi_nbin_size( capital_ni)); + if( credentialRequest->capitalNi == NULL) { + LogError("malloc of %ld bytes failed", bi_nbin_size( capital_ni)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_2_nbin1( &(credentialRequest->capitalNiLength), + credentialRequest->capitalNi, + capital_ni); + credentialRequest->authenticationProofLength = authentication_proofLength; + credentialRequest->authenticationProof = authentication_proof; + credentialRequest->challenge = c_byte; + credentialRequest->challengeLength = c_byteLength; + credentialRequest->nonceTpm = nonce_tpm; + credentialRequest->nonceTpmLength = nonce_tpmLength; + credentialRequest->noncePlatform = noncePlatform; + credentialRequest->noncePlatformLength = DAA_PARAM_SAFETY_MARGIN; + credentialRequest->sF0 = calloc_tspi( tcsContext, bi_nbin_size( s_f0)); + if( credentialRequest->sF0 == NULL) { + LogError("malloc of %ld bytes failed", bi_nbin_size( s_f0)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_2_nbin1( &(credentialRequest->sF0Length), credentialRequest->sF0, s_f0); + credentialRequest->sF1 = calloc_tspi( tcsContext, bi_nbin_size( s_f1)); + if( credentialRequest->sF1 == NULL) { + LogError("malloc of %ld bytes failed", bi_nbin_size( s_f1)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_2_nbin1( &(credentialRequest->sF1Length), credentialRequest->sF1, s_f1); + credentialRequest->sVprime = calloc_tspi( tcsContext, bi_nbin_size( sv_prime)); + if( credentialRequest->sVprime == NULL) { + LogError("malloc of %ld bytes failed", bi_nbin_size( sv_prime)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_2_nbin1( &(credentialRequest->sVprimeLength), + credentialRequest->sVprime, + sv_prime); + credentialRequest->sVtildePrime = calloc_tspi( tcsContext, bi_nbin_size( sv_tilde_prime)); + if( credentialRequest->sVtildePrime == NULL) { + LogError("malloc of %ld bytes failed", bi_nbin_size( sv_tilde_prime)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_2_nbin1( &(credentialRequest->sVtildePrimeLength), + credentialRequest->sVtildePrime, + sv_tilde_prime); + length = (DAA_PARAM_SIZE_RANDOMIZED_ATTRIBUTES + 7) / 8; + LogDebug("SA length=%d", sa->length); + credentialRequest->sA = calloc_tspi( tcsContext, sizeof( BYTE *) * sa->length); + if( credentialRequest->sA == NULL) { + LogError("malloc of %d bytes failed", sizeof( BYTE *) * sa->length); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + + for( i=0; i<(UINT32)sa->length; i++) { + LogDebug("sa[%d].size=%d", i, (int)bi_nbin_size( sa->array[i])); + credentialRequest->sA[i] = calloc_tspi( tcsContext, length); + if( credentialRequest->sA[i] == NULL) { + LogError("malloc of %d bytes failed", length); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + // size used only as repository + bi_2_byte_array( credentialRequest->sA[i], length, sa->array[i]); + } + credentialRequest->sALength = sa->length; +close: + if( capitalSprime_byte_array!=NULL) free( capitalSprime_byte_array); + if( ch!=NULL) free( ch); + if( internal_cbyte != NULL) free( internal_cbyte); + bi_free_ptr( rv_tilde_prime); + bi_free_ptr( v_tilde_prime); + bi_free_ptr( capital_utilde); + bi_free_ptr( tmp1); + bi_free_ptr( tmp2); + bi_free_ptr( capitalU); + if( ra != NULL) { + bi_free_array( ra); + free( ra); + } + if( sa != NULL) { + bi_free_array( sa); + free( sa); + } + FREE_BI( capital_ni); + FREE_BI( capital_utilde_prime); + FREE_BI( capital_ni_tilde); + FREE_BI( n); + FREE_BI( attributePlatform); + FREE_BI( c); + FREE_BI( zeta); + FREE_BI( capital_Uprime); + FREE_BI( sv_tilde_prime); + FREE_BI( s_f0); + FREE_BI( s_f1); + FREE_BI( sv_prime); + FREE_BI( sv_prime1); + FREE_BI( sv_prime2); + FREE_BI( product_attributes); + free_TSS_DAA_PK_internal( pk_internal); + return result; +} + +/* +Code influenced by TSS.java (joinStoreCredential) +*/ +TSPICALL Tspi_TPM_DAA_JoinStoreCredential_internal +( + TSS_HDAA hDAA, // in + TSS_HTPM hTPM, // in + TSS_DAA_CRED_ISSUER credIssuer, // in + TSS_DAA_JOIN_SESSION joinSession, // in + TSS_HKEY* hDaaCredential // out +) { + TCS_CONTEXT_HANDLE tcsContext; + TPM_AUTH ownerAuth; + bi_ptr tmp1 = bi_new_ptr(); + bi_ptr tmp2 = bi_new_ptr(); + bi_ptr n = NULL; + bi_ptr e = NULL; + bi_ptr fraction_A = NULL; + bi_ptr v_prime_prime = NULL; + bi_ptr capital_U = NULL; + bi_ptr product_attributes = NULL; + bi_ptr capital_Atilde = NULL; + bi_ptr s_e = NULL; + bi_ptr c_prime = NULL; + bi_ptr capital_A = NULL; + bi_ptr product = NULL; + bi_ptr v_tilde_prime = NULL; + bi_ptr v_prime_prime0 = NULL; + bi_ptr v_prime_prime1 = NULL; + TSS_DAA_PK *daa_pk_extern; + TSS_DAA_PK_internal *pk_intern = NULL; + TSS_DAA_CREDENTIAL *daaCredential; + bi_array_ptr attributes_issuer; + TSS_RESULT result = TSS_SUCCESS; + UINT32 i; + UINT32 c_byteLength, v0Length, v1Length, tpm_specificLength; + BYTE *c_byte = NULL; + BYTE *v0 = NULL; + BYTE *v1 = NULL; + BYTE *tpm_specific = NULL; + + if( tmp1 == NULL || tmp2 == NULL) { + LogError("malloc of bi(s) failed"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + if( (result = obj_tpm_is_connected( hTPM, &tcsContext)) != TSS_SUCCESS) return result; + obj_daa_set_handle_tpm( hDAA, hTPM); + + LogDebug("Converting issuer public"); + daa_pk_extern = (TSS_DAA_PK *)joinSession.issuerPk; + pk_intern = e_2_i_TSS_DAA_PK( daa_pk_extern); + if( pk_intern == NULL) { + LogError("malloc of pk_intern failed"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + n = bi_new_ptr(); + if( n == NULL) { + LogError("malloc of bi <%s> failed", "n"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_set( n, pk_intern->modulus); + attributes_issuer = (bi_array_ptr)malloc( sizeof( struct _bi_array)); + if( attributes_issuer == NULL) { + LogError("malloc of %d bytes failed", sizeof( struct _bi_array)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_new_array( attributes_issuer, credIssuer.attributesIssuerLength); + if( attributes_issuer->array == NULL) { + LogError("malloc of bi_array <%s> failed", "attributes_issuer->array"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + for( i=0; i < credIssuer.attributesIssuerLength; i++) { + // allocation + attributes_issuer->array[i] = bi_set_as_nbin( DAA_PARAM_SIZE_F_I / 8, + credIssuer.attributesIssuer[i]); + if( attributes_issuer->array[i] == NULL) { + LogError("malloc of bi array[%d]> failed", i); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + } + LogDebug("verify credential of issuer ( part 1)"); + e = bi_set_as_nbin( credIssuer.eLength, credIssuer.e); // allocation + if( e == NULL) { + LogError("malloc of bi <%s> failed", "e"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_set( tmp1, bi_0); + bi_setbit( tmp1, DAA_PARAM_SIZE_EXPONENT_CERTIFICATE - 1); + bi_set( tmp2, bi_0); + bi_setbit( tmp1, DAA_PARAM_SIZE_INTERVAL_EXPONENT_CERTIFICATE - 1); + bi_add( tmp1, tmp1, tmp2); + if( bi_is_probable_prime( e) == 0 || + bi_length(e) < DAA_PARAM_SIZE_EXPONENT_CERTIFICATE || + bi_cmp( e, tmp1) > 0) { + LogError("Verification e failed - Step 1.a"); + LogError("\tPrime(e):%d", bi_is_probable_prime( e)); + LogError("\tbit_length(e):%ld", bi_length(e)); + LogError("\te > (2^(l_e) + 2^(l_prime_e)):%d", bi_cmp( e, tmp1)); + result = TSS_E_DAA_CREDENTIAL_PROOF_ERROR; + goto close; + } + LogDebug("verify credential of issuer (part 2) with proof"); + fraction_A = bi_new_ptr(); + if( fraction_A == NULL) { + LogError("malloc of bi <%s> failed", "fraction_A"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + v_prime_prime = bi_set_as_nbin( credIssuer.vPrimePrimeLength, + credIssuer.vPrimePrime); // allocation + if( v_prime_prime == NULL) { + LogError("malloc of bi <%s> failed", "v_prime_prime"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + capital_U = bi_set_as_nbin( joinSession.capitalULength, + joinSession.capitalU); // allocation + if( capital_U == NULL) { + LogError("malloc of bi <%s> failed", "capital_U"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_mod_exp( fraction_A, pk_intern->capitalS, v_prime_prime, n); + bi_mul( fraction_A, fraction_A, capital_U); + bi_mod( fraction_A, fraction_A, n); + LogDebug("encode attributes"); + product_attributes = bi_new_ptr(); + bi_set( product_attributes, bi_1); + for( i=0; i<(UINT32)attributes_issuer->length; i++) { + bi_mod_exp( tmp1, pk_intern->capitalRIssuer->array[i], + attributes_issuer->array[i], n); + bi_mul( product_attributes, tmp1, product_attributes); + bi_mod( product_attributes, product_attributes, n); + } + bi_mul( fraction_A, fraction_A, product_attributes); + bi_mod( fraction_A, fraction_A, n); + capital_Atilde = bi_new_ptr(); + if( capital_Atilde == NULL) { + LogError("malloc of bi <%s> failed", "capital_Atilde"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_invert_mod( capital_Atilde, fraction_A, n); + bi_mul( capital_Atilde, capital_Atilde, pk_intern->capitalZ); + bi_mod( capital_Atilde, capital_Atilde, n); + s_e = bi_set_as_nbin( credIssuer.sELength, credIssuer.sE); // allocation + if( s_e == NULL) { + LogError("malloc of bi <%s> failed", "s_e"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_mod_exp( capital_Atilde, capital_Atilde, s_e, n); + c_prime = bi_set_as_nbin( credIssuer.cPrimeLength, credIssuer.cPrime); // allocation + if( c_prime == NULL) { + LogError("malloc of bi <%s> failed", "c_prime"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + capital_A = bi_set_as_nbin( credIssuer.capitalALength, credIssuer.capitalA); // allocation + if( capital_A == NULL) { + LogError("malloc of bi <%s> failed", "capital_A"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_mod_exp( tmp1, capital_A, c_prime, n); + bi_mul( capital_Atilde, capital_Atilde, tmp1); + bi_mod( capital_Atilde, capital_Atilde, n); + + result = compute_join_challenge_issuer( pk_intern, + v_prime_prime, + capital_A, + capital_Atilde, + joinSession.noncePlatformLength, + joinSession.noncePlatform, + &c_byteLength, + &c_byte); // out allocation + if( result != TSS_SUCCESS) goto close; + if( credIssuer.cPrimeLength != c_byteLength || + memcmp( credIssuer.cPrime, c_byte, c_byteLength)!=0) { + LogError("Verification of c failed - Step 1.c.i"); + LogError("credentialRequest.cPrime[%d]=%s", + credIssuer.cPrimeLength, + dump_byte_array( credIssuer.cPrimeLength, credIssuer.cPrime) ); + LogError("challenge[%d]=%s", + c_byteLength, + dump_byte_array( c_byteLength, c_byte) ); + result = TSS_E_DAA_CREDENTIAL_PROOF_ERROR; + goto close; + } + product = bi_new_ptr(); + if( product == NULL) { + LogError("malloc of bi <%s> failed", "product"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_mod_exp( product, capital_A, e, n); + bi_mul( product, product, fraction_A); + bi_mod( product, product, n); + if( bi_equals( pk_intern->capitalZ, product) == 0) { + LogError("Verification of A failed - Step 1.c.ii"); + LogError("\tcapitalZ=%s", bi_2_hex_char( pk_intern->capitalZ)); + LogError("\tproduct=%s", bi_2_hex_char( product)); + result = TSS_E_DAA_CREDENTIAL_PROOF_ERROR; + goto close; + } + v_tilde_prime = bi_set_as_nbin( joinSession.vTildePrimeLength, + joinSession.vTildePrime); // allocation + bi_add( v_prime_prime, v_prime_prime, v_tilde_prime); + bi_shift_left( tmp1, bi_1, DAA_PARAM_SIZE_SPLIT_EXPONENT); + v_prime_prime0 = bi_new_ptr(); + if( v_prime_prime0 == NULL) { + LogError("malloc of bi <%s> failed", "v_prime_prime0"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_mod( v_prime_prime0, v_prime_prime, tmp1); + v_prime_prime1 = bi_new_ptr(); + if( v_prime_prime1 == NULL) { + LogError("malloc of bi <%s> failed", "v_prime_prime1"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_shift_right( v_prime_prime1, v_prime_prime, DAA_PARAM_SIZE_SPLIT_EXPONENT); + free( c_byte); + c_byte = (BYTE *)malloc( TPM_DAA_SIZE_v0); + if( c_byte == NULL) { + LogError("malloc of %d bytes failed", TPM_DAA_SIZE_v0); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_2_byte_array( c_byte, TPM_DAA_SIZE_v0, v_prime_prime0); + result = Tcsip_TPM_DAA_Join_encapsulate( tcsContext, hDAA, + 22, + TPM_DAA_SIZE_v0, c_byte, + 0, NULL, + &ownerAuth, &v0Length, &v0); + if( result != TSS_SUCCESS) goto close; + LogDebug("Done Join 22: return v0"); + free( c_byte); + c_byte = (BYTE *)malloc( TPM_DAA_SIZE_v1); + if( c_byte == NULL) { + LogError("malloc of %d bytes failed", TPM_DAA_SIZE_v1); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_2_byte_array( c_byte, TPM_DAA_SIZE_v1, v_prime_prime1); + result = Tcsip_TPM_DAA_Join_encapsulate( tcsContext, hDAA, + 23, + TPM_DAA_SIZE_v1, c_byte, + 0, NULL, + &ownerAuth, &v1Length, &v1); + if( result != TSS_SUCCESS) goto close; + LogDebug("Done Join 23: return v1"); + result = Tcsip_TPM_DAA_Join_encapsulate( tcsContext, hDAA, + 24, + 0, NULL, + 0, NULL, + &ownerAuth, &tpm_specificLength, &tpm_specific); + if( result != TSS_SUCCESS) goto close; + + daaCredential = (TSS_DAA_CREDENTIAL *)hDaaCredential; + daaCredential->capitalA = calloc_tspi( tcsContext, bi_nbin_size( capital_A)); + if( daaCredential->capitalA == NULL) { + LogError("malloc of %ld bytes failed", bi_nbin_size( capital_A)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_2_nbin1( &(daaCredential->capitalALength), daaCredential->capitalA, capital_A); + daaCredential->exponent = calloc_tspi( tcsContext, bi_nbin_size( e)); + if( daaCredential->exponent == NULL) { + LogError("malloc of %ld bytes failed", bi_nbin_size( e)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_2_nbin1( &(daaCredential->exponentLength), daaCredential->exponent, e); + daaCredential->vBar0 = calloc_tspi( tcsContext, v0Length); + if( daaCredential->vBar0 == NULL) { + LogError("malloc of %d bytes failed", v0Length); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + daaCredential->vBar0Length = v0Length; + memcpy( daaCredential->vBar0, v0, v0Length); + LogDebug("vBar0[%d]=%s", + daaCredential->vBar0Length, + dump_byte_array( daaCredential->vBar0Length, daaCredential->vBar0)); + daaCredential->vBar1 = calloc_tspi( tcsContext, v1Length); + if( daaCredential->vBar1 == NULL) { + LogError("malloc of %d bytes failed", v1Length); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + daaCredential->vBar1Length = v1Length; + memcpy( daaCredential->vBar1, v1, v1Length); + LogDebug("vBar1[%d]=%s", + daaCredential->vBar1Length, + dump_byte_array( daaCredential->vBar1Length, daaCredential->vBar1)); + //TODO remove + LogDebug("[BUSS] joinSession.attributesPlatformLength=%d", + joinSession.attributesPlatformLength); + LogDebug("[BUSS] credIssuer.attributesIssuerLength=%d", + credIssuer.attributesIssuerLength); + daaCredential->attributesLength = joinSession.attributesPlatformLength + + credIssuer.attributesIssuerLength; + daaCredential->attributes = (BYTE **)calloc_tspi( tcsContext, + sizeof(BYTE *) * daaCredential->attributesLength); + if( daaCredential->attributes == NULL) { + LogError("malloc of %d bytes failed", + sizeof(BYTE *) * daaCredential->attributesLength); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + for( i=0; i < joinSession.attributesPlatformLength; i++) { + daaCredential->attributes[i] = calloc_tspi( tcsContext, DAA_PARAM_SIZE_F_I / 8); + if( daaCredential->attributes[i] == NULL) { + LogError("malloc of %d bytes failed", DAA_PARAM_SIZE_F_I / 8); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + LogDebug("allocation attributes[%d]=%lx", i, (long)daaCredential->attributes[i]); + memcpy( daaCredential->attributes[i], + joinSession.attributesPlatform[i], + DAA_PARAM_SIZE_F_I / 8); + } + for( i=0; i < credIssuer.attributesIssuerLength; i++) { + daaCredential->attributes[i+joinSession.attributesPlatformLength] = + calloc_tspi( tcsContext, DAA_PARAM_SIZE_F_I / 8); + if( daaCredential->attributes[i+joinSession.attributesPlatformLength] == NULL) { + LogError("malloc of %d bytes failed", DAA_PARAM_SIZE_F_I / 8); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + memcpy( daaCredential->attributes[i+joinSession.attributesPlatformLength], + credIssuer.attributesIssuer[i], DAA_PARAM_SIZE_F_I / 8); + } + memcpy( &(daaCredential->issuerPK), daa_pk_extern, sizeof( TSS_DAA_PK)); + daaCredential->tpmSpecificEnc = calloc_tspi( tcsContext, tpm_specificLength); + if( daaCredential->tpmSpecificEnc == NULL) { + LogError("malloc of %d bytes failed", tpm_specificLength); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + daaCredential->tpmSpecificEncLength = tpm_specificLength; + memcpy( daaCredential->tpmSpecificEnc, tpm_specific, tpm_specificLength); + // TODO store in TSS this TSS_DAA_CREDENTIAL_REQUEST + *hDaaCredential = (TSS_HKEY)daaCredential; +close: + if( v0 != NULL) free( v0); + if( v1 != NULL) free( v1); + if( tpm_specific != NULL) free( tpm_specific); + if( c_byte != NULL) free( c_byte); + bi_free_ptr( tmp2); + bi_free_ptr( tmp1); + if( attributes_issuer != NULL) { + bi_free_array( attributes_issuer); + free( attributes_issuer); + } + FREE_BI( v_prime_prime1); + FREE_BI( v_prime_prime0); + FREE_BI( v_tilde_prime); + FREE_BI( product); + FREE_BI( capital_A); + FREE_BI( c_prime); + FREE_BI( s_e); + FREE_BI( capital_Atilde); + FREE_BI( product_attributes); + FREE_BI( capital_U); + FREE_BI( v_prime_prime); + FREE_BI( fraction_A); + FREE_BI( e); + FREE_BI( n); + if( pk_intern!=NULL) free_TSS_DAA_PK_internal( pk_intern); + return result; +} + +static void add_splitet( bi_ptr result, bi_ptr a, bi_ptr b) { + bi_shift_left( result, bi_1, DAA_PARAM_SIZE_SPLIT_EXPONENT); + bi_mul( result, result, b); + bi_add( result, result, a); +} + +/* code influenced by TSS.java (signStep) */ +TSS_RESULT Tspi_TPM_DAA_Sign_internal +( + TSS_HDAA hDAA, // in + TSS_HTPM hTPM, // in + TSS_HKEY hDaaCredential, // in + TSS_DAA_SELECTED_ATTRIB revealAttributes, // in + UINT32 verifierBaseNameLength, // in + BYTE* verifierBaseName, // in + UINT32 verifierNonceLength, // in + BYTE* verifierNonce, // in + TSS_DAA_SIGN_DATA signData, // in + TSS_DAA_SIGNATURE* daaSignature // out +) +{ + TCS_CONTEXT_HANDLE tcsContext; + TSS_DAA_CREDENTIAL *daaCredential; + TPM_DAA_ISSUER *tpm_daa_issuer; + TPM_AUTH ownerAuth; + TSS_RESULT result = TSS_SUCCESS; + TSS_DAA_PK *pk; + TSS_DAA_PK_internal *pk_intern; + int i; + bi_ptr tmp1 = bi_new_ptr(), tmp2; + bi_ptr n = NULL; + bi_ptr capital_gamma = NULL; + bi_ptr gamma = NULL; + bi_ptr zeta = NULL; + bi_ptr r = NULL; + bi_ptr t_tilde_T = NULL; + bi_ptr capital_Nv = NULL; + bi_ptr capital_N_tilde_v = NULL; + bi_ptr w = NULL; + bi_ptr capital_T = NULL; + bi_ptr r_E = NULL; + bi_ptr r_V = NULL; + bi_ptr capital_T_tilde = NULL; + bi_ptr capital_A = NULL; + bi_array_ptr capital_R; + bi_ptr product_R = NULL; + bi_array_ptr r_A = NULL; + bi_array_ptr s_A = NULL; + bi_ptr c = NULL; + bi_ptr sF0 = NULL; + bi_ptr sF1 = NULL; + bi_ptr sV1 = NULL; + bi_ptr sV2 = NULL; + bi_ptr e = NULL; + bi_ptr s_E = NULL; + bi_ptr s_V = NULL; + CS_ENCRYPTION_RESULT_RANDOMNESS *encryption_result_rand = NULL; + BYTE *issuer_settings = NULL, *outputData, byte; + BYTE *buffer = NULL, *ch = NULL, *nonce_tpm = NULL, *c_bytes = NULL; + UINT32 issuer_settingsLength, outputSize, length, size_bits, chLength; + UINT32 nonce_tpmLength; + UINT32 c_bytesLength, return_sign_session; + // for anonymity revocation + CS_ENCRYPTION_RESULT *encryption_result = NULL; + CS_ENCRYPTION_RESULT *encryption_result_tilde = NULL; + TSS_DAA_PSEUDONYM *signature_pseudonym; + TSS_DAA_PSEUDONYM_PLAIN *pseudonym_plain = NULL; + TSS_DAA_PSEUDONYM_PLAIN *pseudonym_plain_tilde = NULL; + TSS_DAA_ATTRIB_COMMIT *signed_commitments; + + if( (result = obj_tpm_is_connected( hTPM, &tcsContext)) != TSS_SUCCESS) + return result; + if( tmp1 == NULL) { + LogError("malloc of bi <%s> failed", "tmp1"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + obj_daa_set_handle_tpm( hDAA, hTPM); + // TODO retrieve the daaCredential from the persistence storage + daaCredential = (TSS_DAA_CREDENTIAL *)hDaaCredential; + pk = (TSS_DAA_PK *)&(daaCredential->issuerPK); + pk_intern = e_2_i_TSS_DAA_PK( pk); + if( pk_intern == NULL) { + LogError("malloc of <%s> failed", "pk_intern"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + tpm_daa_issuer = convert2issuer_settings( pk_intern); + if( daaCredential->attributesLength == 0 || + daaCredential->attributesLength != revealAttributes.indicesListLength) { + LogDebug("Problem with the reveal attribs: attributes length:%d reveal length:%d", + daaCredential->attributesLength, revealAttributes.indicesListLength); + result = TSS_E_BAD_PARAMETER; + goto close; + } + if( verifierNonce == NULL || + verifierNonceLength != DAA_PARAM_LENGTH_MESSAGE_DIGEST) { + LogDebug("Problem with the nonce verifier: nonce verifier length:%d", + verifierNonceLength); + result = TSS_E_BAD_PARAMETER; + goto close; + } + n = bi_new_ptr(); + if( n == NULL) { + LogError("malloc of bi <%s> failed", "n"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_set( n, pk_intern->modulus); + capital_gamma = bi_new_ptr(); + if( capital_gamma == NULL) { + LogError("malloc of bi <%s> failed", "capital_gamma"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_set( capital_gamma, pk_intern->capitalGamma); + gamma = bi_new_ptr(); + if( gamma == NULL) { + LogError("malloc of bi <%s> failed", "gamma"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_set( gamma, pk_intern->gamma); + if( verifierBaseNameLength == 0 || verifierBaseName == NULL) { + r = bi_new_ptr(); + compute_random_number( r, capital_gamma); + zeta = project_into_group_gamma( r, pk_intern); // allocation + if( zeta == NULL) { + LogError("malloc of bi <%s> failed", "zeta"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + } else { + zeta = compute_zeta( verifierBaseNameLength, verifierBaseName, pk_intern); + if( zeta == NULL) { + LogError("malloc of bi <%s> failed", "zeta"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + } + issuer_settings = issuer_2_byte_array( tpm_daa_issuer, + &issuer_settingsLength); // allocation + if( issuer_settings == NULL) { + LogError("malloc of %d bytes failed", issuer_settingsLength); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + LogDebug( "Issuer Settings:[%s]", + dump_byte_array(issuer_settingsLength, issuer_settings) ); + result = Tcsip_TPM_DAA_Sign( + tcsContext, hDAA, + 0, + issuer_settingsLength, issuer_settings, + 0, NULL, + &ownerAuth, &outputSize, &outputData); + if( result != TSS_SUCCESS) goto close; + // set the sessionHandle to the returned value + return_sign_session = ntohl( *((UINT32 *)outputData)); + obj_daa_set_session_handle( hDAA, return_sign_session); + free( outputData); + result = Tcsip_TPM_DAA_Sign( + tcsContext, hDAA, + 1, + daaCredential->tpmSpecificEncLength, daaCredential->tpmSpecificEnc, + 0, NULL, + &ownerAuth, &outputSize, &outputData); + if( result != TSS_SUCCESS) goto close; + free( outputData); + LogDebug( "done Sign 1 - TPM specific"); + result = Tcsip_TPM_DAA_Sign( + tcsContext, hDAA, + 2, + pk->capitalR0Length, pk->capitalR0, + pk->modulusLength, pk->modulus, + &ownerAuth, &outputSize, &outputData); + if( result != TSS_SUCCESS) goto close; + free( outputData); + LogDebug( "done Sign 2 - capitalR0"); + result = Tcsip_TPM_DAA_Sign( + tcsContext, hDAA, + 3, + pk->capitalR1Length, pk->capitalR1, + pk->modulusLength, pk->modulus, + &ownerAuth, &outputSize, &outputData); + if( result != TSS_SUCCESS) goto close; + free( outputData); + LogDebug( "done Sign 3 - capitalR1"); + result = Tcsip_TPM_DAA_Sign( + tcsContext, hDAA, + 4, + pk->capitalSLength, pk->capitalS, + pk->modulusLength, pk->modulus, + &ownerAuth, &outputSize, &outputData); + if( outputSize > 0 && outputData != NULL) free( outputData); + if( result != TSS_SUCCESS) goto close; + LogDebug( "done Sign 4 - capitalS"); + buffer = bi_2_nbin( &length, pk_intern->capitalSprime); // allocation + if( buffer == NULL) { + LogError("malloc of %d bytes failed", length); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + result = Tcsip_TPM_DAA_Sign( + tcsContext, hDAA, + 5, + length, buffer, + pk->modulusLength, pk->modulus, + &ownerAuth, &outputSize, &outputData); + free( buffer); + if( result != TSS_SUCCESS) goto close; + LogDebug( "done Sign 5 - capitalSPrime. Return t_tilde_T"); + t_tilde_T = bi_set_as_nbin( outputSize, outputData); // allocation + if( t_tilde_T == NULL) { + LogError("malloc of bi <%s> failed", "t_tilde_T"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + free( outputData); + // first precomputation until here possible (verifier independent) + length = TPM_DAA_SIZE_w; + buffer = (BYTE *)malloc( length); + if( buffer == NULL) { + LogError("malloc of %d bytes failed", length); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_2_byte_array( buffer, length, zeta); + result = Tcsip_TPM_DAA_Sign( + tcsContext, hDAA, + 6, + pk->capitalGammaLength, pk->capitalGamma, + length, buffer, + &ownerAuth, &outputSize, &outputData); + free( buffer); + if( result != TSS_SUCCESS) goto close; + LogDebug( "done Sign 6 - capitalGamma & zeta"); + result = Tcsip_TPM_DAA_Sign( + tcsContext, hDAA, + 7, + pk->capitalGammaLength, pk->capitalGamma, + 0, NULL, + &ownerAuth, &outputSize, &outputData); + if( result != TSS_SUCCESS) goto close; + LogDebug( "done Sign 7 - capitalGamma. Return capital_Nv"); + capital_Nv = bi_set_as_nbin( outputSize, outputData); // allocation + if( capital_Nv == NULL) { + LogError("malloc of bi <%s> failed", "capital_Nv"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + free( outputData); + // TODO Step 6 a.b - anonymity revocation + + result = Tcsip_TPM_DAA_Sign( + tcsContext, hDAA, + 8, + pk->capitalGammaLength, pk->capitalGamma, + 0, NULL, + &ownerAuth, &outputSize, &outputData); + if( result != TSS_SUCCESS) goto close; + LogDebug( "done Sign 8 - capitalGamma. Return capital_N_tilde_v"); + capital_N_tilde_v = bi_set_as_nbin( outputSize, outputData); // allocation + if( capital_N_tilde_v == NULL) { + LogError("malloc of bi <%s> failed", "capital_N_tilde_v"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + free( outputData); + // TODO Step 6 c,d - anonymity revocation + + // Second precomputation until here possible (verifier dependent) + size_bits = DAA_PARAM_SIZE_RSA_MODULUS + DAA_PARAM_SAFETY_MARGIN; + w = bi_new_ptr(); + if( w == NULL) { + LogError("malloc of bi <%s> failed", "w"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_urandom( w, size_bits); + capital_A = bi_set_as_nbin( daaCredential->capitalALength, + daaCredential->capitalA); // allocation + if( capital_A == NULL) { + LogError("malloc of bi <%s> failed", "capital_A"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + capital_T = bi_new_ptr(); + if( capital_T == NULL) { + LogError("malloc of bi <%s> failed", "capital_T"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_mod_exp( tmp1, pk_intern->capitalS, w, n); + bi_mul( capital_T, capital_A, tmp1); + bi_mod( capital_T, capital_T, n); + size_bits = DAA_PARAM_SIZE_INTERVAL_EXPONENT_CERTIFICATE + + DAA_PARAM_SAFETY_MARGIN + DAA_PARAM_SIZE_MESSAGE_DIGEST; + r_E = bi_new_ptr(); + if( r_E == NULL) { + LogError("malloc of bi <%s> failed", "r_E"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_urandom( r_E, size_bits); + size_bits = DAA_PARAM_SIZE_EXPONENT_CERTIFICATE + DAA_PARAM_SIZE_RSA_MODULUS + + 2 * DAA_PARAM_SAFETY_MARGIN + DAA_PARAM_SIZE_MESSAGE_DIGEST + 1; + r_V = bi_new_ptr(); + if( r_V == NULL) { + LogError("malloc of bi <%s> failed", "r_V"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_urandom( r_V, size_bits); + capital_T_tilde = bi_new_ptr(); + if( capital_T_tilde == NULL) { + LogError("malloc of bi <%s> failed", "capital_T_tilde"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_mod_exp( tmp1, capital_T, r_E, n); + bi_mul( capital_T_tilde, t_tilde_T, tmp1); + bi_mod( capital_T_tilde, capital_T_tilde, n); + + bi_mod_exp( tmp1, pk_intern->capitalS, r_V, n); + bi_mul( capital_T_tilde, capital_T_tilde, tmp1); + bi_mod( capital_T_tilde, capital_T_tilde, n); + + // attributes extension + size_bits = DAA_PARAM_SIZE_F_I + + DAA_PARAM_SAFETY_MARGIN + + DAA_PARAM_SIZE_MESSAGE_DIGEST; + capital_R = pk_intern->capitalY; + r_A = (bi_array_ptr)malloc( sizeof( struct _bi_array)); + if( r_A == NULL) { + LogError("malloc of %d bytes failed", sizeof( struct _bi_array)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_new_array2( r_A, revealAttributes.indicesListLength); + product_R = bi_new_ptr(); + if( product_R == NULL) { + LogError("malloc of bi <%s> failed", "product_R"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_set( product_R, bi_1); + for( i=0; i<(int)revealAttributes.indicesListLength; i++) { + if( revealAttributes.indicesList[i] == 0) { + // only non selected + r_A->array[i] = bi_new_ptr(); + if( r_A->array[i] == NULL) { + LogError("malloc of bi <%s> failed", "r_A->array[i]"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_urandom( r_A->array[i] , size_bits); + bi_mod_exp( tmp1, capital_R->array[i], r_A->array[i], n); + bi_mul( product_R, product_R, tmp1); + bi_mod( product_R, product_R, n); + } else r_A->array[i] = NULL; + } + bi_mul( capital_T_tilde, capital_T_tilde, product_R); + bi_mod( capital_T_tilde, capital_T_tilde, n); + //TODO Step 8 - Commitments + // compute commitment to attributes not revealed to the verifier + + //TODO Step 9 - callback functions + + // only when revocation not enabled + pseudonym_plain = (TSS_DAA_PSEUDONYM_PLAIN *)calloc_tspi( tcsContext, + sizeof(TSS_DAA_PSEUDONYM_PLAIN)); + if( pseudonym_plain == NULL) { + LogError("malloc of %d bytes failed", sizeof(TSS_DAA_PSEUDONYM_PLAIN)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + init_tss_version( pseudonym_plain); + pseudonym_plain->capitalNv = calloc_tspi( tcsContext, + bi_nbin_size( capital_Nv)); + if( pseudonym_plain->capitalNv == NULL) { + LogError("malloc of bi <%s> failed", "pseudonym_plain->capitalNv"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_2_nbin1( &(pseudonym_plain->capitalNvLength), + pseudonym_plain->capitalNv, + capital_Nv); + pseudonym_plain_tilde = (TSS_DAA_PSEUDONYM_PLAIN *) + calloc_tspi( tcsContext,sizeof(TSS_DAA_PSEUDONYM_PLAIN)); + if( pseudonym_plain_tilde == NULL) { + LogError("malloc of %d bytes failed", sizeof(TSS_DAA_PSEUDONYM_PLAIN)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + init_tss_version( pseudonym_plain_tilde); + pseudonym_plain_tilde->capitalNv = calloc_tspi( tcsContext, + bi_nbin_size( capital_N_tilde_v)); + if( pseudonym_plain_tilde->capitalNv == NULL) { + LogError("malloc of bi <%s> failed", "pseudonym_plain_tilde->capitalNv"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_2_nbin1( &(pseudonym_plain_tilde->capitalNvLength), + pseudonym_plain_tilde->capitalNv, + capital_N_tilde_v); + + // Step 10 - compute challenge + ch = compute_sign_challenge_host( + &chLength, + DAA_PARAM_get_message_digest(), + pk_intern, + verifierNonceLength, + verifierNonce, + 0, // int selected_attributes2commitLength, + NULL, // TSS_DAA_SELECTED_ATTRIB **selected_attributes2commit, + 0, // int is_anonymity_revocation_enabled, + zeta, + capital_T, + capital_T_tilde, + 0, // int attribute_commitmentsLength, + NULL, // TSS_DAA_ATTRIB_COMMIT_internal **attribute_commitments, + NULL, // TSS_DAA_ATTRIB_COMMIT_internal **attribute_commitment_proofs, + capital_Nv, + capital_N_tilde_v, + NULL, // CS_PUBLIC_KEY *anonymity_revocator_pk, + NULL, // CS_ENCRYPTION_RESULT *encryption_result_rand, + NULL //CS_ENCRYPTION_RESULT *encryption_result_proof) + ); + if( ch == NULL) { + LogError("malloc in compute_sign_challenge_host failed"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + result = Tcsip_TPM_DAA_Sign( tcsContext, hDAA, + 9, + chLength, ch, + 0, NULL, + &ownerAuth, &nonce_tpmLength, &nonce_tpm); + if( result != TSS_SUCCESS) goto close; + LogDebug( "done Sign 9 - compute sign challenge host. Return nonce_tpm"); + byte = (BYTE)signData.payloadFlag; // 0 -> payload contains a handle to an AIK + // 1 -> payload contains a hashed message + result = Tcsip_TPM_DAA_Sign( tcsContext, hDAA, + 10, + sizeof(BYTE), &byte, + signData.payloadLength, signData.payload, + &ownerAuth, &c_bytesLength, &c_bytes); + LogDebug("calculation of c: ch[%d]%s", chLength, dump_byte_array( chLength, ch)); + LogDebug("calculation of c: nonce_tpm[%d]%s", + nonce_tpmLength, + dump_byte_array( nonce_tpmLength, nonce_tpm)); + LogDebug("calculation of c: sign_data.payloadFlag[%d]%x", + 1, + (int)signData.payloadFlag); + LogDebug("calculation of c: signdata.payload[%d]%s", + signData.payloadLength, + dump_byte_array( signData.payloadLength, signData.payload)); + + if( result != TSS_SUCCESS) goto close; + LogDebug( "done Sign 10 - compute signData.payload."); + LogDebug(" Return c_bytes[%d]%s", + c_bytesLength, + dump_byte_array( c_bytesLength, c_bytes)); + c = bi_set_as_nbin( c_bytesLength, c_bytes); // allocation + if( c == NULL) { + LogError("malloc of bi <%s> failed", "c"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + result = Tcsip_TPM_DAA_Sign( + tcsContext, hDAA, + 11, + 0, NULL, + 0, NULL, + &ownerAuth, &outputSize, &outputData); + if( result != TSS_SUCCESS)goto close; + LogDebug( "done Sign 11. Return sF0"); + sF0 = bi_set_as_nbin( outputSize, outputData); // allocation + if( sF0 == NULL) { + LogError("malloc of bi <%s> failed", "sF0"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + free( outputData); + result = Tcsip_TPM_DAA_Sign( + tcsContext, hDAA, + 12, + 0, NULL, + 0, NULL, + &ownerAuth, &outputSize, &outputData); + if( result != TSS_SUCCESS) goto close; + LogDebug( "done Sign 12. Return sF1"); + sF1 = bi_set_as_nbin( outputSize, outputData); // allocation + if( sF1 == NULL) { + LogError("malloc of bi <%s> failed", "sF1"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + free( outputData); + result = Tcsip_TPM_DAA_Sign( + tcsContext, hDAA, + 13, + daaCredential->vBar0Length, daaCredential->vBar0, + 0, NULL, + &ownerAuth, &outputSize, &outputData); + if( result != TSS_SUCCESS) goto close; + LogDebug( "done Sign 13. Return sV1"); + sV1 = bi_set_as_nbin( outputSize, outputData); // allocation + if( sV1 == NULL) { + LogError("malloc of bi <%s> failed", "sV1"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + free( outputData); + result = Tcsip_TPM_DAA_Sign( + tcsContext, hDAA, + 14, + daaCredential->vBar0Length, daaCredential->vBar0, + 0, NULL, + &ownerAuth, &outputSize, &outputData); + if( result != TSS_SUCCESS) goto close; + free( outputData); + LogDebug( "done Sign 14."); + result = Tcsip_TPM_DAA_Sign( + tcsContext, hDAA, + 15, + daaCredential->vBar1Length, daaCredential->vBar1, + 0, NULL, + &ownerAuth, &outputSize, &outputData); + if( result != TSS_SUCCESS) goto close; + LogDebug( "done Sign 15. Return sV2"); + sV2 = bi_set_as_nbin( outputSize, outputData); // allocation + if( sV2 == NULL) { + LogError("malloc of bi <%s> failed", "sV2"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + free( outputData); + // allocation + e = bi_set_as_nbin( daaCredential->exponentLength, daaCredential->exponent); + if( e == NULL) { + LogError("malloc of bi <%s> failed", "e"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + // s_e = r_E + ( c * ( e - ( 1 << (sizeExponentCertificate -1)))) + s_E = bi_new_ptr(); + if( s_E == NULL) { + LogError("malloc of bi <%s> failed", "s_E"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_shift_left( tmp1, bi_1, DAA_PARAM_SIZE_EXPONENT_CERTIFICATE - 1); + bi_sub( tmp1, e, tmp1); + bi_mul( tmp1, c, tmp1); + bi_add( s_E, r_E, tmp1); + s_V = bi_new_ptr(); + if( s_V == NULL) { + LogError("malloc of bi <%s> failed", "s_V"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + add_splitet( s_V, sV1, sV2); + bi_add( s_V, s_V, r_V); + bi_mul( tmp1, c, w); + bi_mul( tmp1, tmp1, e); + bi_sub( s_V, s_V, tmp1); + // attributes extension + // TODO verify the size of each selected attributes + s_A = (bi_array_ptr)malloc( sizeof( struct _bi_array)); + if( s_A == NULL) { + LogError("malloc of bi_array <%s> failed", "s_A"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_new_array2( s_A, revealAttributes.indicesListLength); + if( s_A->array == NULL) { + LogError("malloc of bi_array <%s> failed", "s_A"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + for( i=0; i<(int)revealAttributes.indicesListLength; i++) { + if( revealAttributes.indicesList[i] == 0) { + s_A->array[i] = bi_new_ptr(); + if( s_A->array[i] == NULL) { + LogError("malloc of bi <%s> failed", "s_A->array[i]"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + tmp2 = bi_set_as_nbin( DAA_PARAM_SIZE_F_I / 8, + daaCredential->attributes[i]); // allocation + if( tmp2 == NULL) { + LogError("malloc of %d bytes failed", DAA_PARAM_SIZE_F_I / 8); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_mul( tmp1, c, tmp2); + // TODEL + LogDebug("daaCredential->attributes[i]=%ld", bi_nbin_size( tmp2)); + LogDebug("r_A:%ld", bi_nbin_size( r_A->array[i])); + LogDebug("c:%ld", bi_nbin_size( c)); + LogDebug("c*daaCredential->attributes[i]=%ld", bi_nbin_size( tmp1)); + // END TODEL + bi_add( s_A->array[i], r_A->array[i], tmp1); + bi_free_ptr( tmp2); + } else s_A->array[i] = NULL; + } + + // Compose result structure + + // DAASignaturePseudonym TODO: implement anonymity revocation + // if ( !revocation_enabled) + signature_pseudonym = pseudonym_plain; + + // populate the signature (TSS_DAA_SIGNATURE) + daaSignature->zeta = (BYTE *)calloc_tspi( tcsContext, bi_nbin_size( zeta)); + if (daaSignature->zeta == NULL) { + LogError("malloc of %ld bytes failed", bi_nbin_size( zeta)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_2_nbin1( &(daaSignature->zetaLength), daaSignature->zeta, zeta); + daaSignature->capitalT = (BYTE *)calloc_tspi( tcsContext, bi_nbin_size( capital_T)); + if (daaSignature->capitalT == NULL) { + LogError("malloc of %ld bytes failed", bi_nbin_size( capital_T)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_2_nbin1( &(daaSignature->capitalTLength), daaSignature->capitalT, capital_T); + daaSignature->challenge = (BYTE *)calloc_tspi( tcsContext, c_bytesLength); + if (daaSignature->challenge == NULL) { + LogError("malloc of %d bytes failed", c_bytesLength); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + daaSignature->challengeLength = c_bytesLength; + memcpy( daaSignature->challenge, c_bytes, c_bytesLength); + daaSignature->nonceTpm = (BYTE *)calloc_tspi( tcsContext, nonce_tpmLength); + if (daaSignature->nonceTpm == NULL) { + LogError("malloc of %d bytes failed", nonce_tpmLength); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + daaSignature->nonceTpmLength = nonce_tpmLength; + memcpy( daaSignature->nonceTpm, nonce_tpm, nonce_tpmLength); + daaSignature->sV = (BYTE *)calloc_tspi( tcsContext, bi_nbin_size( s_V)); + if (daaSignature->sV == NULL) { + LogError("malloc of %ld bytes failed", bi_nbin_size( s_V)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_2_nbin1( &(daaSignature->sVLength), daaSignature->sV, s_V); + daaSignature->sF0 = (BYTE *)calloc_tspi( tcsContext, bi_nbin_size( sF0)); + if (daaSignature->sF0 == NULL) { + LogError("malloc of %ld bytes failed", bi_nbin_size( sF0)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_2_nbin1( &(daaSignature->sF0Length), daaSignature->sF0, sF0); + daaSignature->sF1 = (BYTE *)calloc_tspi( tcsContext, bi_nbin_size( sF1)); + if (daaSignature->sF1 == NULL) { + LogError("malloc of %ld bytes failed", bi_nbin_size( sF1)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_2_nbin1( &(daaSignature->sF1Length), daaSignature->sF1, sF1); + daaSignature->sE = (BYTE *)calloc_tspi( tcsContext, bi_nbin_size( s_E)); + if (daaSignature->sE == NULL) { + LogError("malloc of %ld bytes failed", bi_nbin_size( s_E)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_2_nbin1( &(daaSignature->sELength), daaSignature->sE, s_E); + daaSignature->sALength = revealAttributes.indicesListLength; + daaSignature->sA = (BYTE **)calloc_tspi( + tcsContext, + sizeof(BYTE *)*revealAttributes.indicesListLength); + if (daaSignature->sA == NULL) { + LogError("malloc of %d bytes failed", + sizeof(BYTE *)*revealAttributes.indicesListLength); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + length = (DAA_PARAM_SIZE_RANDOMIZED_ATTRIBUTES + 7) / 8; + for( i=0; i<(int)revealAttributes.indicesListLength; i++) { + daaSignature->sA[i] = calloc_tspi( tcsContext, length); + if (daaSignature->sA[i] == NULL) { + LogError("malloc of %d bytes failed", length); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + if( s_A->array[i] == NULL) + bi_2_byte_array( daaSignature->sA[i], length, bi_0); + else { + bi_2_byte_array( daaSignature->sA[i], length, s_A->array[i]); + LogDebug("size big_integer s_A[i] = %ld size daaSignature->sA[i]=%d", + bi_nbin_size( s_A->array[i]), length); + } + } + daaSignature->attributeCommitmentsLength = 0; + daaSignature->signedPseudonym = signature_pseudonym; +close: + bi_free_ptr( tmp1); + if( c_bytes != NULL) free( c_bytes); + if( ch != NULL) free( ch); + if( nonce_tpm != NULL) free( nonce_tpm); + if( encryption_result !=NULL) free( encryption_result); + if( encryption_result_tilde !=NULL) free( encryption_result_tilde); + if( issuer_settings != NULL) free( issuer_settings); + if( r_A != NULL) { + for( i=0; i<(int)revealAttributes.indicesListLength; i++) + if( r_A->array[i] != NULL) bi_free_ptr( r_A->array[i]); + free( r_A); + } + FREE_BI( s_V); + FREE_BI( s_E); + FREE_BI( e); + FREE_BI( sV2); + FREE_BI( sV1); + FREE_BI( sF1); + FREE_BI( sF0); + FREE_BI( c); + FREE_BI( product_R); + FREE_BI( capital_A); + FREE_BI( capital_T_tilde); + FREE_BI( r_V); + FREE_BI( r_E); + FREE_BI( capital_T); + FREE_BI( w); + FREE_BI( capital_N_tilde_v); + FREE_BI( capital_Nv); + FREE_BI( t_tilde_T); + FREE_BI( n); + FREE_BI( capital_gamma); + FREE_BI( gamma); + FREE_BI( zeta); + FREE_BI( r); + free_TSS_DAA_PK_internal( pk_intern); + free_TPM_DAA_ISSUER( tpm_daa_issuer); + return result; +} diff --git a/src/tspi/daa/daa_platform/test.c b/src/tspi/daa/daa_platform/test.c new file mode 100644 index 0000000..04fdd38 --- /dev/null +++ b/src/tspi/daa/daa_platform/test.c @@ -0,0 +1,142 @@ + +#include +#include +#include +#include +#include "spi_internal_types.h" +#include +#include +#include "tsplog.h" +#include "daa_parameter.h" + +setenv("TCSD_FOREGROUND", "1", 1); + +// simulating Tspi_TPM_DAA_JoinInit (spi_daa.c) +TSS_RESULT Tspi_DAA_Join(TSS_HTPM hTPM, int stage, UINT32 inputSize0, BYTE *inputData0, UINT32 inputSize1, BYTE *inputData1, UINT32 *outputSize, BYTE **outputData) { + TSS_RESULT result; + TCS_CONTEXT_HANDLE tcsContext; + TSS_HCONTEXT tspContext; + TSS_HPOLICY hPolicy; + TCPA_DIGEST digest; + TPM_AUTH ownerAuth; + UINT16 offset = 0; + BYTE hashblob[1000]; + + printf("[%s:%d] obj_tpm_is_connected(hTPM)\n", __FILE__, __LINE__); + if( (result = obj_tpm_is_connected( hTPM, &tcsContext)) != TSS_SUCCESS) return result; + printf("[%s:%d] obj_tpm_get_tsp_context(hTPM)\n", __FILE__, __LINE__); + if( (result = obj_tpm_get_tsp_context( hTPM, &tspContext)) != TSS_SUCCESS) return result; + printf("[%s:%d] obj_tpm_get_policy(hTPM)\n", __FILE__, __LINE__); + if( (result = obj_tpm_get_policy( hTPM, &hPolicy)) != TSS_SUCCESS) return result; + + printf("[%s:%d] Trspi_LoadBlob_UINT32(&offset, TPM_ORD_DAA_Join, hashblob)\n", __FILE__, __LINE__); + Trspi_LoadBlob_UINT32(&offset, TPM_ORD_DAA_Join, hashblob); // hash TPM_COMMAND_CODE + printf("[%s:%d] Trspi_Hash(TSS_HASH_SHA1, offset, hashblob, digest.digest)\n",__FILE__, __LINE__); + Trspi_LoadBlob_BYTE(&offset, stage, hashblob); // hash stage + printf("[%s:%d] Trspi_LoadBlob_UINT32(&offset, 0, hashblob)\n",__FILE__, __LINE__); + //TODO old 4 + Trspi_LoadBlob_UINT32(&offset, inputSize0, hashblob); // hash inputSize0 + printf("[%s:%d] Trspi_LoadBlob_UINT32(&offset, 0, hashblob)\n",__FILE__, __LINE__); + Trspi_LoadBlob( &offset, inputSize0, hashblob, inputData0); // hash inputData0 + //TODO old 1 + Trspi_LoadBlob_UINT32(&offset, inputSize1, hashblob); // hash inputSize1 + printf("[%s:%d] Trspi_LoadBlob_UINT32(&offset, 0, hashblob)\n",__FILE__, __LINE__); + Trspi_LoadBlob( &offset, inputSize1, hashblob, inputData1); // hash inputData1 + Trspi_Hash(TSS_HASH_SHA1, offset, hashblob, digest.digest); + + if ((result = secret_PerformAuth_OIAP(hTPM, TPM_ORD_DAA_Join, + hPolicy, &digest, + &ownerAuth)) != TSS_SUCCESS) return result; + printf("[%s:%d] secret_PerformAuth_OIAP(hTPM, TPM_ORD_DAA_Join ret=%d\n",__FILE__, __LINE__, result); + // out + + /* step of the following call: + TCSP_DAAJoin tcsd_api/calltcsapi.c (define in spi_utils.h) + TCSP_DAAJoin_TP tcsd_api/tcstp.c (define in trctp.h) + */ + + printf("[%s:%d] TCSP_DAAJoin(%x,%x,%x,%x,%x,%x,%x)\n",__FILE__, __LINE__, + (int)hTPM, 0, inputSize0,(int)inputData0,inputSize1,(int)inputData1,(int)&ownerAuth); + if ( (result = TCSP_DaaJoin( tcsContext, hTPM, 0, inputSize0, inputData0, inputSize1, inputData1, &ownerAuth, outputSize, outputData)) != TSS_SUCCESS) + return result; + + offset = 0; + Trspi_LoadBlob_UINT32(&offset, result, hashblob); + Trspi_LoadBlob_UINT32(&offset, TPM_ORD_DAA_Join, hashblob); + Trspi_LoadBlob_UINT32(&offset, *outputSize, hashblob); + Trspi_LoadBlob(&offset, *outputSize, hashblob, *outputData); + Trspi_Hash(TSS_HASH_SHA1, offset, hashblob, digest.digest); + if( (result = obj_policy_validate_auth_oiap( hPolicy, &digest, &ownerAuth))) + { + printf("[%s:%d] obj_policy_validate_auth=%d\n",__FILE__, __LINE__, result); + } + return result; +} + + +int main(int argc, char *argv[]) +{ + TSS_HCONTEXT hContext; + TSS_RESULT result; + TSS_HTPM hTPM; + TSS_HPOLICY hPolicy; + + // Create Context + printf("Create Context\n"); + result = Tspi_Context_Create( &hContext ); + if ( result != TSS_SUCCESS ) + { + fprintf( stderr, "Tspi_Context_Create %d\n", result ); + exit( result ); + } + + // Connect to Context + printf("\nConnect to the context\n"); + result = Tspi_Context_Connect( hContext, NULL ); + if ( result != TSS_SUCCESS ) goto out_close; + + if( (result = Tspi_Context_GetTpmObject( hContext, &hTPM)) != TSS_SUCCESS) + goto out_close; + + // Get the correct policy using the TPM ownership PASSWD + char *szTpmPasswd = "OWN_PWD"; + if( (result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hPolicy)) != TSS_SUCCESS) + goto out_close; + //BUSS + if( (result = Tspi_Policy_SetSecret( hPolicy, TSS_SECRET_MODE_PLAIN, strlen( szTpmPasswd), szTpmPasswd)) != TSS_SUCCESS) + goto out_close; + printf("Tspi_Policy_SetSecret hPolicy received;%d\n", hPolicy); + + //BUSS + // in + //int modulus_length = DAA_PARAM_SIZE_MODULUS_GAMMA / 8; + UINT32 inputSize0 = sizeof(int); + UINT32 inputSize1 = 0; + UINT32 outputSize = 0; + int ia_length = 7; + BYTE *inputData0 = (BYTE *)(&ia_length);//= (BYTE *)malloc( inputSize0) + BYTE *inputData1 = NULL; + BYTE *outputData = NULL; + + if( (result = Tspi_DAA_Join(hTPM, 0, inputSize0, inputData0, inputSize1, inputData1, &outputSize, &outputData)) != TSS_SUCCESS) goto out_close; + + goto out; +out_close: + printf( "Tspi Error:%d - %s\n", result, err_string( result) ); + +out: + printf("ouputSize=%d\n", outputSize); + if( outputData != NULL) { + int i; + printf("outputData(hex )=[\n"); + for( i=0; i<(int)outputSize; i++) printf("%x ", outputData[i]); + printf("\n]"); + printf("outputData(ascii)=[\n"); + for( i=0; i<(int)outputSize; i++) printf("%c ", outputData[i]); + printf("\n]"); + } + Tspi_Context_FreeMemory( hContext, NULL ); + Tspi_Context_Close( hContext ); + printf("[%s:%d] THE END\n",__FILE__, __LINE__); + return result; +} diff --git a/src/tspi/daa/daa_platform/test_join.c b/src/tspi/daa/daa_platform/test_join.c new file mode 100644 index 0000000..a244d85 --- /dev/null +++ b/src/tspi/daa/daa_platform/test_join.c @@ -0,0 +1,504 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2006 + * + */ + +#include +#include +#include + +#include "daa_structs.h" +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "spi_internal_types.h" +#include "spi_utils.h" +#include "obj.h" +#include "tsplog.h" +#include "daa_parameter.h" +#include "verifier.h" +#include "platform.h" + +// for RSA Key +#include + +#define DEFAULT_FILENAME "issuer.txt" +#define DEFAULT_CREDENTIAL_FILENAME "credential.txt" +#define DEFAULT_DAACOUNTER 0x01020304 +#define DEFAULT_OWN_PASSWD "OWN_PWD" + +// from IssuerFactory +static const int DEFAULT_KEY_CHAIN_LENGTH = 3; + +typedef struct tdIssuer { + // use on Tspi calls + TSS_DAA_PK *pk_extern; + TSS_DAA_KEY_PAIR *key_pair_extern; + + // used internally + int length_key_chain; + RSA **key_chain; + TSS_DAA_PK_internal *pk; + DAA_PRIVATE_KEY_internal *private_key; + TSS_DAA_PK_PROOF_internal *pk_proof; + //RSA **auth_key_pairs; + BYTE **pk_signatures; + bi_ptr zeta; +} Issuer; + +void *alloc( UINT32 length, TCS_CONTEXT_HANDLE tcsContext) { + void *result = calloc_tspi( tcsContext, length); + LogDebug("allocate tspi memory:%d", (int)result); + return result; +} + +/** +Used by RSA_generate_key +From RSA_generate_key documentation: +-> callback(2, n, cb_arg) is called when n-th randomly generated prime is rejected +-> callback(3, 0, cb_arg) is called when p is found with p-1 more or less prime to e +-> callback(3, 1, cb_arg) repeatedly called for prime q +*/ +void callback(int step, int number, void *arg) { +#ifdef DAA_DEBUG + putc( '.', stdout); fflush( stdout); +#endif +} + +int sign( BYTE *buffer_2_sign, + int len_buffer_2_sign, + RSA *rsa, + BYTE *signature, + int *len_signature +) { + EVP_MD_CTX ctx; + int len_message = EVP_MD_size( EVP_sha1()), current_len_message; + BYTE *message = (BYTE *)malloc( len_message); + int ret; + + EVP_MD_CTX_init(&ctx); + EVP_DigestInit_ex(&ctx, EVP_sha1(), NULL); + EVP_DigestUpdate(&ctx, buffer_2_sign, len_buffer_2_sign); + EVP_DigestFinal_ex(&ctx, message, ¤t_len_message); + LogDebug("Sign rsa-> with message (length=%d)", current_len_message); +// int RSA_sign(int type, unsigned char *m, unsigned int m_len, +// unsigned char *sigret, unsigned int *siglen, RSA *rsa); + ret = RSA_sign( NID_sha1, message, current_len_message, signature, len_signature, rsa); + if( ret == 0) { + LogError("Error in RSA_sign: %s", ERR_error_string( ERR_get_error(), NULL)); + } + LogDebug("Sign rsa-> signature (length=%d)", *len_signature ); + EVP_MD_CTX_cleanup(&ctx); + free( message); + return ret; +} + +/* Compute key chain. */ +static int init_key_chain(int length_key_chain, Issuer *issuer) { + BYTE *signature; + int i, len_sign, ret; + BYTE *modulus; + BYTE *message; + // generate RSA key of length DAA_PARAM_KEY_SIZE with exponent + // 65537 (java.security.spec.RSAKeyGenParameterSpec.F4) + unsigned long e = 65537; + RSA *rsa; + bi_ptr bi; + EVP_MD_CTX ctx; + int len_message = EVP_MD_size( EVP_sha1()); + int current_len_message; + + EVP_MD_CTX_init(&ctx); + message = (BYTE *)malloc(len_message); + if( length_key_chain < 1) { + free( message); + return -1; + } + issuer->length_key_chain = length_key_chain; + issuer->key_chain = (RSA **)malloc(sizeof(RSA *) * length_key_chain); + issuer->pk_signatures = (BYTE **)malloc(sizeof(BYTE *) * length_key_chain); + for(i = 0; in) + 7) / 8 != (DAA_PARAM_KEY_SIZE + 7) / 8) { + LogError("BN_num_bits(rsa->n) + 7) / 8 != (DAA_PARAM_KEY_SIZE + 7) / 8)"); + return -1; + } + issuer->key_chain[i] = rsa; + if( i > 0) { + signature = (BYTE *)malloc( RSA_size(rsa)); + modulus = (BYTE *)malloc( DAA_PARAM_KEY_SIZE / 8); + // signature algorithm from Issuer.java - "SHA1withRSA" + // sign the modulus (n) of the RSA key with the previous RSA key (chain) + // sign rsa(i)->n with auth_key_pairs[i-1] + LogDebug("modulus=%s\n", dump_byte_array(256, modulus)); + LogDebug("signature=%s\n", dump_byte_array(256, signature)); + bi = bi_new_ptr(); + bi_set_as_hex( bi, BN_bn2hex( rsa->n)); + bi_2_byte_array( modulus, DAA_PARAM_KEY_SIZE / 8, bi); + LogDebug("bi=%s", bi_2_hex_char( bi)); + bi_free_ptr( bi); + EVP_DigestInit_ex(&ctx, EVP_sha1(), NULL); + EVP_DigestUpdate(&ctx, modulus, DAA_PARAM_KEY_SIZE / 8); + EVP_DigestFinal_ex(&ctx, message, ¤t_len_message); + ret = RSA_sign( NID_sha1, message, current_len_message, + signature, &len_sign, issuer->key_chain[i-1]); + if( ret == 0) { + LogError("Error in RSA_sign: %s", + ERR_error_string( ERR_get_error(), NULL)); + } + LogDebug("Sign rsa->n (length=%d) with signature (length=%d,\ + truelength=%d message_len=%d) ret = %d ERROR?=%s", + RSA_size(rsa), + DAA_PARAM_KEY_SIZE / 8, + len_sign, + current_len_message, + ret, + ERR_error_string( ERR_get_error(), + NULL) ); + LogDebug("message=%s\n", dump_byte_array(256, message)); + LogDebug("signature=%s\n",dump_byte_array(256, signature)); + issuer->pk_signatures[i-1] = signature; + } + } + free( message); + EVP_MD_CTX_cleanup(&ctx); + return 0; +} + +Issuer* initIssuer(int length_key_chain, char *filename, char *exec, TSS_HCONTEXT hContext) { + FILE *file; + EVP_MD_CTX mdctx; + Issuer *issuer = (Issuer *)malloc(sizeof( Issuer)); + TPM_DAA_ISSUER *tpm_daa_issuer; + bi_ptr modulus_N0; + int len_issuer_settings, len_signature; + BYTE *modulus_N0_bytes; + BYTE *digest_n0; + BYTE *issuer_settings_byte_array; + BYTE *sign_data; + BYTE *signature; + RSA *private_nn; + KEY_PAIR_WITH_PROOF_internal *key_pair_with_proof; + + LogDebug("Loading issuer info (keypair & proof) -> \'%s\'", filename); + file = fopen( filename, "r"); + if( file == NULL) { + fprintf( stderr, "%s: Error when opening \'%s\': %s\n", + exec, + filename, + strerror( errno)); + free( issuer); + return NULL; + } + key_pair_with_proof = load_KEY_PAIR_WITH_PROOF( file); + if( key_pair_with_proof == NULL) { + LogError( "Error when reading \'%s\': %s\n", filename, strerror( errno)); + free( issuer); + return NULL; + } + fclose( file); + issuer->pk = key_pair_with_proof->pk; + issuer->pk_extern = i_2_e_TSS_DAA_PK( issuer->pk, &alloc, hContext); + issuer->key_pair_extern = (TSS_DAA_KEY_PAIR *)malloc( sizeof(TSS_DAA_KEY_PAIR)); + init_tss_version( issuer->key_pair_extern); + issuer->key_pair_extern->public_key = issuer->pk_extern; + issuer->key_pair_extern->private_key = i_2_e_TSS_DAA_PRIVATE_KEY( + key_pair_with_proof->private_key, + &alloc, hContext); + issuer->pk_proof = key_pair_with_proof->proof; + issuer->private_key = key_pair_with_proof->private_key; + init_key_chain( length_key_chain, issuer); + issuer->zeta = compute_zeta( issuer->pk->issuerBaseNameLength, + issuer->pk->issuerBaseName, issuer->pk); + // sign "issuer settings" + modulus_N0 = bi_new_ptr(); + bi_set_as_hex( modulus_N0, BN_bn2hex( issuer->key_chain[0]->n)); + // in TPM, N0 is hashed by hashing the scratch (256 bytes) so it must + // be formatted according to the scratch size (TPM_DAA_SIZE_issuerModulus) + modulus_N0_bytes = (BYTE *)malloc( TPM_DAA_SIZE_issuerModulus); + bi_2_byte_array( modulus_N0_bytes, TPM_DAA_SIZE_issuerModulus, modulus_N0); + bi_free_ptr( modulus_N0); + + if( TPM_DAA_SIZE_issuerModulus * 8 != DAA_PARAM_KEY_SIZE) { + LogError("TPM_DAA_SIZE_issuerModulus * 8 (%d) != DAA_PARAM_KEY_SIZE(%d)", + TPM_DAA_SIZE_issuerModulus*8, + DAA_PARAM_KEY_SIZE); + free( issuer); + return NULL; + } + + EVP_MD_CTX_init(&mdctx); + EVP_DigestInit_ex(&mdctx, DAA_PARAM_get_message_digest(), NULL); + // digestN0 = hash( modulus_N0) + EVP_DigestUpdate(&mdctx, modulus_N0_bytes, TPM_DAA_SIZE_issuerModulus); + digest_n0 = (BYTE *)malloc( EVP_MD_CTX_size(&mdctx)); + EVP_DigestFinal_ex(&mdctx, digest_n0, NULL); + tpm_daa_issuer = convert2issuer_settings( issuer->pk); + issuer_settings_byte_array = issuer_2_byte_array( tpm_daa_issuer, &len_issuer_settings); + // data to sign: concatenation of digest_n0 and issuer_settings_byte_array + sign_data = (BYTE *)malloc( EVP_MD_CTX_size(&mdctx) + len_issuer_settings); + memcpy( sign_data, digest_n0, EVP_MD_CTX_size(&mdctx)); + memcpy( &sign_data[EVP_MD_CTX_size(&mdctx)], + issuer_settings_byte_array, + len_issuer_settings); + free( issuer_settings_byte_array); + // sign digest of TPM compatible Issuer key (sign_data) + private_nn = issuer->key_chain[issuer->length_key_chain - 1]; + signature = (BYTE *)malloc( RSA_size(private_nn)); + if ( sign( sign_data, EVP_MD_CTX_size(&mdctx) + len_issuer_settings, + private_nn, + signature, + &len_signature) ==0) { + LogError("Can not sign digest of TPM compatible Issuer key"); + goto close; + } + issuer->pk_signatures[ issuer->length_key_chain - 1] = signature; + LogDebug("Set last signature sign[%d] = %s", + issuer->length_key_chain - 1, + dump_byte_array(EVP_MD_size( EVP_sha1()), + signature)); + // TODO sign the complete public key of TPM compatible Issuer key +/* EVP_DigestInit_ex(&mdctx, DAA_PARAM_get_message_digest(), NULL); + EVP_DigestUpdate(&mdctx, digest_n0, EVP_MD_CTX_size(&mdctx)); + pk_encoded = encoded_DAA_PK_internal( &pk_encodedLength, issuer->pk); + EVP_DigestUpdate(&mdctx, pk_encoded, pk_encodedLength); + EVP_DigestFinal(&mdctx, , NULL); + signature = (BYTE *)malloc( EVP_MD_size( EVP_sha1())); + if (sign( sign_data, EVP_MD_CTX_size(&mdctx) + len_issuer_settings, + private_nn, signature, &len_signature) !=0) goto close; +*/ +close: + free( digest_n0); + free( sign_data); + return issuer; +} + +int print_usage(char *exec) { + fprintf(stderr, "usage: %s\n", exec); + fprintf(stderr, "\t-if,\t--issuer_file\n\t\tthe file that will contain all key\ +pair and proof to be used by the issuer\n\t\t (default: %s)\n", + DEFAULT_FILENAME); + fprintf(stderr, "\t-dc,\t--daa_counter\n\t\tdaa counter (default: %d)\n", + DEFAULT_DAACOUNTER); + fprintf(stderr, + "\t-pw,\t--passwd\n\t\ttpm owner password (default: %s)\n", + DEFAULT_OWN_PASSWD); + return -1; +} + +int main(int argc, char *argv[]) { + TSS_HCONTEXT hContext; + TSS_RESULT result; + TSS_HTPM hTPM; + TSS_HPOLICY hPolicy; + int i, length; + char *param, *filename = DEFAULT_FILENAME; + char *credential_filename = DEFAULT_CREDENTIAL_FILENAME; + UINT32 daaCounter = DEFAULT_DAACOUNTER; + UINT32 capital_UPrimeLength; + BYTE *capitalUPrime; + TSS_DAA_IDENTITY_PROOF identityProof; + TSS_DAA_JOIN_SESSION joinSession; + TSS_DAA_JOIN_ISSUER_SESSION join_issuer_session; + TSS_DAA_CREDENTIAL_REQUEST credentialRequest; + TSS_DAA_CRED_ISSUER credIssuer; + TSS_HDAA hDAA; + Issuer* issuer; + char *szTpmPasswd = DEFAULT_OWN_PASSWD; + UINT32 endorsementKeyLength; + BYTE *endorsementKey; + UINT32 nonceIssuerLength; + BYTE *nonceIssuer; + UINT32 authenticationChallengeLength; + BYTE *authenticationChallenge; + bi_array_ptr capital_receiver; + BYTE **attributesPlatform; + UINT32 attributesPlatformLength; + BYTE **attributesIssuer; + UINT32 attributesIssuerLength; + bi_t random; + FILE *file; + + init_tss_version( &identityProof); + init_tss_version( &joinSession); + init_tss_version( &join_issuer_session); + init_tss_version( &credentialRequest); + init_tss_version( &credIssuer); + i = 1; + while( i < argc) { + param = argv[ i]; + if ( strcmp( param, "-if") == 0 || strcmp( param, "--issuer_file") == 0) { + i++; + if( i == argc) return print_usage( argv[0]); + filename = argv[i]; + } else if( strcmp( param, "-dc") == 0 || strcmp( param, "--daa_counter") == 0){ + i++; + if( i == argc) return print_usage( argv[0]); + daaCounter = atoi(argv[i]); + } else if( strcmp( param, "-pw") == 0 || strcmp( param, "--passwd") == 0){ + i++; + if( i == argc) return print_usage( argv[0]); + szTpmPasswd = argv[i]; + } else { + fprintf(stderr, "\n%s:unrecognized option <%s>\n", argv[0], param); + return print_usage( argv[0]); + } + i++; + } + bi_init( NULL); + + // Create Context + LogDebug("Create Context"); + result = Tspi_Context_Create( &hContext ); + if ( result != TSS_SUCCESS ) + { + LogError( "Tspi_Context_Create %d\n", result ); + goto out; + } + // Connect to Context + result = Tspi_Context_Connect( hContext, NULL ); + if ( result != TSS_SUCCESS) goto out_close; + printf("\nConnect to the context: %X\n", hContext); + + if( (result = Tspi_Context_GetTpmObject( hContext, &hTPM)) != TSS_SUCCESS) + goto out_close; + // Get the correct policy using the TPM ownership PASSWD + if( (result = Tspi_GetPolicyObject( hTPM, + TSS_POLICY_USAGE, + &hPolicy)) != TSS_SUCCESS) + goto out_close; + if( (result = Tspi_Policy_SetSecret( hPolicy, + TSS_SECRET_MODE_PLAIN, + strlen( szTpmPasswd), + szTpmPasswd)) != TSS_SUCCESS) + goto out_close; + LogDebug("Tspi_Policy_SetSecret hPolicy received;%d\n", hPolicy); + + //Create Object + result = obj_daa_add( hContext, &hDAA); + if (result != TSS_SUCCESS) { + LogError("Tspi_Context_CreateObject:%d\n", result); + Tspi_Context_Close(hContext); + LogError("%s: %s\n", argv[0], err_string(result)); + exit(result); + } + LogDebug("created DAA object:%X", hDAA); + issuer = initIssuer( DEFAULT_KEY_CHAIN_LENGTH, filename, argv[0], hContext); + if( issuer == NULL) goto out_close; + + // generate receiver attributes and issuer attributes (random) + attributesPlatformLength = issuer->pk->capitalRReceiver->length; + attributesPlatform = (BYTE **)malloc( attributesPlatformLength * sizeof(BYTE *)); + bi_new( random); + for( i=0; i<(int)attributesPlatformLength; i++) { + bi_urandom( random, DAA_PARAM_SIZE_F_I); + attributesPlatform[i] = bi_2_nbin( &length, random); + if( attributesPlatform[i] == NULL) { + LogError("malloc of %d bytes failed", length); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto out_close; + } + } + attributesIssuerLength = issuer->pk->capitalRIssuer->length; + attributesIssuer = (BYTE **)malloc( attributesIssuerLength * sizeof(BYTE *)); + for( i=0; i<(int)attributesIssuerLength; i++) { + bi_urandom( random, DAA_PARAM_SIZE_F_I); + attributesIssuer[i] = bi_2_nbin( &length, random); + if( attributesIssuer[i] == NULL) { + LogError("malloc of %d bytes failed", length); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto out_close; + } + } + bi_free(random); + LogDebug("Generated attributes (Platform=%d,Issuer=%d)", + attributesPlatformLength, attributesIssuerLength); + + result = Tspi_TPM_DAA_JoinInit( + hDAA, // in + hTPM, // in + daaCounter, // in + (TSS_HKEY)issuer->pk_extern, // in + issuer->length_key_chain, // in + (TSS_HKEY *)issuer->key_chain, // in + issuer->length_key_chain, // in + issuer->pk_signatures, // in + &capital_UPrimeLength, // out + &capitalUPrime, // out + &identityProof, // out + &joinSession // out + ); + if( result != TSS_SUCCESS) goto out_close; + + result = Tspi_DAA_IssueInit( + hDAA, // in + (TSS_HKEY)issuer->key_chain[0], // in + (TSS_HKEY)issuer->key_pair_extern, // in + identityProof, // in + capital_UPrimeLength, // in + capitalUPrime, // in + daaCounter, // in + &nonceIssuerLength, // out + &nonceIssuer, // out + &authenticationChallengeLength, // out + &authenticationChallenge, // out + &join_issuer_session // out + ); + if( result != TSS_SUCCESS) goto out_close; + + result = Tspi_TPM_DAA_JoinCreateDaaPubKey( + hDAA, // in + hTPM, // in + authenticationChallengeLength, // in + authenticationChallenge, // in + nonceIssuerLength, // in + nonceIssuer, // in + attributesPlatformLength, // in + attributesPlatform, // in + &joinSession, // in & out + &credentialRequest // out + ); + if( result != TSS_SUCCESS) goto out_close; + + result = Tspi_DAA_IssueCredential( + hDAA, // in + attributesIssuerLength, // in + attributesIssuer, // in + credentialRequest, // in + join_issuer_session, // in + &credIssuer // out + ); + + result = Tspi_TPM_DAA_JoinStoreCredential( + hDAA, // in + hTPM, // in + credIssuer, // in + joinSession, // in + (TSS_HKEY*)&credentialRequest // out + ); + if( result != TSS_SUCCESS) goto out_close; + + printf("Saving credential: %s ", credential_filename); + file = fopen( credential_filename, "w"); + if( save_TSS_DAA_CREDENTIAL( file, &credentialRequest) != 0) { + LogError( "[test_join]: Error when saving \'%s\': %s", + credential_filename, + strerror( errno)); + result = TSS_E_FAIL; + goto out_close; + } + fclose( file); + printf("Done\n"); + +out_close: + Tspi_Context_FreeMemory( hContext, NULL ); + Tspi_Context_Close( hContext ); +out: + bi_release(); + LogDebug("THE END result=%d:%s",result, err_string( result) );; + return result; +} diff --git a/src/tspi/daa/daa_structs.c b/src/tspi/daa/daa_structs.c new file mode 100644 index 0000000..787d5d0 --- /dev/null +++ b/src/tspi/daa/daa_structs.c @@ -0,0 +1,1317 @@ + +/* +* Licensed Materials - Property of IBM +* +* trousers - An open source TCG Software Stack +* +* (C) Copyright International Business Machines Corp. 2006 +* +*/ + +/* +This file implements Helper functions for converting / creating and freeing +internal representation of TSS_DAA structures. +An external representation is the one define in tss_structs.h. +An internal representation is using bi_t or bi_ptr for representing big numbers. +Naming convention: for each structures we can have: +init_(, struct *) : initialize the version field +create_ : init all fields +free_ : free all fields +e_2_i_ : convertor from External representation to internal +i_2_e_ : convertor from Internal to External. This call use a given memory +allocation function, to allow +for example to use calloc_tspi, or a "normal" malloc. +*/ +#include +#include +#include +#include + +#include "daa_parameter.h" +#include "daa_structs.h" +#include "tcslog.h" + +#define DUMP_DAA_PK_FIELD( field) \ +do { \ + printf("%s=", #field); \ + dump_field( pk->field##Length, pk->field); \ + puts(""); \ +} while(0); + +#if 0 +#define STORE_DAA_PK_BI1( field, bi) \ +do { \ + store_bi( &pk->field##Length, &pk->field, bi); \ +} while(0); + +#define STORE_DAA_PK_BI( field, daa_alloc, param_alloc) \ +do { \ + store_bi( &pk->field##Length,\ + &pk->field,\ + pk_internal->field,\ + daa_alloc,\ + param_alloc); \ +} while(0); + +// used only to read a structure from a file, so only as helping function +// for TCG application +static char buffer[1000]; +#endif +BYTE *convert_alloc( TCS_CONTEXT_HANDLE tcsContext, UINT32 length, BYTE *source) { + BYTE *result = calloc_tspi( tcsContext, length); + + if( result == NULL) return NULL; + memcpy( result, source, length); + free( source); + return result; +} + +BYTE *copy_alloc( TCS_CONTEXT_HANDLE tcsContext, UINT32 length, BYTE *source) { + BYTE *result = calloc_tspi( tcsContext, length); + + if( result == NULL) return NULL; + memcpy( result, source, length); + return result; +} + +static void *normal_malloc( size_t size, TSS_HOBJECT object) { + void *ret = malloc( size); + return ret; +} + +/* store a bi to a buffer and update the length in big endian format */ +void store_bi( UINT32 *length, + BYTE **buffer, + const bi_ptr i, + void * (*daa_alloc)(size_t size, TSS_HOBJECT object), + TSS_HOBJECT object +) { + int size; + + *buffer = (BYTE *)daa_alloc( bi_length( i), object); + bi_2_nbin1( &size, *buffer, i); + *length = size; + LogDebug( "[store_bi] host_length:%d network_length:%d[address:%d]\n", + size, + (int)*length, + (int)*buffer); +} + +bi_ptr get_bi( const unsigned long n_length, const BYTE *buffer) { + unsigned long length; + + length = n_length; + LogDebug( "[get_bi] %d [address:%d -> |%2x|%2x| ]\n", + (int)length, + (int)buffer, + (int)(buffer[0] &0xFF), + (int)(buffer[1]&0xFF)); + return bi_set_as_nbin( length, buffer); +} + +/* length is in network format: big indian */ +void dump_field( int length, BYTE *buffer) { + int i; + + for( i=0; i< length; i++) { + BYTE byte = (BYTE)(buffer[i] & 0xFF); + printf("%02X", byte); + } +} + +#if 0 +/* !: do not keep the return buffer */ +char *read_str(FILE *file) { + int i; + char c; + + fgets( buffer, 1000, file); + i=0; + while( buffer[i] =='\n' || buffer[i]=='\r' || buffer[i]==' ') i++; + do { + c = buffer[ i++]; + } while( c != 0 && c != ' ' && c!='\n' && c!='\r' && c!='#'); + buffer[ i -1] = 0; + return buffer; +} + +/** + * + * @param file + * @return + */ +int read_int( FILE *file) { + int i, ret; + char c; + + fgets( buffer, 1000, file); + i=0; + while( buffer[i] =='\n' || buffer[i]=='\r' || buffer[i]==' ') i++; + do { + c = buffer[ i++]; + } while( c != 0 && c != ' ' && c!='\n' && c!='\r' && c!='#'); + buffer[ i -1] = 0; + sscanf( buffer, "%d", &ret); + return ret; +} +#endif +/******************************************************************************************** +* TSS_DAA_SELECTED_ATTRIB +* this struct is used internally and externally, only a call to +internal_2_DAA_SELECTED_ATTRIB +* and DAA_SELECTED_ATTRIB_2_internal will change the struct to be internal or +external +********************************************************************************************/ + +void i_2_e_TSS_DAA_SELECTED_ATTRIB( + TSS_DAA_SELECTED_ATTRIB *selected_attrib +) { +} + +void e_2_i_TSS_DAA_SELECTED_ATTRIB( + TSS_DAA_SELECTED_ATTRIB *selected_attrib +) { +} + +/* work ONLY with internal format +important: TSS_BOOL is of type int_8_t, so a char, if the size is bigger, we +will maybe need +to transform each part to big indian ? or maybe each part is false if equal to +0, true otherwise. +*/ +BYTE *to_bytes_TSS_DAA_SELECTED_ATTRIB_internal( + int *result_length, + TSS_DAA_SELECTED_ATTRIB *selected_attrib +) { + BYTE *result; + int index = 0; + unsigned int length = selected_attrib->indicesListLength; + + *result_length = sizeof(unsigned int) + + (selected_attrib->indicesListLength * sizeof(TSS_BOOL)); + result = (BYTE *)malloc( *result_length); + memcpy( &result[index], &length, sizeof(UINT32)); + index+=sizeof(UINT32); + memcpy( &result[index], selected_attrib->indicesList, + sizeof(TSS_BOOL) * selected_attrib->indicesListLength); + return result; +} + +/* +create a TSS_DAA_SELECTED_ATTRIB of length with given selected attributes. +example of selections of the second and third attributes upon 5: +create_TSS_DAA_SELECTED_ATTRIB( &selected_attrib, 5, 0, 1, 1, 0, 0); +*/ +void create_TSS_DAA_SELECTED_ATTRIB( TSS_DAA_SELECTED_ATTRIB *attrib, int length, ...) { + va_list ap; + int i, select; + + attrib->indicesListLength = length; + attrib->indicesList = (TSS_BOOL *)malloc( length * sizeof( TSS_BOOL)); + va_start (ap, length); + for( i=0; iindicesList[i] = select; + } + va_end (ap); +} + + +/****************************************************************************************** +* TSS_DAA_SIGN_DATA +* this struct is used internally and externally, only a call to internal_2_DAA_SIGN_DATA +* DAA_SIGN_DATA_2_internal will change the struct to be internal or external +*******************************************************************************************/ + +void i_2_e_TSS_DAA_SIGN_DATA( TSS_DAA_SIGN_DATA *sign_data) { +} + +void e_2_i_TSS_DAA_SIGN( TSS_DAA_SIGN_DATA *sign_data) { +} + +/******************************************************************************************** +* TSS_DAA_ATTRIB_COMMIT +********************************************************************************************/ + +TSS_DAA_ATTRIB_COMMIT_internal *create_TSS_DAA_ATTRIB_COMMIT( bi_ptr beta, bi_ptr sMu) { + TSS_DAA_ATTRIB_COMMIT_internal *result = + (TSS_DAA_ATTRIB_COMMIT_internal *)malloc( sizeof(TSS_DAA_ATTRIB_COMMIT_internal)); + + result->beta = beta; + result->sMu = sMu; + return result; +} + + +/******************************************************************************************** +* TSS_DAA_PSEUDONYM_PLAIN +********************************************************************************************/ + +TSS_DAA_PSEUDONYM_PLAIN_internal * +create_TSS_DAA_PSEUDONYM_PLAIN(bi_ptr nV) +{ + TSS_DAA_PSEUDONYM_PLAIN_internal *result = (TSS_DAA_PSEUDONYM_PLAIN_internal *) + malloc(sizeof(TSS_DAA_PSEUDONYM_PLAIN_internal)); + + result->nV = nV; + return result; +} + +/******************************************************************************************** +* DAA PRIVATE KEY +********************************************************************************************/ +/* +* allocate: ret->p_prime +* ret->q_prime +* ret->productPQprime +*/ +DAA_PRIVATE_KEY_internal * +create_TSS_DAA_PRIVATE_KEY(bi_ptr pPrime, bi_ptr qPrime) +{ + DAA_PRIVATE_KEY_internal *private_key = + (DAA_PRIVATE_KEY_internal *)malloc( sizeof( DAA_PRIVATE_KEY_internal)); + + private_key->p_prime = bi_new_ptr(); bi_set( private_key->p_prime, pPrime); + private_key->q_prime = bi_new_ptr(); bi_set( private_key->q_prime, qPrime); + private_key->productPQprime = bi_new_ptr(); + bi_mul( private_key->productPQprime, pPrime, qPrime); + return private_key; +} + +#if 0 +int +save_DAA_PRIVATE_KEY(FILE *file, const DAA_PRIVATE_KEY_internal *private_key) +{ + BI_SAVE( private_key->p_prime , file); + BI_SAVE( private_key->q_prime , file); + BI_SAVE( private_key->productPQprime, file); + return 0; +} + +DAA_PRIVATE_KEY_internal * +load_DAA_PRIVATE_KEY(FILE *file) +{ + DAA_PRIVATE_KEY_internal *private_key = + (DAA_PRIVATE_KEY_internal *)malloc( sizeof(DAA_PRIVATE_KEY_internal)); + + private_key->p_prime = bi_new_ptr(); + BI_LOAD( private_key->p_prime, file); + private_key->q_prime = bi_new_ptr(); + BI_LOAD( private_key->q_prime, file); + private_key->productPQprime = bi_new_ptr(); + BI_LOAD( private_key->productPQprime, file); + return private_key; +} +#endif +DAA_PRIVATE_KEY_internal *e_2_i_TSS_DAA_PRIVATE_KEY(TSS_DAA_PRIVATE_KEY *private_key) { + DAA_PRIVATE_KEY_internal *private_key_internal; + + LogDebug("-> e_2_i_TSS_DAA_PRIVATE_KEY"); + private_key_internal = + (DAA_PRIVATE_KEY_internal *)malloc( sizeof(DAA_PRIVATE_KEY_internal)); + private_key_internal->p_prime = get_bi( private_key->p_primeLength, private_key->p_prime); + private_key_internal->q_prime = get_bi( private_key->q_primeLength, private_key->q_prime); + private_key_internal->productPQprime = + get_bi( private_key->productPQprimeLength, private_key->productPQprime); + LogDebug("<- e_2_i_TSS_DAA_PRIVATE_KEY"); + return private_key_internal; +} + +TSS_DAA_PRIVATE_KEY * +i_2_e_TSS_DAA_PRIVATE_KEY(DAA_PRIVATE_KEY_internal *private_key_internal, + void * (*daa_alloc)(size_t size, TSS_HOBJECT object), + TSS_HOBJECT param_alloc) +{ + TSS_DAA_PRIVATE_KEY *result; + + LogDebug("-> i_2_e_TSS_DAA_PRIVATE_KEY"); + result = (TSS_DAA_PRIVATE_KEY *)daa_alloc( sizeof(TSS_DAA_PRIVATE_KEY), param_alloc); + init_tss_version( result); + store_bi( &(result->p_primeLength), + &(result->p_prime), + private_key_internal->p_prime, + daa_alloc, + param_alloc); + store_bi( &(result->q_primeLength), + &(result->q_prime), + private_key_internal->q_prime, + daa_alloc, + param_alloc); + store_bi( &(result->productPQprimeLength), + &(result->productPQprime), + private_key_internal->productPQprime, + daa_alloc, + param_alloc); + LogDebug("<- i_2_e_TSS_DAA_PRIVATE_KEY"); + return result; +} + +/******************************************************************************************** +* KEY PAIR WITH PROOF +********************************************************************************************/ + +#if 0 + +/* moved to daa_debug.c */ + +int +save_KEY_PAIR_WITH_PROOF(FILE *file, + KEY_PAIR_WITH_PROOF_internal *key_pair_with_proof) +{ + save_DAA_PK_internal( file, key_pair_with_proof->pk); + save_DAA_PRIVATE_KEY( file, key_pair_with_proof->private_key); + save_DAA_PK_PROOF_internal( file, key_pair_with_proof->proof); + + return 0; +} + +KEY_PAIR_WITH_PROOF_internal * +load_KEY_PAIR_WITH_PROOF(FILE *file) +{ + KEY_PAIR_WITH_PROOF_internal *key_pair_with_proof = + (KEY_PAIR_WITH_PROOF_internal *)malloc(sizeof(KEY_PAIR_WITH_PROOF_internal)); + + key_pair_with_proof->pk = load_DAA_PK_internal(file); + key_pair_with_proof->private_key = load_DAA_PRIVATE_KEY(file); + key_pair_with_proof->proof = load_DAA_PK_PROOF_internal(file); + + return key_pair_with_proof; +} + +#endif +/* allocated using instrumented daa_alloc */ +TSS_DAA_KEY_PAIR *get_TSS_DAA_KEY_PAIR(KEY_PAIR_WITH_PROOF_internal *key_pair_with_proof, + void * (*daa_alloc)(size_t size, TSS_HOBJECT object), + TSS_HOBJECT param_alloc) +{ + TSS_DAA_KEY_PAIR *result; + + LogDebug("-> i_2_e_KEY_PAIR_WITH_PROOF"); + + result = (TSS_DAA_KEY_PAIR *)daa_alloc(sizeof(TSS_DAA_KEY_PAIR), param_alloc); + init_tss_version(result); + result->private_key = i_2_e_TSS_DAA_PRIVATE_KEY(key_pair_with_proof->private_key, + daa_alloc, param_alloc); + result->public_key = i_2_e_TSS_DAA_PK( key_pair_with_proof->pk, daa_alloc, param_alloc); + + LogDebug("<- i_2_e_KEY_PAIR_WITH_PROOF"); + + return result; +} + + +/******************************************************************************************** +* TSS_DAA_PK +********************************************************************************************/ + +/* pk_internal->capitalY must be alocated using ALLOC_BI_ARRAY() */ +void +populate_capitalY(TSS_DAA_PK_internal *pk_internal) +{ + int i; + + bi_new_array(pk_internal->capitalY, + pk_internal->capitalRReceiver->length + pk_internal->capitalRIssuer->length); + + // CAPITAL Y ( capitalRReceiver ) + for (i = 0; i < pk_internal->capitalRReceiver->length; i++) + pk_internal->capitalY->array[i] = pk_internal->capitalRReceiver->array[i]; + // CAPITAL Y ( capitalRIssuer) + for (i = 0; i < pk_internal->capitalRIssuer->length; i++) + pk_internal->capitalY->array[pk_internal->capitalRReceiver->length+i] = + pk_internal->capitalRIssuer->array[i]; +} + +void +compute_capitalSprime(TSS_DAA_PK_internal *pk_internal) +{ + bi_t bi_tmp; + + bi_new(bi_tmp); + pk_internal->capitalSprime = bi_new_ptr(); + bi_shift_left( bi_tmp, bi_1, DAA_PARAM_SIZE_SPLIT_EXPONENT); + bi_mod_exp(pk_internal->capitalSprime, pk_internal->capitalS, bi_tmp, pk_internal->modulus); + bi_free( bi_tmp); +} + +/* +* create anf feel a TSS_DAA_PK_internal structures +* ! this function keep pointer on all parameters +*/ +TSS_DAA_PK_internal * +create_DAA_PK(const bi_ptr modulus, + const bi_ptr capitalS, + const bi_ptr capitalZ, + const bi_ptr capitalR0, + const bi_ptr capitalR1, + const bi_ptr gamma, + const bi_ptr capitalGamma, + const bi_ptr rho, + const bi_array_ptr capitalRReceiver, + const bi_array_ptr capitalRIssuer, + const int issuerBaseNameLength, + BYTE * const issuerBaseName) +{ + TSS_DAA_PK_internal *pk_internal; + + LogDebug("-> create_DAA_PK"); + pk_internal = (TSS_DAA_PK_internal *)malloc(sizeof(TSS_DAA_PK_internal)); + pk_internal->modulus = modulus; + pk_internal->capitalS = capitalS; + pk_internal->capitalZ = capitalZ; + pk_internal->capitalR0 = capitalR0; + pk_internal->capitalR1 = capitalR1; + pk_internal->gamma = gamma; + pk_internal->capitalGamma = capitalGamma; + pk_internal->rho = rho; + pk_internal->capitalRReceiver = capitalRReceiver; + pk_internal->capitalRIssuer = capitalRIssuer; + pk_internal->capitalY = ALLOC_BI_ARRAY(); + populate_capitalY( pk_internal); + pk_internal->issuerBaseNameLength = issuerBaseNameLength; + pk_internal->issuerBaseName = issuerBaseName; + compute_capitalSprime( pk_internal); + + LogDebug("<- create_DAA_PK"); + + return pk_internal; +} + +#if 0 + +/* moved to daa_debug.c */ + +int +save_DAA_PK_internal(FILE *file, const TSS_DAA_PK_internal *pk_internal) +{ + char *buffer; + + LogDebug("-> save_DAA_PK_internal"); + + BI_SAVE( pk_internal->modulus, file); + BI_SAVE( pk_internal->capitalS, file); + BI_SAVE( pk_internal->capitalZ, file); + BI_SAVE( pk_internal->capitalR0, file); + BI_SAVE( pk_internal->capitalR1, file); + BI_SAVE( pk_internal->gamma, file); + BI_SAVE( pk_internal->capitalGamma, file); + BI_SAVE( pk_internal->rho, file); + BI_SAVE_ARRAY( pk_internal->capitalRReceiver, file); + BI_SAVE_ARRAY( pk_internal->capitalRIssuer, file); + fprintf( file, "%d\n", pk_internal->issuerBaseNameLength); + buffer = (char *)malloc( pk_internal->issuerBaseNameLength + 1); + memcpy( buffer, pk_internal->issuerBaseName, pk_internal->issuerBaseNameLength); + buffer[ pk_internal->issuerBaseNameLength] = 0; + fprintf( file, "%s\n", buffer); + free( buffer); + + LogDebug("<- save_DAA_PK_internal"); + + return 0; +} + +TSS_DAA_PK_internal * +load_DAA_PK_internal(FILE *file) +{ + TSS_DAA_PK_internal *pk_internal = + (TSS_DAA_PK_internal *)malloc(sizeof(TSS_DAA_PK_internal)); + char *read_buffer; + + pk_internal->modulus = bi_new_ptr(); + BI_LOAD( pk_internal->modulus, file); + pk_internal->capitalS = bi_new_ptr(); + BI_LOAD( pk_internal->capitalS, file); + pk_internal->capitalZ = bi_new_ptr(); + BI_LOAD( pk_internal->capitalZ, file); + pk_internal->capitalR0 = bi_new_ptr(); + BI_LOAD( pk_internal->capitalR0, file); + pk_internal->capitalR1 = bi_new_ptr(); + BI_LOAD( pk_internal->capitalR1, file); + pk_internal->gamma = bi_new_ptr(); + BI_LOAD( pk_internal->gamma, file); + pk_internal->capitalGamma = bi_new_ptr(); + BI_LOAD( pk_internal->capitalGamma, file); + pk_internal->rho = bi_new_ptr(); + BI_LOAD( pk_internal->rho, file); + pk_internal->capitalRReceiver = ALLOC_BI_ARRAY(); + BI_LOAD_ARRAY( pk_internal->capitalRReceiver, file); + pk_internal->capitalRIssuer = ALLOC_BI_ARRAY(); + BI_LOAD_ARRAY( pk_internal->capitalRIssuer, file); + pk_internal->capitalY = ALLOC_BI_ARRAY(); + populate_capitalY( pk_internal); + pk_internal->issuerBaseNameLength = read_int( file); + read_buffer = read_str( file); + pk_internal->issuerBaseName = malloc( pk_internal->issuerBaseNameLength); + memcpy( pk_internal->issuerBaseName, read_buffer, pk_internal->issuerBaseNameLength); + compute_capitalSprime( pk_internal); + return pk_internal; +} + +#endif +void +dump_DAA_PK_internal(char *name, TSS_DAA_PK_internal *pk_internal) +{ + LogDebug("Dump TSS_DAA_PK_internal:%s\n", name); + + DUMP_BI( pk_internal->modulus); + DUMP_BI( pk_internal->capitalS); + DUMP_BI( pk_internal->capitalZ); + DUMP_BI( pk_internal->capitalR0); + DUMP_BI( pk_internal->capitalR1); + DUMP_BI( pk_internal->gamma); + DUMP_BI( pk_internal->capitalGamma); + DUMP_BI( pk_internal->rho); + DUMP_BI_ARRAY( pk_internal->capitalRReceiver); + DUMP_BI_ARRAY( pk_internal->capitalRIssuer); + + LogDebug("issuerBaseName = %s\n", pk_internal->issuerBaseName); + LogDebug("End Dump TSS_DAA_PK_internal:%s\n", name); +} + +/* +* Encode the DAA_PK like java.security.Key#getEncoded +*/ +BYTE * +encoded_DAA_PK_internal(int *result_length, const TSS_DAA_PK_internal *pk) +{ + int length_issuer_base_name = pk->issuerBaseNameLength; + int total_length = DAA_PARAM_TSS_VERSION_LENGTH + + 5 * ((DAA_PARAM_SIZE_RSA_MODULUS / 8)+ sizeof(int)) + + 2 * ((DAA_PARAM_SIZE_MODULUS_GAMMA / 8)+sizeof(int)) + + 1 * ((DAA_PARAM_SIZE_RHO / 8)+sizeof(int)) + + pk->capitalY->length*(((DAA_PARAM_SIZE_RSA_MODULUS / 8)+sizeof(int))) + + length_issuer_base_name; + BYTE *result = (BYTE *)malloc(total_length); + int i, index = 0, length, big_indian_length; + + if (result == NULL) + return NULL; + + LogDebug("total_length=%d", total_length); + for (index = 0; index < DAA_PARAM_TSS_VERSION_LENGTH; index++) + result[index] = DAA_PARAM_TSS_VERSION[index]; + // n, capitalS, capitalZ, capitalR0, capitalR1 + length = DAA_PARAM_SIZE_RSA_MODULUS / 8; + big_indian_length = length; + memcpy(&result[index], &big_indian_length, sizeof(int)); + index += sizeof(int); + bi_2_byte_array( &result[index], length, pk->modulus); + index += length; + memcpy(&result[index], &big_indian_length, sizeof(int)); + index += sizeof(int); + bi_2_byte_array( &result[index], length, pk->capitalS); + index += length; + memcpy(&result[index], &big_indian_length, sizeof(int)); + index += sizeof(int); + bi_2_byte_array( &result[index], length, pk->capitalZ); + index += length; + memcpy(&result[index], &big_indian_length, sizeof(int)); + index += sizeof(int); + bi_2_byte_array( &result[index], length, pk->capitalR0); + index += length; + memcpy(&result[index], &big_indian_length, sizeof(int)); + index += sizeof(int); + bi_2_byte_array( &result[index], length, pk->capitalR1); + index += length; + // gamma, capitalGamma + length = DAA_PARAM_SIZE_MODULUS_GAMMA / 8; + big_indian_length = length; + memcpy(&result[index], &big_indian_length, sizeof(int)); + index += sizeof(int); + bi_2_byte_array( &result[index], length, pk->gamma); + index += length; + memcpy(&result[index], &big_indian_length, sizeof(int)); + index += sizeof(int); + bi_2_byte_array( &result[index], length, pk->capitalGamma); + index += length; + // rho + length = DAA_PARAM_SIZE_RHO / 8; + big_indian_length = length; + memcpy(&result[index], &big_indian_length, sizeof(int)); + index += sizeof(int); + bi_2_byte_array( &result[index], length, pk->rho); + index += length; + // capitalY + length = DAA_PARAM_SIZE_RSA_MODULUS / 8; + big_indian_length = length; + + for( i=0; icapitalY->length; i++) { + memcpy( &result[index], &big_indian_length, sizeof(int)); + index+=sizeof(int); + bi_2_byte_array( &result[index], length, pk->capitalY->array[i]); + index+=length; + } + // basename + memcpy( &result[index], pk->issuerBaseName, length_issuer_base_name); + index+=length_issuer_base_name; + *result_length = index; + + LogDebug("return length=%d", index); + + return result; +} + +/* create anf feel a TSS_DAA_PK structures */ +TSS_DAA_PK * +i_2_e_TSS_DAA_PK(TSS_DAA_PK_internal *pk_internal, + void *(*daa_alloc)(size_t size, TSS_HOBJECT param_alloc), + TSS_HOBJECT param_alloc) +{ + int i; + int capitalYLength; + int capitalYLength2; + TSS_DAA_PK *pk; + + LogDebug("-> i_2_e_TSS_DAA_PK"); + pk = (TSS_DAA_PK *)daa_alloc( sizeof(TSS_DAA_PK), param_alloc); + init_tss_version( pk); + if (pk == NULL) { + LogError("Can not allocate the TSS_DAA_PK structure"); + return NULL; + } + STORE_DAA_PK_BI( modulus, daa_alloc, param_alloc); + STORE_DAA_PK_BI( capitalS, daa_alloc, param_alloc); + STORE_DAA_PK_BI( capitalZ, daa_alloc, param_alloc); + STORE_DAA_PK_BI( capitalR0, daa_alloc, param_alloc); + STORE_DAA_PK_BI( capitalR1, daa_alloc, param_alloc); + STORE_DAA_PK_BI( gamma, daa_alloc, param_alloc); + STORE_DAA_PK_BI( capitalGamma, daa_alloc, param_alloc); + STORE_DAA_PK_BI( rho, daa_alloc, param_alloc); + capitalYLength = pk_internal->capitalY->length; + capitalYLength2 = bi_nbin_size( pk_internal->capitalY->array[0]); + LogDebug("[capitalYLength=%d capitalYLength2=%d total size=%d]\n", + capitalYLength, capitalYLength2, sizeof(BYTE) * capitalYLength * + capitalYLength2); + pk->capitalY = (BYTE **) daa_alloc( sizeof(BYTE *) * capitalYLength, param_alloc ); + for (i = 0; i < capitalYLength; i++) { + if( bi_nbin_size( pk_internal->capitalY->array[i]) != capitalYLength2) { + // LOG ERROR + LogError("Error during feel operation of capitalY (index=%d capitalYLength" + "2=%d, currentSize=%d)\n", i, capitalYLength2, + (int)bi_nbin_size(pk_internal->capitalY->array[i])); + } + BYTE *buffer = (BYTE*) daa_alloc( sizeof(BYTE) * capitalYLength2, param_alloc); + bi_2_byte_array( buffer, capitalYLength2, pk_internal->capitalY->array[i]); + // bi_2_nbin1( &checkSize, buffer, pk_internal->capitalY->array[i]); + pk->capitalY[i] = buffer; + LogDebug( "[i=%d currentsize=%d buffer[%d]=[%2x|%2x]\n", + i, + (int)bi_nbin_size( pk_internal->capitalY->array[i]), + (int)pk->capitalY[i], + (int)pk->capitalY[i][0], + (int)pk->capitalY[i][1]); + } + pk->capitalYLength = capitalYLength; + pk->capitalYLength2 = capitalYLength2; + pk->capitalYPlatformLength = pk_internal->capitalRReceiver->length; + LogDebug("issuer= len=%d", pk_internal->issuerBaseNameLength); + pk->issuerBaseNameLength = pk_internal->issuerBaseNameLength; + pk->issuerBaseName = (BYTE *)daa_alloc(pk_internal->issuerBaseNameLength, param_alloc); + memcpy( pk->issuerBaseName, + pk_internal->issuerBaseName, + pk_internal->issuerBaseNameLength); + LogDebug("i_2_e_TSS_DAA_PK extern_issuer=%s intern_issuer=%s\n", + pk->issuerBaseName, + pk_internal->issuerBaseName); + LogDebug("<- i_2_e_TSS_DAA_PK"); + return pk; +} + +/**/ +TSS_DAA_PK_internal * +e_2_i_TSS_DAA_PK( TSS_DAA_PK *pk) +{ + TSS_DAA_PK_internal *pk_internal = + (TSS_DAA_PK_internal *)malloc(sizeof(TSS_DAA_PK_internal)); + unsigned long capitalYLength, capitalYLength2, capitalYPlatformLength; + UINT32 i; + int issuer_length; + + // pk_internal->modulus = GET_DAA_PK_BI( modulus); + pk_internal->modulus = get_bi(pk->modulusLength, pk->modulus); + pk_internal->capitalS = get_bi(pk->capitalSLength, pk->capitalS); + pk_internal->capitalZ = get_bi(pk->capitalZLength, pk->capitalZ); + pk_internal->capitalR0 = get_bi(pk->capitalR0Length, pk->capitalR0); + pk_internal->capitalR1 = get_bi(pk->capitalR1Length, pk->capitalR1); + pk_internal->gamma = get_bi(pk->gammaLength, pk->gamma); + pk_internal->capitalGamma = get_bi(pk->capitalGammaLength, pk->capitalGamma); + pk_internal->rho = get_bi(pk->rhoLength, pk->rho); + capitalYLength = pk->capitalYLength; + capitalYLength2= pk->capitalYLength2; + capitalYPlatformLength = pk->capitalYPlatformLength; + LogDebug( "capitalYLength:%ld capitalYLength2:%ld capitalYPlatformLength:%ld\n", + capitalYLength, capitalYLength2, capitalYPlatformLength); + + pk_internal->capitalRReceiver = ALLOC_BI_ARRAY(); + bi_new_array2(pk_internal->capitalRReceiver, capitalYPlatformLength); + for (i = 0; i < capitalYPlatformLength; i++) { + LogDebug( "i=%d\n", i); + pk_internal->capitalRReceiver->array[i] = + get_bi(pk->capitalYLength2, pk->capitalY[i]); + } + pk_internal->capitalRIssuer = ALLOC_BI_ARRAY(); + bi_new_array2( pk_internal->capitalRIssuer, capitalYLength - + capitalYPlatformLength); + for( ; icapitalRIssuer->array[ i - capitalYPlatformLength] = + get_bi( pk->capitalYLength2, pk->capitalY[i]); + } + pk_internal->capitalY = ALLOC_BI_ARRAY(); + populate_capitalY( pk_internal); + issuer_length = pk->issuerBaseNameLength; + pk_internal->issuerBaseNameLength = issuer_length; + LogDebug( "issuer_length=%d\n", issuer_length); + pk_internal->issuerBaseName = (BYTE *)malloc( issuer_length); + memcpy( pk_internal->issuerBaseName, pk->issuerBaseName, issuer_length); + LogDebug("e_2_i_TSS_DAA_PK extern_issuer=%s intern_issuer=%s\n", + pk->issuerBaseName, + pk_internal->issuerBaseName); + compute_capitalSprime( pk_internal); // allocation + return pk_internal; +} + +void +free_TSS_DAA_PK_internal(TSS_DAA_PK_internal *pk_internal) +{ + bi_free_ptr( pk_internal->capitalSprime); + free( pk_internal->issuerBaseName); + free( pk_internal->capitalY); + bi_free_array( pk_internal->capitalRIssuer); + bi_free_array( pk_internal->capitalRReceiver); + bi_free_ptr( pk_internal->rho); + bi_free_ptr( pk_internal->capitalGamma); + bi_free_ptr( pk_internal->gamma); + bi_free_ptr( pk_internal->capitalR1); + bi_free_ptr( pk_internal->capitalR0); + bi_free_ptr( pk_internal->capitalZ); + bi_free_ptr( pk_internal->capitalS); + bi_free_ptr( pk_internal->modulus); + free( pk_internal); +} + +/* free a TSS_DAA_PK structures */ +void +free_TSS_DAA_PK(TSS_DAA_PK *pk) +{ + int i; + + LogDebug("-> free_TSS_DAA_PK"); + free( pk->modulus); + free( pk->capitalS); + free( pk->capitalZ); + free( pk->capitalR0); + free( pk->capitalR1); + free( pk->gamma); + free( pk->capitalGamma); + free( pk->rho); + for( i=0; i<(int)pk->capitalYLength; i++) { + free( pk->capitalY[i]); + } + free( pk->capitalY); + free( pk->issuerBaseName); + free( pk); + LogDebug("<- free_TSS_DAA_PK"); + +} + +TPM_DAA_ISSUER * +convert2issuer_settings(TSS_DAA_PK_internal *pk_internal) +{ + TPM_DAA_ISSUER *result = (TPM_DAA_ISSUER *)malloc(sizeof(TPM_DAA_ISSUER)); + EVP_MD_CTX mdctx; + UINT32 length; + BYTE *array = (BYTE*)malloc((DAA_PARAM_SIZE_RSA_MODULUS+7)/8); + + LogDebug("convert2issuer_settings"); + EVP_MD_CTX_init(&mdctx); + // TAG + result->tag = htons( TPM_TAG_DAA_ISSUER); + // capitalR0 + EVP_DigestInit(&mdctx, DAA_PARAM_get_message_digest()); + + EVP_DigestInit_ex(&mdctx, DAA_PARAM_get_message_digest(), NULL); + bi_2_byte_array( array, + length = (bi_length( pk_internal->capitalR0)+7)/8, + pk_internal->capitalR0); + LogDebug("capitalR0 length=%d", length); + EVP_DigestUpdate(&mdctx, array, length); + EVP_DigestFinal_ex(&mdctx, (BYTE *)&(result->DAA_digest_R0), NULL); + // capitalR1 + EVP_DigestInit_ex(&mdctx, DAA_PARAM_get_message_digest(), NULL); + bi_2_byte_array( array, + length = (bi_length( pk_internal->capitalR1)+7)/8, + pk_internal->capitalR1); + LogDebug("capitalR1 length=%d", length); + EVP_DigestUpdate(&mdctx, array, length); + EVP_DigestFinal_ex(&mdctx, (BYTE *)&(result->DAA_digest_R1), NULL); + // capitalS (S0) + EVP_DigestInit_ex(&mdctx, DAA_PARAM_get_message_digest(), NULL); + bi_2_byte_array( array, + length = (bi_length( pk_internal->capitalS)+7)/8, + pk_internal->capitalS); + LogDebug("capitalS length=%d", length); + EVP_DigestUpdate(&mdctx, array, length); + EVP_DigestFinal_ex(&mdctx, (BYTE *)&(result->DAA_digest_S0), NULL); + // capitalSprime (S1) + EVP_DigestInit_ex(&mdctx, DAA_PARAM_get_message_digest(), NULL); + bi_2_byte_array( array, + length = (bi_length( pk_internal->capitalSprime)+7)/8, + pk_internal->capitalSprime); + LogDebug("capitalSprime length=%d", length); + EVP_DigestUpdate(&mdctx, array, length); + EVP_DigestFinal_ex(&mdctx, (BYTE *)&(result->DAA_digest_S1), NULL); + // modulus (n) + EVP_DigestInit_ex(&mdctx, DAA_PARAM_get_message_digest(), NULL); + bi_2_byte_array( array, + length = (bi_length( pk_internal->modulus)+7)/8, + pk_internal->modulus); + LogDebug("modulus length=%d", length); + EVP_DigestUpdate(&mdctx, array, length); + EVP_DigestFinal_ex(&mdctx, (BYTE *)&(result->DAA_digest_n), NULL); + // modulus (n) + EVP_DigestInit_ex(&mdctx, DAA_PARAM_get_message_digest(), NULL); + bi_2_byte_array( array, + length = (bi_length( pk_internal->capitalGamma)+7)/8, + pk_internal->capitalGamma); + LogDebug("capitalGamma length=%d", length); + EVP_DigestUpdate(&mdctx, array, length); + free(array); + EVP_DigestFinal_ex(&mdctx, (BYTE *)&(result->DAA_digest_gamma), NULL); + EVP_MD_CTX_cleanup(&mdctx); + // rho + bi_2_byte_array( (BYTE *)&(result->DAA_generic_q), 26, pk_internal->rho); + return result; +} + +BYTE * +issuer_2_byte_array(TPM_DAA_ISSUER *tpm_daa_issuer, int *length) +{ + UINT32 size = sizeof(UINT16) + ( 6 * TPM_SHA1_160_HASH_LEN) + 26; + BYTE * result = (BYTE *)malloc( sizeof(BYTE)*size); + UINT32 i = 0; + + memcpy( &result[i], &(tpm_daa_issuer->tag), sizeof(UINT16)); + i+=sizeof(UINT16); + memcpy( &result[i], &(tpm_daa_issuer->DAA_digest_R0), TPM_SHA1_160_HASH_LEN); + i+=TPM_SHA1_160_HASH_LEN; + memcpy( &result[i], &(tpm_daa_issuer->DAA_digest_R1), TPM_SHA1_160_HASH_LEN); + i+=TPM_SHA1_160_HASH_LEN; + memcpy( &result[i], &(tpm_daa_issuer->DAA_digest_S0), TPM_SHA1_160_HASH_LEN); + i+=TPM_SHA1_160_HASH_LEN; + memcpy( &result[i], &(tpm_daa_issuer->DAA_digest_S1), TPM_SHA1_160_HASH_LEN); + i+=TPM_SHA1_160_HASH_LEN; + memcpy( &result[i], &(tpm_daa_issuer->DAA_digest_n), TPM_SHA1_160_HASH_LEN); + i+=TPM_SHA1_160_HASH_LEN; + memcpy( &result[i], &(tpm_daa_issuer->DAA_digest_gamma), TPM_SHA1_160_HASH_LEN); + i+=TPM_SHA1_160_HASH_LEN; + memcpy( &result[i], &(tpm_daa_issuer->DAA_generic_q), 26); + *length = size; + return result; +} + +/******************************************************************************************** +* TSS_DAA_PK_PROOF +********************************************************************************************/ + +/* +* this function keep references on: +* - challenge (BYTE *) +* - response (bi_array_ptr *) +*/ +TSS_DAA_PK_PROOF_internal * +create_DAA_PK_PROOF(BYTE* const challenge, + const int length_challenge, + bi_array_ptr *response, + const int length_response) +{ + TSS_DAA_PK_PROOF_internal *pk_proof; + +#ifdef DAA_DEBUG + printf("create_DAA_PK_PROOF_internal\n"); +#endif + pk_proof = (TSS_DAA_PK_PROOF_internal *)malloc( sizeof(TSS_DAA_PK_PROOF_internal)); + pk_proof->challenge = challenge; + pk_proof->length_challenge = length_challenge; + pk_proof->response = response; + pk_proof->length_response = length_response; + return pk_proof; +} + +#if 0 +int +save_DAA_PK_PROOF_internal(FILE *file, TSS_DAA_PK_PROOF_internal *proof) +{ + int i; + +#ifdef DAA_DEBUG + printf("save_DAA_PK_PROOF_internal"); +#endif + fprintf(file, "%d # %s.length\n", proof->length_challenge, "challenge"); + fprintf(file, "%s\n", dump_byte_array( proof->length_challenge, + proof->challenge)); + fprintf(file, "%d # %s.length\n", proof->length_response, "response"); + for (i = 0; i < proof->length_response; i++) { + BI_SAVE_ARRAY( proof->response[i], file); + } + + return 0; +} + +/* load using */ +/* allocation of: */ +/* proof->challenge (BYTE*) */ +/* response (bi_array_ptr) */ +TSS_DAA_PK_PROOF_internal * +load_DAA_PK_PROOF_internal(FILE *file) +{ + TSS_DAA_PK_PROOF_internal *proof = + (TSS_DAA_PK_PROOF_internal *)malloc(sizeof(TSS_DAA_PK_PROOF_internal)); + char *read_buffer; + int i; + +#ifdef DAA_DEBUG + printf("load_DAA_PK_PROOF_internal"); +#endif + proof->length_challenge = read_int( file); + read_buffer = read_str( file); + proof->challenge = retrieve_byte_array( &(proof->length_challenge),read_buffer); + proof->length_response = read_int( file); + proof->response = (bi_array_ptr *)malloc( sizeof(bi_array_ptr) * proof->length_response); + for (i = 0; i < proof->length_response; i++) { + proof->response[i] = ALLOC_BI_ARRAY(); + BI_LOAD_ARRAY( proof->response[i], file); + } + return proof; +} +#endif + +TSS_DAA_PK_PROOF * +i_2_e_TSS_DAA_PK_PROOF(TSS_DAA_PK_PROOF_internal*pk_internal_proof, + void * (*daa_alloc)(size_t size, TSS_HOBJECT param), + TSS_HOBJECT param_alloc) +{ + TSS_DAA_PK_PROOF *pk_proof = + (TSS_DAA_PK_PROOF *)daa_alloc( sizeof(TSS_DAA_PK_PROOF), param_alloc); + int i, j; + int length_response2; + int length_response3; + + init_tss_version( pk_proof); + // CHALLENGE + pk_proof->challengeLength = pk_internal_proof->length_challenge; + pk_proof->challenge = (BYTE *)daa_alloc( pk_internal_proof->length_challenge, + param_alloc); + memcpy( pk_proof->challenge, pk_internal_proof->challenge, + pk_internal_proof->length_challenge); + // RESPONSES + pk_proof->responseLength = pk_internal_proof->length_response; + length_response2 = pk_internal_proof->response[0]->length; + pk_proof->responseLength2 = length_response2; + length_response3 = bi_nbin_size( + pk_internal_proof->response[0]->array[0]); + if( length_response3 & 1) length_response3++; // length_response3 should be paire + pk_proof->responseLength3 = length_response3; + pk_proof->response = (BYTE ***)daa_alloc( sizeof(BYTE **) * + pk_internal_proof->length_response, param_alloc); + for(i = 0; i < pk_internal_proof->length_response; i++) { + pk_proof->response[i] = (BYTE **)daa_alloc( sizeof(BYTE *) * length_response2, + param_alloc); + for( j = 0; j < length_response2; j++) { + (pk_proof->response[i])[j] = (BYTE *)malloc( + sizeof(BYTE) * length_response3); + bi_2_byte_array( pk_proof->response[i][j], + length_response3, + pk_internal_proof->response[i]->array[j]); + } + } + return pk_proof; +} + +TSS_DAA_PK_PROOF_internal * +e_2_i_TSS_DAA_PK_PROOF(TSS_DAA_PK_PROOF *pk_proof) +{ + int i, j, response_length2; + TSS_DAA_PK_PROOF_internal *pk_proof_internal = + (TSS_DAA_PK_PROOF_internal *)malloc( sizeof( TSS_DAA_PK_PROOF_internal)); + + // CHALLENGE + pk_proof_internal->length_challenge = pk_proof->challengeLength; +#ifdef DAA_DEBUG + fprintf(stderr, "issuer_length=%d\n", pk_proof_internal->length_challenge); +#endif + pk_proof_internal->challenge = (BYTE *)malloc( pk_proof_internal->length_challenge); + memcpy( pk_proof_internal->challenge, + pk_proof->challenge, + pk_proof_internal->length_challenge); + // RESPONSES + pk_proof_internal->length_response = pk_proof->responseLength; + response_length2 = pk_proof->responseLength2; + pk_proof_internal->response = + (bi_array_ptr *)malloc( sizeof(bi_array_ptr) * + pk_proof_internal->length_response); + for(i = 0; ilength_response; i++) { + pk_proof_internal->response[i] = ALLOC_BI_ARRAY(); + bi_new_array2( pk_proof_internal->response[i], response_length2); + for( j = 0; j < response_length2; j++) { + pk_proof_internal->response[i]->array[j] = + get_bi( pk_proof->responseLength3, pk_proof->response[i][j]); + } + } + return pk_proof_internal; +} + + +/******************************************************************************************** +* TSS_DAA_JOIN_ISSUER_SESSION +********************************************************************************************/ + +TSS_DAA_JOIN_ISSUER_SESSION_internal * +create(TSS_DAA_PK_PROOF_internal *issuerKeyPair, + TPM_DAA_ISSUER *issuerAuthKey, + TSS_DAA_IDENTITY_PROOF *identityProof, + bi_ptr capitalUprime, + int daaCounter, + int nonceIssuerLength, + BYTE *nonceIssuer, + int nonceEncryptedLength, + BYTE *nonceEncrypted) +{ + TSS_DAA_JOIN_ISSUER_SESSION_internal *result = + (TSS_DAA_JOIN_ISSUER_SESSION_internal *)malloc( + sizeof(TSS_DAA_JOIN_ISSUER_SESSION_internal)); + + result->issuerAuthKey = issuerAuthKey; + result->issuerKeyPair = issuerKeyPair; + result->identityProof = identityProof; + result->capitalUprime = capitalUprime; + result->daaCounter = daaCounter; + result->nonceIssuerLength = nonceIssuerLength; + result->nonceIssuer = nonceIssuer; + result->nonceEncryptedLength = nonceEncryptedLength; + result->nonceEncrypted = nonceEncrypted; + return result; +} + + +/******************************************************************************************** + * TSS_DAA_SIGNATURE + ********************************************************************************************/ + +TSS_DAA_SIGNATURE_internal* +e_2_i_TSS_DAA_SIGNATURE(TSS_DAA_SIGNATURE* signature) +{ + TSS_DAA_SIGNATURE_internal *signature_intern = + (TSS_DAA_SIGNATURE_internal *)malloc( sizeof( TSS_DAA_SIGNATURE_internal)); + int i, length; + + signature_intern->zeta = bi_set_as_nbin( signature->zetaLength, signature->zeta); + signature_intern->capitalT = bi_set_as_nbin( signature->capitalTLength, + signature->capitalT); + signature_intern->challenge_length = signature->challengeLength; + signature_intern->challenge = (BYTE *)malloc( signature->challengeLength); + memcpy( signature_intern->challenge, + signature->challenge, + signature->challengeLength); + signature_intern->nonce_tpm_length = signature->nonceTpmLength; + signature_intern->nonce_tpm = (BYTE *)malloc( signature->nonceTpmLength); + memcpy( signature_intern->nonce_tpm, signature->nonceTpm, signature->nonceTpmLength); + signature_intern->sV = bi_set_as_nbin( signature->sVLength, signature->sV); + signature_intern->sF0 = bi_set_as_nbin( signature->sF0Length, signature->sF0); + signature_intern->sF1 = bi_set_as_nbin( signature->sF1Length, signature->sF1); + signature_intern->sE = bi_set_as_nbin( signature->sELength, signature->sE); + signature_intern->sA = (bi_array_ptr)malloc( sizeof( bi_array)); + bi_new_array2( signature_intern->sA, signature->sALength); + length = ( DAA_PARAM_SIZE_RANDOMIZED_ATTRIBUTES + 7) / 8; + for (i = 0; i < (int)signature->sALength; i++) { + signature_intern->sA->array[i] = bi_set_as_nbin( length, signature->sA[i]); + } + + return signature_intern; +} + +void +free_TSS_DAA_SIGNATURE_internal(TSS_DAA_SIGNATURE_internal *signature) +{ + bi_free_array( signature->sA); + bi_free_ptr( signature->sE); + bi_free_ptr( signature->sF1); + bi_free_ptr( signature->sF0); + bi_free_ptr( signature->sV); + free( signature->nonce_tpm); + free( signature->challenge); + bi_free_ptr( signature->capitalT); + bi_free_ptr( signature->zeta); + free( signature); +} + +#if 0 +/******************************************************************************************** + TSS_DAA_CRED_ISSUER +********************************************************************************************/ + +TSS_DAA_CRED_ISSUER * +load_TSS_DAA_CRED_ISSUER(FILE *file) +{ + TSS_DAA_CRED_ISSUER *credential = + (TSS_DAA_CRED_ISSUER *)malloc(sizeof(TSS_DAA_CRED_ISSUER)); + char *read_buffer; + int i, len; + + init_tss_version( credential); + credential->capitalALength = read_int( file); + read_buffer = read_str( file); + credential->capitalA = retrieve_byte_array( &(credential->capitalALength), + read_buffer); + credential->eLength = read_int( file); + read_buffer = read_str( file); + credential->e = retrieve_byte_array( &(credential->eLength),read_buffer); + credential->vPrimePrimeLength = read_int( file); + read_buffer = read_str( file); + credential->vPrimePrime = retrieve_byte_array(&(credential->vPrimePrimeLength), + read_buffer); + // attributes issuer + credential->attributesIssuerLength = read_int( file); + credential->attributesIssuer = malloc(credential->attributesIssuerLength*sizeof(BYTE*)); + for( i=0; i < (int)credential->attributesIssuerLength; i++) { + credential->attributesIssuer[i] = retrieve_byte_array( &len, read_buffer); + } + credential->cPrimeLength = read_int( file); + read_buffer = read_str( file); + credential->cPrime = retrieve_byte_array( &(credential->cPrimeLength),read_buffer); + credential->sELength = read_int( file); + read_buffer = read_str( file); + credential->sE = retrieve_byte_array( &(credential->sELength),read_buffer); + return credential; +} + +int +save_TSS_DAA_CRED_ISSUER(FILE *file, TSS_DAA_CRED_ISSUER *credential) +{ + int i; + + fprintf(file, "%d # %s.length\n", credential->capitalALength, "capitalA"); + fprintf(file, "%s\n", dump_byte_array( credential->capitalALength, + credential->capitalA)); + fprintf(file, "%d # %s.length\n", credential->eLength, "e"); + fprintf(file, "%s\n", dump_byte_array( credential->eLength, + credential->e)); + fprintf(file, "%d # %s.length\n", credential->vPrimePrimeLength, "vPrimePrime"); + fprintf(file, "%s\n", dump_byte_array( credential->vPrimePrimeLength, + credential->vPrimePrime)); + fprintf(file, "%d # %s\n", credential->attributesIssuerLength, "attributesIssuerLength"); + for( i=0; i < (int)credential->attributesIssuerLength; i++) { + fprintf(file, "%s\n", dump_byte_array( DAA_PARAM_SIZE_F_I / 8, + credential->attributesIssuer[i])); + + } + fprintf(file, "%d # %s.length\n", credential->cPrimeLength, "cPrime"); + fprintf(file, "%s\n", dump_byte_array( credential->cPrimeLength, + credential->cPrime)); + fprintf(file, "%d # %s.length\n", credential->sELength, "sE"); + fprintf(file, "%s\n", dump_byte_array( credential->sELength, + credential->sE)); + return 0; +} + + +/******************************************************************************************** + TSS_DAA_CREDENTIAL +********************************************************************************************/ + +TSS_DAA_CREDENTIAL * +load_TSS_DAA_CREDENTIAL(FILE *file) +{ + TSS_DAA_CREDENTIAL *credential = + (TSS_DAA_CREDENTIAL *)malloc(sizeof(TSS_DAA_CREDENTIAL)); + char *read_buffer; + int i, len; + TSS_DAA_PK_internal *pk_internal; + TSS_DAA_PK *pk; + + init_tss_version( credential); + credential->capitalALength = read_int( file); + read_buffer = read_str( file); + credential->capitalA = retrieve_byte_array( &(credential->capitalALength), + read_buffer); + credential->exponentLength = read_int( file); + read_buffer = read_str( file); + credential->exponent = retrieve_byte_array( &(credential->exponentLength), + read_buffer); + credential->vBar0Length = read_int( file); + read_buffer = read_str( file); + credential->vBar0 = retrieve_byte_array(&(credential->vBar0Length), + read_buffer); + credential->vBar1Length = read_int( file); + read_buffer = read_str( file); + credential->vBar1 = retrieve_byte_array(&(credential->vBar1Length), + read_buffer); + // attributes issuer + credential->attributesLength = read_int( file); + printf("attributesLength=%d\n", credential->attributesLength); + credential->attributes = malloc(credential->attributesLength * sizeof( BYTE *)); + for( i=0; i < (int)credential->attributesLength; i++) { + read_buffer = read_str( file); + credential->attributes[i] = retrieve_byte_array( &len, read_buffer); + if( len != DAA_PARAM_SIZE_F_I / 8) { + LogError("Error when parsing attributes"); + LogError("\tattribute length:%d", len); + LogError("\texpected length:%d", DAA_PARAM_SIZE_F_I / 8); + return NULL; + } + } + pk_internal = load_DAA_PK_internal( file); + pk = i_2_e_TSS_DAA_PK( pk_internal, &normal_malloc, (TSS_HOBJECT)NULL); + memcpy( &(credential->issuerPK), pk, sizeof(TSS_DAA_PK)); + free( pk); + free_TSS_DAA_PK_internal( pk_internal); + credential->tpmSpecificEncLength = read_int( file); + read_buffer = read_str( file); + credential->tpmSpecificEnc = retrieve_byte_array( &(credential->tpmSpecificEncLength), + read_buffer); + credential->daaCounter = read_int( file); + return credential; +} + +int +save_TSS_DAA_CREDENTIAL(FILE *file, + TSS_DAA_CREDENTIAL *credential) +{ + int i; + TSS_DAA_PK_internal *pk_internal; + + fprintf(file, "%d # %s.length\n", credential->capitalALength, "capitalA"); + fprintf(file, "%s\n", dump_byte_array( credential->capitalALength, + credential->capitalA)); + fprintf(file, "%d # %s.length\n", credential->exponentLength, "exponent"); + fprintf(file, "%s\n", dump_byte_array( credential->exponentLength, + credential->exponent)); + fprintf(file, "%d # %s.length\n", credential->vBar0Length, "vBar0"); + fprintf(file, "%s\n", dump_byte_array( credential->vBar0Length, + credential->vBar0)); + fprintf(file, "%d # %s.length\n", credential->vBar1Length, "vBar1"); + fprintf(file, "%s\n", dump_byte_array( credential->vBar1Length, + credential->vBar1)); + fprintf(file, "%d # %s\n", credential->attributesLength, "attributesLength"); + for( i=0; i < (int)credential->attributesLength; i++) { + fprintf(file, "%s\n", dump_byte_array( DAA_PARAM_SIZE_F_I / 8, + credential->attributes[i])); + } + pk_internal = e_2_i_TSS_DAA_PK( &(credential->issuerPK) ); + save_DAA_PK_internal( file, pk_internal); + free_TSS_DAA_PK_internal( pk_internal); + fprintf(file, "%d # %s.length\n", credential->tpmSpecificEncLength, "tpmSpecificEnc"); + fprintf(file, "%s\n", dump_byte_array( credential->tpmSpecificEncLength, + credential->tpmSpecificEnc)); + fprintf(file, "%d # daaCounter\n", credential->daaCounter); + return 0; +} +#endif +/******************************************************************************************** + TPM_DAA_ISSUER +********************************************************************************************/ + +void +free_TPM_DAA_ISSUER(TPM_DAA_ISSUER *tpm_daa_issuer) +{ + free(tpm_daa_issuer); +} diff --git a/src/tspi/daa/daa_verifier/test/Makefile.am b/src/tspi/daa/daa_verifier/test/Makefile.am new file mode 100644 index 0000000..aa02721 --- /dev/null +++ b/src/tspi/daa/daa_verifier/test/Makefile.am @@ -0,0 +1,7 @@ +bin_PROGRAMS = verifier_transaction + +verifier_transaction_SOURCES = ../verifier_transaction.c ../../daa_structs.c \ + ../../big_integer/bi_gmp.c ../../big_integer/bi_openssl.c ../../big_integer/bi.c \ + ../../../include/bi.h ../../../include/bi_openssl.h ../../../include/bi_gmp.h \ + ../../../include/list_.h ../../utils/list.c ../../../include/tss/tss.h ../../../include/daa_parameter.h \ + ../../../include/daa_structs.h diff --git a/src/tspi/daa/daa_verifier/verifier.c b/src/tspi/daa/daa_verifier/verifier.c new file mode 100644 index 0000000..ad7cef1 --- /dev/null +++ b/src/tspi/daa/daa_verifier/verifier.c @@ -0,0 +1,57 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2006 + * + */ + + +#include +#include +#include + +#include "bi.h" +#include "daa_parameter.h" +#include "trousers/tss.h" +#include "spi_internal_types.h" +#include "spi_utils.h" +#include +#include +#include "tsplog.h" +#include "tss/tcs.h" +#include "platform.h" + +#include "verifier.h" + +TSPICALL Tspi_DAA_VerifyInit_internal +( + TSS_HDAA hDAA, // in + UINT32* nonceVerifierLength, // out + BYTE** nonceVerifier, // out + UINT32 baseNameLength, // out + BYTE ** baseName // out +) { + TSS_RESULT result = TSS_SUCCESS; + TCS_CONTEXT_HANDLE tcsContext; + bi_ptr nounce = NULL; + + //TODO how to setup the baseName & baseNameLength + if( (result = obj_daa_get_tsp_context( hDAA, &tcsContext)) != TSS_SUCCESS) + goto close; + *nonceVerifierLength = DAA_PARAM_LENGTH_MESSAGE_DIGEST; + *nonceVerifier = calloc_tspi( tcsContext, DAA_PARAM_LENGTH_MESSAGE_DIGEST); + if (*nonceVerifier == NULL) { + LogError("malloc of %d bytes failed", DAA_PARAM_LENGTH_MESSAGE_DIGEST); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + nounce = bi_new_ptr(); + bi_urandom( nounce, DAA_PARAM_LENGTH_MESSAGE_DIGEST * 8); + bi_2_byte_array( *nonceVerifier, DAA_PARAM_LENGTH_MESSAGE_DIGEST, nounce); +close: + FREE_BI( nounce); + return result; +} diff --git a/src/tspi/daa/daa_verifier/verifier_transaction.c b/src/tspi/daa/daa_verifier/verifier_transaction.c new file mode 100644 index 0000000..1eecd43 --- /dev/null +++ b/src/tspi/daa/daa_verifier/verifier_transaction.c @@ -0,0 +1,873 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2006 + * + */ + + +#include +#include +#include + +// for message digest +#include + +#include "daa_structs.h" +#include "daa_parameter.h" +#include "trousers/tss.h" +#include "spi_internal_types.h" +#include "spi_utils.h" +#include +#include +#include +#include "tsplog.h" +#include "tss/tcs.h" +#include "verifier.h" + +#include "trousers/tss.h" +#include "spi_internal_types.h" +#include "spi_utils.h" + +#include "anonymity_revocation.h" + +DAA_VERIFIER_TRANSACTION *create_verifier_transaction( int length, char *base_name) { + DAA_VERIFIER_TRANSACTION *verifier_transaction = + malloc(sizeof(DAA_VERIFIER_TRANSACTION)); + + if (verifier_transaction == NULL) { + LogError("malloc of %d bytes failed", sizeof(DAA_VERIFIER_TRANSACTION)); + return NULL; + } + verifier_transaction->baseName = base_name; + verifier_transaction->baseName_length = length; + OpenSSL_add_all_digests(); + verifier_transaction->digest = DAA_PARAM_get_message_digest(); + return verifier_transaction; +} + +static int verifyNonce( BYTE *nonce_verifier, int length) { + //TODO check nonce_verifier with the current transaction nonce + return 1; +} + +BYTE *compute_bytes( int seedLength, BYTE *seed, int length, const EVP_MD *digest) { + EVP_MD_CTX mdctx; + int N; + BYTE *hash; + BYTE *result; + int i, big_indian_i, len_hash; + + result = (BYTE *)malloc( length); + if (result == NULL) { + LogError("malloc of %d bytes failed", length); + return NULL; + } + EVP_MD_CTX_init(&mdctx); + EVP_DigestInit_ex(&mdctx, digest, NULL); + len_hash = EVP_MD_size(digest); + N = length / len_hash; + hash = (BYTE *)malloc( len_hash); + if (hash == NULL) { + LogError("malloc of %d bytes failed", len_hash); + return NULL; + } + for( i=0; icapitalGamma; + bi_ptr rho = issuer_pk->rho; + bi_ptr zeta = bi_new_ptr(); + + if( capital_gamma == NULL || + rho == NULL || + zeta == NULL) return NULL; + // exponent = capital_gamma - 1 + bi_sub( exponent, capital_gamma, bi_1); + // exponent = exponent / rho + bi_div( exponent, exponent, rho); + // zeta = ( base ^ exponent) % capital_gamma + LogDebug("project_into_group_gamma: rho [%ld]:%s", + bi_nbin_size( rho), bi_2_hex_char( rho)); + LogDebug("project_into_group_gamma: base[%ld]:%s", + bi_nbin_size( base), bi_2_hex_char( base)); + LogDebug("project_into_group_gamma: exponent [%ld]:%s", + bi_nbin_size( exponent), bi_2_hex_char( exponent)); + LogDebug("project_into_group_gamma: capitalGamma[%ld]:%s", + bi_nbin_size( capital_gamma), + bi_2_hex_char( capital_gamma)); + bi_mod_exp( zeta, base, exponent, capital_gamma); + LogDebug("project_into_group_gamma: result:%s", bi_2_hex_char( zeta)); + bi_free( exponent); + return zeta; +} + +bi_ptr compute_zeta( int nameLength, unsigned char *name, TSS_DAA_PK_internal *issuer_pk) { + BYTE *bytes; + bi_ptr base; + bi_ptr result; + + LogDebug("compute_zeta: %d [%s] pk:%x", nameLength, name, (int)issuer_pk); + bytes = compute_bytes( nameLength, + name, + DAA_PARAM_LENGTH_MFG1_GAMMA, + DAA_PARAM_get_message_digest()); + if( bytes == NULL) return NULL; + base = bi_set_as_nbin( DAA_PARAM_LENGTH_MFG1_GAMMA, bytes); + if( base == NULL) return NULL; + LogDebug("base: %ld [%s]", bi_nbin_size( base), bi_2_hex_char( base)); + result = project_into_group_gamma( base, issuer_pk); + if( result == NULL) return NULL; + bi_free_ptr( base); + free( bytes); + LogDebug("return zeta:%s\n", bi_2_hex_char( result)); + return result; +} + +bi_ptr compute_parameterized_gamma(int k, TSS_DAA_PK_internal *issuer_pk) { + int length; + int hashLength = bi_nbin_size( issuer_pk->gamma) + sizeof(int); + BYTE *hash; + int big_indian_k = htonl( k); + BYTE *bytes; + bi_ptr value, result; + + hash = (BYTE *)malloc( hashLength); + if (hash == NULL) { + LogError("malloc of %d bytes failed", hashLength); + return NULL; + } + // hash[0-3] = big_indian(k) + memcpy( hash, &big_indian_k, sizeof(int)); + // hash[4-end] = issuer_pk->gamma + bi_2_nbin1( &length, &hash[sizeof(int)], issuer_pk->gamma); + // allocation + bytes = compute_bytes( hashLength, hash, + DAA_PARAM_LENGTH_MFG1_GAMMA, + DAA_PARAM_get_message_digest()); + if( bytes == NULL) return NULL; + // allocation + value = bi_set_as_nbin( DAA_PARAM_LENGTH_MFG1_GAMMA, bytes); + if( value == NULL) return NULL; + result = project_into_group_gamma( value, issuer_pk); // allocation + if (result == NULL) { + LogError("malloc of %d bytes failed", hashLength); + return NULL; + } + bi_free_ptr( value); + free( bytes); + return result; +} + +inline bi_ptr apply_challenge( bi_ptr value, bi_ptr delta, bi_ptr c, bi_ptr capital_gamma) { + bi_ptr delta_tilde = bi_new_ptr(); + bi_t c_negate; + + if( delta_tilde == NULL) return NULL; + bi_new( c_negate); + bi_set( c_negate, c); + bi_negate( c_negate); + // delta_tilde = ( delta ^ (-c)) % capital_gamma + bi_mod_exp( delta_tilde, delta, c_negate, capital_gamma); + bi_free( c_negate); + // delta_tilde = (delta_tilde * value) % capital_gamma + return bi_mod( delta_tilde, bi_mul( delta_tilde, delta_tilde, value), capital_gamma); +} + +DAA_VERIFIER_TRANSACTION *createTransaction(int baseName_length, BYTE* baseName) { + DAA_VERIFIER_TRANSACTION *result = + (DAA_VERIFIER_TRANSACTION *)malloc( sizeof(DAA_VERIFIER_TRANSACTION)); + + if (result == NULL) { + LogError("malloc of %d bytes failed", sizeof(DAA_VERIFIER_TRANSACTION)); + return NULL; + } + result->baseName = baseName; + result->baseName_length = baseName_length; + return result; +} + +void update( EVP_MD_CTX *mdctx, char *name, bi_ptr integer, int bitLength) { + int length = bitLength / 8; + BYTE buffer[length]; + + bi_2_byte_array( buffer, length, integer); + LogDebug("[update] %s:%s", name, dump_byte_array( length, buffer)); + EVP_DigestUpdate(mdctx, buffer, length); +} + +BYTE *compute_sign_challenge_host( + int *result_length, + EVP_MD *digest, + TSS_DAA_PK_internal *issuer_pk, + int nonce_verifierLength, + BYTE *nonce_verifier, + int selected_attributes2commitLength, + TSS_DAA_SELECTED_ATTRIB **selected_attributes2commit, + int is_anonymity_revocation_enabled, + bi_ptr zeta, + bi_ptr capital_t, + bi_ptr capital_tilde, + int attribute_commitmentsLength, + TSS_DAA_ATTRIB_COMMIT_internal **attribute_commitments, + TSS_DAA_ATTRIB_COMMIT_internal **attribute_commitment_proofs, + bi_ptr capital_nv, + bi_ptr capital_tilde_v, + CS_PUBLIC_KEY *anonymity_revocator_pk, + CS_ENCRYPTION_RESULT *encryption_result_rand, + CS_ENCRYPTION_RESULT *encryption_result_proof +) { + EVP_MD_CTX mdctx; + int i, length; + unsigned int big_indian; + BYTE *buffer; + int length_gamma_modulus; + BYTE *buffer1; + + LogDebug("issuer_pk basename[%d]:%s", + issuer_pk->issuerBaseNameLength, + dump_byte_array( issuer_pk->issuerBaseNameLength, + issuer_pk->issuerBaseName)); + LogDebug("nonce_verifier[%d]:%s", + nonce_verifierLength, + dump_byte_array( nonce_verifierLength, nonce_verifier)); + LogDebug("selected_attributes2commitLength:%d", selected_attributes2commitLength); + LogDebug("is_anonymity_revocation_enabled:%d", is_anonymity_revocation_enabled); + LogDebug("zeta[%ld]:%s", bi_nbin_size( zeta), bi_2_hex_char( zeta)); + LogDebug("capital_t[%ld]:%s", bi_nbin_size( capital_t), bi_2_hex_char( capital_t)); + LogDebug("capital_tilde[%ld]:%s", + bi_nbin_size( capital_tilde), + bi_2_hex_char( capital_tilde)); + LogDebug("attribute_commitmentsLength:%d", attribute_commitmentsLength); + LogDebug("attribute_commitments:%d", (int)attribute_commitments); + LogDebug("attribute_commitment_proofs:%d", (int)attribute_commitment_proofs); + LogDebug("capital_nv[%ld]:%s", bi_nbin_size( capital_nv), bi_2_hex_char( capital_nv)); + LogDebug("capital_tilde_v[%ld]:%s", + bi_nbin_size( capital_tilde_v), + bi_2_hex_char( capital_tilde_v)); + LogDebug("anonymity_revocator_pk:%d", (int)anonymity_revocator_pk); + LogDebug("encryption_result_rand:%d", (int)encryption_result_rand); + LogDebug("encryption_result_proof:%d", (int)encryption_result_proof); + + EVP_MD_CTX_init(&mdctx); + EVP_DigestInit_ex(&mdctx, digest, NULL); + // update with encoded PK + buffer = encoded_DAA_PK_internal( &length, issuer_pk); + if( buffer == NULL) return NULL; + LogDebug("encoded issuer_pk[%d]:%s", length, dump_byte_array( length, buffer)); + EVP_DigestUpdate(&mdctx, buffer , length); + free( buffer); + // nonce verifier + EVP_DigestUpdate(&mdctx, nonce_verifier , nonce_verifierLength); + // length Commitments + big_indian = attribute_commitmentsLength; + EVP_DigestUpdate(&mdctx, &big_indian, sizeof(int)); + // Anonymity enabled + big_indian = is_anonymity_revocation_enabled; + EVP_DigestUpdate(&mdctx, &big_indian, sizeof(int)); + + update( &mdctx, "zeta", zeta, DAA_PARAM_SIZE_MODULUS_GAMMA); + update( &mdctx, "capitalT", capital_t, DAA_PARAM_SIZE_RSA_MODULUS); + update( &mdctx, "capitalTTilde", capital_tilde, DAA_PARAM_SIZE_RSA_MODULUS); + + length_gamma_modulus = DAA_PARAM_SIZE_MODULUS_GAMMA / 8; + buffer = (BYTE *)malloc( length_gamma_modulus);// allocation + if (buffer == NULL) { + LogError("malloc of %d bytes failed", length_gamma_modulus); + return NULL; + } + if( selected_attributes2commitLength > 0) { + for( i=0; ibeta); + EVP_DigestUpdate(&mdctx, + buffer, + length_gamma_modulus); + bi_2_byte_array( buffer, + length_gamma_modulus, + attribute_commitment_proofs[i]->beta); + EVP_DigestUpdate(&mdctx, + buffer, + length_gamma_modulus); + } + } + if( !is_anonymity_revocation_enabled) { + // Nv, N~v + bi_2_byte_array( buffer, length_gamma_modulus, capital_nv); + EVP_DigestUpdate(&mdctx, buffer, length_gamma_modulus); + bi_2_byte_array( buffer, length_gamma_modulus, capital_tilde_v); + EVP_DigestUpdate(&mdctx, buffer, length_gamma_modulus); + } else { + bi_2_byte_array( buffer, length_gamma_modulus, anonymity_revocator_pk->eta); + EVP_DigestUpdate(&mdctx, buffer, length_gamma_modulus); + bi_2_byte_array( buffer, length_gamma_modulus, anonymity_revocator_pk->lambda1); + EVP_DigestUpdate(&mdctx, buffer, length_gamma_modulus); + bi_2_byte_array( buffer, length_gamma_modulus, anonymity_revocator_pk->lambda2); + EVP_DigestUpdate(&mdctx, buffer, length_gamma_modulus); + bi_2_byte_array( buffer, length_gamma_modulus, anonymity_revocator_pk->lambda3); + EVP_DigestUpdate(&mdctx, buffer, length_gamma_modulus); + bi_2_byte_array( buffer, length_gamma_modulus, encryption_result_rand->c1); + EVP_DigestUpdate(&mdctx, buffer, length_gamma_modulus); + bi_2_byte_array( buffer, length_gamma_modulus, encryption_result_rand->c2); + EVP_DigestUpdate(&mdctx, buffer, length_gamma_modulus); + bi_2_byte_array( buffer, length_gamma_modulus, encryption_result_rand->c3); + EVP_DigestUpdate(&mdctx, buffer, length_gamma_modulus); + bi_2_byte_array( buffer, length_gamma_modulus, encryption_result_rand->c4); + EVP_DigestUpdate(&mdctx, buffer, length_gamma_modulus); + bi_2_byte_array( buffer, length_gamma_modulus, encryption_result_proof->c1); + EVP_DigestUpdate(&mdctx, buffer, length_gamma_modulus); + bi_2_byte_array( buffer, length_gamma_modulus, encryption_result_proof->c2); + EVP_DigestUpdate(&mdctx, buffer, length_gamma_modulus); + bi_2_byte_array( buffer, length_gamma_modulus, encryption_result_proof->c3); + EVP_DigestUpdate(&mdctx, buffer, length_gamma_modulus); + bi_2_byte_array( buffer, length_gamma_modulus, encryption_result_proof->c4); + EVP_DigestUpdate(&mdctx, buffer, length_gamma_modulus); + } + free(buffer); + buffer = (BYTE *)malloc(EVP_MD_size(digest)); // allocation + if (buffer == NULL) { + LogError("malloc of %d bytes failed", EVP_MD_size(digest)); + return NULL; + } + EVP_DigestFinal_ex(&mdctx, buffer, result_length); + EVP_MD_CTX_cleanup(&mdctx); + LogDebug("compute_sign_challenge_host[%d]:%s", + *result_length, + dump_byte_array( *result_length, buffer)); + return buffer; +} + +inline int is_element_gamma( bi_ptr capital_nv, TSS_DAA_PK_internal *issuer_pk) { + bi_ptr tmp1 = bi_new_ptr(); + int result; + + // ( ( capital_nv ^ issuer_pk->rho ) % issuer_pk->capitalGamma ) == 1 + result = bi_equals( bi_mod_exp( tmp1, + capital_nv, + issuer_pk->rho, + issuer_pk->capitalGamma), + bi_1); + bi_free_ptr( tmp1); + return result; +} + +/* implementation derived from isValid (VerifierTransaction.java) */ +TSPICALL Tspi_DAA_VerifySignature_internal +( TSS_HDAA hDAA, // in + TSS_DAA_SIGNATURE signature_ext, // in + TSS_HKEY hPubKeyIssuer, // in + TSS_DAA_SIGN_DATA sign_data, // in + UINT32 attributesLength, // in + BYTE **attributes, // in + UINT32 nonce_verifierLength, // out + BYTE *nonce_verifier, // out + UINT32 base_nameLength, // out + BYTE *base_name, // out + TSS_BOOL *isCorrect // out +) { + int i, j; + DAA_VERIFIER_TRANSACTION *verifier_transaction = NULL; + TSS_DAA_ATTRIB_COMMIT *commitments; + TSS_DAA_PK_internal *issuer_pk; + TSS_DAA_SIGNATURE_internal *signature = NULL; + bi_ptr tmp1; + bi_array_ptr sA; + bi_ptr n = NULL; + bi_ptr c = NULL; + bi_ptr capital_gamma = NULL; + bi_ptr zeta_2_verify = NULL; + bi_ptr capital_z = NULL; + bi_array_ptr capital_R = NULL; + bi_ptr product_r = NULL; + bi_ptr exp = NULL; + bi_ptr capital_THat = NULL; + bi_ptr beta_tilde = NULL; + bi_ptr gamma_i = NULL; + bi_ptr capital_nv = NULL; + bi_ptr capital_ntilde_v = NULL; + bi_ptr pseudonym_projected = NULL; + bi_ptr s_tau = NULL; + bi_ptr delta_tilde1 = NULL; + bi_ptr delta_tilde2 = NULL; + bi_ptr delta_tilde3 = NULL; + bi_ptr delta_tilde4 = NULL; + bi_ptr attribute_i; + TSS_DAA_PSEUDONYM_PLAIN *pseudonym_plain; + CS_ENCRYPTION_RESULT *pseudonym_enc = NULL; + CS_ENCRYPTION_RESULT *pseudonym_encryption_proof = NULL; + TSS_DAA_PSEUDONYM_ENCRYPTED_internal *sig_pseudonym_encrypted = NULL; + CS_ENCRYPTION_RESULT_RANDOMNESS *result_random = NULL; + CS_ENCRYPTION_RESULT *encryption_result = NULL; + TSS_DAA_ATTRIB_COMMIT_internal **commitment_proofs = NULL; + TCS_CONTEXT_HANDLE tcsContext; + TSS_RESULT result = TSS_SUCCESS; + EVP_MD_CTX mdctx; + int length_ch, len_hash, bits; + BYTE *ch = NULL, *hash = NULL; + TSS_BOOL *indices; + + tmp1 = bi_new_ptr(); + if( tmp1 == NULL) { + LogError("malloc of BI <%s> failed", "tmp1"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + *isCorrect = FALSE; + if( (result = obj_daa_get_tsp_context( hDAA, &tcsContext)) != TSS_SUCCESS) + goto close; + // allocation of issuer_pk + issuer_pk = e_2_i_TSS_DAA_PK( (TSS_DAA_PK *)hPubKeyIssuer); + if( issuer_pk == NULL) { + LogError("malloc of TSS_DAA_PK_internal failed"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + // allocation of signature + signature = e_2_i_TSS_DAA_SIGNATURE( &signature_ext); + if( signature == NULL) { + LogError("malloc of TSS_DAA_SIGNATURE_internal failed"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + commitments = signature_ext.attributeCommitments; + // TODO verify consistency of sig.getSA() with selectedAttributes,.. + sA = signature->sA; + if( sA->length != (int)attributesLength) { + LogError("Verifier Error: lengths of attributes and sA must be equal"); + result = TSS_E_BAD_PARAMETER; + goto close; + } + for ( i = 0; i < (int)attributesLength; i++) { + if ( (attributes[i] == NULL && bi_equals( sA->array[i], bi_0)) || + (attributes[i] != NULL && !bi_equals( sA->array[i], bi_0))) { + LogError( "Verifier Error: illegal argument content in attributes\ + and sA[%d]", i); + result = TSS_E_BAD_PARAMETER; + goto close; + } + } + // TODO: implement verify nonce + if ( verifyNonce(nonce_verifier, nonce_verifierLength) == 0) { + LogError("Verifier Error: nonce invalid"); + result = TSS_E_INTERNAL_ERROR; + goto close; + } + n = issuer_pk->modulus; + c = bi_set_as_nbin( signature->challenge_length, signature->challenge); + capital_gamma = issuer_pk->capitalGamma; + if( base_name != NULL) { // isRandomBaseName + zeta_2_verify = compute_zeta( base_nameLength, base_name, issuer_pk); + if( bi_equals( signature->zeta, zeta_2_verify) == 0) { + LogError("Verifier Error: Verification of zeta failed - Step 1"); + result = TSS_E_INTERNAL_ERROR; + goto close; + } + } + LogDebug( "step 2"); + capital_z = issuer_pk->capitalZ; + capital_R = issuer_pk->capitalY; + product_r = bi_new_ptr(); + if( product_r == NULL) { + LogError("malloc of BI <%s> failed", "product_r"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_set( product_r, bi_1); // product_r = 1 + for( i=0; i<(int)attributesLength; i++) { + if( attributes[i] != NULL) { + // allocation + attribute_i = bi_set_as_nbin( DAA_PARAM_SIZE_F_I / 8, attributes[i]); + if( attribute_i == NULL) { + LogError("malloc of %d bytes failed", DAA_PARAM_SIZE_F_I / 8); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + // tmp1 = (capital_R[i] ^ attributes[i]) mod n + bi_mod_exp( tmp1, capital_R->array[i], attribute_i, n); + // product_r = product_r * tmp1 + bi_mul( product_r, product_r, tmp1); + // product_r = product_r mod n + bi_mod( product_r, product_r, n); + bi_free_ptr( attribute_i); + } + } + exp = bi_new_ptr(); + if( exp == NULL) { + LogError("malloc of BI <%s> failed", "product_r"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + capital_THat = bi_new_ptr(); + // tmp1 = product_r invmod n + bi_invert_mod( tmp1, product_r, n); + // capital_THat = capital_z * tmp1 + bi_mul( capital_THat, capital_z, tmp1); + // capital_THat = capital_THat % n + bi_mod( capital_THat, capital_THat, n); + // capital_THat = (capital_THat ^ (-c)) mod n = ( 1 / (capital_That ^ c) ) % n + bi_mod_exp( capital_THat, capital_THat, c, n); + bi_invert_mod( capital_THat, capital_THat, n); + // tmp1 = c << (SizeExponentCertificate - 1) + bi_shift_left( tmp1, c, DAA_PARAM_SIZE_EXPONENT_CERTIFICATE - 1); + // exp = signature->sE + tmp1 + bi_add( exp, signature->sE, tmp1); + // tmp1 = (signature->capitalT ^ exp) mod n + bi_mod_exp( tmp1, signature->capitalT, exp, n); + // capital_THat = ( capital_THat * tmp1 ) % n + bi_mul( capital_THat, capital_THat, tmp1); + bi_mod( capital_THat, capital_THat, n); + // tmp1=( issuer_pk->capitalR0 ^ signature->sF0) % n + bi_mod_exp( tmp1, issuer_pk->capitalR0, signature->sF0, n); + // capital_THat = ( capital_THat * tmp1 ) % n + bi_mul( capital_THat, capital_THat, tmp1); + bi_mod( capital_THat, capital_THat, n); + // tmp1=( issuer_pk->capitalR1 ^ signature->sF1) % n + bi_mod_exp( tmp1, issuer_pk->capitalR1, signature->sF1, n); + // capital_THat = ( capital_THat * tmp1 ) % n + bi_mul( capital_THat, capital_THat, tmp1); + bi_mod( capital_THat, capital_THat, n); + // tmp1=( issuer_pk->capitalS ^ signature->sV) % n + bi_mod_exp( tmp1, issuer_pk->capitalS, signature->sV, n); + // capital_THat = ( capital_THat * tmp1 ) % n + bi_mul( capital_THat, capital_THat, tmp1); + bi_mod( capital_THat, capital_THat, n); + + bi_set( product_r, bi_1); // product_r = 1 + for( i=0; i<(int)attributesLength; i++) { + if( attributes[i] == NULL) { + // tmp1=(capital_R->array[i] ^ sA->array[i]) % n + bi_mod_exp( tmp1, capital_R->array[i], sA->array[i], n); + // product_r = ( product_r * tmp1 ) % n + bi_mul( product_r, product_r, tmp1); + bi_mod( product_r, product_r, n); + } + } + // capital_THat = (capital_THat * product_r) % n + bi_mod( capital_THat, bi_mul( tmp1, capital_THat, product_r), n); + LogDebug("Step 3 - Commitments"); + + //TODO when enabling the commitment feature, verifier_transaction should be set + #ifdef ANONYMITY_REVOCATION + if( verifier_transaction != NULL && + verifier_transaction->selected_attributes2commitLength > 0) { + commitment_proofs = (TSS_DAA_ATTRIB_COMMIT_internal **) + malloc(verifier_transaction->selected_attributes2commitLength * + sizeof(TSS_DAA_ATTRIB_COMMIT_internal*)); + if (commitment_proofs == NULL) { + LogError("malloc of %d bytes failed", + verifier_transaction->selected_attributes2commitLength * + sizeof(TSS_DAA_ATTRIB_COMMIT_internal*)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + for( j=0; jselected_attributes2commitLength; j++) { + if( bi_cmp( commitments[j].sMu, issuer_pk->rho) >= 0 || + bi_cmp_si( commitments[j].sMu, 0) < 0) { + LogError("sMu >= rho || sMu < 0"); + result = TSS_E_INTERNAL_ERROR; + goto close; + } + beta_tilde = bi_new_ptr(); + if( beta_tilde == NULL) { + LogError("malloc of BI <%s> failed", "beta_tilde"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_set( tmp1, c); + bi_negate( tmp1); + // beta_tilde=(commitments[j]->beta ^ (-c)) % capitalGamma + bi_mod_exp( beta_tilde, commitments[j]->beta, tmp1, capital_gamma); + // tmp1=(issuer_pk->gamma ^ commitments[j]->sMu) % capital_gamma + bi_mod_exp( tmp1, issuer_pk->gamma, commitments[j]->sMu, capital_gamma); + // beta_tilde=beta_tilde * tmp1 + bi_mul( beta_tilde, beta_tilde, tmp1); + // beta_tilde=beta_tilde % capital_gamma + bi_mod( beta_tilde, beta_tilde, capital_gamma); + indices = (verifier_transaction->selected_attributes2commit[j])-> + indicesList; + if( verifier_transaction->selected_attributes2commit[j]-> + indicesListLength != (UINT32)(issuer_pk->capitalY->length) ) { + LogError("indicesList of selected_attribs[%d] (%d) \ +and issuer_pk are not consistent (%d)\n", + j, + verifier_transaction->selected_attributes2commit[j]-> + indicesListLength, + issuer_pk->capitalY->length); + result = TSS_E_INTERNAL_ERROR; + goto close; + } + for( i=0; icapitalY->length; i++) { + if( indices[i]) { + gamma_i = compute_parameterized_gamma( i, issuer_pk); + if( gamma_i == NULL) { + LogError("malloc of BI <%s> failed", "gamma_i"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + // tmp1=(gamma_i ^ sA[j]) % capital_gamma + bi_mod_exp( tmp1, gamma_i, sA->array[i], capital_gamma); + // beta_tilde=beta_tilde * tmp1 + bi_mul( beta_tilde, beta_tilde, tmp1); + // beta_tilde=beta_tilde % capital_gamma + bi_mod( beta_tilde, beta_tilde, capital_gamma); + } + } + commitment_proofs[j] = create_TSS_DAA_ATTRIB_COMMIT( beta_tilde, NULL); + } + } + #endif + LogDebug("Step 4 - Pseudonym"); + capital_nv = bi_new_ptr(); + if( capital_nv == NULL) { + LogError("malloc of BI <%s> failed", "capital_nv"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + capital_ntilde_v = bi_new_ptr(); + if( capital_ntilde_v == NULL) { + LogError("malloc of BI <%s> failed", "capital_ntilde_v"); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + bi_shift_left( tmp1, signature->sF1, DAA_PARAM_SIZE_F_I); + bi_add( exp, signature->sF0, tmp1); + pseudonym_projected = bi_new_ptr(); + // pseudonym_projected = (signature->zeta ^ exp) % capital_gamma + bi_mod_exp( pseudonym_projected, signature->zeta, exp, capital_gamma); + pseudonym_enc = NULL; + pseudonym_encryption_proof = NULL; + //TODO when enabling the commitment feature, verifier_transaction should be set + if( verifier_transaction == NULL || + verifier_transaction->is_anonymity_revocation_enabled ==0) { + // anonymity revocation not enabled + pseudonym_plain = (TSS_DAA_PSEUDONYM_PLAIN *)signature_ext.signedPseudonym; + capital_nv = bi_set_as_nbin( pseudonym_plain->capitalNvLength, + pseudonym_plain->capitalNv); +//TODO + // capital_ntilde_v = ( capital_nv ^ ( - c) ) % capital_gamma + // = ( 1 / (capital_nv ^ c) % capital_gamma) % capital_gamma + bi_mod_exp( tmp1, capital_nv, c, capital_gamma); + bi_invert_mod( capital_ntilde_v, tmp1, capital_gamma); + // capital_ntilde_v = ( capital_ntilde_v * pseudonym_projected ) % capital_gamma + bi_mul(capital_ntilde_v, capital_ntilde_v, pseudonym_projected); + bi_mod( capital_ntilde_v, capital_ntilde_v, capital_gamma); + } else { +#ifdef ANONYMITY_REVOCATION + // anonymity revocation enabled + sig_pseudonym_encrypted = (TSS_DAA_PSEUDONYM_ENCRYPTED_internal *)pseudonym; + s_tau = sig_pseudonym_encrypted->sTau; + pseudonym_enc = sig_pseudonym_encrypted->cs_enc_result; + // Note: It verifies if s_tau <= rho + result_random = compute_ecryption_proof( + pseudonym_projected, + pseudonym_enc->c1, + pseudonym_enc->c2, + pseudonym_enc->c3, + s_tau, + verifier_transaction->anonymity_revocator_pk, issuer_pk, + verifier_transaction->anonymity_revocation_condition, + verifier_transaction->anonymity_revocation_condition_length, + DAA_PARAM_get_message_digest() ); + encryption_result = result_random->result; + delta_tilde1 = apply_challenge( encryption_result->c1, + pseudonym_enc->c1, + c, + capital_gamma); + delta_tilde2 = apply_challenge( encryption_result->c2, + pseudonym_enc->c2, + c, + capital_gamma); + delta_tilde3 = apply_challenge( encryption_result->c3, + pseudonym_enc->c3, + c, + capital_gamma); + delta_tilde4 = apply_challenge( encryption_result->c4, + pseudonym_enc->c4, + c, + capital_gamma); + pseudonym_encryption_proof = create_CS_ENCRYPTION_RESULT( delta_tilde1, + delta_tilde2, + delta_tilde3, + delta_tilde4); +#endif + } + + // TODO: Step 5 - Callback + LogDebug("Step 5 - Callback"); + + LogDebug("Step 6 - Hash"); + ch = compute_sign_challenge_host( + &length_ch, + DAA_PARAM_get_message_digest(), + issuer_pk, + nonce_verifierLength, + nonce_verifier, + 0, // verifier_transaction->selected_attributes2commitLength, + NULL, //verifier_transaction->selected_attributes2commit, + 0, // verifier_transaction->is_anonymity_revocation_enabled, + signature->zeta, + signature->capitalT, + capital_THat, + 0, //signature_ext.attributeCommitmentsLength, + NULL, // signature_ext.attributeCommitments, + commitment_proofs, + capital_nv, + capital_ntilde_v, + NULL, // verifier_transaction->anonymity_revocator_pk, + pseudonym_enc, + pseudonym_encryption_proof); + LogDebug("calculation of c: ch[%d]%s", length_ch, dump_byte_array( length_ch, ch)); + LogDebug("calculation of c: nonce_tpm[%d]%s", + signature->nonce_tpm_length, + dump_byte_array( signature->nonce_tpm_length, signature->nonce_tpm)); + LogDebug("calculation of c: sign_data.payloadFlag[%d]%x", 1, sign_data.payloadFlag); + LogDebug("calculation of c: signdata.payload[%d]%s", + sign_data.payloadLength, + dump_byte_array( sign_data.payloadLength, sign_data.payload)); + EVP_MD_CTX_init(&mdctx); + EVP_DigestInit_ex(&mdctx, DAA_PARAM_get_message_digest(), NULL); + EVP_DigestUpdate(&mdctx, ch, length_ch); + EVP_DigestUpdate(&mdctx, signature->nonce_tpm, signature->nonce_tpm_length); + len_hash = EVP_MD_size( DAA_PARAM_get_message_digest()); + hash = (BYTE *)malloc( len_hash);// allocation + if (hash == NULL) { + LogError("malloc of %d bytes failed", len_hash); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + EVP_DigestFinal_ex(&mdctx, hash, NULL); + EVP_DigestInit_ex(&mdctx, DAA_PARAM_get_message_digest(), NULL); + EVP_DigestUpdate(&mdctx, hash, EVP_MD_size( DAA_PARAM_get_message_digest())); + EVP_DigestUpdate(&mdctx, &sign_data.payloadFlag, 1); + EVP_DigestUpdate(&mdctx, sign_data.payload, sign_data.payloadLength); + len_hash = EVP_MD_size( DAA_PARAM_get_message_digest()); + free( hash); + hash = (BYTE *)malloc( len_hash);// allocation + if (hash == NULL) { + LogError("malloc of %d bytes failed", len_hash); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + EVP_DigestFinal(&mdctx, hash, NULL); + + if( signature->challenge_length != len_hash || + memcmp( signature->challenge, hash, len_hash) != 0) { + LogError( "Verification of c failed - Step 6.c.i"); + LogError(" - challenge[%d] : %s", + signature->challenge_length, + dump_byte_array( signature->challenge_length, signature->challenge)); + LogError(" - hash[%d] : %s", + len_hash, + dump_byte_array( len_hash, hash)); + result = TSS_E_INTERNAL_ERROR; + goto close; + } + if( verifier_transaction == NULL || + !verifier_transaction->is_anonymity_revocation_enabled) { + // Nv element ? + if( !is_element_gamma( capital_nv, issuer_pk) ) { + LogError( "Verification of Nv failed - Step 4.b.i"); + result = TSS_E_INTERNAL_ERROR; + goto close; + } + } else { + // are delta1-4 element ? + if( !( is_element_gamma( pseudonym_enc->c1, issuer_pk) && + is_element_gamma( pseudonym_enc->c2, issuer_pk) && + is_element_gamma( pseudonym_enc->c3, issuer_pk) && + is_element_gamma( pseudonym_enc->c4, issuer_pk))) { + LogError( "Verification of delta1-4 failed - Step 4.c.i"); + result = TSS_E_INTERNAL_ERROR; + goto close; + } + } + // zeta element + if( !is_element_gamma( signature->zeta, issuer_pk)) { + LogError( "Verification of zeta failed - Step 4.b/c.i"); + result = TSS_E_INTERNAL_ERROR; + goto close; + } + bits = DAA_PARAM_SIZE_F_I + DAA_PARAM_SAFETY_MARGIN + + DAA_PARAM_SIZE_MESSAGE_DIGEST + 1; + if( bi_length( signature->sF0) > bits) { + LogError("Verification of sF0 failed - Step 6.c.ii"); + result = TSS_E_INTERNAL_ERROR; + goto close; + } + if( bi_length( signature->sF1) > bits) { + LogError("Verification of sF1 failed - Step 6.c.ii"); + result = TSS_E_INTERNAL_ERROR; + goto close; + } + // attributes extension + for( i=0; ilength; i++) { + if( sA->array[i] != NULL && bi_length(sA->array[i]) > bits) { + LogError( "Verification of sA[%d] failed - Step 6.c.ii", i); + result = TSS_E_INTERNAL_ERROR; + goto close; + } + } + bits = DAA_PARAM_SIZE_INTERVAL_EXPONENT_CERTIFICATE + + DAA_PARAM_SAFETY_MARGIN + DAA_PARAM_SIZE_MESSAGE_DIGEST + 1; + if( bi_length( signature->sE) > bits) { + LogError("Verification of sE failed - Step 6.c.iii"); + result = TSS_E_INTERNAL_ERROR; + goto close; + } + // step 4 + // TODO: implement revocation list + *isCorrect = TRUE; +close: + bi_free_ptr( tmp1); + if( ch != NULL) free( ch); + if( hash != NULL) free( hash); + free_TSS_DAA_PK_internal( issuer_pk); + free_TSS_DAA_SIGNATURE_internal( signature); + // n not allocated, refere to issuer_pk->modulus + FREE_BI( c); + // capital_gamma not allocated, refere to issuer_pk->capitalGamma + FREE_BI( zeta_2_verify); + // capital_z not allocated, refere to issuer_pk->capitalZ + // capital_R not allocated, refere to issuer_pk->capitalY + FREE_BI( product_r); + FREE_BI( exp); + FREE_BI( capital_THat); + // beta_tilde kept on TSS_DAA_ATTRIB_COMMIT + FREE_BI( gamma_i); + FREE_BI( capital_nv); + FREE_BI( capital_ntilde_v); + FREE_BI( pseudonym_projected); + FREE_BI( s_tau); + // delta_tilde1 kept on CS_ENCRYPTION_RESULT + // delta_tilde2 kept on CS_ENCRYPTION_RESULT + // delta_tilde3 kept on CS_ENCRYPTION_RESULT + // delta_tilde4 kept on CS_ENCRYPTION_RESULT + return result; +} diff --git a/src/tspi/daa/test_sign.c b/src/tspi/daa/test_sign.c new file mode 100644 index 0000000..2b13791 --- /dev/null +++ b/src/tspi/daa/test_sign.c @@ -0,0 +1,238 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2006 + * + */ + +#include +#include +#include + +#include "daa_structs.h" +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "spi_internal_types.h" +#include "spi_utils.h" +#include "obj.h" +#include "tsplog.h" +#include "daa_parameter.h" +#include "verifier.h" +#include "platform.h" + +// for RSA Key +#include + +#define DEFAULT_CREDENTIAL_FILENAME "credential.txt" +#define DEFAULT_OWN_PASSWD "OWN_PWD" + +int print_usage(char *exec) { + fprintf(stderr, "usage: %s\n", exec); + fprintf(stderr, + "\t-m,\t--message\n\t\tif define, the data is signed using this message\n\ +\t\totherwise an AIK will be generated and used\n"); + fprintf(stderr, + "\t-pw,\t--passwd\n\t\ttpm owner password (default: %s)\n", + DEFAULT_OWN_PASSWD); + fprintf(stderr, + "\t-cr,\t--credential\n\t\tcredential filename (default: %s)\n", + DEFAULT_CREDENTIAL_FILENAME); + return -1; +} + +int main(int argc, char *argv[]) { + TSS_HCONTEXT hContext; + TSS_RESULT result; + TSS_HTPM hTPM; + TSS_HPOLICY hPolicy; + char *credential_filename = DEFAULT_CREDENTIAL_FILENAME; + UINT32 nonceVerifierLength; + BYTE *nonceVerifier; + TSS_HDAA hDAA; + TSS_DAA_CREDENTIAL *hDaaCredential; + TSS_DAA_SIGN_DATA signData; + TSS_DAA_SIGNATURE daaSignature; + TSS_DAA_SELECTED_ATTRIB revealAttributes; + char *szTpmPasswd = DEFAULT_OWN_PASSWD; + char *message = NULL; + BYTE **attributes = NULL; + FILE *file; + char *param; + int i, length, rv; + bi_ptr random = NULL; + TSS_BOOL isCorrect; + EVP_MD_CTX mdctx; + TSS_HKEY hKEY; + + init_tss_version( &signData); + init_tss_version( &daaSignature); + init_tss_version( &revealAttributes); + i = 1; + while( i < argc) { + param = argv[ i]; + if ( strcmp( param, "-m") == 0 || strcmp( param, "--message") == 0) { + i++; + if( i == argc) return print_usage( argv[0]); + message = argv[i]; + } else if( strcmp( param, "-cr") == 0 || strcmp( param, "--credential") == 0){ + i++; + if( i == argc) return print_usage( argv[0]); + credential_filename = argv[i]; + } else if( strcmp( param, "-pw") == 0 || strcmp( param, "--passwd") == 0){ + i++; + if( i == argc) return print_usage( argv[0]); + szTpmPasswd = argv[i]; + } else { + fprintf(stderr, "%s:unrecognized option `%s'\n", argv[0], param); + return print_usage( argv[0]); + } + i++; + } + bi_init( NULL); + printf("Loading credential: %s ", credential_filename); + file = fopen( credential_filename, "r"); + if( (hDaaCredential = load_TSS_DAA_CREDENTIAL( file)) == 0) { + LogError( "[test_join]: Error when loading \'%s\': %s\n", + credential_filename, + strerror( errno)); + result = TSS_E_FAIL; + goto out_close; + } + fclose( file); + printf("Done\n"); + + // Create Context + LogDebug("Create Context"); + result = Tspi_Context_Create( &hContext ); + if ( result != TSS_SUCCESS ) + { + LogError( "Tspi_Context_Create %d\n", result ); + goto out; + } + // Connect to Context + result = Tspi_Context_Connect( hContext, NULL ); + if ( result != TSS_SUCCESS) goto out_close; + printf("\nConnect to the context: %X\n", hContext); + + if( (result = Tspi_Context_GetTpmObject( hContext, &hTPM)) != TSS_SUCCESS) + goto out_close; + // Get the correct policy using the TPM ownership PASSWD + if( (result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hPolicy)) != TSS_SUCCESS) + goto out_close; + if( (result = Tspi_Policy_SetSecret( hPolicy, + TSS_SECRET_MODE_PLAIN, + strlen( szTpmPasswd), + szTpmPasswd)) != TSS_SUCCESS) + goto out_close; + LogDebug("Tspi_Policy_SetSecret hPolicy received;%d", hPolicy); + + //Create Object + result = obj_daa_add( hContext, &hDAA); + if (result != TSS_SUCCESS) { + LogError("Tspi_Context_CreateObject:%d", result); + Tspi_Context_Close(hContext); + LogError("%s: %s", argv[0], err_string(result)); + exit(result); + } + LogDebug("created DAA object:%X", hDAA); + + // TODO: verifier base name ?? + result = Tspi_DAA_VerifyInit( + hDAA, // in + &nonceVerifierLength, // out + &nonceVerifier, // out + 0, //baseNameLength, // out + NULL //baseName // out + ); + if (result != TSS_SUCCESS) goto out_close; + LogDebug("Verify Init return nonceVerifier [%s]", + dump_byte_array( nonceVerifierLength, nonceVerifier)); + + create_TSS_DAA_SELECTED_ATTRIB( &revealAttributes, 5, 0, 1, 1, 0, 0); + + // create the TSS_DAA_SIGN_DATA struct + // .selector: 0 -> payload contains a handle to an AIK + // 1 -> payload contains a hashed message + if( message != NULL) { + signData.selector = TSS_FLAG_DAA_SIGN_MESSAGE_HASH; + signData.payloadFlag = TSS_FLAG_DAA_SIGN_MESSAGE_HASH; + EVP_DigestInit(&mdctx, DAA_PARAM_get_message_digest()); + EVP_DigestUpdate(&mdctx, (BYTE *)message, strlen( message)); + signData.payloadLength = EVP_MD_CTX_size(&mdctx); + signData.payload = (BYTE *)malloc( EVP_MD_CTX_size(&mdctx)); + EVP_DigestFinal(&mdctx, signData.payload, NULL); + } else { + signData.selector = TSS_FLAG_DAA_SIGN_IDENTITY_KEY; + result = Tspi_Context_CreateObject( + hContext, // in + TSS_OBJECT_TYPE_RSAKEY, // in + TSS_KEY_SIZE_2048, // in + &hKEY // out + ); + if( result != TSS_SUCCESS) goto out_close; + + } + + result = Tspi_TPM_DAA_Sign( + hDAA, // in + hTPM, // in + (TSS_HKEY)hDaaCredential, // in + revealAttributes, // in + 0, // verifierBaseNameLength, // in + NULL, // verifierBaseName, // in + nonceVerifierLength, // in + nonceVerifier, // in + signData, // in + &daaSignature // out + ); + if (result != TSS_SUCCESS) goto out_close; + LogDebug("TPM_DAA_Sign return daaSignature [%s]", + dump_byte_array( nonceVerifierLength, nonceVerifier)); + + // generate attributes list but without copying the not revealed ones + attributes = malloc( sizeof(BYTE *) * hDaaCredential->attributesLength); + for( i=0; i < (int)(hDaaCredential->attributesLength); i++) { + if( revealAttributes.indicesList[i]) { + attributes[i] = (BYTE *)malloc( DAA_PARAM_SIZE_F_I / 8); + memcpy( attributes[i], + hDaaCredential->attributes[i], + DAA_PARAM_SIZE_F_I / 8); + } else { + attributes[i] = NULL; + } + } + + result = Tspi_DAA_VerifySignature( + hDAA, // in + daaSignature, // in + (TSS_HKEY)&(hDaaCredential->issuerPK), // in + signData, // in + hDaaCredential->attributesLength, // in + attributes, // in + nonceVerifierLength, // in + nonceVerifier, // in + 0, //baseNameLength, //in + NULL, // in + &isCorrect // out + ); + printf("Signature correct:%s\n", ( isCorrect ? "yes" : "no")); + +out_close: + if( attributes != NULL) { + for( i=0; i<(int)hDaaCredential->attributesLength; i++) { + if( attributes[i] != NULL) free( attributes[i]); + } + free( attributes); + } + if( random != NULL) bi_free_ptr( random); + Tspi_Context_FreeMemory( hContext, NULL ); + Tspi_Context_Close( hContext ); +out: + bi_release(); + LogDebug("THE END result=%d:%s",result, err_string( result) );; + return result; +} + diff --git a/src/tspi/daa/utils/list.c b/src/tspi/daa/utils/list.c new file mode 100644 index 0000000..634129b --- /dev/null +++ b/src/tspi/daa/utils/list.c @@ -0,0 +1,66 @@ + +/* +* Licensed Materials - Property of IBM +* +* trousers - An open source TCG Software Stack +* +* (C) Copyright International Business Machines Corp. 2006 +* +*/ + +#include +#include +#include + +#include "tsplog.h" + +list_ptr list_new( void) { + list_ptr list = (list_ptr)malloc( sizeof( list_struct)); + + if( list == NULL) return NULL; + list->head = NULL; + return list; +} + +void list_add(list_ptr list, void *obj) { + list->current = (node_t *) malloc (sizeof(struct _list_t)); + if (list->current == NULL) { + LogError("[list_add] malloc of %d bytes failed", sizeof(struct _list_t)); + return; + } + if( list->head == NULL) { + list->head = list->current; + } else + list->previous->next = list->current; + list->current->obj = obj; + list->current->next = NULL; + list->previous = list->current; +} + +void list_dump(list_ptr list) { + node_t *current; + + if( list->head == NULL) // if head has not been altered + puts("no data"); // list is empty + else { + current = list->head; // go to first node + do { + printf("%d\n", (int)current->obj); // print value at current node + current = current->next; // traverse through the list + } while(current != NULL); // until current node is NULL + } +} + +void list_freeall(list_ptr list) { + node_t *current = list->head; // go to first node + node_t *next; + + if( list->head != NULL) { + current = list->head; // go to first node + do { + next = current->next; + free(current); + current = next; + } while(current != NULL); // until current node is NULL + } +} diff --git a/src/tspi/gtk/callbacks.c b/src/tspi/gtk/callbacks.c new file mode 100644 index 0000000..86570fc --- /dev/null +++ b/src/tspi/gtk/callbacks.c @@ -0,0 +1,163 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + +#ifdef HAVE_CONFIG_H +# include +#endif + +#include +#include + +#undef TRUE +#undef FALSE + +#include "callbacks.h" +#include "interface.h" +#include "support.h" +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "tsplog.h" + + +/* Callbacks for the simple password dialog */ + +void +on_inputdialog1_destroy(GtkObject *object, struct userdata *user_data) +{ + gtk_widget_destroy(user_data->window); + gtk_main_quit(); +} + + +void +on_dialog1_close(GtkDialog *dialog, struct userdata *user_data) +{ + gtk_widget_destroy(user_data->window); + gtk_main_quit(); +} + + +void +on_cancelbutton1_clicked(GtkButton *button, struct userdata *user_data) +{ + LogDebugFn(); + gtk_widget_destroy(user_data->window); + user_data->string_len = 0; + gtk_main_quit(); +} + + +void +on_okbutton1_clicked(GtkButton *button, struct userdata *user_data) +{ + const gchar *entry_text = gtk_entry_get_text (GTK_ENTRY(user_data->entry)); + + LogDebugFn(); + user_data->string = (char *)Trspi_Native_To_UNICODE((BYTE *)entry_text, + &user_data->string_len); + gtk_widget_destroy(user_data->window); + + gtk_main_quit(); +} + + +gboolean +enter_event(GtkWidget *widget, struct userdata *user_data) +{ + const gchar *entry_text = gtk_entry_get_text (GTK_ENTRY(user_data->entry)); + + LogDebugFn(); + user_data->string = (char *)Trspi_Native_To_UNICODE((BYTE *)entry_text, + &user_data->string_len); + gtk_widget_destroy(user_data->window); + + gtk_main_quit(); + return TRUE; +} + + +/* Callbacks for the new password dialog */ +void +on_entryPassword_activate(GtkEntry *entry, struct userdata *user_data) +{ + const gchar *entryPass_text = gtk_entry_get_text (GTK_ENTRY(user_data->entryPass)); + const gchar *entryConf_text = gtk_entry_get_text (GTK_ENTRY(user_data->entryConf)); + int len = strlen(entryConf_text); + + if (strlen(entryConf_text) == strlen(entryPass_text)) { + if (!memcmp(entryPass_text, entryConf_text, len)) { + user_data->string = (char *)Trspi_Native_To_UNICODE((BYTE *)entryConf_text, + &user_data->string_len); + gtk_widget_destroy(user_data->window); + gtk_main_quit(); + + LogDebugFn("string len ptr: %p, value = %u", &user_data->string_len, + user_data->string_len); + return; + } + } + + gtk_widget_grab_focus(user_data->entryConf); +} + +void +on_entryConfirm_activate(GtkEntry *entry, struct userdata *user_data) +{ + const gchar *entryPass_text = gtk_entry_get_text (GTK_ENTRY(user_data->entryPass)); + const gchar *entryConf_text = gtk_entry_get_text (GTK_ENTRY(user_data->entryConf)); + unsigned len = strlen(entryConf_text); + + if (strlen(entryConf_text) == strlen(entryPass_text)) { + if (!memcmp(entryPass_text, entryConf_text, len)) { + user_data->string = (char *)Trspi_Native_To_UNICODE((BYTE *)entryConf_text, + &user_data->string_len); + gtk_widget_destroy(user_data->window); + gtk_main_quit(); + + LogDebugFn("string len ptr: %p, value = %u", &user_data->string_len, + user_data->string_len); + return; + } + } + + gtk_widget_grab_focus(user_data->entryPass); +} + +void +on_cancelbutton2_clicked(GtkButton *button, struct userdata *user_data) +{ + LogDebugFn(); + gtk_widget_destroy(user_data->window); + user_data->string_len = 0; + gtk_main_quit(); +} + +void +on_okbutton2_clicked(GtkButton *button, struct userdata *user_data) +{ + const gchar *entryPass_text = gtk_entry_get_text (GTK_ENTRY(user_data->entryPass)); + const gchar *entryConf_text = gtk_entry_get_text (GTK_ENTRY(user_data->entryConf)); + unsigned len = strlen(entryConf_text); + + if (strlen(entryConf_text) == strlen(entryPass_text)) { + if (!memcmp(entryPass_text, entryConf_text, len)) { + user_data->string = (char *)Trspi_Native_To_UNICODE((BYTE *)entryConf_text, + &user_data->string_len); + gtk_widget_destroy(user_data->window); + gtk_main_quit(); + + LogDebugFn("string len ptr: %p, value = %u", &user_data->string_len, + user_data->string_len); + return; + } + } + + gtk_widget_grab_focus(user_data->entryPass); +} diff --git a/src/tspi/gtk/callbacks.h b/src/tspi/gtk/callbacks.h new file mode 100644 index 0000000..1fca617 --- /dev/null +++ b/src/tspi/gtk/callbacks.h @@ -0,0 +1,58 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + +#ifndef _CALLBACKS_H_ +#define _CALLBACKS_H_ + +#include + +#include "interface.h" + +/* Callbacks for the simple text imput dialog */ + +void +on_dialog1_close (GtkDialog *dialog, + struct userdata *user_data); + +void +on_cancelbutton1_clicked (GtkButton *button, + struct userdata *user_data); + +void +on_okbutton1_clicked (GtkButton *button, + struct userdata *user_data); + +gboolean +enter_event (GtkWidget *widget, + struct userdata *user_data); + +void +on_inputdialog1_destroy (GtkObject *object, + struct userdata *user_data); + +/* Callbacks for the new password dialog */ + +void +on_entryPassword_activate (GtkEntry *entry, + struct userdata *user_data); + +void +on_entryConfirm_activate (GtkEntry *entry, + struct userdata *user_data); + +void +on_cancelbutton2_clicked (GtkButton *button, + struct userdata *user_data); + +void +on_okbutton2_clicked (GtkButton *button, + struct userdata *user_data); + +#endif diff --git a/src/tspi/gtk/interface.c b/src/tspi/gtk/interface.c new file mode 100644 index 0000000..c295beb --- /dev/null +++ b/src/tspi/gtk/interface.c @@ -0,0 +1,299 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004, 2005 + * + */ + +/* + * DO NOT EDIT THIS FILE - it is generated by Glade. + */ + +#ifdef HAVE_CONFIG_H +# include +#endif + +#include +#include +#include +#include +#include + +#include +#include + +#include "callbacks.h" +#include "interface.h" +#include "support.h" + +#define GLADE_HOOKUP_OBJECT(component,widget,name) \ + g_object_set_data_full (G_OBJECT (component), name, \ + gtk_widget_ref (widget), (GDestroyNotify) gtk_widget_unref) + +#define GLADE_HOOKUP_OBJECT_NO_REF(component,widget,name) \ + g_object_set_data (G_OBJECT (component), name, widget) + +GtkWidget* +create_password_dialog (struct userdata *ud, char *message) +{ + GtkWidget *dialog1; + GtkWidget *dialog_vbox1; + GtkWidget *vbox1; + GtkWidget *entry; + GtkWidget *alignment1; + GtkWidget *table2; + GtkWidget *label1; + GtkWidget *alignment2; + GtkWidget *table1; + GtkWidget *dialog_action_area1; + GtkWidget *cancelbutton1; + GtkWidget *okbutton1; + GtkTooltips *tooltips; + + tooltips = gtk_tooltips_new (); + + dialog1 = gtk_dialog_new (); + gtk_widget_set_size_request (dialog1, 300, 150); + //gtk_tooltips_set_tip (tooltips, dialog1, _("This is a box for entering dialogue"), NULL); + gtk_window_set_title (GTK_WINDOW (dialog1), _("TSS Password")); + //gtk_window_set_title (GTK_WINDOW (dialog1), message); + gtk_window_set_position (GTK_WINDOW (dialog1), GTK_WIN_POS_CENTER); + gtk_window_set_default_size (GTK_WINDOW (dialog1), 300, 150); + + dialog_vbox1 = GTK_DIALOG (dialog1)->vbox; + gtk_widget_show (dialog_vbox1); + + vbox1 = gtk_vbox_new (TRUE, 0); + gtk_widget_show (vbox1); + gtk_box_pack_start (GTK_BOX (dialog_vbox1), vbox1, TRUE, TRUE, 0); + + alignment1 = gtk_alignment_new (0.5, 0.5, 1, 1); + gtk_widget_show (alignment1); + gtk_box_pack_start (GTK_BOX (vbox1), alignment1, FALSE, FALSE, 0); + + table2 = gtk_table_new (3, 3, FALSE); + gtk_widget_show (table2); + gtk_container_add (GTK_CONTAINER (alignment1), table2); + + //label1 = gtk_label_new (_("Please enter a password, or not.")); + label1 = gtk_label_new (message); + gtk_widget_show (label1); + gtk_table_attach (GTK_TABLE (table2), label1, 1, 2, 1, 2, + (GtkAttachOptions) (GTK_FILL), + (GtkAttachOptions) (0), 0, 0); + gtk_label_set_justify (GTK_LABEL (label1), GTK_JUSTIFY_LEFT); + gtk_misc_set_alignment (GTK_MISC (label1), 0, 0.5); + + alignment2 = gtk_alignment_new (0.5, 0.5, 1, 1); + gtk_widget_show (alignment2); + gtk_box_pack_start (GTK_BOX (vbox1), alignment2, TRUE, TRUE, 0); + + table1 = gtk_table_new (2, 3, FALSE); + gtk_widget_show (table1); + gtk_container_add (GTK_CONTAINER (alignment2), table1); + + entry = gtk_entry_new (); + gtk_widget_show (entry); + gtk_table_attach (GTK_TABLE (table1), entry, 1, 2, 0, 1, + (GtkAttachOptions) (GTK_EXPAND | GTK_FILL), + (GtkAttachOptions) (0), 0, 0); + //gtk_tooltips_set_tip (tooltips, entry, _("This is where you enter the characters of your password, using the computer input device of your choice."), NULL); + gtk_entry_set_max_length (GTK_ENTRY (entry), 255); + gtk_entry_set_visibility (GTK_ENTRY (entry), FALSE); + + dialog_action_area1 = GTK_DIALOG (dialog1)->action_area; + gtk_widget_show (dialog_action_area1); + gtk_button_box_set_layout (GTK_BUTTON_BOX (dialog_action_area1), GTK_BUTTONBOX_END); + + cancelbutton1 = gtk_button_new_from_stock ("gtk-cancel"); + gtk_widget_show (cancelbutton1); + gtk_dialog_add_action_widget (GTK_DIALOG (dialog1), cancelbutton1, GTK_RESPONSE_CANCEL); + GTK_WIDGET_SET_FLAGS (cancelbutton1, GTK_CAN_DEFAULT); + //gtk_tooltips_set_tip (tooltips, cancelbutton1, _("Depress this button in order to indicate that you would like to cancel the submitting of authorization data at this time."), NULL); + + okbutton1 = gtk_button_new_from_stock ("gtk-ok"); + gtk_widget_show (okbutton1); + gtk_dialog_add_action_widget (GTK_DIALOG (dialog1), okbutton1, GTK_RESPONSE_OK); + GTK_WIDGET_SET_FLAGS (okbutton1, GTK_CAN_DEFAULT); + //gtk_tooltips_set_tip (tooltips, okbutton1, _("Depress this button in order to indicate that you have completed the entry of your authorization data."), NULL); + + /* We need to pass the window in to destroy it */ + ud->window = dialog1; + /* Here we need a pointer to the entry to grab the text out of it */ + ud->entry = entry; + + g_signal_connect ((gpointer) dialog1, "close", + G_CALLBACK (on_dialog1_close), + ud); + + g_signal_connect ((gpointer) dialog1, "destroy", + G_CALLBACK (on_inputdialog1_destroy), + ud); + + g_signal_connect ((gpointer) entry, "activate", + G_CALLBACK (enter_event), + ud); + + g_signal_connect ((gpointer) cancelbutton1, "clicked", + G_CALLBACK (on_cancelbutton1_clicked), + ud); + + g_signal_connect ((gpointer) okbutton1, "clicked", + G_CALLBACK (on_okbutton1_clicked), + ud); + + /* Store pointers to all widgets, for use by lookup_widget(). */ + GLADE_HOOKUP_OBJECT_NO_REF (dialog1, dialog1, "dialog1"); + GLADE_HOOKUP_OBJECT_NO_REF (dialog1, dialog_vbox1, "dialog_vbox1"); + GLADE_HOOKUP_OBJECT (dialog1, vbox1, "vbox1"); + GLADE_HOOKUP_OBJECT (dialog1, alignment1, "alignment1"); + GLADE_HOOKUP_OBJECT (dialog1, table2, "table2"); + GLADE_HOOKUP_OBJECT (dialog1, label1, "label1"); + GLADE_HOOKUP_OBJECT (dialog1, alignment2, "alignment2"); + GLADE_HOOKUP_OBJECT (dialog1, table1, "table1"); + GLADE_HOOKUP_OBJECT (dialog1, entry, "entry"); + GLADE_HOOKUP_OBJECT_NO_REF (dialog1, dialog_action_area1, "dialog_action_area1"); + GLADE_HOOKUP_OBJECT (dialog1, cancelbutton1, "cancelbutton1"); + GLADE_HOOKUP_OBJECT (dialog1, okbutton1, "okbutton1"); + GLADE_HOOKUP_OBJECT_NO_REF (dialog1, tooltips, "tooltips"); + + return dialog1; +} + +GtkWidget* +create_new_password_dialog (struct userdata *ud, char *message) +{ + GtkWidget *dialog1; + GtkWidget *dialog_vbox1; + GtkWidget *vbox1; + GtkWidget *table2; + GtkWidget *label7; + GtkWidget *table1; + GtkWidget *label5; + GtkWidget *label6; + GtkWidget *entryPassword; + GtkWidget *entryConfirm; + GtkWidget *dialog_action_area1; + GtkWidget *cancelbutton2; + GtkWidget *okbutton2; + + dialog1 = gtk_dialog_new (); + gtk_widget_set_size_request (dialog1, 300, 150); + gtk_window_set_title (GTK_WINDOW (dialog1), "TSS Password"); + //gtk_window_set_title (GTK_WINDOW (dialog1), message); + + dialog_vbox1 = GTK_DIALOG (dialog1)->vbox; + gtk_widget_show (dialog_vbox1); + + vbox1 = gtk_vbox_new (FALSE, 0); + gtk_widget_show (vbox1); + gtk_box_pack_start (GTK_BOX (dialog_vbox1), vbox1, TRUE, TRUE, 0); + + table2 = gtk_table_new (3, 3, FALSE); + gtk_widget_show (table2); + gtk_box_pack_start (GTK_BOX (vbox1), table2, TRUE, TRUE, 0); + + //label7 = gtk_label_new (_("Please enter a new password below.")); + label7 = gtk_label_new (message); + gtk_widget_show (label7); + gtk_table_attach (GTK_TABLE (table2), label7, 1, 2, 1, 2, + (GtkAttachOptions) (GTK_FILL), + (GtkAttachOptions) (0), 0, 0); + gtk_label_set_justify (GTK_LABEL (label7), GTK_JUSTIFY_LEFT); + gtk_misc_set_alignment (GTK_MISC (label7), 0, 0.5); + + table1 = gtk_table_new (5, 5, FALSE); + gtk_widget_show (table1); + gtk_box_pack_start (GTK_BOX (vbox1), table1, TRUE, TRUE, 0); + + label5 = gtk_label_new (_("Password:")); + gtk_widget_show (label5); + gtk_table_attach (GTK_TABLE (table1), label5, 1, 2, 1, 2, + (GtkAttachOptions) (GTK_FILL), + (GtkAttachOptions) (0), 0, 0); + gtk_label_set_justify (GTK_LABEL (label5), GTK_JUSTIFY_LEFT); + gtk_misc_set_alignment (GTK_MISC (label5), 0, 0.5); + + label6 = gtk_label_new (_("Confirm:")); + gtk_widget_show (label6); + gtk_table_attach (GTK_TABLE (table1), label6, 1, 2, 3, 4, + (GtkAttachOptions) (GTK_FILL), + (GtkAttachOptions) (0), 0, 0); + gtk_label_set_justify (GTK_LABEL (label6), GTK_JUSTIFY_LEFT); + gtk_misc_set_alignment (GTK_MISC (label6), 0, 0.5); + + entryPassword = gtk_entry_new (); + gtk_widget_show (entryPassword); + gtk_table_attach (GTK_TABLE (table1), entryPassword, 3, 4, 1, 2, + (GtkAttachOptions) (GTK_EXPAND | GTK_FILL), + (GtkAttachOptions) (0), 0, 0); + gtk_entry_set_max_length (GTK_ENTRY (entryPassword), 255); + gtk_entry_set_visibility (GTK_ENTRY (entryPassword), FALSE); + + entryConfirm = gtk_entry_new (); + gtk_widget_show (entryConfirm); + gtk_table_attach (GTK_TABLE (table1), entryConfirm, 3, 4, 3, 4, + (GtkAttachOptions) (GTK_EXPAND | GTK_FILL), + (GtkAttachOptions) (0), 0, 0); + gtk_entry_set_max_length (GTK_ENTRY (entryConfirm), 255); + gtk_entry_set_visibility (GTK_ENTRY (entryConfirm), FALSE); + + dialog_action_area1 = GTK_DIALOG (dialog1)->action_area; + gtk_widget_show (dialog_action_area1); + gtk_button_box_set_layout (GTK_BUTTON_BOX (dialog_action_area1), GTK_BUTTONBOX_END); + + cancelbutton2 = gtk_button_new_from_stock ("gtk-cancel"); + gtk_widget_show (cancelbutton2); + gtk_dialog_add_action_widget (GTK_DIALOG (dialog1), cancelbutton2, GTK_RESPONSE_CANCEL); + GTK_WIDGET_SET_FLAGS (cancelbutton2, GTK_CAN_DEFAULT); + + okbutton2 = gtk_button_new_from_stock ("gtk-ok"); + gtk_widget_show (okbutton2); + gtk_dialog_add_action_widget (GTK_DIALOG (dialog1), okbutton2, GTK_RESPONSE_OK); + GTK_WIDGET_SET_FLAGS (okbutton2, GTK_CAN_DEFAULT); + + /* We need to pass the window in to destroy it */ + ud->window = dialog1; + /* Here we need a pointer to the entries to grab text out of them */ + ud->entryPass = entryPassword; + ud->entryConf = entryConfirm; + + g_signal_connect ((gpointer) dialog1, "destroy", + G_CALLBACK (on_inputdialog1_destroy), + ud); + + g_signal_connect ((gpointer) entryPassword, "activate", + G_CALLBACK (on_entryPassword_activate), + ud); + g_signal_connect ((gpointer) entryConfirm, "activate", + G_CALLBACK (on_entryConfirm_activate), + ud); + g_signal_connect ((gpointer) cancelbutton2, "clicked", + G_CALLBACK (on_cancelbutton2_clicked), + ud); + g_signal_connect ((gpointer) okbutton2, "clicked", + G_CALLBACK (on_okbutton2_clicked), + ud); + + /* Store pointers to all widgets, for use by lookup_widget(). */ + GLADE_HOOKUP_OBJECT_NO_REF (dialog1, dialog1, "dialog1"); + GLADE_HOOKUP_OBJECT_NO_REF (dialog1, dialog_vbox1, "dialog_vbox1"); + GLADE_HOOKUP_OBJECT (dialog1, vbox1, "vbox1"); + GLADE_HOOKUP_OBJECT (dialog1, table2, "table2"); + GLADE_HOOKUP_OBJECT (dialog1, label7, "label7"); + GLADE_HOOKUP_OBJECT (dialog1, table1, "table1"); + GLADE_HOOKUP_OBJECT (dialog1, label5, "label5"); + GLADE_HOOKUP_OBJECT (dialog1, label6, "label6"); + GLADE_HOOKUP_OBJECT (dialog1, entryPassword, "entryPassword"); + GLADE_HOOKUP_OBJECT (dialog1, entryConfirm, "entryConfirm"); + GLADE_HOOKUP_OBJECT_NO_REF (dialog1, dialog_action_area1, "dialog_action_area1"); + GLADE_HOOKUP_OBJECT (dialog1, cancelbutton2, "cancelbutton2"); + GLADE_HOOKUP_OBJECT (dialog1, okbutton2, "okbutton2"); + + return dialog1; +} + + diff --git a/src/tspi/gtk/interface.h b/src/tspi/gtk/interface.h new file mode 100644 index 0000000..9950fe7 --- /dev/null +++ b/src/tspi/gtk/interface.h @@ -0,0 +1,30 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + +/* + * DO NOT EDIT THIS FILE - it is generated by Glade. + */ + +#ifndef _INTERFACE_H_ +#define _INTERFACE_H_ + +struct userdata { + char *string; + unsigned string_len; + GtkWidget *window; + GtkWidget *entry; + GtkWidget *entryPass; + GtkWidget *entryConf; +}; + +GtkWidget* create_password_dialog (struct userdata *, char *); +GtkWidget* create_new_password_dialog (struct userdata *, char *); + +#endif diff --git a/src/tspi/gtk/main.c b/src/tspi/gtk/main.c new file mode 100644 index 0000000..3b76402 --- /dev/null +++ b/src/tspi/gtk/main.c @@ -0,0 +1,117 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + +/* + * Initial main.c file generated by Glade. Edit as required. + * Glade will not overwrite this file. + */ + +#ifdef HAVE_CONFIG_H +# include +#endif + +#include +#include + +#include + +#undef TRUE +#undef FALSE + +#include "trousers/tss.h" +#include "tsplog.h" + +#include "interface.h" +#include "support.h" + +/* + * DisplayPINWindow() + * + * Popup the dialog to collect an existing password. + * + * string - buffer that the password will be passed back to caller in + * popup - UTF-8 string to be displayed in the title bar of the dialog box + * + */ +TSS_RESULT +DisplayPINWindow(BYTE *string, UINT32 *string_len, BYTE *popup) +{ + GtkWidget *dialog1; + struct userdata ud; + + ud.string_len = 0; + +#ifdef ENABLE_NLS + bindtextdomain (GETTEXT_PACKAGE, PACKAGE_LOCALE_DIR); + bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8"); + textdomain (GETTEXT_PACKAGE); +#endif + + gtk_set_locale(); + gtk_init_check((int *)NULL, (char ***)NULL); + + LogDebug("address of string_len: %p", &ud.string_len); + dialog1 = create_password_dialog(&ud, (char *)popup); + gtk_widget_show(dialog1); + + gtk_main(); + + if (ud.string_len) { + memcpy(string, ud.string, ud.string_len); + memset(ud.string, 0, ud.string_len); + free(ud.string); + } + *string_len = ud.string_len; + + return TSS_SUCCESS; +} + +/* + * DisplayNewPINWindow() + * + * Popup the dialog to collect a new password. + * + * string - buffer that the password will be passed back to caller in + * popup - UTF-8 string to be displayed in the title bar of the dialog box + * + */ +TSS_RESULT +DisplayNewPINWindow(BYTE *string, UINT32 *string_len, BYTE *popup) +{ + GtkWidget *dialog1; + struct userdata ud; + + ud.string_len = 0; + +#ifdef ENABLE_NLS + bindtextdomain (GETTEXT_PACKAGE, PACKAGE_LOCALE_DIR); + bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8"); + textdomain (GETTEXT_PACKAGE); +#endif + + gtk_set_locale(); + gtk_init_check((int *)NULL, (char ***)NULL); + + LogDebug("address of string_len: %p", &ud.string_len); + dialog1 = create_new_password_dialog(&ud, (char *)popup); + gtk_widget_show(dialog1); + + gtk_main(); + + if (ud.string_len) { + memcpy(string, ud.string, ud.string_len); + memset(ud.string, 0, ud.string_len); + free(ud.string); + } + *string_len = ud.string_len; + + return TSS_SUCCESS; +} + diff --git a/src/tspi/gtk/support.c b/src/tspi/gtk/support.c new file mode 100644 index 0000000..6ce3870 --- /dev/null +++ b/src/tspi/gtk/support.c @@ -0,0 +1,157 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + +/* + * DO NOT EDIT THIS FILE - it is generated by Glade. + */ + +#ifdef HAVE_CONFIG_H +# include +#endif + +#include +#include +#include +#include +#include + +#include + +#include "trousers/tss.h" +#include "tsplog.h" + +#include "support.h" + +GtkWidget* +lookup_widget (GtkWidget *widget, + const gchar *widget_name) +{ + GtkWidget *parent, *found_widget; + + for (;;) + { + if (GTK_IS_MENU (widget)) + parent = gtk_menu_get_attach_widget (GTK_MENU (widget)); + else + parent = widget->parent; + if (!parent) + parent = (GtkWidget*) g_object_get_data (G_OBJECT (widget), "GladeParentKey"); + if (parent == NULL) + break; + widget = parent; + } + + found_widget = (GtkWidget*) g_object_get_data (G_OBJECT (widget), + widget_name); + if (!found_widget) + g_warning ("Widget not found: %s", widget_name); + return found_widget; +} + +static GList *pixmaps_directories = NULL; + +/* Use this function to set the directory containing installed pixmaps. */ +void +__tspi_add_pixmap_directory (const gchar *directory) +{ + pixmaps_directories = g_list_prepend (pixmaps_directories, + g_strdup (directory)); +} + +/* This is an internally used function to find pixmap files. */ +static gchar* +find_pixmap_file (const gchar *filename) +{ + GList *elem; + + /* We step through each of the pixmaps directory to find it. */ + elem = pixmaps_directories; + while (elem) + { + gchar *pathname = g_strdup_printf ("%s%s%s", (gchar*)elem->data, + G_DIR_SEPARATOR_S, filename); + if (g_file_test (pathname, G_FILE_TEST_EXISTS)) + return pathname; + g_free (pathname); + elem = elem->next; + } + return NULL; +} + +/* This is an internally used function to create pixmaps. */ +GtkWidget* +create_pixmap (GtkWidget *widget, + const gchar *filename) +{ + gchar *pathname = NULL; + GtkWidget *pixmap; + + if (!filename || !filename[0]) + return gtk_image_new (); + + pathname = find_pixmap_file (filename); + + if (!pathname) + { + g_warning (_("Couldn't find pixmap file: %s"), filename); + return gtk_image_new (); + } + + pixmap = gtk_image_new_from_file (pathname); + g_free (pathname); + return pixmap; +} + +/* This is an internally used function to create pixmaps. */ +GdkPixbuf* +create_pixbuf (const gchar *filename) +{ + gchar *pathname = NULL; + GdkPixbuf *pixbuf; + GError *error = NULL; + + if (!filename || !filename[0]) + return NULL; + + pathname = find_pixmap_file (filename); + + if (!pathname) + { + g_warning (_("Couldn't find pixmap file: %s"), filename); + return NULL; + } + + pixbuf = gdk_pixbuf_new_from_file (pathname, &error); + if (!pixbuf) + { + LogError ("Failed to load pixbuf file: %s: %s\n", + pathname, error->message); + g_error_free (error); + } + g_free (pathname); + return pixbuf; +} + +/* This is used to set ATK action descriptions. */ +void +glade_set_atk_action_description (AtkAction *action, + const gchar *action_name, + const gchar *description) +{ + gint n_actions, i; + + n_actions = atk_action_get_n_actions (action); + for (i = 0; i < n_actions; i++) + { + if (!strcmp (atk_action_get_name (action, i), action_name)) + atk_action_set_description (action, i, description); + } +} + diff --git a/src/tspi/gtk/support.h b/src/tspi/gtk/support.h new file mode 100644 index 0000000..3b8186a --- /dev/null +++ b/src/tspi/gtk/support.h @@ -0,0 +1,81 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + +#ifndef _SUPPORT_H_ +#define _SUPPOR_H_ + +/* + * DO NOT EDIT THIS FILE - it is generated by Glade. + */ + +#ifdef HAVE_CONFIG_H +# include +#endif + +#include + +/* + * Standard gettext macros. + */ +#ifdef ENABLE_NLS +# include +# undef _ +# define _(String) dgettext (PACKAGE, String) +# ifdef gettext_noop +# define N_(String) gettext_noop (String) +# else +# define N_(String) (String) +# endif +#else +# define textdomain(String) (String) +# define gettext(String) (String) +# define dgettext(Domain,Message) (Message) +# define dcgettext(Domain,Message,Type) (Message) +# define bindtextdomain(Domain,Directory) (Domain) +# define _(String) (String) +# define N_(String) (String) +#endif + + +/* + * Public Functions. + */ + +/* + * This function returns a widget in a component created by Glade. + * Call it with the toplevel widget in the component (i.e. a window/dialog), + * or alternatively any widget in the component, and the name of the widget + * you want returned. + */ +GtkWidget* lookup_widget (GtkWidget *widget, + const gchar *widget_name); + + +/* Use this function to set the directory containing installed pixmaps. */ +void __tspi_add_pixmap_directory (const gchar *directory); + + +/* + * Private Functions. + */ + +/* This is used to create the pixmaps used in the interface. */ +GtkWidget* create_pixmap (GtkWidget *widget, + const gchar *filename); + +/* This is used to create the pixbufs used in the interface. */ +GdkPixbuf* create_pixbuf (const gchar *filename); + +/* This is used to set ATK action descriptions. */ +void glade_set_atk_action_description (AtkAction *action, + const gchar *action_name, + const gchar *description); + +#endif diff --git a/src/tspi/log.c b/src/tspi/log.c new file mode 100644 index 0000000..9f691be --- /dev/null +++ b/src/tspi/log.c @@ -0,0 +1,62 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004, 2005 + * + */ + + +#include +#include + +#include "trousers/tss.h" +#include "tsplog.h" + +#ifdef TSS_DEBUG + +/* + * LogBlobData() + * + * Log a blob's data to the debugging stream + * + * szDescriptor - The APPID tag found in the caller's environment at build time + * sizeOfBlob - The size of the data to log + * blob - the data to log + * + */ + + +void +LogBlobData(char *szDescriptor, unsigned long sizeOfBlob, unsigned char *blob) +{ + char temp[64]; + int i; + + if (getenv("TSS_DEBUG_OFF")) + return; + + memset(temp, 0, sizeof(temp)); + + for (i = 0; (unsigned long)i < sizeOfBlob; i++) { + if ((i > 0) && ((i % 16) == 0)) { + fprintf(stdout, "%s\n", temp); + memset(temp, 0, sizeof(temp)); + } + snprintf(&temp[(i%16)*3], 4, "%.2X ", blob[i]); + } + fprintf(stdout, "%s\n", temp); +} + +TSS_RESULT +LogTSPERR(TSS_RESULT result, char *file, int line) +{ + if (getenv("TSS_DEBUG_OFF") == NULL) + fprintf(stderr, "%s %s %s:%d: 0x%x\n", "LOG_RETERR", APPID, file, line, result); + + return (result | TSS_LAYER_TSP); +} + +#endif diff --git a/src/tspi/obj.c b/src/tspi/obj.c new file mode 100644 index 0000000..ad5c79a --- /dev/null +++ b/src/tspi/obj.c @@ -0,0 +1,297 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "tsplog.h" +#include "obj.h" + +UINT32 nextObjectHandle = 0xC0000000; + +MUTEX_DECLARE_INIT(handle_lock); + +TPM_LIST_DECLARE; +CONTEXT_LIST_DECLARE; +HASH_LIST_DECLARE; +PCRS_LIST_DECLARE; +POLICY_LIST_DECLARE; +RSAKEY_LIST_DECLARE; +ENCDATA_LIST_DECLARE; +DAACRED_LIST_DECLARE; +DAAARAKEY_LIST_DECLARE; +DAAISSUERKEY_LIST_DECLARE; +NVSTORE_LIST_DECLARE; +DELFAMILY_LIST_DECLARE; +MIGDATA_LIST_DECLARE; + +void +list_init(struct obj_list *list) +{ + list->head = NULL; + MUTEX_INIT(list->lock); +} + +void +__tspi_obj_list_init() +{ + TPM_LIST_INIT(); + CONTEXT_LIST_INIT(); + HASH_LIST_INIT(); + PCRS_LIST_INIT(); + POLICY_LIST_INIT(); + RSAKEY_LIST_INIT(); + ENCDATA_LIST_INIT(); + DAACRED_LIST_INIT(); + DAAARAKEY_LIST_INIT(); + DAAISSUERKEY_LIST_INIT(); + NVSTORE_LIST_INIT(); + DELFAMILY_LIST_INIT(); + MIGDATA_LIST_INIT(); +} + +TSS_HOBJECT +obj_get_next_handle() +{ + MUTEX_LOCK(handle_lock); + + /* return any object handle except NULL_HOBJECT */ + do { + nextObjectHandle++; + } while (nextObjectHandle == NULL_HOBJECT); + + MUTEX_UNLOCK(handle_lock); + + return nextObjectHandle; +} + +/* search through the provided list for an object with handle matching + * @handle. If found, return a pointer to the object with the list + * locked, else return NULL. To release the lock, caller should + * call obj_list_put() after manipulating the object. + */ +struct tsp_object * +obj_list_get_obj(struct obj_list *list, UINT32 handle) +{ + struct tsp_object *obj; + + MUTEX_LOCK(list->lock); + + for (obj = list->head; obj; obj = obj->next) { + if (obj->handle == handle) + break; + } + + if (obj == NULL) + MUTEX_UNLOCK(list->lock); + + return obj; +} + +/* search through the provided list for an object with TSP context + * matching @tspContext. If found, return a pointer to the object + * with the list locked, else return NULL. To release the lock, + * caller should call obj_list_put() after manipulating the object. + */ +struct tsp_object * +obj_list_get_tspcontext(struct obj_list *list, UINT32 tspContext) +{ + struct tsp_object *obj; + + MUTEX_LOCK(list->lock); + + for (obj = list->head; obj; obj = obj->next) { + if (obj->tspContext == tspContext) + break; + } + + return obj; +} + +/* release a list whose handle was returned by obj_list_get_obj() */ +void +obj_list_put(struct obj_list *list) +{ + MUTEX_UNLOCK(list->lock); +} + +TSS_RESULT +obj_list_add(struct obj_list *list, UINT32 tsp_context, TSS_FLAG flags, void *data, + TSS_HOBJECT *phObject) +{ + struct tsp_object *new_obj, *tmp; + + new_obj = calloc(1, sizeof(struct tsp_object)); + if (new_obj == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(struct tsp_object)); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + new_obj->handle = obj_get_next_handle(); + new_obj->flags = flags; + new_obj->data = data; + + if (list == &context_list) + new_obj->tspContext = new_obj->handle; + else + new_obj->tspContext = tsp_context; + + MUTEX_LOCK(list->lock); + + if (list->head == NULL) { + list->head = new_obj; + } else { + tmp = list->head; + list->head = new_obj; + new_obj->next = tmp; + } + + MUTEX_UNLOCK(list->lock); + + *phObject = new_obj->handle; + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_list_remove(struct obj_list *list, void (*freeFcn)(void *), TSS_HOBJECT hObject, TSS_HCONTEXT tspContext) +{ + struct tsp_object *obj, *prev = NULL; + + MUTEX_LOCK(list->lock); + + for (obj = list->head; obj; prev = obj, obj = obj->next) { + if (obj->handle == hObject) { + /* validate tspContext */ + if (obj->tspContext != tspContext) + break; + + (*freeFcn)(obj->data); + + if (prev) + prev->next = obj->next; + else + list->head = obj->next; + free(obj); + + MUTEX_UNLOCK(list->lock); + return TSS_SUCCESS; + } + } + + MUTEX_UNLOCK(list->lock); + + return TSPERR(TSS_E_INVALID_HANDLE); +} + +/* a generic routine for removing all members of a list who's tsp context + * matches @tspContext */ +void +obj_list_close(struct obj_list *list, void (*freeFcn)(void *), TSS_HCONTEXT tspContext) +{ + struct tsp_object *index; + struct tsp_object *next = NULL; + struct tsp_object *toKill; + struct tsp_object *prev = NULL; + + MUTEX_LOCK(list->lock); + + for (index = list->head; index; ) { + next = index->next; + if (index->tspContext == tspContext) { + toKill = index; + if (prev == NULL) { + list->head = toKill->next; + } else { + prev->next = toKill->next; + } + + (*freeFcn)(toKill->data); + free(toKill); + + index = next; + } else { + prev = index; + index = next; + } + } + + MUTEX_UNLOCK(list->lock); +} + +void +obj_close_context(TSS_HCONTEXT tspContext) +{ + TPM_LIST_CLOSE(tspContext); + CONTEXT_LIST_CLOSE(tspContext); + HASH_LIST_CLOSE(tspContext); + PCRS_LIST_CLOSE(tspContext); + POLICY_LIST_CLOSE(tspContext); + RSAKEY_LIST_CLOSE(tspContext); + ENCDATA_LIST_CLOSE(tspContext); + DAACRED_LIST_CLOSE(tspContext); + DAAARAKEY_LIST_CLOSE(tspContext); + DAAISSUERKEY_LIST_CLOSE(tspContext); + NVSTORE_LIST_CLOSE(tspContext); + DELFAMILY_LIST_CLOSE(tspContext); + MIGDATA_LIST_CLOSE(tspContext); +} + +/* When a policy object is closed, all references to it must be removed. This function + * calls the object specific routines for each working object type to remove all refs to the + * policy */ +void +obj_lists_remove_policy_refs(TSS_HPOLICY hPolicy, TSS_HCONTEXT tspContext) +{ + obj_rsakey_remove_policy_refs(hPolicy, tspContext); + obj_encdata_remove_policy_refs(hPolicy, tspContext); + obj_tpm_remove_policy_refs(hPolicy, tspContext); +} + +/* search all key lists (right now only RSA keys exist) looking for a TCS key handle, when + * found, return the hash of its TPM_STORE_PUBKEY structure */ +TSS_RESULT +obj_tcskey_get_pubkeyhash(TCS_KEY_HANDLE hKey, BYTE *pubKeyHash) +{ + struct tsp_object *obj; + struct obj_list *list = &rsakey_list; + struct tr_rsakey_obj *rsakey = NULL; + TSS_RESULT result = TSS_SUCCESS; + Trspi_HashCtx hashCtx; + + MUTEX_LOCK(list->lock); + + for (obj = list->head; obj; obj = obj->next) { + rsakey = (struct tr_rsakey_obj *)obj->data; + if (rsakey->tcsHandle == hKey) + break; + } + + if (obj == NULL || rsakey == NULL) { + MUTEX_UNLOCK(list->lock); + return TSPERR(TSS_E_KEY_NOT_LOADED); + } + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_STORE_PUBKEY(&hashCtx, &rsakey->key.pubKey); + if ((result |= Trspi_HashFinal(&hashCtx, pubKeyHash))) + result = TSPERR(TSS_E_INTERNAL_ERROR); + + MUTEX_UNLOCK(list->lock); + + return result; +} diff --git a/src/tspi/obj_context.c b/src/tspi/obj_context.c new file mode 100644 index 0000000..cb2091e --- /dev/null +++ b/src/tspi/obj_context.c @@ -0,0 +1,1524 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2005, 2007 + * + */ + + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "tcs_tsp.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +TSS_RESULT +obj_context_add(TSS_HOBJECT *phObject) +{ + TSS_RESULT result; + struct tr_context_obj *context = calloc(1, sizeof(struct tr_context_obj)); + unsigned len = strlen(TSS_LOCALHOST_STRING) + 1; + + if (context == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(struct tr_context_obj)); + return TSPERR(TSS_E_OUTOFMEMORY); + } + +#ifndef TSS_NO_GUI + context->silentMode = TSS_TSPATTRIB_CONTEXT_NOT_SILENT; +#else + context->silentMode = TSS_TSPATTRIB_CONTEXT_SILENT; +#endif + if ((context->machineName = calloc(1, len)) == NULL) { + LogError("malloc of %u bytes failed", len); + free(context); + return TSPERR(TSS_E_OUTOFMEMORY); + } + memcpy(context->machineName, TSS_LOCALHOST_STRING, len); + context->machineNameLength = len; + + context->hashMode = TSS_TSPATTRIB_HASH_MODE_NOT_NULL; + context->connection_policy = TSS_TSPATTRIB_CONTEXT_VERSION_V1_1; + + if ((result = obj_list_add(&context_list, NULL_HCONTEXT, 0, context, phObject))) { + free(context->machineName); + free(context); + return result; + } + + /* Add the default policy */ + if ((result = obj_policy_add(*phObject, TSS_POLICY_USAGE, &context->policy))) { + obj_list_remove(&context_list, &__tspi_obj_context_free, *phObject, *phObject); + return result; + } + + context->tcs_api = &tcs_normal_api; + + return TSS_SUCCESS; +} + +struct tcs_api_table * +obj_context_get_tcs_api(TSS_HCONTEXT tspContext) +{ + struct tsp_object *obj; + struct tr_context_obj *context; + struct tcs_api_table *t; + + /* If the object cannot be found with the given handle, return a safe value, the normal TCS + * API pointer. Since the handle is bad, the RPC_ function will barf in looking up the + * corresponding TCS context handle and an invalid handle error will be returned. */ + if ((obj = obj_list_get_obj(&context_list, tspContext)) == NULL) + return &tcs_normal_api; + + context = (struct tr_context_obj *)obj->data; + + /* Return the current API set we're using, either the normal API, or the transport encrypted + * API. The context->tcs_api variable is switched back and forth between the two sets by + * the obj_context_transport_set_control function through a set attrib. */ + t = context->tcs_api; + + obj_list_put(&context_list); + + return t; +} + +void +__tspi_obj_context_free(void *data) +{ + struct tr_context_obj *context = (struct tr_context_obj *)data; + + free(context->machineName); + free(context); +} + +TSS_BOOL +obj_is_context(TSS_HOBJECT hObject) +{ + TSS_BOOL answer = FALSE; + + if ((obj_list_get_obj(&context_list, hObject))) { + answer = TRUE; + obj_list_put(&context_list); + } + + return answer; +} + +/* Clean up transport session if necessary. */ +void +obj_context_close(TSS_HCONTEXT tspContext) +{ + struct tsp_object *obj; + struct tr_context_obj *context; + + if ((obj = obj_list_get_obj(&context_list, tspContext)) == NULL) + return; + + context = (struct tr_context_obj *)obj->data; + +#ifdef TSS_BUILD_TRANSPORT + if (context->transAuth.AuthHandle) { + RPC_FlushSpecific(tspContext, context->transAuth.AuthHandle, TPM_RT_TRANS); + + memset(&context->transPub, 0, sizeof(TPM_TRANSPORT_PUBLIC)); + memset(&context->transMod, 0, sizeof(TPM_MODIFIER_INDICATOR)); + memset(&context->transSecret, 0, sizeof(TPM_TRANSPORT_AUTH)); + memset(&context->transAuth, 0, sizeof(TPM_AUTH)); + memset(&context->transLogIn, 0, sizeof(TPM_TRANSPORT_LOG_IN)); + memset(&context->transLogOut, 0, sizeof(TPM_TRANSPORT_LOG_OUT)); + memset(&context->transLogDigest, 0, sizeof(TPM_DIGEST)); + } +#endif + + obj_list_put(&context_list); +} + +TSS_RESULT +obj_context_get_policy(TSS_HCONTEXT tspContext, UINT32 policyType, TSS_HPOLICY *phPolicy) +{ + struct tsp_object *obj; + struct tr_context_obj *context; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&context_list, tspContext)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + context = (struct tr_context_obj *)obj->data; + + switch (policyType) { + case TSS_POLICY_USAGE: + *phPolicy = context->policy; + break; + default: + result = TSPERR(TSS_E_BAD_PARAMETER); + } + + obj_list_put(&context_list); + + return result; +} + +TSS_RESULT +obj_context_get_machine_name(TSS_HCONTEXT tspContext, UINT32 *size, BYTE **data) +{ + struct tsp_object *obj; + struct tr_context_obj *context; + TSS_RESULT result; + + if ((obj = obj_list_get_obj(&context_list, tspContext)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + context = (struct tr_context_obj *)obj->data; + + if (context->machineNameLength == 0) { + *data = NULL; + *size = 0; + } else { + /* + * Don't use calloc_tspi because this memory is + * not freed using "free_tspi" + */ + *data = calloc(1, context->machineNameLength); + if (*data == NULL) { + LogError("malloc of %u bytes failed.", + context->machineNameLength); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + *size = context->machineNameLength; + memcpy(*data, context->machineName, *size); + } + + result = TSS_SUCCESS; + +done: + obj_list_put(&context_list); + + return result; +} + +/* This function converts the machine name to a TSS_UNICODE string before + * returning it, as Tspi_GetAttribData would like. We could do the conversion + * in Tspi_GetAttribData, but we don't have access to the TSP context there */ +TSS_RESULT +obj_context_get_machine_name_attrib(TSS_HCONTEXT tspContext, UINT32 *size, BYTE **data) +{ + struct tsp_object *obj; + struct tr_context_obj *context; + BYTE *utf_string; + UINT32 utf_size; + TSS_RESULT result; + + if ((obj = obj_list_get_obj(&context_list, tspContext)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + context = (struct tr_context_obj *)obj->data; + + if (context->machineNameLength == 0) { + *data = NULL; + *size = 0; + } else { + utf_size = context->machineNameLength; + utf_string = Trspi_Native_To_UNICODE(context->machineName, + &utf_size); + if (utf_string == NULL) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *data = calloc_tspi(obj->tspContext, utf_size); + if (*data == NULL) { + free(utf_string); + LogError("malloc of %u bytes failed.", utf_size); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + *size = utf_size; + memcpy(*data, utf_string, utf_size); + free(utf_string); + } + + result = TSS_SUCCESS; + +done: + obj_list_put(&context_list); + + return result; +} + +TSS_RESULT +obj_context_set_machine_name(TSS_HCONTEXT tspContext, BYTE *name, UINT32 len) +{ + struct tsp_object *obj; + struct tr_context_obj *context; + + if ((obj = obj_list_get_obj(&context_list, tspContext)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + context = (struct tr_context_obj *)obj->data; + + free(context->machineName); + context->machineName = name; + context->machineNameLength = len; + + obj_list_put(&context_list); + + return TSS_SUCCESS; +} + +TSS_BOOL +obj_context_is_silent(TSS_HCONTEXT tspContext) +{ + struct tsp_object *obj; + struct tr_context_obj *context; + TSS_BOOL silent = FALSE; + + if ((obj = obj_list_get_obj(&context_list, tspContext)) == NULL) + return FALSE; + + context = (struct tr_context_obj *)obj->data; + if (context->silentMode == TSS_TSPATTRIB_CONTEXT_SILENT) + silent = TRUE; + + obj_list_put(&context_list); + + return silent; +} + +TSS_RESULT +obj_context_get_mode(TSS_HCONTEXT tspContext, UINT32 *mode) +{ + struct tsp_object *obj; + struct tr_context_obj *context; + + if ((obj = obj_list_get_obj(&context_list, tspContext)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + context = (struct tr_context_obj *)obj->data; + *mode = context->silentMode; + + obj_list_put(&context_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_context_set_mode(TSS_HCONTEXT tspContext, UINT32 mode) +{ + struct tsp_object *obj; + struct tr_context_obj *context; + + if ((obj = obj_list_get_obj(&context_list, tspContext)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + context = (struct tr_context_obj *)obj->data; + context->silentMode = mode; + + obj_list_put(&context_list); + + return TSS_SUCCESS; +} + +/* search the list of all policies bound to context @tspContext. If + * one is found of type popup, return TRUE, else return FALSE. */ +TSS_BOOL +obj_context_has_popups(TSS_HCONTEXT tspContext) +{ + struct tsp_object *obj; + struct tr_policy_obj *policy; + struct obj_list *list = &policy_list; + TSS_BOOL ret = FALSE; + + MUTEX_LOCK(list->lock); + + for (obj = list->head; obj; obj = obj->next) { + if (obj->tspContext == tspContext) { + policy = (struct tr_policy_obj *)obj->data; + if (policy->SecretMode == TSS_SECRET_MODE_POPUP) + ret = TRUE; + break; + } + } + + MUTEX_UNLOCK(list->lock); + + return ret; +} + +TSS_RESULT +obj_context_get_hash_mode(TSS_HCONTEXT tspContext, UINT32 *mode) +{ + struct tsp_object *obj; + struct tr_context_obj *context; + + if ((obj = obj_list_get_obj(&context_list, tspContext)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + context = (struct tr_context_obj *)obj->data; + *mode = context->hashMode; + + obj_list_put(&context_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_context_set_hash_mode(TSS_HCONTEXT tspContext, UINT32 mode) +{ + struct tsp_object *obj; + struct tr_context_obj *context; + + switch (mode) { + case TSS_TSPATTRIB_HASH_MODE_NULL: + case TSS_TSPATTRIB_HASH_MODE_NOT_NULL: + break; + default: + return TSPERR(TSS_E_INVALID_ATTRIB_DATA); + } + + if ((obj = obj_list_get_obj(&context_list, tspContext)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + context = (struct tr_context_obj *)obj->data; + context->hashMode = mode; + + obj_list_put(&context_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_context_get_connection_version(TSS_HCONTEXT tspContext, UINT32 *version) +{ + struct tsp_object *obj; + struct tr_context_obj *context; + + if ((obj = obj_list_get_obj(&context_list, tspContext)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + context = (struct tr_context_obj *)obj->data; + + *version = context->current_connection; + + obj_list_put(&context_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_context_set_connection_policy(TSS_HCONTEXT tspContext, UINT32 policy) +{ + struct tsp_object *obj; + struct tr_context_obj *context; + + switch (policy) { + case TSS_TSPATTRIB_CONTEXT_VERSION_V1_1: + case TSS_TSPATTRIB_CONTEXT_VERSION_V1_2: + case TSS_TSPATTRIB_CONTEXT_VERSION_AUTO: + break; + default: + return TSPERR(TSS_E_INVALID_ATTRIB_DATA); + } + + if ((obj = obj_list_get_obj(&context_list, tspContext)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + context = (struct tr_context_obj *)obj->data; + + context->connection_policy = policy; + + obj_list_put(&context_list); + + return TSS_SUCCESS; +} + +#ifdef TSS_BUILD_TRANSPORT +TSS_RESULT +obj_context_set_transport_key(TSS_HCONTEXT tspContext, TSS_HKEY hKey) +{ + struct tsp_object *obj; + struct tr_context_obj *context; + + if ((obj = obj_list_get_obj(&context_list, tspContext)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + context = (struct tr_context_obj *)obj->data; + + context->transKey = hKey; + + obj_list_put(&context_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_context_transport_get_mode(TSS_HCONTEXT tspContext, UINT32 value, UINT32 *out) +{ + TSS_RESULT result = TSS_SUCCESS; + struct tsp_object *obj; + struct tr_context_obj *context; + + if ((obj = obj_list_get_obj(&context_list, tspContext)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + context = (struct tr_context_obj *)obj->data; + + switch (value) { + case TSS_TSPATTRIB_TRANSPORT_NO_DEFAULT_ENCRYPTION: + *out = context->flags & TSS_CONTEXT_FLAGS_TRANSPORT_DEFAULT_ENCRYPT ? + FALSE : TRUE; + break; + case TSS_TSPATTRIB_TRANSPORT_DEFAULT_ENCRYPTION: + *out = context->flags & TSS_CONTEXT_FLAGS_TRANSPORT_DEFAULT_ENCRYPT ? + TRUE : FALSE; + break; + case TSS_TSPATTRIB_TRANSPORT_AUTHENTIC_CHANNEL: + *out = context->flags & TSS_CONTEXT_FLAGS_TRANSPORT_AUTHENTIC ? + TRUE : FALSE; + break; + case TSS_TSPATTRIB_TRANSPORT_EXCLUSIVE: + *out = context->flags & TSS_CONTEXT_FLAGS_TRANSPORT_EXCLUSIVE ? + TRUE : FALSE; + break; + case TSS_TSPATTRIB_TRANSPORT_STATIC_AUTH: + *out = context->flags & TSS_CONTEXT_FLAGS_TRANSPORT_STATIC_AUTH ? + TRUE : FALSE; + break; + default: + LogError("Invalid attribute subflag: 0x%x", value); + result = TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + break; + } + + obj_list_put(&context_list); + + return result; +} + +TSS_RESULT +obj_context_transport_get_control(TSS_HCONTEXT tspContext, UINT32 value, UINT32 *out) +{ + TSS_RESULT result = TSS_SUCCESS; + struct tsp_object *obj; + struct tr_context_obj *context; + + if ((obj = obj_list_get_obj(&context_list, tspContext)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + context = (struct tr_context_obj *)obj->data; + + switch (value) { + case TSS_TSPATTRIB_DISABLE_TRANSPORT: + *out = context->flags & TSS_CONTEXT_FLAGS_TRANSPORT_ENABLED ? FALSE : TRUE; + break; + case TSS_TSPATTRIB_ENABLE_TRANSPORT: + *out = context->flags & TSS_CONTEXT_FLAGS_TRANSPORT_ENABLED ? TRUE : FALSE; + break; + default: + LogError("Invalid attribute subflag: 0x%x", value); + result = TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + break; + } + + obj_list_put(&context_list); + + return result; +} + +TSS_RESULT +obj_context_transport_set_control(TSS_HCONTEXT tspContext, UINT32 value) +{ + TSS_RESULT result = TSS_SUCCESS; + struct tsp_object *obj; + struct tr_context_obj *context; + + if ((obj = obj_list_get_obj(&context_list, tspContext)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + context = (struct tr_context_obj *)obj->data; + + switch (value) { + case TSS_TSPATTRIB_ENABLE_TRANSPORT: + context->flags |= TSS_CONTEXT_FLAGS_TRANSPORT_ENABLED; + context->tcs_api = &tcs_transport_api; + break; + case TSS_TSPATTRIB_DISABLE_TRANSPORT: + context->flags &= ~TSS_CONTEXT_FLAGS_TRANSPORT_ENABLED; + context->tcs_api = &tcs_normal_api; + break; + default: + LogError("Invalid attribute subflag: 0x%x", value); + result = TSPERR(TSS_E_INTERNAL_ERROR); + break; + } + + obj_list_put(&context_list); + + return result; +} + +TSS_RESULT +obj_context_transport_set_mode(TSS_HCONTEXT tspContext, UINT32 value) +{ + TSS_RESULT result = TSS_SUCCESS; + struct tsp_object *obj; + struct tr_context_obj *context; + + if ((obj = obj_list_get_obj(&context_list, tspContext)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + context = (struct tr_context_obj *)obj->data; + + switch (value) { + case TSS_TSPATTRIB_TRANSPORT_NO_DEFAULT_ENCRYPTION: + context->flags &= ~TSS_CONTEXT_FLAGS_TRANSPORT_DEFAULT_ENCRYPT; + break; + case TSS_TSPATTRIB_TRANSPORT_DEFAULT_ENCRYPTION: + context->flags |= TSS_CONTEXT_FLAGS_TRANSPORT_DEFAULT_ENCRYPT; + break; + case TSS_TSPATTRIB_TRANSPORT_AUTHENTIC_CHANNEL: + context->flags |= TSS_CONTEXT_FLAGS_TRANSPORT_AUTHENTIC; + break; + case TSS_TSPATTRIB_TRANSPORT_EXCLUSIVE: + context->flags |= TSS_CONTEXT_FLAGS_TRANSPORT_EXCLUSIVE; + break; + case TSS_TSPATTRIB_TRANSPORT_STATIC_AUTH: + context->flags |= TSS_CONTEXT_FLAGS_TRANSPORT_STATIC_AUTH; + break; + default: + LogError("Invalid attribute subflag: 0x%x", value); + result = TSPERR(TSS_E_INTERNAL_ERROR); + break; + } + + obj_list_put(&context_list); + + return result; +} + +#if 0 +TSS_RESULT +get_trans_props(TSS_HCONTEXT tspContext, UINT32 *alg, UINT16 *enc) +{ + TSS_RESULT result; + UINT32 algs[] = { TPM_ALG_MGF1, TPM_ALG_AES128, 0 }, a = 0; + UINT16 encs[] = { TPM_ES_SYM_OFB, TPM_ES_SYM_CNT, TPM_ES_SYM_CBC_PKCS5PAD, 0 }, e = 0; + BYTE *respData; + UINT32 respLen, tcsSubCap32; + UINT16 tcsSubCap16; + + if (*alg) + goto check_es; + + for (a = 0; algs[a]; a++) { + tcsSubCap32 = endian32(algs[a]); + + if ((result = RPC_GetTPMCapability(tspContext, TPM_CAP_TRANS_ALG, sizeof(UINT32), + (BYTE *)&tcsSubCap32, &respLen, &respData))) + return result; + + if (*(TSS_BOOL *)respData == TRUE) { + free(respData); + break; + } + free(respData); + } + + if (!algs[a]) { + LogError("TPM reports no usable sym algorithms for transport session"); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + +check_es: + if (*enc || algs[a] == TPM_ALG_MGF1) + goto done; + + for (e = 0; encs[e]; e++) { + tcsSubCap16 = endian16(encs[e]); + + if ((result = RPC_GetTPMCapability(tspContext, TPM_CAP_TRANS_ES, sizeof(UINT16), + (BYTE *)&tcsSubCap16, &respLen, &respData))) + return result; + + if (*(TSS_BOOL *)respData == TRUE) { + free(respData); + break; + } + free(respData); + } + + if (!encs[e]) { + LogError("TPM reports no usable sym modes for transport session"); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + *alg = algs[a]; + *enc = encs[e]; +done: + return TSS_SUCCESS; +} +#endif + +/* called before each TCSP_ExecuteTransport call */ +TSS_RESULT +obj_context_transport_init(TSS_HCONTEXT tspContext) +{ + TSS_RESULT result = TSS_SUCCESS; + struct tsp_object *obj; + struct tr_context_obj *context; + + if ((obj = obj_list_get_obj(&context_list, tspContext)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + context = (struct tr_context_obj *)obj->data; + + /* return immediately if we're not in a transport session */ + if (!(context->flags & TSS_CONTEXT_FLAGS_TRANSPORT_ENABLED)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + /* if the session is not yet established, setup and call EstablishTransport */ + if (!(context->flags & TSS_CONTEXT_FLAGS_TRANSPORT_ESTABLISHED)) { + if ((result = obj_context_transport_establish(tspContext, context))) + goto done; + } + + context->flags |= TSS_CONTEXT_FLAGS_TRANSPORT_ESTABLISHED; + + result = TSS_SUCCESS; +done: + obj_list_put(&context_list); + + return result; +} + +TSS_RESULT +obj_context_transport_establish(TSS_HCONTEXT tspContext, struct tr_context_obj *context) +{ + TSS_RESULT result; + UINT32 tickLen, secretLen, transPubLen, exclusive = TSS_TCSATTRIB_TRANSPORT_DEFAULT; + BYTE *ticks, *secret; + UINT64 offset; + Trspi_HashCtx hashCtx; + TPM_DIGEST digest; + TSS_HPOLICY hTransKeyPolicy; + TPM_AUTH auth, *pAuth, *pTransAuth; + TCS_KEY_HANDLE tcsTransKey; + TSS_BOOL usesAuth = FALSE; + UINT32 encKeyLen; + BYTE encKey[256]; + BYTE transPubBlob[sizeof(TPM_TRANSPORT_PUBLIC)]; + BYTE transAuthBlob[sizeof(TPM_TRANSPORT_AUTH)]; + + + context->transPub.tag = TPM_TAG_TRANSPORT_PUBLIC; + context->transSecret.tag = TPM_TAG_TRANSPORT_AUTH; + + if ((result = get_local_random(tspContext, FALSE, TPM_SHA1_160_HASH_LEN, + (BYTE **)context->transSecret.authData.authdata))) + return result; + + if (context->flags & TSS_CONTEXT_FLAGS_TRANSPORT_STATIC_AUTH) + context->transKey = TPM_KH_TRANSPORT; + + if (context->flags & TSS_CONTEXT_FLAGS_TRANSPORT_AUTHENTIC) + context->transPub.transAttributes |= TPM_TRANSPORT_LOG; + + if (context->flags & TSS_CONTEXT_FLAGS_TRANSPORT_EXCLUSIVE) { + context->transPub.transAttributes |= TPM_TRANSPORT_EXCLUSIVE; + exclusive = TSS_TCSATTRIB_TRANSPORT_EXCLUSIVE; + } + + /* XXX implement AES128+CTR (Winbond, Infineon), then AES256+CTR (Atmel) */ + context->transPub.algId = TPM_ALG_MGF1; + context->transPub.encScheme = TPM_ES_NONE; + + if (context->flags & TSS_CONTEXT_FLAGS_TRANSPORT_DEFAULT_ENCRYPT) { + context->transPub.transAttributes |= TPM_TRANSPORT_ENCRYPT; + + if (context->transKey == TPM_KH_TRANSPORT) { + LogError("No transport key handle has been set yet. Use " + "Tspi_Context_SetTransEncryptionKey to set this handle"); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + } + + if (context->transKey == TPM_KH_TRANSPORT) { + secret = context->transSecret.authData.authdata; + secretLen = TPM_SHA1_160_HASH_LEN; + } else { + offset = 0; + Trspi_LoadBlob_TRANSPORT_AUTH(&offset, transAuthBlob, &context->transSecret); + secretLen = offset; + + /* encrypt the sym key with the wrapping RSA key */ + encKeyLen = sizeof(encKey); + if ((result = __tspi_rsa_encrypt(context->transKey, secretLen, transAuthBlob, &encKeyLen, + encKey))) + return result; + + secret = encKey; + secretLen = encKeyLen; + } + + offset = 0; + Trspi_LoadBlob_TRANSPORT_PUBLIC(&offset, transPubBlob, &context->transPub); + transPubLen = offset; + + if (context->transKey != TPM_KH_TRANSPORT) { + if ((result = obj_rsakey_get_tcs_handle(context->transKey, &tcsTransKey))) + return result; + + if ((result = obj_rsakey_get_policy(context->transKey, TSS_POLICY_USAGE, + &hTransKeyPolicy, &usesAuth))) + return result; + + if (!usesAuth) { + LogError("Key used to establish a transport session must use auth"); + return TSPERR(TSS_E_TSP_TRANS_AUTHREQUIRED); + } + } else + tcsTransKey = TPM_KH_TRANSPORT; + + /* If logging is on, do TPM commands spec rev106 step 8.a */ + memset(context->transLogDigest.digest, 0, sizeof(TPM_DIGEST)); + if (context->flags & TSS_CONTEXT_FLAGS_TRANSPORT_AUTHENTIC) { + context->transLogIn.tag = TPM_TAG_TRANSPORT_LOG_IN; + + /* step 8.a, i */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_EstablishTransport); + result |= Trspi_HashUpdate(&hashCtx, transPubLen, transPubBlob); + result |= Trspi_Hash_UINT32(&hashCtx, secretLen); + result |= Trspi_HashUpdate(&hashCtx, secretLen, secret); + if ((result |= Trspi_HashFinal(&hashCtx, context->transLogIn.parameters.digest))) + return result; + + /* step 8.a, ii */ + memset(context->transLogIn.pubKeyHash.digest, 0, sizeof(TPM_DIGEST)); + + /* step 8.a, iii */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_DIGEST(&hashCtx, context->transLogDigest.digest); + result |= Trspi_Hash_TRANSPORT_LOG_IN(&hashCtx, &context->transLogIn); + if ((result |= Trspi_HashFinal(&hashCtx, context->transLogDigest.digest))) + return result; + } + + if (usesAuth) { + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_EstablishTransport); + result |= Trspi_HashUpdate(&hashCtx, (UINT32)offset, (BYTE *)transPubBlob); + result |= Trspi_Hash_UINT32(&hashCtx, secretLen); + result |= Trspi_HashUpdate(&hashCtx, secretLen, secret); + if ((result |= Trspi_HashFinal(&hashCtx, (BYTE *)&digest))) + return result; + + /* open OIAP session with continueAuthSession = TRUE */ + if ((result = secret_PerformAuth_OIAP(context->transKey, TPM_ORD_EstablishTransport, + hTransKeyPolicy, TRUE, &digest, &auth))) + return result; + + pAuth = &auth; + } else + pAuth = NULL; + + result = RPC_EstablishTransport(tspContext, exclusive, tcsTransKey, transPubLen, + transPubBlob, secretLen, secret, pAuth, &context->transMod, + &context->transAuth.AuthHandle, &tickLen, &ticks, + &context->transAuth.NonceEven); + if (result) { + LogError("Establish Transport command failed: %s", Trspi_Error_String(result)); + return result; + } + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_EstablishTransport); + result |= Trspi_Hash_UINT32(&hashCtx, context->transMod); + result |= Trspi_HashUpdate(&hashCtx, tickLen, ticks); + result |= Trspi_Hash_NONCE(&hashCtx, context->transAuth.NonceEven.nonce); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if (usesAuth) { + if ((result = obj_policy_validate_auth_oiap(hTransKeyPolicy, &digest, pAuth))) + return result; + } + + /* step 8.b iii */ + offset = 0; + Trspi_UnloadBlob_CURRENT_TICKS(&offset, ticks, &context->transLogOut.currentTicks); + free(ticks); + + /* If logging is on, do TPM commands spec rev106 step 8.b */ + if (context->flags & TSS_CONTEXT_FLAGS_TRANSPORT_AUTHENTIC) { + context->transLogOut.tag = TPM_TAG_TRANSPORT_LOG_OUT; + + /* step 8.b i */ + memcpy(context->transLogOut.parameters.digest, digest.digest, sizeof(TPM_DIGEST)); + + /* step 8.b ii */ + context->transLogOut.locality = context->transMod; + + /* step 8.b iii was done above */ + /* step 8.b iv */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_DIGEST(&hashCtx, context->transLogDigest.digest); + result |= Trspi_Hash_TRANSPORT_LOG_OUT(&hashCtx, &context->transLogOut); + if ((result |= Trspi_HashFinal(&hashCtx, context->transLogDigest.digest))) + return result; + } + + LogDebug("Transport session established successfully"); + + pTransAuth = &context->transAuth; + pTransAuth->fContinueAuthSession = TRUE; + if ((result = get_local_random(tspContext, FALSE, sizeof(TPM_NONCE), + (BYTE **)pTransAuth->NonceOdd.nonce))) { + LogError("Failed creating random nonce"); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + return TSS_SUCCESS; +} + +TSS_RESULT +do_transport_decryption(TPM_TRANSPORT_PUBLIC *transPub, + TPM_AUTH *pTransAuth, + BYTE *secret, + UINT32 inLen, + BYTE *in, + UINT32 *outLen, + BYTE **out) +{ + TSS_RESULT result; + UINT32 i, decLen; + UINT32 seedLen, ivLen; + BYTE *dec; + BYTE seed[(2 * sizeof(TPM_NONCE)) + strlen("out") + TPM_SHA1_160_HASH_LEN]; + + /* allocate the most data anyone below might need */ + decLen = inLen;//((inLen / TSS_MAX_SYM_BLOCK_SIZE) + 1) * TSS_MAX_SYM_BLOCK_SIZE; + if ((dec = malloc(decLen)) == NULL) { + LogError("malloc of %u bytes failed", decLen); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + /* set the common 3 initial values of 'seed', which is used to generate either the IV or + * mask */ + memcpy(seed, pTransAuth->NonceEven.nonce, sizeof(TPM_NONCE)); + memcpy(&seed[sizeof(TPM_NONCE)], pTransAuth->NonceOdd.nonce, sizeof(TPM_NONCE)); + memcpy(&seed[2 * sizeof(TPM_NONCE)], "out", strlen("out")); + + switch (transPub->algId) { + case TPM_ALG_MGF1: + { + decLen = inLen; + seedLen = sizeof(seed); + + /* add the secret data to the seed for MGF1 */ + memcpy(&seed[2 * sizeof(TPM_NONCE) + strlen("out")], secret, TPM_SHA1_160_HASH_LEN); + + if ((result = Trspi_MGF1(TSS_HASH_SHA1, seedLen, seed, decLen, dec))) { + free(dec); + return result; + } + + for (i = 0; i < inLen; i++) + dec[i] ^= in[i]; + break; + } + case TPM_ALG_AES128: + { + BYTE iv[TSS_MAX_SYM_BLOCK_SIZE]; + + ivLen = TSS_MAX_SYM_BLOCK_SIZE; + seedLen = (2 * sizeof(TPM_NONCE)) + strlen("out"); + + if ((result = Trspi_MGF1(TSS_HASH_SHA1, seedLen, seed, ivLen, iv))) { + free(dec); + return result; + } + + /* use the secret data as the key for AES */ + if ((result = Trspi_SymEncrypt(transPub->algId, transPub->encScheme, secret, iv, in, + inLen, dec, &decLen))) { + free(dec); + return result; + } + + break; + } + default: + LogDebug("Unknown algorithm for encrypted transport session: 0x%x", + transPub->algId); + free(dec); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + *out = dec; + *outLen = decLen; + + return result; +} + +TSS_RESULT +do_transport_encryption(TPM_TRANSPORT_PUBLIC *transPub, + TPM_AUTH *pTransAuth, + BYTE *secret, + UINT32 inLen, + BYTE *in, + UINT32 *outLen, + BYTE **out) +{ + TSS_RESULT result; + UINT32 i, encLen; + UINT32 seedLen, ivLen; + BYTE *enc; + BYTE seed[(2 * sizeof(TPM_NONCE)) + strlen("in") + TPM_SHA1_160_HASH_LEN]; + + /* allocate the most data anyone below might need */ + encLen = ((inLen / TSS_MAX_SYM_BLOCK_SIZE) + 1) * TSS_MAX_SYM_BLOCK_SIZE; + if ((enc = malloc(encLen)) == NULL) { + LogError("malloc of %u bytes failed", encLen); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + /* set the common 3 initial values of 'seed', which is used to generate either the IV or + * mask */ + memcpy(seed, pTransAuth->NonceEven.nonce, sizeof(TPM_NONCE)); + memcpy(&seed[sizeof(TPM_NONCE)], pTransAuth->NonceOdd.nonce, sizeof(TPM_NONCE)); + memcpy(&seed[2 * sizeof(TPM_NONCE)], "in", strlen("in")); + + switch (transPub->algId) { + case TPM_ALG_MGF1: + { + encLen = inLen; + seedLen = sizeof(seed); + + /* add the secret data to the seed for MGF1 */ + memcpy(&seed[2 * sizeof(TPM_NONCE) + strlen("in")], secret, TPM_SHA1_160_HASH_LEN); + + if ((result = Trspi_MGF1(TSS_HASH_SHA1, seedLen, seed, encLen, enc))) { + free(enc); + return result; + } + + for (i = 0; i < inLen; i++) + enc[i] ^= in[i]; + break; + } + case TPM_ALG_AES128: + { + BYTE iv[TSS_MAX_SYM_BLOCK_SIZE]; + + ivLen = TSS_MAX_SYM_BLOCK_SIZE; + seedLen = (2 * sizeof(TPM_NONCE)) + strlen("in"); + + if ((result = Trspi_MGF1(TSS_HASH_SHA1, seedLen, seed, ivLen, iv))) { + free(enc); + return result; + } + + /* use the secret data as the key for AES */ + if ((result = Trspi_SymEncrypt(transPub->algId, transPub->encScheme, secret, iv, in, + inLen, enc, &encLen))) { + free(enc); + return result; + } + + break; + } + default: + LogDebug("Unknown algorithm for encrypted transport session: 0x%x", + transPub->algId); + free(enc); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + *out = enc; + *outLen = encLen; + + return result; +} + +TSS_RESULT +obj_context_transport_execute(TSS_HCONTEXT tspContext, + TPM_COMMAND_CODE ordinal, + UINT32 ulDataLen, + BYTE* rgbData, + TPM_DIGEST* pubKeyHash, + UINT32* handlesLen, + TCS_HANDLE** handles, + TPM_AUTH* pAuth1, + TPM_AUTH* pAuth2, + UINT32* outLen, + BYTE** out) +{ + TSS_RESULT result = TSS_SUCCESS; + struct tsp_object *obj; + struct tr_context_obj *context; + UINT32 encLen, ulWrappedDataLen = 0; + BYTE *pEnc = NULL, *rgbWrappedData = NULL; + TPM_RESULT tpmResult; + Trspi_HashCtx hashCtx; + TPM_DIGEST etDigest, wDigest; + TPM_AUTH *pTransAuth; + UINT64 currentTicks; + TSS_BOOL free_enc = FALSE; + + if ((obj = obj_list_get_obj(&context_list, tspContext)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + context = (struct tr_context_obj *)obj->data; + + pTransAuth = &context->transAuth; + + /* TPM Commands spec rev106 step 6 */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, ordinal); + + switch (ordinal) { + case TPM_ORD_OSAP: + case TPM_ORD_OIAP: + break; + default: + result |= Trspi_HashUpdate(&hashCtx, ulDataLen, rgbData); + break; + } + + if ((result |= Trspi_HashFinal(&hashCtx, wDigest.digest))) + goto done; + + if (context->flags & TSS_CONTEXT_FLAGS_TRANSPORT_AUTHENTIC) { + /* TPM Commands spec rev106 step 10.b */ + memcpy(context->transLogIn.parameters.digest, wDigest.digest, sizeof(TPM_DIGEST)); + /* TPM Commands spec rev106 step 10.c, d or e, calculated by the caller */ + if (pubKeyHash) + memcpy(context->transLogIn.pubKeyHash.digest, pubKeyHash->digest, + sizeof(TPM_DIGEST)); + else + memset(context->transLogIn.pubKeyHash.digest, 0, sizeof(TPM_DIGEST)); + + /* TPM Commands spec rev106 step 10.f */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_DIGEST(&hashCtx, context->transLogDigest.digest); + result |= Trspi_Hash_TRANSPORT_LOG_IN(&hashCtx, &context->transLogIn); + if ((result |= Trspi_HashFinal(&hashCtx, context->transLogDigest.digest))) + goto done; + } + + /* TPM Commands spec rev106 step 7.a */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_ExecuteTransport); + result |= Trspi_Hash_UINT32(&hashCtx, ulDataLen + TSS_TPM_TXBLOB_HDR_LEN + + (*handlesLen * sizeof(UINT32)) + + (pAuth1 ? TPM_AUTH_RQU_SIZE : 0) + + (pAuth2 ? TPM_AUTH_RQU_SIZE : 0)); + result |= Trspi_HashUpdate(&hashCtx, TPM_SHA1_160_HASH_LEN, wDigest.digest); + if ((result |= Trspi_HashFinal(&hashCtx, etDigest.digest))) + goto done; + + /* encrypt the data if necessary */ + if (ulDataLen && context->flags & TSS_CONTEXT_FLAGS_TRANSPORT_DEFAULT_ENCRYPT) { + switch (ordinal) { + case TPM_ORD_OSAP: + case TPM_ORD_OIAP: + encLen = ulDataLen; + pEnc = rgbData; + break; + case TPM_ORD_DSAP: + { + UINT64 offset; + UINT32 tmpLen, entityValueLen; + BYTE *tmpEnc, *entityValuePtr; + + /* DSAP is a special case where only entityValue is encrypted. So, we'll + * parse through rgbData until we get to entityValue, encrypt it, alloc + * new space for rgbData (since it could be up to a block length larger + * than it came in) and copy the unencrypted data and the encrypted + * entityValue to the new block, setting pEnc and encLen to new values. */ + + offset = (2 * sizeof(UINT32)) + sizeof(TPM_NONCE); + Trspi_UnloadBlob_UINT32(&offset, &entityValueLen, rgbData); + + entityValuePtr = &rgbData[offset]; + if ((result = do_transport_encryption(&context->transPub, pTransAuth, + context->transSecret.authData.authdata, + entityValueLen, entityValuePtr, &tmpLen, + &tmpEnc))) + goto done; + + /* offset is the amount of data before the block we encrypted and tmpLen is + * the size of the encrypted data */ + encLen = offset + tmpLen; + if ((pEnc = malloc(encLen)) == NULL) { + LogError("malloc of %u bytes failed.", encLen); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + memcpy(pEnc, rgbData, offset); + memcpy(&pEnc[offset], tmpEnc, tmpLen); + free(tmpEnc); + + free_enc = TRUE; + break; + } + default: + if ((result = do_transport_encryption(&context->transPub, pTransAuth, + context->transSecret.authData.authdata, + ulDataLen, rgbData, &encLen, &pEnc))) + goto done; + + free_enc = TRUE; + break; + } + } else { + encLen = ulDataLen; + pEnc = rgbData; + } + + /* TPM Commands spec rev106 step 7.b */ + HMAC_Auth(context->transSecret.authData.authdata, etDigest.digest, pTransAuth); + + if ((result = RPC_ExecuteTransport(tspContext, ordinal, encLen, pEnc, handlesLen, handles, + pAuth1, pAuth2, pTransAuth, ¤tTicks, + &context->transMod, &tpmResult, &ulWrappedDataLen, + &rgbWrappedData))) { + LogDebugFn("Execute Transport failed: %s", Trspi_Error_String(result)); + goto done; + } + + if (tpmResult) { + LogDebug("Wrapped command ordinal 0x%x failed with result: 0x%x", ordinal, + tpmResult); + result = tpmResult; + goto done; + } + + /* decrypt the returned wrapped data if necessary */ + if (ulWrappedDataLen && context->flags & TSS_CONTEXT_FLAGS_TRANSPORT_DEFAULT_ENCRYPT) { + switch (ordinal) { + case TPM_ORD_OSAP: + case TPM_ORD_OIAP: + case TPM_ORD_DSAP: + *outLen = ulWrappedDataLen; + *out = rgbWrappedData; + break; + default: + if ((result = do_transport_decryption(&context->transPub, pTransAuth, + context->transSecret.authData.authdata, + ulWrappedDataLen, rgbWrappedData, outLen, + out))) + goto done; + + free(rgbWrappedData); + } + } else { + if (outLen) { + *outLen = ulWrappedDataLen; + *out = rgbWrappedData; + } + } + + /* TPM Commands spec rev106 step 14 */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, tpmResult); + result |= Trspi_Hash_UINT32(&hashCtx, ordinal); + + switch (ordinal) { + case TPM_ORD_OSAP: + case TPM_ORD_OIAP: + break; + default: + if (outLen) + result |= Trspi_HashUpdate(&hashCtx, *outLen, *out); + break; + } + + if ((result |= Trspi_HashFinal(&hashCtx, wDigest.digest))) + goto done; + + /* TPM Commands spec rev106 step 15 */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_ExecuteTransport); + result |= Trspi_Hash_UINT64(&hashCtx, currentTicks); + result |= Trspi_Hash_UINT32(&hashCtx, context->transMod); + result |= Trspi_Hash_UINT32(&hashCtx, (outLen ? *outLen : 0) + + TSS_TPM_TXBLOB_HDR_LEN + + (*handlesLen * sizeof(UINT32)) + + (pAuth1 ? TPM_AUTH_RSP_SIZE : 0) + + (pAuth2 ? TPM_AUTH_RSP_SIZE : 0)); + result |= Trspi_HashUpdate(&hashCtx, TPM_SHA1_160_HASH_LEN, wDigest.digest); + if ((result |= Trspi_HashFinal(&hashCtx, etDigest.digest))) + goto done; + + if (validateReturnAuth(context->transSecret.authData.authdata, etDigest.digest, + pTransAuth)) { + result = TSPERR(TSS_E_TSP_TRANS_AUTHFAIL); + goto done; + } + + if (context->flags & TSS_CONTEXT_FLAGS_TRANSPORT_AUTHENTIC) { + context->transLogOut.currentTicks.currentTicks = currentTicks; + + /* TPM Commands spec rev106 step 16.b */ + memcpy(context->transLogOut.parameters.digest, wDigest.digest, sizeof(TPM_DIGEST)); + /* TPM Commands spec rev106 step 16.c done above */ + /* TPM Commands spec rev106 step 16.d */ + context->transLogOut.locality = context->transMod; + + /* TPM Commands spec rev106 step 16.d */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_DIGEST(&hashCtx, context->transLogDigest.digest); + result |= Trspi_Hash_TRANSPORT_LOG_OUT(&hashCtx, &context->transLogOut); + if ((result |= Trspi_HashFinal(&hashCtx, context->transLogDigest.digest))) + goto done; + } + + /* Refresh nonceOdd for continued transport auth session */ + if ((result = get_local_random(tspContext, FALSE, sizeof(TPM_NONCE), + (BYTE **)pTransAuth->NonceOdd.nonce))) { + LogError("Failed creating random nonce"); + } + +done: + if (free_enc) + free(pEnc); + obj_list_put(&context_list); + + return result; +} + +/* called to close a transport session */ +TSS_RESULT +obj_context_transport_close(TSS_HCONTEXT tspContext, + TSS_HKEY hKey, + TSS_HPOLICY hPolicy, + TSS_BOOL usesAuth, + TPM_SIGN_INFO* signInfo, + UINT32* sigLen, + BYTE** sig) +{ + TSS_RESULT result = TSS_SUCCESS; + struct tsp_object *obj; + struct tr_context_obj *context; + Trspi_HashCtx hashCtx; + TPM_DIGEST digest; + TPM_AUTH auth, *pAuth; + TCS_KEY_HANDLE tcsKey; + BYTE *ticks = NULL; + UINT32 tickLen; + + if ((obj = obj_list_get_obj(&context_list, tspContext)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + context = (struct tr_context_obj *)obj->data; + + /* return immediately if we're not in a transport session */ + if (!(context->flags & TSS_CONTEXT_FLAGS_TRANSPORT_ENABLED)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + if ((result = obj_rsakey_get_tcs_handle(hKey, &tcsKey))) + goto done; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_ReleaseTransportSigned); + result |= Trspi_Hash_NONCE(&hashCtx, signInfo->replay.nonce); + if ((result |= Trspi_HashFinal(&hashCtx, (BYTE *)&digest))) + goto done; + + if (usesAuth) { + if ((result = secret_PerformAuth_OIAP(hKey, TPM_ORD_ReleaseTransportSigned, + hPolicy, FALSE, &digest, &auth))) + goto done; + + pAuth = &auth; + } else + pAuth = NULL; + + /* continue the auth session established in obj_context_transport_establish */ + HMAC_Auth(context->transSecret.authData.authdata, digest.digest, &context->transAuth); + + if ((result = RPC_ReleaseTransportSigned(tspContext, tcsKey, &signInfo->replay, pAuth, + &context->transAuth, + &context->transLogOut.locality, &tickLen, &ticks, + sigLen, sig))) + goto done; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_ReleaseTransportSigned); + result |= Trspi_Hash_UINT32(&hashCtx, context->transLogOut.locality); + result |= Trspi_HashUpdate(&hashCtx, tickLen, ticks); + result |= Trspi_Hash_UINT32(&hashCtx, *sigLen); + result |= Trspi_HashUpdate(&hashCtx, *sigLen, *sig); + if ((result |= Trspi_HashFinal(&hashCtx, (BYTE *)&digest))) + goto done_disabled; + + /* validate the return data using the key's auth */ + if (pAuth) { + if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, pAuth))) + goto done_disabled; + } + + /* validate again using the transport session's auth */ + if ((result = validateReturnAuth(context->transSecret.authData.authdata, digest.digest, + &context->transAuth))) { + result = TSPERR(TSS_E_TSP_TRANS_AUTHFAIL); + goto done_disabled; + } + + if (context->flags & TSS_CONTEXT_FLAGS_TRANSPORT_AUTHENTIC) { + UINT64 offset; + + /* TPM Commands Spec step 6.b */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_ReleaseTransportSigned); + result |= Trspi_Hash_NONCE(&hashCtx, signInfo->replay.nonce); + if ((result |= Trspi_HashFinal(&hashCtx, context->transLogOut.parameters.digest))) + goto done_disabled; + + /* TPM Commands Spec step 6.c */ + offset = 0; + Trspi_UnloadBlob_CURRENT_TICKS(&offset, ticks, &context->transLogOut.currentTicks); + free(ticks); + + /* TPM Commands Spec step 6.d was set above */ + /* TPM Commands Spec step 6.e */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_DIGEST(&hashCtx, context->transLogDigest.digest); + result |= Trspi_Hash_TRANSPORT_LOG_OUT(&hashCtx, &context->transLogOut); + if ((result |= Trspi_HashFinal(&hashCtx, context->transLogDigest.digest))) + goto done_disabled; + } + + if ((signInfo->data = malloc(sizeof(TPM_DIGEST))) == NULL) { + LogError("malloc %zd bytes failed.", sizeof(TPM_DIGEST)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done_disabled; + } + memcpy(signInfo->data, context->transLogDigest.digest, sizeof(TPM_DIGEST)); + signInfo->dataLen = sizeof(TPM_DIGEST); + + /* destroy all transport session info, except the key handle */ + memset(&context->transPub, 0, sizeof(TPM_TRANSPORT_PUBLIC)); + memset(&context->transMod, 0, sizeof(TPM_MODIFIER_INDICATOR)); + memset(&context->transSecret, 0, sizeof(TPM_TRANSPORT_AUTH)); + memset(&context->transAuth, 0, sizeof(TPM_AUTH)); + memset(&context->transLogIn, 0, sizeof(TPM_TRANSPORT_LOG_IN)); + memset(&context->transLogOut, 0, sizeof(TPM_TRANSPORT_LOG_OUT)); + memset(&context->transLogDigest, 0, sizeof(TPM_DIGEST)); + +done_disabled: + context->flags &= ~TSS_CONTEXT_FLAGS_TRANSPORT_ESTABLISHED; +done: + obj_list_put(&context_list); + + return result; +} +#endif + +/* XXX change 0,1,2 to #defines */ +TSS_RESULT +obj_context_set_tpm_version(TSS_HCONTEXT tspContext, UINT32 ver) +{ + TSS_RESULT result = TSS_SUCCESS; + struct tsp_object *obj; + struct tr_context_obj *context; + + if ((obj = obj_list_get_obj(&context_list, tspContext)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + context = (struct tr_context_obj *)obj->data; + + switch (ver) { + case 1: + context->flags &= ~TSS_CONTEXT_FLAGS_TPM_VERSION_MASK; + context->flags |= TSS_CONTEXT_FLAGS_TPM_VERSION_1; + break; + case 2: + context->flags &= ~TSS_CONTEXT_FLAGS_TPM_VERSION_MASK; + context->flags |= TSS_CONTEXT_FLAGS_TPM_VERSION_2; + break; + default: + LogError("Invalid TPM version set: %u", ver); + result = TSPERR(TSS_E_INTERNAL_ERROR); + break; + } + + obj_list_put(&context_list); + + return result; +} + +/* XXX change 0,1,2 to #defines */ +TSS_RESULT +obj_context_get_tpm_version(TSS_HCONTEXT tspContext, UINT32 *ver) +{ + struct tsp_object *obj; + struct tr_context_obj *context; + + if ((obj = obj_list_get_obj(&context_list, tspContext)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + context = (struct tr_context_obj *)obj->data; + + if (context->flags & TSS_CONTEXT_FLAGS_TPM_VERSION_1) + *ver = 1; + else if (context->flags & TSS_CONTEXT_FLAGS_TPM_VERSION_2) + *ver = 2; + else + *ver = 0; + + obj_list_put(&context_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_context_get_loadkey_ordinal(TSS_HCONTEXT tspContext, TPM_COMMAND_CODE *ordinal) +{ + struct tsp_object *obj; + struct tr_context_obj *context; + + if ((obj = obj_list_get_obj(&context_list, tspContext)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + context = (struct tr_context_obj *)obj->data; + + switch (context->flags & TSS_CONTEXT_FLAGS_TPM_VERSION_MASK) { + case TSS_CONTEXT_FLAGS_TPM_VERSION_2: + *ordinal = TPM_ORD_LoadKey2; + break; + default: + LogDebugFn("No TPM version set!"); + /* fall through */ + case TSS_CONTEXT_FLAGS_TPM_VERSION_1: + *ordinal = TPM_ORD_LoadKey; + break; + } + + obj_list_put(&context_list); + + return TSS_SUCCESS; +} + diff --git a/src/tspi/obj_daa.c b/src/tspi/obj_daa.c new file mode 100644 index 0000000..a073633 --- /dev/null +++ b/src/tspi/obj_daa.c @@ -0,0 +1,151 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2006, 2007 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + +/* + * adds a new daa object to the daa list with TSP context tspContext + */ +TSS_RESULT +obj_daa_add(TSS_HCONTEXT tspContext, TSS_HOBJECT *phObject) +{ + TSS_RESULT result; + struct tr_daa_obj *daa = calloc(1, sizeof(struct tr_daa_obj)); + + if (daa == NULL) { + LogError("malloc of %d bytes failed.", sizeof(struct tr_daa_obj)); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + if ((result = obj_list_add(&daa_list, tspContext, 0, daa, phObject))) { + free(daa); + return result; + } + + return TSS_SUCCESS; +} + +void +daa_free(void *data) +{ + struct tr_daa_obj *daa = (struct tr_daa_obj *)data; + + /* free all pointers in the tr_daa_obj object here */ + free(daa); +} + +/* + * remove DAA object hObject from the DAA list + */ +TSS_RESULT +obj_daa_remove(TSS_HOBJECT hObject, TSS_HCONTEXT tspContext) +{ + TSS_RESULT result; + + if ((result = obj_list_remove(&daa_list, &daa_free, hObject, tspContext))) + return result; + + return TSS_SUCCESS; +} + +TSS_BOOL +obj_is_daa(TSS_HOBJECT hObject) +{ + TSS_BOOL answer = FALSE; + + if ((obj_list_get_obj(&daa_list, hObject))) { + answer = TRUE; + obj_list_put(&daa_list); + } + + return answer; +} + +TSS_RESULT +obj_daa_get_tsp_context(TSS_HDAA hDaa, TSS_HCONTEXT *tspContext) +{ + struct tsp_object *obj; + + if ((obj = obj_list_get_obj(&daa_list, hDaa)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + *tspContext = obj->tspContext; + + obj_list_put(&daa_list); + + return TSS_SUCCESS; +} + +static TSS_RESULT +obj_daa_get_and_lock_data(TSS_HDAA hDaa, struct tr_daa_obj **daa) +{ + struct tsp_object *obj; + + if ((obj = obj_list_get_obj(&daa_list, hDaa)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + *daa = obj->data; + return TSS_SUCCESS; +} + +TSS_RESULT +obj_daa_get_handle_tpm(TSS_HDAA hDAA, TPM_HANDLE *hTPM) { + struct tr_daa_obj *daa_struct; + TSS_RESULT result; + + if( (result = obj_daa_get_and_lock_data( hDAA, &daa_struct)) != TSS_SUCCESS) return result; + *hTPM = daa_struct->tpm_handle; + obj_list_put(&daa_list); + return TSS_SUCCESS; +} + +TSS_RESULT +obj_daa_set_handle_tpm(TSS_HDAA hDAA, TPM_HANDLE hTPM) { + struct tr_daa_obj *daa_struct; + TSS_RESULT result; + + if( (result = obj_daa_get_and_lock_data( hDAA, &daa_struct)) != TSS_SUCCESS) return result; + daa_struct->tpm_handle = hTPM; + obj_list_put(&daa_list); + return TSS_SUCCESS; +} + +TSS_RESULT +obj_daa_get_session_handle(TSS_HDAA hDAA, UINT32 *session_handle) { + struct tr_daa_obj *daa_struct; + TSS_RESULT result; + + if( (result = obj_daa_get_and_lock_data( hDAA, &daa_struct)) != TSS_SUCCESS) return result; + *session_handle = daa_struct->session_handle; + obj_list_put(&daa_list); + return TSS_SUCCESS; +} + +TSS_RESULT +obj_daa_set_session_handle(TSS_HDAA hDAA, UINT32 session_handle) { + struct tr_daa_obj *daa_struct; + TSS_RESULT result; + + if( (result = obj_daa_get_and_lock_data( hDAA, &daa_struct)) != TSS_SUCCESS) return result; + daa_struct->session_handle = session_handle; + obj_list_put(&daa_list); + return TSS_SUCCESS; +} diff --git a/src/tspi/obj_delfamily.c b/src/tspi/obj_delfamily.c new file mode 100644 index 0000000..340bd59 --- /dev/null +++ b/src/tspi/obj_delfamily.c @@ -0,0 +1,361 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" +#include "tsp_delegate.h" + +void +delfamily_free(void *data) +{ + struct tr_delfamily_obj *delfamily = (struct tr_delfamily_obj *)data; + + free(delfamily); +} + +TSS_BOOL +obj_is_delfamily(TSS_HOBJECT hObject) +{ + TSS_BOOL answer = FALSE; + + if ((obj_list_get_obj(&delfamily_list, hObject))) { + answer = TRUE; + obj_list_put(&delfamily_list); + } + + return answer; +} + +TSS_RESULT +obj_delfamily_add(TSS_HCONTEXT hContext, TSS_HOBJECT *phObject) +{ + TSS_RESULT result; + struct tr_delfamily_obj *delfamily = calloc(1, sizeof(struct tr_delfamily_obj)); + + if (delfamily == NULL) { + LogError("malloc of %zd bytes failed.", + sizeof(struct tr_delfamily_obj)); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + if ((result = obj_list_add(&delfamily_list, hContext, 0, delfamily, phObject))) { + free(delfamily); + return result; + } + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_delfamily_remove(TSS_HDELFAMILY hFamily, TSS_HOBJECT hObject) +{ + TSS_HCONTEXT hContext; + TSS_RESULT result; + + if (obj_is_tpm(hObject)) { + if ((result = obj_tpm_get_tsp_context((TSS_HTPM)hObject, &hContext))) + return result; + } else + hContext = (TSS_HCONTEXT)hObject; + + if ((result = obj_list_remove(&delfamily_list, &delfamily_free, hFamily, hContext))) + return result; + + return TSS_SUCCESS; +} + +void +obj_delfamily_find_by_familyid(TSS_HOBJECT hObject, UINT32 familyID, TSS_HDELFAMILY *hFamily) +{ + TSS_HCONTEXT hContext; + struct tsp_object *obj; + struct obj_list *list = &delfamily_list; + struct tr_delfamily_obj *delfamily; + + pthread_mutex_lock(&list->lock); + + *hFamily = NULL_HDELFAMILY; + + if (obj_is_tpm(hObject)) { + if (obj_tpm_get_tsp_context((TSS_HTPM)hObject, &hContext)) + return; + } else + hContext = (TSS_HCONTEXT)hObject; + + for (obj = list->head; obj; obj = obj->next) { + if (obj->tspContext != hContext) + continue; + + delfamily = (struct tr_delfamily_obj *)obj->data; + if (delfamily->familyID == familyID) { + *hFamily = obj->handle; + break; + } + } + + pthread_mutex_unlock(&list->lock); +} + +TSS_RESULT +obj_delfamily_get_tsp_context(TSS_HDELFAMILY hFamily, TSS_HCONTEXT *hContext) +{ + struct tsp_object *obj; + + if ((obj = obj_list_get_obj(&delfamily_list, hFamily)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + *hContext = obj->tspContext; + + obj_list_put(&delfamily_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_delfamily_set_locked(TSS_HDELFAMILY hFamily, TSS_BOOL state, TSS_BOOL setInTpm) +{ + struct tsp_object *obj; + struct tr_delfamily_obj *delfamily; + TSS_HTPM hTpm; + UINT32 opDataSize; + BYTE opData[8]; + UINT32 outDataSize; + BYTE *outData = NULL; + UINT64 offset; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&delfamily_list, hFamily)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + delfamily = (struct tr_delfamily_obj *)obj->data; + + if (setInTpm) { + if ((result = obj_tpm_get(obj->tspContext, &hTpm))) + goto done; + + offset = 0; + Trspi_LoadBlob_BOOL(&offset, state, opData); + opDataSize = offset; + if ((result = do_delegate_manage(hTpm, delfamily->familyID, TPM_FAMILY_ADMIN, + opDataSize, opData, &outDataSize, &outData))) + goto done; + } + + if (state) + delfamily->stateFlags |= TSS_DELFAMILY_FLAGS_STATE_LOCKED; + else + delfamily->stateFlags &= ~TSS_DELFAMILY_FLAGS_STATE_LOCKED; + +done: + obj_list_put(&delfamily_list); + + free(outData); + + return result; +} + +TSS_RESULT +obj_delfamily_get_locked(TSS_HDELFAMILY hFamily, TSS_BOOL *state) +{ + struct tsp_object *obj; + struct tr_delfamily_obj *delfamily; + + if ((obj = obj_list_get_obj(&delfamily_list, hFamily)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + delfamily = (struct tr_delfamily_obj *)obj->data; + + *state = (delfamily->stateFlags & TSS_DELFAMILY_FLAGS_STATE_LOCKED) ? TRUE : FALSE; + + obj_list_put(&delfamily_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_delfamily_set_enabled(TSS_HDELFAMILY hFamily, TSS_BOOL state, TSS_BOOL setInTpm) +{ + struct tsp_object *obj; + struct tr_delfamily_obj *delfamily; + TSS_HTPM hTpm; + UINT32 opDataSize; + BYTE opData[8]; + UINT32 outDataSize; + BYTE *outData = NULL; + UINT64 offset; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&delfamily_list, hFamily)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + delfamily = (struct tr_delfamily_obj *)obj->data; + + if (setInTpm) { + if ((result = obj_tpm_get(obj->tspContext, &hTpm))) + goto done; + + offset = 0; + Trspi_LoadBlob_BOOL(&offset, state, opData); + opDataSize = offset; + if ((result = do_delegate_manage(hTpm, delfamily->familyID, TPM_FAMILY_ENABLE, + opDataSize, opData, &outDataSize, &outData))) + goto done; + } + + if (state) + delfamily->stateFlags |= TSS_DELFAMILY_FLAGS_STATE_ENABLED; + else + delfamily->stateFlags &= ~TSS_DELFAMILY_FLAGS_STATE_ENABLED; + +done: + obj_list_put(&delfamily_list); + + free(outData); + + return result; +} + +TSS_RESULT +obj_delfamily_get_enabled(TSS_HDELFAMILY hFamily, TSS_BOOL *state) +{ + struct tsp_object *obj; + struct tr_delfamily_obj *delfamily; + + if ((obj = obj_list_get_obj(&delfamily_list, hFamily)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + delfamily = (struct tr_delfamily_obj *)obj->data; + + *state = (delfamily->stateFlags & TSS_DELFAMILY_FLAGS_STATE_ENABLED) ? TRUE : FALSE; + + obj_list_put(&delfamily_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_delfamily_set_vercount(TSS_HDELFAMILY hFamily, UINT32 verCount) +{ + struct tsp_object *obj; + struct tr_delfamily_obj *delfamily; + + if ((obj = obj_list_get_obj(&delfamily_list, hFamily)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + delfamily = (struct tr_delfamily_obj *)obj->data; + + delfamily->verCount = verCount; + + obj_list_put(&delfamily_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_delfamily_get_vercount(TSS_HDELFAMILY hFamily, UINT32 *verCount) +{ + struct tsp_object *obj; + struct tr_delfamily_obj *delfamily; + + if ((obj = obj_list_get_obj(&delfamily_list, hFamily)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + delfamily = (struct tr_delfamily_obj *)obj->data; + + *verCount = delfamily->verCount; + + obj_list_put(&delfamily_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_delfamily_set_familyid(TSS_HDELFAMILY hFamily, UINT32 familyID) +{ + struct tsp_object *obj; + struct tr_delfamily_obj *delfamily; + + if ((obj = obj_list_get_obj(&delfamily_list, hFamily)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + delfamily = (struct tr_delfamily_obj *)obj->data; + + delfamily->familyID = familyID; + + obj_list_put(&delfamily_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_delfamily_get_familyid(TSS_HDELFAMILY hFamily, UINT32 *familyID) +{ + struct tsp_object *obj; + struct tr_delfamily_obj *delfamily; + + if ((obj = obj_list_get_obj(&delfamily_list, hFamily)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + delfamily = (struct tr_delfamily_obj *)obj->data; + + *familyID = delfamily->familyID; + + obj_list_put(&delfamily_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_delfamily_set_label(TSS_HDELFAMILY hFamily, BYTE label) +{ + struct tsp_object *obj; + struct tr_delfamily_obj *delfamily; + + if ((obj = obj_list_get_obj(&delfamily_list, hFamily)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + delfamily = (struct tr_delfamily_obj *)obj->data; + + delfamily->label = label; + + obj_list_put(&delfamily_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_delfamily_get_label(TSS_HDELFAMILY hFamily, BYTE *label) +{ + struct tsp_object *obj; + struct tr_delfamily_obj *delfamily; + + if ((obj = obj_list_get_obj(&delfamily_list, hFamily)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + delfamily = (struct tr_delfamily_obj *)obj->data; + + *label = delfamily->label; + + obj_list_put(&delfamily_list); + + return TSS_SUCCESS; +} + diff --git a/src/tspi/obj_encdata.c b/src/tspi/obj_encdata.c new file mode 100644 index 0000000..0931bcb --- /dev/null +++ b/src/tspi/obj_encdata.c @@ -0,0 +1,485 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2005, 2007 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + +TSS_RESULT +obj_encdata_add(TSS_HCONTEXT tspContext, UINT32 type, TSS_HOBJECT *phObject) +{ + TSS_RESULT result; + struct tr_encdata_obj *encdata = calloc(1, sizeof(struct tr_encdata_obj)); + + if (encdata == NULL) { + LogError("malloc of %zd bytes failed.", + sizeof(struct tr_encdata_obj)); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + /* add usage policy */ + if ((result = obj_context_get_policy(tspContext, TSS_POLICY_USAGE, + &encdata->usagePolicy))) { + free(encdata); + return result; + } + + encdata->type = type; + + if ((result = obj_list_add(&encdata_list, tspContext, 0, encdata, phObject))) { + free(encdata); + return result; + } + + return TSS_SUCCESS; +} + +TSS_BOOL +obj_is_encdata(TSS_HOBJECT hObject) +{ + TSS_BOOL answer = FALSE; + + if ((obj_list_get_obj(&encdata_list, hObject))) { + answer = TRUE; + obj_list_put(&encdata_list); + } + + return answer; +} + +TSS_RESULT +obj_encdata_get_tsp_context(TSS_HENCDATA hEncdata, TSS_HCONTEXT *tspContext) +{ + struct tsp_object *obj; + + if ((obj = obj_list_get_obj(&encdata_list, hEncdata)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + *tspContext = obj->tspContext; + + obj_list_put(&encdata_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_encdata_get_policy(TSS_HENCDATA hEncData, UINT32 policyType, TSS_HPOLICY *phPolicy) +{ + struct tsp_object *obj; + struct tr_encdata_obj *encdata; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&encdata_list, hEncData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + encdata = (struct tr_encdata_obj *)obj->data; + + switch (policyType) { + case TSS_POLICY_USAGE: + *phPolicy = encdata->usagePolicy; + break; + default: + result = TSPERR(TSS_E_BAD_PARAMETER); + } + + obj_list_put(&encdata_list); + + return result; +} + +TSS_RESULT +obj_encdata_set_policy(TSS_HENCDATA hEncData, TSS_HPOLICY hPolicy) +{ + struct tsp_object *obj; + struct tr_encdata_obj *encdata; + UINT32 policyType; + TSS_RESULT result = TSS_SUCCESS; + + if ((result = obj_policy_get_type(hPolicy, &policyType))) + return result; + + if ((obj = obj_list_get_obj(&encdata_list, hEncData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + encdata = (struct tr_encdata_obj *)obj->data; + + switch (policyType) { + case TSS_POLICY_USAGE: + encdata->usagePolicy = hPolicy; + break; + default: + result = TSPERR(TSS_E_BAD_PARAMETER); + } + + obj_list_put(&encdata_list); + + return result; +} + +TSS_RESULT +obj_encdata_get_data(TSS_HENCDATA hEncData, UINT32 *size, BYTE **data) +{ + struct tsp_object *obj; + struct tr_encdata_obj *encdata; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&encdata_list, hEncData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + encdata = (struct tr_encdata_obj *)obj->data; + + if (encdata->encryptedDataLength == 0) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } else { + *data = calloc_tspi(obj->tspContext, encdata->encryptedDataLength); + if (*data == NULL) { + LogError("malloc of %d bytes failed.", + encdata->encryptedDataLength); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + *size = encdata->encryptedDataLength; + memcpy(*data, encdata->encryptedData, *size); + } + +done: + obj_list_put(&encdata_list); + + return result; +} + +TSS_RESULT +obj_encdata_get_pcr_digest(TSS_HENCDATA hEncData, + TSS_FLAG pcrInfoType, + TSS_FLAG dir, + UINT32 *size, + BYTE **data) +{ + struct tsp_object *obj; + struct tr_encdata_obj *encdata; + TSS_RESULT result = TSS_SUCCESS; + TPM_DIGEST *digest; + UINT64 offset; + + if ((obj = obj_list_get_obj(&encdata_list, hEncData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + encdata = (struct tr_encdata_obj *)obj->data; + + if (pcrInfoType != encdata->pcrInfoType) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + switch (pcrInfoType) { + case TSS_PCRS_STRUCT_INFO: + if (dir == TSS_TSPATTRIB_ENCDATAPCR_DIGEST_ATCREATION) + digest = &encdata->pcrInfo.info11.digestAtCreation; + else if (dir == TSS_TSPATTRIB_ENCDATAPCR_DIGEST_ATRELEASE) + digest = &encdata->pcrInfo.info11.digestAtRelease; + else { + result = TSPERR(TSS_E_BAD_PARAMETER); + goto done; + } + break; + case TSS_PCRS_STRUCT_INFO_LONG: + if (dir == TSS_TSPATTRIB_ENCDATAPCRLONG_DIGEST_ATCREATION) + digest = &encdata->pcrInfo.infolong.digestAtCreation; + else if (dir == TSS_TSPATTRIB_ENCDATAPCRLONG_DIGEST_ATRELEASE) + digest = &encdata->pcrInfo.infolong.digestAtRelease; + else { + result = TSPERR(TSS_E_BAD_PARAMETER); + goto done; + } + break; + default: + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + *size = sizeof(TPM_DIGEST); + + if ((*data = calloc_tspi(obj->tspContext, *size)) == NULL) { + LogError("malloc of %u bytes failed.", *size); + *size = 0; + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + offset = 0; + Trspi_LoadBlob_DIGEST(&offset, *data, digest); +done: + obj_list_put(&encdata_list); + + return result; +} + +TSS_RESULT +obj_encdata_get_pcr_locality(TSS_HENCDATA hEncData, TSS_FLAG dir, UINT32 *locality) +{ + struct tsp_object *obj; + struct tr_encdata_obj *encdata; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&encdata_list, hEncData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + encdata = (struct tr_encdata_obj *)obj->data; + + if (encdata->pcrInfoType == TSS_PCRS_STRUCT_INFO_LONG) { + if (dir == TSS_TSPATTRIB_ENCDATAPCRLONG_LOCALITY_ATCREATION) + *locality = encdata->pcrInfo.infolong.localityAtCreation; + else if (dir == TSS_TSPATTRIB_ENCDATAPCRLONG_LOCALITY_ATRELEASE) + *locality = encdata->pcrInfo.infolong.localityAtRelease; + else + result = TSPERR(TSS_E_BAD_PARAMETER); + } else + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + + obj_list_put(&encdata_list); + + return result; +} + +TSS_RESULT +obj_encdata_get_pcr_selection(TSS_HENCDATA hEncData, + TSS_FLAG pcrInfoType, + TSS_FLAG dir, + UINT32 *size, + BYTE **data) +{ + struct tsp_object *obj; + struct tr_encdata_obj *encdata; + TSS_RESULT result = TSS_SUCCESS; + TPM_PCR_SELECTION *selection = NULL; + UINT64 offset; + + if ((obj = obj_list_get_obj(&encdata_list, hEncData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + encdata = (struct tr_encdata_obj *)obj->data; + + if (pcrInfoType != encdata->pcrInfoType) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + switch (pcrInfoType) { + case TSS_PCRS_STRUCT_INFO: + if (dir == TSS_TSPATTRIB_ENCDATAPCR_SELECTION) + selection = &encdata->pcrInfo.info11.pcrSelection; + break; + case TSS_PCRS_STRUCT_INFO_LONG: + if (dir == TSS_TSPATTRIB_ENCDATAPCRLONG_CREATION_SELECTION) + selection = &encdata->pcrInfo.infolong.creationPCRSelection; + else if (dir == TSS_TSPATTRIB_ENCDATAPCRLONG_RELEASE_SELECTION) + selection = &encdata->pcrInfo.infolong.releasePCRSelection; + else { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + break; + default: + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + *size = sizeof(UINT16) + selection->sizeOfSelect; + + if ((*data = calloc_tspi(obj->tspContext, *size)) == NULL) { + LogError("malloc of %u bytes failed.", *size); + *size = 0; + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + offset = 0; + Trspi_LoadBlob_PCR_SELECTION(&offset, *data, selection); +done: + obj_list_put(&encdata_list); + + return result; +} + +TSS_RESULT +obj_encdata_set_pcr_info(TSS_HENCDATA hEncData, UINT32 pcrInfoType, BYTE *info_blob) +{ + struct tsp_object *obj; + struct tr_encdata_obj *encdata; + TSS_RESULT result = TSS_SUCCESS; + UINT64 offset = 0; + + if ((obj = obj_list_get_obj(&encdata_list, hEncData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + encdata = (struct tr_encdata_obj *)obj->data; + + switch (pcrInfoType) { + case TSS_PCRS_STRUCT_INFO_LONG: + result = Trspi_UnloadBlob_PCR_INFO_LONG(&offset, info_blob, + &encdata->pcrInfo.infolong); + break; + case TSS_PCRS_STRUCT_INFO: + result = Trspi_UnloadBlob_PCR_INFO(&offset, info_blob, + &encdata->pcrInfo.info11); + break; + default: + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + encdata->pcrInfoType = pcrInfoType; + + /* XXX are we using this anywhere? */ + obj->flags |= TSS_OBJ_FLAG_PCRS; +done: + obj_list_put(&encdata_list); + + return result; +} + +TSS_RESULT +obj_encdata_set_data(TSS_HENCDATA hEncData, UINT32 size, BYTE *data) +{ + struct tsp_object *obj; + struct tr_encdata_obj *encdata; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&encdata_list, hEncData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + encdata = (struct tr_encdata_obj *)obj->data; + + free(encdata->encryptedData); + encdata->encryptedData = NULL; + encdata->encryptedDataLength = 0; + + if (size > 0) { + if ((encdata->encryptedData = malloc(size)) == NULL) { + LogError("malloc of %u bytes failed.", size); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + encdata->encryptedDataLength = size; + memcpy(encdata->encryptedData, data, size); + } + +done: + obj_list_put(&encdata_list); + + return result; +} + +void +encdata_free(void *data) +{ + struct tr_encdata_obj *encdata = (struct tr_encdata_obj *)data; + + free(encdata->encryptedData); + + switch (encdata->pcrInfoType) { + case TSS_PCRS_STRUCT_INFO: + free(encdata->pcrInfo.info11.pcrSelection.pcrSelect); + break; + case TSS_PCRS_STRUCT_INFO_LONG: + free(encdata->pcrInfo.infolong.creationPCRSelection.pcrSelect); + free(encdata->pcrInfo.infolong.releasePCRSelection.pcrSelect); + break; + default: + /* no PCR data was set */ + break; + } + + free(encdata); +} + +/* remove an individual encdata object from the encdata list with handle + * equal to hObject */ +TSS_RESULT +obj_encdata_remove(TSS_HOBJECT hObject, TSS_HCONTEXT tspContext) +{ + TSS_RESULT result; + + if ((result = obj_list_remove(&encdata_list, &encdata_free, hObject, tspContext))) + return result; + + return TSS_SUCCESS; +} + +void +obj_encdata_remove_policy_refs(TSS_HPOLICY hPolicy, TSS_HCONTEXT tspContext) +{ + struct tsp_object *obj; + struct obj_list *list = &encdata_list; + struct tr_encdata_obj *encdata; + + pthread_mutex_lock(&list->lock); + + for (obj = list->head; obj; obj = obj->next) { + if (obj->tspContext != tspContext) + continue; + + encdata = (struct tr_encdata_obj *)obj->data; + if (encdata->usagePolicy == hPolicy) + encdata->usagePolicy = NULL_HPOLICY; + } + + pthread_mutex_unlock(&list->lock); +} + +#ifdef TSS_BUILD_SEALX +TSS_RESULT +obj_encdata_set_seal_protect_mode(TSS_HENCDATA hEncData, UINT32 protectMode) +{ + struct tsp_object *obj; + struct tr_encdata_obj *encdata; + + if ((obj = obj_list_get_obj(&encdata_list, hEncData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + encdata = (struct tr_encdata_obj *)obj->data; + + encdata->protectMode = protectMode; + + obj_list_put(&encdata_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_encdata_get_seal_protect_mode(TSS_HENCDATA hEncData, UINT32 *protectMode) +{ + struct tsp_object *obj; + struct tr_encdata_obj *encdata; + + if ((obj = obj_list_get_obj(&encdata_list, hEncData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + encdata = (struct tr_encdata_obj *)obj->data; + + *protectMode = encdata->protectMode; + + obj_list_put(&encdata_list); + + return TSS_SUCCESS; +} +#endif + diff --git a/src/tspi/obj_hash.c b/src/tspi/obj_hash.c new file mode 100644 index 0000000..0925a81 --- /dev/null +++ b/src/tspi/obj_hash.c @@ -0,0 +1,227 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2005, 2007 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + +TSS_RESULT +obj_hash_add(TSS_HCONTEXT tspContext, UINT32 type, TSS_HOBJECT *phObject) +{ + TSS_RESULT result; + struct tr_hash_obj *hash = calloc(1, sizeof(struct tr_hash_obj)); + + if (hash == NULL) { + LogError("malloc of %zd bytes failed.", + sizeof(struct tr_hash_obj)); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + if ((type == TSS_HASH_SHA1) || + (type == TSS_HASH_DEFAULT)) { + hash->type = TSS_HASH_SHA1; + hash->hashSize = 20; + } else if (type == TSS_HASH_OTHER) { + hash->type = TSS_HASH_OTHER; + hash->hashSize = 0; + } + + if ((result = obj_list_add(&hash_list, tspContext, 0, hash, phObject))) { + free(hash); + return result; + } + + return TSS_SUCCESS; +} + +TSS_BOOL +obj_is_hash(TSS_HOBJECT hObject) +{ + TSS_BOOL answer = FALSE; + + if ((obj_list_get_obj(&hash_list, hObject))) { + answer = TRUE; + obj_list_put(&hash_list); + } + + return answer; +} + +TSS_RESULT +obj_hash_get_tsp_context(TSS_HHASH hHash, TSS_HCONTEXT *tspContext) +{ + struct tsp_object *obj; + + if ((obj = obj_list_get_obj(&hash_list, hHash)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + *tspContext = obj->tspContext; + + obj_list_put(&hash_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_hash_set_value(TSS_HHASH hHash, UINT32 size, BYTE *value) +{ + struct tsp_object *obj; + struct tr_hash_obj *hash; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&hash_list, hHash)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + hash = (struct tr_hash_obj *)obj->data; + + if (hash->type != TSS_HASH_OTHER && + size != TCPA_SHA1_160_HASH_LEN) { + result = TSPERR(TSS_E_HASH_INVALID_LENGTH); + goto done; + } + + free(hash->hashData); + + if ((hash->hashData = calloc(1, size)) == NULL) { + LogError("malloc of %d bytes failed.", size); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + hash->hashSize = size; + memcpy(hash->hashData, value, size); + +done: + obj_list_put(&hash_list); + + return result; +} + +TSS_RESULT +obj_hash_get_value(TSS_HHASH hHash, UINT32 *size, BYTE **value) +{ + struct tsp_object *obj; + struct tr_hash_obj *hash; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&hash_list, hHash)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + hash = (struct tr_hash_obj *)obj->data; + + if (hash->hashData == NULL) { + result = TSPERR(TSS_E_HASH_NO_DATA); + goto done; + } + + if ((*value = calloc_tspi(obj->tspContext, hash->hashSize)) == NULL) { + LogError("malloc of %d bytes failed.", hash->hashSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + *size = hash->hashSize; + memcpy(*value, hash->hashData, *size); + +done: + obj_list_put(&hash_list); + + return result; +} + +TSS_RESULT +obj_hash_update_value(TSS_HHASH hHash, UINT32 size, BYTE *data) +{ + struct tsp_object *obj; + struct tr_hash_obj *hash; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&hash_list, hHash)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + hash = (struct tr_hash_obj *)obj->data; + + if (hash->type != TSS_HASH_SHA1 && + hash->type != TSS_HASH_DEFAULT) { + result = TSPERR(TSS_E_FAIL); + goto done; + } + + if (hash->hashUpdateBuffer == NULL) { + hash->hashUpdateBuffer = calloc(1, size); + if (hash->hashUpdateBuffer == NULL) { + LogError("malloc of %u bytes failed.", size); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + } else { + hash->hashUpdateBuffer = realloc(hash->hashUpdateBuffer, + size + hash->hashUpdateSize); + + if (hash->hashUpdateBuffer == NULL) { + LogError("malloc of %u bytes failed.", size + hash->hashUpdateSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + } + + memcpy(&hash->hashUpdateBuffer[hash->hashUpdateSize], data, size); + hash->hashUpdateSize += size; + + if (hash->hashData == NULL) { + hash->hashData = calloc(1, TCPA_SHA1_160_HASH_LEN); + if (hash->hashData == NULL) { + LogError("malloc of %d bytes failed.", TCPA_SHA1_160_HASH_LEN); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + } + + result = Trspi_Hash(TSS_HASH_SHA1, hash->hashUpdateSize, hash->hashUpdateBuffer, + hash->hashData); + +done: + obj_list_put(&hash_list); + + return result; +} + +void +__tspi_hash_free(void *data) +{ + struct tr_hash_obj *hash = (struct tr_hash_obj *)data; + + free(hash->hashData); + free(hash->hashUpdateBuffer); + free(hash); +} + +/* + * remove hash object hObject from the list + */ +TSS_RESULT +obj_hash_remove(TSS_HOBJECT hObject, TSS_HCONTEXT tspContext) +{ + TSS_RESULT result; + + if ((result = obj_list_remove(&hash_list, &__tspi_hash_free, hObject, tspContext))) + return result; + + return TSS_SUCCESS; +} + diff --git a/src/tspi/obj_migdata.c b/src/tspi/obj_migdata.c new file mode 100644 index 0000000..aee4cba --- /dev/null +++ b/src/tspi/obj_migdata.c @@ -0,0 +1,1124 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +void +migdata_free(void *data) +{ + struct tr_migdata_obj *migdata = (struct tr_migdata_obj *)data; + + free(migdata); +} + +TSS_BOOL +obj_is_migdata(TSS_HOBJECT hObject) +{ + TSS_BOOL answer = FALSE; + + if ((obj_list_get_obj(&migdata_list, hObject))) { + answer = TRUE; + obj_list_put(&migdata_list); + } + + return answer; +} + +TSS_RESULT +obj_migdata_add(TSS_HCONTEXT hContext, TSS_HOBJECT *phObject) +{ + TSS_RESULT result; + struct tr_migdata_obj *migdata = calloc(1, sizeof(struct tr_migdata_obj)); + + if (migdata == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(struct tr_migdata_obj)); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + if ((result = obj_list_add(&migdata_list, hContext, 0, migdata, phObject))) { + free(migdata); + return result; + } + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_migdata_remove(TSS_HMIGDATA hMigData, TSS_HCONTEXT hContext) +{ + TSS_RESULT result; + + if ((result = obj_list_remove(&migdata_list, &migdata_free, hMigData, hContext))) + return result; + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_migdata_get_tsp_context(TSS_HMIGDATA hMigData, TSS_HCONTEXT *hContext) +{ + struct tsp_object *obj; + + if ((obj = obj_list_get_obj(&migdata_list, hMigData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + *hContext = obj->tspContext; + + obj_list_put(&migdata_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_migdata_set_migrationblob(TSS_HMIGDATA hMigData, UINT32 whichOne, UINT32 blobSize, BYTE *blob) +{ + TSS_RESULT result; + + switch (whichOne) { + case TSS_MIGATTRIB_MIG_MSALIST_PUBKEY_BLOB: + result = obj_migdata_set_msa_pubkey(hMigData, blobSize, blob); + break; + case TSS_MIGATTRIB_MIG_AUTHORITY_PUBKEY_BLOB: + result = obj_migdata_set_ma_pubkey(hMigData, blobSize, blob); + break; + case TSS_MIGATTRIB_MIG_DESTINATION_PUBKEY_BLOB: + result = obj_migdata_set_dest_pubkey(hMigData, blobSize, blob); + break; + case TSS_MIGATTRIB_MIG_SOURCE_PUBKEY_BLOB: + result = obj_migdata_set_src_pubkey(hMigData, blobSize, blob); + break; + default: + result = TSPERR(TSS_E_BAD_PARAMETER); + } + + return result; +} + +TSS_RESULT +obj_migdata_get_migrationblob(TSS_HMIGDATA hMigData, UINT32 whichOne, UINT32 *blobSize, BYTE **blob) +{ + TSS_RESULT result; + + switch (whichOne) { + case TSS_MIGATTRIB_MIG_XOR_BLOB: + result = obj_migdata_get_blob(hMigData, blobSize, blob); + break; + default: + result = TSPERR(TSS_E_BAD_PARAMETER); + } + + return result; +} + +TSS_RESULT +obj_migdata_set_authoritydata(TSS_HMIGDATA hMigData, UINT32 whichOne, UINT32 blobSize, BYTE *blob) +{ + TSS_RESULT result; + + switch (whichOne) { + case TSS_MIGATTRIB_AUTHORITY_DIGEST: + result = obj_migdata_set_msa_digest(hMigData, blobSize, blob); + break; + case TSS_MIGATTRIB_AUTHORITY_APPROVAL_HMAC: + result = obj_migdata_set_msa_hmac(hMigData, blobSize, blob); + break; + case TSS_MIGATTRIB_AUTHORITY_MSALIST: + result = obj_migdata_set_msa_list(hMigData, blobSize, blob); + break; + default: + result = TSPERR(TSS_E_BAD_PARAMETER); + } + + return result; +} + +TSS_RESULT +obj_migdata_get_authoritydata(TSS_HMIGDATA hMigData, UINT32 whichOne, UINT32 *blobSize, BYTE **blob) +{ + TSS_RESULT result; + + switch (whichOne) { + case TSS_MIGATTRIB_AUTHORITY_DIGEST: + result = obj_migdata_get_msa_digest(hMigData, blobSize, blob); + break; + case TSS_MIGATTRIB_AUTHORITY_APPROVAL_HMAC: + result = obj_migdata_get_msa_hmac(hMigData, blobSize, blob); + break; + case TSS_MIGATTRIB_AUTHORITY_MSALIST: + result = obj_migdata_get_msa_list(hMigData, blobSize, blob); + break; + default: + result = TSPERR(TSS_E_BAD_PARAMETER); + } + + return result; +} + +TSS_RESULT +obj_migdata_set_migauthdata(TSS_HMIGDATA hMigData, UINT32 whichOne, UINT32 blobSize, BYTE *blob) +{ + TSS_RESULT result; + + switch (whichOne) { + case TSS_MIGATTRIB_MIG_AUTH_AUTHORITY_DIGEST: + result = obj_migdata_set_ma_digest(hMigData, blobSize, blob); + break; + case TSS_MIGATTRIB_MIG_AUTH_DESTINATION_DIGEST: + result = obj_migdata_set_dest_digest(hMigData, blobSize, blob); + break; + case TSS_MIGATTRIB_MIG_AUTH_SOURCE_DIGEST: + result = obj_migdata_set_src_digest(hMigData, blobSize, blob); + break; + default: + result = TSPERR(TSS_E_BAD_PARAMETER); + } + + return result; +} + +TSS_RESULT +obj_migdata_get_migauthdata(TSS_HMIGDATA hMigData, UINT32 whichOne, UINT32 *blobSize, BYTE **blob) +{ + TSS_RESULT result; + + switch (whichOne) { + case TSS_MIGATTRIB_MIG_AUTH_AUTHORITY_DIGEST: + result = obj_migdata_get_ma_digest(hMigData, blobSize, blob); + break; + case TSS_MIGATTRIB_MIG_AUTH_DESTINATION_DIGEST: + result = obj_migdata_get_dest_digest(hMigData, blobSize, blob); + break; + case TSS_MIGATTRIB_MIG_AUTH_SOURCE_DIGEST: + result = obj_migdata_get_src_digest(hMigData, blobSize, blob); + break; + default: + result = TSPERR(TSS_E_BAD_PARAMETER); + } + + return result; +} + +TSS_RESULT +obj_migdata_set_ticketdata(TSS_HMIGDATA hMigData, UINT32 whichOne, UINT32 blobSize, BYTE *blob) +{ + TSS_RESULT result; + + switch (whichOne) { + case TSS_MIGATTRIB_TICKET_SIG_DIGEST: + result = obj_migdata_set_sig_data(hMigData, blobSize, blob); + break; + case TSS_MIGATTRIB_TICKET_SIG_VALUE: + result = obj_migdata_set_sig_value(hMigData, blobSize, blob); + break; + case TSS_MIGATTRIB_TICKET_SIG_TICKET: + result = obj_migdata_set_sig_ticket(hMigData, blobSize, blob); + break; + case TSS_MIGATTRIB_TICKET_RESTRICT_TICKET: + result = obj_migdata_set_cmk_auth(hMigData, blobSize, blob); + break; + default: + result = TSPERR(TSS_E_BAD_PARAMETER); + } + + return result; +} + +TSS_RESULT +obj_migdata_get_ticketdata(TSS_HMIGDATA hMigData, UINT32 whichOne, UINT32 *blobSize, BYTE **blob) +{ + TSS_RESULT result; + + switch (whichOne) { + case TSS_MIGATTRIB_TICKET_SIG_TICKET: + result = obj_migdata_get_sig_ticket(hMigData, blobSize, blob); + break; + default: + result = TSPERR(TSS_E_BAD_PARAMETER); + } + + return result; +} + +TSS_RESULT +obj_migdata_set_ticket_blob(TSS_HMIGDATA hMigData, UINT32 migTicketSize, BYTE *migTicket) +{ + struct tsp_object *obj; + struct tr_migdata_obj *migdata; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&migdata_list, hMigData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + migdata = (struct tr_migdata_obj *)obj->data; + + migdata->migTicketSize = 0; + free(migdata->migTicket); + if ((migdata->migTicket = malloc(migTicketSize)) == NULL) { + LogError("malloc of %u bytes failed.", migTicketSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + memcpy(migdata->migTicket, migTicket, migTicketSize); + migdata->migTicketSize = migTicketSize; + +done: + obj_list_put(&migdata_list); + + return result; +} + +TSS_RESULT +obj_migdata_get_ticket_blob(TSS_HMIGDATA hMigData, UINT32 *migTicketSize, BYTE **migTicket) +{ + struct tsp_object *obj; + struct tr_migdata_obj *migdata; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&migdata_list, hMigData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + migdata = (struct tr_migdata_obj *)obj->data; + + if ((*migTicket = calloc_tspi(obj->tspContext, migdata->migTicketSize)) == NULL) { + LogError("malloc of %u bytes failed.", migdata->migTicketSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + memcpy(*migTicket, migdata->migTicket, migdata->migTicketSize); + *migTicketSize = migdata->migTicketSize; + +done: + obj_list_put(&migdata_list); + + return result; +} + +TSS_RESULT +obj_migdata_set_msa_list(TSS_HMIGDATA hMigData, UINT32 msaListSize, BYTE *msaList) +{ + struct tsp_object *obj; + struct tr_migdata_obj *migdata; + UINT32 i, count, size; + TPM_DIGEST *digest; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&migdata_list, hMigData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + migdata = (struct tr_migdata_obj *)obj->data; + + count = msaListSize / sizeof(digest->digest); + size = count * sizeof(*digest); + + migdata->msaList.MSAlist = 0; + free(migdata->msaList.migAuthDigest); + if ((migdata->msaList.migAuthDigest = malloc(size)) == NULL) { + LogError("malloc of %u bytes failed.", size); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + digest = migdata->msaList.migAuthDigest; + for (i = 0; i < count; i++) { + memcpy(digest->digest, msaList, sizeof(digest->digest)); + msaList += sizeof(digest->digest); + digest++; + } + migdata->msaList.MSAlist = count; + + result = obj_migdata_calc_msa_digest(migdata); + +done: + obj_list_put(&migdata_list); + + return result; +} + +TSS_RESULT +obj_migdata_get_msa_list(TSS_HMIGDATA hMigData, UINT32 *size, BYTE **msaList) +{ + struct tsp_object *obj; + struct tr_migdata_obj *migdata; + UINT32 i; + TPM_DIGEST *digest; + BYTE *tmpMsaList; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&migdata_list, hMigData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + migdata = (struct tr_migdata_obj *)obj->data; + + *size = migdata->msaList.MSAlist * sizeof(migdata->msaList.migAuthDigest->digest); + if ((*msaList = calloc_tspi(obj->tspContext, *size)) == NULL) { + LogError("malloc of %u bytes failed.", *size); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + tmpMsaList = *msaList; + digest = migdata->msaList.migAuthDigest; + for (i = 0; i < migdata->msaList.MSAlist; i++) { + memcpy(tmpMsaList, digest->digest, sizeof(digest->digest)); + tmpMsaList += sizeof(digest->digest); + digest++; + } + +done: + obj_list_put(&migdata_list); + + return result; +} + +TSS_RESULT +obj_migdata_set_msa_pubkey(TSS_HMIGDATA hMigData, UINT32 blobSize, BYTE *pubKeyBlob) +{ + struct tsp_object *obj; + struct tr_migdata_obj *migdata; + UINT32 size; + TPM_DIGEST msaDigest; + TPM_DIGEST *digest; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&migdata_list, hMigData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + migdata = (struct tr_migdata_obj *)obj->data; + + if ((result = obj_migdata_calc_pubkey_digest(blobSize, pubKeyBlob, &msaDigest))) + goto done; + + size = (migdata->msaList.MSAlist + 1) * sizeof(*digest); + if ((migdata->msaList.migAuthDigest = realloc(migdata->msaList.migAuthDigest, size)) == NULL) { + LogError("malloc of %u bytes failed.", size); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + digest = migdata->msaList.migAuthDigest + migdata->msaList.MSAlist; + *digest = msaDigest; + migdata->msaList.MSAlist++; + + result = obj_migdata_calc_msa_digest(migdata); + +done: + obj_list_put(&migdata_list); + + return result; +} + +TSS_RESULT +obj_migdata_set_msa_digest(TSS_HMIGDATA hMigData, UINT32 digestSize, BYTE *digest) +{ + struct tsp_object *obj; + struct tr_migdata_obj *migdata; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&migdata_list, hMigData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + migdata = (struct tr_migdata_obj *)obj->data; + + if (digestSize != sizeof(migdata->msaDigest.digest)) { + result = TSPERR(TSS_E_BAD_PARAMETER); + goto done; + } + memcpy(migdata->msaDigest.digest, digest, sizeof(migdata->msaDigest.digest)); + +done: + obj_list_put(&migdata_list); + + return result; +} + +TSS_RESULT +obj_migdata_get_msa_digest(TSS_HMIGDATA hMigData, UINT32 *digestSize, BYTE **digest) +{ + struct tsp_object *obj; + struct tr_migdata_obj *migdata; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&migdata_list, hMigData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + migdata = (struct tr_migdata_obj *)obj->data; + + if ((*digest = calloc_tspi(obj->tspContext, sizeof(migdata->msaDigest.digest))) == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(migdata->msaDigest.digest)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + memcpy(*digest, migdata->msaDigest.digest, sizeof(migdata->msaDigest.digest)); + *digestSize = sizeof(migdata->msaDigest.digest); + +done: + obj_list_put(&migdata_list); + + return result; +} + +TSS_RESULT +obj_migdata_get_msa_list_blob(TSS_HMIGDATA hMigData, UINT32 *blobSize, BYTE **msaListBlob) +{ + struct tsp_object *obj; + struct tr_migdata_obj *migdata; + UINT64 offset; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&migdata_list, hMigData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + migdata = (struct tr_migdata_obj *)obj->data; + + offset = 0; + Trspi_LoadBlob_MSA_COMPOSITE(&offset, NULL, &migdata->msaList); + + *blobSize = offset; + if ((*msaListBlob = calloc_tspi(obj->tspContext, *blobSize)) == NULL) { + LogError("malloc of %u bytes failed.", *blobSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + offset = 0; + Trspi_LoadBlob_MSA_COMPOSITE(&offset, *msaListBlob, &migdata->msaList); + +done: + obj_list_put(&migdata_list); + + return result; +} + +TSS_RESULT +obj_migdata_set_msa_hmac(TSS_HMIGDATA hMigData, UINT32 hmacSize, BYTE *hmac) +{ + struct tsp_object *obj; + struct tr_migdata_obj *migdata; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&migdata_list, hMigData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + migdata = (struct tr_migdata_obj *)obj->data; + + if (hmacSize != sizeof(migdata->msaHmac.digest)) { + result = TSPERR(TSS_E_BAD_PARAMETER); + goto done; + } + memcpy(migdata->msaHmac.digest, hmac, sizeof(migdata->msaHmac.digest)); + +done: + obj_list_put(&migdata_list); + + return result; +} + +TSS_RESULT +obj_migdata_get_msa_hmac(TSS_HMIGDATA hMigData, UINT32 *hmacSize, BYTE **hmac) +{ + struct tsp_object *obj; + struct tr_migdata_obj *migdata; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&migdata_list, hMigData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + migdata = (struct tr_migdata_obj *)obj->data; + + if ((*hmac = calloc_tspi(obj->tspContext, sizeof(migdata->msaHmac.digest))) == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(migdata->msaHmac.digest)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + memcpy(*hmac, migdata->msaHmac.digest, sizeof(migdata->msaHmac.digest)); + *hmacSize = sizeof(migdata->msaHmac.digest); + +done: + obj_list_put(&migdata_list); + + return result; +} + +TSS_RESULT +obj_migdata_set_ma_pubkey(TSS_HMIGDATA hMigData, UINT32 blobSize, BYTE *pubKeyBlob) +{ + struct tsp_object *obj; + struct tr_migdata_obj *migdata; + TPM_DIGEST pubKeyDigest; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&migdata_list, hMigData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + migdata = (struct tr_migdata_obj *)obj->data; + + if ((result = obj_migdata_calc_pubkey_digest(blobSize, pubKeyBlob, &pubKeyDigest))) + goto done; + + migdata->maDigest = pubKeyDigest; + + obj_migdata_calc_sig_data_digest(migdata); + +done: + obj_list_put(&migdata_list); + + return result; +} + +TSS_RESULT +obj_migdata_set_ma_digest(TSS_HMIGDATA hMigData, UINT32 digestSize, BYTE *digest) +{ + struct tsp_object *obj; + struct tr_migdata_obj *migdata; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&migdata_list, hMigData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + migdata = (struct tr_migdata_obj *)obj->data; + + if (digestSize != sizeof(migdata->maDigest.digest)) { + result = TSPERR(TSS_E_BAD_PARAMETER); + goto done; + } + memcpy(migdata->maDigest.digest, digest, sizeof(migdata->maDigest.digest)); + + obj_migdata_calc_sig_data_digest(migdata); + +done: + obj_list_put(&migdata_list); + + return result; +} + +TSS_RESULT +obj_migdata_get_ma_digest(TSS_HMIGDATA hMigData, UINT32 *digestSize, BYTE **digest) +{ + struct tsp_object *obj; + struct tr_migdata_obj *migdata; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&migdata_list, hMigData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + migdata = (struct tr_migdata_obj *)obj->data; + + if ((*digest = calloc_tspi(obj->tspContext, sizeof(migdata->maDigest.digest))) == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(migdata->maDigest.digest)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + memcpy(*digest, migdata->maDigest.digest, sizeof(migdata->maDigest.digest)); + *digestSize = sizeof(migdata->maDigest.digest); + +done: + obj_list_put(&migdata_list); + + return result; +} + +TSS_RESULT +obj_migdata_set_dest_pubkey(TSS_HMIGDATA hMigData, UINT32 blobSize, BYTE *pubKeyBlob) +{ + struct tsp_object *obj; + struct tr_migdata_obj *migdata; + TPM_DIGEST pubKeyDigest; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&migdata_list, hMigData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + migdata = (struct tr_migdata_obj *)obj->data; + + if ((result = obj_migdata_calc_pubkey_digest(blobSize, pubKeyBlob, &pubKeyDigest))) + goto done; + + migdata->destDigest = pubKeyDigest; + + obj_migdata_calc_sig_data_digest(migdata); + +done: + obj_list_put(&migdata_list); + + return result; +} + +TSS_RESULT +obj_migdata_set_dest_digest(TSS_HMIGDATA hMigData, UINT32 digestSize, BYTE *digest) +{ + struct tsp_object *obj; + struct tr_migdata_obj *migdata; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&migdata_list, hMigData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + migdata = (struct tr_migdata_obj *)obj->data; + + if (digestSize != sizeof(migdata->destDigest.digest)) { + result = TSPERR(TSS_E_BAD_PARAMETER); + goto done; + } + memcpy(migdata->destDigest.digest, digest, sizeof(migdata->destDigest.digest)); + + obj_migdata_calc_sig_data_digest(migdata); + +done: + obj_list_put(&migdata_list); + + return result; +} + +TSS_RESULT +obj_migdata_get_dest_digest(TSS_HMIGDATA hMigData, UINT32 *digestSize, BYTE **digest) +{ + struct tsp_object *obj; + struct tr_migdata_obj *migdata; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&migdata_list, hMigData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + migdata = (struct tr_migdata_obj *)obj->data; + + if ((*digest = calloc_tspi(obj->tspContext, sizeof(migdata->destDigest.digest))) == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(migdata->destDigest.digest)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + memcpy(*digest, migdata->destDigest.digest, sizeof(migdata->destDigest.digest)); + *digestSize = sizeof(migdata->destDigest.digest); + +done: + obj_list_put(&migdata_list); + + return result; +} + +TSS_RESULT +obj_migdata_set_src_pubkey(TSS_HMIGDATA hMigData, UINT32 blobSize, BYTE *pubKeyBlob) +{ + struct tsp_object *obj; + struct tr_migdata_obj *migdata; + TPM_DIGEST pubKeyDigest; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&migdata_list, hMigData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + migdata = (struct tr_migdata_obj *)obj->data; + + if ((result = obj_migdata_calc_pubkey_digest(blobSize, pubKeyBlob, &pubKeyDigest))) + goto done; + + migdata->srcDigest = pubKeyDigest; + + obj_migdata_calc_sig_data_digest(migdata); + +done: + obj_list_put(&migdata_list); + + return result; +} + +TSS_RESULT +obj_migdata_set_src_digest(TSS_HMIGDATA hMigData, UINT32 digestSize, BYTE *digest) +{ + struct tsp_object *obj; + struct tr_migdata_obj *migdata; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&migdata_list, hMigData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + migdata = (struct tr_migdata_obj *)obj->data; + + if (digestSize != sizeof(migdata->srcDigest.digest)) { + result = TSPERR(TSS_E_BAD_PARAMETER); + goto done; + } + memcpy(migdata->srcDigest.digest, digest, sizeof(migdata->srcDigest.digest)); + + obj_migdata_calc_sig_data_digest(migdata); + +done: + obj_list_put(&migdata_list); + + return result; +} + +TSS_RESULT +obj_migdata_get_src_digest(TSS_HMIGDATA hMigData, UINT32 *digestSize, BYTE **digest) +{ + struct tsp_object *obj; + struct tr_migdata_obj *migdata; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&migdata_list, hMigData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + migdata = (struct tr_migdata_obj *)obj->data; + + if ((*digest = calloc_tspi(obj->tspContext, sizeof(migdata->srcDigest.digest))) == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(migdata->srcDigest.digest)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + memcpy(*digest, migdata->srcDigest.digest, sizeof(migdata->srcDigest.digest)); + *digestSize = sizeof(migdata->srcDigest.digest); + +done: + obj_list_put(&migdata_list); + + return result; +} + +TSS_RESULT +obj_migdata_set_cmk_auth(TSS_HMIGDATA hMigData, UINT32 digestsSize, BYTE *digests) +{ + struct tsp_object *obj; + struct tr_migdata_obj *migdata; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&migdata_list, hMigData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + migdata = (struct tr_migdata_obj *)obj->data; + + if (digestsSize != (sizeof(migdata->maDigest.digest) + + sizeof(migdata->destDigest.digest) + + sizeof(migdata->srcDigest.digest))) { + result = TSPERR(TSS_E_BAD_PARAMETER); + goto done; + } + memcpy(migdata->maDigest.digest, digests, sizeof(migdata->maDigest.digest)); + digests += sizeof(migdata->maDigest.digest); + memcpy(migdata->destDigest.digest, digests, sizeof(migdata->destDigest.digest)); + digests += sizeof(migdata->destDigest.digest); + memcpy(migdata->srcDigest.digest, digests, sizeof(migdata->srcDigest.digest)); + + obj_migdata_calc_sig_data_digest(migdata); + +done: + obj_list_put(&migdata_list); + + return result; +} + +TSS_RESULT +obj_migdata_get_cmk_auth(TSS_HMIGDATA hMigData, TPM_CMK_AUTH *cmkAuth) +{ + struct tsp_object *obj; + struct tr_migdata_obj *migdata; + + if ((obj = obj_list_get_obj(&migdata_list, hMigData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + migdata = (struct tr_migdata_obj *)obj->data; + + cmkAuth->migrationAuthorityDigest = migdata->maDigest; + cmkAuth->destinationKeyDigest = migdata->destDigest; + cmkAuth->sourceKeyDigest = migdata->srcDigest; + + obj_list_put(&migdata_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_migdata_get_cmk_auth_blob(TSS_HMIGDATA hMigData, UINT32 *blobSize, BYTE **cmkAuthBlob) +{ + struct tsp_object *obj; + TPM_CMK_AUTH cmkAuth; + UINT64 offset; + TSS_RESULT result; + + if ((result = obj_migdata_get_cmk_auth(hMigData, &cmkAuth))) + return result; + + if ((obj = obj_list_get_obj(&migdata_list, hMigData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + offset = 0; + Trspi_LoadBlob_CMK_AUTH(&offset, NULL, &cmkAuth); + + *blobSize = offset; + if ((*cmkAuthBlob = calloc_tspi(obj->tspContext, *blobSize)) == NULL) { + LogError("malloc of %u bytes failed.", *blobSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + offset = 0; + Trspi_LoadBlob_CMK_AUTH(&offset, *cmkAuthBlob, &cmkAuth); + +done: + obj_list_put(&migdata_list); + + return result; +} + +TSS_RESULT +obj_migdata_set_sig_data(TSS_HMIGDATA hMigData, UINT32 sigDataSize, BYTE *sigData) +{ + struct tsp_object *obj; + struct tr_migdata_obj *migdata; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&migdata_list, hMigData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + migdata = (struct tr_migdata_obj *)obj->data; + + if (sigDataSize != sizeof(migdata->sigData.digest)) { + result = TSPERR(TSS_E_BAD_PARAMETER); + goto done; + } + memcpy(migdata->sigData.digest, sigData, sizeof(migdata->sigData.digest)); + +done: + obj_list_put(&migdata_list); + + return result; +} + +TSS_RESULT +obj_migdata_get_sig_data(TSS_HMIGDATA hMigData, UINT32 *sigDataSize, BYTE **sigData) +{ + struct tsp_object *obj; + struct tr_migdata_obj *migdata; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&migdata_list, hMigData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + migdata = (struct tr_migdata_obj *)obj->data; + + if ((*sigData = calloc_tspi(obj->tspContext, sizeof(migdata->sigData.digest))) == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(migdata->sigData.digest)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + memcpy(*sigData, migdata->sigData.digest, sizeof(migdata->sigData.digest)); + *sigDataSize = sizeof(migdata->sigData.digest); + +done: + obj_list_put(&migdata_list); + + return result; +} + +TSS_RESULT +obj_migdata_set_sig_value(TSS_HMIGDATA hMigData, UINT32 sigValueSize, BYTE *sigValue) +{ + struct tsp_object *obj; + struct tr_migdata_obj *migdata; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&migdata_list, hMigData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + migdata = (struct tr_migdata_obj *)obj->data; + + migdata->sigValueSize = 0; + free(migdata->sigValue); + if ((migdata->sigValue = malloc(sigValueSize)) == NULL) { + LogError("malloc of %u bytes failed.", sigValueSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + memcpy(migdata->sigValue, sigValue, sigValueSize); + migdata->sigValueSize = sigValueSize; + +done: + obj_list_put(&migdata_list); + + return result; +} + +TSS_RESULT +obj_migdata_get_sig_value(TSS_HMIGDATA hMigData, UINT32 *sigValueSize, BYTE **sigValue) +{ + struct tsp_object *obj; + struct tr_migdata_obj *migdata; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&migdata_list, hMigData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + migdata = (struct tr_migdata_obj *)obj->data; + + if ((*sigValue = calloc_tspi(obj->tspContext, migdata->sigValueSize)) == NULL) { + LogError("malloc of %u bytes failed.", migdata->sigValueSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + memcpy(*sigValue, migdata->sigValue, migdata->sigValueSize); + *sigValueSize = migdata->sigValueSize; + +done: + obj_list_put(&migdata_list); + + return result; +} + +TSS_RESULT +obj_migdata_set_sig_ticket(TSS_HMIGDATA hMigData, UINT32 sigTicketSize, BYTE *sigTicket) +{ + struct tsp_object *obj; + struct tr_migdata_obj *migdata; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&migdata_list, hMigData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + migdata = (struct tr_migdata_obj *)obj->data; + + if (sigTicketSize != sizeof(migdata->sigTicket.digest)) { + result = TSPERR(TSS_E_BAD_PARAMETER); + goto done; + } + memcpy(migdata->sigTicket.digest, sigTicket, sizeof(migdata->sigTicket.digest)); + +done: + obj_list_put(&migdata_list); + + return result; +} + +TSS_RESULT +obj_migdata_get_sig_ticket(TSS_HMIGDATA hMigData, UINT32 *sigTicketSize, BYTE **sigTicket) +{ + struct tsp_object *obj; + struct tr_migdata_obj *migdata; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&migdata_list, hMigData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + migdata = (struct tr_migdata_obj *)obj->data; + + if ((*sigTicket = calloc_tspi(obj->tspContext, sizeof(migdata->sigTicket.digest))) == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(migdata->sigTicket.digest)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + memcpy(*sigTicket, migdata->sigTicket.digest, sizeof(migdata->sigTicket.digest)); + *sigTicketSize = sizeof(migdata->sigTicket.digest); + +done: + obj_list_put(&migdata_list); + + return result; +} + +TSS_RESULT +obj_migdata_set_blob(TSS_HMIGDATA hMigData, UINT32 blobSize, BYTE *blob) +{ + struct tsp_object *obj; + struct tr_migdata_obj *migdata; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&migdata_list, hMigData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + migdata = (struct tr_migdata_obj *)obj->data; + + migdata->blobSize = 0; + free(migdata->blob); + if ((migdata->blob = malloc(blobSize)) == NULL) { + LogError("malloc of %u bytes failed.", blobSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + memcpy(migdata->blob, blob, blobSize); + migdata->blobSize = blobSize; + +done: + obj_list_put(&migdata_list); + + return result; +} + +TSS_RESULT +obj_migdata_get_blob(TSS_HMIGDATA hMigData, UINT32 *blobSize, BYTE **blob) +{ + struct tsp_object *obj; + struct tr_migdata_obj *migdata; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&migdata_list, hMigData)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + migdata = (struct tr_migdata_obj *)obj->data; + + if ((*blob = calloc_tspi(obj->tspContext, migdata->blobSize)) == NULL) { + LogError("malloc of %u bytes failed.", migdata->blobSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + memcpy(*blob, migdata->blob, migdata->blobSize); + *blobSize = migdata->blobSize; + +done: + obj_list_put(&migdata_list); + + return result; +} + + +TSS_RESULT +obj_migdata_calc_pubkey_digest(UINT32 blobSize, BYTE *blob, TPM_DIGEST *digest) +{ + Trspi_HashCtx hashCtx; + TSS_RESULT result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_HashUpdate(&hashCtx, blobSize, blob); + result |= Trspi_HashFinal(&hashCtx, digest->digest); + + return result; +} + +TSS_RESULT +obj_migdata_calc_msa_digest(struct tr_migdata_obj *migdata) +{ + Trspi_HashCtx hashCtx; + TSS_RESULT result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_MSA_COMPOSITE(&hashCtx, &migdata->msaList); + result |= Trspi_HashFinal(&hashCtx, migdata->msaDigest.digest); + + return result; +} + +TSS_RESULT +obj_migdata_calc_sig_data_digest(struct tr_migdata_obj *migdata) +{ + Trspi_HashCtx hashCtx; + TSS_RESULT result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_DIGEST(&hashCtx, migdata->maDigest.digest); + result |= Trspi_Hash_DIGEST(&hashCtx, migdata->destDigest.digest); + result |= Trspi_Hash_DIGEST(&hashCtx, migdata->srcDigest.digest); + result |= Trspi_HashFinal(&hashCtx, migdata->sigData.digest); + + return result; +} diff --git a/src/tspi/obj_nv.c b/src/tspi/obj_nv.c new file mode 100644 index 0000000..31a3153 --- /dev/null +++ b/src/tspi/obj_nv.c @@ -0,0 +1,746 @@ +/* + * The Initial Developer of the Original Code is Intel Corporation. + * Portions created by Intel Corporation are Copyright (C) 2007 Intel Corporation. + * All Rights Reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the Common Public License as published by + * IBM Corporation; either version 1 of the License, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * Common Public License for more details. + * + * You should have received a copy of the Common Public License + * along with this program; if not, a copy can be viewed at + * http://www.opensource.org/licenses/cpl1.0.php. + * + * trousers - An open source TCG Software Stack + * + * Author: james.xu@intel.com Rossey.liu@intel.com + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + +TSS_RESULT +obj_nvstore_add(TSS_HCONTEXT tspContext, TSS_HOBJECT *phObject) +{ + TSS_RESULT result; + struct tr_nvstore_obj *nvstore = calloc(1, sizeof(struct tr_nvstore_obj)); + + if (nvstore == NULL) { + LogError("malloc of %zd bytes failed.", + sizeof(struct tr_nvstore_obj)); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + if ((result = obj_list_add(&nvstore_list, tspContext, 0, nvstore, phObject))) { + free(nvstore); + return result; + } + + return TSS_SUCCESS; +} + +TSS_BOOL +obj_is_nvstore(TSS_HOBJECT hObject) +{ + TSS_BOOL answer = FALSE; + + if ((obj_list_get_obj(&nvstore_list, hObject))) { + answer = TRUE; + obj_list_put(&nvstore_list); + } + + return answer; +} + +void +nvstore_free(void *data) +{ + struct tr_nvstore_obj *nvstore = (struct tr_nvstore_obj *)data; + + free(nvstore); +} + +TSS_RESULT +obj_nvstore_remove(TSS_HOBJECT hObject, TSS_HCONTEXT tspContext) +{ + TSS_RESULT result; + + if ((result = obj_list_remove(&nvstore_list, &nvstore_free, hObject, tspContext))) + return result; + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_nvstore_get_tsp_context(TSS_HNVSTORE hNvstore, TSS_HCONTEXT * tspContext) +{ + struct tsp_object *obj; + + if ((obj = obj_list_get_obj(&nvstore_list, hNvstore)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + *tspContext = obj->tspContext; + + obj_list_put(&nvstore_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_nvstore_set_index(TSS_HNVSTORE hNvstore, UINT32 index) +{ + struct tsp_object *obj; + struct tr_nvstore_obj *nvstore; + TSS_RESULT result=TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&nvstore_list, hNvstore)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + nvstore = (struct tr_nvstore_obj *)obj->data; + + nvstore->nvIndex = index; + + obj_list_put(&nvstore_list); + + return result; +} + +TSS_RESULT +obj_nvstore_get_index(TSS_HNVSTORE hNvstore, UINT32 * index) +{ + struct tsp_object *obj; + struct tr_nvstore_obj *nvstore; + TSS_RESULT result=TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&nvstore_list, hNvstore)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + nvstore = (struct tr_nvstore_obj *)obj->data; + + *index = nvstore->nvIndex; + + obj_list_put(&nvstore_list); + + return result; +} + +TSS_RESULT +obj_nvstore_set_datasize(TSS_HNVSTORE hNvstore, UINT32 datasize) +{ + struct tsp_object *obj; + struct tr_nvstore_obj *nvstore; + TSS_RESULT result=TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&nvstore_list, hNvstore)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + nvstore = (struct tr_nvstore_obj *)obj->data; + + nvstore->dataSize= datasize; + + obj_list_put(&nvstore_list); + + return result; +} + +TSS_RESULT +obj_nvstore_get_datasize(TSS_HNVSTORE hNvstore, UINT32 * datasize) +{ + struct tsp_object *obj; + struct tr_nvstore_obj *nvstore; + TSS_RESULT result=TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&nvstore_list, hNvstore)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + nvstore = (struct tr_nvstore_obj *)obj->data; + + *datasize = nvstore->dataSize; + + obj_list_put(&nvstore_list); + + return result; +} + +TSS_RESULT +obj_nvstore_set_permission(TSS_HNVSTORE hNvstore, UINT32 permission) +{ + struct tsp_object *obj; + struct tr_nvstore_obj *nvstore; + TSS_RESULT result=TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&nvstore_list, hNvstore)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + nvstore = (struct tr_nvstore_obj *)obj->data; + + nvstore->permission.attributes= permission; + + obj_list_put(&nvstore_list); + + return result; +} + +TSS_RESULT +obj_nvstore_get_permission_from_tpm(TSS_HNVSTORE hNvstore, UINT32 * permission) +{ + BYTE nv_data_public[MAX_PUBLIC_DATA_SIZE] = {0}; + UINT32 data_public_size = MAX_PUBLIC_DATA_SIZE; + UINT32 offset; + UINT16 pcrread_sizeOfSelect; + UINT16 pcrwrite_sizeOfSelect; + TPM_NV_ATTRIBUTES nv_attributes_value; + TSS_HCONTEXT tspContext; + TSS_RESULT result; + + if((result = obj_nvstore_get_datapublic(hNvstore, &data_public_size, nv_data_public))) + return result; + + if ((result = obj_nvstore_get_tsp_context(hNvstore, &tspContext))) + return result; + + offset = 0; + offset = sizeof(TPM_STRUCTURE_TAG)+ sizeof(TPM_NV_INDEX); + pcrread_sizeOfSelect = Decode_UINT16(nv_data_public + offset); + + offset = offset + sizeof(UINT16) + pcrread_sizeOfSelect + + sizeof(TPM_LOCALITY_SELECTION) + + sizeof(TPM_COMPOSITE_HASH); + pcrwrite_sizeOfSelect = Decode_UINT16(nv_data_public + offset); + + offset = offset + sizeof(UINT16) + pcrwrite_sizeOfSelect + + sizeof(TPM_LOCALITY_SELECTION) + + sizeof(TPM_COMPOSITE_HASH); + + nv_attributes_value.attributes = Decode_UINT32(nv_data_public + + offset + sizeof(TPM_STRUCTURE_TAG)); + *permission = nv_attributes_value.attributes; + + return result; +} + +TSS_RESULT +obj_nvstore_get_permission(TSS_HNVSTORE hNvstore, UINT32 * permission) +{ + struct tsp_object *obj; + struct tr_nvstore_obj *nvstore; + TSS_RESULT result=TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&nvstore_list, hNvstore)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + nvstore = (struct tr_nvstore_obj *)obj->data; + + *permission = nvstore->permission.attributes; + + obj_list_put(&nvstore_list); + + return result; +} + +TSS_RESULT +obj_nvstore_set_policy(TSS_HNVSTORE hNvstore, TSS_HPOLICY hPolicy) +{ + struct tsp_object *obj; + struct tr_nvstore_obj *nvstore; + UINT32 policyType; + TSS_RESULT result = TSS_SUCCESS; + + if ((result = obj_policy_get_type(hPolicy, &policyType))) + return result; + + if ((obj = obj_list_get_obj(&nvstore_list, hNvstore)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + nvstore = (struct tr_nvstore_obj *)obj->data; + + switch (policyType) { + case TSS_POLICY_USAGE: + nvstore->policy = hPolicy; + break; + default: + result = TSPERR(TSS_E_BAD_PARAMETER); + } + + obj_list_put(&nvstore_list); + + return result; +} + +TSS_RESULT +obj_nvstore_get_policy(TSS_HNVSTORE hNvstore, UINT32 policyType, TSS_HPOLICY *phPolicy) +{ + struct tsp_object *obj; + struct tr_nvstore_obj *nvstore; + TSS_RESULT result=TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&nvstore_list, hNvstore)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + nvstore = (struct tr_nvstore_obj *)obj->data; + + switch (policyType) { + case TSS_POLICY_USAGE: + *phPolicy = nvstore->policy; + break; + default: + result = TSPERR(TSS_E_BAD_PARAMETER); + } + + obj_list_put(&nvstore_list); + + return result; +} + +TSS_RESULT +obj_nvstore_get_datapublic(TSS_HNVSTORE hNvstore, UINT32 *size, BYTE *nv_data_public) +{ + struct tsp_object *obj; + TSS_HCONTEXT hContext; + TSS_HTPM hTpm; + TSS_RESULT result; + struct tr_nvstore_obj *nvstore; + UINT32 uiResultLen; + BYTE *pResult; + UINT32 i; + TPM_BOOL defined_index = FALSE; + + if ((obj = obj_list_get_obj(&nvstore_list, hNvstore)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + hContext = obj->tspContext; + nvstore = (struct tr_nvstore_obj *)obj->data; + + if ((result = obj_tpm_get(hContext, &hTpm))) + goto out; + + if ((result = Tspi_TPM_GetCapability(hTpm, TSS_TPMCAP_NV_LIST, 0, + NULL, &uiResultLen, &pResult))) { + goto out; + } + + for (i = 0; i < uiResultLen/sizeof(UINT32); i++) { + if (nvstore->nvIndex == Decode_UINT32(pResult + i * sizeof(UINT32))) { + defined_index = TRUE; + break; + } + } + + free_tspi(hContext, pResult); + + if (!defined_index) { + result = TSPERR(TPM_E_BADINDEX); + goto out; + } + + if ((result = Tspi_TPM_GetCapability(hTpm, TSS_TPMCAP_NV_INDEX, + sizeof(UINT32), (BYTE *)(&(nvstore->nvIndex)), + &uiResultLen, &pResult))) { + LogDebug("get the index capability error"); + goto out; + } + + if (uiResultLen > *size) { + free_tspi(hContext, pResult); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto out; + } + *size = uiResultLen; + memcpy(nv_data_public, pResult, uiResultLen); + free_tspi(hContext, pResult); + +out: + obj_list_put(&nvstore_list); + return result; +} + +TSS_RESULT +obj_nvstore_get_readdigestatrelease(TSS_HNVSTORE hNvstore, UINT32 *size, BYTE **data) +{ + BYTE nv_data_public[MAX_PUBLIC_DATA_SIZE]; + UINT32 data_public_size = MAX_PUBLIC_DATA_SIZE; + UINT32 offset; + UINT16 pcrread_sizeOfSelect; + TSS_HCONTEXT tspContext; + TSS_RESULT result; + + if((result = obj_nvstore_get_datapublic(hNvstore, &data_public_size, nv_data_public))) + return result; + + if ((result = obj_nvstore_get_tsp_context(hNvstore, &tspContext))) + return result; + + *size = sizeof(TPM_COMPOSITE_HASH); + *data = calloc_tspi(tspContext, *size); + if (*data == NULL) { + LogError("malloc of %u bytes failed.", *size); + result = TSPERR(TSS_E_OUTOFMEMORY); + return result; + } + + offset = sizeof(TPM_STRUCTURE_TAG)+ sizeof(TPM_NV_INDEX); + pcrread_sizeOfSelect = Decode_UINT16(nv_data_public + offset); + offset = offset + sizeof(UINT16) + pcrread_sizeOfSelect + sizeof(TPM_LOCALITY_SELECTION); + memcpy(*data, nv_data_public + offset, sizeof(TPM_COMPOSITE_HASH)); + + return result; +} + +TSS_RESULT +obj_nvstore_get_readpcrselection(TSS_HNVSTORE hNvstore, UINT32 *size, BYTE **data) +{ + BYTE nv_data_public[MAX_PUBLIC_DATA_SIZE]; + UINT32 data_public_size = MAX_PUBLIC_DATA_SIZE; + UINT32 offset; + UINT16 pcrread_sizeOfSelect; + TSS_HCONTEXT tspContext; + TSS_RESULT result; + + if((result = obj_nvstore_get_datapublic(hNvstore, &data_public_size, nv_data_public))) + return result; + + if ((result = obj_nvstore_get_tsp_context(hNvstore, &tspContext))) + return result; + + offset = sizeof(TPM_STRUCTURE_TAG)+ sizeof(TPM_NV_INDEX); + pcrread_sizeOfSelect = Decode_UINT16(nv_data_public + offset); + + *size = sizeof(UINT16) + pcrread_sizeOfSelect; + *data = calloc_tspi(tspContext, *size); + if (*data == NULL) { + LogError("malloc of %u bytes failed.", *size); + result = TSPERR(TSS_E_OUTOFMEMORY); + return result; + } + + memcpy(*data, nv_data_public + offset, *size); + + return result; +} + +TSS_RESULT +obj_nvstore_get_writedigestatrelease(TSS_HNVSTORE hNvstore, UINT32 *size, BYTE **data) +{ + BYTE nv_data_public[MAX_PUBLIC_DATA_SIZE]; + UINT32 data_public_size = MAX_PUBLIC_DATA_SIZE; + UINT32 offset; + UINT16 pcrread_sizeOfSelect; + TSS_HCONTEXT tspContext; + TSS_RESULT result; + + if ((result = obj_nvstore_get_datapublic(hNvstore, &data_public_size, nv_data_public))) + return result; + + if ((result = obj_nvstore_get_tsp_context(hNvstore, &tspContext))) + return result; + + *size = sizeof(TPM_COMPOSITE_HASH); + *data = calloc_tspi(tspContext, *size); + if (*data == NULL) { + LogError("malloc of %u bytes failed.", *size); + result = TSPERR(TSS_E_OUTOFMEMORY); + return result; + } + + offset = sizeof(TPM_STRUCTURE_TAG)+ sizeof(TPM_NV_INDEX); + pcrread_sizeOfSelect = Decode_UINT16(nv_data_public + offset); + offset = offset + sizeof(UINT16) + pcrread_sizeOfSelect + + sizeof(TPM_LOCALITY_SELECTION) + + sizeof(TPM_COMPOSITE_HASH); + + Decode_UINT16(nv_data_public + offset); + offset = offset + sizeof(UINT16) + pcrread_sizeOfSelect + sizeof(TPM_LOCALITY_SELECTION); + memcpy(*data, nv_data_public + offset, sizeof(TPM_COMPOSITE_HASH)); + + return result; +} + +TSS_RESULT +obj_nvstore_get_writepcrselection(TSS_HNVSTORE hNvstore, UINT32 *size, BYTE **data) +{ + BYTE nv_data_public[MAX_PUBLIC_DATA_SIZE]; + UINT32 data_public_size = MAX_PUBLIC_DATA_SIZE; + UINT32 offset; + UINT16 pcrread_sizeOfSelect; + UINT16 pcrwrite_sizeOfSelect; + TSS_HCONTEXT tspContext; + TSS_RESULT result; + + if((result = obj_nvstore_get_datapublic(hNvstore, &data_public_size, nv_data_public))) + return result; + + if ((result = obj_nvstore_get_tsp_context(hNvstore, &tspContext))) + return result; + + offset = sizeof(TPM_STRUCTURE_TAG)+ sizeof(TPM_NV_INDEX); + pcrread_sizeOfSelect = Decode_UINT16(nv_data_public + offset); + offset = offset + sizeof(UINT16) + pcrread_sizeOfSelect + + sizeof(TPM_LOCALITY_SELECTION) + + sizeof(TPM_COMPOSITE_HASH); + pcrwrite_sizeOfSelect = Decode_UINT16(nv_data_public + offset); + + *size = sizeof(UINT16) + pcrwrite_sizeOfSelect; + *data = calloc_tspi(tspContext, *size); + if (*data == NULL) { + LogError("malloc of %u bytes failed.", *size); + result = TSPERR(TSS_E_OUTOFMEMORY); + return result; + } + + memcpy(*data, nv_data_public + offset, *size); + return result; +} + +TSS_RESULT +obj_nvstore_get_state_readstclear(TSS_HNVSTORE hNvstore, UINT32 * readstclear) +{ + BYTE nv_data_public[MAX_PUBLIC_DATA_SIZE]; + UINT32 data_public_size = MAX_PUBLIC_DATA_SIZE; + UINT32 offset; + UINT16 pcrread_sizeOfSelect; + UINT16 pcrwrite_sizeOfSelect; + TPM_BOOL value; + TSS_RESULT result; + + if ((result = obj_nvstore_get_datapublic(hNvstore, &data_public_size, nv_data_public))) + return result; + + offset = sizeof(TPM_STRUCTURE_TAG)+ sizeof(TPM_NV_INDEX); + pcrread_sizeOfSelect = Decode_UINT16(nv_data_public + offset); + offset = offset + sizeof(UINT16) + pcrread_sizeOfSelect + + sizeof(TPM_LOCALITY_SELECTION) + + sizeof(TPM_COMPOSITE_HASH); + + pcrwrite_sizeOfSelect = Decode_UINT16(nv_data_public + offset); + offset = offset + sizeof(UINT16) + pcrwrite_sizeOfSelect + + sizeof(TPM_LOCALITY_SELECTION) + + sizeof(TPM_COMPOSITE_HASH) + + sizeof(TPM_NV_ATTRIBUTES); + + value = *((TPM_BOOL *)(nv_data_public + offset)); + + *readstclear = value; + + return result; +} + +TSS_RESULT +obj_nvstore_get_state_writedefine(TSS_HNVSTORE hNvstore, UINT32 * writedefine) +{ + BYTE nv_data_public[MAX_PUBLIC_DATA_SIZE]; + UINT32 data_public_size = MAX_PUBLIC_DATA_SIZE; + UINT32 offset; + UINT16 pcrread_sizeOfSelect; + UINT16 pcrwrite_sizeOfSelect; + TPM_BOOL value; + TSS_RESULT result; + + if ((result = obj_nvstore_get_datapublic(hNvstore, &data_public_size, nv_data_public))) + return result; + + offset = sizeof(TPM_STRUCTURE_TAG)+ sizeof(TPM_NV_INDEX); + pcrread_sizeOfSelect = Decode_UINT16(nv_data_public + offset); + offset = offset + sizeof(UINT16) + pcrread_sizeOfSelect + + sizeof(TPM_LOCALITY_SELECTION) + + sizeof(TPM_COMPOSITE_HASH); + + pcrwrite_sizeOfSelect = Decode_UINT16(nv_data_public + offset); + offset = offset + sizeof(UINT16) + pcrwrite_sizeOfSelect + + sizeof(TPM_LOCALITY_SELECTION) + + sizeof(TPM_COMPOSITE_HASH) + + sizeof(TPM_NV_ATTRIBUTES) + + sizeof(TPM_BOOL) + + sizeof(TPM_BOOL); + + value = *((TPM_BOOL *)(nv_data_public + offset)); + + *writedefine = value; + + return result; +} + +TSS_RESULT +obj_nvstore_get_state_writestclear(TSS_HNVSTORE hNvstore, UINT32 * writestclear) +{ + BYTE nv_data_public[MAX_PUBLIC_DATA_SIZE]; + UINT32 data_public_size = MAX_PUBLIC_DATA_SIZE; + UINT32 offset; + UINT16 pcrread_sizeOfSelect; + UINT16 pcrwrite_sizeOfSelect; + TPM_BOOL value; + TSS_RESULT result; + + if ((result = obj_nvstore_get_datapublic(hNvstore, &data_public_size, nv_data_public))) + return result; + + offset = sizeof(TPM_STRUCTURE_TAG)+ sizeof(TPM_NV_INDEX); + pcrread_sizeOfSelect = Decode_UINT16(nv_data_public + offset); + offset = offset + sizeof(UINT16) + pcrread_sizeOfSelect + + sizeof(TPM_LOCALITY_SELECTION) + + sizeof(TPM_COMPOSITE_HASH); + + pcrwrite_sizeOfSelect = Decode_UINT16(nv_data_public + offset); + offset = offset + sizeof(UINT16) + pcrwrite_sizeOfSelect + + sizeof(TPM_LOCALITY_SELECTION) + + sizeof(TPM_COMPOSITE_HASH) + + sizeof(TPM_NV_ATTRIBUTES) + + sizeof(TPM_BOOL); + + value = *((TPM_BOOL *)(nv_data_public + offset)); + *writestclear = value; + + return result; +} + +TSS_RESULT +obj_nvstore_get_readlocalityatrelease(TSS_HNVSTORE hNvstore, UINT32 * readlocalityatrelease) +{ + BYTE nv_data_public[MAX_PUBLIC_DATA_SIZE]; + UINT32 data_public_size = MAX_PUBLIC_DATA_SIZE; + UINT32 offset; + UINT16 pcrread_sizeOfSelect; + TPM_LOCALITY_SELECTION locality_value; + TSS_RESULT result; + + if ((result = obj_nvstore_get_datapublic(hNvstore, &data_public_size, nv_data_public))) + return result; + + offset = sizeof(TPM_STRUCTURE_TAG)+ sizeof(TPM_NV_INDEX); + pcrread_sizeOfSelect = Decode_UINT16(nv_data_public + offset); + offset = offset + sizeof(UINT16) + pcrread_sizeOfSelect; + locality_value = *((TPM_LOCALITY_SELECTION *)(nv_data_public + offset)); + *readlocalityatrelease = locality_value; + + return result; +} + +TSS_RESULT +obj_nvstore_get_writelocalityatrelease(TSS_HNVSTORE hNvstore, UINT32 * writelocalityatrelease) +{ + BYTE nv_data_public[MAX_PUBLIC_DATA_SIZE]; + UINT32 data_public_size = MAX_PUBLIC_DATA_SIZE; + UINT32 offset; + UINT16 pcrread_sizeOfSelect; + UINT16 pcrwrite_sizeOfSelect; + TPM_LOCALITY_SELECTION locality_value; + TSS_RESULT result; + + if ((result = obj_nvstore_get_datapublic(hNvstore, &data_public_size, nv_data_public))) + return result; + + offset = sizeof(TPM_STRUCTURE_TAG)+ sizeof(TPM_NV_INDEX); + pcrread_sizeOfSelect = Decode_UINT16(nv_data_public + offset); + offset = offset + sizeof(UINT16) + pcrread_sizeOfSelect + + sizeof(TPM_LOCALITY_SELECTION) + + sizeof(TPM_COMPOSITE_HASH); + pcrwrite_sizeOfSelect = Decode_UINT16(nv_data_public + offset); + offset = offset + sizeof(UINT16) + pcrwrite_sizeOfSelect; + + locality_value = *((TPM_LOCALITY_SELECTION *)(nv_data_public + offset)); + *writelocalityatrelease = locality_value; + + return result; +} + +TSS_RESULT +obj_nvstore_create_pcrshortinfo(TSS_HNVSTORE hNvstore, + TSS_HPCRS hPcrComposite, + UINT32 *size, + BYTE **data) +{ + struct tsp_object *obj; + BYTE pdata[MAX_PUBLIC_DATA_SIZE]; + UINT32 dataLen; + UINT64 offset; + TSS_HCONTEXT tspContext; + TSS_RESULT result = TSS_SUCCESS; + BYTE* ppbHashData; + UINT32 i; + BYTE digAtRelease[TPM_SHA1_160_HASH_LEN] = { 0, }; + UINT32 tmp_locAtRelease; + TPM_LOCALITY_SELECTION locAtRelease = TPM_LOC_ZERO | TPM_LOC_ONE + | TPM_LOC_TWO | TPM_LOC_THREE| TPM_LOC_FOUR; + BYTE tmp_pcr_select[3] = {0, 0, 0}; + TCPA_PCR_SELECTION pcrSelect = { 3, tmp_pcr_select}; + + if ((obj = obj_list_get_obj(&nvstore_list, hNvstore)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + tspContext = obj->tspContext; + + if (hPcrComposite) { + if ((result = obj_pcrs_get_selection(hPcrComposite, &dataLen, pdata))) { + LogDebug("get_selection error from hReadPcrComposite"); + goto out; + } + + /* the index should not >= 24, so the sizeofselect should not be >3*/ + if (dataLen - sizeof(UINT16) > 3) { + result = TSPERR(TSS_E_BAD_PARAMETER); + goto out; + } + offset = 0; + Trspi_UnloadBlob_PCR_SELECTION(&offset, pdata, &pcrSelect); + + if (pcrSelect.sizeOfSelect != 0) { + if ((result = obj_pcrs_get_digest_at_release(hPcrComposite, + &dataLen, &ppbHashData))) { + LogDebug("get_composite error from hReadPcrComposite"); + goto out; + } + memcpy(digAtRelease, ppbHashData, dataLen); + free_tspi(tspContext, ppbHashData); + } else { + pcrSelect.sizeOfSelect = 3; + pcrSelect.pcrSelect = tmp_pcr_select; + } + + if (pcrSelect.sizeOfSelect < 3) { + for (i = 0; i < pcrSelect.sizeOfSelect; i++) { + tmp_pcr_select[i] = pcrSelect.pcrSelect[i]; + } + pcrSelect.sizeOfSelect = 3; + pcrSelect.pcrSelect = tmp_pcr_select; + } + + if ((result = obj_pcrs_get_locality(hPcrComposite, &tmp_locAtRelease))) + goto out; + locAtRelease = (TPM_LOCALITY_SELECTION)(tmp_locAtRelease & TSS_LOCALITY_MASK); + } + + *size = sizeof(UINT16) + 3 + sizeof(TPM_LOCALITY_SELECTION) + TPM_SHA1_160_HASH_LEN; + *data = calloc_tspi(tspContext, *size); + if (*data == NULL) { + LogError("malloc of %u bytes failed.", *size); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto out; + } + + offset = 0; + Trspi_LoadBlob_PCR_SELECTION(&offset, *data, &pcrSelect); + Trspi_LoadBlob_BYTE(&offset, locAtRelease, *data); + Trspi_LoadBlob(&offset, TPM_SHA1_160_HASH_LEN, *data, digAtRelease); + +out: + obj_list_put(&nvstore_list); + return result; +} + + diff --git a/src/tspi/obj_pcrs.c b/src/tspi/obj_pcrs.c new file mode 100644 index 0000000..5408302 --- /dev/null +++ b/src/tspi/obj_pcrs.c @@ -0,0 +1,904 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2005, 2007 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +TSS_RESULT +obj_pcrs_add(TSS_HCONTEXT tspContext, UINT32 type, TSS_HOBJECT *phObject) +{ + TSS_RESULT result; + UINT32 ver; + struct tr_pcrs_obj *pcrs; + + if ((pcrs = calloc(1, sizeof(struct tr_pcrs_obj))) == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(struct tr_pcrs_obj)); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + if (type == TSS_PCRS_STRUCT_DEFAULT) { + if ((result = obj_context_get_connection_version(tspContext, &ver))) { + free(pcrs); + return result; + } + + switch (ver) { + case TSS_TSPATTRIB_CONTEXT_VERSION_V1_2: + pcrs->type = TSS_PCRS_STRUCT_INFO_LONG; + pcrs->info.infolong.localityAtRelease = TSS_LOCALITY_ALL; + break; + case TSS_TSPATTRIB_CONTEXT_VERSION_V1_1: + /* fall through */ + default: + pcrs->type = TSS_PCRS_STRUCT_INFO; + break; + } + } else + pcrs->type = type; + + if ((result = obj_list_add(&pcrs_list, tspContext, 0, pcrs, phObject))) { + free(pcrs); + return result; + } + + return TSS_SUCCESS; +} + +void +pcrs_free(void *data) +{ + struct tr_pcrs_obj *pcrs = (struct tr_pcrs_obj *)data; + + switch (pcrs->type) { + case TSS_PCRS_STRUCT_INFO: + free(pcrs->info.info11.pcrSelection.pcrSelect); + break; + case TSS_PCRS_STRUCT_INFO_SHORT: + free(pcrs->info.infoshort.pcrSelection.pcrSelect); + break; + case TSS_PCRS_STRUCT_INFO_LONG: + free(pcrs->info.infolong.creationPCRSelection.pcrSelect); + free(pcrs->info.infolong.releasePCRSelection.pcrSelect); + break; + default: + LogDebugFn("Undefined type of PCRs object"); + break; + } + + free(pcrs); +} + +TSS_RESULT +obj_pcrs_remove(TSS_HOBJECT hObject, TSS_HCONTEXT tspContext) +{ + TSS_RESULT result; + + if ((result = obj_list_remove(&pcrs_list, &pcrs_free, hObject, tspContext))) + return result; + + return TSS_SUCCESS; +} + +TSS_BOOL +obj_is_pcrs(TSS_HOBJECT hObject) +{ + TSS_BOOL answer = FALSE; + + if ((obj_list_get_obj(&pcrs_list, hObject))) { + answer = TRUE; + obj_list_put(&pcrs_list); + } + + return answer; +} + +TSS_RESULT +obj_pcrs_get_tsp_context(TSS_HPCRS hPcrs, TSS_HCONTEXT *tspContext) +{ + struct tsp_object *obj; + + if ((obj = obj_list_get_obj(&pcrs_list, hPcrs)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + *tspContext = obj->tspContext; + + obj_list_put(&pcrs_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_pcrs_get_type(TSS_HPCRS hPcrs, UINT32 *type) +{ + struct tsp_object *obj; + struct tr_pcrs_obj *pcrs; + + if ((obj = obj_list_get_obj(&pcrs_list, hPcrs)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + pcrs = (struct tr_pcrs_obj *)obj->data; + + *type = pcrs->type; + + obj_list_put(&pcrs_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_pcrs_get_selection(TSS_HPCRS hPcrs, UINT32 *size, BYTE *out) +{ + struct tsp_object *obj; + struct tr_pcrs_obj *pcrs; + TSS_RESULT result = TSS_SUCCESS; + TPM_PCR_SELECTION *tmp; + UINT64 offset = 0; + + if ((obj = obj_list_get_obj(&pcrs_list, hPcrs)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + pcrs = (struct tr_pcrs_obj *)obj->data; + + switch (pcrs->type) { + case TSS_PCRS_STRUCT_INFO: + tmp = &pcrs->info.info11.pcrSelection; + break; + case TSS_PCRS_STRUCT_INFO_SHORT: + tmp = &pcrs->info.infoshort.pcrSelection; + break; + case TSS_PCRS_STRUCT_INFO_LONG: + tmp = &pcrs->info.infolong.creationPCRSelection; + break; + default: + LogDebugFn("Undefined type of PCRs object"); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + Trspi_LoadBlob_PCR_SELECTION(&offset, out, tmp); + *size = offset; +done: + obj_list_put(&pcrs_list); + + return result; +} + +TSS_RESULT +obj_pcrs_set_values(TSS_HPCRS hPcrs, TPM_PCR_COMPOSITE *pcrComp) +{ + TSS_RESULT result = TSS_SUCCESS; + TPM_PCR_SELECTION *select = &(pcrComp->select); + UINT16 i, val_idx = 0; + + for (i = 0; i < select->sizeOfSelect * 8; i++) { + if (select->pcrSelect[i / 8] & (1 << (i % 8))) { + if ((result = obj_pcrs_set_value(hPcrs, i, TCPA_SHA1_160_HASH_LEN, + (BYTE *)&pcrComp->pcrValue[val_idx]))) + return result; + + val_idx++; + } + } + + return result; +} + +TSS_RESULT +obj_pcrs_set_value(TSS_HPCRS hPcrs, UINT32 idx, UINT32 size, BYTE *value) +{ + struct tsp_object *obj; + struct tr_pcrs_obj *pcrs; + TSS_RESULT result = TSS_SUCCESS; + TPM_PCR_SELECTION *select; + TPM_COMPOSITE_HASH *compHash; + UINT16 bytes_to_hold = (idx / 8) + 1; + + if ((obj = obj_list_get_obj(&pcrs_list, hPcrs)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + pcrs = (struct tr_pcrs_obj *)obj->data; + + switch(pcrs->type) { + case TSS_PCRS_STRUCT_INFO: + bytes_to_hold = (bytes_to_hold < 2) ? 2 : bytes_to_hold; + select = &pcrs->info.info11.pcrSelection; + compHash = &pcrs->info.info11.digestAtRelease; + break; + case TSS_PCRS_STRUCT_INFO_SHORT: + bytes_to_hold = (bytes_to_hold < 3) ? 3 : bytes_to_hold; + select = &pcrs->info.infoshort.pcrSelection; + compHash = &pcrs->info.infoshort.digestAtRelease; + break; + case TSS_PCRS_STRUCT_INFO_LONG: + bytes_to_hold = (bytes_to_hold < 3) ? 3 : bytes_to_hold; + select = &pcrs->info.infolong.releasePCRSelection; + compHash = &pcrs->info.infolong.digestAtRelease; + break; + default: + LogDebugFn("Undefined type of PCRs object"); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + break; + } + + /* allocate the selection structure */ + if (select->pcrSelect == NULL) { + if ((select->pcrSelect = malloc(bytes_to_hold)) == NULL) { + LogError("malloc of %d bytes failed.", bytes_to_hold); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + select->sizeOfSelect = bytes_to_hold; + memset(select->pcrSelect, 0, bytes_to_hold); + + /* allocate the pcr array */ + if ((pcrs->pcrs = malloc(bytes_to_hold * 8 * + TCPA_SHA1_160_HASH_LEN)) == NULL) { + LogError("malloc of %d bytes failed.", + bytes_to_hold * 8 * TCPA_SHA1_160_HASH_LEN); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + } else if (select->sizeOfSelect < bytes_to_hold) { + if ((select->pcrSelect = realloc(select->pcrSelect, bytes_to_hold)) == NULL) { + LogError("malloc of %d bytes failed.", bytes_to_hold); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + /* set the newly allocated bytes to 0 */ + memset(&select->pcrSelect[select->sizeOfSelect], 0, + bytes_to_hold - select->sizeOfSelect); + select->sizeOfSelect = bytes_to_hold; + + /* realloc the pcrs array */ + if ((pcrs->pcrs = realloc(pcrs->pcrs, bytes_to_hold * 8 * + sizeof(TPM_PCRVALUE))) == NULL) { + LogError("malloc of %d bytes failed.", + bytes_to_hold * 8 * TCPA_SHA1_160_HASH_LEN); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + } + + /* set the bit in the selection structure */ + select->pcrSelect[idx / 8] |= (1 << (idx % 8)); + + /* set the value in the pcrs array */ + memcpy(&(pcrs->pcrs[idx]), value, size); + + result = pcrs_calc_composite(select, pcrs->pcrs, compHash); + +done: + obj_list_put(&pcrs_list); + + return result; +} + +TSS_RESULT +obj_pcrs_get_value(TSS_HPCRS hPcrs, UINT32 idx, UINT32 *size, BYTE **value) +{ + struct tsp_object *obj; + struct tr_pcrs_obj *pcrs; + TSS_RESULT result = TSS_SUCCESS; + TPM_PCR_SELECTION *select; + + if ((obj = obj_list_get_obj(&pcrs_list, hPcrs)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + pcrs = (struct tr_pcrs_obj *)obj->data; + + switch(pcrs->type) { + case TSS_PCRS_STRUCT_INFO: + select = &pcrs->info.info11.pcrSelection; + break; + case TSS_PCRS_STRUCT_INFO_SHORT: + select = &pcrs->info.infoshort.pcrSelection; + break; + case TSS_PCRS_STRUCT_INFO_LONG: + select = &pcrs->info.infolong.creationPCRSelection; + break; + default: + LogDebugFn("Undefined type of PCRs object"); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + break; + } + + if (select->sizeOfSelect < (idx / 8) + 1) { + result = TSPERR(TSS_E_BAD_PARAMETER); + goto done; + } + + if ((*value = calloc_tspi(obj->tspContext, TCPA_SHA1_160_HASH_LEN)) == NULL) { + LogError("malloc of %d bytes failed.", TCPA_SHA1_160_HASH_LEN); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + *size = TCPA_SHA1_160_HASH_LEN; + memcpy(*value, &pcrs->pcrs[idx], TCPA_SHA1_160_HASH_LEN); + +done: + obj_list_put(&pcrs_list); + + return result; +} + +TSS_RESULT +obj_pcrs_get_digest_at_release(TSS_HPCRS hPcrs, UINT32 *size, BYTE **out) +{ + struct tsp_object *obj; + struct tr_pcrs_obj *pcrs; + TSS_RESULT result = TSS_SUCCESS; + BYTE *digest; + + if ((obj = obj_list_get_obj(&pcrs_list, hPcrs)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + pcrs = (struct tr_pcrs_obj *)obj->data; + + switch(pcrs->type) { + case TSS_PCRS_STRUCT_INFO: + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + case TSS_PCRS_STRUCT_INFO_SHORT: + digest = (BYTE *)&pcrs->info.infoshort.digestAtRelease; + break; + case TSS_PCRS_STRUCT_INFO_LONG: + digest = (BYTE *)&pcrs->info.infolong.digestAtRelease; + break; + default: + LogDebugFn("Undefined type of PCRs object"); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + break; + } + + if ((*out = calloc_tspi(obj->tspContext, sizeof(TPM_COMPOSITE_HASH))) == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(TPM_COMPOSITE_HASH)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + memcpy(*out, digest, sizeof(TPM_COMPOSITE_HASH)); + *size = sizeof(TPM_COMPOSITE_HASH); + +done: + obj_list_put(&pcrs_list); + + return result; +} + +TSS_RESULT +obj_pcrs_select_index(TSS_HPCRS hPcrs, UINT32 idx) +{ + struct tsp_object *obj; + struct tr_pcrs_obj *pcrs; + TSS_RESULT result = TSS_SUCCESS; + TPM_PCR_SELECTION *select; + UINT16 bytes_to_hold = (idx / 8) + 1; + + if ((obj = obj_list_get_obj(&pcrs_list, hPcrs)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + pcrs = (struct tr_pcrs_obj *)obj->data; + + switch(pcrs->type) { + case TSS_PCRS_STRUCT_INFO: + bytes_to_hold = (bytes_to_hold < 2) ? 2 : bytes_to_hold; + select = &pcrs->info.info11.pcrSelection; + break; + case TSS_PCRS_STRUCT_INFO_SHORT: + case TSS_PCRS_STRUCT_INFO_LONG: + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + default: + LogDebugFn("Undefined type of PCRs object"); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + break; + } + + /* allocate the selection structure */ + if (select->pcrSelect == NULL) { + if ((select->pcrSelect = malloc(bytes_to_hold)) == NULL) { + LogError("malloc of %d bytes failed.", bytes_to_hold); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + select->sizeOfSelect = bytes_to_hold; + memset(select->pcrSelect, 0, bytes_to_hold); + + /* alloc the pcrs array */ + if ((pcrs->pcrs = malloc(bytes_to_hold * 8 * TCPA_SHA1_160_HASH_LEN)) == NULL) { + LogError("malloc of %d bytes failed.", bytes_to_hold * 8 * + TCPA_SHA1_160_HASH_LEN); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + } else if (select->sizeOfSelect < bytes_to_hold) { + if ((select->pcrSelect = realloc(select->pcrSelect, bytes_to_hold)) == NULL) { + LogError("malloc of %d bytes failed.", bytes_to_hold); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + /* set the newly allocated bytes to 0 */ + memset(&select->pcrSelect[select->sizeOfSelect], 0, + bytes_to_hold - select->sizeOfSelect); + select->sizeOfSelect = bytes_to_hold; + + /* realloc the pcrs array */ + if ((pcrs->pcrs = realloc(pcrs->pcrs, + bytes_to_hold * 8 * TCPA_SHA1_160_HASH_LEN)) == NULL) { + LogError("malloc of %d bytes failed.", bytes_to_hold * 8 * + TCPA_SHA1_160_HASH_LEN); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + } + + /* set the bit in the selection structure */ + select->pcrSelect[idx / 8] |= (1 << (idx % 8)); + +done: + obj_list_put(&pcrs_list); + + return result; +} + +TSS_RESULT +obj_pcrs_select_index_ex(TSS_HPCRS hPcrs, UINT32 dir, UINT32 idx) +{ + struct tsp_object *obj; + struct tr_pcrs_obj *pcrs; + TSS_RESULT result = TSS_SUCCESS; + TPM_PCR_SELECTION *select; + UINT16 bytes_to_hold = (idx / 8) + 1; + + if ((obj = obj_list_get_obj(&pcrs_list, hPcrs)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + pcrs = (struct tr_pcrs_obj *)obj->data; + + switch(pcrs->type) { + case TSS_PCRS_STRUCT_INFO: + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + case TSS_PCRS_STRUCT_INFO_SHORT: + if (dir == TSS_PCRS_DIRECTION_CREATION) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + bytes_to_hold = (bytes_to_hold < 3) ? 3 : bytes_to_hold; + select = &pcrs->info.infoshort.pcrSelection; + break; + case TSS_PCRS_STRUCT_INFO_LONG: + bytes_to_hold = (bytes_to_hold < 3) ? 3 : bytes_to_hold; + if (dir == TSS_PCRS_DIRECTION_CREATION) + select = &pcrs->info.infolong.creationPCRSelection; + else + select = &pcrs->info.infolong.releasePCRSelection; + break; + default: + LogDebugFn("Undefined type of PCRs object"); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + break; + } + + /* allocate the selection structure */ + if (select->pcrSelect == NULL) { + if ((select->pcrSelect = malloc(bytes_to_hold)) == NULL) { + LogError("malloc of %d bytes failed.", bytes_to_hold); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + select->sizeOfSelect = bytes_to_hold; + memset(select->pcrSelect, 0, bytes_to_hold); + + /* alloc the pcrs array */ + if ((pcrs->pcrs = malloc(bytes_to_hold * 8 * TCPA_SHA1_160_HASH_LEN)) == NULL) { + LogError("malloc of %d bytes failed.", bytes_to_hold * 8 * + TCPA_SHA1_160_HASH_LEN); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + } else if (select->sizeOfSelect < bytes_to_hold) { + if ((select->pcrSelect = realloc(select->pcrSelect, bytes_to_hold)) == NULL) { + LogError("malloc of %d bytes failed.", bytes_to_hold); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + /* set the newly allocated bytes to 0 */ + memset(&select->pcrSelect[select->sizeOfSelect], 0, + bytes_to_hold - select->sizeOfSelect); + select->sizeOfSelect = bytes_to_hold; + + /* realloc the pcrs array */ + if ((pcrs->pcrs = realloc(pcrs->pcrs, + bytes_to_hold * 8 * TCPA_SHA1_160_HASH_LEN)) == NULL) { + LogError("malloc of %d bytes failed.", bytes_to_hold * 8 * + TCPA_SHA1_160_HASH_LEN); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + } + + /* set the bit in the selection structure */ + select->pcrSelect[idx / 8] |= (1 << (idx % 8)); + +done: + obj_list_put(&pcrs_list); + + return result; +} + +TSS_RESULT +obj_pcrs_create_info_type(TSS_HPCRS hPcrs, UINT32 *type, UINT32 *size, BYTE **info) +{ + TSS_RESULT result; + + /* If type equals 0, then we create the structure + based on how the object was created */ + if (*type == 0) { + struct tsp_object *obj; + struct tr_pcrs_obj *pcrs; + + if ((obj = obj_list_get_obj(&pcrs_list, hPcrs)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + pcrs = (struct tr_pcrs_obj *)obj->data; + *type = pcrs->type; + + obj_list_put(&pcrs_list); + } + + switch (*type) { + case TSS_PCRS_STRUCT_INFO: + result = obj_pcrs_create_info(hPcrs, size, info); + break; + case TSS_PCRS_STRUCT_INFO_LONG: + result = obj_pcrs_create_info_long(hPcrs, size, info); + break; + case TSS_PCRS_STRUCT_INFO_SHORT: + result = obj_pcrs_create_info_short(hPcrs, size, info); + break; + default: + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + return result; +} + +/* Create a PCR info struct based on the hPcrs object */ +TSS_RESULT +obj_pcrs_create_info(TSS_HPCRS hPcrs, UINT32 *size, BYTE **info) +{ + struct tsp_object *obj; + struct tr_pcrs_obj *pcrs; + TSS_RESULT result = TSS_SUCCESS; + TPM_PCR_INFO info11; + UINT64 offset; + UINT32 ret_size; + BYTE *ret; + + if ((obj = obj_list_get_obj(&pcrs_list, hPcrs)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + pcrs = (struct tr_pcrs_obj *)obj->data; + + /* Set everything that is not assigned to be all zeroes */ + memset(&info11, 0, sizeof(info11)); + + switch (pcrs->type) { + case TSS_PCRS_STRUCT_INFO: + info11 = pcrs->info.info11; + break; + case TSS_PCRS_STRUCT_INFO_LONG: + info11.pcrSelection = pcrs->info.infolong.releasePCRSelection; + info11.digestAtRelease = pcrs->info.infolong.digestAtRelease; + break; + case TSS_PCRS_STRUCT_INFO_SHORT: + info11.pcrSelection = pcrs->info.infoshort.pcrSelection; + info11.digestAtRelease = pcrs->info.infoshort.digestAtRelease; + break; + default: + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + offset = 0; + Trspi_LoadBlob_PCR_INFO(&offset, NULL, &info11); + ret_size = offset; + + if ((ret = calloc(1, ret_size)) == NULL) { + result = TSPERR(TSS_E_OUTOFMEMORY); + LogDebug("malloc of %u bytes failed.", ret_size); + goto done; + } + + offset = 0; + Trspi_LoadBlob_PCR_INFO(&offset, ret, &info11); + + *info = ret; + *size = ret_size; + +done: + obj_list_put(&pcrs_list); + + return result; +} + +TSS_RESULT +obj_pcrs_create_info_long(TSS_HPCRS hPcrs, UINT32 *size, BYTE **info) +{ + struct tsp_object *obj; + struct tr_pcrs_obj *pcrs; + TSS_RESULT result = TSS_SUCCESS; + TPM_PCR_INFO_LONG infolong; + BYTE dummyBits[3] = { 0, 0, 0 }; + TPM_PCR_SELECTION dummySelection = { 3, dummyBits }; + UINT64 offset; + UINT32 ret_size; + BYTE *ret; + + if ((obj = obj_list_get_obj(&pcrs_list, hPcrs)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + pcrs = (struct tr_pcrs_obj *)obj->data; + + /* Set everything that is not assigned to be all zeroes */ + memset(&infolong, 0, sizeof(infolong)); + + infolong.tag = TPM_TAG_PCR_INFO_LONG; + /* localityAtCreation and creationPCRSelection certainly do not need to be set here, but + * some chips such as Winbond do not ignore them on input, so we must give them dummy + * "good" values */ + infolong.localityAtCreation = TPM_LOC_ZERO; + infolong.creationPCRSelection = dummySelection; + switch (pcrs->type) { + case TSS_PCRS_STRUCT_INFO: + infolong.localityAtRelease = TSS_LOCALITY_ALL; + infolong.releasePCRSelection = pcrs->info.info11.pcrSelection; + infolong.digestAtRelease = pcrs->info.info11.digestAtRelease; + break; + case TSS_PCRS_STRUCT_INFO_LONG: + infolong.localityAtRelease = pcrs->info.infolong.localityAtRelease; + infolong.releasePCRSelection = pcrs->info.infolong.releasePCRSelection; + infolong.digestAtRelease = pcrs->info.infolong.digestAtRelease; + break; + case TSS_PCRS_STRUCT_INFO_SHORT: + infolong.localityAtRelease = pcrs->info.infoshort.localityAtRelease; + infolong.releasePCRSelection = pcrs->info.infoshort.pcrSelection; + infolong.digestAtRelease = pcrs->info.infoshort.digestAtRelease; + break; + default: + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + offset = 0; + Trspi_LoadBlob_PCR_INFO_LONG(&offset, NULL, &infolong); + ret_size = offset; + + if ((ret = calloc(1, ret_size)) == NULL) { + result = TSPERR(TSS_E_OUTOFMEMORY); + LogDebug("malloc of %u bytes failed.", ret_size); + goto done; + } + + offset = 0; + Trspi_LoadBlob_PCR_INFO_LONG(&offset, ret, &infolong); + + *info = ret; + *size = ret_size; + +done: + obj_list_put(&pcrs_list); + + return result; +} + +TSS_RESULT +obj_pcrs_create_info_short(TSS_HPCRS hPcrs, UINT32 *size, BYTE **info) +{ + struct tsp_object *obj; + struct tr_pcrs_obj *pcrs; + TSS_RESULT result = TSS_SUCCESS; + TPM_PCR_INFO_SHORT infoshort; + BYTE select[] = { 0, 0, 0 }; + UINT64 offset; + UINT32 ret_size; + BYTE *ret; + + /* Set everything that is not assigned to be all zeroes */ + memset(&infoshort, 0, sizeof(infoshort)); + + if (hPcrs != NULL_HPCRS) { + if ((obj = obj_list_get_obj(&pcrs_list, hPcrs)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + pcrs = (struct tr_pcrs_obj *)obj->data; + + switch (pcrs->type) { + case TSS_PCRS_STRUCT_INFO: + infoshort.pcrSelection = pcrs->info.info11.pcrSelection; + infoshort.localityAtRelease = TSS_LOCALITY_ALL; + infoshort.digestAtRelease = pcrs->info.info11.digestAtRelease; + break; + case TSS_PCRS_STRUCT_INFO_LONG: + infoshort.pcrSelection = pcrs->info.infolong.releasePCRSelection; + infoshort.localityAtRelease = pcrs->info.infolong.localityAtRelease; + infoshort.digestAtRelease = pcrs->info.infolong.digestAtRelease; + break; + case TSS_PCRS_STRUCT_INFO_SHORT: + infoshort = pcrs->info.infoshort; + break; + default: + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } else { + infoshort.pcrSelection.sizeOfSelect = sizeof(select); + infoshort.pcrSelection.pcrSelect = select; + infoshort.localityAtRelease = TSS_LOCALITY_ALL; + } + + offset = 0; + Trspi_LoadBlob_PCR_INFO_SHORT(&offset, NULL, &infoshort); + ret_size = offset; + + if ((ret = calloc(1, ret_size)) == NULL) { + result = TSPERR(TSS_E_OUTOFMEMORY); + LogDebug("malloc of %u bytes failed.", ret_size); + goto done; + } + + offset = 0; + Trspi_LoadBlob_PCR_INFO_SHORT(&offset, ret, &infoshort); + + *info = ret; + *size = ret_size; + +done: + if (hPcrs != NULL_HPCRS) + obj_list_put(&pcrs_list); + + return result; +} + +TSS_RESULT +obj_pcrs_get_locality(TSS_HPCRS hPcrs, UINT32 *out) +{ + struct tsp_object *obj; + struct tr_pcrs_obj *pcrs; + TSS_RESULT result = TSS_SUCCESS; + BYTE *locality; + + if ((obj = obj_list_get_obj(&pcrs_list, hPcrs)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + pcrs = (struct tr_pcrs_obj *)obj->data; + + switch(pcrs->type) { + case TSS_PCRS_STRUCT_INFO: + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + case TSS_PCRS_STRUCT_INFO_SHORT: + locality = &pcrs->info.infoshort.localityAtRelease; + break; + case TSS_PCRS_STRUCT_INFO_LONG: + locality = &pcrs->info.infolong.localityAtRelease; + break; + default: + LogDebugFn("Undefined type of PCRs object"); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *out = (UINT32)*locality; + +done: + obj_list_put(&pcrs_list); + + return result; +} + +TSS_RESULT +obj_pcrs_set_locality(TSS_HPCRS hPcrs, UINT32 locality) +{ + struct tsp_object *obj; + struct tr_pcrs_obj *pcrs; + TSS_RESULT result = TSS_SUCCESS; + BYTE *loc; + + if ((obj = obj_list_get_obj(&pcrs_list, hPcrs)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + pcrs = (struct tr_pcrs_obj *)obj->data; + + switch(pcrs->type) { + case TSS_PCRS_STRUCT_INFO: + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + case TSS_PCRS_STRUCT_INFO_SHORT: + loc = &pcrs->info.infoshort.localityAtRelease; + break; + case TSS_PCRS_STRUCT_INFO_LONG: + loc = &pcrs->info.infolong.localityAtRelease; + break; + default: + LogDebugFn("Undefined type of PCRs object"); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *loc = locality; +done: + obj_list_put(&pcrs_list); + + return result; +} + +TSS_RESULT +obj_pcrs_set_digest_at_release(TSS_HPCRS hPcrs, TPM_COMPOSITE_HASH digest) +{ + struct tsp_object *obj; + struct tr_pcrs_obj *pcrs; + TSS_RESULT result = TSS_SUCCESS; + TPM_COMPOSITE_HASH *dig; + + LogDebugFn("######## Digest to be set on TSS object:"); + LogDebugData(TCPA_SHA1_160_HASH_LEN, digest.digest); + + if ((obj = obj_list_get_obj(&pcrs_list, hPcrs)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + pcrs = (struct tr_pcrs_obj *)obj->data; + + switch(pcrs->type) { + case TSS_PCRS_STRUCT_INFO: + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + case TSS_PCRS_STRUCT_INFO_SHORT: + dig = &pcrs->info.infoshort.digestAtRelease; + break; + case TSS_PCRS_STRUCT_INFO_LONG: + dig = &pcrs->info.infolong.digestAtRelease; + break; + default: + LogDebugFn("Undefined type of PCRs object"); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + /* Copy the digest information */ + memcpy(dig->digest,&digest.digest,TPM_SHA1_160_HASH_LEN); + + LogDebugFn("######## Digest SET on TSS object:"); + LogDebugData(TCPA_SHA1_160_HASH_LEN,pcrs->info.infoshort.digestAtRelease.digest); + +done: + obj_list_put(&pcrs_list); + + return result; +} + diff --git a/src/tspi/obj_policy.c b/src/tspi/obj_policy.c new file mode 100644 index 0000000..e76681b --- /dev/null +++ b/src/tspi/obj_policy.c @@ -0,0 +1,1667 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2005, 2007 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" +#include "tsp_delegate.h" +#include "authsess.h" + + +TSS_RESULT +obj_policy_add(TSS_HCONTEXT tsp_context, UINT32 type, TSS_HOBJECT *phObject) +{ + struct tr_policy_obj *policy; + TSS_RESULT result; + + if ((policy = calloc(1, sizeof(struct tr_policy_obj))) == NULL) { + LogError("malloc of %zd bytes failed", sizeof(struct tr_policy_obj)); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + policy->type = type; +#ifndef TSS_SPEC_COMPLIANCE + policy->SecretMode = TSS_SECRET_MODE_NONE; +#else + policy->SecretMode = TSS_SECRET_MODE_POPUP; +#endif + /* The policy object will inherit this attribute from the context */ + if ((result = obj_context_get_hash_mode(tsp_context, &policy->hashMode))) { + free(policy); + return result; + } + policy->SecretLifetime = TSS_TSPATTRIB_POLICYSECRET_LIFETIME_ALWAYS; +#ifdef TSS_BUILD_DELEGATION + policy->delegationType = TSS_DELEGATIONTYPE_NONE; +#endif + + if ((result = obj_list_add(&policy_list, tsp_context, 0, policy, phObject))) { + free(policy); + return result; + } + + return TSS_SUCCESS; +} + +void +__tspi_policy_free(void *data) +{ + struct tr_policy_obj *policy = (struct tr_policy_obj *)data; + + free(policy->popupString); +#ifdef TSS_BUILD_DELEGATION + free(policy->delegationBlob); +#endif + free(policy); +} + +TSS_RESULT +obj_policy_remove(TSS_HOBJECT hObject, TSS_HCONTEXT tspContext) +{ + TSS_RESULT result; + + if ((result = obj_list_remove(&policy_list, &__tspi_policy_free, hObject, tspContext))) + return result; + + obj_lists_remove_policy_refs(hObject, tspContext); + + return TSS_SUCCESS; +} + +TSS_BOOL +obj_is_policy(TSS_HOBJECT hObject) +{ + TSS_BOOL answer = FALSE; + + if ((obj_list_get_obj(&policy_list, hObject))) { + answer = TRUE; + obj_list_put(&policy_list); + } + + return answer; +} + +TSS_RESULT +obj_policy_get_type(TSS_HPOLICY hPolicy, UINT32 *type) +{ + struct tsp_object *obj; + struct tr_policy_obj *policy; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + *type = policy->type; + + obj_list_put(&policy_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_policy_set_type(TSS_HPOLICY hPolicy, UINT32 type) +{ + struct tsp_object *obj; + struct tr_policy_obj *policy; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + policy->type = type; + + obj_list_put(&policy_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_policy_get_tsp_context(TSS_HPOLICY hPolicy, TSS_HCONTEXT *tspContext) +{ + struct tsp_object *obj; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + *tspContext = obj->tspContext; + + obj_list_put(&policy_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_policy_do_hmac(TSS_HPOLICY hPolicy, TSS_HOBJECT hAuthorizedObject, + TSS_BOOL returnOrVerify, UINT32 ulPendingFunction, + TSS_BOOL continueUse, UINT32 ulSizeNonces, + BYTE *rgbNonceEven, BYTE *rgbNonceOdd, + BYTE *rgbNonceEvenOSAP, BYTE *rgbNonceOddOSAP, + UINT32 ulSizeDigestHmac, BYTE *rgbParamDigest, + BYTE *rgbHmacData) +{ + struct tsp_object *obj; + struct tr_policy_obj *policy; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + + result = policy->Tspicb_CallbackHMACAuth( + policy->hmacAppData, hAuthorizedObject, + returnOrVerify, + ulPendingFunction, + continueUse, + ulSizeNonces, + rgbNonceEven, + rgbNonceOdd, + rgbNonceEvenOSAP, rgbNonceOddOSAP, ulSizeDigestHmac, + rgbParamDigest, + rgbHmacData); + + obj_list_put(&policy_list); + + return result; +} + +TSS_RESULT +obj_policy_get_secret(TSS_HPOLICY hPolicy, TSS_BOOL ctx, TCPA_SECRET *secret) +{ + struct tsp_object *obj; + struct tr_policy_obj *policy; + TSS_RESULT result = TSS_SUCCESS; + TCPA_SECRET null_secret; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + + memset(&null_secret, 0, sizeof(TCPA_SECRET)); + + switch (policy->SecretMode) { + case TSS_SECRET_MODE_POPUP: + /* if the secret is still NULL, grab it using the GUI */ + if (policy->SecretSet == FALSE) { + if ((result = popup_GetSecret(ctx, + policy->hashMode, + policy->popupString, + policy->Secret))) + break; + } + policy->SecretSet = TRUE; + /* fall through */ + case TSS_SECRET_MODE_PLAIN: + case TSS_SECRET_MODE_SHA1: + if (policy->SecretSet == FALSE) { + result = TSPERR(TSS_E_POLICY_NO_SECRET); + break; + } + + memcpy(secret, policy->Secret, sizeof(TCPA_SECRET)); + break; + case TSS_SECRET_MODE_NONE: + memcpy(secret, &null_secret, sizeof(TCPA_SECRET)); + break; + default: + result = TSPERR(TSS_E_POLICY_NO_SECRET); + break; + } +#ifdef TSS_DEBUG + if (!result) { + LogDebug("Got a secret:"); + LogDebugData(20, (BYTE *)secret); + } +#endif + obj_list_put(&policy_list); + + return result; +} + +TSS_RESULT +obj_policy_flush_secret(TSS_HPOLICY hPolicy) +{ + struct tsp_object *obj; + struct tr_policy_obj *policy; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + + memset(&policy->Secret, 0, policy->SecretSize); + policy->SecretSet = FALSE; + + obj_list_put(&policy_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_policy_set_secret_object(TSS_HPOLICY hPolicy, TSS_FLAG mode, UINT32 size, + TCPA_DIGEST *digest, TSS_BOOL set) +{ + struct tsp_object *obj; + struct tr_policy_obj *policy; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + + /* if this is going to be a callback policy, the + * callbacks need to already be set. (See TSS 1.1b + * spec pg. 62). */ + if (mode == TSS_SECRET_MODE_CALLBACK) { + if (policy->Tspicb_CallbackHMACAuth == NULL) { + result = TSPERR(TSS_E_FAIL); + goto done; + } + } + + if (policy->SecretLifetime == TSS_TSPATTRIB_POLICYSECRET_LIFETIME_COUNTER) { + policy->SecretCounter = policy->SecretTimeStamp; + } else if (policy->SecretLifetime == TSS_TSPATTRIB_POLICYSECRET_LIFETIME_TIMER) { + time_t t = time(NULL); + if (t == ((time_t)-1)) { + LogError("time failed: %s", strerror(errno)); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + policy->SecretTimeStamp = t; + } + + memcpy(policy->Secret, digest, size); + policy->SecretMode = mode; + policy->SecretSize = size; + policy->SecretSet = set; +done: + obj_list_put(&policy_list); + + return result; +} + +TSS_RESULT +obj_policy_is_secret_set(TSS_HPOLICY hPolicy, TSS_BOOL *secretSet) +{ + struct tsp_object *obj; + struct tr_policy_obj *policy; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + + *secretSet = policy->SecretSet; + obj_list_put(&policy_list); + + return result; +} + + +TSS_RESULT +obj_policy_set_secret(TSS_HPOLICY hPolicy, TSS_FLAG mode, UINT32 size, BYTE *data) +{ + TCPA_DIGEST digest; + UINT32 secret_size = 0; + TSS_BOOL secret_set = TRUE; + TSS_RESULT result; + + memset(&digest.digest, 0, sizeof(TCPA_DIGEST)); + + switch (mode) { + case TSS_SECRET_MODE_PLAIN: + if ((result = Trspi_Hash(TSS_HASH_SHA1, size, data, + (BYTE *)&digest.digest))) + return result; + secret_size = TCPA_SHA1_160_HASH_LEN; + break; + case TSS_SECRET_MODE_SHA1: + if (size != TCPA_SHA1_160_HASH_LEN) + return TSPERR(TSS_E_BAD_PARAMETER); + + memcpy(&digest.digest, data, size); + secret_size = TCPA_SHA1_160_HASH_LEN; + break; + case TSS_SECRET_MODE_POPUP: + case TSS_SECRET_MODE_NONE: + secret_set = FALSE; + case TSS_SECRET_MODE_CALLBACK: + break; + default: + return TSPERR(TSS_E_BAD_PARAMETER); + } + + return obj_policy_set_secret_object(hPolicy, mode, secret_size, + &digest, secret_set); +} + +TSS_RESULT +obj_policy_get_cb11(TSS_HPOLICY hPolicy, TSS_FLAG type, UINT32 *cb) +{ +#ifndef __LP64__ + struct tsp_object *obj; + struct tr_policy_obj *policy; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + + switch (type) { + case TSS_TSPATTRIB_POLICY_CALLBACK_HMAC: + *cb = (UINT32)policy->Tspicb_CallbackHMACAuth; + break; + case TSS_TSPATTRIB_POLICY_CALLBACK_XOR_ENC: + *cb = (UINT32)policy->Tspicb_CallbackXorEnc; + break; + case TSS_TSPATTRIB_POLICY_CALLBACK_TAKEOWNERSHIP: + *cb = (UINT32)policy->Tspicb_CallbackTakeOwnership; + break; + case TSS_TSPATTRIB_POLICY_CALLBACK_CHANGEAUTHASYM: + *cb = (UINT32)policy->Tspicb_CallbackChangeAuthAsym; + break; + default: + result = TSPERR(TSS_E_INVALID_ATTRIB_FLAG); + break; + } + + obj_list_put(&policy_list); + + return result; +#else + return TSPERR(TSS_E_FAIL); +#endif +} + +TSS_RESULT +obj_policy_set_cb11(TSS_HPOLICY hPolicy, TSS_FLAG type, TSS_FLAG app_data, UINT32 cb) +{ +#ifndef __LP64__ + struct tsp_object *obj; + struct tr_policy_obj *policy; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + + switch (type) { + case TSS_TSPATTRIB_POLICY_CALLBACK_HMAC: + policy->Tspicb_CallbackHMACAuth = (PVOID)cb; + policy->hmacAppData = (PVOID)app_data; + break; + case TSS_TSPATTRIB_POLICY_CALLBACK_XOR_ENC: + policy->Tspicb_CallbackXorEnc = (PVOID)cb; + policy->xorAppData = (PVOID)app_data; + break; + case TSS_TSPATTRIB_POLICY_CALLBACK_TAKEOWNERSHIP: + policy->Tspicb_CallbackTakeOwnership = (PVOID)cb; + policy->takeownerAppData = (PVOID)app_data; + break; + case TSS_TSPATTRIB_POLICY_CALLBACK_CHANGEAUTHASYM: + policy->Tspicb_CallbackChangeAuthAsym = (PVOID)cb; + policy->changeauthAppData = (PVOID)app_data; + break; + default: + result = TSPERR(TSS_E_INVALID_ATTRIB_FLAG); + break; + } + + obj_list_put(&policy_list); + + return result; +#else + return TSPERR(TSS_E_FAIL); +#endif +} + +TSS_RESULT +obj_policy_set_cb12(TSS_HPOLICY hPolicy, TSS_FLAG flag, BYTE *in) +{ + struct tsp_object *obj; + struct tr_policy_obj *policy; + TSS_RESULT result = TSS_SUCCESS; + TSS_CALLBACK *cb = (TSS_CALLBACK *)in; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + + switch (flag) { + case TSS_TSPATTRIB_POLICY_CALLBACK_HMAC: + if (!cb) { + policy->Tspicb_CallbackHMACAuth = NULL; + break; + } + + policy->Tspicb_CallbackHMACAuth = + (TSS_RESULT (*)(PVOID, TSS_HOBJECT, TSS_BOOL, + UINT32, TSS_BOOL, UINT32, BYTE *, BYTE *, + BYTE *, BYTE *, UINT32, BYTE *, BYTE *)) + cb->callback; + policy->hmacAppData = cb->appData; + policy->hmacAlg = cb->alg; + break; + case TSS_TSPATTRIB_POLICY_CALLBACK_XOR_ENC: + if (!cb) { + policy->Tspicb_CallbackXorEnc = NULL; + break; + } + + policy->Tspicb_CallbackXorEnc = + (TSS_RESULT (*)(PVOID, TSS_HOBJECT, + TSS_HOBJECT, TSS_FLAG, UINT32, BYTE *, BYTE *, + BYTE *, BYTE *, UINT32, BYTE *, BYTE *)) + cb->callback; + policy->xorAppData = cb->appData; + policy->xorAlg = cb->alg; + break; + case TSS_TSPATTRIB_POLICY_CALLBACK_TAKEOWNERSHIP: + if (!cb) { + policy->Tspicb_CallbackTakeOwnership = NULL; + break; + } + + policy->Tspicb_CallbackTakeOwnership = + (TSS_RESULT (*)(PVOID, TSS_HOBJECT, TSS_HKEY, + UINT32, BYTE *))cb->callback; + policy->takeownerAppData = cb->appData; + policy->takeownerAlg = cb->alg; + break; + case TSS_TSPATTRIB_POLICY_CALLBACK_CHANGEAUTHASYM: + if (!cb) { + policy->Tspicb_CallbackChangeAuthAsym = NULL; + break; + } + + policy->Tspicb_CallbackChangeAuthAsym = + (TSS_RESULT (*)(PVOID, TSS_HOBJECT, TSS_HKEY, + UINT32, UINT32, BYTE *, BYTE *))cb->callback; + policy->changeauthAppData = cb->appData; + policy->changeauthAlg = cb->alg; + break; +#ifdef TSS_BUILD_SEALX + case TSS_TSPATTRIB_POLICY_CALLBACK_SEALX_MASK: + if (!cb) { + policy->Tspicb_CallbackSealxMask = NULL; + policy->sealxAppData = NULL; + policy->sealxAlg = 0; + break; + } + + policy->Tspicb_CallbackSealxMask = + (TSS_RESULT (*)(PVOID, TSS_HKEY, TSS_HENCDATA, + TSS_ALGORITHM_ID, UINT32, BYTE *, BYTE *, BYTE *, BYTE *, + UINT32, BYTE *, BYTE *))cb->callback; + policy->sealxAppData = cb->appData; + policy->sealxAlg = cb->alg; + break; +#endif + default: + result = TSPERR(TSS_E_INVALID_ATTRIB_FLAG); + break; + } + + obj_list_put(&policy_list); + + return result; +} + +TSS_RESULT +obj_policy_get_cb12(TSS_HPOLICY hPolicy, TSS_FLAG flag, UINT32 *size, BYTE **out) +{ + struct tsp_object *obj; + struct tr_policy_obj *policy; + TSS_RESULT result = TSS_SUCCESS; + TSS_CALLBACK *cb; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + + if ((cb = calloc_tspi(obj->tspContext, sizeof(TSS_CALLBACK))) == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(TSS_CALLBACK)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + switch (flag) { + case TSS_TSPATTRIB_POLICY_CALLBACK_HMAC: + cb->callback = policy->Tspicb_CallbackHMACAuth; + cb->appData = policy->hmacAppData; + cb->alg = policy->hmacAlg; + *size = sizeof(TSS_CALLBACK); + *out = (BYTE *)cb; + break; + case TSS_TSPATTRIB_POLICY_CALLBACK_XOR_ENC: + cb->callback = policy->Tspicb_CallbackXorEnc; + cb->appData = policy->xorAppData; + cb->alg = policy->xorAlg; + *size = sizeof(TSS_CALLBACK); + *out = (BYTE *)cb; + break; + case TSS_TSPATTRIB_POLICY_CALLBACK_TAKEOWNERSHIP: + cb->callback = policy->Tspicb_CallbackTakeOwnership; + cb->appData = policy->takeownerAppData; + cb->alg = policy->takeownerAlg; + *size = sizeof(TSS_CALLBACK); + *out = (BYTE *)cb; + break; + case TSS_TSPATTRIB_POLICY_CALLBACK_CHANGEAUTHASYM: + cb->callback = policy->Tspicb_CallbackChangeAuthAsym; + cb->appData = policy->changeauthAppData; + cb->alg = policy->changeauthAlg; + *size = sizeof(TSS_CALLBACK); + *out = (BYTE *)cb; + break; +#ifdef TSS_BUILD_SEALX + case TSS_TSPATTRIB_POLICY_CALLBACK_SEALX_MASK: + cb->callback = policy->Tspicb_CallbackSealxMask; + cb->appData = policy->sealxAppData; + cb->alg = policy->sealxAlg; + *size = sizeof(TSS_CALLBACK); + *out = (BYTE *)cb; + break; +#endif + default: + free_tspi(obj->tspContext, cb); + result = TSPERR(TSS_E_INVALID_ATTRIB_FLAG); + break; + } +done: + obj_list_put(&policy_list); + + return result; +} + +TSS_RESULT +obj_policy_get_lifetime(TSS_HPOLICY hPolicy, UINT32 *lifetime) +{ + struct tsp_object *obj; + struct tr_policy_obj *policy; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + *lifetime = policy->SecretLifetime; + + obj_list_put(&policy_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_policy_set_lifetime(TSS_HPOLICY hPolicy, UINT32 type, UINT32 value) +{ + struct tsp_object *obj; + struct tr_policy_obj *policy; + TSS_RESULT result = TSS_SUCCESS; + time_t t; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + + switch (type) { + case TSS_TSPATTRIB_POLICYSECRET_LIFETIME_ALWAYS: + policy->SecretCounter = 0; + policy->SecretLifetime = TSS_TSPATTRIB_POLICYSECRET_LIFETIME_ALWAYS; + policy->SecretTimeStamp = 0; + break; + case TSS_TSPATTRIB_POLICYSECRET_LIFETIME_COUNTER: + /* Both SecretCounter and SecretTimeStamp will receive value. Every time the + * policy is used, SecretCounter will be decremented. Each time SetSecret is + * called, SecretCounter will get the value stored in SecretTimeStamp */ + policy->SecretCounter = value; + policy->SecretLifetime = TSS_TSPATTRIB_POLICYSECRET_LIFETIME_COUNTER; + policy->SecretTimeStamp = value; + break; + case TSS_TSPATTRIB_POLICYSECRET_LIFETIME_TIMER: + t = time(NULL); + if (t == ((time_t)-1)) { + LogError("time failed: %s", strerror(errno)); + result = TSPERR(TSS_E_INTERNAL_ERROR); + break; + } + + /* For mode time, we'll use the SecretCounter variable to hold the number + * of seconds we're valid and the SecretTimeStamp var to record the current + * timestamp. This should protect against overflows. */ + policy->SecretCounter = value; + policy->SecretLifetime = TSS_TSPATTRIB_POLICYSECRET_LIFETIME_TIMER; + policy->SecretTimeStamp = t; + break; + default: + result = TSPERR(TSS_E_BAD_PARAMETER); + break; + } + + obj_list_put(&policy_list); + + return result; +} + +TSS_RESULT +obj_policy_get_mode(TSS_HPOLICY hPolicy, UINT32 *mode) +{ + struct tsp_object *obj; + struct tr_policy_obj *policy; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + *mode = policy->SecretMode; + + obj_list_put(&policy_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_policy_get_counter(TSS_HPOLICY hPolicy, UINT32 *counter) +{ + struct tsp_object *obj; + struct tr_policy_obj *policy; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + + if (policy->SecretLifetime == TSS_TSPATTRIB_POLICYSECRET_LIFETIME_COUNTER) + *counter = policy->SecretCounter; + else + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + + obj_list_put(&policy_list); + + return result; +} + +TSS_RESULT +obj_policy_dec_counter(TSS_HPOLICY hPolicy) +{ + struct tsp_object *obj; + struct tr_policy_obj *policy; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + + /* Only decrement if SecretCounter > 0, otherwise it could loop and become valid again */ + if (policy->SecretLifetime == TSS_TSPATTRIB_POLICYSECRET_LIFETIME_COUNTER && + policy->SecretCounter > 0) { + policy->SecretCounter--; + } + + obj_list_put(&policy_list); + + return TSS_SUCCESS; +} + +/* return a unicode string to the Tspi_GetAttribData function */ +TSS_RESULT +obj_policy_get_string(TSS_HPOLICY hPolicy, UINT32 *size, BYTE **data) +{ + TSS_RESULT result = TSS_SUCCESS; + BYTE *utf_string; + UINT32 utf_size; + struct tsp_object *obj; + struct tr_policy_obj *policy; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + + *size = policy->popupStringLength; + if (policy->popupStringLength == 0) { + *data = NULL; + } else { + utf_size = policy->popupStringLength; + utf_string = Trspi_Native_To_UNICODE(policy->popupString, + &utf_size); + if (utf_string == NULL) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *data = calloc_tspi(obj->tspContext, utf_size); + if (*data == NULL) { + free(utf_string); + LogError("malloc of %d bytes failed.", utf_size); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + *size = utf_size; + memcpy(*data, utf_string, utf_size); + free(utf_string); + } + +done: + obj_list_put(&policy_list); + + return result; +} + +TSS_RESULT +obj_policy_set_string(TSS_HPOLICY hPolicy, UINT32 size, BYTE *data) +{ + struct tsp_object *obj; + struct tr_policy_obj *policy; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + + free(policy->popupString); + policy->popupString = data; + policy->popupStringLength = size; + + obj_list_put(&policy_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_policy_get_secs_until_expired(TSS_HPOLICY hPolicy, UINT32 *secs) +{ + TSS_RESULT result = TSS_SUCCESS; + struct tsp_object *obj; + struct tr_policy_obj *policy; + int seconds_elapsed; + time_t t; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + + if (policy->SecretLifetime != TSS_TSPATTRIB_POLICYSECRET_LIFETIME_TIMER) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + if ((t = time(NULL)) == ((time_t)-1)) { + LogError("time failed: %s", strerror(errno)); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + /* curtime - SecretTimeStamp is the number of seconds elapsed since we started the timer. + * SecretCounter is the number of seconds the secret is valid. If + * seconds_elspased > SecretCounter, we've expired. */ + seconds_elapsed = t - policy->SecretTimeStamp; + if ((UINT32)seconds_elapsed >= policy->SecretCounter) { + *secs = 0; + } else { + *secs = policy->SecretCounter - seconds_elapsed; + } + +done: + obj_list_put(&policy_list); + + return result; +} + +TSS_RESULT +policy_has_expired(struct tr_policy_obj *policy, TSS_BOOL *answer) +{ + switch (policy->SecretLifetime) { + case TSS_TSPATTRIB_POLICYSECRET_LIFETIME_ALWAYS: + *answer = FALSE; + break; + case TSS_TSPATTRIB_POLICYSECRET_LIFETIME_COUNTER: + *answer = (policy->SecretCounter == 0 ? TRUE : FALSE); + break; + case TSS_TSPATTRIB_POLICYSECRET_LIFETIME_TIMER: + { + int seconds_elapsed; + time_t t = time(NULL); + + if (t == ((time_t)-1)) { + LogError("time failed: %s", strerror(errno)); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + /* curtime - SecretTimer is the number of seconds elapsed since we + * started the timer. SecretCounter is the number of seconds the + * secret is valid. If seconds_elspased > SecretCounter, we've + * expired. + */ + seconds_elapsed = t - policy->SecretTimeStamp; + *answer = ((UINT32)seconds_elapsed >= policy->SecretCounter ? TRUE : FALSE); + break; + } + default: + LogError("policy has an undefined secret lifetime!"); + return TSPERR(TSS_E_INVALID_OBJ_ACCESS); + } + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_policy_has_expired(TSS_HPOLICY hPolicy, TSS_BOOL *answer) +{ + struct tsp_object *obj; + struct tr_policy_obj *policy; + TSS_RESULT result; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + + result = policy_has_expired(policy, answer); + + obj_list_put(&policy_list); + + return result; +} + +TSS_RESULT +obj_policy_get_xsap_params(TSS_HPOLICY hPolicy, + TPM_COMMAND_CODE command, + TPM_ENTITY_TYPE *et, + UINT32 *entity_value_size, + BYTE **entity_value, + BYTE *secret, + TSS_CALLBACK *cb_xor, + TSS_CALLBACK *cb_hmac, + TSS_CALLBACK *cb_sealx, + UINT32 *mode, + TSS_BOOL new_secret) +{ + struct tsp_object *obj; + struct tr_policy_obj *policy; + TSS_RESULT result; + TSS_BOOL answer = FALSE; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + + if ((result = policy_has_expired(policy, &answer))) + goto done; + + if (answer) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } +#ifdef TSS_BUILD_DELEGATION + /* if the delegation index or blob is set, check to see if the command is delegated, if so, + * return the blob or index as the secret data */ + if (command && (policy->delegationType != TSS_DELEGATIONTYPE_NONE)) { + if (policy->delegationBlob) { + if ((*entity_value = malloc(policy->delegationBlobLength)) == NULL) { + LogError("malloc of %u bytes failed.", + policy->delegationBlobLength); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + memcpy(*entity_value, policy->delegationBlob, policy->delegationBlobLength); + *entity_value_size = policy->delegationBlobLength; + if (policy->delegationType == TSS_DELEGATIONTYPE_OWNER) + *et = TPM_ET_DEL_OWNER_BLOB; + else + *et = TPM_ET_DEL_KEY_BLOB; + } else { + if ((*entity_value = malloc(sizeof(UINT32))) == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(UINT32)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + *(UINT32 *)entity_value = policy->delegationIndex; + *entity_value_size = sizeof(UINT32); + *et = TPM_ET_DEL_ROW; + } + } +#endif + /* Either this is a policy set to mode callback, in which case both xor and hmac addresses + * must be set, or this is an encrypted data object's policy, where its mode is independent + * of whether a sealx callback is set */ + if (policy->SecretMode == TSS_SECRET_MODE_CALLBACK && cb_xor && cb_hmac) { + if ((policy->Tspicb_CallbackXorEnc && !policy->Tspicb_CallbackHMACAuth) || + (!policy->Tspicb_CallbackXorEnc && policy->Tspicb_CallbackHMACAuth)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + cb_xor->callback = policy->Tspicb_CallbackXorEnc; + cb_xor->appData = policy->xorAppData; + cb_xor->alg = policy->xorAlg; + + cb_hmac->callback = policy->Tspicb_CallbackHMACAuth; + cb_hmac->appData = policy->hmacAppData; + cb_hmac->alg = policy->hmacAlg; +#ifdef TSS_BUILD_SEALX + } else if (cb_sealx && policy->Tspicb_CallbackSealxMask) { + cb_sealx->callback = policy->Tspicb_CallbackSealxMask; + cb_sealx->appData = policy->sealxAppData; + cb_sealx->alg = policy->sealxAlg; +#endif + } + + if ((policy->SecretMode == TSS_SECRET_MODE_POPUP) && + (policy->SecretSet == FALSE)) { + if ((result = popup_GetSecret(new_secret, + policy->hashMode, + policy->popupString, + policy->Secret))) + goto done; + policy->SecretSet = TRUE; + } + memcpy(secret, policy->Secret, TPM_SHA1_160_HASH_LEN); + *mode = policy->SecretMode; +done: + obj_list_put(&policy_list); + + return result; +} + +TSS_RESULT +obj_policy_do_xor(TSS_HPOLICY hPolicy, + TSS_HOBJECT hOSAPObject, TSS_HOBJECT hObject, + TSS_FLAG PurposeSecret, UINT32 ulSizeNonces, + BYTE *rgbNonceEven, BYTE *rgbNonceOdd, + BYTE *rgbNonceEvenOSAP, BYTE *rgbNonceOddOSAP, + UINT32 ulSizeEncAuth, BYTE *rgbEncAuthUsage, + BYTE *rgbEncAuthMigration) +{ + TSS_RESULT result; + struct tsp_object *obj; + struct tr_policy_obj *policy; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + + result = policy->Tspicb_CallbackXorEnc(policy->xorAppData, + hOSAPObject, hObject, + PurposeSecret, ulSizeNonces, + rgbNonceEven, rgbNonceOdd, + rgbNonceEvenOSAP, rgbNonceOddOSAP, + ulSizeEncAuth, + rgbEncAuthUsage, rgbEncAuthMigration); + + obj_list_put(&policy_list); + + return result; +} + +TSS_RESULT +obj_policy_do_takeowner(TSS_HPOLICY hPolicy, + TSS_HOBJECT hObject, TSS_HKEY hObjectPubKey, + UINT32 ulSizeEncAuth, BYTE *rgbEncAuth) +{ + TSS_RESULT result; + struct tsp_object *obj; + struct tr_policy_obj *policy; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + + result = policy->Tspicb_CallbackTakeOwnership( + policy->takeownerAppData, + hObject, hObjectPubKey, ulSizeEncAuth, + rgbEncAuth); + + obj_list_put(&policy_list); + + return result; +} + +TSS_RESULT +obj_policy_get_hash_mode(TSS_HPOLICY hPolicy, UINT32 *mode) +{ + struct tsp_object *obj; + struct tr_policy_obj *policy; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + *mode = policy->hashMode; + + obj_list_put(&policy_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_policy_set_hash_mode(TSS_HPOLICY hPolicy, UINT32 mode) +{ + struct tsp_object *obj; + struct tr_policy_obj *policy; + + switch (mode) { + case TSS_TSPATTRIB_HASH_MODE_NULL: + case TSS_TSPATTRIB_HASH_MODE_NOT_NULL: + break; + default: + return TSPERR(TSS_E_INVALID_ATTRIB_DATA); + } + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + policy->hashMode = mode; + + obj_list_put(&policy_list); + + return TSS_SUCCESS; +} + +#ifdef TSS_BUILD_DELEGATION +TSS_RESULT +obj_policy_set_delegation_type(TSS_HPOLICY hPolicy, UINT32 type) +{ + struct tsp_object *obj; + struct tr_policy_obj *policy; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + + switch (type) { + case TSS_DELEGATIONTYPE_NONE: + obj_policy_clear_delegation(policy); + break; + case TSS_DELEGATIONTYPE_OWNER: + case TSS_DELEGATIONTYPE_KEY: + if (policy->delegationIndexSet || policy->delegationBlob) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + break; + } + + policy->delegationType = type; + +done: + obj_list_put(&policy_list); + + return result; +} + + +TSS_RESULT +obj_policy_get_delegation_type(TSS_HPOLICY hPolicy, UINT32 *type) +{ + struct tsp_object *obj; + struct tr_policy_obj *policy; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + + *type = policy->delegationType; + + obj_list_put(&policy_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_policy_set_delegation_index(TSS_HPOLICY hPolicy, UINT32 index) +{ + struct tsp_object *obj; + struct tr_policy_obj *policy; + TPM_DELEGATE_PUBLIC public; + TSS_RESULT result; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + + if ((result = get_delegate_index(obj->tspContext, index, &public))) + goto done; + + free(public.pcrInfo.pcrSelection.pcrSelect); + + obj_policy_clear_delegation(policy); + switch (public.permissions.delegateType) { + case TPM_DEL_OWNER_BITS: + policy->delegationType = TSS_DELEGATIONTYPE_OWNER; + break; + case TPM_DEL_KEY_BITS: + policy->delegationType = TSS_DELEGATIONTYPE_KEY; + break; + default: + result = TSPERR(TSS_E_BAD_PARAMETER); + goto done; + } + policy->delegationIndex = index; + policy->delegationIndexSet = TRUE; + +done: + obj_list_put(&policy_list); + + return result; +} + +TSS_RESULT +obj_policy_get_delegation_index(TSS_HPOLICY hPolicy, UINT32 *index) +{ + struct tsp_object *obj; + struct tr_policy_obj *policy; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + + if (!policy->delegationIndexSet) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + *index = policy->delegationIndex; + +done: + obj_list_put(&policy_list); + + return result; +} + +TSS_RESULT obj_policy_set_delegation_per1(TSS_HPOLICY hPolicy, UINT32 per1) +{ + struct tsp_object *obj; + struct tr_policy_obj *policy; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + + if (policy->delegationIndexSet || policy->delegationBlob) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + policy->delegationPer1 = per1; + +done: + obj_list_put(&policy_list); + + return result; +} + +TSS_RESULT obj_policy_get_delegation_per1(TSS_HPOLICY hPolicy, UINT32 *per1) +{ + struct tsp_object *obj; + struct tr_policy_obj *policy; + TPM_DELEGATE_PUBLIC public; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + + if (policy->delegationIndexSet || policy->delegationBlob) { + if ((result = obj_policy_get_delegate_public(obj, &public))) + goto done; + *per1 = public.permissions.per1; + free(public.pcrInfo.pcrSelection.pcrSelect); + } else + *per1 = policy->delegationPer1; + +done: + obj_list_put(&policy_list); + + return result; +} + +TSS_RESULT obj_policy_set_delegation_per2(TSS_HPOLICY hPolicy, UINT32 per2) +{ + struct tsp_object *obj; + struct tr_policy_obj *policy; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + + if (policy->delegationIndexSet || policy->delegationBlob) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + policy->delegationPer2 = per2; + +done: + obj_list_put(&policy_list); + + return result; +} + +TSS_RESULT obj_policy_get_delegation_per2(TSS_HPOLICY hPolicy, UINT32 *per2) +{ + struct tsp_object *obj; + struct tr_policy_obj *policy; + TPM_DELEGATE_PUBLIC public; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + + if (policy->delegationIndexSet || policy->delegationBlob) { + if ((result = obj_policy_get_delegate_public(obj, &public))) + goto done; + *per2 = public.permissions.per2; + free(public.pcrInfo.pcrSelection.pcrSelect); + } else + *per2 = policy->delegationPer2; + +done: + obj_list_put(&policy_list); + + return result; +} + +TSS_RESULT +obj_policy_set_delegation_blob(TSS_HPOLICY hPolicy, UINT32 type, UINT32 blobLength, BYTE *blob) +{ + struct tsp_object *obj; + struct tr_policy_obj *policy; + UINT16 tag; + UINT64 offset; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + + obj_policy_clear_delegation(policy); + + if (blobLength == 0) { + result = TSPERR(TSS_E_BAD_PARAMETER); + goto done; + } + + offset = 0; + Trspi_UnloadBlob_UINT16(&offset, &tag, blob); + switch (tag) { + case TPM_TAG_DELEGATE_OWNER_BLOB: + if (type && (type != TSS_DELEGATIONTYPE_OWNER)) { + result = TSPERR(TSS_E_BAD_PARAMETER); + goto done; + } + policy->delegationType = TSS_DELEGATIONTYPE_OWNER; + break; + case TPM_TAG_DELG_KEY_BLOB: + if (type && (type != TSS_DELEGATIONTYPE_KEY)) { + result = TSPERR(TSS_E_BAD_PARAMETER); + goto done; + } + policy->delegationType = TSS_DELEGATIONTYPE_KEY; + break; + default: + result = TSPERR(TSS_E_BAD_PARAMETER); + goto done; + } + + if ((policy->delegationBlob = malloc(blobLength)) == NULL) { + LogError("malloc of %u bytes failed.", blobLength); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + policy->delegationBlobLength = blobLength; + memcpy(policy->delegationBlob, blob, blobLength); + +done: + obj_list_put(&policy_list); + + return result; +} + +TSS_RESULT +obj_policy_get_delegation_blob(TSS_HPOLICY hPolicy, UINT32 type, UINT32 *blobLength, BYTE **blob) +{ + struct tsp_object *obj; + struct tr_policy_obj *policy; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + + if (policy->delegationBlobLength == 0) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + if (type && (type != policy->delegationType)) { + result = TSPERR(TSS_E_BAD_PARAMETER); + goto done; + } + + if ((*blob = calloc_tspi(obj->tspContext, policy->delegationBlobLength)) == NULL) { + LogError("malloc of %u bytes failed.", policy->delegationBlobLength); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + memcpy(*blob, policy->delegationBlob, policy->delegationBlobLength); + *blobLength = policy->delegationBlobLength; + +done: + obj_list_put(&policy_list); + + return result; +} + +TSS_RESULT +obj_policy_get_delegation_label(TSS_HPOLICY hPolicy, BYTE *label) +{ + struct tsp_object *obj; + struct tr_policy_obj *policy; + TPM_DELEGATE_PUBLIC public; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + + if (policy->delegationIndexSet || policy->delegationBlob) { + if ((result = obj_policy_get_delegate_public(obj, &public))) + goto done; + *label = public.label.label; + free(public.pcrInfo.pcrSelection.pcrSelect); + } else + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + +done: + obj_list_put(&policy_list); + + return result; +} + +TSS_RESULT +obj_policy_get_delegation_familyid(TSS_HPOLICY hPolicy, UINT32 *familyID) +{ + struct tsp_object *obj; + struct tr_policy_obj *policy; + TPM_DELEGATE_PUBLIC public; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + + if (policy->delegationIndexSet || policy->delegationBlob) { + if ((result = obj_policy_get_delegate_public(obj, &public))) + goto done; + *familyID = public.familyID; + free(public.pcrInfo.pcrSelection.pcrSelect); + } else + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + +done: + obj_list_put(&policy_list); + + return result; +} + +TSS_RESULT +obj_policy_get_delegation_vercount(TSS_HPOLICY hPolicy, UINT32 *verCount) +{ + struct tsp_object *obj; + struct tr_policy_obj *policy; + TPM_DELEGATE_PUBLIC public; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + + if (policy->delegationIndexSet || policy->delegationBlob) { + if ((result = obj_policy_get_delegate_public(obj, &public))) + goto done; + *verCount = public.verificationCount; + free(public.pcrInfo.pcrSelection.pcrSelect); + } else + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + +done: + obj_list_put(&policy_list); + + return result; +} + +TSS_RESULT +obj_policy_get_delegation_pcr_locality(TSS_HPOLICY hPolicy, UINT32 *locality) +{ + struct tsp_object *obj; + struct tr_policy_obj *policy; + TPM_DELEGATE_PUBLIC public; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + + if (policy->delegationIndexSet || policy->delegationBlob) { + if ((result = obj_policy_get_delegate_public(obj, &public))) + goto done; + *locality = public.pcrInfo.localityAtRelease; + free(public.pcrInfo.pcrSelection.pcrSelect); + } else + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + +done: + obj_list_put(&policy_list); + + return result; +} + +TSS_RESULT +obj_policy_get_delegation_pcr_digest(TSS_HPOLICY hPolicy, UINT32 *digestLength, BYTE **digest) +{ + struct tsp_object *obj; + struct tr_policy_obj *policy; + TPM_DELEGATE_PUBLIC public; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + + if (policy->delegationIndexSet || policy->delegationBlob) { + if ((result = obj_policy_get_delegate_public(obj, &public))) + goto done; + *digest = calloc_tspi(obj->tspContext, TPM_SHA1_160_HASH_LEN); + if (*digest == NULL) { + LogError("malloc of %u bytes failed.", TPM_SHA1_160_HASH_LEN); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + memcpy(*digest, &public.pcrInfo.digestAtRelease.digest, TPM_SHA1_160_HASH_LEN); + *digestLength = TPM_SHA1_160_HASH_LEN; + free(public.pcrInfo.pcrSelection.pcrSelect); + } else + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + +done: + obj_list_put(&policy_list); + + return result; +} + +TSS_RESULT +obj_policy_get_delegation_pcr_selection(TSS_HPOLICY hPolicy, UINT32 *selectionLength, + BYTE **selection) +{ + struct tsp_object *obj; + struct tr_policy_obj *policy; + TPM_DELEGATE_PUBLIC public; + UINT64 offset; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + + if (policy->delegationIndexSet || policy->delegationBlob) { + if ((result = obj_policy_get_delegate_public(obj, &public))) + goto done; + offset = 0; + Trspi_LoadBlob_PCR_SELECTION(&offset, NULL, &public.pcrInfo.pcrSelection); + *selection = calloc_tspi(obj->tspContext, offset); + if (*selection == NULL) { + LogError("malloc of %u bytes failed.", (UINT32)offset); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + offset = 0; + Trspi_LoadBlob_PCR_SELECTION(&offset, *selection, &public.pcrInfo.pcrSelection); + *selectionLength = offset; + free(public.pcrInfo.pcrSelection.pcrSelect); + } else + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + +done: + obj_list_put(&policy_list); + + return result; +} + +TSS_RESULT +obj_policy_is_delegation_index_set(TSS_HPOLICY hPolicy, TSS_BOOL *indexSet) +{ + struct tsp_object *obj; + struct tr_policy_obj *policy; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + + *indexSet = policy->delegationIndexSet; + + obj_list_put(&policy_list); + + return TSS_SUCCESS; +} + +void +obj_policy_clear_delegation(struct tr_policy_obj *policy) +{ + free(policy->delegationBlob); + policy->delegationType = TSS_DELEGATIONTYPE_NONE; + policy->delegationPer1 = 0; + policy->delegationPer2 = 0; + policy->delegationIndexSet = FALSE; + policy->delegationIndex = 0; + policy->delegationBlobLength = 0; + policy->delegationBlob = NULL; +} + +TSS_RESULT +obj_policy_get_delegate_public(struct tsp_object *obj, TPM_DELEGATE_PUBLIC *public) +{ + struct tr_policy_obj *policy; + UINT16 tag; + TPM_DELEGATE_OWNER_BLOB ownerBlob; + TPM_DELEGATE_KEY_BLOB keyBlob; + UINT64 offset; + TSS_RESULT result; + + policy = (struct tr_policy_obj *)obj->data; + + if (policy->delegationIndexSet) { + if ((result = get_delegate_index(obj->tspContext, policy->delegationIndex, + public))) + return result; + } else if (policy->delegationBlob) { + offset = 0; + Trspi_UnloadBlob_UINT16(&offset, &tag, policy->delegationBlob); + + offset = 0; + switch (tag) { + case TPM_TAG_DELEGATE_OWNER_BLOB: + if ((result = Trspi_UnloadBlob_TPM_DELEGATE_OWNER_BLOB(&offset, + policy->delegationBlob, + &ownerBlob))) + return result; + *public = ownerBlob.pub; + free(ownerBlob.additionalArea); + free(ownerBlob.sensitiveArea); + break; + case TPM_TAG_DELG_KEY_BLOB: + if ((result = Trspi_UnloadBlob_TPM_DELEGATE_KEY_BLOB(&offset, + policy->delegationBlob, + &keyBlob))) + return result; + *public = keyBlob.pub; + free(keyBlob.additionalArea); + free(keyBlob.sensitiveArea); + break; + default: + return TSPERR(TSS_E_INTERNAL_ERROR); + } + } else + return TSPERR(TSS_E_INTERNAL_ERROR); + + return TSS_SUCCESS; +} +#endif + diff --git a/src/tspi/obj_rsakey.c b/src/tspi/obj_rsakey.c new file mode 100644 index 0000000..3f509f1 --- /dev/null +++ b/src/tspi/obj_rsakey.c @@ -0,0 +1,2136 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2005, 2007 + * + */ + + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + +TSS_RESULT +obj_rsakey_add(TSS_HCONTEXT tspContext, TSS_FLAG initFlags, TSS_HOBJECT *phObject) +{ + UINT64 offset; + TSS_RESULT result; + TCPA_RSA_KEY_PARMS rsaKeyParms; + TSS_FLAG flags = 0; + struct tr_rsakey_obj *rsakey = calloc(1, sizeof(struct tr_rsakey_obj)); + TPM_STRUCT_VER ver = { 1, 1, 0, 0 }; // Must be 1.1.0.0 for 1.2 TPMs + UINT32 ctx_ver; + + if (rsakey == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(struct tr_rsakey_obj)); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + if ((result = obj_context_get_policy(tspContext, TSS_POLICY_USAGE, &rsakey->usagePolicy))) { + free(rsakey); + return result; + } + + if ((initFlags & TSS_KEY_STRUCT_BITMASK) == TSS_KEY_STRUCT_DEFAULT) { + /* Its not set, go with the context's default */ + if ((result = obj_context_get_connection_version(tspContext, &ctx_ver))) { + free(rsakey); + return result; + } + + switch (ctx_ver) { + case TSS_TSPATTRIB_CONTEXT_VERSION_V1_2: + initFlags |= TSS_KEY_STRUCT_KEY12; + break; + case TSS_TSPATTRIB_CONTEXT_VERSION_V1_1: + /* fall through */ + default: + initFlags |= TSS_KEY_STRUCT_KEY; + break; + } + } + + offset = 0; + switch (initFlags & TSS_KEY_STRUCT_BITMASK) { + case TSS_KEY_STRUCT_KEY: + rsakey->key.hdr.key11.ver = ver; + rsakey->type = TSS_KEY_STRUCT_KEY; + rsakey->pcrInfoType = TSS_PCRS_STRUCT_INFO; + rsakey->key.keyFlags = 0; + break; + case TSS_KEY_STRUCT_KEY12: + rsakey->key.hdr.key12.tag = TPM_TAG_KEY12; + rsakey->key.hdr.key12.fill = 0; + rsakey->type = TSS_KEY_STRUCT_KEY12; + rsakey->pcrInfoType = TSS_PCRS_STRUCT_INFO_LONG; + rsakey->key.keyFlags = TPM_PCRIGNOREDONREAD; + break; + default: + free(rsakey); + return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG); + break; + } + + if (initFlags == TSS_KEY_EMPTY_KEY) + goto add_key; + + memset(&rsaKeyParms, 0, sizeof(TCPA_RSA_KEY_PARMS)); + + rsakey->key.algorithmParms.algorithmID = TCPA_ALG_RSA; + rsakey->key.algorithmParms.parmSize = sizeof(TCPA_RSA_KEY_PARMS); + + rsakey->key.algorithmParms.parms = calloc(1, sizeof(TCPA_RSA_KEY_PARMS)); + if (rsakey->key.algorithmParms.parms == NULL) { + LogError("calloc of %u bytes failed.", rsakey->key.algorithmParms.parmSize); + free(rsakey); + return TSPERR(TSS_E_OUTOFMEMORY); + } + rsaKeyParms.exponentSize = 0; + rsaKeyParms.numPrimes = 2; + + rsakey->key.pubKey.keyLength = 0; + rsakey->key.encSize = 0; + rsakey->key.PCRInfoSize = 0; + + /* End of all the default stuff */ + + if (initFlags & TSS_KEY_VOLATILE) + rsakey->key.keyFlags |= TPM_VOLATILE; + if (initFlags & TSS_KEY_MIGRATABLE) + rsakey->key.keyFlags |= TPM_MIGRATABLE; + if (initFlags & TSS_KEY_AUTHORIZATION) { + rsakey->key.authDataUsage = TPM_AUTH_ALWAYS; + flags |= TSS_OBJ_FLAG_USAGEAUTH; + } + +#ifdef TSS_BUILD_CMK + if (initFlags & TSS_KEY_CERTIFIED_MIGRATABLE) { + if (rsakey->type == TSS_KEY_STRUCT_KEY) { + free(rsakey); + return TSPERR(TSS_E_BAD_PARAMETER); + } + rsakey->key.keyFlags |= TPM_MIGRATEAUTHORITY; + } +#endif + + /* set the key length */ + if ((initFlags & TSS_KEY_SIZE_MASK) == TSS_KEY_SIZE_512) { + rsaKeyParms.keyLength = 512; + } else if ((initFlags & TSS_KEY_SIZE_MASK) == TSS_KEY_SIZE_1024) { + rsaKeyParms.keyLength = 1024; + } else if ((initFlags & TSS_KEY_SIZE_MASK) == TSS_KEY_SIZE_2048) { + rsaKeyParms.keyLength = 2048; + } else if ((initFlags & TSS_KEY_SIZE_MASK) == TSS_KEY_SIZE_4096) { + rsaKeyParms.keyLength = 4096; + } else if ((initFlags & TSS_KEY_SIZE_MASK) == TSS_KEY_SIZE_8192) { + rsaKeyParms.keyLength = 8192; + } else if ((initFlags & TSS_KEY_SIZE_MASK) == TSS_KEY_SIZE_16384) { + rsaKeyParms.keyLength = 16384; + } + + /* assign encryption and signature schemes */ + if ((initFlags & TSS_KEY_TYPE_MASK) == TSS_KEY_TYPE_SIGNING) { + rsakey->key.keyUsage = TPM_KEY_SIGNING; + rsakey->key.algorithmParms.encScheme = TCPA_ES_NONE; + rsakey->key.algorithmParms.sigScheme = TCPA_SS_RSASSAPKCS1v15_SHA1; + } else if ((initFlags & TSS_KEY_TYPE_MASK) == TSS_KEY_TYPE_BIND) { + rsakey->key.keyUsage = TPM_KEY_BIND; + rsakey->key.algorithmParms.encScheme = TCPA_ES_RSAESOAEP_SHA1_MGF1; + rsakey->key.algorithmParms.sigScheme = TCPA_SS_NONE; + } else if ((initFlags & TSS_KEY_TYPE_MASK) == TSS_KEY_TYPE_LEGACY) { + rsakey->key.keyUsage = TPM_KEY_LEGACY; + rsakey->key.algorithmParms.encScheme = TCPA_ES_RSAESOAEP_SHA1_MGF1; + rsakey->key.algorithmParms.sigScheme = TCPA_SS_RSASSAPKCS1v15_SHA1; + } else if ((initFlags & TSS_KEY_TYPE_MASK) == TSS_KEY_TYPE_STORAGE) { + rsakey->key.keyUsage = TPM_KEY_STORAGE; + rsakey->key.algorithmParms.encScheme = TCPA_ES_RSAESOAEP_SHA1_MGF1; + rsakey->key.algorithmParms.sigScheme = TCPA_SS_NONE; + } else if ((initFlags & TSS_KEY_TYPE_MASK) == TSS_KEY_TYPE_IDENTITY) { + rsakey->key.keyUsage = TPM_KEY_IDENTITY; + rsakey->key.algorithmParms.encScheme = TCPA_ES_NONE; + rsakey->key.algorithmParms.sigScheme = TCPA_SS_RSASSAPKCS1v15_SHA1; + } else if ((initFlags & TSS_KEY_TYPE_MASK) == TSS_KEY_TYPE_AUTHCHANGE) { + rsakey->key.keyUsage = TPM_KEY_AUTHCHANGE; + rsakey->key.algorithmParms.encScheme = TCPA_ES_RSAESOAEP_SHA1_MGF1; + rsakey->key.algorithmParms.sigScheme = TCPA_SS_NONE; + } + + /* Load the RSA key parms into the blob in the TCPA_KEY_PARMS pointer. + * If the exponent is left NULL, the parmSize variable will change + * here */ + offset = 0; + Trspi_LoadBlob_RSA_KEY_PARMS(&offset, rsakey->key.algorithmParms.parms, &rsaKeyParms); + rsakey->key.algorithmParms.parmSize = offset; + +add_key: + if ((result = obj_list_add(&rsakey_list, tspContext, flags, rsakey, phObject))) { + free(rsakey->key.algorithmParms.parms); + free(rsakey); + return result; + } + + return TSS_SUCCESS; +} + +/* Add a new rsakey to the list when its pulled from user PS */ +TSS_RESULT +obj_rsakey_add_by_key(TSS_HCONTEXT tspContext, TSS_UUID *uuid, BYTE *key, TSS_FLAG flags, + TSS_HKEY *phKey) +{ + TSS_RESULT result; + UINT64 offset; + struct tr_rsakey_obj *rsakey = calloc(1, sizeof(struct tr_rsakey_obj)); + + if (rsakey == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(struct tr_rsakey_obj)); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + memcpy(&rsakey->uuid, uuid, sizeof(TSS_UUID)); + + offset = 0; + if ((result = UnloadBlob_TSS_KEY(&offset, key, &rsakey->key))) { + free(rsakey); + return result; + } + if (rsakey->key.hdr.key12.tag == TPM_TAG_KEY12) + rsakey->type = TSS_KEY_STRUCT_KEY12; + else + rsakey->type = TSS_KEY_STRUCT_KEY; + + flags |= TSS_OBJ_FLAG_KEY_SET; + if (rsakey->key.authDataUsage) + flags |= TSS_OBJ_FLAG_USAGEAUTH; + + if ((result = obj_context_get_policy(tspContext, TSS_POLICY_USAGE, &rsakey->usagePolicy))) { + free(rsakey); + return result; + } + + if ((result = obj_list_add(&rsakey_list, tspContext, flags, rsakey, phKey))) { + free_key_refs(&rsakey->key); + free(rsakey); + return result; + } + + return TSS_SUCCESS; +} + +TSS_BOOL +obj_is_rsakey(TSS_HOBJECT hObject) +{ + TSS_BOOL answer = FALSE; + + if ((obj_list_get_obj(&rsakey_list, hObject))) { + answer = TRUE; + obj_list_put(&rsakey_list); + } + + return answer; +} + +TSS_RESULT +obj_rsakey_set_flags(TSS_HKEY hKey, UINT32 flags) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (obj->flags & TSS_OBJ_FLAG_KEY_SET) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + rsakey = (struct tr_rsakey_obj *)obj->data; + rsakey->key.keyFlags = flags; +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_set_size(TSS_HKEY hKey, UINT32 len) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (obj->flags & TSS_OBJ_FLAG_KEY_SET) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + rsakey = (struct tr_rsakey_obj *)obj->data; + rsakey->key.pubKey.keyLength = len/8; +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_set_key_parms(TSS_HKEY hKey, TCPA_KEY_PARMS *parms) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (obj->flags & TSS_OBJ_FLAG_KEY_SET) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + rsakey = (struct tr_rsakey_obj *)obj->data; + + free(rsakey->key.algorithmParms.parms); + + memcpy(&rsakey->key.algorithmParms, parms, sizeof(TCPA_KEY_PARMS)); + + if (parms->parmSize > 0) { + if ((rsakey->key.algorithmParms.parms = + malloc(parms->parmSize)) == NULL) { + LogError("calloc of %d bytes failed.", parms->parmSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + memcpy(rsakey->key.algorithmParms.parms, parms->parms, + parms->parmSize); + } else { + rsakey->key.algorithmParms.parms = NULL; + } + +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_set_policy(TSS_HKEY hKey, TSS_HPOLICY hPolicy) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + UINT32 policyType; + TSS_RESULT result = TSS_SUCCESS; + + if ((result = obj_policy_get_type(hPolicy, &policyType))) + return result; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + switch (policyType) { + case TSS_POLICY_USAGE: + rsakey->usagePolicy = hPolicy; + break; + case TSS_POLICY_MIGRATION: + rsakey->migPolicy = hPolicy; + break; + default: + result = TSPERR(TSS_E_BAD_PARAMETER); + } + + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_set_pstype(TSS_HKEY hKey, UINT32 type) +{ + struct tsp_object *obj; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + switch (type) { + case TSS_PS_TYPE_USER: + obj->flags |= TSS_OBJ_FLAG_USER_PS; + obj->flags &= ~TSS_OBJ_FLAG_SYSTEM_PS; + break; + case TSS_PS_TYPE_SYSTEM: + obj->flags |= TSS_OBJ_FLAG_SYSTEM_PS; + obj->flags &= ~TSS_OBJ_FLAG_USER_PS; + break; + case TSS_PS_TYPE_NO: + default: + obj->flags &= ~TSS_OBJ_FLAG_USER_PS; + obj->flags &= ~TSS_OBJ_FLAG_SYSTEM_PS; + break; + } + + obj_list_put(&rsakey_list); + + return TSS_SUCCESS; +} + +/* WARN: Nobody should call this function directly except for the + * Get/Set Attrib functions. The TCPA_KEY structure wants values + * for keyUsage to be TPM_KEY_* values, and this function translates + * to TSS_KEYUSAGE_* values for passing to an app. */ +TSS_RESULT +obj_rsakey_get_usage(TSS_HKEY hKey, UINT32 *usage) +{ + TSS_RESULT result = TSS_SUCCESS; + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + switch (rsakey->key.keyUsage) { + case TPM_KEY_SIGNING: + *usage = TSS_KEYUSAGE_SIGN; + break; + case TPM_KEY_BIND: + *usage = TSS_KEYUSAGE_BIND; + break; + case TPM_KEY_LEGACY: + *usage = TSS_KEYUSAGE_LEGACY; + break; + case TPM_KEY_AUTHCHANGE: + *usage = TSS_KEYUSAGE_AUTHCHANGE; + break; + case TPM_KEY_IDENTITY: + *usage = TSS_KEYUSAGE_IDENTITY; + break; + case TPM_KEY_STORAGE: + *usage = TSS_KEYUSAGE_STORAGE; + break; + default: + result = TSPERR(TSS_E_INVALID_ATTRIB_DATA); + break; + } + + obj_list_put(&rsakey_list); + + return result; +} + +/* WARN: Nobody should call this function directly except for the + * Get/Set Attrib functions. The TCPA_KEY structure wants values + * for keyUsage to be TPM_KEY_* values, and this function translates + * to TSS_KEYUSAGE_* values for passing to an app. */ +TSS_RESULT +obj_rsakey_set_usage(TSS_HKEY hKey, UINT32 usage) +{ + TSS_RESULT result = TSS_SUCCESS; + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (obj->flags & TSS_OBJ_FLAG_KEY_SET) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + rsakey = (struct tr_rsakey_obj *)obj->data; + + switch (usage) { + case TSS_KEYUSAGE_SIGN: + rsakey->key.keyUsage = TPM_KEY_SIGNING; + break; + case TSS_KEYUSAGE_BIND: + rsakey->key.keyUsage = TPM_KEY_BIND; + break; + case TSS_KEYUSAGE_LEGACY: + rsakey->key.keyUsage = TPM_KEY_LEGACY; + break; + case TSS_KEYUSAGE_AUTHCHANGE: + rsakey->key.keyUsage = TPM_KEY_AUTHCHANGE; + break; + case TSS_KEYUSAGE_IDENTITY: + rsakey->key.keyUsage = TPM_KEY_IDENTITY; + break; + case TSS_KEYUSAGE_STORAGE: + rsakey->key.keyUsage = TPM_KEY_STORAGE; + break; + default: + result = TSPERR(TSS_E_INVALID_ATTRIB_DATA); + break; + } +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_set_migratable(TSS_HKEY hKey, UINT32 mig) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (obj->flags & TSS_OBJ_FLAG_KEY_SET) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + rsakey = (struct tr_rsakey_obj *)obj->data; + if (mig) + rsakey->key.keyFlags |= TPM_MIGRATABLE; + else + rsakey->key.keyFlags &= (~TPM_MIGRATABLE); +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_set_redirected(TSS_HKEY hKey, UINT32 redir) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (obj->flags & TSS_OBJ_FLAG_KEY_SET) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + rsakey = (struct tr_rsakey_obj *)obj->data; + if (redir) + rsakey->key.keyFlags |= TPM_REDIRECTION; + else + rsakey->key.keyFlags &= (~TPM_REDIRECTION); +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_set_volatile(TSS_HKEY hKey, UINT32 vol) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (obj->flags & TSS_OBJ_FLAG_KEY_SET) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + rsakey = (struct tr_rsakey_obj *)obj->data; + if (vol) + rsakey->key.keyFlags |= TPM_VOLATILE; + else + rsakey->key.keyFlags &= (~TPM_VOLATILE); +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_get_authdata_usage(TSS_HKEY hKey, UINT32 *usage) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + *usage = (UINT32)rsakey->key.authDataUsage ? TRUE : FALSE; + + obj_list_put(&rsakey_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_rsakey_set_authdata_usage(TSS_HKEY hKey, UINT32 usage) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (obj->flags & TSS_OBJ_FLAG_KEY_SET) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + rsakey = (struct tr_rsakey_obj *)obj->data; + + rsakey->key.authDataUsage = (BYTE)usage; + if (usage) + obj->flags |= TSS_OBJ_FLAG_USAGEAUTH; + else + obj->flags &= ~TSS_OBJ_FLAG_USAGEAUTH; +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_get_alg(TSS_HKEY hKey, UINT32 *alg) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + switch (rsakey->key.algorithmParms.algorithmID) { + case TCPA_ALG_RSA: + *alg = TSS_ALG_RSA; + break; + default: + *alg = rsakey->key.algorithmParms.algorithmID; + break; + } + + obj_list_put(&rsakey_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_rsakey_set_alg(TSS_HKEY hKey, UINT32 alg) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (obj->flags & TSS_OBJ_FLAG_KEY_SET) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + rsakey = (struct tr_rsakey_obj *)obj->data; + switch (alg) { + case TSS_ALG_RSA: + rsakey->key.algorithmParms.algorithmID = TCPA_ALG_RSA; + break; + default: + rsakey->key.algorithmParms.algorithmID = alg; + break; + } +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_get_es(TSS_HKEY hKey, UINT32 *es) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + /* translate TPM numbers to TSS numbers */ + switch (rsakey->key.algorithmParms.encScheme) { + case TCPA_ES_NONE: + *es = TSS_ES_NONE; + break; + case TCPA_ES_RSAESPKCSv15: + *es = TSS_ES_RSAESPKCSV15; + break; + case TCPA_ES_RSAESOAEP_SHA1_MGF1: + *es = TSS_ES_RSAESOAEP_SHA1_MGF1; + break; + default: + *es = rsakey->key.algorithmParms.encScheme; + break; + } + + obj_list_put(&rsakey_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_rsakey_set_es(TSS_HKEY hKey, UINT32 es) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (obj->flags & TSS_OBJ_FLAG_KEY_SET) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + rsakey = (struct tr_rsakey_obj *)obj->data; + + /* translate TSS numbers to TPM numbers */ + switch (es) { + case TSS_ES_NONE: + rsakey->key.algorithmParms.encScheme = TCPA_ES_NONE; + break; + case TSS_ES_RSAESPKCSV15: + rsakey->key.algorithmParms.encScheme = TCPA_ES_RSAESPKCSv15; + break; + case TSS_ES_RSAESOAEP_SHA1_MGF1: + rsakey->key.algorithmParms.encScheme = TCPA_ES_RSAESOAEP_SHA1_MGF1; + break; + default: + rsakey->key.algorithmParms.encScheme = es; + break; + } +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_get_ss(TSS_HKEY hKey, UINT32 *ss) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + /* translate TPM numbers to TSS numbers */ + switch (rsakey->key.algorithmParms.sigScheme) { + case TCPA_SS_NONE: + *ss = TSS_SS_NONE; + break; + case TCPA_SS_RSASSAPKCS1v15_SHA1: + *ss = TSS_SS_RSASSAPKCS1V15_SHA1; + break; + case TCPA_SS_RSASSAPKCS1v15_DER: + *ss = TSS_SS_RSASSAPKCS1V15_DER; + break; + case TCPA_SS_RSASSAPKCS1v15_INFO: + *ss = TSS_SS_RSASSAPKCS1V15_INFO; + break; + default: + *ss = rsakey->key.algorithmParms.sigScheme; + break; + } + + + obj_list_put(&rsakey_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_rsakey_set_ss(TSS_HKEY hKey, UINT32 ss) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (obj->flags & TSS_OBJ_FLAG_KEY_SET) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + rsakey = (struct tr_rsakey_obj *)obj->data; + + /* translate TSS numbers to TPM numbers */ + switch (ss) { + case TSS_SS_NONE: + rsakey->key.algorithmParms.sigScheme = TCPA_SS_NONE; + break; + case TSS_SS_RSASSAPKCS1V15_SHA1: + rsakey->key.algorithmParms.sigScheme = TCPA_SS_RSASSAPKCS1v15_SHA1; + break; + case TSS_SS_RSASSAPKCS1V15_DER: + rsakey->key.algorithmParms.sigScheme = TCPA_SS_RSASSAPKCS1v15_DER; + break; + case TSS_SS_RSASSAPKCS1V15_INFO: + rsakey->key.algorithmParms.sigScheme = TCPA_SS_RSASSAPKCS1v15_INFO; + break; + default: + rsakey->key.algorithmParms.sigScheme = ss; + break; + } +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_set_num_primes(TSS_HKEY hKey, UINT32 num) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (obj->flags & TSS_OBJ_FLAG_KEY_SET) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + rsakey = (struct tr_rsakey_obj *)obj->data; + UINT32ToArray(num, &rsakey->key.algorithmParms.parms[4]); +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_get_num_primes(TSS_HKEY hKey, UINT32 *num) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TCPA_RSA_KEY_PARMS *parms; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + parms = (TCPA_RSA_KEY_PARMS *)rsakey->key.algorithmParms.parms; + *num = endian32(parms->numPrimes); + + obj_list_put(&rsakey_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_rsakey_get_flags(TSS_HKEY hKey, UINT32 *flags) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + *flags = rsakey->key.keyFlags; + + obj_list_put(&rsakey_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_rsakey_get_size(TSS_HKEY hKey, UINT32 *len) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + switch (rsakey->key.pubKey.keyLength) { + case 512/8: + *len = TSS_KEY_SIZEVAL_512BIT; + break; + case 1024/8: + *len = TSS_KEY_SIZEVAL_1024BIT; + break; + case 2048/8: + *len = TSS_KEY_SIZEVAL_2048BIT; + break; + default: + *len = rsakey->key.pubKey.keyLength * 8; + break; + } + + obj_list_put(&rsakey_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_rsakey_get_pstype(TSS_HKEY hKey, UINT32 *type) +{ + struct tsp_object *obj; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (obj->flags & TSS_OBJ_FLAG_SYSTEM_PS) + *type = TSS_PS_TYPE_SYSTEM; + else if (obj->flags & TSS_OBJ_FLAG_USER_PS) + *type = TSS_PS_TYPE_USER; + else + *type = TSS_PS_TYPE_NO; + + obj_list_put(&rsakey_list); + + return TSS_SUCCESS; +} + +TSS_BOOL +obj_rsakey_is_migratable(TSS_HKEY hKey) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_BOOL answer = FALSE; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return answer; + + rsakey = (struct tr_rsakey_obj *)obj->data; + if (rsakey->key.keyFlags & TPM_MIGRATABLE) + answer = TRUE; + + obj_list_put(&rsakey_list); + + return answer; +} + +TSS_BOOL +obj_rsakey_is_redirected(TSS_HKEY hKey) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_BOOL answer = FALSE; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return answer; + + rsakey = (struct tr_rsakey_obj *)obj->data; + if (rsakey->key.keyFlags & TPM_REDIRECTION) + answer = TRUE; + + obj_list_put(&rsakey_list); + + return answer; +} + +TSS_BOOL +obj_rsakey_is_volatile(TSS_HKEY hKey) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_BOOL answer = FALSE; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return answer; + + rsakey = (struct tr_rsakey_obj *)obj->data; + if (rsakey->key.keyFlags & TPM_VOLATILE) + answer = TRUE; + + obj_list_put(&rsakey_list); + + return answer; +} + +TSS_RESULT +obj_rsakey_get_tsp_context(TSS_HKEY hKey, TSS_HCONTEXT *tspContext) +{ + struct tsp_object *obj; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + *tspContext = obj->tspContext; + + obj_list_put(&rsakey_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_rsakey_get_policies(TSS_HKEY hKey, TSS_HPOLICY *usage, TSS_HPOLICY *mig, TSS_BOOL *auth) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + *mig = rsakey->migPolicy; + *usage = rsakey->usagePolicy; + *auth = rsakey->key.authDataUsage ? TRUE : FALSE; + + obj_list_put(&rsakey_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_rsakey_get_policy(TSS_HKEY hKey, UINT32 policyType, + TSS_HPOLICY *phPolicy, TSS_BOOL *auth) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + switch (policyType) { + case TSS_POLICY_USAGE: + *phPolicy = rsakey->usagePolicy; + if (auth != NULL) { + if (obj->flags & TSS_OBJ_FLAG_USAGEAUTH) + *auth = TRUE; + else + *auth = FALSE; + } + break; + case TSS_POLICY_MIGRATION: + if (!rsakey->migPolicy) { + result = TSPERR(TSS_E_KEY_NO_MIGRATION_POLICY); + break; + } + + *phPolicy = rsakey->migPolicy; + if (auth != NULL) { + if (obj->flags & TSS_OBJ_FLAG_MIGAUTH) + *auth = TRUE; + else + *auth = FALSE; + } + break; + default: + result = TSPERR(TSS_E_BAD_PARAMETER); + } + + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_get_blob(TSS_HKEY hKey, UINT32 *size, BYTE **data) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + UINT64 offset; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + offset = 0; + LoadBlob_TSS_KEY(&offset, NULL, &rsakey->key); + + *data = calloc_tspi(obj->tspContext, offset); + if (*data == NULL) { + LogError("malloc of %" PRIu64 " bytes failed.", offset); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + offset = 0; + LoadBlob_TSS_KEY(&offset, *data, &rsakey->key); + *size = offset; + +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_get_priv_blob(TSS_HKEY hKey, UINT32 *size, BYTE **data) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + *data = calloc_tspi(obj->tspContext, rsakey->key.encSize); + if (*data == NULL) { + LogError("malloc of %u bytes failed.", rsakey->key.encSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + *size = rsakey->key.encSize; + memcpy(*data, rsakey->key.encData, rsakey->key.encSize); + +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_get_modulus(TSS_HKEY hKey, UINT32 *size, BYTE **data) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + /* if this key object represents the SRK and the public key + * data here is all 0's, then we shouldn't return it, we + * should return TSS_E_BAD_PARAMETER. This is part of protecting + * the SRK public key. */ + if (rsakey->tcsHandle == TPM_KEYHND_SRK) { + BYTE zeroBlob[2048] = { 0, }; + + if (!memcmp(rsakey->key.pubKey.key, zeroBlob, rsakey->key.pubKey.keyLength)) { + result = TSPERR(TSS_E_BAD_PARAMETER); + goto done; + } + } + + *data = calloc_tspi(obj->tspContext, rsakey->key.pubKey.keyLength); + if (*data == NULL) { + LogError("malloc of %u bytes failed.", rsakey->key.pubKey.keyLength); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + *size = rsakey->key.pubKey.keyLength; + memcpy(*data, rsakey->key.pubKey.key, rsakey->key.pubKey.keyLength); + +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_set_modulus(TSS_HKEY hKey, UINT32 size, BYTE *data) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + BYTE *free_ptr; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (obj->flags & TSS_OBJ_FLAG_KEY_SET) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + rsakey = (struct tr_rsakey_obj *)obj->data; + + free_ptr = rsakey->key.pubKey.key; + + rsakey->key.pubKey.key = malloc(size); + if (rsakey->key.pubKey.key == NULL) { + rsakey->key.pubKey.key = free_ptr; // restore + LogError("malloc of %u bytes failed.", size); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + rsakey->key.pubKey.keyLength = size; + memcpy(rsakey->key.pubKey.key, data, size); + +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_get_pub_blob(TSS_HKEY hKey, UINT32 *size, BYTE **data) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + UINT64 offset; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + /* if this key object represents the SRK and the public key + * data here is all 0's, then we shouldn't return it, we + * should return TSS_E_BAD_PARAMETER. This is part of protecting + * the SRK public key. */ + if (rsakey->tcsHandle == TPM_KEYHND_SRK) { + BYTE zeroBlob[2048] = { 0, }; + + if (!memcmp(rsakey->key.pubKey.key, zeroBlob, rsakey->key.pubKey.keyLength)) { + result = TSPERR(TSS_E_BAD_PARAMETER); + goto done; + } + } + + offset = 0; + Trspi_LoadBlob_KEY_PARMS(&offset, NULL, &rsakey->key.algorithmParms); + Trspi_LoadBlob_STORE_PUBKEY(&offset, NULL, &rsakey->key.pubKey); + + *data = calloc_tspi(obj->tspContext, offset); + if (*data == NULL) { + LogError("malloc of %" PRIu64 " bytes failed.", offset); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + offset = 0; + Trspi_LoadBlob_KEY_PARMS(&offset, *data, &rsakey->key.algorithmParms); + Trspi_LoadBlob_STORE_PUBKEY(&offset, *data, &rsakey->key.pubKey); + *size = offset; + +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_get_version(TSS_HKEY hKey, UINT32 *size, BYTE **data) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + UINT64 offset; + TPM_STRUCT_VER ver = {1, 2, 0, 0}, *pVer; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + if (rsakey->key.hdr.key12.tag == TPM_TAG_KEY12) + pVer = &ver; + else + pVer = &rsakey->key.hdr.key11.ver; + + offset = 0; + Trspi_LoadBlob_TCPA_VERSION(&offset, NULL, *pVer); + + *data = calloc_tspi(obj->tspContext, offset); + if (*data == NULL) { + LogError("malloc of %" PRIu64 " bytes failed.", offset); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + offset = 0; + Trspi_LoadBlob_TCPA_VERSION(&offset, *data, *pVer); + *size = offset; + +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_get_exponent(TSS_HKEY hKey, UINT32 *size, BYTE **data) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + TCPA_RSA_KEY_PARMS *parms; + BYTE default_exp[3] = { 0x1, 0x0, 0x1 }; + UINT32 offset; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + parms = (TCPA_RSA_KEY_PARMS *)rsakey->key.algorithmParms.parms; + offset = parms->exponentSize; + + /* see TPM 1.1b spec pg. 51. If exponentSize is 0, we're using the + * default exponent of 2^16 + 1. */ + if (offset == 0) { + offset = 3; + *data = calloc_tspi(obj->tspContext, offset); + if (*data == NULL) { + LogError("malloc of %u bytes failed.", offset); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + *size = offset; + memcpy(*data, default_exp, offset); + } else { + *data = calloc_tspi(obj->tspContext, offset); + if (*data == NULL) { + LogError("malloc of %u bytes failed.", offset); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + *size = offset; + memcpy(*data, parms->exponent, offset); + } + +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_set_exponent(TSS_HKEY hKey, UINT32 size, BYTE *data) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + TCPA_RSA_KEY_PARMS *parms; + BYTE *free_ptr; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (obj->flags & TSS_OBJ_FLAG_KEY_SET) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + rsakey = (struct tr_rsakey_obj *)obj->data; + parms = (TCPA_RSA_KEY_PARMS *)rsakey->key.algorithmParms.parms; + + free_ptr = parms->exponent; + + parms->exponent = malloc(size); + if (parms->exponent == NULL) { + parms->exponent = free_ptr; // restore + LogError("malloc of %u bytes failed.", size); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + parms->exponentSize = size; + memcpy(parms->exponent, data, size); +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_get_uuid(TSS_HKEY hKey, UINT32 *size, BYTE **data) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + UINT64 offset; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + offset = 0; + Trspi_LoadBlob_UUID(&offset, NULL, rsakey->uuid); + + *data = calloc_tspi(obj->tspContext, offset); + if (*data == NULL) { + LogError("malloc of %" PRIu64 " bytes failed.", offset); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + offset = 0; + Trspi_LoadBlob_UUID(&offset, *data, rsakey->uuid); + *size = offset; + +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_set_uuid(TSS_HKEY hKey, TSS_FLAG ps_type, TSS_UUID *uuid) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + memcpy(&rsakey->uuid, uuid, sizeof(TSS_UUID)); + + switch (ps_type) { + case TSS_PS_TYPE_SYSTEM: + obj->flags |= TSS_OBJ_FLAG_SYSTEM_PS; + obj->flags &= ~TSS_OBJ_FLAG_USER_PS; + break; + case TSS_PS_TYPE_USER: + obj->flags |= TSS_OBJ_FLAG_USER_PS; + obj->flags &= ~TSS_OBJ_FLAG_SYSTEM_PS; + break; + case TSS_PS_TYPE_NO: + default: + obj->flags &= ~TSS_OBJ_FLAG_USER_PS; + obj->flags &= ~TSS_OBJ_FLAG_SYSTEM_PS; + break; + } + + obj_list_put(&rsakey_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_rsakey_set_tcs_handle(TSS_HKEY hKey, TCS_KEY_HANDLE tcsHandle) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + rsakey->tcsHandle = tcsHandle; + + obj_list_put(&rsakey_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_rsakey_get_tcs_handle(TSS_HKEY hKey, TCS_KEY_HANDLE *tcsHandle) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + if (rsakey->tcsHandle) + *tcsHandle = rsakey->tcsHandle; + else + result = TSPERR(TSS_E_KEY_NOT_LOADED); + + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_set_tcpakey(TSS_HKEY hKey, UINT32 size, BYTE *data) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + UINT64 offset; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + free_key_refs(&rsakey->key); + + offset = 0; + if ((result = UnloadBlob_TSS_KEY(&offset, data, &rsakey->key))) + goto done; + if (rsakey->key.hdr.key12.tag == TPM_TAG_KEY12) + rsakey->type = TSS_KEY_STRUCT_KEY12; + else + rsakey->type = TSS_KEY_STRUCT_KEY; + + if (rsakey->key.authDataUsage) + obj->flags |= TSS_OBJ_FLAG_USAGEAUTH; + else + obj->flags &= ~TSS_OBJ_FLAG_USAGEAUTH; + + if (rsakey->key.PCRInfoSize && rsakey->key.PCRInfo) { + offset = 0; + if (rsakey->type == TSS_KEY_STRUCT_KEY12) { + if ((result = Trspi_UnloadBlob_PCR_INFO_LONG(&offset, rsakey->key.PCRInfo, + &rsakey->pcrInfo.infolong))) + goto done; + } else { + if ((result = Trspi_UnloadBlob_PCR_INFO(&offset, rsakey->key.PCRInfo, + &rsakey->pcrInfo.info11))) + goto done; + } + } + + obj->flags |= TSS_OBJ_FLAG_KEY_SET; +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_get_pcr_digest(TSS_HKEY hKey, + TSS_FLAG pcrInfoType, + TSS_FLAG dir, + UINT32 *size, + BYTE **data) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + TPM_DIGEST *digest = NULL; + UINT64 offset; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + if (pcrInfoType != rsakey->pcrInfoType) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + switch (pcrInfoType) { + case TSS_PCRS_STRUCT_INFO: + if (dir == TSS_TSPATTRIB_KEYPCR_DIGEST_ATCREATION) + digest = &rsakey->pcrInfo.info11.digestAtCreation; + else if (dir == TSS_TSPATTRIB_KEYPCR_DIGEST_ATRELEASE) + digest = &rsakey->pcrInfo.info11.digestAtRelease; + else { + result = TSPERR(TSS_E_BAD_PARAMETER); + goto done; + } + break; + case TSS_PCRS_STRUCT_INFO_LONG: + if (dir == TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION) + digest = &rsakey->pcrInfo.infolong.digestAtCreation; + else if (dir == TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE) + digest = &rsakey->pcrInfo.infolong.digestAtRelease; + else { + result = TSPERR(TSS_E_BAD_PARAMETER); + goto done; + } + break; + default: + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *size = sizeof(TPM_DIGEST); + + if ((*data = calloc_tspi(obj->tspContext, *size)) == NULL) { + LogError("malloc of %u bytes failed.", *size); + *size = 0; + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + offset = 0; + Trspi_LoadBlob_DIGEST(&offset, *data, digest); +done: + obj_list_put(&rsakey_list); + + return result; +} + + +TSS_RESULT +obj_rsakey_get_pcr_locality(TSS_HKEY hKey, TSS_FLAG dir, UINT32 *locality) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + if (rsakey->pcrInfoType == TSS_PCRS_STRUCT_INFO_LONG) { + if (dir == TSS_TSPATTRIB_KEYPCRLONG_LOCALITY_ATCREATION) + *locality = rsakey->pcrInfo.infolong.localityAtCreation; + else if (dir == TSS_TSPATTRIB_KEYPCRLONG_LOCALITY_ATRELEASE) + *locality = rsakey->pcrInfo.infolong.localityAtRelease; + else + result = TSPERR(TSS_E_BAD_PARAMETER); + } else + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_get_pcr_selection(TSS_HKEY hKey, + UINT32 pcrInfoType, + TSS_FLAG dir, + UINT32 *size, + BYTE **data) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + UINT64 offset; + TPM_PCR_SELECTION *selection = NULL; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + if (pcrInfoType != rsakey->pcrInfoType) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + switch (pcrInfoType) { + case TSS_PCRS_STRUCT_INFO: + if (dir == TSS_TSPATTRIB_KEYPCR_SELECTION) + selection = &rsakey->pcrInfo.info11.pcrSelection; + else { + result = TSPERR(TSS_E_BAD_PARAMETER); + goto done; + } + break; + case TSS_PCRS_STRUCT_INFO_LONG: + if (dir == TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION) + selection = &rsakey->pcrInfo.infolong.creationPCRSelection; + else if (dir == TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION) + selection = &rsakey->pcrInfo.infolong.releasePCRSelection; + else { + result = TSPERR(TSS_E_BAD_PARAMETER); + goto done; + } + break; + default: + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *size = sizeof(UINT16) + selection->sizeOfSelect; + + if ((*data = calloc_tspi(obj->tspContext, *size)) == NULL) { + LogError("malloc of %u bytes failed.", *size); + *size = 0; + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + offset = 0; + Trspi_LoadBlob_PCR_SELECTION(&offset, *data, selection); + +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +rsakey_set_pubkey(struct tr_rsakey_obj *rsakey, BYTE *pubkey) +{ + TSS_RESULT result; + UINT64 offset = 0; + TPM_PUBKEY pub; + + if ((result = Trspi_UnloadBlob_PUBKEY(&offset, pubkey, &pub))) + return result; + + free(rsakey->key.pubKey.key); + free(rsakey->key.algorithmParms.parms); + + memcpy(&rsakey->key.pubKey, &pub.pubKey, sizeof(TPM_STORE_PUBKEY)); + memcpy(&rsakey->key.algorithmParms, &pub.algorithmParms, sizeof(TPM_KEY_PARMS)); + + return TSS_SUCCESS; +} + +/* Expect a TPM_PUBKEY as is explained in the portable data section of the spec */ +TSS_RESULT +obj_rsakey_set_pubkey(TSS_HKEY hKey, UINT32 force, BYTE *data) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + if (!force && (obj->flags & TSS_OBJ_FLAG_KEY_SET)) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + result = rsakey_set_pubkey(rsakey, data); +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_set_srk_pubkey(BYTE *pubkey) +{ + struct tsp_object *obj; + struct obj_list *list = &rsakey_list; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result; + + MUTEX_LOCK(list->lock); + + for (obj = list->head; obj; obj = obj->next) { + rsakey = (struct tr_rsakey_obj *)obj->data; + + /* we found the SRK, set this data as its public key */ + if (rsakey->tcsHandle == TPM_KEYHND_SRK) { + result = rsakey_set_pubkey(rsakey, pubkey); + MUTEX_UNLOCK(list->lock); + return result; + } + } + + MUTEX_UNLOCK(list->lock); + + return TSPERR(TSS_E_INVALID_HANDLE); +} + +TSS_RESULT +obj_rsakey_set_privkey(TSS_HKEY hKey, UINT32 force, UINT32 size, BYTE *data) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + void *to_free; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (!force && (obj->flags & TSS_OBJ_FLAG_KEY_SET)) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + rsakey = (struct tr_rsakey_obj *)obj->data; + + to_free = rsakey->key.encData; + + rsakey->key.encData = calloc(1, size); + if (rsakey->key.encData == NULL) { + rsakey->key.encData = to_free; // restore + LogError("malloc of %u bytes failed.", size); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + free(to_free); + rsakey->key.encSize = size; + memcpy(rsakey->key.encData, data, size); +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_set_pcr_data(TSS_HKEY hKey, TSS_HPCRS hPcrComposite) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + UINT32 pcrType, pcrSize; + BYTE *pcrInfo; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (obj->flags & TSS_OBJ_FLAG_KEY_SET) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + rsakey = (struct tr_rsakey_obj *)obj->data; + + /* passing in a pcrType of TSS_PCRS_STRUCT_DEFAULT will tell the pcr routine to create + * a structure matching the type of the hPcrComposite object */ + pcrType = TSS_PCRS_STRUCT_DEFAULT; + if ((result = obj_pcrs_create_info_type(hPcrComposite, &pcrType, &pcrSize, &pcrInfo))) + goto done; + + rsakey->key.PCRInfo = pcrInfo; + rsakey->key.PCRInfoSize = pcrSize; +done: + obj_list_put(&rsakey_list); + + return result; +} + +void +__tspi_rsakey_free(void *data) +{ + struct tr_rsakey_obj *rsakey = (struct tr_rsakey_obj *)data; + + free(rsakey->key.algorithmParms.parms); + free(rsakey->key.encData); + free(rsakey->key.PCRInfo); + free(rsakey->key.pubKey.key); + free(rsakey); +} + +/* Remove an individual rsakey object from the rsakey list with handle + * equal to hObject. Clean up the TSP's key handle table. */ +TSS_RESULT +obj_rsakey_remove(TSS_HOBJECT hObject, TSS_HCONTEXT tspContext) +{ + TSS_RESULT result; + + if ((result = obj_list_remove(&rsakey_list, &__tspi_rsakey_free, hObject, tspContext))) + return result; + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_rsakey_get_by_pub(UINT32 pub_size, BYTE *pub, TSS_HKEY *hKey) +{ + struct obj_list *list = &rsakey_list; + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + MUTEX_LOCK(list->lock); + + for (obj = list->head; obj; obj = obj->next) { + rsakey = (struct tr_rsakey_obj *)obj->data; + + if (rsakey->key.pubKey.keyLength == pub_size && + !memcmp(&rsakey->key.pubKey.key, pub, pub_size)) { + *hKey = obj->handle; + goto done; + } + } + + *hKey = 0; +done: + MUTEX_UNLOCK(list->lock); + + return result; +} + +TSS_RESULT +obj_rsakey_get_by_uuid(TSS_UUID *uuid, TSS_HKEY *hKey) +{ + struct obj_list *list = &rsakey_list; + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + MUTEX_LOCK(list->lock); + + for (obj = list->head; obj; obj = obj->next) { + rsakey = (struct tr_rsakey_obj *)obj->data; + + if (!memcmp(&rsakey->uuid, uuid, sizeof(TSS_UUID))) { + *hKey = obj->handle; + goto done; + } + } + + result = TSPERR(TSS_E_PS_KEY_NOTFOUND); +done: + MUTEX_UNLOCK(list->lock); + + return result; +} + +void +obj_rsakey_remove_policy_refs(TSS_HPOLICY hPolicy, TSS_HCONTEXT tspContext) +{ + struct tsp_object *obj; + struct obj_list *list = &rsakey_list; + struct tr_rsakey_obj *rsakey; + + MUTEX_LOCK(list->lock); + + for (obj = list->head; obj; obj = obj->next) { + if (obj->tspContext != tspContext) + continue; + + rsakey = (struct tr_rsakey_obj *)obj->data; + if (rsakey->usagePolicy == hPolicy) + rsakey->usagePolicy = NULL_HPOLICY; + + if (rsakey->migPolicy == hPolicy) + rsakey->migPolicy = NULL_HPOLICY; + } + + MUTEX_UNLOCK(list->lock); +} + +#if 0 +TSS_RESULT +obj_rsakey_get_transport_attribs(TSS_HKEY hKey, TCS_KEY_HANDLE *hTCSKey, TPM_DIGEST *pubDigest) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result; + Trspi_HashCtx hashCtx; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + *hTCSKey = rsakey->tcsHandle; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_STORE_PUBKEY(&hashCtx, &rsakey->key.pubKey); + result |= Trspi_HashFinal(&hashCtx, pubDigest->digest); + + obj_list_put(&rsakey_list); + + return result; +} +#endif + +#ifdef TSS_BUILD_CMK +TSS_BOOL +obj_rsakey_is_cmk(TSS_HKEY hKey) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_BOOL answer = FALSE; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return answer; + + rsakey = (struct tr_rsakey_obj *)obj->data; + if (rsakey->type != TSS_KEY_STRUCT_KEY) { + if (rsakey->key.keyFlags & TPM_MIGRATEAUTHORITY) + answer = TRUE; + } + + obj_list_put(&rsakey_list); + + return answer; +} + +TSS_RESULT +obj_rsakey_set_cmk(TSS_HKEY hKey, UINT32 cmk) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (obj->flags & TSS_OBJ_FLAG_KEY_SET) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + rsakey = (struct tr_rsakey_obj *)obj->data; + if (rsakey->type == TSS_KEY_STRUCT_KEY) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + if (cmk) + rsakey->key.keyFlags |= TPM_MIGRATEAUTHORITY; + else + rsakey->key.keyFlags &= (~TPM_MIGRATEAUTHORITY); + +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_set_msa_approval(TSS_HKEY hKey, UINT32 blobSize, BYTE *blob) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + if (blobSize != sizeof(rsakey->msaApproval.digest)) { + result = TSPERR(TSS_E_BAD_PARAMETER); + goto done; + } + memcpy(rsakey->msaApproval.digest, blob, sizeof(rsakey->msaApproval.digest)); + +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_get_msa_approval(TSS_HKEY hKey, UINT32 *blobSize, BYTE **blob) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + if ((*blob = calloc_tspi(obj->tspContext, sizeof(rsakey->msaApproval.digest))) == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(rsakey->msaApproval.digest)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + memcpy(*blob, rsakey->msaApproval.digest, sizeof(rsakey->msaApproval.digest)); + *blobSize = sizeof(rsakey->msaApproval.digest); + +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_set_msa_digest(TSS_HKEY hKey, UINT32 blobSize, BYTE *blob) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + if (blobSize != sizeof(rsakey->msaDigest.digest)) { + result = TSPERR(TSS_E_BAD_PARAMETER); + goto done; + } + memcpy(rsakey->msaDigest.digest, blob, sizeof(rsakey->msaDigest.digest)); + +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_get_msa_digest(TSS_HKEY hKey, UINT32 *blobSize, BYTE **blob) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + if ((*blob = calloc_tspi(obj->tspContext, sizeof(rsakey->msaDigest.digest))) == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(rsakey->msaDigest.digest)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + memcpy(*blob, rsakey->msaDigest.digest, sizeof(rsakey->msaDigest.digest)); + *blobSize = sizeof(rsakey->msaDigest.digest); + +done: + obj_list_put(&rsakey_list); + + return result; +} +#endif + +TSS_RESULT +obj_rsakey_get_ownerevict(TSS_HKEY hKey, UINT32 *value) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + *value = rsakey->flags & TSS_RSAKEY_FLAG_OWNEREVICT; + + obj_list_put(&rsakey_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_rsakey_set_ownerevict(TSS_HKEY hKey, TSS_BOOL value) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + if (value) + rsakey->flags |= TSS_RSAKEY_FLAG_OWNEREVICT; + else + rsakey->flags &= ~TSS_RSAKEY_FLAG_OWNEREVICT; + + obj_list_put(&rsakey_list); + + return TSS_SUCCESS; +} diff --git a/src/tspi/obj_tpm.c b/src/tspi/obj_tpm.c new file mode 100644 index 0000000..586b875 --- /dev/null +++ b/src/tspi/obj_tpm.c @@ -0,0 +1,531 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2005, 2007 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + +void +tpm_free(void *data) +{ + struct tr_tpm_obj *tpm = (struct tr_tpm_obj *)data; + + free(tpm); +} + +TSS_RESULT +obj_tpm_add(TSS_HCONTEXT tspContext, TSS_HOBJECT *phObject) +{ + TSS_RESULT result; + struct tr_tpm_obj *tpm = calloc(1, sizeof(struct tr_tpm_obj)); + + if (tpm == NULL) { + LogError("malloc of %zd bytes failed.", + sizeof(struct tr_tpm_obj)); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + /* add usage policy */ + if ((result = obj_policy_add(tspContext, TSS_POLICY_USAGE, + &tpm->policy))) { + free(tpm); + return result; + } + + /* initialize the default ctr_id to inactive until we query the TPM */ + tpm->ctr_id = 0xffffffff; + + if ((result = obj_list_add(&tpm_list, tspContext, 0, tpm, phObject))) { + free(tpm); + return result; + } + + return TSS_SUCCESS; +} + +TSS_BOOL +obj_is_tpm(TSS_HOBJECT hObject) +{ + TSS_BOOL answer = FALSE; + + if ((obj_list_get_obj(&tpm_list, hObject))) { + answer = TRUE; + obj_list_put(&tpm_list); + } + + return answer; +} + +TSS_RESULT +obj_tpm_set_policy(TSS_HTPM hTpm, TSS_HPOLICY hPolicy) +{ + struct tsp_object *obj; + struct tr_tpm_obj *tpm; + UINT32 policyType; + TSS_RESULT result = TSS_SUCCESS; + + if ((result = obj_policy_get_type(hPolicy, &policyType))) + return result; + + if ((obj = obj_list_get_obj(&tpm_list, hTpm)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + tpm = (struct tr_tpm_obj *)obj->data; + + switch (policyType) { + case TSS_POLICY_USAGE: + tpm->policy = hPolicy; + break; +#ifdef TSS_BUILD_TSS12 + case TSS_POLICY_OPERATOR: + tpm->operatorPolicy = hPolicy; + break; +#endif + default: + result = TSPERR(TSS_E_BAD_PARAMETER); + } + + obj_list_put(&tpm_list); + + return result; +} + +TSS_RESULT +obj_tpm_get_policy(TSS_HTPM hTpm, UINT32 policyType, TSS_HPOLICY *phPolicy) +{ + struct tsp_object *obj; + struct tr_tpm_obj *tpm; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&tpm_list, hTpm)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + tpm = (struct tr_tpm_obj *)obj->data; + + switch (policyType) { + case TSS_POLICY_USAGE: + *phPolicy = tpm->policy; + break; +#ifdef TSS_BUILD_TSS12 + case TSS_POLICY_OPERATOR: + *phPolicy = tpm->operatorPolicy; + break; +#endif + default: + result = TSPERR(TSS_E_BAD_PARAMETER); + } + + obj_list_put(&tpm_list); + + return result; +} + +TSS_RESULT +obj_tpm_get_tsp_context(TSS_HTPM hTpm, TSS_HCONTEXT *tspContext) +{ + struct tsp_object *obj; + + if ((obj = obj_list_get_obj(&tpm_list, hTpm)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + *tspContext = obj->tspContext; + + obj_list_put(&tpm_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_tpm_get(TSS_HCONTEXT tspContext, TSS_HTPM *phTpm) +{ + struct tsp_object *obj; + + if ((obj = obj_list_get_tspcontext(&tpm_list, tspContext)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + *phTpm = obj->handle; + + obj_list_put(&tpm_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_tpm_get_cb11(TSS_HTPM hTpm, TSS_FLAG type, UINT32 *cb) +{ +#ifndef __LP64__ + struct tsp_object *obj; + struct tr_tpm_obj *tpm; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&tpm_list, hTpm)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + tpm = (struct tr_tpm_obj *)obj->data; + + switch (type) { + case TSS_TSPATTRIB_TPM_CALLBACK_COLLATEIDENTITY: + *cb = (UINT32)tpm->Tspicb_CollateIdentity; + break; + case TSS_TSPATTRIB_TPM_CALLBACK_ACTIVATEIDENTITY: + *cb = (UINT32)tpm->Tspicb_ActivateIdentity; + break; + default: + result = TSPERR(TSS_E_INVALID_ATTRIB_FLAG); + break; + } + + obj_list_put(&tpm_list); + + return result; +#else + return TSPERR(TSS_E_FAIL); +#endif +} + +TSS_RESULT +obj_tpm_set_cb11(TSS_HTPM hTpm, TSS_FLAG type, TSS_FLAG app_data, UINT32 cb) +{ +#ifndef __LP64__ + struct tsp_object *obj; + struct tr_tpm_obj *tpm; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&tpm_list, hTpm)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + tpm = (struct tr_tpm_obj *)obj->data; + + switch (type) { + case TSS_TSPATTRIB_TPM_CALLBACK_COLLATEIDENTITY: + tpm->Tspicb_CollateIdentity = (PVOID)cb; + tpm->collateAppData = (PVOID)app_data; + break; + case TSS_TSPATTRIB_TPM_CALLBACK_ACTIVATEIDENTITY: + tpm->Tspicb_ActivateIdentity = (PVOID)cb; + tpm->activateAppData = (PVOID)app_data; + break; + default: + result = TSPERR(TSS_E_INVALID_ATTRIB_FLAG); + break; + } + + obj_list_put(&tpm_list); + + return result; +#else + return TSPERR(TSS_E_FAIL); +#endif +} + +TSS_RESULT +obj_tpm_set_cred(TSS_HTPM hTpm, TSS_FLAG type, UINT32 CredSize, BYTE *CredData) +{ + struct tsp_object *obj; + struct tr_tpm_obj *tpm; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&tpm_list, hTpm)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + tpm = (struct tr_tpm_obj *)obj->data; + + switch (type) { + case TSS_TPMATTRIB_EKCERT: + if ((tpm->EndorsementCred = malloc(CredSize)) == NULL) { + LogError("malloc of %u bytes failed", CredSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + memcpy(tpm->EndorsementCred, CredData, CredSize); + tpm->EndorsementCredSize = CredSize; + break; + case TSS_TPMATTRIB_TPM_CC: + if ((tpm->ConformanceCred = malloc(CredSize)) == NULL) { + LogError("malloc of %u bytes failed", CredSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + memcpy(tpm->ConformanceCred, CredData, CredSize); + tpm->ConformanceCredSize = CredSize; + break; + case TSS_TPMATTRIB_PLATFORMCERT: + if ((tpm->PlatformCred = malloc(CredSize)) == NULL) { + LogError("malloc of %u bytes failed", CredSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + memcpy(tpm->PlatformCred, CredData, CredSize); + tpm->PlatformCredSize = CredSize; + break; + case TSS_TPMATTRIB_PLATFORM_CC: + if ((tpm->PlatformConfCred = malloc(CredSize)) == NULL) { + LogError("malloc of %u bytes failed", CredSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + memcpy(tpm->PlatformConfCred, CredData, CredSize); + tpm->PlatformConfCredSize = CredSize; + break; + default: + result = TSPERR(TSS_E_INVALID_ATTRIB_FLAG); + break; + } +done: + obj_list_put(&tpm_list); + + return result; +} + +TSS_RESULT +obj_tpm_get_cred(TSS_HTPM hTpm, TSS_FLAG type, UINT32 *CredSize, BYTE **CredData) +{ + struct tsp_object *obj; + struct tr_tpm_obj *tpm; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&tpm_list, hTpm)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + tpm = (struct tr_tpm_obj *)obj->data; + + /* get the size of data we need to allocate */ + switch (type) { + case TSS_TPMATTRIB_EKCERT: + *CredSize = tpm->EndorsementCredSize; + break; + case TSS_TPMATTRIB_TPM_CC: + *CredSize = tpm->ConformanceCredSize; + break; + case TSS_TPMATTRIB_PLATFORMCERT: + *CredSize = tpm->PlatformCredSize; + break; + case TSS_TPMATTRIB_PLATFORM_CC: + *CredSize = tpm->PlatformConfCredSize; + break; + default: + LogError("Credential type is unknown"); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + if (*CredSize == 0) { + *CredData = NULL; + goto done; + } + + if ((*CredData = calloc_tspi(obj->tspContext, *CredSize)) == NULL) { + *CredSize = 0; + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + switch (type) { + case TSS_TPMATTRIB_EKCERT: + memcpy(*CredData, tpm->EndorsementCred, *CredSize); + break; + case TSS_TPMATTRIB_TPM_CC: + memcpy(*CredData, tpm->ConformanceCred, *CredSize); + break; + case TSS_TPMATTRIB_PLATFORMCERT: + memcpy(*CredData, tpm->PlatformCred, *CredSize); + break; + case TSS_TPMATTRIB_PLATFORM_CC: + memcpy(*CredData, tpm->PlatformConfCred, *CredSize); + break; + default: + result = TSPERR(TSS_E_BAD_PARAMETER); + *CredSize = 0; + free(*CredData); + *CredData = NULL; + break; + } + +done: + obj_list_put(&tpm_list); + return result; +} + +TSS_RESULT +obj_tpm_set_cb12(TSS_HTPM hTpm, TSS_FLAG flag, BYTE *in) +{ + struct tsp_object *obj; + struct tr_tpm_obj *tpm; + TSS_RESULT result = TSS_SUCCESS; + TSS_CALLBACK *cb = (TSS_CALLBACK *)in; + + if ((obj = obj_list_get_obj(&tpm_list, hTpm)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + tpm = (struct tr_tpm_obj *)obj->data; + + switch (flag) { + case TSS_TSPATTRIB_TPM_CALLBACK_COLLATEIDENTITY: + if (!cb) { + tpm->Tspicb_CollateIdentity = NULL; + break; + } + + tpm->Tspicb_CollateIdentity = (TSS_RESULT (*)(PVOID, + UINT32, BYTE *, TSS_ALGORITHM_ID, UINT32 *, + BYTE *, UINT32 *, BYTE *))cb->callback; + tpm->collateAppData = cb->appData; + tpm->collateAlg = cb->alg; + break; + case TSS_TSPATTRIB_TPM_CALLBACK_ACTIVATEIDENTITY: + if (!cb) { + tpm->Tspicb_ActivateIdentity = NULL; + break; + } + + tpm->Tspicb_ActivateIdentity = (TSS_RESULT (*)(PVOID, + UINT32, BYTE *, UINT32, BYTE *, UINT32 *, + BYTE *))cb->callback; + tpm->activateAppData = cb->appData; + tpm->activateAlg = cb->alg; + break; + default: + result = TSPERR(TSS_E_INVALID_ATTRIB_FLAG); + break; + } + + obj_list_put(&tpm_list); + + return result; +} + +TSS_RESULT +obj_tpm_get_cb12(TSS_HTPM hTpm, TSS_FLAG flag, UINT32 *size, BYTE **out) +{ + struct tsp_object *obj; + struct tr_tpm_obj *tpm; + TSS_RESULT result = TSS_SUCCESS; + TSS_CALLBACK *cb; + + if ((obj = obj_list_get_obj(&tpm_list, hTpm)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + tpm = (struct tr_tpm_obj *)obj->data; + + if ((cb = calloc_tspi(obj->tspContext, sizeof(TSS_CALLBACK))) == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(TSS_CALLBACK)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + switch (flag) { + case TSS_TSPATTRIB_TPM_CALLBACK_COLLATEIDENTITY: + cb->callback = tpm->Tspicb_CollateIdentity; + cb->appData = tpm->collateAppData; + cb->alg = tpm->collateAlg; + *size = sizeof(TSS_CALLBACK); + *out = (BYTE *)cb; + break; + case TSS_TSPATTRIB_TPM_CALLBACK_ACTIVATEIDENTITY: + cb->callback = tpm->Tspicb_ActivateIdentity; + cb->appData = tpm->activateAppData; + cb->alg = tpm->activateAlg; + *size = sizeof(TSS_CALLBACK); + *out = (BYTE *)cb; + break; + default: + free_tspi(obj->tspContext, cb); + result = TSPERR(TSS_E_INVALID_ATTRIB_FLAG); + break; + } +done: + obj_list_put(&tpm_list); + + return result; +} + +void +obj_tpm_remove_policy_refs(TSS_HPOLICY hPolicy, TSS_HCONTEXT tspContext) +{ + struct tsp_object *obj; + struct obj_list *list = &tpm_list; + struct tr_tpm_obj *tpm; + + pthread_mutex_lock(&list->lock); + + for (obj = list->head; obj; obj = obj->next) { + if (obj->tspContext != tspContext) + continue; + + tpm = (struct tr_tpm_obj *)obj->data; + if (tpm->policy == hPolicy) + tpm->policy = NULL_HPOLICY; +#ifdef TSS_BUILD_TSS12 + if (tpm->operatorPolicy == hPolicy) + tpm->operatorPolicy = NULL_HPOLICY; +#endif + } + + pthread_mutex_unlock(&list->lock); +} + +#ifdef TSS_BUILD_COUNTER +TSS_RESULT +obj_tpm_get_current_counter(TSS_HTPM hTPM, TSS_COUNTER_ID *ctr_id) +{ + struct tsp_object *obj; + struct tr_tpm_obj *tpm; + TSS_RESULT result = TSS_SUCCESS; + UINT32 respLen, subCap = endian32(TPM_CAP_PROP_ACTIVE_COUNTER); + BYTE *resp; + + if ((obj = obj_list_get_obj(&tpm_list, hTPM)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + tpm = (struct tr_tpm_obj *)obj->data; + + if (tpm->ctr_id != 0xffffffff) { + *ctr_id = tpm->ctr_id; + goto done; + } + + /* No counter has yet been associated with the TPM object, so let the TPM object lock + * protect us here and get a counter ID */ + if ((result = TCS_API(obj->tspContext)->GetTPMCapability(obj->tspContext, TPM_CAP_PROPERTY, + sizeof(UINT32), (BYTE *)&subCap, + &respLen, &resp))) + goto done; + + if (respLen != sizeof(UINT32)) { + LogDebug("TPM GetCap response size isn't sizeof(UINT32)!"); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + memcpy(&tpm->ctr_id, resp, respLen); + free(resp); + + if (tpm->ctr_id == 0xffffffff) { + result = TSPERR(TSS_E_NO_ACTIVE_COUNTER); + goto done; + } + *ctr_id = tpm->ctr_id; +done: + obj_list_put(&tpm_list); + + return result; +} +#endif + diff --git a/src/tspi/ps/ps_utils.c b/src/tspi/ps/ps_utils.c new file mode 100644 index 0000000..aac40a1 --- /dev/null +++ b/src/tspi/ps/ps_utils.c @@ -0,0 +1,57 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2006 + * + */ + + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "spi_utils.h" +#include "tspps.h" +#include "tsplog.h" + +inline TSS_RESULT +read_data(int fd, void *data, UINT32 size) +{ + int rc; + + rc = read(fd, data, size); + if (rc == -1) { + LogError("read of %d bytes: %s", size, strerror(errno)); + return TSPERR(TSS_E_INTERNAL_ERROR); + } else if ((unsigned)rc != size) { + LogError("read of %d bytes (only %d read)", size, rc); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + return TSS_SUCCESS; +} + +inline TSS_RESULT +write_data(int fd, void *data, UINT32 size) +{ + int rc; + + rc = write(fd, data, size); + if (rc == -1) { + LogError("write of %d bytes: %s", size, strerror(errno)); + return TSPERR(TSS_E_INTERNAL_ERROR); + } else if ((unsigned)rc != size) { + LogError("write of %d bytes (only %d written)", size, rc); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + return TSS_SUCCESS; +} diff --git a/src/tspi/ps/tspps.c b/src/tspi/ps/tspps.c new file mode 100644 index 0000000..56eb936 --- /dev/null +++ b/src/tspi/ps/tspps.c @@ -0,0 +1,1298 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#if defined (HAVE_BYTEORDER_H) +#include +#elif defined(HTOLE_DEFINED) +#include +#define LE_16 htole16 +#define LE_32 htole32 +#define LE_64 htole64 +#else +#define LE_16(x) (x) +#define LE_32(x) (x) +#define LE_64(x) (x) +#endif + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "spi_utils.h" +#include "tspps.h" +#include "tsplog.h" + +static int user_ps_fd = -1; +static MUTEX_DECLARE_INIT(user_ps_lock); +#if (defined (__FreeBSD__) || defined (__OpenBSD__)) +static MUTEX_DECLARE_INIT(user_ps_path); +#endif +static struct flock fl; + + +/* + * Determine the default path to the persistent storage file and create it if it doesn't exist. + */ +TSS_RESULT +get_user_ps_path(char **file) +{ + TSS_RESULT result; + char *file_name = NULL, *home_dir = NULL; + struct passwd *pwp; +#if (defined (__linux) || defined (linux) || defined(__GLIBC__)) + struct passwd pw; +#endif + struct stat stat_buf; + char buf[PASSWD_BUFSIZE]; + uid_t euid; + int rc; + + if ((file_name = getenv("TSS_USER_PS_FILE"))) { + *file = strdup(file_name); + return (*file) ? TSS_SUCCESS : TSPERR(TSS_E_OUTOFMEMORY); + } +#if (defined (__FreeBSD__) || defined (__OpenBSD__)) + MUTEX_LOCK(user_ps_path); +#endif + + euid = geteuid(); + +#if defined (SOLARIS) + /* + * Solaris keeps user PS in a local directory instead of + * in the user's home directory, which may be shared + * by multiple systems. + * + * The directory path on Solaris is /var/tpm/userps/[EUID]/ + */ + rc = snprintf(buf, sizeof (buf), "%s/%d", TSS_USER_PS_DIR, euid); +#else + setpwent(); + while (1) { +#if (defined (__linux) || defined (linux) || defined(__GLIBC__)) + rc = getpwent_r(&pw, buf, PASSWD_BUFSIZE, &pwp); + if (rc) { + LogDebugFn("USER PS: Error getting path to home directory: getpwent_r: %s", + strerror(rc)); + endpwent(); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + +#elif (defined (__FreeBSD__) || defined (__OpenBSD__)) + if ((pwp = getpwent()) == NULL) { + LogDebugFn("USER PS: Error getting path to home directory: getpwent: %s", + strerror(rc)); + endpwent(); + MUTEX_UNLOCK(user_ps_path); + return TSPERR(TSS_E_INTERNAL_ERROR); + } +#endif + if (euid == pwp->pw_uid) { + home_dir = strdup(pwp->pw_dir); + break; + } + } + endpwent(); + + if (!home_dir) + return TSPERR(TSS_E_OUTOFMEMORY); + + /* Tack on TSS_USER_PS_DIR and see if it exists */ + rc = snprintf(buf, sizeof (buf), "%s/%s", home_dir, TSS_USER_PS_DIR); +#endif /* SOLARIS */ + if (rc == sizeof (buf)) { + LogDebugFn("USER PS: Path to file too long! (> %d bytes)", PASSWD_BUFSIZE); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + errno = 0; + if ((rc = stat(buf, &stat_buf)) == -1) { + if (errno == ENOENT) { + errno = 0; + /* Create the user's ps directory if it is not there. */ + if ((rc = mkdir(buf, 0700)) == -1) { + LogDebugFn("USER PS: Error creating dir: %s: %s", buf, + strerror(errno)); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } else { + LogDebugFn("USER PS: Error stating dir: %s: %s", buf, strerror(errno)); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + + /* Directory exists or has been created, return the path to the file */ +#if defined (SOLARIS) + rc = snprintf(buf, sizeof (buf), "%s/%d/%s", TSS_USER_PS_DIR, euid, + TSS_USER_PS_FILE); +#else + rc = snprintf(buf, sizeof (buf), "%s/%s/%s", home_dir, TSS_USER_PS_DIR, + TSS_USER_PS_FILE); +#endif + if (rc == sizeof (buf)) { + LogDebugFn("USER PS: Path to file too long! (> %zd bytes)", sizeof (buf)); + } else + *file = strdup(buf); + + result = (*file) ? TSS_SUCCESS : TSPERR(TSS_E_OUTOFMEMORY); +done: + free(home_dir); + return result; +} + +TSS_RESULT +get_file(int *fd) +{ + TSS_RESULT result; + int rc = 0; + char *file_name = NULL; + + MUTEX_LOCK(user_ps_lock); + + /* check the global file handle first. If it exists, lock it and return */ + if (user_ps_fd != -1) { + fl.l_type = F_WRLCK; + if ((rc = fcntl(user_ps_fd, F_SETLKW, &fl))) { + LogDebug("USER PS: failed to lock file: %s", strerror(errno)); + MUTEX_UNLOCK(user_ps_lock); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + *fd = user_ps_fd; + return TSS_SUCCESS; + } + + /* open and lock the file */ + if ((result = get_user_ps_path(&file_name))) { + LogDebugFn("USER PS: error getting file path"); + MUTEX_UNLOCK(user_ps_lock); + return result; + } + + user_ps_fd = open(file_name, O_CREAT|O_RDWR, 0600); + if (user_ps_fd < 0) { + LogDebug("USER PS: open of %s failed: %s", file_name, strerror(errno)); + free(file_name); + MUTEX_UNLOCK(user_ps_lock); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + fl.l_type = F_WRLCK; + if ((rc = fcntl(user_ps_fd, F_SETLKW, &fl))) { + LogDebug("USER PS: failed to get lock of %s: %s", file_name, strerror(errno)); + free(file_name); + close(user_ps_fd); + user_ps_fd = -1; + MUTEX_UNLOCK(user_ps_lock); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + *fd = user_ps_fd; + free(file_name); + return TSS_SUCCESS; +} + +int +put_file(int fd) +{ + int rc = 0; + + fsync(fd); + + /* release the file lock */ + fl.l_type = F_UNLCK; + if ((rc = fcntl(fd, F_SETLKW, &fl))) { + LogDebug("USER PS: failed to unlock file: %s", strerror(errno)); + rc = -1; + } + + MUTEX_UNLOCK(user_ps_lock); + return rc; +} + +void +psfile_close(int fd) +{ + close(fd); + user_ps_fd = -1; + MUTEX_UNLOCK(user_ps_lock); +} + +TSS_RESULT +psfile_is_key_registered(int fd, TSS_UUID *uuid, TSS_BOOL *answer) +{ + TSS_RESULT result; + struct key_disk_cache tmp; + + if ((result = psfile_get_cache_entry_by_uuid(fd, uuid, &tmp)) == TSS_SUCCESS) + *answer = TRUE; + else if (result == (TSS_E_PS_KEY_NOTFOUND | TSS_LAYER_TSP)) + *answer = FALSE; + else + return result; + + return TSS_SUCCESS; +} + +TSS_RESULT +psfile_get_parent_uuid_by_uuid(int fd, TSS_UUID *uuid, TSS_UUID *ret_uuid) +{ + TSS_RESULT result; + struct key_disk_cache tmp; + + if ((result = psfile_get_cache_entry_by_uuid(fd, uuid, &tmp))) + return result; + + memcpy(ret_uuid, &tmp.parent_uuid, sizeof(TSS_UUID)); + + return TSS_SUCCESS; +} + +TSS_RESULT +psfile_get_parent_ps_type(int fd, TSS_UUID *uuid, UINT32 *type) +{ + TSS_RESULT result; + struct key_disk_cache tmp; + + if ((result = psfile_get_cache_entry_by_uuid(fd, uuid, &tmp))) + return result; + + if (tmp.flags & CACHE_FLAG_PARENT_PS_SYSTEM) + *type = TSS_PS_TYPE_SYSTEM; + else + *type = TSS_PS_TYPE_USER; + + return TSS_SUCCESS; +} + +/* + * return a key struct from PS given a uuid + */ +TSS_RESULT +psfile_get_key_by_uuid(int fd, TSS_UUID *uuid, BYTE *key) +{ + int rc; + TSS_RESULT result; + off_t file_offset; + struct key_disk_cache tmp; + BYTE buf[4096]; + + if ((result = psfile_get_cache_entry_by_uuid(fd, uuid, &tmp))) + return result; + + /* jump to the location of the key blob */ + file_offset = TSSPS_BLOB_DATA_OFFSET(&tmp); + + rc = lseek(fd, file_offset, SEEK_SET); + if (rc == ((off_t)-1)) { + LogDebugFn("lseek: %s", strerror(errno)); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + if (tmp.blob_size > 4096) { + LogError("Blob size greater than 4096! Size: %d", + tmp.blob_size); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + if ((rc = read_data(fd, buf, tmp.blob_size))) { + LogDebugFn("Blob read from disk failed."); + return rc; + } + + memcpy(key, buf, tmp.blob_size); + return TSS_SUCCESS; +} + +/* + * return a key struct from PS given a public key + */ +TSS_RESULT +psfile_get_key_by_pub(int fd, TSS_UUID *uuid, UINT32 pub_size, BYTE *pub, BYTE *key) +{ + int rc; + TSS_RESULT result; + off_t file_offset; + struct key_disk_cache tmp; + BYTE buf[4096]; + + if ((result = psfile_get_cache_entry_by_pub(fd, pub_size, pub, &tmp))) + return result; + + /* jump to the location of the key blob */ + file_offset = TSSPS_BLOB_DATA_OFFSET(&tmp); + + rc = lseek(fd, file_offset, SEEK_SET); + if (rc == ((off_t)-1)) { + LogDebugFn("lseek: %s", strerror(errno)); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + if (tmp.blob_size > 4096) { + LogError("Blob size greater than 4096! Size: %d", + tmp.blob_size); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + if ((result = read_data(fd, buf, tmp.blob_size))) { + LogDebugFn("Blob read from disk failed."); + return result; + } + + memcpy(key, buf, tmp.blob_size); + memcpy(uuid, &tmp.uuid, sizeof(TSS_UUID)); + + return TSS_SUCCESS; +} + +TSS_RESULT +psfile_get_uuid_by_pub(int fd, UINT32 pub_size, BYTE *pub, TSS_UUID *uuid) +{ + TSS_RESULT result; + struct key_disk_cache tmp; + + if ((result = psfile_get_cache_entry_by_pub(fd, pub_size, pub, &tmp))) + return result; + + memcpy(uuid, &tmp.uuid, sizeof(TSS_UUID)); + + return TSS_SUCCESS; +} + +TSS_RESULT +psfile_change_num_keys(int fd, BYTE increment) +{ + int rc; + TSS_RESULT result; + UINT32 num_keys; + + rc = lseek(fd, TSSPS_NUM_KEYS_OFFSET, SEEK_SET); + if (rc == ((off_t)-1)) { + LogDebug("lseek: %s", strerror(errno)); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + rc = read(fd, &num_keys, sizeof(UINT32)); + if (rc != sizeof(UINT32)) { + LogDebug("read of %zd bytes: %s", sizeof(UINT32), strerror(errno)); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + num_keys = LE_32(num_keys); + + if (increment) + num_keys++; + else + num_keys--; + + rc = lseek(fd, TSSPS_NUM_KEYS_OFFSET, SEEK_SET); + if (rc == ((off_t)-1)) { + LogDebug("lseek: %s", strerror(errno)); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + num_keys = LE_32(num_keys); + if ((result = write_data(fd, (void *)&num_keys, sizeof(UINT32)))) { + LogDebug("%s", __FUNCTION__); + return result; + } + + return TSS_SUCCESS; +} + +/* Write the initial header (number of keys and PS version) to initialize a new file */ +TSS_RESULT +psfile_write_key_header(int fd) +{ + int rc; + TSS_RESULT result; + UINT32 i; + + rc = lseek(fd, TSSPS_VERSION_OFFSET, SEEK_SET); + if (rc == ((off_t)-1)) { + LogDebug("lseek: %s", strerror(errno)); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + i = TSSPS_VERSION; + if ((result = write_data(fd, &i, sizeof(BYTE)))) { + LogDebug("%s", __FUNCTION__); + return result; + } + + rc = lseek(fd, TSSPS_NUM_KEYS_OFFSET, SEEK_SET); + if (rc == ((off_t)-1)) { + LogDebug("lseek: %s", strerror(errno)); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + i = 0; + if ((result = write_data(fd, &i, sizeof(UINT32)))) { + LogDebug("%s", __FUNCTION__); + return result; + } + + return TSS_SUCCESS; +} + +/* + * disk store format: + * + * TrouSerS 0.2.1+ + * Version 1: cached? + * [BYTE PS version = '\1'] + * [UINT32 num_keys_on_disk ] + * [TSS_UUID uuid0 ] yes + * [TSS_UUID uuid_parent0 ] yes + * [UINT16 pub_data_size0 ] yes + * [UINT16 blob_size0 ] yes + * [UINT32 vendor_data_size0] yes + * [UINT16 cache_flags0 ] yes + * [BYTE[] pub_data0 ] + * [BYTE[] blob0 ] + * [BYTE[] vendor_data0 ] + * [...] + * + */ +TSS_RESULT +psfile_write_key(int fd, + TSS_UUID *uuid, + TSS_UUID *parent_uuid, + UINT32 parent_ps, + BYTE *key_blob, + UINT16 key_blob_size) +{ + TSS_RESULT result; + TSS_KEY key; + UINT32 zero = 0; + UINT64 offset; + UINT16 pub_key_size, cache_flags = 0; + struct stat stat_buf; + int rc, file_offset; + + /* leaving the cache flag for parent ps type as 0 implies TSS_PS_TYPE_USER */ + if (parent_ps == TSS_PS_TYPE_SYSTEM) + cache_flags |= CACHE_FLAG_PARENT_PS_SYSTEM; + + if ((rc = fstat(fd, &stat_buf)) == -1) { + LogDebugFn("stat failed: %s", strerror(errno)); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + file_offset = stat_buf.st_size; + + if (file_offset < (int)TSSPS_KEYS_OFFSET) { + if ((result = psfile_write_key_header(fd))) + return result; + file_offset = TSSPS_KEYS_OFFSET; + } + + rc = lseek(fd, file_offset, SEEK_SET); + if (rc == ((off_t)-1)) { + LogDebug("lseek: %s", strerror(errno)); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + /* Unload the blob to get the public key */ + offset = 0; + if ((result = UnloadBlob_TSS_KEY(&offset, key_blob, &key))) + return result; + + pub_key_size = key.pubKey.keyLength; + + /* [TSS_UUID uuid0 ] yes */ + if ((result = write_data(fd, (void *)uuid, sizeof(TSS_UUID)))) { + LogDebug("%s", __FUNCTION__); + goto done; + } + + /* [TSS_UUID uuid_parent0 ] yes */ + if ((result = write_data(fd, (void *)parent_uuid, sizeof(TSS_UUID)))) { + LogDebug("%s", __FUNCTION__); + goto done; + } + + /* [UINT16 pub_data_size0 ] yes */ + pub_key_size = LE_16(pub_key_size); + if ((result = write_data(fd, &pub_key_size, sizeof(UINT16)))) { + LogDebug("%s", __FUNCTION__); + goto done; + } + pub_key_size = LE_16(pub_key_size); + + /* [UINT16 blob_size0 ] yes */ + key_blob_size = LE_16(key_blob_size); + if ((result = write_data(fd, &key_blob_size, sizeof(UINT16)))) { + LogDebug("%s", __FUNCTION__); + goto done; + } + key_blob_size = LE_16(key_blob_size); + + /* [UINT32 vendor_data_size0 ] yes */ + if ((result = write_data(fd, &zero, sizeof(UINT32)))) { + LogDebug("%s", __FUNCTION__); + goto done; + } + + /* [UINT16 cache_flags0 ] yes */ + cache_flags = LE_16(cache_flags); + if ((result = write_data(fd, &cache_flags, sizeof(UINT16)))) { + LogDebug("%s", __FUNCTION__); + goto done; + } + cache_flags = LE_16(cache_flags); + + /* [BYTE[] pub_data0 ] no */ + if ((result = write_data(fd, (void *)key.pubKey.key, pub_key_size))) { + LogDebug("%s", __FUNCTION__); + goto done; + } + + /* [BYTE[] blob0 ] no */ + if ((result = write_data(fd, (void *)key_blob, key_blob_size))) { + LogDebug("%s", __FUNCTION__); + goto done; + } + + if ((result = psfile_change_num_keys(fd, TSS_PSFILE_INCREMENT_NUM_KEYS))) { + LogDebug("%s", __FUNCTION__); + goto done; + } + +done: + free_key_refs(&key); + return result; +} + +TSS_RESULT +psfile_remove_key(int fd, TSS_UUID *uuid) +{ + TSS_RESULT result; + UINT32 head_offset = 0, tail_offset; + int rc, size = 0; + struct key_disk_cache c; + BYTE buf[4096]; + + if ((result = psfile_get_cache_entry_by_uuid(fd, uuid, &c))) + return result; + + /* head_offset is the offset the beginning of the key */ + head_offset = TSSPS_UUID_OFFSET(&c); + + /* tail_offset is the offset the beginning of the next key */ + tail_offset = TSSPS_VENDOR_DATA_OFFSET(&c) + c.vendor_data_size; + + rc = lseek(fd, tail_offset, SEEK_SET); + if (rc == ((off_t)-1)) { + LogDebug("lseek: %s", strerror(errno)); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + /* read in from tail, write out to head to fill the gap */ + while ((rc = read(fd, buf, sizeof(buf))) > 0) { + size = rc; + tail_offset += size; + + /* set the file pointer to where we want to write */ + rc = lseek(fd, head_offset, SEEK_SET); + if (rc == ((off_t)-1)) { + LogDebug("lseek: %s", strerror(errno)); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + /* write the data */ + if ((result = write_data(fd, (void *)buf, size))) { + LogDebug("%s", __FUNCTION__); + return result; + } + head_offset += size; + + /* set the file pointer to where we want to read in the next + * loop */ + rc = lseek(fd, tail_offset, SEEK_SET); + if (rc == ((off_t)-1)) { + LogDebug("lseek: %s", strerror(errno)); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + } + + if (rc < 0) { + LogDebug("read: %s", strerror(errno)); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + /* set the file pointer to where we want to write */ + rc = lseek(fd, head_offset, SEEK_SET); + if (rc == ((off_t)-1)) { + LogDebug("lseek: %s", strerror(errno)); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + /* head_offset now contains a pointer to where we want to truncate the + * file. Zero out the old tail end of the file and truncate it. */ + + memset(buf, 0, sizeof(buf)); + + /* Zero out the old tail end of the file */ + if ((result = write_data(fd, (void *)buf, tail_offset - head_offset))) { + LogDebug("%s", __FUNCTION__); + return result; + } + + if ((rc = ftruncate(fd, head_offset)) < 0) { + LogDebug("ftruncate: %s", strerror(errno)); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + /* we succeeded in removing a key from the disk. Decrement the number + * of keys in the file */ + if ((result = psfile_change_num_keys(fd, TSS_PSFILE_DECREMENT_NUM_KEYS))) + return result; + + return TSS_SUCCESS; +} + +TSS_RESULT +psfile_get_all_cache_entries(int fd, UINT32 *size, struct key_disk_cache **c) +{ + UINT32 i, num_keys = psfile_get_num_keys(fd); + int offset; + TSS_RESULT result; + struct key_disk_cache *tmp = NULL; + + if (num_keys == 0) { + *size = 0; + *c = NULL; + return TSS_SUCCESS; + } + + /* make sure the file pointer is where we expect, just after the number + * of keys on disk at the head of the file + */ + offset = lseek(fd, TSSPS_KEYS_OFFSET, SEEK_SET); + if (offset == ((off_t)-1)) { + LogDebug("lseek: %s", strerror(errno)); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + if ((tmp = malloc(num_keys * sizeof(struct key_disk_cache))) == NULL) { + LogDebug("malloc of %zu bytes failed.", num_keys * sizeof(struct key_disk_cache)); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + for (i = 0; i < num_keys; i++) { + offset = lseek(fd, 0, SEEK_CUR); + if (offset == ((off_t)-1)) { + LogDebug("lseek: %s", strerror(errno)); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto err_exit; + } + tmp[i].offset = offset; + + /* read UUID */ + if ((result = read_data(fd, &tmp[i].uuid, sizeof(TSS_UUID)))) { + LogDebug("%s", __FUNCTION__); + goto err_exit; + } + + /* read parent UUID */ + if ((result = read_data(fd, &tmp[i].parent_uuid, sizeof(TSS_UUID)))) { + LogDebug("%s", __FUNCTION__); + goto err_exit; + } + + /* pub data size */ + if ((result = read_data(fd, &tmp[i].pub_data_size, sizeof(UINT16)))) { + LogDebug("%s", __FUNCTION__); + goto err_exit; + } + tmp[i].pub_data_size = LE_16(tmp[i].pub_data_size); + + DBG_ASSERT(tmp[i].pub_data_size <= 2048); + + /* blob size */ + if ((result = read_data(fd, &tmp[i].blob_size, sizeof(UINT16)))) { + LogDebug("%s", __FUNCTION__); + goto err_exit; + } + tmp[i].blob_size = LE_16(tmp[i].blob_size); + + DBG_ASSERT(tmp[i].blob_size <= 4096); + + /* vendor data size */ + if ((result = read_data(fd, &tmp[i].vendor_data_size, sizeof(UINT32)))) { + LogDebug("%s", __FUNCTION__); + goto err_exit; + } + tmp[i].vendor_data_size = LE_32(tmp[i].vendor_data_size); + + /* cache flags */ + if ((result = read_data(fd, &tmp[i].flags, sizeof(UINT16)))) { + LogDebug("%s", __FUNCTION__); + goto err_exit; + } + tmp[i].flags = LE_16(tmp[i].flags); + + /* fast forward over the pub key */ + offset = lseek(fd, tmp[i].pub_data_size, SEEK_CUR); + if (offset == ((off_t)-1)) { + LogDebug("lseek: %s", strerror(errno)); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto err_exit; + } + + /* fast forward over the blob */ + offset = lseek(fd, tmp[i].blob_size, SEEK_CUR); + if (offset == ((off_t)-1)) { + LogDebug("lseek: %s", strerror(errno)); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto err_exit; + } + + /* ignore vendor data for user ps */ + } + + *size = num_keys; + *c = tmp; + + return TSS_SUCCESS; + +err_exit: + free(tmp); + return result; +} + +TSS_RESULT +copy_key_info(int fd, TSS_KM_KEYINFO *ki, struct key_disk_cache *c) +{ + TSS_KEY key; + BYTE blob[4096]; + UINT64 offset; + TSS_RESULT result; + off_t off; + + /* Set the file pointer to the offset that the key blob is at */ + off = lseek(fd, TSSPS_BLOB_DATA_OFFSET(c), SEEK_SET); + if (off == ((off_t)-1)) { + LogDebug("lseek: %s", strerror(errno)); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + /* Read in the key blob */ + if ((result = read_data(fd, (void *)blob, c->blob_size))) { + LogDebug("%s", __FUNCTION__); + return result; + } + + /* Expand the blob into a useable form */ + offset = 0; + if ((result = UnloadBlob_TSS_KEY(&offset, blob, &key))) + return result; + + if (key.hdr.key12.tag == TPM_TAG_KEY12) { + ki->versionInfo.bMajor = TSS_SPEC_MAJOR; + ki->versionInfo.bMinor = TSS_SPEC_MINOR; + ki->versionInfo.bRevMajor = 0; + ki->versionInfo.bRevMinor = 0; + } else + memcpy(&ki->versionInfo, &key.hdr.key11.ver, sizeof(TSS_VERSION)); + memcpy(&ki->keyUUID, &c->uuid, sizeof(TSS_UUID)); + memcpy(&ki->parentKeyUUID, &c->parent_uuid, sizeof(TSS_UUID)); + ki->bAuthDataUsage = key.authDataUsage; + + free_key_refs(&key); + + return TSS_SUCCESS; +} + +TSS_RESULT +copy_key_info2(int fd, TSS_KM_KEYINFO2 *ki, struct key_disk_cache *c) +{ + TSS_KEY key; + BYTE blob[4096]; + UINT64 offset; + TSS_RESULT result; + off_t off; + + /* Set the file pointer to the offset that the key blob is at */ + off = lseek(fd, TSSPS_BLOB_DATA_OFFSET(c), SEEK_SET); + if (off == ((off_t)-1)) { + LogDebug("lseek: %s", strerror(errno)); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + /* Read in the key blob */ + if ((result = read_data(fd, (void *)blob, c->blob_size))) { + LogDebug("%s", __FUNCTION__); + return result; + } + + /* Expand the blob into a useable form */ + offset = 0; + if ((result = UnloadBlob_TSS_KEY(&offset, blob, &key))) + return result; + + if (key.hdr.key12.tag == TPM_TAG_KEY12) { + ki->versionInfo.bMajor = TSS_SPEC_MAJOR; + ki->versionInfo.bMinor = TSS_SPEC_MINOR; + ki->versionInfo.bRevMajor = 0; + ki->versionInfo.bRevMinor = 0; + } else + memcpy(&ki->versionInfo, &key.hdr.key11.ver, sizeof(TSS_VERSION)); + memcpy(&ki->keyUUID, &c->uuid, sizeof(TSS_UUID)); + memcpy(&ki->parentKeyUUID, &c->parent_uuid, sizeof(TSS_UUID)); + + /* CHECK: fill the two new fields of TSS_KM_KEYINFO2 */ + ki->persistentStorageType = TSS_PS_TYPE_USER; + ki->persistentStorageTypeParent = c->flags & CACHE_FLAG_PARENT_PS_SYSTEM ? + TSS_PS_TYPE_SYSTEM : TSS_PS_TYPE_USER; + + ki->bAuthDataUsage = key.authDataUsage; + + free_key_refs(&key); + + return TSS_SUCCESS; +} + + +TSS_RESULT +psfile_get_registered_keys(int fd, + TSS_UUID *uuid, + TSS_UUID *tcs_uuid, + UINT32 *size, + TSS_KM_KEYINFO **keys) +{ + TSS_RESULT result; + struct key_disk_cache *cache_entries; + UINT32 cache_size, i, j; + TSS_KM_KEYINFO *keyinfos = NULL; + TSS_UUID *find_uuid; + + if ((result = psfile_get_all_cache_entries(fd, &cache_size, &cache_entries))) + return result; + + if (cache_size == 0) { + if (uuid) + return TSPERR(TSS_E_PS_KEY_NOTFOUND); + else { + *size = 0; + *keys = NULL; + return TSS_SUCCESS; + } + } + + if (uuid) { + find_uuid = uuid; + j = 0; + +restart_search: + /* Search for the requested UUID. When found, allocate new space for it, copy + * it in, then change the uuid to be searched for it its parent and start over. */ + for (i = 0; i < cache_size; i++) { + if (!memcmp(&cache_entries[i].uuid, find_uuid, sizeof(TSS_UUID))) { + if (!(keyinfos = realloc(keyinfos, + (j+1) * sizeof(TSS_KM_KEYINFO)))) { + free(cache_entries); + free(keyinfos); + return TSPERR(TSS_E_OUTOFMEMORY); + } + memset(&keyinfos[j], 0, sizeof(TSS_KM_KEYINFO)); + + if ((result = copy_key_info(fd, &keyinfos[j], &cache_entries[i]))) { + free(cache_entries); + free(keyinfos); + return result; + } + + find_uuid = &keyinfos[j].parentKeyUUID; + j++; + goto restart_search; + } + } + + /* Searching for keys in the user PS will always lead us up to some key in the + * system PS. Return that key's uuid so that the upper layers can call down to TCS + * to search for it. */ + memcpy(tcs_uuid, find_uuid, sizeof(TSS_UUID)); + + *size = j; + } else { + if ((keyinfos = calloc(cache_size, sizeof(TSS_KM_KEYINFO))) == NULL) { + LogDebug("malloc of %zu bytes failed.", + cache_size * sizeof(TSS_KM_KEYINFO)); + free(cache_entries); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + for (i = 0; i < cache_size; i++) { + if ((result = copy_key_info(fd, &keyinfos[i], &cache_entries[i]))) { + free(cache_entries); + free(keyinfos); + return result; + } + } + + *size = cache_size; + } + + free(cache_entries); + + *keys = keyinfos; + + return TSS_SUCCESS; +} + +TSS_RESULT +psfile_get_registered_keys2(int fd, + TSS_UUID *uuid, + TSS_UUID *tcs_uuid, + UINT32 *size, + TSS_KM_KEYINFO2 **keys) +{ + TSS_RESULT result; + struct key_disk_cache *cache_entries; + UINT32 cache_size, i, j; + TSS_KM_KEYINFO2 *keyinfos = NULL; + TSS_UUID *find_uuid; + + if ((result = psfile_get_all_cache_entries(fd, &cache_size, &cache_entries))) + return result; + + if (cache_size == 0) { + if (uuid) + return TSPERR(TSS_E_PS_KEY_NOTFOUND); + else { + *size = 0; + *keys = NULL; + return TSS_SUCCESS; + } + } + + if (uuid) { + find_uuid = uuid; + j = 0; + + restart_search: + /* Search for the requested UUID. When found, allocate new space for it, copy + * it in, then change the uuid to be searched for it its parent and start over. */ + for (i = 0; i < cache_size; i++) { + /*Return 0 if normal finish*/ + if (!memcmp(&cache_entries[i].uuid, find_uuid, sizeof(TSS_UUID))) { + if (!(keyinfos = realloc(keyinfos, + (j+1) * sizeof(TSS_KM_KEYINFO2)))) { + free(cache_entries); + free(keyinfos); + return TSPERR(TSS_E_OUTOFMEMORY); + } + /* Here the key UUID is found and needs to be copied for the array*/ + /* Initializes the keyinfos with 0's*/ + memset(&keyinfos[j], 0, sizeof(TSS_KM_KEYINFO2)); + + if ((result = copy_key_info2(fd, &keyinfos[j], &cache_entries[i]))) { + free(cache_entries); + free(keyinfos); + return result; + } + + find_uuid = &keyinfos[j].parentKeyUUID; + j++; + goto restart_search; + } + } + + /* Searching for keys in the user PS will always lead us up to some key in the + * system PS. Return that key's uuid so that the upper layers can call down to TCS + * to search for it. */ + memcpy(tcs_uuid, find_uuid, sizeof(TSS_UUID)); + + *size = j; + } else { + if ((keyinfos = calloc(cache_size, sizeof(TSS_KM_KEYINFO2))) == NULL) { + LogDebug("malloc of %zu bytes failed.", + cache_size * sizeof(TSS_KM_KEYINFO2)); + free(cache_entries); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + for (i = 0; i < cache_size; i++) { + if ((result = copy_key_info2(fd, &keyinfos[i], &cache_entries[i]))) { + free(cache_entries); + free(keyinfos); + return result; + } + } + + *size = cache_size; + } + + free(cache_entries); + + *keys = keyinfos; + + return TSS_SUCCESS; +} + +/* + * read into the PS file and return the number of keys + */ +UINT32 +psfile_get_num_keys(int fd) +{ + UINT32 num_keys; + int rc; + + /* go to the number of keys */ + rc = lseek(fd, TSSPS_NUM_KEYS_OFFSET, SEEK_SET); + if (rc == ((off_t)-1)) { + LogDebug("lseek: %s", strerror(errno)); + return 0; + } + + rc = read(fd, &num_keys, sizeof(UINT32)); + if (rc < 0) { + LogDebug("read of %zd bytes: %s", sizeof(UINT32), strerror(errno)); + return 0; + } else if ((unsigned)rc < sizeof(UINT32)) { + num_keys = 0; + } + + /* The system PS file is written in little-endian */ + num_keys = LE_32(num_keys); + return num_keys; +} + +/* + * disk store format: + * + * TrouSerS 0.2.1+ + * Version 1: cached? + * [BYTE PS version = '\1'] + * [UINT32 num_keys_on_disk ] + * [TSS_UUID uuid0 ] yes + * [TSS_UUID uuid_parent0 ] yes + * [UINT16 pub_data_size0 ] yes + * [UINT16 blob_size0 ] yes + * [UINT32 vendor_data_size0] yes + * [UINT16 cache_flags0 ] yes + * [BYTE[] pub_data0 ] + * [BYTE[] blob0 ] + * [BYTE[] vendor_data0 ] + * [...] + * + */ +TSS_RESULT +psfile_get_cache_entry_by_uuid(int fd, TSS_UUID *uuid, struct key_disk_cache *c) +{ + UINT32 i, num_keys = psfile_get_num_keys(fd); + int offset; + TSS_RESULT result; + BYTE found = 0; + + if (num_keys == 0) + return TSPERR(TSS_E_PS_KEY_NOTFOUND); + + /* make sure the file pointer is where we expect, just after the number + * of keys on disk at the head of the file + */ + offset = lseek(fd, TSSPS_KEYS_OFFSET, SEEK_SET); + if (offset == ((off_t)-1)) { + LogDebug("lseek: %s", strerror(errno)); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + for (i = 0; i < num_keys && !found; i++) { + offset = lseek(fd, 0, SEEK_CUR); + if (offset == ((off_t)-1)) { + LogDebug("lseek: %s", strerror(errno)); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + c->offset = offset; + + /* read UUID */ + if ((result = read_data(fd, (void *)&c->uuid, sizeof(TSS_UUID)))) { + LogDebug("%s", __FUNCTION__); + return result; + } + + if (!memcmp(&c->uuid, uuid, sizeof(TSS_UUID))) { + found = 1; + + /* read parent UUID */ + if ((result = read_data(fd, (void *)&c->parent_uuid, sizeof(TSS_UUID)))) { + LogDebug("%s", __FUNCTION__); + return result; + } + } else { + /* fast forward over the parent UUID */ + offset = lseek(fd, sizeof(TSS_UUID), SEEK_CUR); + if (offset == ((off_t)-1)) { + LogDebug("lseek: %s", strerror(errno)); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + } + + /* pub data size */ + if ((result = read_data(fd, &c->pub_data_size, sizeof(UINT16)))) { + LogDebug("%s", __FUNCTION__); + return result; + } + c->pub_data_size = LE_16(c->pub_data_size); + DBG_ASSERT(c->pub_data_size <= 2048 && c->pub_data_size > 0); + + /* blob size */ + if ((result = read_data(fd, &c->blob_size, sizeof(UINT16)))) { + LogDebug("%s", __FUNCTION__); + return result; + } + c->blob_size = LE_16(c->blob_size); + DBG_ASSERT(c->blob_size <= 4096 && c->blob_size > 0); + + /* vendor data size */ + if ((result = read_data(fd, &c->vendor_data_size, sizeof(UINT32)))) { + LogDebug("%s", __FUNCTION__); + return result; + } + c->vendor_data_size = LE_32(c->vendor_data_size); + + /* cache flags */ + if ((result = read_data(fd, &c->flags, sizeof(UINT16)))) { + LogDebug("%s", __FUNCTION__); + return result; + } + c->flags = LE_16(c->flags); + + /* fast forward over the pub key */ + offset = lseek(fd, c->pub_data_size, SEEK_CUR); + if (offset == ((off_t)-1)) { + LogDebug("lseek: %s", strerror(errno)); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + /* fast forward over the blob */ + offset = lseek(fd, c->blob_size, SEEK_CUR); + if (offset == ((off_t)-1)) { + LogDebug("lseek: %s", strerror(errno)); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + /* ignore vendor data in user ps */ + } + + return found ? TSS_SUCCESS : TSPERR(TSS_E_PS_KEY_NOTFOUND); +} + +TSS_RESULT +psfile_get_cache_entry_by_pub(int fd, UINT32 pub_size, BYTE *pub, struct key_disk_cache *c) +{ + BYTE blob[2048]; + UINT32 i, num_keys = psfile_get_num_keys(fd); + int offset; + TSS_RESULT result; + + if (num_keys == 0) + return TSPERR(TSS_E_PS_KEY_NOTFOUND); + + /* make sure the file pointer is where we expect, just after the number + * of keys on disk at the head of the file + */ + offset = lseek(fd, TSSPS_KEYS_OFFSET, SEEK_SET); + if (offset == ((off_t)-1)) { + LogDebug("lseek: %s", strerror(errno)); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + for (i = 0; i < num_keys; i++) { + offset = lseek(fd, 0, SEEK_CUR); + if (offset == ((off_t)-1)) { + LogDebug("lseek: %s", strerror(errno)); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + c->offset = offset; + + /* read UUID */ + if ((result = read_data(fd, (void *)&c->uuid, sizeof(TSS_UUID)))) { + LogDebug("%s", __FUNCTION__); + return result; + } + + /* read parent UUID */ + if ((result = read_data(fd, (void *)&c->parent_uuid, sizeof(TSS_UUID)))) { + LogDebug("%s", __FUNCTION__); + return result; + } + + /* pub data size */ + if ((result = read_data(fd, &c->pub_data_size, sizeof(UINT16)))) { + LogDebug("%s", __FUNCTION__); + return result; + } + + c->pub_data_size = LE_16(c->pub_data_size); + DBG_ASSERT(c->pub_data_size <= 2048 && c->pub_data_size > 0); + + /* blob size */ + if ((result = read_data(fd, &c->blob_size, sizeof(UINT16)))) { + LogDebug("%s", __FUNCTION__); + return result; + } + + c->blob_size = LE_16(c->blob_size); + DBG_ASSERT(c->blob_size <= 4096 && c->blob_size > 0); + + /* vendor data size */ + if ((result = read_data(fd, &c->vendor_data_size, sizeof(UINT32)))) { + LogDebug("%s", __FUNCTION__); + return result; + } + c->vendor_data_size = LE_32(c->vendor_data_size); + + /* cache flags */ + if ((result = read_data(fd, &c->flags, sizeof(UINT16)))) { + LogDebug("%s", __FUNCTION__); + return result; + } + c->flags = LE_16(c->flags); + + if (c->pub_data_size == pub_size) { + /* read in the pub key */ + if ((result = read_data(fd, blob, c->pub_data_size))) { + LogDebug("%s", __FUNCTION__); + return result; + } + + if (!memcmp(blob, pub, pub_size)) + break; + } + + /* fast forward over the blob */ + offset = lseek(fd, c->blob_size, SEEK_CUR); + if (offset == ((off_t)-1)) { + LogDebug("lseek: %s", strerror(errno)); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + /* ignore vendor data */ + } + + return TSS_SUCCESS; +} diff --git a/src/tspi/rpc/hosttable.c b/src/tspi/rpc/hosttable.c new file mode 100644 index 0000000..f3ec2eb --- /dev/null +++ b/src/tspi/rpc/hosttable.c @@ -0,0 +1,182 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tsplog.h" +#include "hosttable.h" +#include "obj.h" + +struct host_table *ht = NULL; + +TSS_RESULT +host_table_init() +{ + ht = calloc(1, sizeof(struct host_table)); + if (ht == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(struct host_table)); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + MUTEX_INIT(ht->lock); + + return TSS_SUCCESS; +} + +#ifdef SOLARIS +#pragma init(_init) +void _init(void) +#else +void __attribute__ ((constructor)) my_init(void) +#endif +{ + host_table_init(); + __tspi_obj_list_init(); +} + +void +host_table_final() +{ + struct host_table_entry *hte, *next = NULL; + + MUTEX_LOCK(ht->lock); + + for (hte = ht->entries; hte; hte = next) { + if (hte) + next = hte->next; + if (hte->hostname) + free(hte->hostname); + if (hte->comm.buf) + free(hte->comm.buf); + free(hte); + } + + MUTEX_UNLOCK(ht->lock); + + free(ht); + ht = NULL; +} + +#ifdef SOLARIS +#pragma fini(_fini) +void _fini(void) +#else +void __attribute__ ((destructor)) my_fini(void) +#endif +{ + host_table_final(); +} + +TSS_RESULT +__tspi_add_table_entry(TSS_HCONTEXT tspContext, BYTE *host, int type, struct host_table_entry **ret) +{ + struct host_table_entry *entry, *tmp; + + entry = calloc(1, sizeof(struct host_table_entry)); + if (entry == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(struct host_table_entry)); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + entry->tspContext = tspContext; + entry->hostname = host; + entry->type = type; + entry->comm.buf_size = TCSD_INIT_TXBUF_SIZE; + entry->comm.buf = calloc(1, entry->comm.buf_size); + if (entry->comm.buf == NULL) { + LogError("malloc of %u bytes failed.", entry->comm.buf_size); + free(entry); + return TSPERR(TSS_E_OUTOFMEMORY); + } + MUTEX_INIT(entry->lock); + + MUTEX_LOCK(ht->lock); + + for (tmp = ht->entries; tmp; tmp = tmp->next) { + if (tmp->tspContext == tspContext) { + LogError("Tspi_Context_Connect attempted on an already connected context!"); + MUTEX_UNLOCK(ht->lock); + free(entry->hostname); + free(entry->comm.buf); + free(entry); + return TSPERR(TSS_E_CONNECTION_FAILED); + } + } + + if( ht->entries == NULL ) { + ht->entries = entry; + } else { + for (tmp = ht->entries; tmp->next; tmp = tmp->next) + ; + tmp->next = entry; + } + MUTEX_UNLOCK(ht->lock); + + *ret = entry; + + return TSS_SUCCESS; +} + +void +remove_table_entry(TSS_HCONTEXT tspContext) +{ + struct host_table_entry *hte, *prev = NULL; + + MUTEX_LOCK(ht->lock); + + for (hte = ht->entries; hte; prev = hte, hte = hte->next) { + if (hte->tspContext == tspContext) { + if (prev != NULL) + prev->next = hte->next; + else + ht->entries = hte->next; + if (hte->hostname) + free(hte->hostname); + free(hte->comm.buf); + free(hte); + break; + } + } + + MUTEX_UNLOCK(ht->lock); +} + +struct host_table_entry * +get_table_entry(TSS_HCONTEXT tspContext) +{ + struct host_table_entry *index = NULL; + + MUTEX_LOCK(ht->lock); + + for (index = ht->entries; index; index = index->next) { + if (index->tspContext == tspContext) + break; + } + + if (index) + MUTEX_LOCK(index->lock); + + MUTEX_UNLOCK(ht->lock); + + return index; +} + +void +put_table_entry(struct host_table_entry *entry) +{ + if (entry) + MUTEX_UNLOCK(entry->lock); +} + diff --git a/src/tspi/rpc/tcs_api.c b/src/tspi/rpc/tcs_api.c new file mode 100644 index 0000000..3eeb1fb --- /dev/null +++ b/src/tspi/rpc/tcs_api.c @@ -0,0 +1,3377 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004, 2007 + * + */ + + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "hosttable.h" +#include "tsplog.h" +#include "rpc_tcstp_tsp.h" +#include "obj_context.h" + + +TSS_RESULT +RPC_Error(TSS_HCONTEXT tspContext, ...) +{ + LogDebugFn("Context: 0x%x", tspContext); + return TSPERR(TSS_E_INTERNAL_ERROR); +} + +TSS_RESULT +RPC_OpenContext(TSS_HCONTEXT tspContext, BYTE *hostname, int type) +{ + TSS_RESULT result; + TCS_CONTEXT_HANDLE tcsContext; + struct host_table_entry *entry; + UINT32 tpm_version; + + /* __tspi_add_table_entry() will make sure an entry doesn't already exist for this tsp context */ + if ((result = __tspi_add_table_entry(tspContext, hostname, type, &entry))) + return result; + + switch (type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + if ((result = RPC_OpenContext_TP(entry, &tpm_version, &tcsContext))) + remove_table_entry(tspContext); + else { + entry->tcsContext = tcsContext; + if (obj_context_set_tpm_version(tspContext, tpm_version)) { + remove_table_entry(tspContext); + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + } + return result; + default: + break; + } + + return TSPERR(TSS_E_INTERNAL_ERROR); +} + +TSS_RESULT RPC_GetRegisteredKeyByPublicInfo(TSS_HCONTEXT tspContext, + TCPA_ALGORITHM_ID algID, /* in */ + UINT32 ulPublicInfoLength, /* in */ + BYTE * rgbPublicInfo, /* in */ + UINT32 * keySize, BYTE ** keyBlob) +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_GetRegisteredKeyByPublicInfo_TP(entry, algID, + ulPublicInfoLength, + rgbPublicInfo, keySize, + keyBlob); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_CloseContext(TSS_HCONTEXT tspContext) /* in */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + if ((result = RPC_CloseContext_TP(entry)) == TSS_SUCCESS) { + close(entry->socket); + remove_table_entry(tspContext); + } + break; + default: + break; + } + + if (result != TSS_SUCCESS) + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_FreeMemory(TSS_HCONTEXT tspContext, /* in */ + BYTE * pMemory) /* in */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_FreeMemory_TP(entry, pMemory); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_LogPcrEvent(TSS_HCONTEXT tspContext, /* in */ + TSS_PCR_EVENT Event, /* in */ + UINT32 * pNumber) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_LogPcrEvent_TP(entry, Event, pNumber); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_GetPcrEvent(TSS_HCONTEXT tspContext, /* in */ + UINT32 PcrIndex, /* in */ + UINT32 * pNumber, /* in, out */ + TSS_PCR_EVENT ** ppEvent) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = + RPC_GetPcrEvent_TP(entry, PcrIndex, pNumber, ppEvent); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_GetPcrEventsByPcr(TSS_HCONTEXT tspContext, /* in */ + UINT32 PcrIndex, /* in */ + UINT32 FirstEvent, /* in */ + UINT32 * pEventCount, /* in,out */ + TSS_PCR_EVENT ** ppEvents) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_GetPcrEventsByPcr_TP(entry, PcrIndex, FirstEvent, + pEventCount, ppEvents); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_GetPcrEventLog(TSS_HCONTEXT tspContext, /* in */ + UINT32 * pEventCount, /* out */ + TSS_PCR_EVENT ** ppEvents) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_GetPcrEventLog_TP(entry, pEventCount, ppEvents); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_RegisterKey(TSS_HCONTEXT tspContext, /* in */ + TSS_UUID WrappingKeyUUID, /* in */ + TSS_UUID KeyUUID, /* in */ + UINT32 cKeySize, /* in */ + BYTE * rgbKey, /* in */ + UINT32 cVendorData, /* in */ + BYTE * gbVendorData) /* in */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_RegisterKey_TP(entry, WrappingKeyUUID, KeyUUID, cKeySize, + rgbKey, cVendorData, gbVendorData); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_UnregisterKey(TSS_HCONTEXT tspContext, /* in */ + TSS_UUID KeyUUID) /* in */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_UnregisterKey_TP(entry, KeyUUID); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_EnumRegisteredKeys(TSS_HCONTEXT tspContext, /* in */ + TSS_UUID * pKeyUUID, /* in */ + UINT32 * pcKeyHierarchySize, /* out */ + TSS_KM_KEYINFO ** ppKeyHierarchy) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_EnumRegisteredKeys_TP(entry, pKeyUUID, pcKeyHierarchySize, + ppKeyHierarchy); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_EnumRegisteredKeys2(TSS_HCONTEXT tspContext, /* in */ + TSS_UUID * pKeyUUID, /* in */ + UINT32 * pcKeyHierarchySize, /* out */ + TSS_KM_KEYINFO2 ** ppKeyHierarchy) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_EnumRegisteredKeys2_TP(entry, pKeyUUID, pcKeyHierarchySize, + ppKeyHierarchy); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + + +TSS_RESULT RPC_GetRegisteredKey(TSS_HCONTEXT tspContext, /* in */ + TSS_UUID KeyUUID, /* in */ + TSS_KM_KEYINFO ** ppKeyInfo) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_GetRegisteredKey_TP(entry, KeyUUID, ppKeyInfo); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_GetRegisteredKeyBlob(TSS_HCONTEXT tspContext, /* in */ + TSS_UUID KeyUUID, /* in */ + UINT32 * pcKeySize, /* out */ + BYTE ** prgbKey) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_GetRegisteredKeyBlob_TP(entry, KeyUUID, pcKeySize, prgbKey); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_LoadKeyByBlob(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE hUnwrappingKey, /* in */ + UINT32 cWrappedKeyBlobSize, /* in */ + BYTE * rgbWrappedKeyBlob, /* in */ + TPM_AUTH * pAuth, /* in, out */ + TCS_KEY_HANDLE * phKeyTCSI, /* out */ + TCS_KEY_HANDLE * phKeyHMAC) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_LoadKeyByBlob_TP(entry, hUnwrappingKey, cWrappedKeyBlobSize, + rgbWrappedKeyBlob, pAuth, phKeyTCSI, + phKeyHMAC); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_LoadKeyByUUID(TSS_HCONTEXT tspContext, /* in */ + TSS_UUID KeyUUID, /* in */ + TCS_LOADKEY_INFO * pLoadKeyInfo, /* in, out */ + TCS_KEY_HANDLE * phKeyTCSI) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_LoadKeyByUUID_TP(entry, KeyUUID, pLoadKeyInfo, phKeyTCSI); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_EvictKey(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE hKey) /* in */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_EvictKey_TP(entry, hKey); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_CreateWrapKey(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE hWrappingKey, /* in */ + TCPA_ENCAUTH *KeyUsageAuth, /* in */ + TCPA_ENCAUTH *KeyMigrationAuth, /* in */ + UINT32 keyInfoSize, /* in */ + BYTE * keyInfo, /* in */ + UINT32 * keyDataSize, /* out */ + BYTE ** keyData, /* out */ + TPM_AUTH * pAuth) /* in, out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_CreateWrapKey_TP(entry, hWrappingKey, KeyUsageAuth, + KeyMigrationAuth, keyInfoSize, keyInfo, + keyDataSize, keyData, pAuth); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_GetPubKey(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE hKey, /* in */ + TPM_AUTH * pAuth, /* in, out */ + UINT32 * pcPubKeySize, /* out */ + BYTE ** prgbPubKey) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_GetPubKey_TP(entry, hKey, pAuth, pcPubKeySize, prgbPubKey); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_MakeIdentity(TSS_HCONTEXT tspContext, /* in */ + TCPA_ENCAUTH identityAuth, /* in */ + TCPA_CHOSENID_HASH IDLabel_PrivCAHash, /* in */ + UINT32 idKeyInfoSize, /* in */ + BYTE * idKeyInfo, /* in */ + TPM_AUTH * pSrkAuth, /* in, out */ + TPM_AUTH * pOwnerAuth, /* in, out */ + UINT32 * idKeySize, /* out */ + BYTE ** idKey, /* out */ + UINT32 * pcIdentityBindingSize, /* out */ + BYTE ** prgbIdentityBinding, /* out */ + UINT32 * pcEndorsementCredentialSize, /* out */ + BYTE ** prgbEndorsementCredential, /* out */ + UINT32 * pcPlatformCredentialSize, /* out */ + BYTE ** prgbPlatformCredential, /* out */ + UINT32 * pcConformanceCredentialSize, /* out */ + BYTE ** prgbConformanceCredential) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_MakeIdentity_TP(entry, identityAuth, + IDLabel_PrivCAHash, idKeyInfoSize, idKeyInfo, + pSrkAuth, pOwnerAuth, idKeySize, idKey, + pcIdentityBindingSize, prgbIdentityBinding, + pcEndorsementCredentialSize, + prgbEndorsementCredential, + pcPlatformCredentialSize, + prgbPlatformCredential, + pcConformanceCredentialSize, + prgbConformanceCredential); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +#ifdef TSS_BUILD_TSS12 +TSS_RESULT RPC_GetCredential(TSS_HCONTEXT tspContext, /* in */ + UINT32 ulCredentialType, /* in */ + UINT32 ulCredentialAccessMode, /* in */ + UINT32 * pulCredentialSize, /* out */ + BYTE ** prgbCredentialData) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_GetCredential_TP(entry, ulCredentialType, + ulCredentialAccessMode, pulCredentialSize, + prgbCredentialData); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} +#endif + +TSS_RESULT RPC_SetOwnerInstall(TSS_HCONTEXT tspContext, /* in */ + TSS_BOOL state) /* in */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_SetOwnerInstall_TP(entry, state); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_TakeOwnership(TSS_HCONTEXT tspContext, /* in */ + UINT16 protocolID, /* in */ + UINT32 encOwnerAuthSize, /* in */ + BYTE * encOwnerAuth, /* in */ + UINT32 encSrkAuthSize, /* in */ + BYTE * encSrkAuth, /* in */ + UINT32 srkInfoSize, /* in */ + BYTE * srkInfo, /* in */ + TPM_AUTH * ownerAuth, /* in, out */ + UINT32 * srkKeySize, + BYTE ** srkKey) +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_TakeOwnership_TP(entry, protocolID, + encOwnerAuthSize, encOwnerAuth, + encSrkAuthSize, encSrkAuth, srkInfoSize, + srkInfo, ownerAuth, srkKeySize, srkKey); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_OIAP(TSS_HCONTEXT tspContext, /* in */ + TCS_AUTHHANDLE * authHandle, /* out */ + TCPA_NONCE * nonce0) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_OIAP_TP(entry, authHandle, nonce0); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_OSAP(TSS_HCONTEXT tspContext, /* in */ + TCPA_ENTITY_TYPE entityType, /* in */ + UINT32 entityValue, /* in */ + TPM_NONCE *nonceOddOSAP, /* in */ + TCS_AUTHHANDLE * authHandle, /* out */ + TCPA_NONCE * nonceEven, /* out */ + TCPA_NONCE * nonceEvenOSAP) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_OSAP_TP(entry, entityType, entityValue, nonceOddOSAP, + authHandle, nonceEven, nonceEvenOSAP); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_ChangeAuth(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE parentHandle, /* in */ + TCPA_PROTOCOL_ID protocolID, /* in */ + TCPA_ENCAUTH *newAuth, /* in */ + TCPA_ENTITY_TYPE entityType, /* in */ + UINT32 encDataSize, /* in */ + BYTE * encData, /* in */ + TPM_AUTH * ownerAuth, /* in, out */ + TPM_AUTH * entityAuth, /* in, out */ + UINT32 * outDataSize, /* out */ + BYTE ** outData) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_ChangeAuth_TP(entry, parentHandle, protocolID, newAuth, + entityType, encDataSize, encData, ownerAuth, + entityAuth, outDataSize, outData); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_ChangeAuthOwner(TSS_HCONTEXT tspContext, /* in */ + TCPA_PROTOCOL_ID protocolID, /* in */ + TCPA_ENCAUTH *newAuth, /* in */ + TCPA_ENTITY_TYPE entityType, /* in */ + TPM_AUTH * ownerAuth) /* in, out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_ChangeAuthOwner_TP(entry, protocolID, newAuth, entityType, + ownerAuth); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_ChangeAuthAsymStart(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE idHandle, /* in */ + TCPA_NONCE antiReplay, /* in */ + UINT32 KeySizeIn, /* in */ + BYTE * KeyDataIn, /* in */ + TPM_AUTH * pAuth, /* in, out */ + UINT32 * KeySizeOut, /* out */ + BYTE ** KeyDataOut, /* out */ + UINT32 * CertifyInfoSize, /* out */ + BYTE ** CertifyInfo, /* out */ + UINT32 * sigSize, /* out */ + BYTE ** sig, /* out */ + TCS_KEY_HANDLE * ephHandle) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_ChangeAuthAsymStart_TP(entry, idHandle, antiReplay, + KeySizeIn, KeyDataIn, pAuth, + KeySizeOut, KeyDataOut, + CertifyInfoSize, CertifyInfo, sigSize, + sig, ephHandle); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_ChangeAuthAsymFinish(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE parentHandle, /* in */ + TCS_KEY_HANDLE ephHandle, /* in */ + TCPA_ENTITY_TYPE entityType, /* in */ + TCPA_HMAC newAuthLink, /* in */ + UINT32 newAuthSize, /* in */ + BYTE * encNewAuth, /* in */ + UINT32 encDataSizeIn, /* in */ + BYTE * encDataIn, /* in */ + TPM_AUTH * ownerAuth, /* in, out */ + UINT32 * encDataSizeOut, /* out */ + BYTE ** encDataOut, /* out */ + TCPA_SALT_NONCE * saltNonce, /* out */ + TCPA_DIGEST * changeProof) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_ChangeAuthAsymFinish_TP(entry, parentHandle, ephHandle, + entityType, newAuthLink, + newAuthSize, encNewAuth, + encDataSizeIn, encDataIn, ownerAuth, + encDataSizeOut, encDataOut, saltNonce, + changeProof); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_TerminateHandle(TSS_HCONTEXT tspContext, /* in */ + TCS_AUTHHANDLE handle) /* in */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_TerminateHandle_TP(entry, handle); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_ActivateTPMIdentity(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE idKey, /* in */ + UINT32 blobSize, /* in */ + BYTE * blob, /* in */ + TPM_AUTH * idKeyAuth, /* in, out */ + TPM_AUTH * ownerAuth, /* in, out */ + UINT32 * SymmetricKeySize, /* out */ + BYTE ** SymmetricKey) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_ActivateTPMIdentity_TP(entry, idKey, blobSize, blob, idKeyAuth, + ownerAuth, SymmetricKeySize, + SymmetricKey); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_Extend(TSS_HCONTEXT tspContext, /* in */ + TCPA_PCRINDEX pcrNum, /* in */ + TCPA_DIGEST inDigest, /* in */ + TCPA_PCRVALUE * outDigest) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_Extend_TP(entry, pcrNum, inDigest, outDigest); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_PcrRead(TSS_HCONTEXT tspContext, /* in */ + TCPA_PCRINDEX pcrNum, /* in */ + TCPA_PCRVALUE * outDigest) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_PcrRead_TP(entry, pcrNum, outDigest); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_PcrReset(TSS_HCONTEXT tspContext, /* in */ + UINT32 pcrDataSizeIn, /* in */ + BYTE * pcrDataIn) /* in */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_PcrReset_TP(entry, pcrDataSizeIn, pcrDataIn); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + + +TSS_RESULT RPC_Quote(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + TCPA_NONCE *antiReplay, /* in */ + UINT32 pcrDataSizeIn, /* in */ + BYTE * pcrDataIn, /* in */ + TPM_AUTH * privAuth, /* in, out */ + UINT32 * pcrDataSizeOut, /* out */ + BYTE ** pcrDataOut, /* out */ + UINT32 * sigSize, /* out */ + BYTE ** sig) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_Quote_TP(entry, keyHandle, antiReplay, pcrDataSizeIn, + pcrDataIn, privAuth, pcrDataSizeOut, pcrDataOut, + sigSize, sig); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +#ifdef TSS_BUILD_TSS12 +TSS_RESULT RPC_Quote2(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + TCPA_NONCE *antiReplay, /* in */ + UINT32 pcrDataSizeIn, /* in */ + BYTE * pcrDataIn, /* in */ + TSS_BOOL addVersion, /* in */ + TPM_AUTH * privAuth, /* in,out */ + UINT32 * pcrDataSizeOut, /* out */ + BYTE ** pcrDataOut, /* out */ + UINT32 * versionInfoSize, /* out */ + BYTE ** versionInfo, /* out */ + UINT32 * sigSize, /* out */ + BYTE ** sig) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_Quote2_TP(entry, keyHandle, antiReplay, pcrDataSizeIn, pcrDataIn, + addVersion,privAuth, pcrDataSizeOut, pcrDataOut, + versionInfoSize, versionInfo,sigSize, sig); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} +#endif + +TSS_RESULT RPC_DirWriteAuth(TSS_HCONTEXT tspContext, /* in */ + TCPA_DIRINDEX dirIndex, /* in */ + TCPA_DIRVALUE *newContents, /* in */ + TPM_AUTH * ownerAuth) /* in, out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_DirWriteAuth_TP(entry, dirIndex, newContents, ownerAuth); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_DirRead(TSS_HCONTEXT tspContext, /* in */ + TCPA_DIRINDEX dirIndex, /* in */ + TCPA_DIRVALUE * dirValue) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_DirRead_TP(entry, dirIndex, dirValue); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_Seal(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + TCPA_ENCAUTH *encAuth, /* in */ + UINT32 pcrInfoSize, /* in */ + BYTE * PcrInfo, /* in */ + UINT32 inDataSize, /* in */ + BYTE * inData, /* in */ + TPM_AUTH * pubAuth, /* in, out */ + UINT32 * SealedDataSize, /* out */ + BYTE ** SealedData) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_Seal_TP(entry, keyHandle, encAuth, pcrInfoSize, PcrInfo, + inDataSize, inData, pubAuth, SealedDataSize, + SealedData); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +#ifdef TSS_BUILD_SEALX +TSS_RESULT RPC_Sealx(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + TCPA_ENCAUTH *encAuth, /* in */ + UINT32 pcrInfoSize, /* in */ + BYTE * PcrInfo, /* in */ + UINT32 inDataSize, /* in */ + BYTE * inData, /* in */ + TPM_AUTH * pubAuth, /* in, out */ + UINT32 * SealedDataSize, /* out */ + BYTE ** SealedData) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_Sealx_TP(entry, keyHandle, encAuth, pcrInfoSize, PcrInfo, + inDataSize, inData, pubAuth, SealedDataSize, + SealedData); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} +#endif + +TSS_RESULT RPC_Unseal(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE parentHandle, /* in */ + UINT32 SealedDataSize, /* in */ + BYTE * SealedData, /* in */ + TPM_AUTH * parentAuth, /* in, out */ + TPM_AUTH * dataAuth, /* in, out */ + UINT32 * DataSize, /* out */ + BYTE ** Data) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_Unseal_TP(entry, parentHandle, SealedDataSize, SealedData, + parentAuth, dataAuth, DataSize, Data); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_UnBind(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + UINT32 inDataSize, /* in */ + BYTE * inData, /* in */ + TPM_AUTH * privAuth, /* in, out */ + UINT32 * outDataSize, /* out */ + BYTE ** outData) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_UnBind_TP(entry, keyHandle, inDataSize, inData, privAuth, + outDataSize, outData); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_CreateMigrationBlob(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE parentHandle, /* in */ + TCPA_MIGRATE_SCHEME migrationType, /* in */ + UINT32 MigrationKeyAuthSize, /* in */ + BYTE * MigrationKeyAuth, /* in */ + UINT32 encDataSize, /* in */ + BYTE * encData, /* in */ + TPM_AUTH * parentAuth, /* in, out */ + TPM_AUTH * entityAuth, /* in, out */ + UINT32 * randomSize, /* out */ + BYTE ** random, /* out */ + UINT32 * outDataSize, /* out */ + BYTE ** outData) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_CreateMigrationBlob_TP(entry, parentHandle, + migrationType, MigrationKeyAuthSize, + MigrationKeyAuth, encDataSize, encData, + parentAuth, entityAuth, randomSize, + random, outDataSize, outData); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_ConvertMigrationBlob(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE parentHandle, /* in */ + UINT32 inDataSize, /* in */ + BYTE * inData, /* in */ + UINT32 randomSize, /* in */ + BYTE * random, /* in */ + TPM_AUTH * parentAuth, /* in, out */ + UINT32 * outDataSize, /* out */ + BYTE ** outData) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_ConvertMigrationBlob_TP(entry, parentHandle, + inDataSize, inData, randomSize, + random, parentAuth, outDataSize, + outData); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_AuthorizeMigrationKey(TSS_HCONTEXT tspContext, /* in */ + TCPA_MIGRATE_SCHEME migrateScheme, /* in */ + UINT32 MigrationKeySize, /* in */ + BYTE * MigrationKey, /* in */ + TPM_AUTH * ownerAuth, /* in, out */ + UINT32 * MigrationKeyAuthSize, /* out */ + BYTE ** MigrationKeyAuth) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_AuthorizeMigrationKey_TP(entry, migrateScheme, + MigrationKeySize, MigrationKey, + ownerAuth, MigrationKeyAuthSize, + MigrationKeyAuth); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_CertifyKey(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE certHandle, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + TPM_NONCE * antiReplay, /* in */ + TPM_AUTH * certAuth, /* in, out */ + TPM_AUTH * keyAuth, /* in, out */ + UINT32 * CertifyInfoSize, /* out */ + BYTE ** CertifyInfo, /* out */ + UINT32 * outDataSize, /* out */ + BYTE ** outData) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_CertifyKey_TP(entry, certHandle, keyHandle, antiReplay, + certAuth, keyAuth, CertifyInfoSize, CertifyInfo, + outDataSize, outData); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_Sign(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + UINT32 areaToSignSize, /* in */ + BYTE * areaToSign, /* in */ + TPM_AUTH * privAuth, /* in, out */ + UINT32 * sigSize, /* out */ + BYTE ** sig) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_Sign_TP(entry, keyHandle, areaToSignSize, areaToSign, privAuth, + sigSize, sig); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_GetRandom(TSS_HCONTEXT tspContext, /* in */ + UINT32 bytesRequested, /* in */ + BYTE ** randomBytes) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_GetRandom_TP(entry, bytesRequested, randomBytes); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_StirRandom(TSS_HCONTEXT tspContext, /* in */ + UINT32 inDataSize, /* in */ + BYTE * inData) /* in */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_StirRandom_TP(entry, inDataSize, inData); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_GetTPMCapability(TSS_HCONTEXT tspContext, /* in */ + TCPA_CAPABILITY_AREA capArea, /* in */ + UINT32 subCapSize, /* in */ + BYTE * subCap, /* in */ + UINT32 * respSize, /* out */ + BYTE ** resp) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_GetTPMCapability_TP(entry, capArea, subCapSize, subCap, + respSize, resp); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_SetCapability(TSS_HCONTEXT tspContext, /* in */ + TCPA_CAPABILITY_AREA capArea, /* in */ + UINT32 subCapSize, /* in */ + BYTE * subCap, /* in */ + UINT32 valueSize, /* in */ + BYTE * value, /* in */ + TPM_AUTH *ownerAuth) /* in, out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_SetCapability_TP(entry, capArea, subCapSize, subCap, + valueSize, value, ownerAuth); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_GetCapability(TSS_HCONTEXT tspContext, /* in */ + TCPA_CAPABILITY_AREA capArea, /* in */ + UINT32 subCapSize, /* in */ + BYTE * subCap, /* in */ + UINT32 * respSize, /* out */ + BYTE ** resp) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_GetCapability_TP(entry, capArea, subCapSize, subCap, respSize, + resp); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_GetCapabilitySigned(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + TCPA_NONCE antiReplay, /* in */ + TCPA_CAPABILITY_AREA capArea, /* in */ + UINT32 subCapSize, /* in */ + BYTE * subCap, /* in */ + TPM_AUTH * privAuth, /* in, out */ + TCPA_VERSION * Version, /* out */ + UINT32 * respSize, /* out */ + BYTE ** resp, /* out */ + UINT32 * sigSize, /* out */ + BYTE ** sig) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_GetCapabilitySigned_TP(entry, keyHandle, antiReplay, capArea, + subCapSize, subCap, privAuth, Version, + respSize, resp, sigSize, sig); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_GetCapabilityOwner(TSS_HCONTEXT tspContext, /* in */ + TPM_AUTH * pOwnerAuth, /* out */ + TCPA_VERSION * pVersion, /* out */ + UINT32 * pNonVolatileFlags, /* out */ + UINT32 * pVolatileFlags) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_GetCapabilityOwner_TP(entry, pOwnerAuth, pVersion, + pNonVolatileFlags, pVolatileFlags); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_CreateEndorsementKeyPair(TSS_HCONTEXT tspContext, /* in */ + TCPA_NONCE antiReplay, /* in */ + UINT32 endorsementKeyInfoSize, /* in */ + BYTE * endorsementKeyInfo, /* in */ + UINT32 * endorsementKeySize, /* out */ + BYTE ** endorsementKey, /* out */ + TCPA_DIGEST * checksum) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_CreateEndorsementKeyPair_TP(entry, antiReplay, + endorsementKeyInfoSize, + endorsementKeyInfo, + endorsementKeySize, + endorsementKey, checksum); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_ReadPubek(TSS_HCONTEXT tspContext, /* in */ + TCPA_NONCE antiReplay, /* in */ + UINT32 * pubEndorsementKeySize, /* out */ + BYTE ** pubEndorsementKey, /* out */ + TCPA_DIGEST * checksum) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_ReadPubek_TP(entry, antiReplay, pubEndorsementKeySize, + pubEndorsementKey, checksum); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_DisablePubekRead(TSS_HCONTEXT tspContext, /* in */ + TPM_AUTH * ownerAuth) /* in, out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_DisablePubekRead_TP(entry, ownerAuth); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_OwnerReadPubek(TSS_HCONTEXT tspContext, /* in */ + TPM_AUTH * ownerAuth, /* in, out */ + UINT32 * pubEndorsementKeySize, /* out */ + BYTE ** pubEndorsementKey) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_OwnerReadPubek_TP(entry, ownerAuth, pubEndorsementKeySize, + pubEndorsementKey); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +#ifdef TSS_BUILD_TSS12 +TSS_RESULT RPC_CreateRevocableEndorsementKeyPair(TSS_HCONTEXT tspContext, /* in */ + TPM_NONCE antiReplay, /* in */ + UINT32 endorsementKeyInfoSize,/* in */ + BYTE * endorsementKeyInfo, /* in */ + TSS_BOOL genResetAuth, /* in */ + TPM_DIGEST * eKResetAuth, /* in, out */ + UINT32 * endorsementKeySize, /* out */ + BYTE ** endorsementKey, /* out */ + TPM_DIGEST * checksum) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_CreateRevocableEndorsementKeyPair_TP(entry, antiReplay, + endorsementKeyInfoSize, + endorsementKeyInfo, + genResetAuth, + eKResetAuth, + endorsementKeySize, + endorsementKey, checksum); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_RevokeEndorsementKeyPair(TSS_HCONTEXT tspContext, /* in */ + TPM_DIGEST *EKResetAuth) /* in */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_RevokeEndorsementKeyPair_TP(entry, EKResetAuth); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} +#endif + +TSS_RESULT RPC_SelfTestFull(TSS_HCONTEXT tspContext) /* in */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_SelfTestFull_TP(entry); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_CertifySelfTest(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + TCPA_NONCE antiReplay, /* in */ + TPM_AUTH * privAuth, /* in, out */ + UINT32 * sigSize, /* out */ + BYTE ** sig) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_CertifySelfTest_TP(entry, keyHandle, antiReplay, privAuth, + sigSize, sig); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_GetTestResult(TSS_HCONTEXT tspContext, /* in */ + UINT32 * outDataSize, /* out */ + BYTE ** outData) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_GetTestResult_TP(entry, outDataSize, outData); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_OwnerSetDisable(TSS_HCONTEXT tspContext, /* in */ + TSS_BOOL disableState, /* in */ + TPM_AUTH * ownerAuth) /* in, out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_OwnerSetDisable_TP(entry, disableState, ownerAuth); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +#ifdef TSS_BUILD_TSS12 +TSS_RESULT RPC_ResetLockValue(TSS_HCONTEXT tspContext, /* in */ + TPM_AUTH * ownerAuth) /* in, out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_ResetLockValue_TP(entry, ownerAuth); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} +#endif + +TSS_RESULT RPC_OwnerClear(TSS_HCONTEXT tspContext, /* in */ + TPM_AUTH * ownerAuth) /* in, out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_OwnerClear_TP(entry, ownerAuth); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_DisableOwnerClear(TSS_HCONTEXT tspContext, /* in */ + TPM_AUTH * ownerAuth) /* in, out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_DisableOwnerClear_TP(entry, ownerAuth); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_ForceClear(TSS_HCONTEXT tspContext) /* in */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_ForceClear_TP(entry); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_DisableForceClear(TSS_HCONTEXT tspContext) /* in */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_DisableForceClear_TP(entry); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_PhysicalDisable(TSS_HCONTEXT tspContext) /* in */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_PhysicalDisable_TP(entry); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_PhysicalEnable(TSS_HCONTEXT tspContext) /* in */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_PhysicalEnable_TP(entry); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_PhysicalSetDeactivated(TSS_HCONTEXT tspContext, /* in */ + TSS_BOOL state) /* in */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_PhysicalSetDeactivated_TP(entry, state); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_PhysicalPresence(TSS_HCONTEXT tspContext, /* in */ + TCPA_PHYSICAL_PRESENCE fPhysicalPresence) /* in */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_PhysicalPresence_TP(entry, fPhysicalPresence); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_SetTempDeactivated(TSS_HCONTEXT tspContext) /* in */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_SetTempDeactivated_TP(entry); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +#ifdef TSS_BUILD_TSS12 +TSS_RESULT RPC_SetTempDeactivated2(TSS_HCONTEXT tspContext, /* in */ + TPM_AUTH *operatorAuth) /* in, out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_SetTempDeactivated2_TP(entry, operatorAuth); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} +#endif + +TSS_RESULT RPC_FieldUpgrade(TSS_HCONTEXT tspContext, /* in */ + UINT32 dataInSize, /* in */ + BYTE * dataIn, /* in */ + UINT32 * dataOutSize, /* out */ + BYTE ** dataOut, /* out */ + TPM_AUTH * ownerAuth) /* in, out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = (UINT32) TSPERR(TSS_E_INTERNAL_ERROR); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_SetRedirection(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + UINT32 c1, /* in */ + UINT32 c2, /* in */ + TPM_AUTH * privAuth) /* in, out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = (UINT32) TSPERR(TSS_E_INTERNAL_ERROR); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_CreateMaintenanceArchive(TSS_HCONTEXT tspContext, /* in */ + TSS_BOOL generateRandom, /* in */ + TPM_AUTH * ownerAuth, /* in, out */ + UINT32 * randomSize, /* out */ + BYTE ** random, /* out */ + UINT32 * archiveSize, /* out */ + BYTE ** archive) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_CreateMaintenanceArchive_TP(entry, generateRandom, ownerAuth, + randomSize, random, archiveSize, + archive); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_LoadMaintenanceArchive(TSS_HCONTEXT tspContext, /* in */ + UINT32 dataInSize, /* in */ + BYTE * dataIn, /* in */ + TPM_AUTH * ownerAuth, /* in, out */ + UINT32 * dataOutSize, /* out */ + BYTE ** dataOut) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_LoadMaintenanceArchive_TP(entry, dataInSize, dataIn, ownerAuth, + dataOutSize, dataOut); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_KillMaintenanceFeature(TSS_HCONTEXT tspContext, /* in */ + TPM_AUTH * ownerAuth) /* in, out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_KillMaintenanceFeature_TP(entry, ownerAuth); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_LoadManuMaintPub(TSS_HCONTEXT tspContext, /* in */ + TCPA_NONCE antiReplay, /* in */ + UINT32 PubKeySize, /* in */ + BYTE * PubKey, /* in */ + TCPA_DIGEST * checksum) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_LoadManuMaintPub_TP(entry, antiReplay, PubKeySize, PubKey, + checksum); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT RPC_ReadManuMaintPub(TSS_HCONTEXT tspContext, /* in */ + TCPA_NONCE antiReplay, /* in */ + TCPA_DIGEST * checksum) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_ReadManuMaintPub_TP(entry, antiReplay, checksum); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +#ifdef TSS_BUILD_DAA +TSS_RESULT +RPC_DaaJoin(TSS_HCONTEXT tspContext, /* in */ + TPM_HANDLE daa_session, /* in */ + BYTE stage, /* in */ + UINT32 inputSize0, /* in */ + BYTE* inputData0, /* in */ + UINT32 inputSize1, /* in */ + BYTE* inputData1, /* in */ + TPM_AUTH* ownerAuth, /* in, out */ + UINT32* outputSize, /* out */ + BYTE** outputData) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_DaaJoin_TP(entry, daa_session, stage, inputSize0, inputData0, + inputSize1, inputData1, ownerAuth, outputSize, + outputData); + break; + default: + break; + } + + put_table_entry(entry); + + return result; + +} + +TSS_RESULT +RPC_DaaSign(TSS_HCONTEXT tspContext, /* in */ + TPM_HANDLE daa_session, /* in */ + BYTE stage, /* in */ + UINT32 inputSize0, /* in */ + BYTE* inputData0, /* in */ + UINT32 inputSize1, /* in */ + BYTE* inputData1, /* in */ + TPM_AUTH* ownerAuth, /* in, out */ + UINT32* outputSize, /* out */ + BYTE** outputData) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_DaaSign_TP(entry, daa_session, stage, inputSize0, inputData0, + inputSize1, inputData1, ownerAuth, outputSize, + outputData); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} +#endif + +#ifdef TSS_BUILD_COUNTER +TSS_RESULT +RPC_ReadCounter(TSS_HCONTEXT tspContext, /* in */ + TSS_COUNTER_ID idCounter, /* in */ + TPM_COUNTER_VALUE* counterValue) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_ReadCounter_TP(entry, idCounter, counterValue); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT +RPC_CreateCounter(TSS_HCONTEXT tspContext, /* in */ + UINT32 LabelSize, /* in (=4) */ + BYTE* pLabel, /* in */ + TPM_ENCAUTH CounterAuth, /* in */ + TPM_AUTH* pOwnerAuth, /* in, out */ + TSS_COUNTER_ID* idCounter, /* out */ + TPM_COUNTER_VALUE* counterValue) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_CreateCounter_TP(entry, LabelSize, pLabel, CounterAuth, + pOwnerAuth, idCounter, counterValue); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT +RPC_IncrementCounter(TSS_HCONTEXT tspContext, /* in */ + TSS_COUNTER_ID idCounter, /* in */ + TPM_AUTH* pCounterAuth, /* in, out */ + TPM_COUNTER_VALUE* counterValue) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_IncrementCounter_TP(entry, idCounter, pCounterAuth, + counterValue); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT +RPC_ReleaseCounter(TSS_HCONTEXT tspContext, /* in */ + TSS_COUNTER_ID idCounter, /* in */ + TPM_AUTH* pCounterAuth) /* in, out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_ReleaseCounter_TP(entry, idCounter, pCounterAuth); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT +RPC_ReleaseCounterOwner(TSS_HCONTEXT tspContext, /* in */ + TSS_COUNTER_ID idCounter, /* in */ + TPM_AUTH* pOwnerAuth) /* in, out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_ReleaseCounterOwner_TP(entry, idCounter, pOwnerAuth); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} +#endif + +#ifdef TSS_BUILD_TICK +TSS_RESULT +RPC_ReadCurrentTicks(TSS_HCONTEXT tspContext, /* in */ + UINT32* pulCurrentTime, /* out */ + BYTE** prgbCurrentTime) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_ReadCurrentTicks_TP(entry, pulCurrentTime, prgbCurrentTime); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT +RPC_TickStampBlob(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE hKey, /* in */ + TPM_NONCE* antiReplay, /* in */ + TPM_DIGEST* digestToStamp, /* in */ + TPM_AUTH* privAuth, /* in, out */ + UINT32* pulSignatureLength, /* out */ + BYTE** prgbSignature, /* out */ + UINT32* pulTickCountLength, /* out */ + BYTE** prgbTickCount) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_TickStampBlob_TP(entry, hKey, antiReplay, digestToStamp, + privAuth, pulSignatureLength, + prgbSignature, pulTickCountLength, + prgbTickCount); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} +#endif + +#ifdef TSS_BUILD_TRANSPORT +TSS_RESULT +RPC_EstablishTransport(TSS_HCONTEXT tspContext, + UINT32 ulTransControlFlags, + TCS_KEY_HANDLE hEncKey, + UINT32 ulTransSessionInfoSize, + BYTE* rgbTransSessionInfo, + UINT32 ulSecretSize, + BYTE* rgbSecret, + TPM_AUTH* pEncKeyAuth, /* in, out */ + TPM_MODIFIER_INDICATOR* pbLocality, + TCS_HANDLE* hTransSession, + UINT32* ulCurrentTicksSize, + BYTE** prgbCurrentTicks, + TPM_NONCE* pTransNonce) +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_EstablishTransport_TP(entry, ulTransControlFlags, hEncKey, + ulTransSessionInfoSize, + rgbTransSessionInfo, ulSecretSize, + rgbSecret, pEncKeyAuth, pbLocality, + hTransSession, ulCurrentTicksSize, + prgbCurrentTicks, pTransNonce); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + + +TSS_RESULT +RPC_ExecuteTransport(TSS_HCONTEXT tspContext, + TPM_COMMAND_CODE unWrappedCommandOrdinal, + UINT32 ulWrappedCmdParamInSize, + BYTE* rgbWrappedCmdParamIn, + UINT32* pulHandleListSize, /* in, out */ + TCS_HANDLE** rghHandles, /* in, out */ + TPM_AUTH* pWrappedCmdAuth1, /* in, out */ + TPM_AUTH* pWrappedCmdAuth2, /* in, out */ + TPM_AUTH* pTransAuth, /* in, out */ + UINT64* punCurrentTicks, + TPM_MODIFIER_INDICATOR* pbLocality, + TPM_RESULT* pulWrappedCmdReturnCode, + UINT32* ulWrappedCmdParamOutSize, + BYTE** rgbWrappedCmdParamOut) +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_ExecuteTransport_TP(entry, unWrappedCommandOrdinal, + ulWrappedCmdParamInSize, + rgbWrappedCmdParamIn, pulHandleListSize, + rghHandles, pWrappedCmdAuth1, + pWrappedCmdAuth2, pTransAuth, + punCurrentTicks, pbLocality, + pulWrappedCmdReturnCode, + ulWrappedCmdParamOutSize, + rgbWrappedCmdParamOut); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT +RPC_ReleaseTransportSigned(TSS_HCONTEXT tspContext, + TCS_KEY_HANDLE hSignatureKey, + TPM_NONCE* AntiReplayNonce, + TPM_AUTH* pKeyAuth, /* in, out */ + TPM_AUTH* pTransAuth, /* in, out */ + TPM_MODIFIER_INDICATOR* pbLocality, + UINT32* pulCurrentTicksSize, + BYTE** prgbCurrentTicks, + UINT32* pulSignatureSize, + BYTE** prgbSignature) +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(tspContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_ReleaseTransportSigned_TP(entry, hSignatureKey, + AntiReplayNonce, pKeyAuth, + pTransAuth, pbLocality, + pulCurrentTicksSize, + prgbCurrentTicks, pulSignatureSize, + prgbSignature); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} +#endif + +#ifdef TSS_BUILD_NV +TSS_RESULT +RPC_NV_DefineOrReleaseSpace(TSS_HCONTEXT hContext, /* in */ + UINT32 cPubInfoSize, /* in */ + BYTE* pPubInfo, /* in */ + TCPA_ENCAUTH encAuth, /* in */ + TPM_AUTH* pAuth) /* in, out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(hContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_NV_DefineOrReleaseSpace_TP(entry, cPubInfoSize, pPubInfo, + encAuth, pAuth); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT +RPC_NV_WriteValue(TSS_HCONTEXT hContext, /* in */ + TSS_NV_INDEX hNVStore, /* in */ + UINT32 offset, /* in */ + UINT32 ulDataLength, /* in */ + BYTE* rgbDataToWrite, /* in */ + TPM_AUTH* privAuth) /* in, out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(hContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_NV_WriteValue_TP(entry, hNVStore, offset, ulDataLength, + rgbDataToWrite, privAuth); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + + +TSS_RESULT +RPC_NV_WriteValueAuth(TSS_HCONTEXT hContext, /* in */ + TSS_NV_INDEX hNVStore, /* in */ + UINT32 offset, /* in */ + UINT32 ulDataLength, /* in */ + BYTE* rgbDataToWrite, /* in */ + TPM_AUTH* NVAuth) /* in, out */ +{ + + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(hContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_NV_WriteValueAuth_TP(entry, hNVStore, offset, ulDataLength, + rgbDataToWrite, NVAuth); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + + +TSS_RESULT +RPC_NV_ReadValue(TSS_HCONTEXT hContext, /* in */ + TSS_NV_INDEX hNVStore, /* in */ + UINT32 offset, /* in */ + UINT32* pulDataLength, /* in, out */ + TPM_AUTH* privAuth, /* in, out */ + BYTE** rgbDataRead) /* out */ +{ + + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(hContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_NV_ReadValue_TP(entry, hNVStore, offset, pulDataLength, + privAuth, rgbDataRead); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT +RPC_NV_ReadValueAuth(TSS_HCONTEXT hContext, /* in */ + TSS_NV_INDEX hNVStore, /* in */ + UINT32 offset, /* in */ + UINT32* pulDataLength, /* in, out */ + TPM_AUTH* NVAuth, /* in, out */ + BYTE** rgbDataRead) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(hContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_NV_ReadValueAuth_TP(entry, hNVStore, offset, pulDataLength, + NVAuth, rgbDataRead); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} +#endif + +#ifdef TSS_BUILD_AUDIT +TSS_RESULT +RPC_SetOrdinalAuditStatus(TSS_HCONTEXT hContext, /* in */ + TPM_AUTH *ownerAuth, /* in/out */ + UINT32 ulOrdinal, /* in */ + TSS_BOOL bAuditState) /* in */ +{ + TSS_RESULT result = TSS_SUCCESS; + struct host_table_entry *entry = get_table_entry(hContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_SetOrdinalAuditStatus_TP(entry, ownerAuth, ulOrdinal, + bAuditState); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT +RPC_GetAuditDigest(TSS_HCONTEXT hContext, /* in */ + UINT32 startOrdinal, /* in */ + TPM_DIGEST *auditDigest, /* out */ + UINT32 *counterValueSize, /* out */ + BYTE **counterValue, /* out */ + TSS_BOOL *more, /* out */ + UINT32 *ordSize, /* out */ + UINT32 **ordList) /* out */ +{ + TSS_RESULT result = TSS_SUCCESS; + struct host_table_entry *entry = get_table_entry(hContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_GetAuditDigest_TP(entry, startOrdinal, auditDigest, + counterValueSize, counterValue, more, + ordSize, ordList); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT +RPC_GetAuditDigestSigned(TSS_HCONTEXT hContext, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + TSS_BOOL closeAudit, /* in */ + TPM_NONCE *antiReplay, /* in */ + TPM_AUTH *privAuth, /* in/out */ + UINT32 *counterValueSize, /* out */ + BYTE **counterValue, /* out */ + TPM_DIGEST *auditDigest, /* out */ + TPM_DIGEST *ordinalDigest, /* out */ + UINT32 *sigSize, /* out */ + BYTE **sig) /* out */ +{ + TSS_RESULT result = TSS_SUCCESS; + struct host_table_entry *entry = get_table_entry(hContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_GetAuditDigestSigned_TP(entry, keyHandle, closeAudit, + antiReplay, privAuth, + counterValueSize, counterValue, + auditDigest, ordinalDigest, + sigSize, sig); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} +#endif + +#ifdef TSS_BUILD_TSS12 +TSS_RESULT +RPC_SetOperatorAuth(TSS_HCONTEXT hContext, /* in */ + TCPA_SECRET *operatorAuth) /* in */ +{ + TSS_RESULT result = TSS_SUCCESS; + struct host_table_entry *entry = get_table_entry(hContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_SetOperatorAuth_TP(entry, operatorAuth); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT +RPC_OwnerReadInternalPub(TSS_HCONTEXT hContext, /* in */ + TCS_KEY_HANDLE hKey, /* in */ + TPM_AUTH* pOwnerAuth, /* in, out */ + UINT32* punPubKeySize, /* out */ + BYTE** ppbPubKeyData) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(hContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_OwnerReadInternalPub_TP(entry, hKey, pOwnerAuth, punPubKeySize, + ppbPubKeyData); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} +#endif + +#ifdef TSS_BUILD_DELEGATION +TSS_RESULT +RPC_Delegate_Manage(TSS_HCONTEXT hContext, /* in */ + TPM_FAMILY_ID familyID, /* in */ + TPM_FAMILY_OPERATION opFlag, /* in */ + UINT32 opDataSize, /* in */ + BYTE *opData, /* in */ + TPM_AUTH *ownerAuth, /* in, out */ + UINT32 *retDataSize, /* out */ + BYTE **retData) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(hContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_Delegate_Manage_TP(entry, familyID, opFlag, opDataSize, opData, + ownerAuth, retDataSize, retData); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT +RPC_Delegate_CreateKeyDelegation(TSS_HCONTEXT hContext, /* in */ + TCS_KEY_HANDLE hKey, /* in */ + UINT32 publicInfoSize, /* in */ + BYTE *publicInfo, /* in */ + TPM_ENCAUTH *encDelAuth, /* in */ + TPM_AUTH *keyAuth, /* in, out */ + UINT32 *blobSize, /* out */ + BYTE **blob) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(hContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_Delegate_CreateKeyDelegation_TP(entry, hKey, publicInfoSize, + publicInfo, encDelAuth, + keyAuth, blobSize, blob); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT +RPC_Delegate_CreateOwnerDelegation(TSS_HCONTEXT hContext, /* in */ + TSS_BOOL increment, /* in */ + UINT32 publicInfoSize, /* in */ + BYTE *publicInfo, /* in */ + TPM_ENCAUTH *encDelAuth, /* in */ + TPM_AUTH *ownerAuth, /* in, out */ + UINT32 *blobSize, /* out */ + BYTE **blob) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(hContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_Delegate_CreateOwnerDelegation_TP(entry, increment, + publicInfoSize, publicInfo, + encDelAuth, ownerAuth, + blobSize, blob); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT +RPC_Delegate_LoadOwnerDelegation(TSS_HCONTEXT hContext, /* in */ + TPM_DELEGATE_INDEX index, /* in */ + UINT32 blobSize, /* in */ + BYTE *blob, /* in */ + TPM_AUTH *ownerAuth) /* in, out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(hContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_Delegate_LoadOwnerDelegation_TP(entry, index, blobSize, blob, + ownerAuth); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT +RPC_Delegate_ReadTable(TSS_HCONTEXT hContext, /* in */ + UINT32 *familyTableSize, /* out */ + BYTE **familyTable, /* out */ + UINT32 *delegateTableSize, /* out */ + BYTE **delegateTable) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(hContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_Delegate_ReadTable_TP(entry, familyTableSize, familyTable, + delegateTableSize, delegateTable); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT +RPC_Delegate_UpdateVerificationCount(TSS_HCONTEXT hContext, /* in */ + UINT32 inputSize, /* in */ + BYTE *input, /* in */ + TPM_AUTH *ownerAuth, /* in, out */ + UINT32 *outputSize, /* out */ + BYTE **output) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(hContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_Delegate_UpdateVerificationCount_TP(entry, inputSize, input, + ownerAuth, outputSize, + output); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT +RPC_Delegate_VerifyDelegation(TSS_HCONTEXT hContext, /* in */ + UINT32 delegateSize, /* in */ + BYTE *delegate) /* in */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(hContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_Delegate_VerifyDelegation_TP(entry, delegateSize, delegate); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT +RPC_DSAP(TSS_HCONTEXT hContext, /* in */ + TPM_ENTITY_TYPE entityType, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + TPM_NONCE *nonceOddDSAP, /* in */ + UINT32 entityValueSize, /* in */ + BYTE * entityValue, /* in */ + TCS_AUTHHANDLE *authHandle, /* out */ + TPM_NONCE *nonceEven, /* out */ + TPM_NONCE *nonceEvenDSAP) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(hContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_DSAP_TP(entry, entityType, keyHandle, nonceOddDSAP, + entityValueSize, entityValue, authHandle, nonceEven, + nonceEvenDSAP); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +#endif + +#ifdef TSS_BUILD_CMK +TSS_RESULT +RPC_CMK_SetRestrictions(TSS_HCONTEXT hContext, /* in */ + TSS_CMK_DELEGATE restriction, /* in */ + TPM_AUTH *ownerAuth) /* in, out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(hContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_CMK_SetRestrictions_TP(entry, restriction, ownerAuth); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT +RPC_CMK_ApproveMA(TSS_HCONTEXT hContext, /* in */ + TPM_DIGEST migAuthorityDigest, /* in */ + TPM_AUTH *ownerAuth, /* in, out */ + TPM_HMAC *migAuthorityApproval) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(hContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_CMK_ApproveMA_TP(entry, migAuthorityDigest, ownerAuth, + migAuthorityApproval); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT +RPC_CMK_CreateKey(TSS_HCONTEXT hContext, /* in */ + TCS_KEY_HANDLE hWrappingKey, /* in */ + TPM_ENCAUTH *keyUsageAuth, /* in */ + TPM_HMAC *migAuthorityApproval, /* in */ + TPM_DIGEST *migAuthorityDigest, /* in */ + UINT32 *keyDataSize, /* in, out */ + BYTE **keyData, /* in, out */ + TPM_AUTH *pAuth) /* in, out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(hContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_CMK_CreateKey_TP(entry, hWrappingKey, keyUsageAuth, + migAuthorityApproval, migAuthorityDigest, keyDataSize, + keyData, pAuth); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT +RPC_CMK_CreateTicket(TSS_HCONTEXT hContext, /* in */ + UINT32 publicVerifyKeySize, /* in */ + BYTE *publicVerifyKey, /* in */ + TPM_DIGEST signedData, /* in */ + UINT32 sigValueSize, /* in */ + BYTE *sigValue, /* in */ + TPM_AUTH *ownerAuth, /* in, out */ + TPM_HMAC *sigTicket) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(hContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_CMK_CreateTicket_TP(entry, publicVerifyKeySize, + publicVerifyKey, signedData, sigValueSize, sigValue, + ownerAuth, sigTicket); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT +RPC_CMK_CreateBlob(TSS_HCONTEXT hContext, /* in */ + TCS_KEY_HANDLE hParentKey, /* in */ + TSS_MIGRATE_SCHEME migrationType, /* in */ + UINT32 migKeyAuthSize, /* in */ + BYTE *migKeyAuth, /* in */ + TPM_DIGEST pubSourceKeyDigest, /* in */ + UINT32 msaListSize, /* in */ + BYTE *msaList, /* in */ + UINT32 restrictTicketSize, /* in */ + BYTE *restrictTicket, /* in */ + UINT32 sigTicketSize, /* in */ + BYTE *sigTicket, /* in */ + UINT32 encDataSize, /* in */ + BYTE *encData, /* in */ + TPM_AUTH *pAuth, /* in, out */ + UINT32 *randomSize, /* out */ + BYTE **random, /* out */ + UINT32 *outDataSize, /* out */ + BYTE **outData) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(hContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_CMK_CreateBlob_TP(entry, hParentKey, migrationType, + migKeyAuthSize, migKeyAuth, pubSourceKeyDigest, + msaListSize, msaList, restrictTicketSize, restrictTicket, + sigTicketSize, sigTicket, encDataSize, encData, pAuth, + randomSize, random, outDataSize, outData); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT +RPC_CMK_ConvertMigration(TSS_HCONTEXT hContext, /* in */ + TCS_KEY_HANDLE hParentHandle, /* in */ + TPM_CMK_AUTH restrictTicket, /* in */ + TPM_HMAC sigTicket, /* in */ + UINT32 keyDataSize, /* in */ + BYTE *keyData, /* in */ + UINT32 msaListSize, /* in */ + BYTE *msaList, /* in */ + UINT32 randomSize, /* in */ + BYTE *random, /* in */ + TPM_AUTH *pAuth, /* in, out */ + UINT32 *outDataSize, /* out */ + BYTE **outData) /* out */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(hContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_CMK_ConvertMigration_TP(entry, hParentHandle, restrictTicket, + sigTicket, keyDataSize, keyData, msaListSize, msaList, + randomSize, random, pAuth, outDataSize, outData); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} +#endif + +#ifdef TSS_BUILD_TSS12 +TSS_RESULT +RPC_FlushSpecific(TSS_HCONTEXT hContext, /* in */ + TCS_HANDLE hResHandle, /* in */ + TPM_RESOURCE_TYPE resourceType) /* in */ +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(hContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_FlushSpecific_TP(entry, hResHandle, resourceType); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT +RPC_KeyControlOwner(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE hKey, /* in */ + UINT32 ulPublicInfoLength, /* in */ + BYTE* rgbPublicInfo, /* in */ + UINT32 attribName, /* in */ + TSS_BOOL attribValue, /* in */ + TPM_AUTH* pOwnerAuth, /* in, out */ + TSS_UUID* pUuidData) /* out */ + +{ + TSS_RESULT result = (TSS_E_INTERNAL_ERROR | TSS_LAYER_TSP); + struct host_table_entry *entry = get_table_entry(hContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = RPC_KeyControlOwner_TP(entry, hKey, + ulPublicInfoLength, + rgbPublicInfo, + attribName, + attribValue, + pOwnerAuth, + pUuidData); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} +#endif + diff --git a/src/tspi/rpc/tcstp/rpc.c b/src/tspi/rpc/tcstp/rpc.c new file mode 100644 index 0000000..da710f8 --- /dev/null +++ b/src/tspi/rpc/tcstp/rpc.c @@ -0,0 +1,514 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "hosttable.h" +#include "tcsd_wrap.h" +#include "obj.h" +#include "rpc_tcstp_tsp.h" + + +void +initData(struct tcsd_comm_data *comm, int parm_count) +{ + /* min packet size should be the size of the header */ + memset(&comm->hdr, 0, sizeof(struct tcsd_packet_hdr)); + comm->hdr.packet_size = sizeof(struct tcsd_packet_hdr); + if (parm_count > 0) { + comm->hdr.type_offset = sizeof(struct tcsd_packet_hdr); + comm->hdr.parm_offset = comm->hdr.type_offset + + (sizeof(TCSD_PACKET_TYPE) * parm_count); + comm->hdr.packet_size = comm->hdr.parm_offset; + } + + memset(comm->buf, 0, comm->buf_size); +} + +int +loadData(UINT64 *offset, TCSD_PACKET_TYPE data_type, void *data, int data_size, BYTE *blob) +{ + switch (data_type) { + case TCSD_PACKET_TYPE_BYTE: + Trspi_LoadBlob_BYTE(offset, *((BYTE *) (data)), blob); + break; + case TCSD_PACKET_TYPE_BOOL: + Trspi_LoadBlob_BOOL(offset, *((TSS_BOOL *) (data)), blob); + break; + case TCSD_PACKET_TYPE_UINT16: + Trspi_LoadBlob_UINT16(offset, *((UINT16 *) (data)), blob); + break; + case TCSD_PACKET_TYPE_UINT32: + Trspi_LoadBlob_UINT32(offset, *((UINT32 *) (data)), blob); + break; + case TCSD_PACKET_TYPE_PBYTE: + Trspi_LoadBlob(offset, data_size, blob, (BYTE *)data); + break; + case TCSD_PACKET_TYPE_NONCE: + Trspi_LoadBlob(offset, 20, blob, ((TCPA_NONCE *)data)->nonce); + break; + case TCSD_PACKET_TYPE_DIGEST: + Trspi_LoadBlob(offset, 20, blob, ((TCPA_DIGEST *)data)->digest); + break; + case TCSD_PACKET_TYPE_AUTH: + LoadBlob_AUTH(offset, blob, ((TPM_AUTH *)data)); + break; + case TCSD_PACKET_TYPE_UUID: + Trspi_LoadBlob_UUID(offset, blob, *((TSS_UUID *)data)); + break; + case TCSD_PACKET_TYPE_ENCAUTH: + Trspi_LoadBlob(offset, 20, blob, ((TCPA_ENCAUTH *)data)->authdata); + break; + case TCSD_PACKET_TYPE_VERSION: + Trspi_LoadBlob_TCPA_VERSION(offset, blob, *((TCPA_VERSION *)data)); + break; +#ifdef TSS_BUILD_PS + case TCSD_PACKET_TYPE_LOADKEY_INFO: + LoadBlob_LOADKEY_INFO(offset, blob, ((TCS_LOADKEY_INFO *)data)); + break; +#endif + case TCSD_PACKET_TYPE_PCR_EVENT: + Trspi_LoadBlob_PCR_EVENT(offset, blob, ((TSS_PCR_EVENT *)data)); + break; + case TCSD_PACKET_TYPE_COUNTER_VALUE: + Trspi_LoadBlob_COUNTER_VALUE(offset, blob, ((TPM_COUNTER_VALUE *)data)); + break; + case TCSD_PACKET_TYPE_SECRET: + Trspi_LoadBlob(offset, 20, blob, ((TCPA_SECRET *)data)->authdata); + break; + default: + LogError("TCSD packet type unknown! (0x%x)", data_type & 0xff); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + return TSS_SUCCESS; +} + +int +setData(TCSD_PACKET_TYPE dataType, + int index, + void *theData, + int theDataSize, + struct tcsd_comm_data *comm) +{ + UINT64 old_offset, offset; + TSS_RESULT result; + TCSD_PACKET_TYPE *type; + + /* Calculate the size of the area needed (use NULL for blob address) */ + offset = 0; + if ((result = loadData(&offset, dataType, theData, theDataSize, NULL))) + return result; + if ((comm->hdr.packet_size + offset) > TSS_TPM_TXBLOB_SIZE) { + LogError("Too much data to be transmitted!"); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + if ((comm->hdr.packet_size + offset) > comm->buf_size) { + /* reallocate the buffer */ + BYTE *buffer; + int buffer_size = comm->hdr.packet_size + offset; + + LogDebug("Increasing communication buffer to %d bytes.", buffer_size); + buffer = realloc(comm->buf, buffer_size); + if (buffer == NULL) { + LogError("realloc of %d bytes failed.", buffer_size); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + comm->buf_size = buffer_size; + comm->buf = buffer; + } + + offset = old_offset = comm->hdr.parm_offset + comm->hdr.parm_size; + if ((result = loadData(&offset, dataType, theData, theDataSize, comm->buf))) + return result; + type = (TCSD_PACKET_TYPE *)(comm->buf + comm->hdr.type_offset) + index; + *type = dataType; + comm->hdr.type_size += sizeof(TCSD_PACKET_TYPE); + comm->hdr.parm_size += (offset - old_offset); + + comm->hdr.packet_size = offset; + comm->hdr.num_parms++; + + return TSS_SUCCESS; +} + +UINT32 +getData(TCSD_PACKET_TYPE dataType, + int index, + void *theData, + int theDataSize, + struct tcsd_comm_data *comm) +{ + TSS_RESULT result; + UINT64 old_offset, offset; + TCSD_PACKET_TYPE *type = (TCSD_PACKET_TYPE *)(comm->buf + comm->hdr.type_offset) + index; + + if ((UINT32)index >= comm->hdr.num_parms || dataType != *type) { + LogDebug("Data type of TCS packet element %d doesn't match.", index); + return TSS_TCP_RPC_BAD_PACKET_TYPE; + } + old_offset = offset = comm->hdr.parm_offset; + switch (dataType) { + case TCSD_PACKET_TYPE_BYTE: + Trspi_UnloadBlob_BYTE(&offset, (BYTE *)theData, comm->buf); + break; + case TCSD_PACKET_TYPE_BOOL: + Trspi_UnloadBlob_BOOL(&offset, (TSS_BOOL *)theData, comm->buf); + break; + case TCSD_PACKET_TYPE_UINT16: + Trspi_UnloadBlob_UINT16(&offset, (UINT16 *)theData, comm->buf); + break; + case TCSD_PACKET_TYPE_UINT32: + Trspi_UnloadBlob_UINT32(&offset, (UINT32 *)theData, comm->buf); + break; + case TCSD_PACKET_TYPE_UINT64: + Trspi_UnloadBlob_UINT64(&offset, (UINT64 *)theData, comm->buf); + break; + case TCSD_PACKET_TYPE_PBYTE: + Trspi_UnloadBlob(&offset, theDataSize, comm->buf, (BYTE *)theData); + break; + case TCSD_PACKET_TYPE_NONCE: + Trspi_UnloadBlob_NONCE(&offset, comm->buf, (TPM_NONCE *)theData); + break; + case TCSD_PACKET_TYPE_DIGEST: + Trspi_UnloadBlob(&offset, sizeof(TCPA_DIGEST), comm->buf, + ((TCPA_DIGEST *)theData)->digest); + break; + case TCSD_PACKET_TYPE_AUTH: + UnloadBlob_AUTH(&offset, comm->buf, ((TPM_AUTH *)theData)); + break; + case TCSD_PACKET_TYPE_UUID: + Trspi_UnloadBlob_UUID(&offset, comm->buf, ((TSS_UUID *)theData)); + break; + case TCSD_PACKET_TYPE_ENCAUTH: + Trspi_UnloadBlob(&offset, sizeof(TCPA_ENCAUTH), comm->buf, + ((TCPA_ENCAUTH *)theData)->authdata); + break; + case TCSD_PACKET_TYPE_VERSION: + Trspi_UnloadBlob_TCPA_VERSION(&offset, comm->buf, + ((TCPA_VERSION *)theData)); + break; + case TCSD_PACKET_TYPE_KM_KEYINFO: + if ((result = Trspi_UnloadBlob_KM_KEYINFO(&offset, comm->buf, + ((TSS_KM_KEYINFO *)theData)))) + return result; + break; + case TCSD_PACKET_TYPE_KM_KEYINFO2: + if ((result = Trspi_UnloadBlob_KM_KEYINFO2(&offset, comm->buf, + ((TSS_KM_KEYINFO2 *)theData)))) + return result; + break; +#ifdef TSS_BUILD_PS + case TCSD_PACKET_TYPE_LOADKEY_INFO: + UnloadBlob_LOADKEY_INFO(&offset, comm->buf, ((TCS_LOADKEY_INFO *)theData)); + break; +#endif + case TCSD_PACKET_TYPE_PCR_EVENT: + if ((result = Trspi_UnloadBlob_PCR_EVENT(&offset, comm->buf, + ((TSS_PCR_EVENT *)theData)))) + return result; + break; + case TCSD_PACKET_TYPE_COUNTER_VALUE: + Trspi_UnloadBlob_COUNTER_VALUE(&offset, comm->buf, + ((TPM_COUNTER_VALUE *)theData)); + break; + case TCSD_PACKET_TYPE_SECRET: + Trspi_UnloadBlob(&offset, sizeof(TCPA_SECRET), comm->buf, + ((TCPA_SECRET *)theData)->authdata); + break; + default: + LogError("unknown data type (%d) in TCSD packet!", dataType); + return -1; + } + comm->hdr.parm_offset = offset; + comm->hdr.parm_size -= (offset - old_offset); + + return TSS_SUCCESS; +} + +TSS_RESULT +sendTCSDPacket(struct host_table_entry *hte) +{ + TSS_RESULT rc; + UINT64 offset = 0; + + Trspi_LoadBlob_UINT32(&offset, hte->comm.hdr.packet_size, hte->comm.buf); + Trspi_LoadBlob_UINT32(&offset, hte->comm.hdr.u.ordinal, hte->comm.buf); + Trspi_LoadBlob_UINT32(&offset, hte->comm.hdr.num_parms, hte->comm.buf); + Trspi_LoadBlob_UINT32(&offset, hte->comm.hdr.type_size, hte->comm.buf); + Trspi_LoadBlob_UINT32(&offset, hte->comm.hdr.type_offset, hte->comm.buf); + Trspi_LoadBlob_UINT32(&offset, hte->comm.hdr.parm_size, hte->comm.buf); + Trspi_LoadBlob_UINT32(&offset, hte->comm.hdr.parm_offset, hte->comm.buf); + +#if 0 + /* --- Send it */ + printBuffer(hte->comm.buf, hte->comm.hdr.packet_size); + LogInfo("Sending Packet with TCSD ordinal 0x%X", hte->comm.hdr.u.ordinal); +#endif + /* if the ordinal is open context, there are some host table entry + * manipulations that must be done, so call _init + */ + if (hte->comm.hdr.u.ordinal == TCSD_ORD_OPENCONTEXT) { + if ((rc = send_init(hte))) { + LogError("Failed to send packet"); + return rc; + } + } else { + if ((rc = tcs_sendit(hte))) { + LogError("Failed to send packet"); + return rc; + } + } + + /* create a platform version of the tcsd header */ + offset = 0; + Trspi_UnloadBlob_UINT32(&offset, &hte->comm.hdr.packet_size, hte->comm.buf); + Trspi_UnloadBlob_UINT32(&offset, &hte->comm.hdr.u.result, hte->comm.buf); + Trspi_UnloadBlob_UINT32(&offset, &hte->comm.hdr.num_parms, hte->comm.buf); + Trspi_UnloadBlob_UINT32(&offset, &hte->comm.hdr.type_size, hte->comm.buf); + Trspi_UnloadBlob_UINT32(&offset, &hte->comm.hdr.type_offset, hte->comm.buf); + Trspi_UnloadBlob_UINT32(&offset, &hte->comm.hdr.parm_size, hte->comm.buf); + Trspi_UnloadBlob_UINT32(&offset, &hte->comm.hdr.parm_offset, hte->comm.buf); + + return TSS_SUCCESS; +} + +int +recv_from_socket(int sock, void *buffer, int size) +{ + int recv_size = 0, recv_total = 0; + + while (recv_total < size) { + errno = 0; + if ((recv_size = recv(sock, buffer+recv_total, size-recv_total, 0)) <= 0) { + if (recv_size < 0) { + if (errno == EINTR) + continue; + LogError("Socket receive connection error: %s.", strerror(errno)); + } else { + LogDebug("Socket connection closed."); + } + + return -1; + } + recv_total += recv_size; + } + + return recv_total; +} + +int +send_to_socket(int sock, void *buffer, int size) +{ + int send_size = 0, send_total = 0; + + while (send_total < size) { + if ((send_size = send(sock, buffer+send_total, size-send_total, 0)) < 0) { + LogError("Socket send connection error: %s.", strerror(errno)); + return -1; + } + send_total += send_size; + } + + return send_total; +} + +TSS_RESULT +send_init(struct host_table_entry *hte) +{ + int sd; + int recv_size; + BYTE *buffer; + TSS_RESULT result; + + struct sockaddr_in addr; + struct hostent *hEnt = NULL; + + sd = socket(PF_INET, SOCK_STREAM, 0); + if (sd == -1) { + LogError("socket: %s", strerror(errno)); + result = TSPERR(TSS_E_COMM_FAILURE); + goto err_exit; + } + + memset(&addr, 0, sizeof(addr)); + addr.sin_family = AF_INET; + addr.sin_port = htons(get_port()); + + LogDebug("Sending TSP packet to host %s.", hte->hostname); + + /* try to resolve by hostname first */ + hEnt = gethostbyname((char *)hte->hostname); + if (hEnt == NULL) { + /* if by hostname fails, try by dot notation */ + if (inet_aton((char *)hte->hostname, &addr.sin_addr) == 0) { + LogError("hostname %s does not resolve to a valid address.", hte->hostname); + result = TSPERR(TSS_E_CONNECTION_FAILED); + goto err_exit; + } + } else { + memcpy(&addr.sin_addr, hEnt->h_addr_list[0], 4); + } + + LogDebug("Connecting to %s", inet_ntoa(addr.sin_addr)); + + if (connect(sd, (struct sockaddr *) &addr, sizeof (addr))) { + LogError("connect: %s", strerror(errno)); + result = TSPERR(TSS_E_COMM_FAILURE); + goto err_exit; + } + + if (send_to_socket(sd, hte->comm.buf, hte->comm.hdr.packet_size) < 0) { + result = TSPERR(TSS_E_COMM_FAILURE); + goto err_exit; + } + + buffer = hte->comm.buf; + recv_size = sizeof(struct tcsd_packet_hdr); + if (recv_from_socket(sd, buffer, recv_size) < 0) { + result = TSPERR(TSS_E_COMM_FAILURE); + goto err_exit; + } + buffer += sizeof(struct tcsd_packet_hdr); /* increment the receive buffer pointer */ + + /* check the packet size */ + recv_size = Decode_UINT32(hte->comm.buf); + if (recv_size < (int)sizeof(struct tcsd_packet_hdr)) { + LogError("Packet to receive from socket %d is too small (%d bytes)", + sd, recv_size); + result = TSPERR(TSS_E_COMM_FAILURE); + goto err_exit; + } + + if (recv_size > (int) hte->comm.buf_size ) { + BYTE *new_buffer; + + LogDebug("Increasing communication buffer to %d bytes.", recv_size); + new_buffer = realloc(hte->comm.buf, recv_size); + if (new_buffer == NULL) { + LogError("realloc of %d bytes failed.", recv_size); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto err_exit; + } + buffer = new_buffer + sizeof(struct tcsd_packet_hdr); + hte->comm.buf_size = recv_size; + hte->comm.buf = new_buffer; + } + + /* get the rest of the packet */ + recv_size -= sizeof(struct tcsd_packet_hdr); /* already received the header */ + if (recv_from_socket(sd, buffer, recv_size) < 0) { + result = TSPERR(TSS_E_COMM_FAILURE); + goto err_exit; + } + + hte->socket = sd; + + return TSS_SUCCESS; + +err_exit: + close(sd); + return result; +} + +TSS_RESULT +tcs_sendit(struct host_table_entry *hte) +{ + int recv_size; + BYTE *buffer; + TSS_RESULT result; + + if (send_to_socket(hte->socket, hte->comm.buf, hte->comm.hdr.packet_size) < 0) { + result = TSPERR(TSS_E_COMM_FAILURE); + goto err_exit; + } + + buffer = hte->comm.buf; + recv_size = sizeof(struct tcsd_packet_hdr); + if ((recv_size = recv_from_socket(hte->socket, buffer, recv_size)) < 0) { + result = TSPERR(TSS_E_COMM_FAILURE); + goto err_exit; + } + buffer += recv_size; /* increment the receive buffer pointer */ + + /* check the packet size */ + recv_size = Decode_UINT32(hte->comm.buf); + if (recv_size < (int)sizeof(struct tcsd_packet_hdr)) { + LogError("Packet to receive from socket %d is too small (%d bytes)", + hte->socket, recv_size); + result = TSPERR(TSS_E_COMM_FAILURE); + goto err_exit; + } + + if (recv_size > (int) hte->comm.buf_size ) { + BYTE *new_buffer; + + LogDebug("Increasing communication buffer to %d bytes.", recv_size); + new_buffer = realloc(hte->comm.buf, recv_size); + if (new_buffer == NULL) { + LogError("realloc of %d bytes failed.", recv_size); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto err_exit; + } + buffer = new_buffer + sizeof(struct tcsd_packet_hdr); + hte->comm.buf_size = recv_size; + hte->comm.buf = new_buffer; + } + + /* get the rest of the packet */ + recv_size -= sizeof(struct tcsd_packet_hdr); /* already received the header */ + if ((recv_size = recv_from_socket(hte->socket, buffer, recv_size)) < 0) { + result = TSPERR(TSS_E_COMM_FAILURE); + goto err_exit; + } + + return TSS_SUCCESS; + +err_exit: + return result; +} + +/* XXX this should be moved out of an RPC-specific file */ +short +get_port(void) +{ + char *env_port; + int port = 0; + + env_port = getenv("TSS_TCSD_PORT"); + + if (env_port == NULL) + return TCSD_DEFAULT_PORT; + + port = atoi(env_port); + + if (port == 0 || port > 65535) + return TCSD_DEFAULT_PORT; + + return (short)port; +} + diff --git a/src/tspi/rpc/tcstp/rpc_admin.c b/src/tspi/rpc/tcstp/rpc_admin.c new file mode 100644 index 0000000..e29726e --- /dev/null +++ b/src/tspi/rpc/tcstp/rpc_admin.c @@ -0,0 +1,373 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "hosttable.h" +#include "tcsd_wrap.h" +#include "obj.h" +#include "rpc_tcstp_tsp.h" + + +TSS_RESULT +RPC_SetOwnerInstall_TP(struct host_table_entry *hte, + TSS_BOOL state) /* in */ +{ + TSS_RESULT result; + + initData(&hte->comm, 2); + hte->comm.hdr.u.ordinal = TCSD_ORD_SETOWNERINSTALL; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_BOOL, 1, &state, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + return result; +} + +TSS_RESULT +RPC_DisableOwnerClear_TP(struct host_table_entry *hte, + TPM_AUTH * ownerAuth) /* in, out */ +{ + TSS_RESULT result; + + initData(&hte->comm, 2); + hte->comm.hdr.u.ordinal = TCSD_ORD_DISABLEOWNERCLEAR; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + if (setData(TCSD_PACKET_TYPE_AUTH, 1, ownerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS ){ + if (getData(TCSD_PACKET_TYPE_AUTH, 0, ownerAuth, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + + return result; +} + +TSS_RESULT +RPC_ForceClear_TP(struct host_table_entry *hte) +{ + TSS_RESULT result; + + initData(&hte->comm, 1); + hte->comm.hdr.u.ordinal = TCSD_ORD_FORCECLEAR; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + return result; +} + +TSS_RESULT +RPC_DisableForceClear_TP(struct host_table_entry *hte) +{ + TSS_RESULT result; + + initData(&hte->comm, 1); + hte->comm.hdr.u.ordinal = TCSD_ORD_DISABLEFORCECLEAR; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + return result; +} + +TSS_RESULT +RPC_PhysicalDisable_TP(struct host_table_entry *hte) +{ + TSS_RESULT result; + + initData(&hte->comm, 1); + hte->comm.hdr.u.ordinal = TCSD_ORD_PHYSICALDISABLE; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + return result; +} + +TSS_RESULT +RPC_PhysicalEnable_TP(struct host_table_entry *hte) +{ + TSS_RESULT result; + + initData(&hte->comm, 1); + hte->comm.hdr.u.ordinal = TCSD_ORD_PHYSICALENABLE; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + return result; +} + +TSS_RESULT +RPC_OwnerSetDisable_TP(struct host_table_entry *hte, + TSS_BOOL disableState, /* in */ + TPM_AUTH * ownerAuth) /* in, out */ +{ + TSS_RESULT result; + + initData(&hte->comm, 3); + hte->comm.hdr.u.ordinal = TCSD_ORD_OWNERSETDISABLE; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_BOOL, 1, &disableState, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_AUTH, 2, ownerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_AUTH, 0, ownerAuth, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + + return result; +} + +TSS_RESULT +RPC_PhysicalSetDeactivated_TP(struct host_table_entry *hte, + TSS_BOOL state) /* in */ +{ + TSS_RESULT result; + + initData(&hte->comm, 2); + hte->comm.hdr.u.ordinal = TCSD_ORD_PHYSICALSETDEACTIVATED; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_BOOL, 1, &state, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + return result; +} + +TSS_RESULT +RPC_PhysicalPresence_TP(struct host_table_entry *hte, + TCPA_PHYSICAL_PRESENCE fPhysicalPresence) /* in */ +{ + TSS_RESULT result; + + initData(&hte->comm, 2); + hte->comm.hdr.u.ordinal = TCSD_ORD_PHYSICALPRESENCE; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT16, 1, &fPhysicalPresence, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + return result; +} + +TSS_RESULT +RPC_SetTempDeactivated_TP(struct host_table_entry *hte) +{ + TSS_RESULT result; + + initData(&hte->comm, 1); + hte->comm.hdr.u.ordinal = TCSD_ORD_SETTEMPDEACTIVATED; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + return result; +} + +#ifdef TSS_BUILD_TSS12 +TSS_RESULT +RPC_SetTempDeactivated2_TP(struct host_table_entry *hte, + TPM_AUTH *operatorAuth) /* in/out */ +{ + TSS_RESULT result; + + initData(&hte->comm, 2); + hte->comm.hdr.u.ordinal = TCSD_ORD_SETTEMPDEACTIVATED2; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (operatorAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 1, operatorAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } else { + TPM_AUTH nullAuth; + + memset(&nullAuth, 0, sizeof(TPM_AUTH)); + if (setData(TCSD_PACKET_TYPE_AUTH, 1, &nullAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (operatorAuth) { + if (getData(TCSD_PACKET_TYPE_AUTH, 0, operatorAuth, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + } + + return result; +} +#endif + +TSS_RESULT +RPC_FieldUpgrade_TP(struct host_table_entry *hte, + UINT32 dataInSize, /* in */ + BYTE * dataIn, /* in */ + UINT32 * dataOutSize, /* out */ + BYTE ** dataOut, /* out */ + TPM_AUTH * ownerAuth) /* in, out */ +{ + return TSPERR(TSS_E_NOTIMPL); +} + +TSS_RESULT +RPC_SetRedirection_TP(struct host_table_entry *hte, + TCS_KEY_HANDLE keyHandle, /* in */ + UINT32 c1, /* in */ + UINT32 c2, /* in */ + TPM_AUTH * privAuth) /* in, out */ +{ + return TSPERR(TSS_E_NOTIMPL); + +} + +#ifdef TSS_BUILD_TSS12 +TSS_RESULT +RPC_ResetLockValue_TP(struct host_table_entry *hte, + TPM_AUTH * ownerAuth) /* in, out */ +{ + TSS_RESULT result; + + initData(&hte->comm, 2); + hte->comm.hdr.u.ordinal = TCSD_ORD_RESETLOCKVALUE; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_AUTH, 1, ownerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_AUTH, 0, ownerAuth, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + + return result; +} + +TSS_RESULT +RPC_FlushSpecific_TP(struct host_table_entry *hte, + TCS_HANDLE hResHandle, /* in */ + TPM_RESOURCE_TYPE resourceType) /* in */ +{ + TSS_RESULT result; + + initData(&hte->comm, 3); + hte->comm.hdr.u.ordinal = TCSD_ORD_FLUSHSPECIFIC; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &hResHandle, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 2, &resourceType, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + return result; +} +#endif diff --git a/src/tspi/rpc/tcstp/rpc_aik.c b/src/tspi/rpc/tcstp/rpc_aik.c new file mode 100644 index 0000000..cd40845 --- /dev/null +++ b/src/tspi/rpc/tcstp/rpc_aik.c @@ -0,0 +1,336 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "hosttable.h" +#include "tcsd_wrap.h" +#include "obj.h" +#include "rpc_tcstp_tsp.h" + + +TSS_RESULT +RPC_MakeIdentity_TP(struct host_table_entry *hte, + TCPA_ENCAUTH identityAuth, /* in */ + TCPA_CHOSENID_HASH IDLabel_PrivCAHash, /* in */ + UINT32 idKeyInfoSize, /* in */ + BYTE * idKeyInfo, /* in */ + TPM_AUTH * pSrkAuth, /* in, out */ + TPM_AUTH * pOwnerAuth, /* in, out */ + UINT32 * idKeySize, /* out */ + BYTE ** idKey, /* out */ + UINT32 * pcIdentityBindingSize, /* out */ + BYTE ** prgbIdentityBinding, /* out */ + UINT32 * pcEndorsementCredentialSize, /* out */ + BYTE ** prgbEndorsementCredential, /* out */ + UINT32 * pcPlatformCredentialSize, /* out */ + BYTE ** prgbPlatformCredential, /* out */ + UINT32 * pcConformanceCredentialSize, /* out */ + BYTE ** prgbConformanceCredential) /* out */ +{ + TSS_RESULT result; + int i; + + initData(&hte->comm, 7); + hte->comm.hdr.u.ordinal = TCSD_ORD_MAKEIDENTITY; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_ENCAUTH, 1, &identityAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_DIGEST, 2, &IDLabel_PrivCAHash, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 3, &idKeyInfoSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 4, idKeyInfo, idKeyInfoSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + i = 5; + if (pSrkAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, i++, pSrkAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_AUTH, i++, pOwnerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + i = 0; + if (result == TSS_SUCCESS) { + i = 0; + if (pSrkAuth) { + if (getData(TCSD_PACKET_TYPE_AUTH, i++, pSrkAuth, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + if (getData(TCSD_PACKET_TYPE_AUTH, i++, pOwnerAuth, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + if (getData(TCSD_PACKET_TYPE_UINT32, i++, idKeySize, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *idKey = (BYTE *) malloc(*idKeySize); + if (*idKey == NULL) { + LogError("malloc of %u bytes failed.", *idKeySize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *idKey, *idKeySize, &hte->comm)) { + free(*idKey); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + if (getData(TCSD_PACKET_TYPE_UINT32, i++, pcIdentityBindingSize, 0, &hte->comm)) { + free(*idKey); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *prgbIdentityBinding = (BYTE *) malloc(*pcIdentityBindingSize); + if (*prgbIdentityBinding == NULL) { + LogError("malloc of %u bytes failed.", *pcIdentityBindingSize); + free(*idKey); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *prgbIdentityBinding, *pcIdentityBindingSize, &hte->comm)) { + free(*idKey); + free(*prgbIdentityBinding); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + if (getData(TCSD_PACKET_TYPE_UINT32, i++, pcEndorsementCredentialSize, 0, &hte->comm)) { + free(*idKey); + free(*prgbIdentityBinding); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *prgbEndorsementCredential = (BYTE *) malloc(*pcEndorsementCredentialSize); + if (*prgbEndorsementCredential == NULL) { + LogError("malloc of %u bytes failed.", *pcEndorsementCredentialSize); + free(*idKey); + free(*prgbIdentityBinding); + *prgbIdentityBinding = NULL; + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *prgbEndorsementCredential, *pcEndorsementCredentialSize, &hte->comm)) { + free(*idKey); + free(*prgbIdentityBinding); + *prgbIdentityBinding = NULL; + free(*prgbEndorsementCredential); + *prgbEndorsementCredential = NULL; + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + if (getData(TCSD_PACKET_TYPE_UINT32, i++, pcPlatformCredentialSize, 0, &hte->comm)) { + free(*idKey); + free(*prgbIdentityBinding); + *prgbIdentityBinding = NULL; + free(*prgbEndorsementCredential); + *prgbEndorsementCredential = NULL; + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *prgbPlatformCredential = (BYTE *) malloc(*pcPlatformCredentialSize); + if (*prgbPlatformCredential == NULL) { + LogError("malloc of %u bytes failed.", *pcPlatformCredentialSize); + free(*idKey); + free(*prgbIdentityBinding); + *prgbIdentityBinding = NULL; + free(*prgbEndorsementCredential); + *prgbEndorsementCredential = NULL; + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *prgbPlatformCredential, *pcPlatformCredentialSize, &hte->comm)) { + free(*idKey); + free(*prgbIdentityBinding); + *prgbIdentityBinding = NULL; + free(*prgbEndorsementCredential); + *prgbEndorsementCredential = NULL; + free(*prgbPlatformCredential); + *prgbPlatformCredential = NULL; + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + if (getData(TCSD_PACKET_TYPE_UINT32, i++, pcConformanceCredentialSize, 0, &hte->comm)) { + free(*idKey); + free(*prgbIdentityBinding); + *prgbIdentityBinding = NULL; + free(*prgbEndorsementCredential); + *prgbEndorsementCredential = NULL; + free(*prgbPlatformCredential); + *prgbPlatformCredential = NULL; + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *prgbConformanceCredential = (BYTE *) malloc(*pcConformanceCredentialSize); + if (*prgbConformanceCredential == NULL) { + LogError("malloc of %u bytes failed.", *pcConformanceCredentialSize); + free(*idKey); + free(*prgbIdentityBinding); + *prgbIdentityBinding = NULL; + free(*prgbEndorsementCredential); + *prgbEndorsementCredential = NULL; + free(*prgbPlatformCredential); + *prgbPlatformCredential = NULL; + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *prgbConformanceCredential, *pcConformanceCredentialSize, &hte->comm)) { + free(*idKey); + free(*prgbIdentityBinding); + *prgbIdentityBinding = NULL; + free(*prgbEndorsementCredential); + *prgbEndorsementCredential = NULL; + free(*prgbPlatformCredential); + *prgbPlatformCredential = NULL; + free(*prgbConformanceCredential); + *prgbConformanceCredential = NULL; + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + } + +done: + return result; +} + +TSS_RESULT +RPC_GetCredential_TP(struct host_table_entry *hte, + UINT32 ulCredentialType, /* in */ + UINT32 ulCredentialAccessMode, /* in */ + UINT32 * pulCredentialSize, /* out */ + BYTE ** prgbCredentialData) /* out */ +{ + TSS_RESULT result; + + initData(&hte->comm, 3); + hte->comm.hdr.u.ordinal = TCSD_ORD_GETCREDENTIAL; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &ulCredentialType, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 2, &ulCredentialAccessMode, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_UINT32, 0, pulCredentialSize, 0, &hte->comm)) { + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + *prgbCredentialData = (BYTE *) malloc(*pulCredentialSize); + if (*prgbCredentialData == NULL) { + LogError("malloc of %u bytes failed.", *pulCredentialSize); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + if (getData(TCSD_PACKET_TYPE_PBYTE, 1, *prgbCredentialData, + *pulCredentialSize, &hte->comm)) { + free(*prgbCredentialData); + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + } + return result; +} + +TSS_RESULT +RPC_ActivateTPMIdentity_TP(struct host_table_entry *hte, + TCS_KEY_HANDLE idKey, /* in */ + UINT32 blobSize, /* in */ + BYTE * blob, /* in */ + TPM_AUTH * idKeyAuth, /* in, out */ + TPM_AUTH * ownerAuth, /* in, out */ + UINT32 * SymmetricKeySize, /* out */ + BYTE ** SymmetricKey) /* out */ +{ + TSS_RESULT result; + int i = 0; + + initData(&hte->comm, 6); + hte->comm.hdr.u.ordinal = TCSD_ORD_ACTIVATETPMIDENTITY; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &idKey, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &blobSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, blob, blobSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + if (idKeyAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, i++, idKeyAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_AUTH, i++, ownerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + i = 0; + if (idKeyAuth) { + if (getData(TCSD_PACKET_TYPE_AUTH, i++, idKeyAuth, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_AUTH, i++, ownerAuth, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + if (getData(TCSD_PACKET_TYPE_UINT32, i++, SymmetricKeySize, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *SymmetricKey = malloc(*SymmetricKeySize); + if (*SymmetricKey == NULL) { + LogError("malloc of %u bytes failed.", *SymmetricKeySize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *SymmetricKey, *SymmetricKeySize, &hte->comm)) { + free(*SymmetricKey); + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + } +done: + return result; +} diff --git a/src/tspi/rpc/tcstp/rpc_audit.c b/src/tspi/rpc/tcstp/rpc_audit.c new file mode 100644 index 0000000..63cc0e2 --- /dev/null +++ b/src/tspi/rpc/tcstp/rpc_audit.c @@ -0,0 +1,240 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "tsplog.h" +#include "hosttable.h" +#include "tcsd_wrap.h" +#include "rpc_tcstp_tsp.h" + + +TSS_RESULT +RPC_SetOrdinalAuditStatus_TP(struct host_table_entry *hte, + TPM_AUTH *ownerAuth, /* in/out */ + UINT32 ulOrdinal, /* in */ + TSS_BOOL bAuditState) /* in */ +{ + TSS_RESULT result; + + initData(&hte->comm, 4); + hte->comm.hdr.u.ordinal = TCSD_ORD_SETORDINALAUDITSTATUS; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &ulOrdinal, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_BOOL, 2, &bAuditState, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_AUTH, 3, ownerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_AUTH, 0, ownerAuth, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + + return result; +} + +TSS_RESULT +RPC_GetAuditDigest_TP(struct host_table_entry *hte, + UINT32 startOrdinal, /* in */ + TPM_DIGEST *auditDigest, /* out */ + UINT32 *counterValueSize, /* out */ + BYTE **counterValue, /* out */ + TSS_BOOL *more, /* out */ + UINT32 *ordSize, /* out */ + UINT32 **ordList) /* out */ +{ + TSS_RESULT result; + + initData(&hte->comm, 2); + hte->comm.hdr.u.ordinal = TCSD_ORD_GETAUDITDIGEST; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &startOrdinal, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_DIGEST, 0, auditDigest, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + if (getData(TCSD_PACKET_TYPE_UINT32, 1, counterValueSize, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + *counterValue = (BYTE *)malloc(*counterValueSize); + if (*counterValue == NULL) { + LogError("malloc of %u bytes failed.", *counterValueSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 2, *counterValue, *counterValueSize, &hte->comm)) { + free(*counterValue); + *counterValue = NULL; + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + if (getData(TCSD_PACKET_TYPE_BOOL, 3, more, 0, &hte->comm)) { + free(*counterValue); + *counterValue = NULL; + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + if (getData(TCSD_PACKET_TYPE_UINT32, 4, ordSize, 0, &hte->comm)) { + free(*counterValue); + *counterValue = NULL; + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + *ordList = (UINT32 *)malloc(*ordSize * sizeof(UINT32)); + if (*ordList == NULL) { + LogError("malloc of %u bytes failed.", *ordSize); + free(*counterValue); + *counterValue = NULL; + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 5, *ordList, *ordSize * sizeof(UINT32), &hte->comm)) { + free(*counterValue); + *counterValue = NULL; + free(*ordList); + *ordList = NULL; + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + +done: + return result; +} + +TSS_RESULT +RPC_GetAuditDigestSigned_TP(struct host_table_entry *hte, + TCS_KEY_HANDLE keyHandle, /* in */ + TSS_BOOL closeAudit, /* in */ + TPM_NONCE *antiReplay, /* in */ + TPM_AUTH *privAuth, /* in/out */ + UINT32 *counterValueSize, /* out */ + BYTE **counterValue, /* out */ + TPM_DIGEST *auditDigest, /* out */ + TPM_DIGEST *ordinalDigest, /* out */ + UINT32 *sigSize, /* out */ + BYTE **sig) /* out */ +{ + TSS_RESULT result; + TPM_AUTH null_auth; + int i; + + initData(&hte->comm, 5); + hte->comm.hdr.u.ordinal = TCSD_ORD_GETAUDITDIGESTSIGNED; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + memset(&null_auth, 0, sizeof(TPM_AUTH)); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &keyHandle, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_BOOL, 2, &closeAudit, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_NONCE, 3, antiReplay, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (privAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 4, privAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + else { + if (setData(TCSD_PACKET_TYPE_AUTH, 4, &null_auth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + i = 0; + if (privAuth) { + if (getData(TCSD_PACKET_TYPE_AUTH, i++, privAuth, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + if (getData(TCSD_PACKET_TYPE_UINT32, i++, counterValueSize, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + *counterValue = (BYTE *)malloc(*counterValueSize); + if (*counterValue == NULL) { + LogError("malloc of %u bytes failed.", *counterValueSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *counterValue, *counterValueSize, &hte->comm)) { + free(*counterValue); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + if (getData(TCSD_PACKET_TYPE_DIGEST, i++, auditDigest, 0, &hte->comm)) { + free(*counterValue); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + if (getData(TCSD_PACKET_TYPE_DIGEST, i++, ordinalDigest, 0, &hte->comm)) { + free(*counterValue); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + if (getData(TCSD_PACKET_TYPE_UINT32, i++, sigSize, 0, &hte->comm)) { + free(*counterValue); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + *sig = (BYTE *)malloc(*sigSize); + if (*sig == NULL) { + LogError("malloc of %u bytes failed.", *sigSize); + free(*counterValue); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *sig, *sigSize, &hte->comm)) { + free(*counterValue); + free(*sig); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + +done: + return result; +} diff --git a/src/tspi/rpc/tcstp/rpc_auth.c b/src/tspi/rpc/tcstp/rpc_auth.c new file mode 100644 index 0000000..266d485 --- /dev/null +++ b/src/tspi/rpc/tcstp/rpc_auth.c @@ -0,0 +1,96 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "hosttable.h" +#include "tcsd_wrap.h" +#include "obj.h" +#include "rpc_tcstp_tsp.h" + + +TSS_RESULT +RPC_OIAP_TP(struct host_table_entry *hte, + TCS_AUTHHANDLE * authHandle, /* out */ + TCPA_NONCE * nonce0 /* out */ + ) { + TSS_RESULT result; + + initData(&hte->comm, 1); + hte->comm.hdr.u.ordinal = TCSD_ORD_OIAP; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_UINT32, 0, authHandle, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_NONCE, 1, nonce0, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + + return result; +} + +TSS_RESULT +RPC_OSAP_TP(struct host_table_entry *hte, + TCPA_ENTITY_TYPE entityType, /* in */ + UINT32 entityValue, /* in */ + TCPA_NONCE * nonceOddOSAP, /* in */ + TCS_AUTHHANDLE * authHandle, /* out */ + TCPA_NONCE * nonceEven, /* out */ + TCPA_NONCE * nonceEvenOSAP /* out */ + ) { + TSS_RESULT result; + + initData(&hte->comm, 4); + hte->comm.hdr.u.ordinal = TCSD_ORD_OSAP; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT16, 1, &entityType, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 2, &entityValue, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_NONCE, 3, nonceOddOSAP, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_UINT32, 0, authHandle, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_NONCE, 1, nonceEven, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_NONCE, 2, nonceEvenOSAP, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + + return result; +} diff --git a/src/tspi/rpc/tcstp/rpc_bind.c b/src/tspi/rpc/tcstp/rpc_bind.c new file mode 100644 index 0000000..79d7588 --- /dev/null +++ b/src/tspi/rpc/tcstp/rpc_bind.c @@ -0,0 +1,90 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "hosttable.h" +#include "tcsd_wrap.h" +#include "obj.h" +#include "rpc_tcstp_tsp.h" + + +TSS_RESULT +RPC_UnBind_TP(struct host_table_entry *hte, + TCS_KEY_HANDLE keyHandle, /* in */ + UINT32 inDataSize, /* in */ + BYTE * inData, /* in */ + TPM_AUTH * privAuth, /* in, out */ + UINT32 * outDataSize, /* out */ + BYTE ** outData /* out */ + ) { + TSS_RESULT result; + int i; + + initData(&hte->comm, 5); + hte->comm.hdr.u.ordinal = TCSD_ORD_UNBIND; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &keyHandle, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 2, &inDataSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 3, inData, inDataSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + if (privAuth != NULL) { + if (setData(TCSD_PACKET_TYPE_AUTH, 4, privAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + i = 0; + if (privAuth != NULL) { + if (getData(TCSD_PACKET_TYPE_AUTH, i++, privAuth, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + if (getData(TCSD_PACKET_TYPE_UINT32, i++, outDataSize, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *outData = (BYTE *) malloc(*outDataSize); + if (*outData == NULL) { + LogError("malloc of %u bytes failed.", *outDataSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *outData, *outDataSize, &hte->comm)) { + free(*outData); + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + } + +done: + return result; +} diff --git a/src/tspi/rpc/tcstp/rpc_caps.c b/src/tspi/rpc/tcstp/rpc_caps.c new file mode 100644 index 0000000..b626c55 --- /dev/null +++ b/src/tspi/rpc/tcstp/rpc_caps.c @@ -0,0 +1,76 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "hosttable.h" +#include "tcsd_wrap.h" +#include "obj.h" +#include "rpc_tcstp_tsp.h" + + +TSS_RESULT +RPC_GetCapability_TP(struct host_table_entry *hte, + TCPA_CAPABILITY_AREA capArea, /* in */ + UINT32 subCapSize, /* in */ + BYTE * subCap, /* in */ + UINT32 * respSize, /* out */ + BYTE ** resp) /* out */ +{ + TSS_RESULT result; + + initData(&hte->comm, 4); + hte->comm.hdr.u.ordinal = TCSD_ORD_TCSGETCAPABILITY; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &capArea, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 2, &subCapSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 3, subCap, subCapSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_UINT32, 0, respSize, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *resp = (BYTE *) calloc_tspi(hte->tspContext, *respSize); + if (*resp == NULL) { + LogError("malloc of %u bytes failed.", *respSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 1, *resp, *respSize, &hte->comm)) { + free_tspi(hte->tspContext, *resp); + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + } + +done: + return result; +} diff --git a/src/tspi/rpc/tcstp/rpc_caps_tpm.c b/src/tspi/rpc/tcstp/rpc_caps_tpm.c new file mode 100644 index 0000000..8957529 --- /dev/null +++ b/src/tspi/rpc/tcstp/rpc_caps_tpm.c @@ -0,0 +1,175 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "hosttable.h" +#include "tcsd_wrap.h" +#include "obj.h" +#include "rpc_tcstp_tsp.h" + + +TSS_RESULT +RPC_GetTPMCapability_TP(struct host_table_entry *hte, + TCPA_CAPABILITY_AREA capArea, /* in */ + UINT32 subCapSize, /* in */ + BYTE * subCap, /* in */ + UINT32 * respSize, /* out */ + BYTE ** resp) /* out */ +{ + TSS_RESULT result; + + initData(&hte->comm, 4); + hte->comm.hdr.u.ordinal = TCSD_ORD_GETCAPABILITY; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &capArea, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 2, &subCapSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 3, subCap, subCapSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_UINT32, 0, respSize, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *resp = (BYTE *) malloc(*respSize); + if (*resp == NULL) { + LogError("malloc of %u bytes failed.", *respSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 1, *resp, *respSize, &hte->comm)) { + free(*resp); + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + } + +done: + return result; +} + +TSS_RESULT +RPC_GetCapabilitySigned_TP(struct host_table_entry *hte, + TCS_KEY_HANDLE keyHandle, /* in */ + TCPA_NONCE antiReplay, /* in */ + TCPA_CAPABILITY_AREA capArea, /* in */ + UINT32 subCapSize, /* in */ + BYTE * subCap, /* in */ + TPM_AUTH * privAuth, /* in, out */ + TCPA_VERSION * Version, /* out */ + UINT32 * respSize, /* out */ + BYTE ** resp, /* out */ + UINT32 * sigSize, /* out */ + BYTE ** sig) /* out */ +{ + return TSPERR(TSS_E_NOTIMPL); +} + +TSS_RESULT +RPC_GetCapabilityOwner_TP(struct host_table_entry *hte, + TPM_AUTH * pOwnerAuth, /* out */ + TCPA_VERSION * pVersion, /* out */ + UINT32 * pNonVolatileFlags, /* out */ + UINT32 * pVolatileFlags) /* out */ +{ + TSS_RESULT result; + + initData(&hte->comm, 2); + hte->comm.hdr.u.ordinal = TCSD_ORD_GETCAPABILITYOWNER; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_AUTH, 1, pOwnerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_VERSION, 0, pVersion, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT32, 1, pNonVolatileFlags, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT32, 2, pVolatileFlags, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_AUTH, 3, pOwnerAuth, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + + return result; +} + +TSS_RESULT +RPC_SetCapability_TP(struct host_table_entry *hte, + TCPA_CAPABILITY_AREA capArea, /* in */ + UINT32 subCapSize, /* in */ + BYTE * subCap, /* in */ + UINT32 valueSize, /* in */ + BYTE * value, /* in */ + TPM_AUTH * pOwnerAuth) /* in, out */ +{ + TSS_RESULT result; + + initData(&hte->comm, 7); + hte->comm.hdr.u.ordinal = TCSD_ORD_SETCAPABILITY; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &capArea, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 2, &subCapSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 3, subCap, subCapSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 4, &valueSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 5, value, valueSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (pOwnerAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 6, pOwnerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_AUTH, 0, pOwnerAuth, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + + return result; +} diff --git a/src/tspi/rpc/tcstp/rpc_certify.c b/src/tspi/rpc/tcstp/rpc_certify.c new file mode 100644 index 0000000..3568c94 --- /dev/null +++ b/src/tspi/rpc/tcstp/rpc_certify.c @@ -0,0 +1,131 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "hosttable.h" +#include "tcsd_wrap.h" +#include "obj.h" +#include "rpc_tcstp_tsp.h" + + +TSS_RESULT +RPC_CertifyKey_TP(struct host_table_entry *hte, + TCS_KEY_HANDLE certHandle, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + TPM_NONCE * antiReplay, /* in */ + TPM_AUTH * certAuth, /* in, out */ + TPM_AUTH * keyAuth, /* in, out */ + UINT32 * CertifyInfoSize, /* out */ + BYTE ** CertifyInfo, /* out */ + UINT32 * outDataSize, /* out */ + BYTE ** outData /* out */ + ) { + TSS_RESULT result; + TPM_AUTH null_auth; + int i; + + initData(&hte->comm, 6); + memset(&null_auth, 0, sizeof(TPM_AUTH)); + + hte->comm.hdr.u.ordinal = TCSD_ORD_CERTIFYKEY; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &certHandle, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 2, &keyHandle, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_NONCE, 3, antiReplay, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (certAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 4, certAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } else { + if (setData(TCSD_PACKET_TYPE_AUTH, 4, &null_auth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + if (keyAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 5, keyAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } else { + if (setData(TCSD_PACKET_TYPE_AUTH, 5, &null_auth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + i = 0; + if (certAuth) { + if (getData(TCSD_PACKET_TYPE_AUTH, i++, certAuth, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + if (keyAuth) { + if (getData(TCSD_PACKET_TYPE_AUTH, i++, keyAuth, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + if (getData(TCSD_PACKET_TYPE_UINT32, i++, CertifyInfoSize, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *CertifyInfo = (BYTE *) malloc(*CertifyInfoSize); + if (*CertifyInfo == NULL) { + LogError("malloc of %u bytes failed.", *CertifyInfoSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *CertifyInfo, *CertifyInfoSize, &hte->comm)) { + free(*CertifyInfo); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + if (getData(TCSD_PACKET_TYPE_UINT32, i++, outDataSize, 0, &hte->comm)) { + free(*CertifyInfo); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *outData = (BYTE *) malloc(*outDataSize); + if (*outData == NULL) { + LogError("malloc of %u bytes failed.", *outDataSize); + free(*CertifyInfo); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *outData, *outDataSize, &hte->comm)) { + free(*CertifyInfo); + free(*outData); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + +done: + return result; +} diff --git a/src/tspi/rpc/tcstp/rpc_changeauth.c b/src/tspi/rpc/tcstp/rpc_changeauth.c new file mode 100644 index 0000000..b4c3d87 --- /dev/null +++ b/src/tspi/rpc/tcstp/rpc_changeauth.c @@ -0,0 +1,173 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "hosttable.h" +#include "tcsd_wrap.h" +#include "obj.h" +#include "rpc_tcstp_tsp.h" + + +TSS_RESULT +RPC_ChangeAuth_TP(struct host_table_entry *hte, + TCS_KEY_HANDLE parentHandle, /* in */ + TCPA_PROTOCOL_ID protocolID, /* in */ + TCPA_ENCAUTH *newAuth, /* in */ + TCPA_ENTITY_TYPE entityType, /* in */ + UINT32 encDataSize, /* in */ + BYTE * encData, /* in */ + TPM_AUTH * ownerAuth, /* in, out */ + TPM_AUTH * entityAuth, /* in, out */ + UINT32 * outDataSize, /* out */ + BYTE ** outData) /* out */ +{ + TSS_RESULT result; + + initData(&hte->comm, 9); + hte->comm.hdr.u.ordinal = TCSD_ORD_CHANGEAUTH; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &parentHandle, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT16, 2, &protocolID, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_ENCAUTH, 3, newAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT16, 4, &entityType, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 5, &encDataSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 6, encData, encDataSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_AUTH, 7, ownerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_AUTH, 8, entityAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_AUTH, 0, ownerAuth, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + if (getData(TCSD_PACKET_TYPE_AUTH, 1, entityAuth, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + if (getData(TCSD_PACKET_TYPE_UINT32, 2, outDataSize, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *outData = (BYTE *) malloc(*outDataSize); + if (*outData == NULL) { + LogError("malloc of %u bytes failed.", *outDataSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 3, *outData, *outDataSize, &hte->comm)) { + free(*outData); + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + } + +done: + return result; +} + +TSS_RESULT +RPC_ChangeAuthOwner_TP(struct host_table_entry *hte, + TCPA_PROTOCOL_ID protocolID, /* in */ + TCPA_ENCAUTH *newAuth, /* in */ + TCPA_ENTITY_TYPE entityType, /* in */ + TPM_AUTH * ownerAuth /* in, out */ + ) { + TSS_RESULT result; + + initData(&hte->comm, 5); + hte->comm.hdr.u.ordinal = TCSD_ORD_CHANGEAUTHOWNER; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT16, 1, &protocolID, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_ENCAUTH, 2, newAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT16, 3, &entityType, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_AUTH, 4, ownerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (hte->comm.hdr.u.result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_AUTH, 0, ownerAuth, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + + return result; +} + +TSS_RESULT +RPC_ChangeAuthAsymStart_TP(struct host_table_entry *hte, + TCS_KEY_HANDLE idHandle, /* in */ + TCPA_NONCE antiReplay, /* in */ + UINT32 KeySizeIn, /* in */ + BYTE * KeyDataIn, /* in */ + TPM_AUTH * pAuth, /* in, out */ + UINT32 * KeySizeOut, /* out */ + BYTE ** KeyDataOut, /* out */ + UINT32 * CertifyInfoSize, /* out */ + BYTE ** CertifyInfo, /* out */ + UINT32 * sigSize, /* out */ + BYTE ** sig, /* out */ + TCS_KEY_HANDLE * ephHandle /* out */ + ) { + return TSPERR(TSS_E_NOTIMPL); +} + +TSS_RESULT +RPC_ChangeAuthAsymFinish_TP(struct host_table_entry *hte, + TCS_KEY_HANDLE parentHandle, /* in */ + TCS_KEY_HANDLE ephHandle, /* in */ + TCPA_ENTITY_TYPE entityType, /* in */ + TCPA_HMAC newAuthLink, /* in */ + UINT32 newAuthSize, /* in */ + BYTE * encNewAuth, /* in */ + UINT32 encDataSizeIn, /* in */ + BYTE * encDataIn, /* in */ + TPM_AUTH * ownerAuth, /* in, out */ + UINT32 * encDataSizeOut, /* out */ + BYTE ** encDataOut, /* out */ + TCPA_SALT_NONCE * saltNonce, /* out */ + TCPA_DIGEST * changeProof /* out */ + ) { + return TSPERR(TSS_E_NOTIMPL); +} diff --git a/src/tspi/rpc/tcstp/rpc_cmk.c b/src/tspi/rpc/tcstp/rpc_cmk.c new file mode 100644 index 0000000..ef8dfd5 --- /dev/null +++ b/src/tspi/rpc/tcstp/rpc_cmk.c @@ -0,0 +1,393 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "tsplog.h" +#include "hosttable.h" +#include "tcsd_wrap.h" +#include "rpc_tcstp_tsp.h" + + +TSS_RESULT +RPC_CMK_SetRestrictions_TP(struct host_table_entry *hte, + TSS_CMK_DELEGATE restriction, /* in */ + TPM_AUTH *ownerAuth) /* in, out */ +{ + TSS_RESULT result; + + initData(&hte->comm, 3); + hte->comm.hdr.u.ordinal = TCSD_ORD_CMK_SETRESTRICTIONS; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &restriction, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_AUTH, 2, ownerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_AUTH, 0, ownerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + return result; +} + +TSS_RESULT +RPC_CMK_ApproveMA_TP(struct host_table_entry *hte, + TPM_DIGEST migAuthorityDigest, /* in */ + TPM_AUTH *ownerAuth, /* in, out */ + TPM_HMAC *migAuthorityApproval) /* out */ +{ + TSS_RESULT result; + + initData(&hte->comm, 3); + hte->comm.hdr.u.ordinal = TCSD_ORD_CMK_APPROVEMA; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_DIGEST, 1, &migAuthorityDigest, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_AUTH, 2, ownerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_AUTH, 0, ownerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_DIGEST, 1, migAuthorityApproval, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + return result; +} + +TSS_RESULT +RPC_CMK_CreateKey_TP(struct host_table_entry *hte, + TCS_KEY_HANDLE hWrappingKey, /* in */ + TPM_ENCAUTH *keyUsageAuth, /* in */ + TPM_HMAC *migAuthorityApproval, /* in */ + TPM_DIGEST *migAuthorityDigest, /* in */ + UINT32 *keyDataSize, /* in, out */ + BYTE **keyData, /* in, out */ + TPM_AUTH *pAuth) /* in, out */ +{ + TSS_RESULT result; + + initData(&hte->comm, 8); + hte->comm.hdr.u.ordinal = TCSD_ORD_CMK_CREATEKEY; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &hWrappingKey, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_ENCAUTH, 2, keyUsageAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_DIGEST, 3, migAuthorityApproval, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_DIGEST, 4, migAuthorityDigest, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 5, keyDataSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 6, *keyData, *keyDataSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (pAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 7, pAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } else { + TPM_AUTH nullAuth; + + memset(&nullAuth, 0, sizeof(TPM_AUTH)); + if (setData(TCSD_PACKET_TYPE_AUTH, 7, &nullAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + free(*keyData); + *keyData = NULL; + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_UINT32, 0, keyDataSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + *keyData = (BYTE *)malloc(*keyDataSize); + if (*keyData == NULL) { + LogError("malloc of %u bytes failed.", *keyDataSize); + return TSPERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 1, *keyData, *keyDataSize, &hte->comm)) { + free(*keyData); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + if (pAuth) { + if (getData(TCSD_PACKET_TYPE_AUTH, 2, pAuth, 0, &hte->comm)) { + free(*keyData); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + } + } + + return result; +} + +TSS_RESULT +RPC_CMK_CreateTicket_TP(struct host_table_entry *hte, + UINT32 publicVerifyKeySize, /* in */ + BYTE *publicVerifyKey, /* in */ + TPM_DIGEST signedData, /* in */ + UINT32 sigValueSize, /* in */ + BYTE *sigValue, /* in */ + TPM_AUTH *ownerAuth, /* in, out */ + TPM_HMAC *sigTicket) /* out */ +{ + TSS_RESULT result; + + initData(&hte->comm, 7); + hte->comm.hdr.u.ordinal = TCSD_ORD_CMK_CREATETICKET; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &publicVerifyKeySize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 2, publicVerifyKey, publicVerifyKeySize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_DIGEST, 3, &signedData, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 4, &sigValueSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 5, sigValue, sigValueSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_AUTH, 6, ownerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_AUTH, 0, ownerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_DIGEST, 1, sigTicket, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + return result; +} + +TSS_RESULT +RPC_CMK_CreateBlob_TP(struct host_table_entry *hte, + TCS_KEY_HANDLE hParentKey, /* in */ + TSS_MIGRATE_SCHEME migrationType, /* in */ + UINT32 migKeyAuthSize, /* in */ + BYTE *migKeyAuth, /* in */ + TPM_DIGEST pubSourceKeyDigest, /* in */ + UINT32 msaListSize, /* in */ + BYTE *msaList, /* in */ + UINT32 restrictTicketSize, /* in */ + BYTE *restrictTicket, /* in */ + UINT32 sigTicketSize, /* in */ + BYTE *sigTicket, /* in */ + UINT32 encDataSize, /* in */ + BYTE *encData, /* in */ + TPM_AUTH *pAuth, /* in, out */ + UINT32 *randomSize, /* out */ + BYTE **random, /* out */ + UINT32 *outDataSize, /* out */ + BYTE **outData) /* out */ +{ + TSS_RESULT result; + int i; + + initData(&hte->comm, 15); + hte->comm.hdr.u.ordinal = TCSD_ORD_CMK_CREATEBLOB; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &hParentKey, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT16, 2, &migrationType, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 3, &migKeyAuthSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 4, migKeyAuth, migKeyAuthSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_DIGEST, 5, &pubSourceKeyDigest, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 6, &msaListSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 7, msaList, msaListSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 8, &restrictTicketSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 9, restrictTicket, restrictTicketSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 10, &sigTicketSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 11, sigTicket, sigTicketSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 12, &encDataSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 13, encData, encDataSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (pAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 14, pAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } else { + TPM_AUTH nullAuth; + + memset(&nullAuth, 0, sizeof(TPM_AUTH)); + if (setData(TCSD_PACKET_TYPE_AUTH, 14, &nullAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + i = 0; + if (pAuth) { + if (getData(TCSD_PACKET_TYPE_AUTH, i++, pAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_UINT32, i++, randomSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + *random = (BYTE *)malloc(*randomSize); + if (*random == NULL) { + LogError("malloc of %u bytes failed.", *randomSize); + return TSPERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *random, *randomSize, &hte->comm)) { + free(*random); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_UINT32, i++, outDataSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + *outData = (BYTE *)malloc(*outDataSize); + if (*outData == NULL) { + LogError("malloc of %u bytes failed.", *outDataSize); + free(*random); + return TSPERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *outData, *outDataSize, &hte->comm)) { + free(*random); + free(*outData); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + } + + return result; +} + +TSS_RESULT +RPC_CMK_ConvertMigration_TP(struct host_table_entry *hte, + TCS_KEY_HANDLE hParentHandle, /* in */ + TPM_CMK_AUTH restrictTicket, /* in */ + TPM_HMAC sigTicket, /* in */ + UINT32 keyDataSize, /* in */ + BYTE *keyData, /* in */ + UINT32 msaListSize, /* in */ + BYTE *msaList, /* in */ + UINT32 randomSize, /* in */ + BYTE *random, /* in */ + TPM_AUTH *pAuth, /* in, out */ + UINT32 *outDataSize, /* out */ + BYTE **outData) /* out */ +{ + TSS_RESULT result; + int i; + + initData(&hte->comm, 11); + hte->comm.hdr.u.ordinal = TCSD_ORD_CMK_CONVERTMIGRATION; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &hParentHandle, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 2, &restrictTicket, sizeof(restrictTicket), &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_DIGEST, 3, &sigTicket, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 4, &keyDataSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 5, keyData, keyDataSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 6, &msaListSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 7, msaList, msaListSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 8, &randomSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 9, random, randomSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (pAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 10, pAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } else { + TPM_AUTH nullAuth; + + memset(&nullAuth, 0, sizeof(TPM_AUTH)); + if (setData(TCSD_PACKET_TYPE_AUTH, 10, &nullAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + i = 0; + if (pAuth) { + if (getData(TCSD_PACKET_TYPE_AUTH, i++, pAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_UINT32, i++, outDataSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + *outData = (BYTE *)malloc(*outDataSize); + if (*outData == NULL) { + LogError("malloc of %u bytes failed.", *outDataSize); + return TSPERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *outData, *outDataSize, &hte->comm)) { + free(*outData); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + } + + return result; +} + diff --git a/src/tspi/rpc/tcstp/rpc_context.c b/src/tspi/rpc/tcstp/rpc_context.c new file mode 100644 index 0000000..95fafbe --- /dev/null +++ b/src/tspi/rpc/tcstp/rpc_context.c @@ -0,0 +1,80 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "tsplog.h" +#include "hosttable.h" +#include "tcsd_wrap.h" +#include "rpc_tcstp_tsp.h" + + +TSS_RESULT +RPC_OpenContext_TP(struct host_table_entry* hte, + UINT32* tpm_version, + TCS_CONTEXT_HANDLE* tcsContext) +{ + TSS_RESULT result; + + initData(&hte->comm, 0); + hte->comm.hdr.u.ordinal = TCSD_ORD_OPENCONTEXT; + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_UINT32, 0, tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("Received TCS Context: 0x%x", *tcsContext); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, tpm_version, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + return result; +} + +TSS_RESULT +RPC_CloseContext_TP(struct host_table_entry *hte) +{ + TSS_RESULT result; + + initData(&hte->comm, 1); + hte->comm.hdr.u.ordinal = TCSD_ORD_CLOSECONTEXT; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + return result; +} + +TSS_RESULT +RPC_FreeMemory_TP(struct host_table_entry *hte, + BYTE * pMemory) /* in */ +{ + free(pMemory); + + return TSS_SUCCESS; +} diff --git a/src/tspi/rpc/tcstp/rpc_counter.c b/src/tspi/rpc/tcstp/rpc_counter.c new file mode 100644 index 0000000..d6b2b37 --- /dev/null +++ b/src/tspi/rpc/tcstp/rpc_counter.c @@ -0,0 +1,204 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "hosttable.h" +#include "tcsd_wrap.h" +#include "obj.h" +#include "rpc_tcstp_tsp.h" + + +TSS_RESULT +RPC_ReadCounter_TP(struct host_table_entry* hte, + TSS_COUNTER_ID idCounter, /* in */ + TPM_COUNTER_VALUE* counterValue) /* out */ +{ + TSS_RESULT result; + + initData(&hte->comm, 2); + hte->comm.hdr.u.ordinal = TCSD_ORD_READCOUNTER; + LogDebugFn("IN: TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &idCounter, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_COUNTER_VALUE, 0, counterValue, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + + return result; +} + +TSS_RESULT +RPC_CreateCounter_TP(struct host_table_entry* hte, + UINT32 LabelSize, /* in (=4) */ + BYTE* pLabel, /* in */ + TPM_ENCAUTH CounterAuth, /* in */ + TPM_AUTH* pOwnerAuth, /* in, out */ + TSS_COUNTER_ID* idCounter, /* out */ + TPM_COUNTER_VALUE* counterValue) /* out */ +{ + TSS_RESULT result; + + initData(&hte->comm, 5); + hte->comm.hdr.u.ordinal = TCSD_ORD_CREATECOUNTER; + LogDebugFn("IN: TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &LabelSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 2, &pLabel, LabelSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_ENCAUTH, 3, &CounterAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_AUTH, 4, pOwnerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_AUTH, 0, pOwnerAuth, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + if (getData(TCSD_PACKET_TYPE_UINT32, 1, idCounter, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + if (getData(TCSD_PACKET_TYPE_COUNTER_VALUE, 2, counterValue, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } +done: + return result; +} + +TSS_RESULT +RPC_IncrementCounter_TP(struct host_table_entry* hte, + TSS_COUNTER_ID idCounter, /* in */ + TPM_AUTH* pCounterAuth, /* in, out */ + TPM_COUNTER_VALUE* counterValue) /* out */ +{ + TSS_RESULT result; + + initData(&hte->comm, 3); + hte->comm.hdr.u.ordinal = TCSD_ORD_INCREMENTCOUNTER; + LogDebugFn("IN: TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &idCounter, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_AUTH, 2, pCounterAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_AUTH, 0, pCounterAuth, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + if (getData(TCSD_PACKET_TYPE_COUNTER_VALUE, 1, counterValue, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } +done: + return result; +} + +TSS_RESULT +RPC_ReleaseCounter_TP(struct host_table_entry* hte, + TSS_COUNTER_ID idCounter, /* in */ + TPM_AUTH* pCounterAuth) /* in, out */ +{ + TSS_RESULT result; + + initData(&hte->comm, 3); + hte->comm.hdr.u.ordinal = TCSD_ORD_RELEASECOUNTER; + LogDebugFn("IN: TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &idCounter, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_AUTH, 2, pCounterAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_AUTH, 0, pCounterAuth, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + + return result; +} + +TSS_RESULT +RPC_ReleaseCounterOwner_TP(struct host_table_entry* hte, + TSS_COUNTER_ID idCounter, /* in */ + TPM_AUTH* pOwnerAuth) /* in, out */ +{ + TSS_RESULT result; + + initData(&hte->comm, 3); + hte->comm.hdr.u.ordinal = TCSD_ORD_RELEASECOUNTEROWNER; + LogDebugFn("IN: TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &idCounter, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_AUTH, 2, pOwnerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_AUTH, 0, pOwnerAuth, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + + return result; +} diff --git a/src/tspi/rpc/tcstp/rpc_daa.c b/src/tspi/rpc/tcstp/rpc_daa.c new file mode 100644 index 0000000..e48d30e --- /dev/null +++ b/src/tspi/rpc/tcstp/rpc_daa.c @@ -0,0 +1,184 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "hosttable.h" +#include "tcsd_wrap.h" +#include "obj.h" +#include "rpc_tcstp_tsp.h" + + +TSS_RESULT +RPC_DaaJoin_TP(struct host_table_entry *hte, + TPM_HANDLE handle, // in + BYTE stage, // in + UINT32 inputSize0, // in + BYTE* inputData0, // in + UINT32 inputSize1, // in + BYTE* inputData1, // in + TPM_AUTH* ownerAuth, // in/out + UINT32* outputSize, // out + BYTE** outputData) // out +{ + TSS_RESULT result; + UINT32 i; + + LogDebugFn("stage=%d", stage); + initData(&hte->comm, 8); + hte->comm.hdr.u.ordinal = TCSD_ORD_DAAJOIN; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &handle, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_BYTE, 2, &stage, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 3, &inputSize0, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + LogDebugFn("inputSize0==%d =%d", inputSize0, inputSize0); + if (setData(TCSD_PACKET_TYPE_PBYTE, 4, inputData0, inputSize0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 5, &inputSize1, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + LogDebugFn("inputSize1==%d =%d", inputSize1, inputSize1); + if (setData(TCSD_PACKET_TYPE_PBYTE, 6, inputData1, inputSize1, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if( ownerAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 7, ownerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + result = sendTCSDPacket(hte); + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + i = 0; + LogDebugFn("getData outputSize"); + + if( ownerAuth) { + if (getData(TCSD_PACKET_TYPE_AUTH, i++, ownerAuth, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + if (getData(TCSD_PACKET_TYPE_UINT32, i++, outputSize, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + *outputData = (BYTE *) malloc(*outputSize); + if (*outputData == NULL) { + LogError("malloc of %u bytes failed.", *outputSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + LogDebugFn("getData outputData (outputSize=%u)", *outputSize); + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *outputData, *outputSize, &hte->comm)) { + free(*outputData); + *outputData = NULL; + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + +done: + LogDebugFn("result=%u", result); + return result; +} + +TSS_RESULT +RPC_DaaSign_TP(struct host_table_entry *hte, + TPM_HANDLE handle, // in + BYTE stage, // in + UINT32 inputSize0, // in + BYTE* inputData0, // in + UINT32 inputSize1, // in + BYTE* inputData1, // in + TPM_AUTH* ownerAuth, // in/out + UINT32* outputSize, // out + BYTE** outputData) // out +{ + TSS_RESULT result; + UINT32 i; + + LogDebugFn("stage=%d", stage); + initData(&hte->comm, 8); + hte->comm.hdr.u.ordinal = TCSD_ORD_DAASIGN; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &handle, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_BYTE, 2, &stage, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 3, &inputSize0, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + LogDebugFn("inputSize0==%d =%d", inputSize0, inputSize0); + if (setData(TCSD_PACKET_TYPE_PBYTE, 4, inputData0, inputSize0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 5, &inputSize1, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + LogDebugFn("inputSize1==%d =%d", inputSize1, inputSize1); + if (setData(TCSD_PACKET_TYPE_PBYTE, 6, inputData1, inputSize1, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if( ownerAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 7, ownerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + LogDebugFn("sendTCSDPacket: 0x%x", (int)hte); + result = sendTCSDPacket(hte); + // + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + // + if (result == TSS_SUCCESS) { + i = 0; + LogDebugFn("getData outputSize"); + + if( ownerAuth) { + if (getData(TCSD_PACKET_TYPE_AUTH, i++, ownerAuth, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + if (getData(TCSD_PACKET_TYPE_UINT32, i++, outputSize, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + *outputData = (BYTE *) malloc(*outputSize); + if (*outputData == NULL) { + LogError("malloc of %u bytes failed.", *outputSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + LogDebugFn("getData outputData (outputSize=%d)", *outputSize); + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *outputData, *outputSize, &hte->comm)) { + free(*outputData); + *outputData = NULL; + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + +done: + LogDebugFn("result=%u", result); + return result; +} + diff --git a/src/tspi/rpc/tcstp/rpc_delegate.c b/src/tspi/rpc/tcstp/rpc_delegate.c new file mode 100644 index 0000000..d4b6ac2 --- /dev/null +++ b/src/tspi/rpc/tcstp/rpc_delegate.c @@ -0,0 +1,452 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "tsplog.h" +#include "hosttable.h" +#include "tcsd_wrap.h" +#include "rpc_tcstp_tsp.h" + + +TSS_RESULT +RPC_Delegate_Manage_TP(struct host_table_entry *hte, + TPM_FAMILY_ID familyID, /* in */ + TPM_FAMILY_OPERATION opFlag, /* in */ + UINT32 opDataSize, /* in */ + BYTE *opData, /* in */ + TPM_AUTH *ownerAuth, /* in/out */ + UINT32 *retDataSize, /* out */ + BYTE **retData) /* out */ +{ + TSS_RESULT result; + int i; + + initData(&hte->comm, 6); + hte->comm.hdr.u.ordinal = TCSD_ORD_DELEGATE_MANAGE; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &familyID, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 2, &opFlag, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 3, &opDataSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 4, opData, opDataSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (ownerAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 5, ownerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } else { + TPM_AUTH nullAuth; + + memset(&nullAuth, 0, sizeof(TPM_AUTH)); + if (setData(TCSD_PACKET_TYPE_AUTH, 5, &nullAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + i = 0; + if (ownerAuth) { + if (getData(TCSD_PACKET_TYPE_AUTH, i++, ownerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_UINT32, i++, retDataSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + *retData = (BYTE *)malloc(*retDataSize); + if (*retData == NULL) { + LogError("malloc of %u bytes failed.", *retDataSize); + return TSPERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *retData, *retDataSize, &hte->comm)) { + free(*retData); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + } + + return result; +} + +TSS_RESULT +RPC_Delegate_CreateKeyDelegation_TP(struct host_table_entry *hte, + TCS_KEY_HANDLE hKey, /* in */ + UINT32 publicInfoSize, /* in */ + BYTE *publicInfo, /* in */ + TPM_ENCAUTH *encDelAuth, /* in */ + TPM_AUTH *keyAuth, /* in/out */ + UINT32 *blobSize, /* out */ + BYTE **blob) /* out */ +{ + TSS_RESULT result; + int i; + + initData(&hte->comm, 8); + hte->comm.hdr.u.ordinal = TCSD_ORD_DELEGATE_CREATEKEYDELEGATION; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &hKey, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 2, &publicInfoSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 3, publicInfo, publicInfoSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_ENCAUTH, 4, encDelAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (keyAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 5, keyAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } else { + TPM_AUTH nullAuth; + + memset(&nullAuth, 0, sizeof(TPM_AUTH)); + if (setData(TCSD_PACKET_TYPE_AUTH, 5, &nullAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + i = 0; + if (keyAuth) { + if (getData(TCSD_PACKET_TYPE_AUTH, i++, keyAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_UINT32, i++, blobSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + *blob = (BYTE *)malloc(*blobSize); + if (*blob == NULL) { + LogError("malloc of %u bytes failed.", *blobSize); + return TSPERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *blob, *blobSize, &hte->comm)) { + free(*blob); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + } + + return result; +} + +TSS_RESULT +RPC_Delegate_CreateOwnerDelegation_TP(struct host_table_entry *hte, + TSS_BOOL increment, /* in */ + UINT32 publicInfoSize, /* in */ + BYTE *publicInfo, /* in */ + TPM_ENCAUTH *encDelAuth, /* in */ + TPM_AUTH *ownerAuth, /* in/out */ + UINT32 *blobSize, /* out */ + BYTE **blob) /* out */ +{ + TSS_RESULT result; + int i; + + initData(&hte->comm, 8); + hte->comm.hdr.u.ordinal = TCSD_ORD_DELEGATE_CREATEOWNERDELEGATION; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_BOOL, 1, &increment, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 2, &publicInfoSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 3, publicInfo, publicInfoSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_ENCAUTH, 4, encDelAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (ownerAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 5, ownerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } else { + TPM_AUTH nullAuth; + + memset(&nullAuth, 0, sizeof(TPM_AUTH)); + if (setData(TCSD_PACKET_TYPE_AUTH, 5, &nullAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + i = 0; + if (ownerAuth) { + if (getData(TCSD_PACKET_TYPE_AUTH, i++, ownerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_UINT32, i++, blobSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + *blob = (BYTE *)malloc(*blobSize); + if (*blob == NULL) { + LogError("malloc of %u bytes failed.", *blobSize); + return TSPERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *blob, *blobSize, &hte->comm)) { + free(*blob); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + } + + return result; +} + +TSS_RESULT +RPC_Delegate_LoadOwnerDelegation_TP(struct host_table_entry *hte, + TPM_DELEGATE_INDEX index, /* in */ + UINT32 blobSize, /* in */ + BYTE *blob, /* in */ + TPM_AUTH *ownerAuth) /* in/out */ +{ + TSS_RESULT result; + + initData(&hte->comm, 5); + hte->comm.hdr.u.ordinal = TCSD_ORD_DELEGATE_LOADOWNERDELEGATION; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &index, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 2, &blobSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 3, blob, blobSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (ownerAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 4, ownerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } else { + TPM_AUTH nullAuth; + + memset(&nullAuth, 0, sizeof(TPM_AUTH)); + if (setData(TCSD_PACKET_TYPE_AUTH, 4, &nullAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (ownerAuth) { + if (getData(TCSD_PACKET_TYPE_AUTH, 0, ownerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + } + + return result; +} + +TSS_RESULT +RPC_Delegate_ReadTable_TP(struct host_table_entry *hte, + UINT32 *familyTableSize, /* out */ + BYTE **familyTable, /* out */ + UINT32 *delegateTableSize, /* out */ + BYTE **delegateTable) /* out */ +{ + TSS_RESULT result; + + initData(&hte->comm, 1); + hte->comm.hdr.u.ordinal = TCSD_ORD_DELEGATE_READTABLE; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_UINT32, 0, familyTableSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + *familyTable = (BYTE *)malloc(*familyTableSize); + if (*familyTable == NULL) { + LogError("malloc of %u bytes failed.", *familyTableSize); + return TSPERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 1, *familyTable, *familyTableSize, &hte->comm)) { + free(*familyTable); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_UINT32, 2, delegateTableSize, 0, &hte->comm)) { + free(*familyTable); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + *delegateTable = (BYTE *)malloc(*delegateTableSize); + if (*delegateTable == NULL) { + free(*familyTable); + LogError("malloc of %u bytes failed.", *delegateTableSize); + return TSPERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 3, *delegateTable, *delegateTableSize, &hte->comm)) { + free(*familyTable); + free(*delegateTable); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + } + + return result; +} + +TSS_RESULT +RPC_Delegate_UpdateVerificationCount_TP(struct host_table_entry *hte, + UINT32 inputSize, /* in */ + BYTE *input, /* in */ + TPM_AUTH *ownerAuth, /* in/out */ + UINT32 *outputSize, /* out */ + BYTE **output) /* out */ +{ + TSS_RESULT result; + int i; + + initData(&hte->comm, 4); + hte->comm.hdr.u.ordinal = TCSD_ORD_DELEGATE_UPDATEVERIFICATIONCOUNT; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &inputSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 2, input, inputSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (ownerAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 3, ownerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } else { + TPM_AUTH nullAuth; + + memset(&nullAuth, 0, sizeof(TPM_AUTH)); + if (setData(TCSD_PACKET_TYPE_AUTH, 3, &nullAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + i = 0; + if (ownerAuth) { + if (getData(TCSD_PACKET_TYPE_AUTH, i++, ownerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_UINT32, i++, outputSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + *output = (BYTE *)malloc(*outputSize); + if (*output == NULL) { + LogError("malloc of %u bytes failed.", *outputSize); + return TSPERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *output, *outputSize, &hte->comm)) { + free(*output); + output = NULL; + return TSPERR(TSS_E_INTERNAL_ERROR); + } + } + + return result; +} + +TSS_RESULT +RPC_Delegate_VerifyDelegation_TP(struct host_table_entry *hte, + UINT32 delegateSize, /* in */ + BYTE *delegate) /* in */ +{ + TSS_RESULT result; + + initData(&hte->comm, 3); + hte->comm.hdr.u.ordinal = TCSD_ORD_DELEGATE_VERIFYDELEGATION; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &delegateSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 2, delegate, delegateSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + return result; +} + +TSS_RESULT +RPC_DSAP_TP(struct host_table_entry *hte, + TPM_ENTITY_TYPE entityType, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + TPM_NONCE *nonceOddDSAP, /* in */ + UINT32 entityValueSize, /* in */ + BYTE * entityValue, /* in */ + TCS_AUTHHANDLE *authHandle, /* out */ + TPM_NONCE *nonceEven, /* out */ + TPM_NONCE *nonceEvenDSAP) /* out */ +{ + TSS_RESULT result; + + initData(&hte->comm, 6); + hte->comm.hdr.u.ordinal = TCSD_ORD_DSAP; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT16, 1, &entityType, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 2, &keyHandle, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_NONCE, 3, nonceOddDSAP, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 4, &entityValueSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 5, entityValue, entityValueSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_UINT32, 0, authHandle, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_NONCE, 1, nonceEven, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_NONCE, 2, nonceEvenDSAP, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + return result; +} diff --git a/src/tspi/rpc/tcstp/rpc_dir.c b/src/tspi/rpc/tcstp/rpc_dir.c new file mode 100644 index 0000000..12f2d4f --- /dev/null +++ b/src/tspi/rpc/tcstp/rpc_dir.c @@ -0,0 +1,89 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "hosttable.h" +#include "tcsd_wrap.h" +#include "obj.h" +#include "rpc_tcstp_tsp.h" + + +TSS_RESULT +RPC_DirWriteAuth_TP(struct host_table_entry *hte, + TCPA_DIRINDEX dirIndex, /* in */ + TCPA_DIRVALUE *newContents, /* in */ + TPM_AUTH * ownerAuth /* in, out */ + ) { + TSS_RESULT result; + + initData(&hte->comm, 4); + hte->comm.hdr.u.ordinal = TCSD_ORD_DIRWRITEAUTH; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &dirIndex, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_DIGEST, 2, newContents, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_AUTH, 3, ownerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_AUTH, 0, ownerAuth, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + + return result; +} + +TSS_RESULT +RPC_DirRead_TP(struct host_table_entry *hte, + TCPA_DIRINDEX dirIndex, /* in */ + TCPA_DIRVALUE * dirValue /* out */ + ) { + TSS_RESULT result; + + initData(&hte->comm, 2); + hte->comm.hdr.u.ordinal = TCSD_ORD_DIRREAD; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &dirIndex, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (hte->comm.hdr.u.result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_DIGEST, 0, dirValue, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + + return result; +} diff --git a/src/tspi/rpc/tcstp/rpc_ek.c b/src/tspi/rpc/tcstp/rpc_ek.c new file mode 100644 index 0000000..c95753d --- /dev/null +++ b/src/tspi/rpc/tcstp/rpc_ek.c @@ -0,0 +1,304 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "hosttable.h" +#include "tcsd_wrap.h" +#include "obj.h" +#include "rpc_tcstp_tsp.h" + + +TSS_RESULT +RPC_CreateEndorsementKeyPair_TP(struct host_table_entry *hte, + TCPA_NONCE antiReplay, /* in */ + UINT32 endorsementKeyInfoSize, /* in */ + BYTE * endorsementKeyInfo, /* in */ + UINT32 * endorsementKeySize, /* out */ + BYTE ** endorsementKey, /* out */ + TCPA_DIGEST * checksum /* out */ + ) { + + TSS_RESULT result; + + initData(&hte->comm, 4); + hte->comm.hdr.u.ordinal = TCSD_ORD_CREATEENDORSEMENTKEYPAIR; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_NONCE, 1, &antiReplay, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 2, &endorsementKeyInfoSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 3, endorsementKeyInfo, endorsementKeyInfoSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_UINT32, 0, endorsementKeySize, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *endorsementKey = (BYTE *) malloc(*endorsementKeySize); + if (*endorsementKey == NULL) { + LogError("malloc of %u bytes failed.", *endorsementKeySize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 1, *endorsementKey, *endorsementKeySize, &hte->comm)) { + free(*endorsementKey); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + if (getData(TCSD_PACKET_TYPE_DIGEST, 2, &(checksum->digest), 0, &hte->comm)) { + free(*endorsementKey); + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + } + +done: + return result; +} + +TSS_RESULT +RPC_ReadPubek_TP(struct host_table_entry *hte, + TCPA_NONCE antiReplay, /* in */ + UINT32 * pubEndorsementKeySize, /* out */ + BYTE ** pubEndorsementKey, /* out */ + TCPA_DIGEST * checksum /* out */ + ) { + TSS_RESULT result; + + initData(&hte->comm, 2); + hte->comm.hdr.u.ordinal = TCSD_ORD_READPUBEK; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + /* &hte->comm.numParms = 2; */ + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_NONCE, 1, &antiReplay, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_UINT32, 0, pubEndorsementKeySize, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *pubEndorsementKey = (BYTE *) malloc(*pubEndorsementKeySize); + if (*pubEndorsementKey == NULL) { + LogError("malloc of %u bytes failed.", *pubEndorsementKeySize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 1, *pubEndorsementKey, *pubEndorsementKeySize, &hte->comm)) { + free(*pubEndorsementKey); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + if (getData(TCSD_PACKET_TYPE_DIGEST, 2, &(checksum->digest), 0, &hte->comm)) { + free(*pubEndorsementKey); + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + } +done: + return result; +} + +TSS_RESULT +RPC_DisablePubekRead_TP(struct host_table_entry *hte, + TPM_AUTH * ownerAuth /* in, out */ + ) { + TSS_RESULT result; + + initData(&hte->comm, 2); + hte->comm.hdr.u.ordinal = TCSD_ORD_DISABLEPUBEKREAD; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + if (setData(TCSD_PACKET_TYPE_AUTH, 1, ownerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_AUTH, 0, ownerAuth, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + + return result; +} + +TSS_RESULT +RPC_OwnerReadPubek_TP(struct host_table_entry *hte, + TPM_AUTH * ownerAuth, /* in, out */ + UINT32 * pubEndorsementKeySize, /* out */ + BYTE ** pubEndorsementKey /* out */ + ) { + + TSS_RESULT result; + + initData(&hte->comm, 2); + hte->comm.hdr.u.ordinal = TCSD_ORD_OWNERREADPUBEK; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_AUTH, 1, ownerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_AUTH, 0, ownerAuth, 0, &hte->comm)){ + free(*pubEndorsementKey); + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, pubEndorsementKeySize, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *pubEndorsementKey = (BYTE *) malloc(*pubEndorsementKeySize); + if (*pubEndorsementKey == NULL) { + LogError("malloc of %u bytes failed.", *pubEndorsementKeySize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + if (getData(TCSD_PACKET_TYPE_PBYTE, 2, *pubEndorsementKey, *pubEndorsementKeySize, &hte->comm)) { + free(*pubEndorsementKey); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + +done: + return result; +} + +#ifdef TSS_BUILD_TSS12 +TSS_RESULT +RPC_CreateRevocableEndorsementKeyPair_TP(struct host_table_entry *hte, + TPM_NONCE antiReplay, /* in */ + UINT32 endorsementKeyInfoSize,/* in */ + BYTE * endorsementKeyInfo, /* in */ + TSS_BOOL genResetAuth, /* in */ + TPM_DIGEST * eKResetAuth, /* in, out */ + UINT32 * endorsementKeySize, /* out */ + BYTE ** endorsementKey, /* out */ + TPM_DIGEST * checksum) /* out */ +{ + TSS_RESULT result; + + initData(&hte->comm, 6); + hte->comm.hdr.u.ordinal = TCSD_ORD_CREATEREVOCABLEENDORSEMENTKEYPAIR; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_NONCE, 1, &antiReplay, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 2, &endorsementKeyInfoSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 3, endorsementKeyInfo, endorsementKeyInfoSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_BOOL, 4, &genResetAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_DIGEST, 5, eKResetAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_DIGEST, 0, &(eKResetAuth->digest), 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + if (getData(TCSD_PACKET_TYPE_UINT32, 1, endorsementKeySize, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + *endorsementKey = (BYTE *) malloc(*endorsementKeySize); + if (*endorsementKey == NULL) { + LogError("malloc of %u bytes failed.", *endorsementKeySize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 2, *endorsementKey, *endorsementKeySize, &hte->comm)) { + free(*endorsementKey); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + if (getData(TCSD_PACKET_TYPE_DIGEST, 3, &(checksum->digest), 0, &hte->comm)) { + free(*endorsementKey); + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + } + +done: + return result; +} + +TSS_RESULT +RPC_RevokeEndorsementKeyPair_TP(struct host_table_entry *hte, + TPM_DIGEST *EKResetAuth) /* in */ +{ + TSS_RESULT result; + + initData(&hte->comm, 2); + hte->comm.hdr.u.ordinal = TCSD_ORD_REVOKEENDORSEMENTKEYPAIR; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_DIGEST, 1, EKResetAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + return result; +} +#endif diff --git a/src/tspi/rpc/tcstp/rpc_evlog.c b/src/tspi/rpc/tcstp/rpc_evlog.c new file mode 100644 index 0000000..7256795 --- /dev/null +++ b/src/tspi/rpc/tcstp/rpc_evlog.c @@ -0,0 +1,231 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "hosttable.h" +#include "tcsd_wrap.h" +#include "obj.h" +#include "rpc_tcstp_tsp.h" + + +TSS_RESULT +RPC_LogPcrEvent_TP(struct host_table_entry *hte, + TSS_PCR_EVENT Event, /* in */ + UINT32 * pNumber /* out */ + ) { + TSS_RESULT result; + + initData(&hte->comm, 2); + hte->comm.hdr.u.ordinal = TCSD_ORD_LOGPCREVENT; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + if (setData(TCSD_PACKET_TYPE_PCR_EVENT, 1, &Event, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_UINT32, 0, pNumber, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + + return result; +} + +TSS_RESULT +RPC_GetPcrEvent_TP(struct host_table_entry *hte, + UINT32 PcrIndex, /* in */ + UINT32 * pNumber, /* in, out */ + TSS_PCR_EVENT ** ppEvent /* out */ + ) { + TSS_RESULT result; + BYTE lengthOnly = (ppEvent == NULL) ? TRUE : FALSE; + + initData(&hte->comm, 4); + hte->comm.hdr.u.ordinal = TCSD_ORD_GETPCREVENT; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &PcrIndex, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + if (setData(TCSD_PACKET_TYPE_UINT32, 2, pNumber, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + if (setData(TCSD_PACKET_TYPE_BYTE, 3, &lengthOnly, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_UINT32, 0, pNumber, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + if (ppEvent) { + *ppEvent = malloc(sizeof(TSS_PCR_EVENT)); + if (*ppEvent == NULL) { + LogError("malloc of %zd bytes failed.", + sizeof(TSS_PCR_EVENT)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + if (getData(TCSD_PACKET_TYPE_PCR_EVENT, 1, *ppEvent, 0, &hte->comm)) { + free(*ppEvent); + *ppEvent = NULL; + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + } + } + +done: + return result; +} + +TSS_RESULT +RPC_GetPcrEventsByPcr_TP(struct host_table_entry *hte, + UINT32 PcrIndex, /* in */ + UINT32 FirstEvent, /* in */ + UINT32 * pEventCount, /* in, out */ + TSS_PCR_EVENT ** ppEvents /* out */ + ) { + TSS_RESULT result; + UINT32 i, j; + + initData(&hte->comm, 4); + hte->comm.hdr.u.ordinal = TCSD_ORD_GETPCREVENTBYPCR; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &PcrIndex, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + if (setData(TCSD_PACKET_TYPE_UINT32, 2, &FirstEvent, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + if (setData(TCSD_PACKET_TYPE_UINT32, 3, pEventCount, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_UINT32, 0, pEventCount, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + if (*pEventCount > 0) { + *ppEvents = calloc_tspi(hte->tspContext, + sizeof(TSS_PCR_EVENT) * (*pEventCount)); + if (*ppEvents == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(TSS_PCR_EVENT) * (*pEventCount)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + i = 1; + for (j = 0; j < (*pEventCount); j++) { + if (getData(TCSD_PACKET_TYPE_PCR_EVENT, i++, &((*ppEvents)[j]), 0, &hte->comm)) { + free(*ppEvents); + *ppEvents = NULL; + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + } else { + *ppEvents = NULL; + } + } + +done: + return result; +} + +TSS_RESULT +RPC_GetPcrEventLog_TP(struct host_table_entry *hte, + UINT32 * pEventCount, /* out */ + TSS_PCR_EVENT ** ppEvents /* out */ + ) { + TSS_RESULT result; + int i, j; + + initData(&hte->comm, 1); + hte->comm.hdr.u.ordinal = TCSD_ORD_GETPCREVENTLOG; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_UINT32, 0, pEventCount, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + if (*pEventCount > 0) { + *ppEvents = calloc_tspi(hte->tspContext, + sizeof(TSS_PCR_EVENT) * (*pEventCount)); + if (*ppEvents == NULL) { + LogError("malloc of %zd bytes failed.", + sizeof(TSS_PCR_EVENT) * (*pEventCount)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + i = 1; + for (j = 0; (UINT32)j < (*pEventCount); j++) { + if (getData(TCSD_PACKET_TYPE_PCR_EVENT, i++, &((*ppEvents)[j]), 0, &hte->comm)) { + free(*ppEvents); + *ppEvents = NULL; + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + } else { + *ppEvents = NULL; + } + } + +done: + return result; +} diff --git a/src/tspi/rpc/tcstp/rpc_key.c b/src/tspi/rpc/tcstp/rpc_key.c new file mode 100644 index 0000000..0c983af --- /dev/null +++ b/src/tspi/rpc/tcstp/rpc_key.c @@ -0,0 +1,350 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "hosttable.h" +#include "tcsd_wrap.h" +#include "obj.h" +#include "rpc_tcstp_tsp.h" + + +TSS_RESULT +RPC_LoadKeyByBlob_TP(struct host_table_entry *hte, + TCS_KEY_HANDLE hUnwrappingKey, /* in */ + UINT32 cWrappedKeyBlobSize, /* in */ + BYTE * rgbWrappedKeyBlob, /* in */ + TPM_AUTH * pAuth, /* in, out */ + TCS_KEY_HANDLE * phKeyTCSI, /* out */ + TCS_KEY_HANDLE * phKeyHMAC) /* out */ +{ + TSS_RESULT result; + int i; + + initData(&hte->comm, 5); + hte->comm.hdr.u.ordinal = TCSD_ORD_LOADKEYBYBLOB; + LogDebugFn("IN: TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &hUnwrappingKey, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 2, &cWrappedKeyBlobSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 3, rgbWrappedKeyBlob, cWrappedKeyBlobSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + if (pAuth != NULL) { + if (setData(TCSD_PACKET_TYPE_AUTH, 4, pAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + i = 0; + if (pAuth != NULL) { + if (getData(TCSD_PACKET_TYPE_AUTH, i++, pAuth, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_UINT32, i++, phKeyTCSI, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT32, i++, phKeyHMAC, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("OUT: TCS key handle: 0x%x, TPM key slot: 0x%x", *phKeyTCSI, + *phKeyHMAC); + } + + return result; +} + +TSS_RESULT +RPC_EvictKey_TP(struct host_table_entry *hte, + TCS_KEY_HANDLE hKey) /* in */ +{ + TSS_RESULT result; + + initData(&hte->comm, 2); + hte->comm.hdr.u.ordinal = TCSD_ORD_EVICTKEY; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &hKey, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + return result; +} + +TSS_RESULT +RPC_CreateWrapKey_TP(struct host_table_entry *hte, + TCS_KEY_HANDLE hWrappingKey, /* in */ + TCPA_ENCAUTH *KeyUsageAuth, /* in */ + TCPA_ENCAUTH *KeyMigrationAuth, /* in */ + UINT32 keyInfoSize, /* in */ + BYTE * keyInfo, /* in */ + UINT32 * keyDataSize, /* out */ + BYTE ** keyData, /* out */ + TPM_AUTH * pAuth) /* in, out */ +{ + TSS_RESULT result; + + initData(&hte->comm, 7); + hte->comm.hdr.u.ordinal = TCSD_ORD_CREATEWRAPKEY; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &hWrappingKey, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_ENCAUTH, 2, KeyUsageAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_ENCAUTH, 3, KeyMigrationAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 4, &keyInfoSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 5, keyInfo, keyInfoSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (pAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 6, pAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_UINT32, 0, keyDataSize, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + *keyData = (BYTE *) malloc(*keyDataSize); + if (*keyData == NULL) { + LogError("malloc of %u bytes failed.", *keyDataSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 1, *keyData, *keyDataSize, &hte->comm)) { + free(*keyData); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + if (pAuth) { + if (getData(TCSD_PACKET_TYPE_AUTH, 2, pAuth, 0, &hte->comm)) { + free(*keyData); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + } + +done: + return result; +} + +TSS_RESULT +RPC_GetPubKey_TP(struct host_table_entry *hte, + TCS_KEY_HANDLE hKey, /* in */ + TPM_AUTH * pAuth, /* in, out */ + UINT32 * pcPubKeySize, /* out */ + BYTE ** prgbPubKey) /* out */ +{ + TSS_RESULT result; + int i; + + initData(&hte->comm, 3); + hte->comm.hdr.u.ordinal = TCSD_ORD_GETPUBKEY; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &hKey, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (pAuth != NULL) { + if (setData(TCSD_PACKET_TYPE_AUTH, 2, pAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + i = 0; + if (result == TSS_SUCCESS) { + if (pAuth != NULL) { + if (getData(TCSD_PACKET_TYPE_AUTH, i++, pAuth, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + if (getData(TCSD_PACKET_TYPE_UINT32, i++, pcPubKeySize, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *prgbPubKey = (BYTE *) malloc(*pcPubKeySize); + if (*prgbPubKey == NULL) { + LogError("malloc of %u bytes failed.", *pcPubKeySize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *prgbPubKey, *pcPubKeySize, &hte->comm)) { + free(*prgbPubKey); + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + } + +done: + return result; +} + +TSS_RESULT +RPC_TerminateHandle_TP(struct host_table_entry *hte, + TCS_AUTHHANDLE handle) /* in */ +{ + TSS_RESULT result; + + initData(&hte->comm, 2); + hte->comm.hdr.u.ordinal = TCSD_ORD_TERMINATEHANDLE; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &handle, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + return result; +} + +TSS_RESULT +RPC_OwnerReadInternalPub_TP(struct host_table_entry *hte, + TCS_KEY_HANDLE hKey, /* in */ + TPM_AUTH * pOwnerAuth, /* in, out */ + UINT32 * punPubKeySize, /* out */ + BYTE ** ppbPubKeyData) /* out */ +{ + TSS_RESULT result; + + initData(&hte->comm, 3); + hte->comm.hdr.u.ordinal = TCSD_ORD_OWNERREADINTERNALPUB; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &hKey, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (pOwnerAuth != NULL) { + if (setData(TCSD_PACKET_TYPE_AUTH, 2, pOwnerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_AUTH, 0, pOwnerAuth, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT32, 1, punPubKeySize, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + + *ppbPubKeyData = (BYTE *) malloc(*punPubKeySize); + if (*ppbPubKeyData == NULL) { + LogError("malloc of %u bytes failed.", *punPubKeySize); + return TSPERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 2, *ppbPubKeyData, *punPubKeySize, + &hte->comm)) { + free(*ppbPubKeyData); + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + } + + return result; +} + +/* TSS 1.2-only interfaces */ +#ifdef TSS_BUILD_TSS12 +TSS_RESULT +RPC_KeyControlOwner_TP(struct host_table_entry *hte, // in + TCS_KEY_HANDLE hKey, // in + UINT32 ulPublicInfoLength, // in + BYTE* rgbPublicInfo, // in + UINT32 attribName, // in + TSS_BOOL attribValue, // in + TPM_AUTH* pOwnerAuth, // in, out + TSS_UUID* pUuidData) // out + +{ + TSS_RESULT result; + + initData(&hte->comm, 7); + hte->comm.hdr.u.ordinal = TCSD_ORD_KEYCONTROLOWNER; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &hKey, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 2, &ulPublicInfoLength, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 3, rgbPublicInfo, ulPublicInfoLength, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 4, &attribName, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_BOOL, 5, &attribValue, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (pOwnerAuth != NULL) { + if (setData(TCSD_PACKET_TYPE_AUTH, 6, pOwnerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_AUTH, 0, pOwnerAuth, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UUID, 1, pUuidData, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + + return result; +} +#endif diff --git a/src/tspi/rpc/tcstp/rpc_maint.c b/src/tspi/rpc/tcstp/rpc_maint.c new file mode 100644 index 0000000..75dfc09 --- /dev/null +++ b/src/tspi/rpc/tcstp/rpc_maint.c @@ -0,0 +1,250 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "hosttable.h" +#include "tcsd_wrap.h" +#include "obj.h" +#include "rpc_tcstp_tsp.h" + + +TSS_RESULT +RPC_CreateMaintenanceArchive_TP(struct host_table_entry *hte, + TSS_BOOL generateRandom, /* in */ + TPM_AUTH * ownerAuth, /* in, out */ + UINT32 * randomSize, /* out */ + BYTE ** random, /* out */ + UINT32 * archiveSize, /* out */ + BYTE ** archive /* out */ + ) { + TSS_RESULT result; + + initData(&hte->comm, 3); + hte->comm.hdr.u.ordinal = TCSD_ORD_CREATEMAINTENANCEARCHIVE; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_BOOL, 1, &generateRandom, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_AUTH, 2, ownerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_AUTH, 0, ownerAuth, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT32, 1, randomSize, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + + if (*randomSize > 0) { + *random = malloc(*randomSize); + if (*random == NULL) { + LogError("malloc of %u bytes failed.", *randomSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + if (getData(TCSD_PACKET_TYPE_PBYTE, 2, *random, *randomSize, &hte->comm)) { + free(*random); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } else { + *random = NULL; + } + + /* Assume all elements are in the list, even when *randomSize == 0. */ + if (getData(TCSD_PACKET_TYPE_UINT32, 3, archiveSize, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + + if (*archiveSize > 0) { + *archive = malloc(*archiveSize); + if (*archive == NULL) { + free(*random); + LogError("malloc of %u bytes failed.", *archiveSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + if (getData(TCSD_PACKET_TYPE_PBYTE, 4, *archive, *archiveSize, &hte->comm)) { + free(*random); + free(*archive); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } else { + *archive = NULL; + } + } +done: + return result; +} + +TSS_RESULT +RPC_LoadMaintenanceArchive_TP(struct host_table_entry *hte, + UINT32 dataInSize, /* in */ + BYTE * dataIn, /* in */ + TPM_AUTH * ownerAuth, /* in, out */ + UINT32 * dataOutSize, /* out */ + BYTE ** dataOut /* out */ + ) { + TSS_RESULT result; + + initData(&hte->comm, 4); + hte->comm.hdr.u.ordinal = TCSD_ORD_LOADMAINTENANCEARCHIVE; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &dataInSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 2, &dataIn, dataInSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_AUTH, 3, ownerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_AUTH, 0, ownerAuth, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT32, 1, dataOutSize, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + + if (*dataOutSize > 0) { + *dataOut = malloc(*dataOutSize); + if (*dataOut == NULL) { + LogError("malloc of %u bytes failed.", *dataOutSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + if (getData(TCSD_PACKET_TYPE_PBYTE, 2, *dataOut, *dataOutSize, &hte->comm)) { + free(*dataOut); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } else { + *dataOut = NULL; + } + } +done: + return result; +} + +TSS_RESULT +RPC_KillMaintenanceFeature_TP(struct host_table_entry *hte, + TPM_AUTH * ownerAuth /* in , out */ + ) { + TSS_RESULT result; + + initData(&hte->comm, 2); + hte->comm.hdr.u.ordinal = TCSD_ORD_KILLMAINTENANCEFEATURE; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_AUTH, 1, ownerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_AUTH, 0, ownerAuth, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + + return result; +} + +TSS_RESULT +RPC_LoadManuMaintPub_TP(struct host_table_entry *hte, + TCPA_NONCE antiReplay, /* in */ + UINT32 PubKeySize, /* in */ + BYTE * PubKey, /* in */ + TCPA_DIGEST * checksum /* out */ + ) { + TSS_RESULT result; + + initData(&hte->comm, 4); + hte->comm.hdr.u.ordinal = TCSD_ORD_LOADMANUFACTURERMAINTENANCEPUB; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_NONCE, 1, &antiReplay, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 2, &PubKeySize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 3, PubKey, PubKeySize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_DIGEST, 0, checksum, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + + return result; +} + +TSS_RESULT +RPC_ReadManuMaintPub_TP(struct host_table_entry *hte, + TCPA_NONCE antiReplay, /* in */ + TCPA_DIGEST * checksum /* out */ + ) { + TSS_RESULT result; + + initData(&hte->comm, 2); + hte->comm.hdr.u.ordinal = TCSD_ORD_READMANUFACTURERMAINTENANCEPUB; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_NONCE, 1, &antiReplay, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_DIGEST, 0, checksum, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + + return result; +} diff --git a/src/tspi/rpc/tcstp/rpc_migration.c b/src/tspi/rpc/tcstp/rpc_migration.c new file mode 100644 index 0000000..43f7f27 --- /dev/null +++ b/src/tspi/rpc/tcstp/rpc_migration.c @@ -0,0 +1,270 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "hosttable.h" +#include "tcsd_wrap.h" +#include "obj.h" +#include "rpc_tcstp_tsp.h" + + +TSS_RESULT +RPC_CreateMigrationBlob_TP(struct host_table_entry *hte, + TCS_KEY_HANDLE parentHandle, /* in */ + TSS_MIGRATE_SCHEME migrationType, /* in */ + UINT32 MigrationKeyAuthSize, /* in */ + BYTE * MigrationKeyAuth, /* in */ + UINT32 encDataSize, /* in */ + BYTE * encData, /* in */ + TPM_AUTH * parentAuth, /* in, out */ + TPM_AUTH * entityAuth, /* in, out */ + UINT32 * randomSize, /* out */ + BYTE ** random, /* out */ + UINT32 * outDataSize, /* out */ + BYTE ** outData /* out */ + ) { + TSS_RESULT result; + TPM_AUTH null_auth; + UINT32 i; + + initData(&hte->comm, 9); + memset(&null_auth, 0, sizeof(TPM_AUTH)); + + hte->comm.hdr.u.ordinal = TCSD_ORD_CREATEMIGRATIONBLOB; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + i = 0; + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &parentHandle, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT16, i++, &migrationType, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &MigrationKeyAuthSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, MigrationKeyAuth, MigrationKeyAuthSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &encDataSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, encData, encDataSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + if (parentAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, i++, parentAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + if (setData(TCSD_PACKET_TYPE_AUTH, i++, entityAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + i = 0; + if (parentAuth) { + if (getData(TCSD_PACKET_TYPE_AUTH, i++, parentAuth, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + if (getData(TCSD_PACKET_TYPE_AUTH, i++, entityAuth, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + if (getData(TCSD_PACKET_TYPE_UINT32, i++, randomSize, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + if (*randomSize > 0) { + *random = (BYTE *)malloc(*randomSize); + if (*random == NULL) { + LogError("malloc of %u bytes failed.", *randomSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *random, *randomSize, &hte->comm)) { + free(*random); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + + if (getData(TCSD_PACKET_TYPE_UINT32, i++, outDataSize, 0, &hte->comm)) { + if (*randomSize > 0) + free(*random); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *outData = (BYTE *)malloc(*outDataSize); + if (*outData == NULL) { + if (*randomSize > 0) + free(*random); + LogError("malloc of %u bytes failed.", *outDataSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *outData, *outDataSize, &hte->comm)) { + if (*randomSize > 0) + free(*random); + free(*outData); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + +done: + return result; +} + +TSS_RESULT +RPC_ConvertMigrationBlob_TP(struct host_table_entry *hte, + TCS_KEY_HANDLE parentHandle, /* in */ + UINT32 inDataSize, /* in */ + BYTE * inData, /* in */ + UINT32 randomSize, /* in */ + BYTE * random, /* in */ + TPM_AUTH * parentAuth, /* in, out */ + UINT32 * outDataSize, /* out */ + BYTE ** outData /* out */ + ) { + TSS_RESULT result; + UINT32 i; + + initData(&hte->comm, 7); + hte->comm.hdr.u.ordinal = TCSD_ORD_CONVERTMIGRATIONBLOB; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &parentHandle, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 2, &inDataSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 3, inData, inDataSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 4, &randomSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 5, random, randomSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + if (parentAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 6, parentAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + i = 0; + if (parentAuth) { + if (getData(TCSD_PACKET_TYPE_AUTH, i++, parentAuth, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + + if (getData(TCSD_PACKET_TYPE_UINT32, i++, outDataSize, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *outData = (BYTE *)malloc(*outDataSize); + if (*outData == NULL) { + LogError("malloc of %u bytes failed.", *outDataSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *outData, *outDataSize, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + +done: + return result; +} + +TSS_RESULT +RPC_AuthorizeMigrationKey_TP(struct host_table_entry *hte, + TSS_MIGRATE_SCHEME migrateScheme, /* in */ + UINT32 MigrationKeySize, /* in */ + BYTE * MigrationKey, /* in */ + TPM_AUTH * ownerAuth, /* in, out */ + UINT32 * MigrationKeyAuthSize, /* out */ + BYTE ** MigrationKeyAuth /* out */ + ) { + TSS_RESULT result; + + initData(&hte->comm, 5); + hte->comm.hdr.u.ordinal = TCSD_ORD_AUTHORIZEMIGRATIONKEY; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT16, 1, &migrateScheme, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 2, &MigrationKeySize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 3, MigrationKey, MigrationKeySize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_AUTH, 4, ownerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_AUTH, 0, ownerAuth, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + if (getData(TCSD_PACKET_TYPE_UINT32, 1, MigrationKeyAuthSize, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *MigrationKeyAuth = (BYTE *)malloc(*MigrationKeyAuthSize); + if (*MigrationKeyAuth == NULL) { + LogError("malloc of %u bytes failed.", *MigrationKeyAuthSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 2, *MigrationKeyAuth, *MigrationKeyAuthSize, + &hte->comm)) { + free(*MigrationKeyAuth); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + +done: + return result; +} diff --git a/src/tspi/rpc/tcstp/rpc_nv.c b/src/tspi/rpc/tcstp/rpc_nv.c new file mode 100644 index 0000000..faf44e5 --- /dev/null +++ b/src/tspi/rpc/tcstp/rpc_nv.c @@ -0,0 +1,315 @@ +/* + * The Initial Developer of the Original Code is Intel Corporation. + * Portions created by Intel Corporation are Copyright (C) 2007 Intel Corporation. + * All Rights Reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the Common Public License as published by + * IBM Corporation; either version 1 of the License, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * Common Public License for more details. + * + * You should have received a copy of the Common Public License + * along with this program; if not, a copy can be viewed at + * http://www.opensource.org/licenses/cpl1.0.php. + * + * trousers - An open source TCG Software Stack + * + * Author: james.xu@intel.com Rossey.liu@intel.com + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "hosttable.h" +#include "tcsd_wrap.h" +#include "obj.h" +#include "rpc_tcstp_tsp.h" + +TSS_RESULT +RPC_NV_DefineOrReleaseSpace_TP(struct host_table_entry *hte, /* in */ + UINT32 cPubInfoSize, /* in */ + BYTE* pPubInfo, /* in */ + TCPA_ENCAUTH encAuth, /* in */ + TPM_AUTH* pAuth) /* in,out */ +{ + TSS_RESULT result; + + initData(&hte->comm, 5); + hte->comm.hdr.u.ordinal = TCSD_ORD_NVDEFINEORRELEASESPACE; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &cPubInfoSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 2, pPubInfo, cPubInfoSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_ENCAUTH, 3, &encAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if( pAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 4, pAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + result = sendTCSDPacket(hte); + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + LogDebugFn("getData outputSize"); + + if( pAuth) { + if (getData(TCSD_PACKET_TYPE_AUTH, 0, pAuth, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + } + +done: + LogDebugFn("result=%u", result); + return result; +} + +TSS_RESULT +RPC_NV_WriteValue_TP(struct host_table_entry *hte, /* in */ + TSS_NV_INDEX hNVStore, /* in */ + UINT32 offset, /* in */ + UINT32 ulDataLength, /* in */ + BYTE* rgbDataToWrite, /* in */ + TPM_AUTH* privAuth) /* in,out */ +{ + TSS_RESULT result; + + initData(&hte->comm, 6); + hte->comm.hdr.u.ordinal = TCSD_ORD_NVWRITEVALUE; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &hNVStore, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 2, &offset, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 3, &ulDataLength, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 4, rgbDataToWrite, ulDataLength, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if( privAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 5, privAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + result = sendTCSDPacket(hte); + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + LogDebugFn("getData outputSize"); + + if( privAuth) { + if (getData(TCSD_PACKET_TYPE_AUTH, 0, privAuth, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + } + +done: + LogDebugFn("result=%u", result); + return result; +} + +TSS_RESULT +RPC_NV_WriteValueAuth_TP(struct host_table_entry *hte, /* in */ + TSS_NV_INDEX hNVStore, /* in */ + UINT32 offset, /* in */ + UINT32 ulDataLength, /* in */ + BYTE* rgbDataToWrite, /* in */ + TPM_AUTH* NVAuth) /* in,out */ +{ + TSS_RESULT result; + + initData(&hte->comm, 6); + hte->comm.hdr.u.ordinal = TCSD_ORD_NVWRITEVALUEAUTH; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &hNVStore, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 2, &offset, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 3, &ulDataLength, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 4, rgbDataToWrite, ulDataLength, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if( NVAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 5, NVAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + result = sendTCSDPacket(hte); + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + LogDebugFn("getData outputSize"); + + if( NVAuth) { + if (getData(TCSD_PACKET_TYPE_AUTH, 0, NVAuth, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + } + +done: + LogDebugFn("result=%u", result); + return result; +} + +TSS_RESULT +RPC_NV_ReadValue_TP(struct host_table_entry *hte, /* in */ + TSS_NV_INDEX hNVStore, /* in */ + UINT32 offset, /* in */ + UINT32* pulDataLength, /* in,out */ + TPM_AUTH* privAuth, /* in,out */ + BYTE** rgbDataRead) /* out */ +{ + TSS_RESULT result; + UINT32 i; + + initData(&hte->comm, 5); + hte->comm.hdr.u.ordinal = TCSD_ORD_NVREADVALUE; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &hNVStore, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 2, &offset, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 3, pulDataLength, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + LogDebugFn("SetData privAuth\n"); + if( privAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 4, privAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + LogDebugFn("Send data.\n"); + result = sendTCSDPacket(hte); + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + LogDebugFn("result=%u", result); + if (result == TSS_SUCCESS) { + i = 0; + LogDebugFn("getData outputSize"); + + if( privAuth) { + if (getData(TCSD_PACKET_TYPE_AUTH, i++, privAuth, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + if (getData(TCSD_PACKET_TYPE_UINT32, i++, pulDataLength, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + *rgbDataRead = (BYTE *) malloc(*pulDataLength); + if (*rgbDataRead == NULL) { + LogError("malloc of %u bytes failed.", *pulDataLength); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + LogDebugFn("getData rgbDataRead (pulDataLength=%u)", *pulDataLength); + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *rgbDataRead, *pulDataLength, &hte->comm)) { + free(*rgbDataRead); + *rgbDataRead = NULL; + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + +done: + LogDebugFn("result=%u", result); + return result; +} + +TSS_RESULT +RPC_NV_ReadValueAuth_TP(struct host_table_entry *hte, /* in */ + TSS_NV_INDEX hNVStore, /* in */ + UINT32 offset, /* in */ + UINT32* pulDataLength, /* in,out */ + TPM_AUTH* NVAuth, /* in,out */ + BYTE** rgbDataRead) /* out */ +{ + TSS_RESULT result; + UINT32 i; + + initData(&hte->comm, 5); + hte->comm.hdr.u.ordinal = TCSD_ORD_NVREADVALUEAUTH; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &hNVStore, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 2, &offset, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 3, pulDataLength, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if( NVAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 4, NVAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + result = sendTCSDPacket(hte); + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + i = 0; + LogDebugFn("getData outputSize"); + + if( NVAuth) { + if (getData(TCSD_PACKET_TYPE_AUTH, i++, NVAuth, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + if (getData(TCSD_PACKET_TYPE_UINT32, i++, pulDataLength, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + *rgbDataRead = (BYTE *) malloc(*pulDataLength); + if (*rgbDataRead == NULL) { + LogError("malloc of %u bytes failed.", *pulDataLength); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + LogDebugFn("getData rgbDataRead (pulDataLength=%u)", *pulDataLength); + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *rgbDataRead, *pulDataLength, &hte->comm)) { + free(*rgbDataRead); + *rgbDataRead = NULL; + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + +done: + LogDebugFn("result=%u", result); + return result; +} + diff --git a/src/tspi/rpc/tcstp/rpc_oper.c b/src/tspi/rpc/tcstp/rpc_oper.c new file mode 100644 index 0000000..3795aab --- /dev/null +++ b/src/tspi/rpc/tcstp/rpc_oper.c @@ -0,0 +1,47 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "tsplog.h" +#include "hosttable.h" +#include "tcsd_wrap.h" +#include "rpc_tcstp_tsp.h" + + +TSS_RESULT +RPC_SetOperatorAuth_TP(struct host_table_entry *hte, + TCPA_SECRET *operatorAuth) /* in */ +{ + TSS_RESULT result; + + initData(&hte->comm, 2); + hte->comm.hdr.u.ordinal = TCSD_ORD_SETOPERATORAUTH; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_SECRET, 1, operatorAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + return result; +} + diff --git a/src/tspi/rpc/tcstp/rpc_own.c b/src/tspi/rpc/tcstp/rpc_own.c new file mode 100644 index 0000000..7d06ca2 --- /dev/null +++ b/src/tspi/rpc/tcstp/rpc_own.c @@ -0,0 +1,125 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "hosttable.h" +#include "tcsd_wrap.h" +#include "obj.h" +#include "rpc_tcstp_tsp.h" + + +TSS_RESULT +RPC_TakeOwnership_TP(struct host_table_entry *hte, + UINT16 protocolID, /* in */ + UINT32 encOwnerAuthSize, /* in */ + BYTE * encOwnerAuth, /* in */ + UINT32 encSrkAuthSize, /* in */ + BYTE * encSrkAuth, /* in */ + UINT32 srkInfoSize, /* in */ + BYTE * srkInfo, /* in */ + TPM_AUTH * ownerAuth, /* in, out */ + UINT32 * srkKeySize, + BYTE ** srkKey) +{ + TSS_RESULT result; + + initData(&hte->comm, 9); + hte->comm.hdr.u.ordinal = TCSD_ORD_TAKEOWNERSHIP; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT16, 1, &protocolID, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 2, &encOwnerAuthSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 3, encOwnerAuth, encOwnerAuthSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 4, &encSrkAuthSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 5, encSrkAuth, encSrkAuthSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 6, &srkInfoSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 7, srkInfo, srkInfoSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_AUTH, 8, ownerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_AUTH, 0, ownerAuth, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + if (getData(TCSD_PACKET_TYPE_UINT32, 1, srkKeySize, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *srkKey = (BYTE *) malloc(*srkKeySize); + if (*srkKey == NULL) { + LogError("malloc of %u bytes failed.", *srkKeySize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 2, *srkKey, *srkKeySize, &hte->comm)) { + free(*srkKey); + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + } + +done: + return result; +} + + +TSS_RESULT +RPC_OwnerClear_TP(struct host_table_entry *hte, + TPM_AUTH * ownerAuth) /* in, out */ +{ + TSS_RESULT result; + + initData(&hte->comm, 2); + hte->comm.hdr.u.ordinal = TCSD_ORD_OWNERCLEAR; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + if (setData(TCSD_PACKET_TYPE_AUTH, 1, ownerAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS ){ + if (getData(TCSD_PACKET_TYPE_AUTH, 0, ownerAuth, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + + return result; +} diff --git a/src/tspi/rpc/tcstp/rpc_pcr_extend.c b/src/tspi/rpc/tcstp/rpc_pcr_extend.c new file mode 100644 index 0000000..3e97ad1 --- /dev/null +++ b/src/tspi/rpc/tcstp/rpc_pcr_extend.c @@ -0,0 +1,113 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "hosttable.h" +#include "tcsd_wrap.h" +#include "obj.h" +#include "rpc_tcstp_tsp.h" + + +TSS_RESULT +RPC_Extend_TP(struct host_table_entry *hte, + TCPA_PCRINDEX pcrNum, /* in */ + TCPA_DIGEST inDigest, /* in */ + TCPA_PCRVALUE * outDigest /* out */ + ) { + TSS_RESULT result; + + initData(&hte->comm, 3); + hte->comm.hdr.u.ordinal = TCSD_ORD_EXTEND; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &pcrNum, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_DIGEST, 2, &inDigest, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_DIGEST, 0, outDigest, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + + return result; +} + +TSS_RESULT +RPC_PcrRead_TP(struct host_table_entry *hte, + TCPA_PCRINDEX pcrNum, /* in */ + TCPA_PCRVALUE * outDigest /* out */ + ) { + TSS_RESULT result; + + initData(&hte->comm, 2); + hte->comm.hdr.u.ordinal = TCSD_ORD_PCRREAD; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &pcrNum, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_DIGEST, 0, outDigest, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + + return result; +} + +TSS_RESULT +RPC_PcrReset_TP(struct host_table_entry *hte, + UINT32 pcrDataSizeIn, /* in */ + BYTE * pcrDataIn) /* in */ +{ + TSS_RESULT result; + + initData(&hte->comm, 3); + hte->comm.hdr.u.ordinal = TCSD_ORD_PCRRESET; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &pcrDataSizeIn, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 2, pcrDataIn, pcrDataSizeIn, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + return result; +} diff --git a/src/tspi/rpc/tcstp/rpc_ps.c b/src/tspi/rpc/tcstp/rpc_ps.c new file mode 100644 index 0000000..3a4d704 --- /dev/null +++ b/src/tspi/rpc/tcstp/rpc_ps.c @@ -0,0 +1,373 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "hosttable.h" +#include "tcsd_wrap.h" +#include "obj.h" +#include "rpc_tcstp_tsp.h" + + +TSS_RESULT +RPC_GetRegisteredKeyByPublicInfo_TP(struct host_table_entry *hte, + TCPA_ALGORITHM_ID algID, /* in */ + UINT32 ulPublicInfoLength, /* in */ + BYTE * rgbPublicInfo, /* in */ + UINT32 * keySize, /* out */ + BYTE ** keyBlob) /* out */ +{ + TSS_RESULT result; + + initData(&hte->comm, 4); + hte->comm.hdr.u.ordinal = TCSD_ORD_GETREGISTEREDKEYBYPUBLICINFO; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &algID, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 2, &ulPublicInfoLength, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 3, rgbPublicInfo, ulPublicInfoLength, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_UINT32, 0, keySize, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + *keyBlob = (BYTE *) malloc(*keySize); + if (*keyBlob == NULL) { + LogError("malloc of %u bytes failed.", *keySize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 1, *keyBlob, *keySize, &hte->comm)) { + free(*keyBlob); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + +done: + return result; +} + +TSS_RESULT +RPC_RegisterKey_TP(struct host_table_entry *hte, + TSS_UUID WrappingKeyUUID, /* in */ + TSS_UUID KeyUUID, /* in */ + UINT32 cKeySize, /* in */ + BYTE * rgbKey, /* in */ + UINT32 cVendorData, /* in */ + BYTE * gbVendorData /* in */ + ) { + TSS_RESULT result; + + initData(&hte->comm, 7); + hte->comm.hdr.u.ordinal = TCSD_ORD_REGISTERKEY; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UUID, 1, &WrappingKeyUUID, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UUID, 2, &KeyUUID, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 3, &cKeySize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 4, rgbKey, cKeySize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 5, &cVendorData, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 6, gbVendorData, cVendorData, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + return result; +} + +TSS_RESULT +RPC_UnregisterKey_TP(struct host_table_entry *hte, + TSS_UUID KeyUUID /* in */ + ) { + TSS_RESULT result; + + initData(&hte->comm, 2); + hte->comm.hdr.u.ordinal = TCSD_ORD_UNREGISTERKEY; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UUID, 1, &KeyUUID, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + return result; +} + +TSS_RESULT +RPC_EnumRegisteredKeys_TP(struct host_table_entry *hte, + TSS_UUID * pKeyUUID, /* in */ + UINT32 * pcKeyHierarchySize, /* out */ + TSS_KM_KEYINFO ** ppKeyHierarchy /* out */ + ) { + TSS_RESULT result; + int i, j; + + initData(&hte->comm, 2); + hte->comm.hdr.u.ordinal = TCSD_ORD_ENUMREGISTEREDKEYS; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + if (pKeyUUID != NULL) { + if (setData(TCSD_PACKET_TYPE_UUID, 1, pKeyUUID, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + i = 0; + if (getData(TCSD_PACKET_TYPE_UINT32, i++, pcKeyHierarchySize, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + if (*pcKeyHierarchySize > 0) { + *ppKeyHierarchy = malloc((*pcKeyHierarchySize) * sizeof(TSS_KM_KEYINFO)); + if (*ppKeyHierarchy == NULL) { + LogError("malloc of %zu bytes failed.", (*pcKeyHierarchySize) * + sizeof(TSS_KM_KEYINFO)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + for (j = 0; (UINT32)j < *pcKeyHierarchySize; j++) { + if (getData(TCSD_PACKET_TYPE_KM_KEYINFO, i++, + &((*ppKeyHierarchy)[j]), 0, &hte->comm)) { + free(*ppKeyHierarchy); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + } else { + *ppKeyHierarchy = NULL; + } + } + +done: + return result; +} + +TSS_RESULT +RPC_EnumRegisteredKeys2_TP(struct host_table_entry *hte, + TSS_UUID * pKeyUUID, /* in */ + UINT32 * pcKeyHierarchySize, /* out */ + TSS_KM_KEYINFO2 ** ppKeyHierarchy /* out */ + ) +{ + TSS_RESULT result; + int i, j; + + initData(&hte->comm, 2); + hte->comm.hdr.u.ordinal = TCSD_ORD_ENUMREGISTEREDKEYS2; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + if (pKeyUUID != NULL) { + if (setData(TCSD_PACKET_TYPE_UUID, 1, pKeyUUID, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + i = 0; + if (getData(TCSD_PACKET_TYPE_UINT32, i++, pcKeyHierarchySize, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + if (*pcKeyHierarchySize > 0) { + *ppKeyHierarchy = malloc((*pcKeyHierarchySize) * sizeof(TSS_KM_KEYINFO2)); + if (*ppKeyHierarchy == NULL) { + LogError("malloc of %zu bytes failed.", (*pcKeyHierarchySize) * + sizeof(TSS_KM_KEYINFO2)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + for (j = 0; (UINT32)j < *pcKeyHierarchySize; j++) { + if (getData(TCSD_PACKET_TYPE_KM_KEYINFO2, i++, + &((*ppKeyHierarchy)[j]), 0, &hte->comm)) { + free(*ppKeyHierarchy); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + } else { + *ppKeyHierarchy = NULL; + } + } + +done: + return result; +} + +TSS_RESULT +RPC_GetRegisteredKey_TP(struct host_table_entry *hte, + TSS_UUID KeyUUID, /* in */ + TSS_KM_KEYINFO ** ppKeyInfo /* out */ + ) { + return TSPERR(TSS_E_NOTIMPL); +} + +TSS_RESULT +RPC_GetRegisteredKeyBlob_TP(struct host_table_entry *hte, + TSS_UUID KeyUUID, /* in */ + UINT32 * pcKeySize, /* out */ + BYTE ** prgbKey /* out */ + ) { + TSS_RESULT result; + + initData(&hte->comm, 2); + hte->comm.hdr.u.ordinal = TCSD_ORD_GETREGISTEREDKEYBLOB; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UUID, 1, &KeyUUID, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_UINT32, 0, pcKeySize, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + *prgbKey = malloc(*pcKeySize); + if (*prgbKey == NULL) { + LogError("malloc of %u bytes failed.", *pcKeySize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 1, *prgbKey, *pcKeySize, &hte->comm)) { + free(*prgbKey); + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + } + +done: + return result; + +} + +TSS_RESULT +RPC_LoadKeyByUUID_TP(struct host_table_entry *hte, + TSS_UUID KeyUUID, /* in */ + TCS_LOADKEY_INFO * pLoadKeyInfo, /* in, out */ + TCS_KEY_HANDLE * phKeyTCSI /* out */ + ) { + TSS_RESULT result; + + initData(&hte->comm, 3); + hte->comm.hdr.u.ordinal = TCSD_ORD_LOADKEYBYUUID; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UUID, 1, &KeyUUID, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + if (pLoadKeyInfo != NULL) { + if (setData(TCSD_PACKET_TYPE_LOADKEY_INFO, 2, pLoadKeyInfo, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_UINT32, 0, phKeyTCSI, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("TCS key handle: 0x%x", *phKeyTCSI); + } else if (pLoadKeyInfo && (result == (TCS_E_KM_LOADFAILED | TSS_LAYER_TCS))) { + if (getData(TCSD_PACKET_TYPE_LOADKEY_INFO, 0, pLoadKeyInfo, 0, &hte->comm)) + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + + return result; +} + +void +LoadBlob_LOADKEY_INFO(UINT64 *offset, BYTE *blob, TCS_LOADKEY_INFO *info) +{ + Trspi_LoadBlob_UUID(offset, blob, info->keyUUID); + Trspi_LoadBlob_UUID(offset, blob, info->parentKeyUUID); + Trspi_LoadBlob(offset, TCPA_DIGEST_SIZE, blob, info->paramDigest.digest); + Trspi_LoadBlob_UINT32(offset, info->authData.AuthHandle, blob); + Trspi_LoadBlob(offset, TCPA_NONCE_SIZE, blob, (BYTE *)&info->authData.NonceOdd.nonce); + Trspi_LoadBlob(offset, TCPA_NONCE_SIZE, blob, (BYTE *)&info->authData.NonceEven.nonce); + Trspi_LoadBlob_BOOL(offset, info->authData.fContinueAuthSession, blob); + Trspi_LoadBlob(offset, TCPA_DIGEST_SIZE, blob, (BYTE *)&info->authData.HMAC); +} + +void +UnloadBlob_LOADKEY_INFO(UINT64 *offset, BYTE *blob, TCS_LOADKEY_INFO *info) +{ + Trspi_UnloadBlob_UUID(offset, blob, &info->keyUUID); + Trspi_UnloadBlob_UUID(offset, blob, &info->parentKeyUUID); + Trspi_UnloadBlob(offset, TCPA_DIGEST_SIZE, blob, (BYTE *)&info->paramDigest.digest); + Trspi_UnloadBlob_UINT32(offset, &info->authData.AuthHandle, blob); + Trspi_UnloadBlob(offset, TCPA_NONCE_SIZE, blob, (BYTE *)&info->authData.NonceOdd.nonce); + Trspi_UnloadBlob(offset, TCPA_NONCE_SIZE, blob, (BYTE *)&info->authData.NonceEven.nonce); + Trspi_UnloadBlob_BOOL(offset, &info->authData.fContinueAuthSession, blob); + Trspi_UnloadBlob(offset, TCPA_DIGEST_SIZE, blob, (BYTE *)&info->authData.HMAC); +} + diff --git a/src/tspi/rpc/tcstp/rpc_quote.c b/src/tspi/rpc/tcstp/rpc_quote.c new file mode 100644 index 0000000..7bb1961 --- /dev/null +++ b/src/tspi/rpc/tcstp/rpc_quote.c @@ -0,0 +1,114 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "hosttable.h" +#include "tcsd_wrap.h" +#include "obj.h" +#include "rpc_tcstp_tsp.h" + + +TSS_RESULT +RPC_Quote_TP(struct host_table_entry *hte, + TCS_KEY_HANDLE keyHandle, /* in */ + TCPA_NONCE *antiReplay, /* in */ + UINT32 pcrDataSizeIn, /* in */ + BYTE * pcrDataIn, /* in */ + TPM_AUTH * privAuth, /* in, out */ + UINT32 * pcrDataSizeOut, /* out */ + BYTE ** pcrDataOut, /* out */ + UINT32 * sigSize, /* out */ + BYTE ** sig) /* out */ +{ + TSS_RESULT result; + int i; + + initData(&hte->comm, 6); + + hte->comm.hdr.u.ordinal = TCSD_ORD_QUOTE; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &keyHandle, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_NONCE, 2, antiReplay, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 3, &pcrDataSizeIn, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 4, pcrDataIn, pcrDataSizeIn, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + if (privAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 5, privAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + i = 0; + if (privAuth) { + if (getData(TCSD_PACKET_TYPE_AUTH, i++, privAuth, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + if (getData(TCSD_PACKET_TYPE_UINT32, i++, pcrDataSizeOut, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *pcrDataOut = (BYTE *) malloc(*pcrDataSizeOut); + if (*pcrDataOut == NULL) { + LogError("malloc of %u bytes failed.", *pcrDataSizeOut); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *pcrDataOut, *pcrDataSizeOut, &hte->comm)) { + free(*pcrDataOut); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + if (getData(TCSD_PACKET_TYPE_UINT32, i++, sigSize, 0, &hte->comm)) { + free(*pcrDataOut); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + *sig = (BYTE *) malloc(*sigSize); + if (*sig == NULL) { + LogError("malloc of %u bytes failed.", *sigSize); + free(*pcrDataOut); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *sig, *sigSize, &hte->comm)) { + free(*pcrDataOut); + free(*sig); + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + } + +done: + return result; +} diff --git a/src/tspi/rpc/tcstp/rpc_quote2.c b/src/tspi/rpc/tcstp/rpc_quote2.c new file mode 100644 index 0000000..798748f --- /dev/null +++ b/src/tspi/rpc/tcstp/rpc_quote2.c @@ -0,0 +1,149 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "hosttable.h" +#include "tcsd_wrap.h" +#include "obj.h" +#include "rpc_tcstp_tsp.h" + + +TSS_RESULT +RPC_Quote2_TP(struct host_table_entry *hte, + TCS_KEY_HANDLE keyHandle, /* in */ + TCPA_NONCE *antiReplay, /* in */ + UINT32 pcrDataSizeIn, /* in */ + BYTE * pcrDataIn, /* in */ + TSS_BOOL addVersion, /* in */ + TPM_AUTH * privAuth, /* in, out */ + UINT32 * pcrDataSizeOut, /* out */ + BYTE ** pcrDataOut, /* out */ + UINT32* versionInfoSize, /* out */ + BYTE** versionInfo, /* out */ + UINT32 * sigSize, /* out */ + BYTE ** sig) /* out */ +{ + TSS_RESULT result; + int i; + + initData(&hte->comm, 7); + + hte->comm.hdr.u.ordinal = TCSD_ORD_QUOTE2; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &keyHandle, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_NONCE, 2, antiReplay, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 3, &pcrDataSizeIn, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 4, pcrDataIn, pcrDataSizeIn, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_BOOL, 5, &addVersion, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (privAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 6, privAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + /* Takes and sets the output data */ + if (result == TSS_SUCCESS) { + i = 0; + if (privAuth) { + if (getData(TCSD_PACKET_TYPE_AUTH, i++, privAuth, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + if (getData(TCSD_PACKET_TYPE_UINT32, i++, pcrDataSizeOut, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *pcrDataOut = (BYTE *) malloc(*pcrDataSizeOut); + if (*pcrDataOut == NULL) { + LogError("malloc of %u bytes failed.", *pcrDataSizeOut); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *pcrDataOut, *pcrDataSizeOut, &hte->comm)) { + free(*pcrDataOut); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + /* Retrieves the versionInfo Parameters */ + if (getData(TCSD_PACKET_TYPE_UINT32, i++, versionInfoSize, 0, &hte->comm)) { + free(*pcrDataOut); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + if (*versionInfoSize >0){ + *versionInfo = (BYTE *) malloc(*versionInfoSize); + if (*versionInfo == NULL) { + LogError("malloc of %u bytes failed.", *versionInfoSize); + free(*pcrDataOut); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *versionInfo, *versionInfoSize, + &hte->comm)) { + free(*pcrDataOut); + free(*versionInfo); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + + if (getData(TCSD_PACKET_TYPE_UINT32, i++, sigSize, 0, &hte->comm)) { + free(*pcrDataOut); + if (addVersion) + free(*versionInfo); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + *sig = (BYTE *) malloc(*sigSize); + if (*sig == NULL) { + LogError("malloc of %u bytes failed.", *sigSize); + free(*pcrDataOut); + if (addVersion) + free(*versionInfo); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *sig, *sigSize, &hte->comm)) { + free(*pcrDataOut); + if (addVersion) + free(*versionInfo); + free(*sig); + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + } + +done: + return result; +} diff --git a/src/tspi/rpc/tcstp/rpc_random.c b/src/tspi/rpc/tcstp/rpc_random.c new file mode 100644 index 0000000..82edd05 --- /dev/null +++ b/src/tspi/rpc/tcstp/rpc_random.c @@ -0,0 +1,94 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "hosttable.h" +#include "tcsd_wrap.h" +#include "obj.h" +#include "rpc_tcstp_tsp.h" + + +TSS_RESULT +RPC_GetRandom_TP(struct host_table_entry *hte, + UINT32 bytesRequested, /* in */ + BYTE ** randomBytes) /* out */ +{ + TSS_RESULT result; + + initData(&hte->comm, 2); + hte->comm.hdr.u.ordinal = TCSD_ORD_GETRANDOM; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &bytesRequested, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &bytesRequested, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + *randomBytes = (BYTE *) malloc(bytesRequested); + if (*randomBytes == NULL) { + LogError("malloc of %u bytes failed.", bytesRequested); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 1, *randomBytes, bytesRequested, &hte->comm)) { + free(*randomBytes); + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + } + +done: + return result; +} + +TSS_RESULT +RPC_StirRandom_TP(struct host_table_entry *hte, + UINT32 inDataSize, /* in */ + BYTE * inData) /* in */ +{ + TSS_RESULT result; + + initData(&hte->comm, 3); + hte->comm.hdr.u.ordinal = TCSD_ORD_STIRRANDOM; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &inDataSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 2, inData, inDataSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + return result; +} diff --git a/src/tspi/rpc/tcstp/rpc_seal.c b/src/tspi/rpc/tcstp/rpc_seal.c new file mode 100644 index 0000000..2bca7e2 --- /dev/null +++ b/src/tspi/rpc/tcstp/rpc_seal.c @@ -0,0 +1,206 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "hosttable.h" +#include "tcsd_wrap.h" +#include "obj.h" +#include "rpc_tcstp_tsp.h" + + +TSS_RESULT +common_Seal_TP(UINT32 sealOrdinal, + struct host_table_entry *hte, + TCS_KEY_HANDLE keyHandle, /* in */ + TCPA_ENCAUTH *encAuth, /* in */ + UINT32 pcrInfoSize, /* in */ + BYTE * PcrInfo, /* in */ + UINT32 inDataSize, /* in */ + BYTE * inData, /* in */ + TPM_AUTH * pubAuth, /* in, out */ + UINT32 * SealedDataSize, /* out */ + BYTE ** SealedData /* out */ + ) { + TSS_RESULT result; + int i = 0; + + initData(&hte->comm, 8); + hte->comm.hdr.u.ordinal = sealOrdinal; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &keyHandle, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_ENCAUTH, i++, encAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &pcrInfoSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (pcrInfoSize > 0) { + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, PcrInfo, pcrInfoSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &inDataSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (inDataSize > 0) { + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, inData, inDataSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + if (setData(TCSD_PACKET_TYPE_AUTH, i, pubAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (hte->comm.hdr.u.result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_AUTH, 0, pubAuth, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, SealedDataSize, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *SealedData = (BYTE *) malloc(*SealedDataSize); + if (*SealedData == NULL) { + LogError("malloc of %u bytes failed.", *SealedDataSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 2, *SealedData, *SealedDataSize, &hte->comm)) { + free(*SealedData); + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + } + +done: + return result; +} + +TSS_RESULT +RPC_Seal_TP(struct host_table_entry *hte, + TCS_KEY_HANDLE keyHandle, /* in */ + TCPA_ENCAUTH *encAuth, /* in */ + UINT32 pcrInfoSize, /* in */ + BYTE * PcrInfo, /* in */ + UINT32 inDataSize, /* in */ + BYTE * inData, /* in */ + TPM_AUTH * pubAuth, /* in, out */ + UINT32 * SealedDataSize, /* out */ + BYTE ** SealedData /* out */ + ) { + return common_Seal_TP(TCSD_ORD_SEAL, hte, keyHandle, encAuth, pcrInfoSize, PcrInfo, + inDataSize, inData, pubAuth, SealedDataSize, SealedData); +} + +#ifdef TSS_BUILD_SEALX +TSS_RESULT +RPC_Sealx_TP(struct host_table_entry *hte, + TCS_KEY_HANDLE keyHandle, /* in */ + TCPA_ENCAUTH *encAuth, /* in */ + UINT32 pcrInfoSize, /* in */ + BYTE * PcrInfo, /* in */ + UINT32 inDataSize, /* in */ + BYTE * inData, /* in */ + TPM_AUTH * pubAuth, /* in, out */ + UINT32 * SealedDataSize, /* out */ + BYTE ** SealedData /* out */ + ) { + return common_Seal_TP(TCSD_ORD_SEALX, hte, keyHandle, encAuth, pcrInfoSize, PcrInfo, + inDataSize, inData, pubAuth, SealedDataSize, SealedData); +} +#endif + +TSS_RESULT +RPC_Unseal_TP(struct host_table_entry *hte, + TCS_KEY_HANDLE parentHandle, /* in */ + UINT32 SealedDataSize, /* in */ + BYTE * SealedData, /* in */ + TPM_AUTH * parentAuth, /* in, out */ + TPM_AUTH * dataAuth, /* in, out */ + UINT32 * DataSize, /* out */ + BYTE ** Data /* out */ + ) { + TSS_RESULT result; + + initData(&hte->comm, 6); + hte->comm.hdr.u.ordinal = TCSD_ORD_UNSEAL; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &parentHandle, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 2, &SealedDataSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 3, SealedData, SealedDataSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + if (parentAuth != NULL) { + if (setData(TCSD_PACKET_TYPE_AUTH, 4, parentAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + if (setData(TCSD_PACKET_TYPE_AUTH, 5, dataAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (parentAuth != NULL) { + if (getData(TCSD_PACKET_TYPE_AUTH, 0, parentAuth, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + + if (getData(TCSD_PACKET_TYPE_AUTH, 1, dataAuth, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + if (getData(TCSD_PACKET_TYPE_UINT32, 2, DataSize, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *Data = (BYTE *) malloc(*DataSize); + if (*Data == NULL) { + LogError("malloc of %u bytes failed.", *DataSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 3, *Data, *DataSize, &hte->comm)) { + free(*Data); + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + } + +done: + return result; +} diff --git a/src/tspi/rpc/tcstp/rpc_selftest.c b/src/tspi/rpc/tcstp/rpc_selftest.c new file mode 100644 index 0000000..3cad950 --- /dev/null +++ b/src/tspi/rpc/tcstp/rpc_selftest.c @@ -0,0 +1,155 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "hosttable.h" +#include "tcsd_wrap.h" +#include "obj.h" +#include "rpc_tcstp_tsp.h" + + +TSS_RESULT +RPC_SelfTestFull_TP(struct host_table_entry *hte) +{ + TSS_RESULT result; + + initData(&hte->comm, 1); + hte->comm.hdr.u.ordinal = TCSD_ORD_SELFTESTFULL; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + return result; +} + +TSS_RESULT +RPC_CertifySelfTest_TP(struct host_table_entry *hte, + TCS_KEY_HANDLE keyHandle, /* in */ + TCPA_NONCE antiReplay, /* in */ + TPM_AUTH * privAuth, /* in, out */ + UINT32 * sigSize, /* out */ + BYTE ** sig) /* out */ +{ + TSS_RESULT result; + int i; + + initData(&hte->comm, 4); + hte->comm.hdr.u.ordinal = TCSD_ORD_CERTIFYSELFTEST; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &keyHandle, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_NONCE, 2, &antiReplay, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + if (privAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 3, privAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + i = 0; + if (privAuth) { + if (getData(TCSD_PACKET_TYPE_AUTH, i++, privAuth, 0, &hte->comm)) { + LogDebug("privAuth"); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + if (getData(TCSD_PACKET_TYPE_UINT32, i++, sigSize, 0, &hte->comm)) { + LogDebug("sigSize"); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + *sig = (BYTE *) malloc(*sigSize); + if (*sig == NULL) { + LogError("malloc of %u bytes failed.", *sigSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *sig, *sigSize, &hte->comm)) { + LogDebug("sig"); + free(*sig); + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + } + +done: + return result; +} + +TSS_RESULT +RPC_GetTestResult_TP(struct host_table_entry *hte, + UINT32 * outDataSize, /* out */ + BYTE ** outData) /* out */ +{ + TSS_RESULT result; + + initData(&hte->comm, 1); + hte->comm.hdr.u.ordinal = TCSD_ORD_GETTESTRESULT; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + LogDebug("RPC_GetTestResult_TP"); + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + LogDebug("sendTCSDPacket succeeded"); + if (getData(TCSD_PACKET_TYPE_UINT32, 0, outDataSize, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *outData = malloc(*outDataSize); + if (*outData == NULL) { + LogError("malloc of %u bytes failed.", *outDataSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + if (getData(TCSD_PACKET_TYPE_PBYTE, 1, *outData, *outDataSize, &hte->comm)) { + free(*outData); + *outData = NULL; + result = TSPERR(TSS_E_INTERNAL_ERROR); + } + } + LogDebug("RPC_GetTestResult_TP exit"); + +done: + return result; +} diff --git a/src/tspi/rpc/tcstp/rpc_sign.c b/src/tspi/rpc/tcstp/rpc_sign.c new file mode 100644 index 0000000..dcaf478 --- /dev/null +++ b/src/tspi/rpc/tcstp/rpc_sign.c @@ -0,0 +1,93 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "hosttable.h" +#include "tcsd_wrap.h" +#include "obj.h" +#include "rpc_tcstp_tsp.h" + + +TSS_RESULT +RPC_Sign_TP(struct host_table_entry *hte, + TCS_KEY_HANDLE keyHandle, /* in */ + UINT32 areaToSignSize, /* in */ + BYTE * areaToSign, /* in */ + TPM_AUTH * privAuth, /* in, out */ + UINT32 * sigSize, /* out */ + BYTE ** sig /* out */ + ) { + TSS_RESULT result; + int i; + + initData(&hte->comm, 5); + hte->comm.hdr.u.ordinal = TCSD_ORD_SIGN; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &keyHandle, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 2, &areaToSignSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 3, areaToSign, areaToSignSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + if (privAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 4, privAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + i = 0; + if (privAuth) { + if (getData(TCSD_PACKET_TYPE_AUTH, i++, privAuth, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + if (getData(TCSD_PACKET_TYPE_UINT32, i++, sigSize, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *sig = (BYTE *) malloc(*sigSize); + if (*sig == NULL) { + LogError("malloc of %u bytes failed.", *sigSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *sig, *sigSize, &hte->comm)) { + result = free_tspi(hte->tspContext, *sig); + if (result == TSS_SUCCESS) + result = TSPERR(TSS_E_INTERNAL_ERROR); + else + free(*sig); + } + } + +done: + return result; +} diff --git a/src/tspi/rpc/tcstp/rpc_tick.c b/src/tspi/rpc/tcstp/rpc_tick.c new file mode 100644 index 0000000..6ad0f34 --- /dev/null +++ b/src/tspi/rpc/tcstp/rpc_tick.c @@ -0,0 +1,172 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "hosttable.h" +#include "tcsd_wrap.h" +#include "obj.h" +#include "rpc_tcstp_tsp.h" + + +TSS_RESULT +RPC_ReadCurrentTicks_TP(struct host_table_entry* hte, + UINT32* pulCurrentTime, /* out */ + BYTE** prgbCurrentTime) /* out */ +{ + TSS_RESULT result; + + initData(&hte->comm, 1); + hte->comm.hdr.u.ordinal = TCSD_ORD_READCURRENTTICKS; + LogDebugFn("IN: TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_UINT32, 0, pulCurrentTime, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *prgbCurrentTime = malloc(*pulCurrentTime); + if (*prgbCurrentTime == NULL) { + *pulCurrentTime = 0; + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + if (getData(TCSD_PACKET_TYPE_PBYTE, 1, *prgbCurrentTime, *pulCurrentTime, + &hte->comm)) { + free(*prgbCurrentTime); + *prgbCurrentTime = NULL; + *pulCurrentTime = 0; + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } +done: + return result; +} + +TSS_RESULT +RPC_TickStampBlob_TP(struct host_table_entry* hte, + TCS_KEY_HANDLE hKey, /* in */ + TPM_NONCE* antiReplay, /* in */ + TPM_DIGEST* digestToStamp, /* in */ + TPM_AUTH* privAuth, /* in, out */ + UINT32* pulSignatureLength, /* out */ + BYTE** prgbSignature, /* out */ + UINT32* pulTickCountLength, /* out */ + BYTE** prgbTickCount) /* out */ + +{ + TSS_RESULT result; + UINT32 i; + + initData(&hte->comm, 5); + hte->comm.hdr.u.ordinal = TCSD_ORD_TICKSTAMPBLOB; + LogDebugFn("IN: TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &hKey, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_NONCE, 2, antiReplay, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_DIGEST, 3, digestToStamp, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (privAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 4, privAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + i = 0; + if (privAuth) { + if (getData(TCSD_PACKET_TYPE_AUTH, i++, privAuth, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + + if (getData(TCSD_PACKET_TYPE_UINT32, i++, pulSignatureLength, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *prgbSignature = malloc(*pulSignatureLength); + if (*prgbSignature == NULL) { + *pulSignatureLength = 0; + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *prgbSignature, *pulSignatureLength, + &hte->comm)) { + free(*prgbSignature); + *prgbSignature = NULL; + *pulSignatureLength = 0; + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + if (getData(TCSD_PACKET_TYPE_UINT32, i++, pulTickCountLength, 0, &hte->comm)) { + free(*prgbSignature); + *prgbSignature = NULL; + *pulSignatureLength = 0; + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *prgbTickCount = malloc(*pulTickCountLength); + if (*prgbTickCount == NULL) { + free(*prgbSignature); + *prgbSignature = NULL; + *pulSignatureLength = 0; + *pulTickCountLength = 0; + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *prgbTickCount, *pulTickCountLength, + &hte->comm)) { + free(*prgbSignature); + *prgbSignature = NULL; + *pulSignatureLength = 0; + free(*prgbTickCount); + *prgbTickCount = NULL; + *pulTickCountLength = 0; + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } +done: + return result; +} diff --git a/src/tspi/rpc/tcstp/rpc_transport.c b/src/tspi/rpc/tcstp/rpc_transport.c new file mode 100644 index 0000000..91102cc --- /dev/null +++ b/src/tspi/rpc/tcstp/rpc_transport.c @@ -0,0 +1,368 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "hosttable.h" +#include "tcsd_wrap.h" +#include "obj.h" +#include "rpc_tcstp_tsp.h" + + +TSS_RESULT +RPC_EstablishTransport_TP(struct host_table_entry *hte, + UINT32 ulTransControlFlags, + TCS_KEY_HANDLE hEncKey, + UINT32 ulTransSessionInfoSize, + BYTE* rgbTransSessionInfo, + UINT32 ulSecretSize, + BYTE* rgbSecret, + TPM_AUTH* pEncKeyAuth, /* in, out */ + TPM_MODIFIER_INDICATOR* pbLocality, + TCS_HANDLE* hTransSession, + UINT32* ulCurrentTicksSize, + BYTE** prgbCurrentTicks, + TPM_NONCE* pTransNonce) +{ + TSS_RESULT result; + UINT32 i; + + initData(&hte->comm, 8); + hte->comm.hdr.u.ordinal = TCSD_ORD_ESTABLISHTRANSPORT; + LogDebugFn("IN: TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &ulTransControlFlags, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 2, &hEncKey, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 3, &ulTransSessionInfoSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 4, rgbTransSessionInfo, ulTransSessionInfoSize, + &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 5, &ulSecretSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, 6, rgbSecret, ulSecretSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (pEncKeyAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 7, pEncKeyAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + i = 0; + if (pEncKeyAuth) { + if (getData(TCSD_PACKET_TYPE_AUTH, i++, pEncKeyAuth, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } + if (getData(TCSD_PACKET_TYPE_UINT32, i++, pbLocality, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + if (getData(TCSD_PACKET_TYPE_UINT32, i++, hTransSession, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + if (getData(TCSD_PACKET_TYPE_UINT32, i++, ulCurrentTicksSize, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *prgbCurrentTicks = malloc(*ulCurrentTicksSize); + if (*prgbCurrentTicks == NULL) { + *ulCurrentTicksSize = 0; + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *prgbCurrentTicks, *ulCurrentTicksSize, + &hte->comm)) { + free(*prgbCurrentTicks); + *prgbCurrentTicks = NULL; + *ulCurrentTicksSize = 0; + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + if (getData(TCSD_PACKET_TYPE_NONCE, i++, pTransNonce, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + } +done: + return result; +} + + +TSS_RESULT +RPC_ExecuteTransport_TP(struct host_table_entry *hte, + TPM_COMMAND_CODE unWrappedCommandOrdinal, + UINT32 ulWrappedCmdParamInSize, + BYTE* rgbWrappedCmdParamIn, + UINT32* pulHandleListSize, /* in, out */ + TCS_HANDLE** rghHandles, /* in, out */ + TPM_AUTH* pWrappedCmdAuth1, /* in, out */ + TPM_AUTH* pWrappedCmdAuth2, /* in, out */ + TPM_AUTH* pTransAuth, /* in, out */ + UINT64* punCurrentTicks, + TPM_MODIFIER_INDICATOR* pbLocality, + TPM_RESULT* pulWrappedCmdReturnCode, + UINT32* ulWrappedCmdParamOutSize, + BYTE** rgbWrappedCmdParamOut) +{ + TSS_RESULT result; + TPM_AUTH null_auth; + UINT32 i = 0; + + memset(&null_auth, 0, sizeof(TPM_AUTH)); + + initData(&hte->comm, 9); + hte->comm.hdr.u.ordinal = TCSD_ORD_EXECUTETRANSPORT; + LogDebugFn("IN: TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &unWrappedCommandOrdinal, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &ulWrappedCmdParamInSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, rgbWrappedCmdParamIn, ulWrappedCmdParamInSize, + &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, i++, pulHandleListSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (*pulHandleListSize) { + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, *rghHandles, + *pulHandleListSize * sizeof(UINT32), &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + if (pWrappedCmdAuth1) { + if (setData(TCSD_PACKET_TYPE_AUTH, i++, pWrappedCmdAuth1, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } else { + if (setData(TCSD_PACKET_TYPE_AUTH, i++, &null_auth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + if (pWrappedCmdAuth2) { + if (setData(TCSD_PACKET_TYPE_AUTH, i++, pWrappedCmdAuth2, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } else { + if (setData(TCSD_PACKET_TYPE_AUTH, i++, &null_auth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_AUTH, i++, pTransAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + i = 0; + if (getData(TCSD_PACKET_TYPE_UINT32, i++, pulHandleListSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + if (*pulHandleListSize) { + *rghHandles = malloc(*pulHandleListSize * sizeof(UINT32)); + if (*rghHandles == NULL) { + *pulHandleListSize = 0; + return TSPERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *rghHandles, + *pulHandleListSize * sizeof(UINT32), &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto error; + } + } + if (pWrappedCmdAuth1) { + if (getData(TCSD_PACKET_TYPE_AUTH, i++, pWrappedCmdAuth1, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto error; + } + } else { + if (getData(TCSD_PACKET_TYPE_AUTH, i++, &null_auth, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto error; + } + } + if (pWrappedCmdAuth2) { + if (getData(TCSD_PACKET_TYPE_AUTH, i++, pWrappedCmdAuth2, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto error; + } + } else { + if (getData(TCSD_PACKET_TYPE_AUTH, i++, &null_auth, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto error; + } + } + if (getData(TCSD_PACKET_TYPE_AUTH, i++, pTransAuth, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto error; + } + if (getData(TCSD_PACKET_TYPE_UINT64, i++, punCurrentTicks, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto error; + } + if (getData(TCSD_PACKET_TYPE_UINT32, i++, pbLocality, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto error; + } + if (getData(TCSD_PACKET_TYPE_UINT32, i++, pulWrappedCmdReturnCode, 0, &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto error; + } + if (getData(TCSD_PACKET_TYPE_UINT32, i++, ulWrappedCmdParamOutSize, 0, + &hte->comm)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto error; + } + if (*ulWrappedCmdParamOutSize) { + *rgbWrappedCmdParamOut = malloc(*ulWrappedCmdParamOutSize); + if (*rgbWrappedCmdParamOut == NULL) { + *ulWrappedCmdParamOutSize = 0; + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto error; + } + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *rgbWrappedCmdParamOut, + *ulWrappedCmdParamOutSize, &hte->comm)) { + free(*rgbWrappedCmdParamOut); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto error; + } + } else + *rgbWrappedCmdParamOut = NULL; + } + + return result; +error: + if (*pulHandleListSize) { + free(*rghHandles); + *rghHandles = NULL; + } + return result; +} + +TSS_RESULT +RPC_ReleaseTransportSigned_TP(struct host_table_entry *hte, + TCS_KEY_HANDLE hSignatureKey, + TPM_NONCE* AntiReplayNonce, + TPM_AUTH* pKeyAuth, /* in, out */ + TPM_AUTH* pTransAuth, /* in, out */ + TPM_MODIFIER_INDICATOR* pbLocality, + UINT32* pulCurrentTicksSize, + BYTE** prgbCurrentTicks, + UINT32* pulSignatureSize, + BYTE** prgbSignature) +{ + TSS_RESULT result; + TPM_AUTH null_auth; + + memset(&null_auth, 0, sizeof(TPM_AUTH)); + + initData(&hte->comm, 5); + hte->comm.hdr.u.ordinal = TCSD_ORD_RELEASETRANSPORTSIGNED; + LogDebugFn("IN: TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &hSignatureKey, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_NONCE, 2, AntiReplayNonce, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (pKeyAuth) { + if (setData(TCSD_PACKET_TYPE_AUTH, 3, pKeyAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } else { + if (setData(TCSD_PACKET_TYPE_AUTH, 3, &null_auth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_AUTH, 4, pTransAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (pKeyAuth) { + if (getData(TCSD_PACKET_TYPE_AUTH, 0, pKeyAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } else { + if (getData(TCSD_PACKET_TYPE_AUTH, 0, &null_auth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_AUTH, 1, pTransAuth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT32, 2, pbLocality, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (getData(TCSD_PACKET_TYPE_UINT32, 3, pulCurrentTicksSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + *prgbCurrentTicks = malloc(*pulCurrentTicksSize); + if (*prgbCurrentTicks == NULL) { + *pulCurrentTicksSize = 0; + return TSPERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 4, *prgbCurrentTicks, *pulCurrentTicksSize, + &hte->comm)) { + free(*prgbCurrentTicks); + *prgbCurrentTicks = NULL; + *pulCurrentTicksSize = 0; + return TSPERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_UINT32, 5, pulSignatureSize, 0, &hte->comm)) { + free(*prgbCurrentTicks); + *prgbCurrentTicks = NULL; + *pulCurrentTicksSize = 0; + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + *prgbSignature = malloc(*pulSignatureSize); + if (*prgbSignature == NULL) { + free(*prgbCurrentTicks); + *prgbCurrentTicks = NULL; + *pulCurrentTicksSize = 0; + *pulSignatureSize = 0; + return TSPERR(TSS_E_INTERNAL_ERROR); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, 6, *prgbSignature, *pulSignatureSize, + &hte->comm)) { + free(*prgbCurrentTicks); + *prgbCurrentTicks = NULL; + *pulCurrentTicksSize = 0; + free(*prgbSignature); + *prgbSignature = NULL; + *pulSignatureSize = 0; + return TSPERR(TSS_E_INTERNAL_ERROR); + } + } + + return result; +} diff --git a/src/tspi/spi_utils.c b/src/tspi/spi_utils.c new file mode 100644 index 0000000..de80bc1 --- /dev/null +++ b/src/tspi/spi_utils.c @@ -0,0 +1,459 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + + +#include +#include +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +TSS_UUID NULL_UUID = { 0, 0, 0, 0, 0, { 0, 0, 0, 0, 0, 0 } }; + +TSS_VERSION VERSION_1_1 = { 1, 1, 0, 0 }; + +struct tcs_api_table tcs_normal_api = { +#ifdef TSS_BUILD_KEY + .LoadKeyByBlob = RPC_LoadKeyByBlob, + .EvictKey = RPC_EvictKey, + .CreateWrapKey = RPC_CreateWrapKey, + .GetPubKey = RPC_GetPubKey, +#ifdef TSS_BUILD_TSS12 + .OwnerReadInternalPub = RPC_OwnerReadInternalPub, +#endif +#ifdef TSS_BUILD_CERTIFY + .CertifyKey = RPC_CertifyKey, +#endif +#endif +#ifdef TSS_BUILD_OWN + .OwnerClear = RPC_OwnerClear, + .ForceClear = RPC_ForceClear, +#endif +#ifdef TSS_BUILD_AUTH + .TerminateHandle = RPC_TerminateHandle, + .OIAP = RPC_OIAP, + .OSAP = RPC_OSAP, +#endif +#ifdef TSS_BUILD_CHANGEAUTH + .ChangeAuth = RPC_ChangeAuth, + .ChangeAuthOwner = RPC_ChangeAuthOwner, + .ChangeAuthAsymStart = RPC_ChangeAuthAsymStart, + .ChangeAuthAsymFinish = RPC_ChangeAuthAsymFinish, +#endif +#ifdef TSS_BUILD_AIK + .ActivateTPMIdentity = RPC_ActivateTPMIdentity, +#endif +#ifdef TSS_BUILD_PCR_EXTEND + .Extend = RPC_Extend, + .PcrRead = RPC_PcrRead, + .PcrReset = RPC_PcrReset, +#endif +#ifdef TSS_BUILD_QUOTE + .Quote = RPC_Quote, +#endif +#ifdef TSS_BUILD_QUOTE2 + .Quote2 = RPC_Quote2, +#endif +#ifdef TSS_BUILD_DIR + .DirWriteAuth = RPC_DirWriteAuth, + .DirRead = RPC_DirRead, +#endif +#ifdef TSS_BUILD_SEAL + .Seal = RPC_Seal, + .Unseal = RPC_Unseal, +#ifdef TSS_BUILD_SEALX + .Sealx = RPC_Sealx, +#endif +#endif +#ifdef TSS_BUILD_BIND + .UnBind = RPC_UnBind, +#endif +#ifdef TSS_BUILD_MIGRATION + .CreateMigrationBlob = RPC_CreateMigrationBlob, + .ConvertMigrationBlob = RPC_ConvertMigrationBlob, + .AuthorizeMigrationKey = RPC_AuthorizeMigrationKey, +#endif +#ifdef TSS_BUILD_SIGN + .Sign = RPC_Sign, +#endif +#ifdef TSS_BUILD_RANDOM + .GetRandom = RPC_GetRandom, + .StirRandom = RPC_StirRandom, +#endif +#ifdef TSS_BUILD_CAPS_TPM + .GetTPMCapability = RPC_GetTPMCapability, + .SetCapability = RPC_SetCapability, + .GetCapabilityOwner = RPC_GetCapabilityOwner, +#endif +#ifdef TSS_BUILD_EK + .CreateEndorsementKeyPair = RPC_CreateEndorsementKeyPair, + .ReadPubek = RPC_ReadPubek, + .OwnerReadPubek = RPC_OwnerReadPubek, +#endif +#ifdef TSS_BUILD_SELFTEST + .SelfTestFull = RPC_SelfTestFull, + .CertifySelfTest = RPC_CertifySelfTest, + .GetTestResult = RPC_GetTestResult, +#endif +#ifdef TSS_BUILD_ADMIN + .SetOwnerInstall = RPC_SetOwnerInstall, + .DisablePubekRead = RPC_DisablePubekRead, + .OwnerSetDisable = RPC_OwnerSetDisable, + .DisableOwnerClear = RPC_DisableOwnerClear, + .DisableForceClear = RPC_DisableForceClear, + .PhysicalDisable = RPC_PhysicalDisable, + .PhysicalEnable = RPC_PhysicalEnable, + .PhysicalSetDeactivated = RPC_PhysicalSetDeactivated, + .PhysicalPresence = RPC_PhysicalPresence, + .SetTempDeactivated = RPC_SetTempDeactivated, +#ifdef TSS_BUILD_TSS12 + .SetTempDeactivated2 = RPC_SetTempDeactivated2, + .ResetLockValue = RPC_ResetLockValue, +#endif +#endif +#ifdef TSS_BUILD_MAINT + .CreateMaintenanceArchive = RPC_CreateMaintenanceArchive, + .LoadMaintenanceArchive = RPC_LoadMaintenanceArchive, + .KillMaintenanceFeature = RPC_KillMaintenanceFeature, + .LoadManuMaintPub = RPC_LoadManuMaintPub, + .ReadManuMaintPub = RPC_ReadManuMaintPub, +#endif +#ifdef TSS_BUILD_DAA + .DaaJoin = RPC_DaaJoin, + .DaaSign = RPC_DaaSign, +#endif +#ifdef TSS_BUILD_COUNTER + .ReadCounter = RPC_ReadCounter, + .CreateCounter = RPC_CreateCounter, + .IncrementCounter = RPC_IncrementCounter, + .ReleaseCounter = RPC_ReleaseCounter, + .ReleaseCounterOwner = RPC_ReleaseCounterOwner, +#endif +#ifdef TSS_BUILD_TICK + .ReadCurrentTicks = RPC_ReadCurrentTicks, + .TickStampBlob = RPC_TickStampBlob, +#endif +#ifdef TSS_BUILD_NV + .NV_DefineOrReleaseSpace = RPC_NV_DefineOrReleaseSpace, + .NV_WriteValue = RPC_NV_WriteValue, + .NV_WriteValueAuth = RPC_NV_WriteValueAuth, + .NV_ReadValue = RPC_NV_ReadValue, + .NV_ReadValueAuth = RPC_NV_ReadValueAuth, +#endif +#ifdef TSS_BUILD_AUDIT + .SetOrdinalAuditStatus = RPC_SetOrdinalAuditStatus, + .GetAuditDigest = RPC_GetAuditDigest, + .GetAuditDigestSigned = RPC_GetAuditDigestSigned, +#endif +#ifdef TSS_BUILD_TSS12 + .SetOperatorAuth = RPC_SetOperatorAuth, + .FlushSpecific = RPC_FlushSpecific, +#endif +#ifdef TSS_BUILD_DELEGATION + .Delegate_Manage = RPC_Delegate_Manage, + .Delegate_CreateKeyDelegation = RPC_Delegate_CreateKeyDelegation, + .Delegate_CreateOwnerDelegation = RPC_Delegate_CreateOwnerDelegation, + .Delegate_LoadOwnerDelegation = RPC_Delegate_LoadOwnerDelegation, + .Delegate_ReadTable = RPC_Delegate_ReadTable, + .Delegate_UpdateVerificationCount = RPC_Delegate_UpdateVerificationCount, + .Delegate_VerifyDelegation = RPC_Delegate_VerifyDelegation, + .DSAP = RPC_DSAP, +#endif + .FieldUpgrade = RPC_FieldUpgrade, + .SetRedirection = RPC_SetRedirection, +}; + +#ifdef TSS_BUILD_TRANSPORT +struct tcs_api_table tcs_transport_api = { +#ifdef TSS_BUILD_KEY + .LoadKeyByBlob = Transport_LoadKeyByBlob, + .EvictKey = Transport_EvictKey, + .CreateWrapKey = Transport_CreateWrapKey, + .GetPubKey = Transport_GetPubKey, +#ifdef TSS_BUILD_TSS12 + .OwnerReadInternalPub = Transport_OwnerReadInternalPub, +#endif +#ifdef TSS_BUILD_CERTIFY + .CertifyKey = Transport_CertifyKey, +#endif +#endif +#ifdef TSS_BUILD_OWN + .OwnerClear = Transport_OwnerClear, + .ForceClear = Transport_ForceClear, +#endif +#ifdef TSS_BUILD_AUTH + .OIAP = Transport_OIAP, + .OSAP = Transport_OSAP, + .TerminateHandle = Transport_TerminateHandle, +#endif +#ifdef TSS_BUILD_CHANGEAUTH + .ChangeAuth = Transport_ChangeAuth, + .ChangeAuthOwner = Transport_ChangeAuthOwner, + .ChangeAuthAsymStart = RPC_ChangeAuthAsymStart, + .ChangeAuthAsymFinish = RPC_ChangeAuthAsymFinish, +#endif +#ifdef TSS_BUILD_AIK + .ActivateTPMIdentity = Transport_ActivateTPMIdentity, +#endif +#ifdef TSS_BUILD_PCR_EXTEND + .Extend = Transport_Extend, + .PcrRead = Transport_PcrRead, + .PcrReset = Transport_PcrReset, +#endif +#ifdef TSS_BUILD_QUOTE + .Quote = Transport_Quote, +#endif +#ifdef TSS_BUILD_QUOTE2 + .Quote2 = Transport_Quote2, +#endif +#ifdef TSS_BUILD_DIR + .DirWriteAuth = Transport_DirWriteAuth, + .DirRead = Transport_DirRead, +#endif +#ifdef TSS_BUILD_SEAL + .Seal = Transport_Seal, + .Sealx = Transport_Sealx, + .Unseal = Transport_Unseal, +#endif +#ifdef TSS_BUILD_BIND + .UnBind = Transport_UnBind, +#endif +#ifdef TSS_BUILD_MIGRATION + .CreateMigrationBlob = Transport_CreateMigrationBlob, + .ConvertMigrationBlob = Transport_ConvertMigrationBlob, + .AuthorizeMigrationKey = Transport_AuthorizeMigrationKey, +#endif +#ifdef TSS_BUILD_SIGN + .Sign = Transport_Sign, +#endif +#ifdef TSS_BUILD_RANDOM + .GetRandom = Transport_GetRandom, + .StirRandom = Transport_StirRandom, +#endif +#ifdef TSS_BUILD_CAPS_TPM + .GetTPMCapability = Transport_GetTPMCapability, + .SetCapability = Transport_SetCapability, + .GetCapabilityOwner = Transport_GetCapabilityOwner, +#endif +#ifdef TSS_BUILD_EK + .ReadPubek = RPC_ReadPubek, + .OwnerReadPubek = RPC_OwnerReadPubek, +#endif +#ifdef TSS_BUILD_SELFTEST + .SelfTestFull = Transport_SelfTestFull, + .CertifySelfTest = Transport_CertifySelfTest, + .GetTestResult = Transport_GetTestResult, +#endif +#ifdef TSS_BUILD_ADMIN + .SetOwnerInstall = Transport_SetOwnerInstall, + .DisablePubekRead = Transport_DisablePubekRead, + .OwnerSetDisable = Transport_OwnerSetDisable, + .ResetLockValue = Transport_ResetLockValue, + .DisableOwnerClear = Transport_DisableOwnerClear, + .DisableForceClear = Transport_DisableForceClear, + .PhysicalDisable = Transport_PhysicalDisable, + .PhysicalEnable = Transport_PhysicalEnable, + .PhysicalSetDeactivated = Transport_PhysicalSetDeactivated, + .PhysicalPresence = Transport_PhysicalPresence, + .SetTempDeactivated = Transport_SetTempDeactivated, + .SetTempDeactivated2 = Transport_SetTempDeactivated2, +#endif +#ifdef TSS_BUILD_MAINT + .CreateMaintenanceArchive = Transport_CreateMaintenanceArchive, + .LoadMaintenanceArchive = Transport_LoadMaintenanceArchive, + .KillMaintenanceFeature = Transport_KillMaintenanceFeature, + .LoadManuMaintPub = Transport_LoadManuMaintPub, + .ReadManuMaintPub = Transport_ReadManuMaintPub, +#endif +#ifdef TSS_BUILD_DAA + .DaaJoin = RPC_DaaJoin, + .DaaSign = RPC_DaaSign, +#endif +#ifdef TSS_BUILD_COUNTER + .ReadCounter = Transport_ReadCounter, + .CreateCounter = RPC_CreateCounter, + .IncrementCounter = RPC_IncrementCounter, + .ReleaseCounter = RPC_ReleaseCounter, + .ReleaseCounterOwner = RPC_ReleaseCounterOwner, +#endif +#ifdef TSS_BUILD_TICK + .ReadCurrentTicks = Transport_ReadCurrentTicks, + .TickStampBlob = Transport_TickStampBlob, +#endif +#ifdef TSS_BUILD_NV + .NV_DefineOrReleaseSpace = Transport_NV_DefineOrReleaseSpace, + .NV_WriteValue = Transport_NV_WriteValue, + .NV_WriteValueAuth = Transport_NV_WriteValueAuth, + .NV_ReadValue = Transport_NV_ReadValue, + .NV_ReadValueAuth = Transport_NV_ReadValueAuth, +#endif +#ifdef TSS_BUILD_AUDIT + .SetOrdinalAuditStatus = Transport_SetOrdinalAuditStatus, + .GetAuditDigest = Transport_GetAuditDigest, + .GetAuditDigestSigned = Transport_GetAuditDigestSigned, +#endif +#ifdef TSS_BUILD_TSS12 + .SetOperatorAuth = Transport_SetOperatorAuth, + .FlushSpecific = Transport_FlushSpecific, +#endif +#ifdef TSS_BUILD_DELEGATION + .Delegate_Manage = Transport_Delegate_Manage, + .Delegate_CreateKeyDelegation = Transport_Delegate_CreateKeyDelegation, + .Delegate_CreateOwnerDelegation = Transport_Delegate_CreateOwnerDelegation, + .Delegate_LoadOwnerDelegation = Transport_Delegate_LoadOwnerDelegation, + .Delegate_ReadTable = Transport_Delegate_ReadTable, + .Delegate_UpdateVerificationCount = Transport_Delegate_UpdateVerificationCount, + .Delegate_VerifyDelegation = Transport_Delegate_VerifyDelegation, + .DSAP = Transport_DSAP, +#endif + .FieldUpgrade = RPC_FieldUpgrade, + .SetRedirection = RPC_SetRedirection, +}; +#endif + +UINT16 +Decode_UINT16(BYTE * in) +{ + UINT16 temp = 0; + temp = (in[1] & 0xFF); + temp |= (in[0] << 8); + return temp; +} + +void +UINT32ToArray(UINT32 i, BYTE * out) +{ + out[0] = (BYTE) ((i >> 24) & 0xFF); + out[1] = (BYTE) ((i >> 16) & 0xFF); + out[2] = (BYTE) ((i >> 8) & 0xFF); + out[3] = (BYTE) i & 0xFF; +} + +void +UINT64ToArray(UINT64 i, BYTE *out) +{ + out[0] = (BYTE) ((i >> 56) & 0xFF); + out[1] = (BYTE) ((i >> 48) & 0xFF); + out[2] = (BYTE) ((i >> 40) & 0xFF); + out[3] = (BYTE) ((i >> 32) & 0xFF); + out[4] = (BYTE) ((i >> 24) & 0xFF); + out[5] = (BYTE) ((i >> 16) & 0xFF); + out[6] = (BYTE) ((i >> 8) & 0xFF); + out[7] = (BYTE) i & 0xFF; +} + +void +UINT16ToArray(UINT16 i, BYTE * out) +{ + out[0] = ((i >> 8) & 0xFF); + out[1] = i & 0xFF; +} + +UINT64 +Decode_UINT64(BYTE *y) +{ + UINT64 x = 0; + + x = y[0]; + x = ((x << 8) | (y[1] & 0xFF)); + x = ((x << 8) | (y[2] & 0xFF)); + x = ((x << 8) | (y[3] & 0xFF)); + x = ((x << 8) | (y[4] & 0xFF)); + x = ((x << 8) | (y[5] & 0xFF)); + x = ((x << 8) | (y[6] & 0xFF)); + x = ((x << 8) | (y[7] & 0xFF)); + + return x; +} + +UINT32 +Decode_UINT32(BYTE * y) +{ + UINT32 x = 0; + + x = y[0]; + x = ((x << 8) | (y[1] & 0xFF)); + x = ((x << 8) | (y[2] & 0xFF)); + x = ((x << 8) | (y[3] & 0xFF)); + + return x; +} + +UINT32 +get_pcr_event_size(TSS_PCR_EVENT *e) +{ + return (sizeof(TSS_PCR_EVENT) + e->ulEventLength + e->ulPcrValueLength); +} + +void +LoadBlob_AUTH(UINT64 *offset, BYTE *blob, TPM_AUTH *auth) +{ + Trspi_LoadBlob_UINT32(offset, auth->AuthHandle, blob); + Trspi_LoadBlob(offset, 20, blob, auth->NonceOdd.nonce); + Trspi_LoadBlob_BOOL(offset, auth->fContinueAuthSession, blob); + Trspi_LoadBlob(offset, 20, blob, (BYTE *)&auth->HMAC); +} + +void +UnloadBlob_AUTH(UINT64 *offset, BYTE *blob, TPM_AUTH *auth) +{ + Trspi_UnloadBlob(offset, 20, blob, auth->NonceEven.nonce); + Trspi_UnloadBlob_BOOL(offset, &auth->fContinueAuthSession, blob); + Trspi_UnloadBlob(offset, 20, blob, (BYTE *)&auth->HMAC); +} + +/* If alloc is true, we allocate a new buffer for the bytes and set *data to that. + * If alloc is false, data is really a BYTE*, so write the bytes directly to that buffer */ +TSS_RESULT +get_local_random(TSS_HCONTEXT tspContext, TSS_BOOL alloc, UINT32 size, BYTE **data) +{ + FILE *f = NULL; + BYTE *buf = NULL; + + f = fopen(TSS_LOCAL_RANDOM_DEVICE, "r"); + if (f == NULL) { + LogError("open of %s failed: %s", TSS_LOCAL_RANDOM_DEVICE, strerror(errno)); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + if (alloc) { + buf = calloc_tspi(tspContext, size); + if (buf == NULL) { + LogError("malloc of %u bytes failed", size); + fclose(f); + return TSPERR(TSS_E_OUTOFMEMORY); + } + } else + buf = (BYTE *)data; + + if (fread(buf, size, 1, f) == 0) { + LogError("fread of %s failed: %s", TSS_LOCAL_RANDOM_DEVICE, strerror(errno)); + fclose(f); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + if (alloc) + *data = buf; + fclose(f); + + return TSS_SUCCESS; +} diff --git a/src/tspi/ssl_ui.c b/src/tspi/ssl_ui.c new file mode 100644 index 0000000..5e25895 --- /dev/null +++ b/src/tspi/ssl_ui.c @@ -0,0 +1,86 @@ + +#include +#include + +#include + +#include "trousers/tss.h" +#include "spi_utils.h" + +static TSS_RESULT do_ui(BYTE *string, UINT32 *string_len, BYTE *popup, int verify) +{ + char pin_buf[UI_MAX_SECRET_STRING_LENGTH + 1]; + char verify_buf[UI_MAX_SECRET_STRING_LENGTH + 1]; + char *popup_nl; + UI *ui; + BYTE *unicode; + TSS_RESULT ret = TSS_E_FAIL; + + popup_nl = malloc(strlen((char *)popup) + 2); + if (!popup_nl) + return TSS_E_OUTOFMEMORY; + + ui = UI_new(); + if (!ui) + goto no_ui; + + sprintf(popup_nl, "%s\n", (char *)popup); + if (!UI_add_info_string(ui, popup_nl)) { + printf("add info fail\n"); + goto out; + } + + /* UI_add_input_string() doesn't count for the null terminator in its last */ + /* parameter, that's why we statically allocated 1 more byte to pin_buf */ + if (!UI_add_input_string(ui, "Enter PIN:", 0, pin_buf, 1, UI_MAX_SECRET_STRING_LENGTH)) { + printf("add input fail\n"); + goto out; + } + + if (verify && + !UI_add_verify_string(ui, "Verify PIN:", 0, verify_buf, 1, UI_MAX_SECRET_STRING_LENGTH, pin_buf)) { + printf("Add verify fail\n"); + goto out; + } + + if (UI_process(ui)) + goto out; + + ret = TSS_SUCCESS; + + unicode = Trspi_Native_To_UNICODE((BYTE *)pin_buf, string_len); + memset(string, 0, UI_MAX_SECRET_STRING_LENGTH); + memcpy(string, unicode, *string_len); + out: + UI_free(ui); + no_ui: + free(popup_nl); + return ret; +} + +/* + * DisplayPINWindow() + * + * Popup the dialog to collect an existing password. + * + * string - buffer that the password will be passed back to caller in + * popup - UTF-8 string to be displayed in the title bar of the dialog box + * + */ +TSS_RESULT DisplayPINWindow(BYTE *string, UINT32 *string_len, BYTE *popup) +{ + return do_ui(string, string_len, popup, 0); +} +/* + * DisplayNewPINWindow() + * + * Popup the dialog to collect a new password. + * + * string - buffer that the password will be passed back to caller in + * popup - UTF-8 string to be displayed in the title bar of the dialog box + * + */ +TSS_RESULT DisplayNewPINWindow(BYTE *string, UINT32 *string_len, BYTE *popup) +{ + return do_ui(string, string_len, popup, 1); +} diff --git a/src/tspi/tsp_admin.c b/src/tspi/tsp_admin.c new file mode 100644 index 0000000..8b856c6 --- /dev/null +++ b/src/tspi/tsp_admin.c @@ -0,0 +1,305 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + + +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +#ifdef TSS_BUILD_TRANSPORT +TSS_RESULT +Transport_GetCapabilityOwner(TSS_HCONTEXT tspContext, /* in */ + TPM_AUTH * pOwnerAuth, /* in/out */ + TCPA_VERSION * pVersion, /* out */ + UINT32 * pNonVolatileFlags, /* out */ + UINT32 * pVolatileFlags) /* out */ +{ + UINT64 offset; + TSS_RESULT result; + UINT32 handlesLen = 0, decLen; + BYTE *dec; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_GetCapabilityOwner, 0, NULL, + NULL, &handlesLen, NULL, pOwnerAuth, NULL, + &decLen, &dec))) + return result; + + offset = 0; + Trspi_UnloadBlob_TCPA_VERSION(&offset, dec, pVersion); + Trspi_UnloadBlob_UINT32(&offset, pNonVolatileFlags, dec); + Trspi_UnloadBlob_UINT32(&offset, pVolatileFlags, dec); + + free(dec); + + return result; +} + +TSS_RESULT +Transport_SetOwnerInstall(TSS_HCONTEXT tspContext, /* in */ + TSS_BOOL state) /* in */ +{ + TSS_RESULT result; + UINT32 handlesLen = 0; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + result = obj_context_transport_execute(tspContext, TPM_ORD_SetOwnerInstall, + sizeof(TSS_BOOL), (BYTE *)&state, NULL, &handlesLen, + NULL, NULL, NULL, NULL, NULL); + + return result; +} + +TSS_RESULT +Transport_DisableOwnerClear(TSS_HCONTEXT tspContext, /* in */ + TPM_AUTH * ownerAuth) /* in, out */ +{ + TSS_RESULT result; + UINT32 handlesLen = 0; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + result = obj_context_transport_execute(tspContext, TPM_ORD_DisableOwnerClear, 0, NULL, NULL, + &handlesLen, NULL, ownerAuth, NULL, NULL, NULL); + + return result; +} + +TSS_RESULT +Transport_DisableForceClear(TSS_HCONTEXT tspContext) /* in */ +{ + TSS_RESULT result; + UINT32 handlesLen = 0; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + result = obj_context_transport_execute(tspContext, TPM_ORD_DisableForceClear, 0, NULL, NULL, + &handlesLen, NULL, NULL, NULL, NULL, NULL); + + return result; +} + +TSS_RESULT +Transport_OwnerSetDisable(TSS_HCONTEXT tspContext, /* in */ + TSS_BOOL disableState, /* in */ + TPM_AUTH * ownerAuth) /* in, out */ +{ + TSS_RESULT result; + UINT32 handlesLen = 0; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + result = obj_context_transport_execute(tspContext, TPM_ORD_OwnerSetDisable, + sizeof(TSS_BOOL), (BYTE *)&disableState, NULL, + &handlesLen, NULL, ownerAuth, NULL, NULL, NULL); + + return result; +} + +TSS_RESULT +Transport_PhysicalDisable(TSS_HCONTEXT tspContext) /* in */ +{ + TSS_RESULT result; + UINT32 handlesLen = 0; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + result = obj_context_transport_execute(tspContext, TPM_ORD_PhysicalDisable, 0, NULL, NULL, + &handlesLen, NULL, NULL, NULL, NULL, NULL); + + return result; +} + +TSS_RESULT +Transport_PhysicalEnable(TSS_HCONTEXT tspContext) /* in */ +{ + TSS_RESULT result; + UINT32 handlesLen = 0; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + result = obj_context_transport_execute(tspContext, TPM_ORD_PhysicalEnable, 0, NULL, NULL, + &handlesLen, NULL, NULL, NULL, NULL, NULL); + + return result; +} + +TSS_RESULT +Transport_PhysicalSetDeactivated(TSS_HCONTEXT tspContext, /* in */ + TSS_BOOL state) /* in */ +{ + TSS_RESULT result; + UINT32 handlesLen = 0; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + result = obj_context_transport_execute(tspContext, TPM_ORD_PhysicalSetDeactivated, + sizeof(TSS_BOOL), (BYTE *)&state, NULL, &handlesLen, + NULL, NULL, NULL, NULL, NULL); + + return result; +} + +TSS_RESULT +Transport_SetTempDeactivated(TSS_HCONTEXT tspContext) /* in */ +{ + TSS_RESULT result; + UINT32 handlesLen = 0; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + result = obj_context_transport_execute(tspContext, TPM_ORD_SetTempDeactivated, 0, NULL, + NULL, &handlesLen, NULL, NULL, NULL, NULL, NULL); + + return result; +} + +TSS_RESULT +Transport_SetTempDeactivated2(TSS_HCONTEXT tspContext, /* in */ + TPM_AUTH *operatorAuth) /* in, out */ +{ + TSS_RESULT result; + UINT32 handlesLen = 0; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + result = obj_context_transport_execute(tspContext, TPM_ORD_SetTempDeactivated, 0, NULL, + NULL, &handlesLen, NULL, operatorAuth, NULL, NULL, + NULL); + + return result; +} + +TSS_RESULT +Transport_DisablePubekRead(TSS_HCONTEXT tspContext, /* in */ + TPM_AUTH * ownerAuth) /* in, out */ +{ + TSS_RESULT result; + UINT32 handlesLen = 0; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + result = obj_context_transport_execute(tspContext, TPM_ORD_DisablePubekRead, 0, NULL, NULL, + &handlesLen, NULL, ownerAuth, NULL, NULL, NULL); + + return result; +} + +TSS_RESULT +Transport_ResetLockValue(TSS_HCONTEXT tspContext, /* in */ + TPM_AUTH * ownerAuth) /* in, out */ +{ + TSS_RESULT result; + UINT32 handlesLen = 0; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + result = obj_context_transport_execute(tspContext, TPM_ORD_ResetLockValue, 0, NULL, NULL, + &handlesLen, NULL, ownerAuth, NULL, NULL, NULL); + + return result; +} + +TSS_RESULT +Transport_PhysicalPresence(TSS_HCONTEXT tspContext, /* in */ + TCPA_PHYSICAL_PRESENCE fPhysicalPresence) /* in */ +{ + TSS_RESULT result; + UINT32 handlesLen = 0; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + result = obj_context_transport_execute(tspContext, TSC_ORD_PhysicalPresence, + sizeof(TCPA_PHYSICAL_PRESENCE), + (BYTE *)&fPhysicalPresence, NULL, &handlesLen, NULL, + NULL, NULL, NULL, NULL); + + return result; +} + +TSS_RESULT +Transport_FlushSpecific(TSS_HCONTEXT tspContext, /* in */ + TCS_HANDLE hResHandle, /* in */ + TPM_RESOURCE_TYPE resourceType) /* in */ +{ + UINT64 offset; + TSS_RESULT result; + UINT32 handlesLen = 1; + TCS_HANDLE *handles, handle; + BYTE data[sizeof(UINT32)]; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + handle = hResHandle; + handles = &handle; + + offset = 0; + Trspi_LoadBlob_UINT32(&offset, resourceType, data); + + result = obj_context_transport_execute(tspContext, TPM_ORD_FlushSpecific, sizeof(data), + data, NULL, &handlesLen, &handles, NULL, NULL, NULL, + NULL); + + return result; +} +#endif + diff --git a/src/tspi/tsp_aik.c b/src/tspi/tsp_aik.c new file mode 100644 index 0000000..ead4134 --- /dev/null +++ b/src/tspi/tsp_aik.c @@ -0,0 +1,143 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +#ifdef TSS_BUILD_TRANSPORT +TSS_RESULT +Transport_ActivateTPMIdentity(TSS_HCONTEXT tspContext, + TCS_KEY_HANDLE idKey, /* in */ + UINT32 blobSize, /* in */ + BYTE * blob, /* in */ + TPM_AUTH * idKeyAuth, /* in, out */ + TPM_AUTH * ownerAuth, /* in, out */ + UINT32 * SymmetricKeySize, /* out */ + BYTE ** SymmetricKey) /* out */ +{ + TSS_RESULT result; + UINT32 handlesLen, decLen; + TCS_HANDLE *handles, handle; + TPM_DIGEST pubKeyHash; + Trspi_HashCtx hashCtx; + BYTE *dec; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + if ((result = obj_tcskey_get_pubkeyhash(idKey, pubKeyHash.digest))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_DIGEST(&hashCtx, pubKeyHash.digest); + if ((result |= Trspi_HashFinal(&hashCtx, pubKeyHash.digest))) + return result; + + handlesLen = 1; + handle = idKey; + handles = &handle; + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_ActivateIdentity, blobSize, + blob, &pubKeyHash, &handlesLen, &handles, + idKeyAuth, ownerAuth, &decLen, &dec))) + return result; + + *SymmetricKeySize = decLen; + *SymmetricKey = dec; + + return result; +} + +TSS_RESULT +Transport_MakeIdentity2(TSS_HCONTEXT tspContext, + TCPA_ENCAUTH identityAuth, /* in */ + TCPA_CHOSENID_HASH IDLabel_PrivCAHash, /* in */ + UINT32 idKeyInfoSize, /* in */ + BYTE * idKeyInfo, /* in */ + TPM_AUTH * pSrkAuth, /* in, out */ + TPM_AUTH * pOwnerAuth, /* in, out */ + UINT32 * idKeySize, /* out */ + BYTE ** idKey, /* out */ + UINT32 * pcIdentityBindingSize, /* out */ + BYTE ** prgbIdentityBinding) /* out */ +{ + UINT64 offset; + TSS_RESULT result; + UINT32 handlesLen = 0, decLen, dataLen; + BYTE *dec, *data; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + dataLen = sizeof(TCPA_ENCAUTH) + sizeof(TCPA_CHOSENID_HASH) + idKeyInfoSize; + if ((data = malloc(dataLen)) == NULL) { + LogError("malloc of %u bytes failed", dataLen); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + offset = 0; + Trspi_LoadBlob(&offset, sizeof(TCPA_ENCAUTH), data, identityAuth.authdata); + Trspi_LoadBlob(&offset, sizeof(TCPA_CHOSENID_HASH), data, IDLabel_PrivCAHash.digest); + Trspi_LoadBlob(&offset, idKeyInfoSize, data, idKeyInfo); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_MakeIdentity, dataLen, + data, NULL, &handlesLen, NULL, pSrkAuth, + pOwnerAuth, &decLen, &dec))) { + free(data); + return result; + } + free(data); + + offset = 0; + UnloadBlob_TSS_KEY(&offset, dec, NULL); + *idKeySize = offset; + + if ((*idKey = malloc(*idKeySize)) == NULL) { + free(dec); + LogError("malloc of %u bytes failed", *idKeySize); + *idKeySize = 0; + return TSPERR(TSS_E_OUTOFMEMORY); + } + + offset = 0; + Trspi_UnloadBlob(&offset, *idKeySize, dec, *idKey); + + Trspi_UnloadBlob_UINT32(&offset, pcIdentityBindingSize, dec); + if ((*prgbIdentityBinding = malloc(*pcIdentityBindingSize)) == NULL) { + free(dec); + free(*idKey); + *idKey = NULL; + *idKeySize = 0; + LogError("malloc of %u bytes failed", *pcIdentityBindingSize); + *pcIdentityBindingSize = 0; + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(&offset, *pcIdentityBindingSize, dec, *prgbIdentityBinding); + free(dec); + + return result; +} +#endif + diff --git a/src/tspi/tsp_asym.c b/src/tspi/tsp_asym.c new file mode 100644 index 0000000..721e8fd --- /dev/null +++ b/src/tspi/tsp_asym.c @@ -0,0 +1,117 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +/* encrypt some data with the RSA public key of 'key', using the padding appropriate for the key */ +TSS_RESULT +__tspi_rsa_encrypt(TSS_HKEY key, + UINT32 inDataLen, + BYTE* inData, + UINT32* outDataLen, + BYTE* outData) +{ + BYTE *blob; + UINT32 blobLen; + UINT64 offset; + TSS_RESULT result; + TSS_HCONTEXT tspContext; + TPM_PUBKEY pubKey; + + if (!inData || !outDataLen || !outData) + return TSPERR(TSS_E_INTERNAL_ERROR); + + if ((result = obj_rsakey_get_tsp_context(key, &tspContext))) + return result; + + if ((result = obj_rsakey_get_pub_blob(key, &blobLen, &blob))) + return result; + + offset = 0; + if ((result = Trspi_UnloadBlob_PUBKEY(&offset, blob, &pubKey))) { + free_tspi(tspContext, blob); + return result; + } + free_tspi(tspContext, blob); + + if (pubKey.pubKey.keyLength < inDataLen) { + result = TSPERR(TSS_E_ENC_INVALID_LENGTH); + goto done; + } + + if (pubKey.algorithmParms.encScheme == TPM_ES_RSAESPKCSv15 || + pubKey.algorithmParms.encScheme == TSS_ES_RSAESPKCSV15) { + if ((result = Trspi_RSA_PKCS15_Encrypt(inData, inDataLen, outData, outDataLen, + pubKey.pubKey.key, pubKey.pubKey.keyLength))) + goto done; + } else { + if ((result = Trspi_TPM_RSA_OAEP_Encrypt(inData, inDataLen, outData, outDataLen, + pubKey.pubKey.key, + pubKey.pubKey.keyLength))) + goto done; + } + +done: + free(pubKey.pubKey.key); + free(pubKey.algorithmParms.parms); + return result; +} + +TSS_RESULT +__tspi_rsa_verify(TSS_HKEY key, + UINT32 type, + UINT32 hashLen, + BYTE* hash, + UINT32 sigLen, + BYTE* sig) +{ + BYTE *blob; + UINT32 blobLen; + UINT64 offset; + TSS_RESULT result; + TSS_HCONTEXT tspContext; + TPM_PUBKEY pubKey; + + if (!hash || !sig) + return TSPERR(TSS_E_INTERNAL_ERROR); + + if ((result = obj_rsakey_get_tsp_context(key, &tspContext))) + return result; + + if ((result = obj_rsakey_get_pub_blob(key, &blobLen, &blob))) + return result; + + offset = 0; + if ((result = Trspi_UnloadBlob_PUBKEY(&offset, blob, &pubKey))) { + free_tspi(tspContext, blob); + return result; + } + free_tspi(tspContext, blob); + + result = Trspi_Verify(type, hash, hashLen, pubKey.pubKey.key, pubKey.pubKey.keyLength, + sig, sigLen); + + free(pubKey.pubKey.key); + free(pubKey.algorithmParms.parms); + + return result; +} diff --git a/src/tspi/tsp_audit.c b/src/tspi/tsp_audit.c new file mode 100644 index 0000000..1c5faf1 --- /dev/null +++ b/src/tspi/tsp_audit.c @@ -0,0 +1,256 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "tsplog.h" +#include "obj.h" + + +TSS_RESULT +__tspi_audit_set_ordinal_audit_status(TSS_HTPM hTpm, + TSS_FLAG flag, + TSS_FLAG subFlag, + UINT32 ulOrdinal) +{ + TSS_BOOL bAuditState; + TSS_HCONTEXT tspContext; + TSS_HPOLICY hPolicy; + TPM_AUTH ownerAuth; + Trspi_HashCtx hashCtx; + TCPA_DIGEST digest; + TSS_RESULT result = TSS_SUCCESS; + + if (flag != TSS_TSPATTRIB_TPM_ORDINAL_AUDIT_STATUS) + return TSPERR(TSS_E_BAD_PARAMETER); + + switch (subFlag) { + case TPM_CAP_PROP_TPM_SET_ORDINAL_AUDIT: + bAuditState = TRUE; + break; + + case TPM_CAP_PROP_TPM_CLEAR_ORDINAL_AUDIT: + bAuditState = FALSE; + break; + + default: + return TSPERR(TSS_E_BAD_PARAMETER); + } + + if ((result = obj_tpm_get_tsp_context(hTpm, &tspContext))) + return result; + + if ((result = obj_tpm_get_policy(hTpm, TSS_POLICY_USAGE, &hPolicy))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_SetOrdinalAuditStatus); + result |= Trspi_Hash_UINT32(&hashCtx, ulOrdinal); + result |= Trspi_Hash_BOOL(&hashCtx, bAuditState); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if ((result = secret_PerformAuth_OIAP(hTpm, TPM_ORD_SetOrdinalAuditStatus, + hPolicy, FALSE, &digest, &ownerAuth))) + return result; + + if ((result = TCS_API(tspContext)->SetOrdinalAuditStatus(tspContext, &ownerAuth, ulOrdinal, + bAuditState))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_SetOrdinalAuditStatus); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + return obj_policy_validate_auth_oiap(hPolicy, &digest, &ownerAuth); +} + +#ifdef TSS_BUILD_TRANSPORT +TSS_RESULT +Transport_SetOrdinalAuditStatus(TSS_HCONTEXT tspContext, /* in */ + TPM_AUTH *ownerAuth, /* in/out */ + UINT32 ulOrdinal, /* in */ + TSS_BOOL bAuditState) /* in */ +{ + TSS_RESULT result; + UINT32 handlesLen = 0; + UINT64 offset; + BYTE data[sizeof(UINT32) + sizeof(TSS_BOOL)]; + + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + offset = 0; + Trspi_LoadBlob_UINT32(&offset, ulOrdinal, data); + Trspi_LoadBlob_BOOL(&offset, bAuditState, data); + + result = obj_context_transport_execute(tspContext, TPM_ORD_SetOrdinalAuditStatus, + sizeof(data), data, NULL, &handlesLen, NULL, + ownerAuth, NULL, NULL, NULL); + return result; +} + +TSS_RESULT +Transport_GetAuditDigest(TSS_HCONTEXT tspContext, /* in */ + UINT32 startOrdinal, /* in */ + TPM_DIGEST *auditDigest, /* out */ + UINT32 *counterValueSize, /* out */ + BYTE **counterValue, /* out */ + TSS_BOOL *more, /* out */ + UINT32 *ordSize, /* out */ + UINT32 **ordList) /* out */ +{ + TSS_RESULT result; + UINT32 handlesLen = 0, decLen; + BYTE *dec = NULL; + UINT64 offset; + BYTE data[sizeof(UINT32)]; + + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + offset = 0; + Trspi_LoadBlob_UINT32(&offset, startOrdinal, data); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_GetAuditDigest, + sizeof(data), data, NULL, &handlesLen, NULL, + NULL, NULL, &decLen, &dec))) + return result; + + offset = 0; + Trspi_UnloadBlob_COUNTER_VALUE(&offset, dec, NULL); + + *counterValueSize = (UINT32)offset; + if ((*counterValue = malloc(*counterValueSize)) == NULL) { + free(dec); + LogError("malloc of %u bytes failed", *counterValueSize); + *counterValueSize = 0; + return TSPERR(TSS_E_OUTOFMEMORY); + } + offset = 0; + Trspi_UnloadBlob(&offset, *counterValueSize, dec, *counterValue); + + Trspi_UnloadBlob_DIGEST(&offset, dec, auditDigest); + Trspi_UnloadBlob_BOOL(&offset, more, dec); + + Trspi_UnloadBlob_UINT32(&offset, ordSize, dec); + + if ((*ordList = malloc(*ordSize)) == NULL) { + free(dec); + free(*counterValue); + *counterValue = NULL; + *counterValueSize = 0; + LogError("malloc of %u bytes failed", *ordSize); + *ordSize = 0; + return TSPERR(TSS_E_OUTOFMEMORY); + } + + Trspi_UnloadBlob(&offset, *ordSize, dec, *(BYTE **)ordList); + *ordSize /= sizeof(UINT32); + + return TSS_SUCCESS; +} + +TSS_RESULT +Transport_GetAuditDigestSigned(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + TSS_BOOL closeAudit, /* in */ + TPM_NONCE *antiReplay, /* in */ + TPM_AUTH *privAuth, /* in/out */ + UINT32 *counterValueSize, /* out */ + BYTE **counterValue, /* out */ + TPM_DIGEST *auditDigest, /* out */ + TPM_DIGEST *ordinalDigest, /* out */ + UINT32 *sigSize, /* out */ + BYTE **sig) /* out */ +{ + TSS_RESULT result; + UINT32 handlesLen, decLen; + TCS_HANDLE *handles, handle; + BYTE *dec = NULL; + TPM_DIGEST pubKeyHash; + Trspi_HashCtx hashCtx; + UINT64 offset; + BYTE data[sizeof(TSS_BOOL) + sizeof(TPM_NONCE)]; + + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + if ((result = obj_tcskey_get_pubkeyhash(keyHandle, pubKeyHash.digest))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_DIGEST(&hashCtx, pubKeyHash.digest); + if ((result |= Trspi_HashFinal(&hashCtx, pubKeyHash.digest))) + return result; + + handlesLen = 1; + handle = keyHandle; + handles = &handle; + + offset = 0; + Trspi_LoadBlob_BOOL(&offset, closeAudit, data); + Trspi_LoadBlob_NONCE(&offset, data, antiReplay); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_GetAuditDigestSigned, + sizeof(data), data, &pubKeyHash, &handlesLen, + &handles, privAuth, NULL, &decLen, &dec))) + return result; + + offset = 0; + Trspi_UnloadBlob_COUNTER_VALUE(&offset, dec, NULL); + + *counterValueSize = (UINT32)offset; + if ((*counterValue = malloc(*counterValueSize)) == NULL) { + free(dec); + LogError("malloc of %u bytes failed", *counterValueSize); + *counterValueSize = 0; + return TSPERR(TSS_E_OUTOFMEMORY); + } + offset = 0; + Trspi_UnloadBlob(&offset, *counterValueSize, dec, *counterValue); + + Trspi_UnloadBlob_DIGEST(&offset, dec, auditDigest); + Trspi_UnloadBlob_DIGEST(&offset, dec, ordinalDigest); + + Trspi_UnloadBlob_UINT32(&offset, sigSize, dec); + + if ((*sig = malloc(*sigSize)) == NULL) { + free(dec); + free(*counterValue); + *counterValue = NULL; + *counterValueSize = 0; + LogError("malloc of %u bytes failed", *sigSize); + *counterValueSize = 0; + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(&offset, *sigSize, dec, *sig); + + return TSS_SUCCESS; +} +#endif diff --git a/src/tspi/tsp_auth.c b/src/tspi/tsp_auth.c new file mode 100755 index 0000000..4a57ae7 --- /dev/null +++ b/src/tspi/tsp_auth.c @@ -0,0 +1,1230 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + + +#include +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" +#include "authsess.h" + + +TSS_RESULT +secret_PerformAuth_OIAP(TSS_HOBJECT hAuthorizedObject, + UINT32 ulPendingFn, + TSS_HPOLICY hPolicy, + TSS_BOOL cas, /* continue auth session */ + TCPA_DIGEST *hashDigest, + TPM_AUTH *auth) +{ + TSS_RESULT result; + TSS_BOOL bExpired; + UINT32 mode; + TCPA_SECRET secret; + TSS_HCONTEXT tspContext; + TSS_RESULT (*OIAP)(TSS_HCONTEXT, TCS_AUTHHANDLE *, TPM_NONCE *); // XXX hack + TSS_RESULT (*TerminateHandle)(TSS_HCONTEXT, TCS_HANDLE); // XXX hack + + /* This validates that the secret can be used */ + if ((result = obj_policy_has_expired(hPolicy, &bExpired))) + return result; + + if (bExpired == TRUE) + return TSPERR(TSS_E_INVALID_OBJ_ACCESS); + + if ((result = obj_policy_get_tsp_context(hPolicy, &tspContext))) + return result; + + if ((result = obj_policy_get_mode(hPolicy, &mode))) + return result; + + if ((result = Init_AuthNonce(tspContext, cas, auth))) + return result; + + /* XXX hack for opening a transport session */ + if (cas) { + OIAP = RPC_OIAP; + TerminateHandle = RPC_TerminateHandle; + } else { + OIAP = TCS_API(tspContext)->OIAP; + TerminateHandle = TCS_API(tspContext)->TerminateHandle; + } + + /* added retry logic */ + if ((result = OIAP(tspContext, &auth->AuthHandle, &auth->NonceEven))) { + if (result == TCPA_E_RESOURCES) { + int retry = 0; + do { + /* POSIX sleep time, { secs, nanosecs } */ + struct timespec t = { 0, AUTH_RETRY_NANOSECS }; + + nanosleep(&t, NULL); + + result = OIAP(tspContext, &auth->AuthHandle, &auth->NonceEven); + } while (result == TCPA_E_RESOURCES && ++retry < AUTH_RETRY_COUNT); + } + + if (result) + return result; + } + + switch (mode) { + case TSS_SECRET_MODE_CALLBACK: + result = obj_policy_do_hmac(hPolicy, hAuthorizedObject, + TRUE, ulPendingFn, + auth->fContinueAuthSession, + 20, + auth->NonceEven.nonce, + auth->NonceOdd.nonce, + NULL, NULL, 20, + hashDigest->digest, + (BYTE *)&auth->HMAC); + break; + case TSS_SECRET_MODE_SHA1: + case TSS_SECRET_MODE_PLAIN: + case TSS_SECRET_MODE_POPUP: + if ((result = obj_policy_get_secret(hPolicy, TR_SECRET_CTX_NOT_NEW, + &secret))) + break; + + HMAC_Auth(secret.authdata, hashDigest->digest, auth); + break; + case TSS_SECRET_MODE_NONE: + /* fall through */ + default: + result = TSPERR(TSS_E_POLICY_NO_SECRET); + break; + } + + if (result) { + TerminateHandle(tspContext, auth->AuthHandle); + return result; + } + + return obj_policy_dec_counter(hPolicy); +} +#if 0 +TSS_RESULT +secret_PerformXOR_OSAP(TSS_HPOLICY hPolicy, TSS_HPOLICY hUsagePolicy, + TSS_HPOLICY hMigrationPolicy, TSS_HOBJECT hOSAPObject, + UINT16 osapType, UINT32 osapData, + TCPA_ENCAUTH * encAuthUsage, TCPA_ENCAUTH * encAuthMig, + BYTE *sharedSecret, TPM_AUTH * auth, TCPA_NONCE * nonceEvenOSAP) +{ + TSS_BOOL bExpired; + TCPA_SECRET keySecret; + TCPA_SECRET usageSecret; + TCPA_SECRET migSecret = { { 0, } }; + UINT32 keyMode, usageMode, migMode = 0; + TSS_RESULT result; + TSS_HCONTEXT tspContext; + + + if ((result = obj_policy_has_expired(hPolicy, &bExpired))) + return result; + + if (bExpired == TRUE) + return TSPERR(TSS_E_INVALID_OBJ_ACCESS); + + if ((result = obj_policy_has_expired(hUsagePolicy, &bExpired))) + return result; + + if (bExpired == TRUE) + return TSPERR(TSS_E_INVALID_OBJ_ACCESS); + + if (hMigrationPolicy) { + if ((result = obj_policy_has_expired(hMigrationPolicy, &bExpired))) + return result; + + if (bExpired == TRUE) + return TSPERR(TSS_E_INVALID_OBJ_ACCESS); + + if ((result = obj_policy_get_mode(hMigrationPolicy, &migMode))) + return result; + } + + if ((result = obj_policy_get_tsp_context(hPolicy, &tspContext))) + return result; + + if ((result = obj_policy_get_mode(hPolicy, &keyMode))) + return result; + + if ((result = obj_policy_get_mode(hUsagePolicy, &usageMode))) + return result; + + if (keyMode == TSS_SECRET_MODE_CALLBACK || + usageMode == TSS_SECRET_MODE_CALLBACK || + (hMigrationPolicy && migMode == TSS_SECRET_MODE_CALLBACK)) { + if (keyMode != TSS_SECRET_MODE_CALLBACK || + usageMode != TSS_SECRET_MODE_CALLBACK || + (hMigrationPolicy && migMode != TSS_SECRET_MODE_CALLBACK)) + return TSPERR(TSS_E_BAD_PARAMETER); + } + + if (keyMode != TSS_SECRET_MODE_CALLBACK) { + if ((result = obj_policy_get_secret(hPolicy, TR_SECRET_CTX_NOT_NEW, &keySecret))) + return result; + + if ((result = obj_policy_get_secret(hUsagePolicy, TR_SECRET_CTX_NEW, &usageSecret))) + return result; + + if (hMigrationPolicy) { + if ((result = obj_policy_get_secret(hMigrationPolicy, TR_SECRET_CTX_NEW, + &migSecret))) + return result; + } + + if ((result = OSAP_Calc(tspContext, osapType, osapData, + keySecret.authdata, usageSecret.authdata, + migSecret.authdata, encAuthUsage, + encAuthMig, sharedSecret, auth))) + return result; + } else { + /* If the secret mode is NONE here, we don't return an error. This is + * because there are commands such as CreateKey, which require an auth + * session even when creating no-auth keys. A secret of all 0's will be + * used in this case. */ + if ((result = TCS_API(tspContext)->OSAP(tspContext, osapType, osapData, + &auth->NonceOdd, &auth->AuthHandle, + &auth->NonceEven, nonceEvenOSAP))) + return result; + + if ((result = obj_policy_do_xor(hPolicy, hOSAPObject, + hPolicy, TRUE, 20, + auth->NonceEven.nonce, NULL, + nonceEvenOSAP->nonce, + auth->NonceOdd.nonce, 20, + encAuthUsage->authdata, + encAuthMig->authdata))) { + TCS_API(tspContext)->TerminateHandle(tspContext, auth->AuthHandle); + return result; + } + } + + return TSS_SUCCESS; +} + +TSS_RESULT +secret_PerformAuth_OSAP(TSS_HOBJECT hAuthorizedObject, UINT32 ulPendingFn, + TSS_HPOLICY hPolicy, TSS_HPOLICY hUsagePolicy, + TSS_HPOLICY hMigPolicy, BYTE sharedSecret[20], + TPM_AUTH *auth, BYTE *hashDigest, + TCPA_NONCE *nonceEvenOSAP) +{ + TSS_RESULT result; + UINT32 keyMode, usageMode, migMode = 0; + + if ((result = obj_policy_get_mode(hPolicy, &keyMode))) + return result; + + if ((result = obj_policy_get_mode(hUsagePolicy, &usageMode))) + return result; + + if (hMigPolicy) { + if ((result = obj_policy_get_mode(hMigPolicy, &migMode))) + return result; + } + + /* --- If any of them is a callback */ + if (keyMode == TSS_SECRET_MODE_CALLBACK || + usageMode == TSS_SECRET_MODE_CALLBACK || + (hMigPolicy && migMode == TSS_SECRET_MODE_CALLBACK)) { + /* --- And they're not all callback */ + if (keyMode != TSS_SECRET_MODE_CALLBACK || + usageMode != TSS_SECRET_MODE_CALLBACK || + (hMigPolicy && migMode != TSS_SECRET_MODE_CALLBACK)) + return TSPERR(TSS_E_BAD_PARAMETER); + } + + if (keyMode == TSS_SECRET_MODE_CALLBACK) { + if ((result = obj_policy_do_hmac(hPolicy, hAuthorizedObject, + TRUE, ulPendingFn, + auth->fContinueAuthSession, + 20, + auth->NonceEven.nonce, + NULL, + nonceEvenOSAP->nonce, + auth->NonceOdd.nonce, 20, + hashDigest, + (BYTE *)&auth->HMAC))) + return result; + } else { + HMAC_Auth(sharedSecret, hashDigest, auth); + } + + if ((result = obj_policy_dec_counter(hPolicy))) + return result; + + if ((result = obj_policy_dec_counter(hUsagePolicy))) + return result; + + if (hMigPolicy) { + if ((result = obj_policy_dec_counter(hMigPolicy))) + return result; + } + + return TSS_SUCCESS; +} + +TSS_RESULT +secret_ValidateAuth_OSAP(TSS_HOBJECT hAuthorizedObject, UINT32 ulPendingFn, + TSS_HPOLICY hPolicy, TSS_HPOLICY hUsagePolicy, + TSS_HPOLICY hMigPolicy, BYTE sharedSecret[20], + TPM_AUTH *auth, BYTE *hashDigest, + TCPA_NONCE *nonceEvenOSAP) +{ + TSS_RESULT result; + UINT32 keyMode, usageMode, migMode = 0; + + if ((result = obj_policy_get_mode(hPolicy, &keyMode))) + return result; + + if ((result = obj_policy_get_mode(hUsagePolicy, &usageMode))) + return result; + + if (hMigPolicy) { + if ((result = obj_policy_get_mode(hMigPolicy, &migMode))) + return result; + } + + /* --- If any of them is a callback */ + if (keyMode == TSS_SECRET_MODE_CALLBACK || + usageMode == TSS_SECRET_MODE_CALLBACK || + (hMigPolicy && migMode == TSS_SECRET_MODE_CALLBACK)) { + /* --- And they're not all callback */ + if (keyMode != TSS_SECRET_MODE_CALLBACK || + usageMode != TSS_SECRET_MODE_CALLBACK || + (hMigPolicy && migMode != TSS_SECRET_MODE_CALLBACK)) + return TSPERR(TSS_E_BAD_PARAMETER); + } + + if (keyMode != TSS_SECRET_MODE_CALLBACK) { + if (validateReturnAuth(sharedSecret, hashDigest, auth)) + return TSPERR(TSS_E_TSP_AUTHFAIL); + } else { + if ((result = obj_policy_do_hmac(hPolicy, hAuthorizedObject, + FALSE, ulPendingFn, + auth->fContinueAuthSession, + 20, + auth->NonceEven.nonce, + NULL, + nonceEvenOSAP->nonce, + auth->NonceOdd.nonce, 20, + hashDigest, + (BYTE *)&auth->HMAC))) + return result; + } + + return TSS_SUCCESS; +} +#endif +TSS_RESULT +Init_AuthNonce(TSS_HCONTEXT tspContext, TSS_BOOL cas, TPM_AUTH * auth) +{ + TSS_RESULT result; + + auth->fContinueAuthSession = cas; + if ((result = get_local_random(tspContext, FALSE, sizeof(TPM_NONCE), + (BYTE **)auth->NonceOdd.nonce))) { + LogError("Failed creating random nonce"); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + return TSS_SUCCESS; +} + +TSS_BOOL +validateReturnAuth(BYTE *secret, BYTE *hash, TPM_AUTH *auth) +{ + BYTE digest[20]; + /* auth is expected to have both nonces and the digest from the TPM */ + memcpy(digest, &auth->HMAC, 20); + HMAC_Auth(secret, hash, auth); + + return ((TSS_BOOL) memcmp(digest, &auth->HMAC, 20) != 0); +} + +void +HMAC_Auth(BYTE * secret, BYTE * Digest, TPM_AUTH * auth) +{ + UINT64 offset; + BYTE Blob[61]; + + offset = 0; + Trspi_LoadBlob(&offset, 20, Blob, Digest); + Trspi_LoadBlob(&offset, 20, Blob, auth->NonceEven.nonce); + Trspi_LoadBlob(&offset, 20, Blob, auth->NonceOdd.nonce); + Blob[offset++] = auth->fContinueAuthSession; + + Trspi_HMAC(TSS_HASH_SHA1, 20, secret, offset, Blob, (BYTE *)&auth->HMAC); +} + +TSS_RESULT +OSAP_Calc(TSS_HCONTEXT tspContext, UINT16 EntityType, UINT32 EntityValue, + BYTE * authSecret, BYTE * usageSecret, BYTE * migSecret, + TCPA_ENCAUTH * encAuthUsage, TCPA_ENCAUTH * encAuthMig, + BYTE * sharedSecret, TPM_AUTH * auth) +{ + TSS_RESULT rc; + TCPA_NONCE nonceEvenOSAP; + UINT64 offset; + BYTE hmacBlob[0x200]; + BYTE hashBlob[0x200]; + BYTE xorUsageAuth[20]; + BYTE xorMigAuth[20]; + UINT32 i; + + if ((rc = get_local_random(tspContext, FALSE, sizeof(TPM_NONCE), + (BYTE **)auth->NonceOdd.nonce))) { + LogError("Failed creating random nonce"); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + auth->fContinueAuthSession = 0x00; + + if ((rc = TCS_API(tspContext)->OSAP(tspContext, EntityType, EntityValue, &auth->NonceOdd, + &auth->AuthHandle, &auth->NonceEven, &nonceEvenOSAP))) { + if (rc == TCPA_E_RESOURCES) { + int retry = 0; + do { + /* POSIX sleep time, { secs, nanosecs } */ + struct timespec t = { 0, AUTH_RETRY_NANOSECS }; + + nanosleep(&t, NULL); + + rc = TCS_API(tspContext)->OSAP(tspContext, EntityType, EntityValue, + &auth->NonceOdd, &auth->AuthHandle, + &auth->NonceEven, &nonceEvenOSAP); + } while (rc == TCPA_E_RESOURCES && ++retry < AUTH_RETRY_COUNT); + } + + if (rc) + return rc; + } + + offset = 0; + Trspi_LoadBlob(&offset, 20, hmacBlob, nonceEvenOSAP.nonce); + Trspi_LoadBlob(&offset, 20, hmacBlob, auth->NonceOdd.nonce); + + Trspi_HMAC(TSS_HASH_SHA1, 20, authSecret, offset, hmacBlob, sharedSecret); + + offset = 0; + Trspi_LoadBlob(&offset, 20, hashBlob, sharedSecret); + Trspi_LoadBlob(&offset, 20, hashBlob, auth->NonceEven.nonce); + + if ((rc = Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob, xorUsageAuth))) + return rc; + + offset = 0; + Trspi_LoadBlob(&offset, 20, hashBlob, sharedSecret); + Trspi_LoadBlob(&offset, 20, hashBlob, auth->NonceOdd.nonce); + if ((rc = Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob, xorMigAuth))) + return rc; + + for (i = 0; i < sizeof(TCPA_ENCAUTH); i++) + encAuthUsage->authdata[i] = usageSecret[i] ^ xorUsageAuth[i]; + for (i = 0; i < sizeof(TCPA_ENCAUTH); i++) + encAuthMig->authdata[i] = migSecret[i] ^ xorMigAuth[i]; + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_policy_validate_auth_oiap(TSS_HPOLICY hPolicy, TCPA_DIGEST *hashDigest, TPM_AUTH *auth) +{ + TSS_RESULT result = TSS_SUCCESS; + struct tsp_object *obj; + struct tr_policy_obj *policy; + BYTE wellKnown[TCPA_SHA1_160_HASH_LEN] = TSS_WELL_KNOWN_SECRET; + + if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + policy = (struct tr_policy_obj *)obj->data; + + switch (policy->SecretMode) { + case TSS_SECRET_MODE_CALLBACK: + result = policy->Tspicb_CallbackHMACAuth( + policy->hmacAppData, + hPolicy, + 0, + auth->fContinueAuthSession, + FALSE, + 20, + auth->NonceEven.nonce, + auth->NonceOdd.nonce, + NULL, NULL, 20, + hashDigest->digest, + (BYTE *)&auth->HMAC); + break; + case TSS_SECRET_MODE_SHA1: + case TSS_SECRET_MODE_PLAIN: + case TSS_SECRET_MODE_POPUP: + if (validateReturnAuth(policy->Secret, hashDigest->digest, auth)) + result = TSPERR(TSS_E_TSP_AUTHFAIL); + break; + case TSS_SECRET_MODE_NONE: + if (validateReturnAuth(wellKnown, hashDigest->digest, auth)) + result = TSPERR(TSS_E_TSP_AUTHFAIL); + break; + default: + result = TSPERR(TSS_E_POLICY_NO_SECRET); + break; + } + + obj_list_put(&policy_list); + + return result; +} + +#if 0 +TSS_RESULT +authsess_oiap_get(TSS_HOBJECT obj, TPM_COMMAND_CODE ord, TPM_DIGEST *digest, TPM_AUTH *auth) +{ + TSS_RESULT result = TSS_SUCCESS; + TSS_BOOL bExpired; + UINT32 mode; + TPM_SECRET secret; + TSS_HCONTEXT tspContext; + TSS_RESULT (*OIAP)(TSS_HCONTEXT, TCS_AUTHHANDLE *, TPM_NONCE *); // XXX hack + TSS_RESULT (*TerminateHandle)(TSS_HCONTEXT, TCS_HANDLE); // XXX hack + + + if (obj_is_tpm(obj)) + result = obj_tpm_get_tsp_context(obj, hContext); + else if (obj_is_rsakey(obj)) + result = obj_rsakey_get_tsp_context(obj, hContext); + else if (obj_is_encdata(obj)) + result = obj_encdata_get_tsp_context(obj, hContext); + else if (obj_is_nvstore(obj)) + result = obj_nvstore_get_tsp_context(obj, hContext); + else + result = TSPERR(TSS_E_INVALID_HANDLE); + +#if 0 + /* This validates that the secret can be used */ + if ((result = obj_policy_has_expired(hPolicy, &bExpired))) + return result; + + if (bExpired == TRUE) + return TSPERR(TSS_E_INVALID_OBJ_ACCESS); + + if ((result = obj_policy_get_tsp_context(hPolicy, &tspContext))) + return result; + + if ((result = obj_policy_get_mode(hPolicy, &mode))) + return result; +#else + if ((result = obj_policy_get_authsess_params())) + return result; +#endif + if ((result = Init_AuthNonce(tspContext, cas, auth))) + return result; + + /* XXX hack for opening a transport session */ + if (cas) { + OIAP = RPC_OIAP; + TerminateHandle = RPC_TerminateHandle; + } else { + OIAP = TCS_API(tspContext)->OIAP; + TerminateHandle = TCS_API(tspContext)->TerminateHandle; + } + + /* added retry logic */ + if ((result = OIAP(tspContext, &auth->AuthHandle, &auth->NonceEven))) { + if (result == TCPA_E_RESOURCES) { + int retry = 0; + do { + /* POSIX sleep time, { secs, nanosecs } */ + struct timespec t = { 0, AUTH_RETRY_NANOSECS }; + + nanosleep(&t, NULL); + + result = OIAP(tspContext, &auth->AuthHandle, &auth->NonceEven); + } while (result == TCPA_E_RESOURCES && ++retry < AUTH_RETRY_COUNT); + } + + if (result) + return result; + } + + switch (mode) { + case TSS_SECRET_MODE_CALLBACK: + result = obj_policy_do_hmac(hPolicy, hAuthorizedObject, + TRUE, ulPendingFn, + auth->fContinueAuthSession, + 20, + auth->NonceEven.nonce, + auth->NonceOdd.nonce, + NULL, NULL, 20, + hashDigest->digest, + (BYTE *)&auth->HMAC); + break; + case TSS_SECRET_MODE_SHA1: + case TSS_SECRET_MODE_PLAIN: + case TSS_SECRET_MODE_POPUP: + if ((result = obj_policy_get_secret(hPolicy, TR_SECRET_CTX_NOT_NEW, + &secret))) + break; + + HMAC_Auth(secret.authdata, hashDigest->digest, auth); + break; + case TSS_SECRET_MODE_NONE: + /* fall through */ + default: + result = TSPERR(TSS_E_POLICY_NO_SECRET); + break; + } + + if (result) { + TerminateHandle(tspContext, auth->AuthHandle); + return result; + } + + return obj_policy_dec_counter(hPolicy); +} + +TSS_RESULT +authsess_oiap_put(TPM_AUTH *auth) +{ +} +#endif + +#ifdef TSS_BUILD_DELEGATION +TSS_RESULT +authsess_do_dsap(struct authsess *sess) +{ + TSS_RESULT result; + + if ((result = TCS_API(sess->tspContext)->DSAP(sess->tspContext, sess->entity_type, + sess->obj_parent, &sess->nonceOddxSAP, + sess->entityValueSize, sess->entityValue, + &sess->pAuth->AuthHandle, + &sess->pAuth->NonceEven, + &sess->nonceEvenxSAP))) { + if (result == TCPA_E_RESOURCES) { + int retry = 0; + do { + /* POSIX sleep time, { secs, nanosecs } */ + struct timespec t = { 0, AUTH_RETRY_NANOSECS }; + + nanosleep(&t, NULL); + + result = TCS_API(sess->tspContext)->DSAP(sess->tspContext, + sess->entity_type, + sess->obj_parent, + &sess->nonceOddxSAP, + sess->entityValueSize, + sess->entityValue, + &sess->pAuth->AuthHandle, + &sess->pAuth->NonceEven, + &sess->nonceEvenxSAP); + } while (result == TCPA_E_RESOURCES && ++retry < AUTH_RETRY_COUNT); + } + } + + return result; +} +#endif + +TSS_RESULT +authsess_do_osap(struct authsess *sess) +{ + TSS_RESULT result; + + if ((result = TCS_API(sess->tspContext)->OSAP(sess->tspContext, sess->entity_type, + sess->obj_parent, &sess->nonceOddxSAP, + &sess->pAuth->AuthHandle, + &sess->pAuth->NonceEven, + &sess->nonceEvenxSAP))) { + if (result == TCPA_E_RESOURCES) { + int retry = 0; + do { + /* POSIX sleep time, { secs, nanosecs } */ + struct timespec t = { 0, AUTH_RETRY_NANOSECS }; + + nanosleep(&t, NULL); + + result = TCS_API(sess->tspContext)->OSAP(sess->tspContext, + sess->entity_type, + sess->obj_parent, + &sess->nonceOddxSAP, + &sess->pAuth->AuthHandle, + &sess->pAuth->NonceEven, + &sess->nonceEvenxSAP); + } while (result == TCPA_E_RESOURCES && ++retry < AUTH_RETRY_COUNT); + } + } + + return result; +} + +TSS_RESULT +authsess_callback_xor(PVOID lpAppData, + TSS_HOBJECT hOSAPObject, + TSS_HOBJECT hObject, + TSS_FLAG PurposeSecret, + UINT32 ulSizeNonces, + BYTE *rgbNonceEven, + BYTE *rgbNonceOdd, + BYTE *rgbNonceEvenOSAP, + BYTE *rgbNonceOddOSAP, + UINT32 ulSizeEncAuth, + BYTE *rgbEncAuthUsage, + BYTE *rgbEncAuthMigration) +{ + TSS_RESULT result; + BYTE xorUseAuth[sizeof(TPM_DIGEST)]; + BYTE xorMigAuth[sizeof(TPM_DIGEST)]; + Trspi_HashCtx hashCtx; + UINT32 i; + struct authsess *sess = (struct authsess *)lpAppData; + + /* sess->sharedSecret was calculated in authsess_xsap_init */ + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_SECRET(&hashCtx, sess->sharedSecret.digest); + result |= Trspi_Hash_NONCE(&hashCtx, rgbNonceEven); + if ((result |= Trspi_HashFinal(&hashCtx, xorUseAuth))) + return result; + + for (i = 0; i < ulSizeEncAuth; i++) + rgbEncAuthUsage[i] ^= xorUseAuth[i]; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_SECRET(&hashCtx, sess->sharedSecret.digest); + result |= Trspi_Hash_NONCE(&hashCtx, rgbNonceOdd); + if ((result |= Trspi_HashFinal(&hashCtx, xorMigAuth))) + return result; + + for (i = 0; i < ulSizeEncAuth; i++) + rgbEncAuthMigration[i] ^= xorMigAuth[i]; + + return TSS_SUCCESS; +} + +TSS_RESULT +authsess_callback_hmac(PVOID lpAppData, + TSS_HOBJECT hAuthorizedObject, + TSS_BOOL ReturnOrVerify, + UINT32 ulPendingFunction, + TSS_BOOL ContinueUse, + UINT32 ulSizeNonces, + BYTE *rgbNonceEven, + BYTE *rgbNonceOdd, + BYTE *rgbNonceEvenOSAP, + BYTE *rgbNonceOddOSAP, + UINT32 ulSizeDigestHmac, + BYTE *rgbParamDigest, + BYTE *rgbHmacData) +{ + struct authsess *sess = (struct authsess *)lpAppData; + TSS_RESULT result = TSS_SUCCESS; + UINT64 offset; + BYTE Blob[61]; + + offset = 0; + Trspi_LoadBlob(&offset, ulSizeDigestHmac, Blob, rgbParamDigest); + Trspi_LoadBlob(&offset, ulSizeNonces, Blob, rgbNonceEven); + Trspi_LoadBlob(&offset, ulSizeNonces, Blob, rgbNonceOdd); + Blob[offset++] = ContinueUse; + + if (ReturnOrVerify) { + Trspi_HMAC(TSS_HASH_SHA1, ulSizeDigestHmac, sess->sharedSecret.digest, offset, Blob, + rgbHmacData); + } else { + TPM_HMAC hmacVerify; + + Trspi_HMAC(TSS_HASH_SHA1, ulSizeDigestHmac, sess->sharedSecret.digest, offset, Blob, + hmacVerify.digest); + result = memcmp(rgbHmacData, hmacVerify.digest, ulSizeDigestHmac); + if (result) + result = TPM_E_AUTHFAIL; + } + + return result; +} + +/* Create an OSAP session. @requirements is used in different ways depending on the command to + * indicate whether we should require a policy or auth value */ +TSS_RESULT +authsess_xsap_init(TSS_HCONTEXT tspContext, + TSS_HOBJECT obj_parent, + TSS_HOBJECT obj_child, + TSS_BOOL requirements, + TPM_COMMAND_CODE command, + TPM_ENTITY_TYPE entity_type, + struct authsess **xsess) +{ + TSS_RESULT result; + TSS_BOOL authdatausage = FALSE, req_auth = TRUE, get_child_auth = TRUE, secret_set = FALSE; + BYTE hmacBlob[2 * sizeof(TPM_DIGEST)]; + UINT64 offset; + TSS_BOOL new_secret = TR_SECRET_CTX_NOT_NEW; + struct authsess *sess; + + if ((sess = calloc(1, sizeof(struct authsess))) == NULL) { + LogError("malloc of %zd bytes failed", sizeof(struct authsess)); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + switch (command) { + /* Parent is Key for the cases below */ + case TPM_ORD_Delegate_CreateKeyDelegation: + case TPM_ORD_CreateWrapKey: + case TPM_ORD_CMK_CreateKey: + case TPM_ORD_Seal: + case TPM_ORD_Sealx: + case TPM_ORD_Unseal: + case TPM_ORD_ChangeAuth: + if ((result = obj_rsakey_get_policy(obj_parent, TSS_POLICY_USAGE, + &sess->hUsageParent, NULL))) + goto error; + break; + /* Parent is TPM for the cases below */ + case TPM_ORD_Delegate_CreateOwnerDelegation: + req_auth = FALSE; + /* fall through */ + case TPM_ORD_MakeIdentity: + case TPM_ORD_NV_DefineSpace: + if ((result = obj_tpm_get_policy(obj_parent, TSS_POLICY_USAGE, + &sess->hUsageParent))) + goto error; + break; + case TPM_ORD_ChangeAuthOwner: + /* Special case, ChangeAuthOwner is used to change Owner and SRK auth */ + if (obj_is_rsakey(obj_parent)) { + if ((result = obj_rsakey_get_policy(obj_parent, TSS_POLICY_USAGE, + &sess->hUsageParent, NULL))) + goto error; + } else { + if ((result = obj_tpm_get_policy(obj_parent, TSS_POLICY_USAGE, + &sess->hUsageParent))) + goto error; + } + break; + default: + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto error; + } + + if (requirements && !sess->hUsageParent) { + result = TSPERR(TSS_E_TSP_AUTHREQUIRED); + goto error; + } + + if (sess->hUsageParent) { + /* These are trousers callback functions which will be used to process the auth + * session. If the policy type is callback for hUsageParent, they will be + * overwritten by the application defined callback functions in the policy */ + sess->cb_xor.callback = authsess_callback_xor; + sess->cb_xor.appData = (PVOID)sess; + sess->cb_hmac.callback = authsess_callback_hmac; + sess->cb_hmac.appData = (PVOID)sess; + + /* XXX the parent object doesn't always hold the callbacks */ + if ((result = obj_policy_get_xsap_params(sess->hUsageParent, command, + &sess->entity_type, &sess->entityValueSize, + &sess->entityValue, + sess->parentSecret.authdata, &sess->cb_xor, + &sess->cb_hmac, NULL, &sess->parentMode, + new_secret))) + goto error; + } else + sess->parentMode = TSS_SECRET_MODE_NONE; + + switch (command) { + /* Child is a Key object */ + case TPM_ORD_CreateWrapKey: + case TPM_ORD_CMK_CreateKey: + if ((result = obj_rsakey_get_policies(obj_child, &sess->hUsageChild, + &sess->hMigChild, &authdatausage))) + goto error; + + if (authdatausage && !sess->hUsageChild) { + result = TSPERR(TSS_E_TSP_AUTHREQUIRED); + goto error; + } + + if (obj_rsakey_is_migratable(obj_child)) { + if (!sess->hMigChild) { + result = TSPERR(TSS_E_KEY_NO_MIGRATION_POLICY); + goto error; + } + + if ((result = obj_policy_get_xsap_params(sess->hMigChild, 0, NULL, NULL, + NULL, sess->encAuthMig.authdata, + NULL, NULL, NULL, &sess->mMode, + new_secret))) + goto error; + } + + if ((result = obj_rsakey_get_tcs_handle(obj_parent, &sess->obj_parent))) + goto error; + break; + /* Child is an Encdata object */ + case TPM_ORD_Unseal: +#ifdef TSS_BUILD_SEALX + case TPM_ORD_Sealx: + /* These may be overwritten down below, when obj_policy_get_xsap_params is called + * on the child usage policy */ + sess->cb_sealx.callback = sealx_mask_cb; + sess->cb_sealx.appData = (PVOID)sess; + /* fall through */ +#endif + case TPM_ORD_Seal: + if ((result = obj_encdata_get_policy(obj_child, TSS_POLICY_USAGE, + &sess->hUsageChild))) + goto error; + + if ((result = obj_rsakey_get_tcs_handle(obj_parent, &sess->obj_parent))) + goto error; + break; +#ifdef TSS_BUILD_NV + /* Child is an NV object */ + case TPM_ORD_NV_DefineSpace: + /* The requirements variable tells us whether nv object auth is required */ + req_auth = requirements; + + if (req_auth) { + if (sess->parentMode == TSS_SECRET_MODE_NONE) { + result = TSPERR(TSS_E_TSP_AUTHREQUIRED); + goto error; + } + + if ((result = obj_nvstore_get_policy(obj_child, TSS_POLICY_USAGE, + &sess->hUsageChild))) + goto error; + + /* According to the spec, we must fall back on the TSP context's policy for + * auth if none is set in the NV object */ + if (!sess->hUsageChild) { + if ((result = obj_context_get_policy(tspContext, TSS_POLICY_USAGE, + &sess->hUsageChild))) + goto error; + } + + if ((result = obj_policy_is_secret_set(sess->hUsageChild, &secret_set))) + goto error; + + if (!secret_set) { + result = TSPERR(TSS_E_TSP_AUTHREQUIRED); + goto error; + } + } else { + /* In this case, the TPM is owned, but we're creating a no-auth NV area */ + get_child_auth = FALSE; + } + + break; +#endif + /* Child is a Key object */ + case TPM_ORD_MakeIdentity: + if ((result = obj_rsakey_get_policy(obj_child, TSS_POLICY_USAGE, + &sess->hUsageChild, NULL))) + goto error; + break; + /* Child is a Policy object */ + case TPM_ORD_Delegate_CreateKeyDelegation: + case TPM_ORD_ChangeAuth: + if ((result = obj_rsakey_get_tcs_handle(obj_parent, &sess->obj_parent))) + goto error; + /* fall through */ + case TPM_ORD_Delegate_CreateOwnerDelegation: + case TPM_ORD_ChangeAuthOwner: + sess->hUsageChild = obj_child; + new_secret = TR_SECRET_CTX_NEW; + break; + default: + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto error; + } + + /* If req_auth is FALSE here, we don't actually need to set up an auth session, so returning + * is OK. At this point, authsess->pAuth is NULL, so the TCS API will not get any + * authdata. */ + if (req_auth == FALSE && sess->parentMode == TSS_SECRET_MODE_NONE) + goto done; + + if (get_child_auth) { + if ((result = obj_policy_get_xsap_params(sess->hUsageChild, 0, 0, NULL, NULL, + sess->encAuthUse.authdata, NULL, NULL, + &sess->cb_sealx, &sess->uMode, + new_secret))) + goto error; + } + + if ((result = get_local_random(tspContext, FALSE, sizeof(TPM_NONCE), + (BYTE **)sess->nonceOddxSAP.nonce))) + goto error; + + sess->obj_child = obj_child; + sess->tspContext = tspContext; + sess->pAuth = &sess->auth; + sess->command = command; + +#ifdef TSS_BUILD_DELEGATION + /* if entityValue is set, we have a custom entity, i.e. delegation blob or row */ + if (sess->entityValue) { + /* DSAP's entity type was pulled from the policy in the authsess_xsap_init call + * above */ + if ((result = authsess_do_dsap(sess))) + goto error; + } +#endif + if (!sess->entityValue) { + sess->entity_type = entity_type; + if ((result = authsess_do_osap(sess))) + goto error; + } + + if ((result = get_local_random(tspContext, FALSE, sizeof(TPM_NONCE), + (BYTE **)sess->auth.NonceOdd.nonce))) + goto error; + + /* We have both OSAP nonces, so calculate the shared secret if we're responsible for it */ + if (sess->parentMode != TSS_SECRET_MODE_CALLBACK) { + offset = 0; + Trspi_LoadBlob(&offset, sizeof(TPM_NONCE), hmacBlob, sess->nonceEvenxSAP.nonce); + Trspi_LoadBlob(&offset, sizeof(TPM_NONCE), hmacBlob, sess->nonceOddxSAP.nonce); + + if ((result = Trspi_HMAC(TSS_HASH_SHA1, sizeof(TPM_ENCAUTH), + sess->parentSecret.authdata, offset, hmacBlob, + sess->sharedSecret.digest))) + goto error; + } + + /* XXX What does a PurposeSecret of TRUE mean here? */ + if ((result = + ((TSS_RESULT (*)(PVOID, TSS_HOBJECT, TSS_HOBJECT, TSS_FLAG, + UINT32, BYTE *, BYTE *, BYTE *, BYTE *, UINT32, BYTE *, + BYTE *))sess->cb_xor.callback)(sess->cb_xor.appData, sess->hUsageParent, + sess->hUsageChild, TRUE, sizeof(TPM_DIGEST), + sess->auth.NonceEven.nonce, sess->auth.NonceOdd.nonce, + sess->nonceEvenxSAP.nonce, sess->nonceOddxSAP.nonce, + sizeof(TPM_ENCAUTH), sess->encAuthUse.authdata, + sess->encAuthMig.authdata))) + return result; + +done: + *xsess = sess; + + return TSS_SUCCESS; +error: + free(sess); + return result; +} + +TSS_RESULT +authsess_xsap_hmac(struct authsess *sess, TPM_DIGEST *digest) +{ + TSS_RESULT result; + + /* If no auth session was established using this authsess object, return success */ + if (!sess->pAuth) + return TSS_SUCCESS; + + /* XXX Placeholder for future continueAuthSession support: + * conditionally bump NonceOdd if continueAuthSession == TRUE here + */ + + if ((result = + ((TSS_RESULT (*)(PVOID, TSS_HOBJECT, TSS_BOOL, + UINT32, TSS_BOOL, UINT32, BYTE *, BYTE *, + BYTE *, BYTE *, UINT32, BYTE *, + BYTE *))sess->cb_hmac.callback)(sess->cb_hmac.appData, + sess->hUsageParent, TRUE, sess->command, + sess->auth.fContinueAuthSession, sizeof(TPM_NONCE), + sess->auth.NonceEven.nonce, + sess->auth.NonceOdd.nonce, + sess->nonceEvenxSAP.nonce, + sess->nonceOddxSAP.nonce, sizeof(TPM_DIGEST), + digest->digest, sess->auth.HMAC.authdata))) + return result; + + if (sess->hUsageParent) + obj_policy_dec_counter(sess->hUsageParent); + + if (sess->hUsageChild) + obj_policy_dec_counter(sess->hUsageChild); + + if (sess->hMigChild) + obj_policy_dec_counter(sess->hMigChild); + + return TSS_SUCCESS; +} + +TSS_RESULT +authsess_xsap_verify(struct authsess *sess, TPM_DIGEST *digest) +{ + /* If no auth session was established using this authsess object, return success */ + if (!sess->pAuth) + return TSS_SUCCESS; + + return ((TSS_RESULT (*)(PVOID, TSS_HOBJECT, TSS_BOOL, + UINT32, TSS_BOOL, UINT32, BYTE *, BYTE *, + BYTE *, BYTE *, UINT32, BYTE *, + BYTE *))sess->cb_hmac.callback)(sess->cb_hmac.appData, + sess->hUsageParent, FALSE, sess->command, + sess->auth.fContinueAuthSession, sizeof(TPM_NONCE), + sess->auth.NonceEven.nonce, + sess->auth.NonceOdd.nonce, + sess->nonceEvenxSAP.nonce, + sess->nonceOddxSAP.nonce, sizeof(TPM_DIGEST), + digest->digest, sess->auth.HMAC.authdata); +} + +TSS_RESULT +__tspi_free_resource(TSS_HCONTEXT tspContext, UINT32 handle, UINT32 resourceType) +{ + TSS_RESULT result = TSS_SUCCESS; +#ifdef TSS_BUILD_TSS12 + UINT32 version = 0; + + if ((result = obj_context_get_tpm_version(tspContext, &version))) + return result; + + if (version == 2) { + return TCS_API(tspContext)->FlushSpecific(tspContext, handle, resourceType); + } +#endif + + switch (resourceType) { + case TPM_RT_KEY: + result = TCS_API(tspContext)->EvictKey(tspContext, handle); + break; + case TPM_RT_AUTH: + result = TCS_API(tspContext)->TerminateHandle(tspContext, handle); + break; + default: + LogDebugFn("Trying to free TPM 1.2 resource type 0x%x on 1.1 TPM!", + resourceType); + result = TSPERR(TSS_E_INTERNAL_ERROR); + break; + } + + return result; +} + +void +authsess_free(struct authsess *xsap) +{ + if (xsap) { + if (xsap->auth.AuthHandle && xsap->auth.fContinueAuthSession) + (void)__tspi_free_resource(xsap->tspContext, xsap->auth.AuthHandle, TPM_RT_AUTH); + + free(xsap->entityValue); + free(xsap); + xsap = NULL; + } +} + +#ifdef TSS_BUILD_TRANSPORT +TSS_RESULT +Transport_OIAP(TSS_HCONTEXT tspContext, /* in */ + TCS_AUTHHANDLE* authHandle, /* out */ + TPM_NONCE* nonce0) /* out */ +{ + TSS_RESULT result; + UINT32 decLen = 0; + BYTE *dec = NULL; + UINT64 offset; + TCS_HANDLE handlesLen = 0; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_OIAP, 0, NULL, NULL, + &handlesLen, NULL, NULL, NULL, &decLen, &dec))) + return result; + + if (decLen != sizeof(TCS_AUTHHANDLE) + sizeof(TPM_NONCE)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + offset = 0; + Trspi_UnloadBlob_UINT32(&offset, authHandle, dec); + Trspi_UnloadBlob_NONCE(&offset, dec, nonce0); + + return result; +} + +TSS_RESULT +Transport_OSAP(TSS_HCONTEXT tspContext, /* in */ + TPM_ENTITY_TYPE entityType, /* in */ + UINT32 entityValue, /* in */ + TPM_NONCE* nonceOddOSAP, /* in */ + TCS_AUTHHANDLE* authHandle, /* out */ + TPM_NONCE* nonceEven, /* out */ + TPM_NONCE* nonceEvenOSAP) /* out */ +{ + TSS_RESULT result; + UINT32 decLen = 0; + BYTE *dec = NULL; + UINT64 offset; + TCS_HANDLE handlesLen = 0; + BYTE data[sizeof(UINT16) + sizeof(UINT32) + sizeof(TPM_NONCE)]; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + offset = 0; + Trspi_LoadBlob_UINT16(&offset, entityType, data); + Trspi_LoadBlob_UINT32(&offset, entityValue, data); + Trspi_LoadBlob_NONCE(&offset, data, nonceOddOSAP); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_OSAP, sizeof(data), data, + NULL, &handlesLen, NULL, NULL, NULL, &decLen, + &dec))) + return result; + + offset = 0; + Trspi_UnloadBlob_UINT32(&offset, authHandle, dec); + Trspi_UnloadBlob_NONCE(&offset, dec, nonceEven); + Trspi_UnloadBlob_NONCE(&offset, dec, nonceEvenOSAP); + + return TSS_SUCCESS; +} + +TSS_RESULT +Transport_TerminateHandle(TSS_HCONTEXT tspContext, /* in */ + TCS_AUTHHANDLE handle) /* in */ +{ + TSS_RESULT result; + TCS_HANDLE handlesLen = 0, *handles; + + /* Call ExecuteTransport */ + handlesLen = 1; + if ((handles = malloc(sizeof(TCS_HANDLE))) == NULL) { + LogError("malloc of %zd bytes failed", sizeof(TCS_HANDLE)); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + *handles = handle; + + result = obj_context_transport_execute(tspContext, TPM_ORD_Terminate_Handle, 0, NULL, + NULL, &handlesLen, &handles, NULL, NULL, NULL, NULL); + + return result; +} +#endif diff --git a/src/tspi/tsp_bind.c b/src/tspi/tsp_bind.c new file mode 100644 index 0000000..38e30ff --- /dev/null +++ b/src/tspi/tsp_bind.c @@ -0,0 +1,92 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + + +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +#ifdef TSS_BUILD_TRANSPORT +TSS_RESULT +Transport_UnBind(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + UINT32 inDataSize, /* in */ + BYTE * inData, /* in */ + TPM_AUTH * privAuth, /* in, out */ + UINT32 * outDataSize, /* out */ + BYTE ** outData) /* out */ +{ + TSS_RESULT result; + UINT32 handlesLen, dataLen, decLen; + TCS_HANDLE *handles, handle; + TPM_DIGEST pubKeyHash; + Trspi_HashCtx hashCtx; + BYTE *dec, *data; + UINT64 offset; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + if ((result = obj_tcskey_get_pubkeyhash(keyHandle, pubKeyHash.digest))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_DIGEST(&hashCtx, pubKeyHash.digest); + if ((result |= Trspi_HashFinal(&hashCtx, pubKeyHash.digest))) + return result; + + handlesLen = 1; + handle = keyHandle; + handles = &handle; + + dataLen = sizeof(UINT32) + inDataSize; + if ((data = malloc(dataLen)) == NULL) { + LogError("malloc of %u bytes failed", dataLen); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + offset = 0; + Trspi_LoadBlob_UINT32(&offset, inDataSize, data); + Trspi_LoadBlob(&offset, inDataSize, data, inData); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_UnBind, dataLen, data, + &pubKeyHash, &handlesLen, &handles, + privAuth, NULL, &decLen, &dec))) { + free(data); + return result; + } + free(data); + + offset = 0; + Trspi_UnloadBlob_UINT32(&offset, outDataSize, dec); + + if ((*outData = malloc(*outDataSize)) == NULL) { + free(dec); + LogError("malloc of %u bytes failed", *outDataSize); + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(&offset, *outDataSize, dec, *outData); + + free(dec); + + return TSS_SUCCESS; +} +#endif + diff --git a/src/tspi/tsp_caps.c b/src/tspi/tsp_caps.c new file mode 100644 index 0000000..f06fbd6 --- /dev/null +++ b/src/tspi/tsp_caps.c @@ -0,0 +1,176 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + + +#include +#include +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +TSS_RESULT +internal_GetCap(TSS_HCONTEXT tspContext, TSS_FLAG capArea, UINT32 subCap, + UINT32 * respSize, BYTE ** respData) +{ + UINT64 offset = 0; + TSS_VERSION v = INTERNAL_CAP_VERSION; + TSS_BOOL bValue = FALSE; + UINT32 u32value = 0; + + switch (capArea) { + case TSS_TSPCAP_VERSION: + if ((*respData = calloc_tspi(tspContext, sizeof(TSS_VERSION))) == NULL) { + LogError("malloc of %zd bytes failed", sizeof(TSS_VERSION)); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + Trspi_LoadBlob_TSS_VERSION(&offset, *respData, v); + *respSize = offset; + break; + case TSS_TSPCAP_ALG: + switch (subCap) { + case TSS_ALG_RSA: + *respSize = sizeof(TSS_BOOL); + bValue = INTERNAL_CAP_TSP_ALG_RSA; + break; + case TSS_ALG_AES: + *respSize = sizeof(TSS_BOOL); + bValue = INTERNAL_CAP_TSP_ALG_AES; + break; + case TSS_ALG_SHA: + *respSize = sizeof(TSS_BOOL); + bValue = INTERNAL_CAP_TSP_ALG_SHA; + break; + case TSS_ALG_HMAC: + *respSize = sizeof(TSS_BOOL); + bValue = INTERNAL_CAP_TSP_ALG_HMAC; + break; + case TSS_ALG_DES: + *respSize = sizeof(TSS_BOOL); + bValue = INTERNAL_CAP_TSP_ALG_DES; + break; + case TSS_ALG_3DES: + *respSize = sizeof(TSS_BOOL); + bValue = INTERNAL_CAP_TSP_ALG_3DES; + break; + case TSS_ALG_DEFAULT: + *respSize = sizeof(UINT32); + u32value = INTERNAL_CAP_TSP_ALG_DEFAULT; + break; + case TSS_ALG_DEFAULT_SIZE: + *respSize = sizeof(UINT32); + u32value = INTERNAL_CAP_TSP_ALG_DEFAULT_SIZE; + break; + default: + LogError("Unknown TSP subCap: %u", subCap); + return TSPERR(TSS_E_BAD_PARAMETER); + } + + if ((*respData = calloc_tspi(tspContext, *respSize)) == NULL) { + LogError("malloc of %u bytes failed", *respSize); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + if (*respSize == sizeof(TSS_BOOL)) + *(TSS_BOOL *)respData = bValue; + else + *(UINT32 *)respData = u32value; + break; + case TSS_TSPCAP_PERSSTORAGE: + if ((*respData = calloc_tspi(tspContext, sizeof(TSS_BOOL))) == NULL) { + LogError("malloc of %zd bytes failed", sizeof(TSS_BOOL)); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + *respSize = sizeof(TSS_BOOL); + (*respData)[0] = INTERNAL_CAP_TSP_PERSSTORAGE; + break; + case TSS_TSPCAP_RETURNVALUE_INFO: + if (subCap != TSS_TSPCAP_PROP_RETURNVALUE_INFO) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((*respData = calloc_tspi(tspContext, sizeof(UINT32))) == NULL) { + LogError("malloc of %zd bytes failed", sizeof(UINT32)); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + *respSize = sizeof(UINT32); + *(UINT32 *)(*respData) = INTERNAL_CAP_TSP_RETURNVALUE_INFO; + break; + case TSS_TSPCAP_PLATFORM_INFO: + switch (subCap) { + case TSS_TSPCAP_PLATFORM_TYPE: + if ((*respData = calloc_tspi(tspContext, sizeof(UINT32))) == NULL) { + LogError("malloc of %zd bytes failed", sizeof(UINT32)); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + *respSize = sizeof(UINT32); + *(UINT32 *)(*respData) = INTERNAL_CAP_TSP_PLATFORM_TYPE; + break; + case TSS_TSPCAP_PLATFORM_VERSION: + if ((*respData = calloc_tspi(tspContext, sizeof(UINT32))) == NULL) { + LogError("malloc of %zd bytes failed", sizeof(UINT32)); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + *respSize = sizeof(UINT32); + *(UINT32 *)(*respData) = INTERNAL_CAP_TSP_PLATFORM_VERSION; + break; + default: + return TSPERR(TSS_E_BAD_PARAMETER); + } + case TSS_TSPCAP_MANUFACTURER: + switch (subCap) { + case TSS_TSPCAP_PROP_MANUFACTURER_ID: + if ((*respData = calloc_tspi(tspContext, sizeof(UINT32))) == NULL) { + LogError("malloc of %zd bytes failed", sizeof(UINT32)); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + *respSize = sizeof(UINT32); + *(UINT32 *)(*respData) = INTERNAL_CAP_MANUFACTURER_ID; + break; + case TSS_TSPCAP_PROP_MANUFACTURER_STR: + { + BYTE str[] = INTERNAL_CAP_MANUFACTURER_STR; + + if ((*respData = calloc_tspi(tspContext, + INTERNAL_CAP_MANUFACTURER_STR_LEN)) == NULL) { + LogError("malloc of %d bytes failed", + INTERNAL_CAP_MANUFACTURER_STR_LEN); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + *respSize = INTERNAL_CAP_MANUFACTURER_STR_LEN; + memcpy(*respData, str, INTERNAL_CAP_MANUFACTURER_STR_LEN); + break; + } + default: + return TSPERR(TSS_E_BAD_PARAMETER); + } + default: + return TSPERR(TSS_E_BAD_PARAMETER); + } + + return TSS_SUCCESS; +} diff --git a/src/tspi/tsp_caps_tpm.c b/src/tspi/tsp_caps_tpm.c new file mode 100644 index 0000000..1203dbe --- /dev/null +++ b/src/tspi/tsp_caps_tpm.c @@ -0,0 +1,167 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2006 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +/* + * This function provides a funnel through which all the TCSP_SetCapability requests can be + * sent. This will keep the owner auth code from being duplicated around the TSP. + */ +TSS_RESULT +TSP_SetCapability(TSS_HCONTEXT tspContext, + TSS_HTPM hTPM, + TSS_HPOLICY hTPMPolicy, + TPM_CAPABILITY_AREA tcsCapArea, + UINT32 subCap, + TSS_BOOL value) +{ + TSS_RESULT result; + Trspi_HashCtx hashCtx; + TPM_DIGEST digest; + TPM_AUTH auth; + + subCap = endian32(subCap); + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_SetCapability); + result |= Trspi_Hash_UINT32(&hashCtx, tcsCapArea); + result |= Trspi_Hash_UINT32(&hashCtx, (UINT32)sizeof(UINT32)); + result |= Trspi_HashUpdate(&hashCtx, (UINT32)sizeof(UINT32), (BYTE *)&subCap); + result |= Trspi_Hash_UINT32(&hashCtx, (UINT32)sizeof(TSS_BOOL)); + result |= Trspi_Hash_BOOL(&hashCtx, value); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if ((result = secret_PerformAuth_OIAP(hTPM, TPM_ORD_SetCapability, hTPMPolicy, FALSE, + &digest, &auth))) + return result; + + if ((result = TCS_API(tspContext)->SetCapability(tspContext, tcsCapArea, sizeof(UINT32), + (BYTE *)&subCap, sizeof(TSS_BOOL), + (BYTE *)&value, &auth))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_SetCapability); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + return obj_policy_validate_auth_oiap(hTPMPolicy, &digest, &auth); +} + +#ifdef TSS_BUILD_TRANSPORT +TSS_RESULT +Transport_GetTPMCapability(TSS_HCONTEXT tspContext, /* in */ + TPM_CAPABILITY_AREA capArea, /* in */ + UINT32 subCapLen, /* in */ + BYTE* subCap, /* in */ + UINT32* respLen, /* out */ + BYTE** resp) /* out */ +{ + TSS_RESULT result; + UINT32 decLen = 0, dataLen; + BYTE *dec = NULL; + UINT64 offset; + TCS_HANDLE handlesLen = 0; + BYTE *data; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + dataLen = (2 * sizeof(UINT32)) + subCapLen; + if ((data = malloc(dataLen)) == NULL) { + LogError("malloc of %u bytes failed", dataLen); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + offset = 0; + Trspi_LoadBlob_UINT32(&offset, capArea, data); + Trspi_LoadBlob_UINT32(&offset, subCapLen, data); + Trspi_LoadBlob(&offset, subCapLen, data, subCap); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_GetCapability, dataLen, + data, NULL, &handlesLen, NULL, NULL, NULL, + &decLen, &dec))) { + free(data); + return result; + } + free(data); + + offset = 0; + Trspi_UnloadBlob_UINT32(&offset, respLen, dec); + + if ((*resp = malloc(*respLen)) == NULL) { + free(dec); + LogError("malloc of %u bytes failed", *respLen); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + Trspi_UnloadBlob(&offset, *respLen, dec, *resp); + free(dec); + + return result; + +} + +TSS_RESULT +Transport_SetCapability(TSS_HCONTEXT tspContext, /* in */ + TCPA_CAPABILITY_AREA capArea, /* in */ + UINT32 subCapSize, /* in */ + BYTE * subCap, /* in */ + UINT32 valueSize, /* in */ + BYTE * value, /* in */ + TPM_AUTH *ownerAuth) /* in, out */ +{ + TSS_RESULT result; + UINT32 dataLen; + UINT64 offset; + TCS_HANDLE handlesLen = 0; + BYTE *data; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + dataLen = (3 * sizeof(UINT32)) + subCapSize + valueSize; + if ((data = malloc(dataLen)) == NULL) { + LogError("malloc of %u bytes failed", dataLen); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + offset = 0; + Trspi_LoadBlob_UINT32(&offset, capArea, data); + Trspi_LoadBlob_UINT32(&offset, subCapSize, data); + Trspi_LoadBlob(&offset, subCapSize, data, subCap); + Trspi_LoadBlob_UINT32(&offset, valueSize, data); + Trspi_LoadBlob(&offset, valueSize, data, value); + + result = obj_context_transport_execute(tspContext, TPM_ORD_SetCapability, dataLen, data, + NULL, &handlesLen, NULL, NULL, NULL, NULL, NULL); + + free(data); + return result; +} +#endif diff --git a/src/tspi/tsp_certify.c b/src/tspi/tsp_certify.c new file mode 100644 index 0000000..6a586d9 --- /dev/null +++ b/src/tspi/tsp_certify.c @@ -0,0 +1,108 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + + +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +#ifdef TSS_BUILD_TRANSPORT +TSS_RESULT +Transport_CertifyKey(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE certHandle, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + TPM_NONCE * antiReplay, /* in */ + TPM_AUTH * certAuth, /* in, out */ + TPM_AUTH * keyAuth, /* in, out */ + UINT32 * CertifyInfoSize, /* out */ + BYTE ** CertifyInfo, /* out */ + UINT32 * outDataSize, /* out */ + BYTE ** outData) /* out */ +{ + TSS_RESULT result; + UINT32 handlesLen, decLen; + TCS_HANDLE *handles, handle[2]; + BYTE *dec = NULL; + TPM_DIGEST pubKeyHash1, pubKeyHash2; + Trspi_HashCtx hashCtx; + UINT64 offset; + BYTE data[sizeof(TPM_NONCE)]; + + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + if ((result = obj_tcskey_get_pubkeyhash(certHandle, pubKeyHash1.digest))) + return result; + + if ((result = obj_tcskey_get_pubkeyhash(keyHandle, pubKeyHash2.digest))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_DIGEST(&hashCtx, pubKeyHash1.digest); + result |= Trspi_Hash_DIGEST(&hashCtx, pubKeyHash2.digest); + if ((result |= Trspi_HashFinal(&hashCtx, pubKeyHash1.digest))) + return result; + + handlesLen = 2; + handle[0] = certHandle; + handle[1] = keyHandle; + handles = &handle[0]; + + offset = 0; + Trspi_LoadBlob_NONCE(&offset, data, antiReplay); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_CertifyKey, sizeof(data), + data, &pubKeyHash1, &handlesLen, &handles, + certAuth, keyAuth, &decLen, &dec))) + return result; + + offset = 0; + Trspi_UnloadBlob_CERTIFY_INFO(&offset, dec, NULL); + *CertifyInfoSize = offset; + + if ((*CertifyInfo = malloc(*CertifyInfoSize)) == NULL) { + free(dec); + LogError("malloc of %u bytes failed", *CertifyInfoSize); + *CertifyInfoSize = 0; + return TSPERR(TSS_E_OUTOFMEMORY); + } + + offset = 0; + Trspi_UnloadBlob(&offset, *CertifyInfoSize, dec, *CertifyInfo); + Trspi_UnloadBlob_UINT32(&offset, outDataSize, dec); + + if ((*outData = malloc(*outDataSize)) == NULL) { + free(*CertifyInfo); + *CertifyInfo = NULL; + *CertifyInfoSize = 0; + free(dec); + LogError("malloc of %u bytes failed", *outDataSize); + *outDataSize = 0; + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(&offset, *outDataSize, dec, *outData); + + free(dec); + + return result; +} +#endif + diff --git a/src/tspi/tsp_changeauth.c b/src/tspi/tsp_changeauth.c new file mode 100644 index 0000000..7b194fc --- /dev/null +++ b/src/tspi/tsp_changeauth.c @@ -0,0 +1,470 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" +#include "authsess.h" + + +TSS_RESULT +Trspi_UnloadBlob_STORED_DATA(UINT64 *offset, BYTE *blob, TCPA_STORED_DATA *data) +{ + Trspi_UnloadBlob_TCPA_VERSION(offset, blob, &data->ver); + Trspi_UnloadBlob_UINT32(offset, &data->sealInfoSize, blob); + + if (data->sealInfoSize > 0) { + data->sealInfo = malloc(data->sealInfoSize); + if (data->sealInfo == NULL) { + LogError("malloc of %d bytes failed.", data->sealInfoSize); + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(offset, data->sealInfoSize, blob, data->sealInfo); + } else { + data->sealInfo = NULL; + } + + Trspi_UnloadBlob_UINT32(offset, &data->encDataSize, blob); + + if (data->encDataSize > 0) { + data->encData = malloc(data->encDataSize); + if (data->encData == NULL) { + LogError("malloc of %d bytes failed.", data->encDataSize); + free(data->sealInfo); + data->sealInfo = NULL; + return TSPERR(TSS_E_OUTOFMEMORY); + } + + Trspi_UnloadBlob(offset, data->encDataSize, blob, data->encData); + } else { + data->encData = NULL; + } + + return TSS_SUCCESS; +} + +void +Trspi_LoadBlob_STORED_DATA(UINT64 *offset, BYTE *blob, TCPA_STORED_DATA *data) +{ + Trspi_LoadBlob_TCPA_VERSION(offset, blob, data->ver); + Trspi_LoadBlob_UINT32(offset, data->sealInfoSize, blob); + Trspi_LoadBlob(offset, data->sealInfoSize, blob, data->sealInfo); + Trspi_LoadBlob_UINT32(offset, data->encDataSize, blob); + Trspi_LoadBlob(offset, data->encDataSize, blob, data->encData); +} + +TSS_RESULT +changeauth_owner(TSS_HCONTEXT tspContext, + TSS_HOBJECT hObjectToChange, + TSS_HOBJECT hParentObject, + TSS_HPOLICY hNewPolicy) +{ + TPM_DIGEST digest; + TSS_RESULT result; + Trspi_HashCtx hashCtx; + struct authsess *xsap = NULL; + + if ((result = authsess_xsap_init(tspContext, hObjectToChange, hNewPolicy, + TSS_AUTH_POLICY_REQUIRED, TPM_ORD_ChangeAuthOwner, + TPM_ET_OWNER, &xsap))) + return result; + + /* calculate auth data */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_ChangeAuthOwner); + result |= Trspi_Hash_UINT16(&hashCtx, TCPA_PID_ADCP); + result |= Trspi_Hash_ENCAUTH(&hashCtx, xsap->encAuthUse.authdata); + result |= Trspi_Hash_UINT16(&hashCtx, TCPA_ET_OWNER); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto error; + + if ((result = authsess_xsap_hmac(xsap, &digest))) + goto error; + + if ((result = TCS_API(tspContext)->ChangeAuthOwner(tspContext, TCPA_PID_ADCP, + &xsap->encAuthUse, TPM_ET_OWNER, + xsap->pAuth))) + goto error; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_SUCCESS); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_ChangeAuthOwner); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto error; + + result = authsess_xsap_verify(xsap, &digest); +error: + authsess_free(xsap); + + return result; +} + +TSS_RESULT +changeauth_srk(TSS_HCONTEXT tspContext, + TSS_HOBJECT hObjectToChange, + TSS_HOBJECT hParentObject, + TSS_HPOLICY hNewPolicy) +{ + TPM_DIGEST digest; + TSS_RESULT result; + Trspi_HashCtx hashCtx; + struct authsess *xsap = NULL; + + + if ((result = authsess_xsap_init(tspContext, hParentObject, hNewPolicy, + TSS_AUTH_POLICY_REQUIRED, TPM_ORD_ChangeAuthOwner, + TPM_ET_OWNER, &xsap))) + return result; + + /* calculate auth data */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_ChangeAuthOwner); + result |= Trspi_Hash_UINT16(&hashCtx, TCPA_PID_ADCP); + result |= Trspi_Hash_ENCAUTH(&hashCtx, xsap->encAuthUse.authdata); + result |= Trspi_Hash_UINT16(&hashCtx, TCPA_ET_SRK); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto error; + + if ((result = authsess_xsap_hmac(xsap, &digest))) + goto error; + + if ((result = TCS_API(tspContext)->ChangeAuthOwner(tspContext, TCPA_PID_ADCP, + &xsap->encAuthUse, TPM_ET_SRK, + xsap->pAuth))) + goto error; + + /* Validate the Auths */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_SUCCESS); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_ChangeAuthOwner); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto error; + + result = authsess_xsap_verify(xsap, &digest); +error: + authsess_free(xsap); + + return result; +} + +TSS_RESULT +changeauth_encdata(TSS_HCONTEXT tspContext, + TSS_HOBJECT hObjectToChange, + TSS_HOBJECT hParentObject, + TSS_HPOLICY hNewPolicy) +{ + TPM_DIGEST digest; + TSS_RESULT result; + Trspi_HashCtx hashCtx; + TSS_HPOLICY hPolicy; + TCS_KEY_HANDLE keyHandle; + UINT64 offset; + struct authsess *xsap = NULL; + TPM_STORED_DATA storedData; + UINT32 dataBlobLength, newEncSize; + BYTE *dataBlob, *newEncData; + TPM_AUTH auth2; + + /* get the secret for the parent */ + if ((result = obj_encdata_get_policy(hObjectToChange, TSS_POLICY_USAGE, &hPolicy))) + return result; + + /* get the data Object */ + if ((result = obj_encdata_get_data(hObjectToChange, &dataBlobLength, &dataBlob))) + return result; + + offset = 0; + if ((result = Trspi_UnloadBlob_STORED_DATA(&offset, dataBlob, &storedData))) + return result; + + if ((result = obj_rsakey_get_tcs_handle(hParentObject, &keyHandle))) + return result; + + if ((result = authsess_xsap_init(tspContext, hParentObject, hNewPolicy, + TSS_AUTH_POLICY_REQUIRED, TPM_ORD_ChangeAuth, + TPM_ET_KEYHANDLE, &xsap))) + return result; + + /* caluculate auth data */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_ChangeAuth); + result |= Trspi_Hash_UINT16(&hashCtx, TPM_PID_ADCP); + result |= Trspi_Hash_ENCAUTH(&hashCtx, xsap->encAuthUse.authdata); + result |= Trspi_Hash_UINT16(&hashCtx, TPM_ET_DATA); + result |= Trspi_Hash_UINT32(&hashCtx, storedData.encDataSize); + result |= Trspi_HashUpdate(&hashCtx, storedData.encDataSize, storedData.encData); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto error; + + if ((result = authsess_xsap_hmac(xsap, &digest))) + goto error; + + if ((result = secret_PerformAuth_OIAP(hObjectToChange, TPM_ORD_ChangeAuth, + hPolicy, FALSE, &digest, &auth2))) + goto error; + + if ((result = TCS_API(tspContext)->ChangeAuth(tspContext, keyHandle, TPM_PID_ADCP, + &xsap->encAuthUse, TPM_ET_DATA, + storedData.encDataSize, storedData.encData, + xsap->pAuth, &auth2, &newEncSize, + &newEncData))) + goto error; + + /* Validate the Auths */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_SUCCESS); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_ChangeAuth); + result |= Trspi_Hash_UINT32(&hashCtx, newEncSize); + result |= Trspi_HashUpdate(&hashCtx, newEncSize, newEncData); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto error; + + if ((result = authsess_xsap_verify(xsap, &digest))) + goto error; + + if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, &auth2))) + goto error; + + memcpy(storedData.encData, newEncData, newEncSize); + free(newEncData); + storedData.encDataSize = newEncSize; + + offset = 0; + Trspi_LoadBlob_STORED_DATA(&offset, dataBlob, &storedData); + + result = obj_encdata_set_data(hObjectToChange, offset, dataBlob); + +error: + authsess_free(xsap); + free(storedData.sealInfo); + free(storedData.encData); + + return result; + +} + +TSS_RESULT +changeauth_key(TSS_HCONTEXT tspContext, + TSS_HOBJECT hObjectToChange, + TSS_HOBJECT hParentObject, + TSS_HPOLICY hNewPolicy) +{ + TPM_DIGEST digest; + Trspi_HashCtx hashCtx; + TSS_RESULT result; + TSS_KEY keyToChange; + TCS_KEY_HANDLE keyHandle; + struct authsess *xsap = NULL; + UINT32 objectLength; + TSS_HPOLICY hPolicy; + BYTE *keyBlob; + UINT32 newEncSize; + BYTE *newEncData; + TPM_AUTH auth2; + UINT64 offset; + + + if ((result = obj_rsakey_get_blob(hObjectToChange, &objectLength, &keyBlob))) + return result; + + offset = 0; + if ((result = UnloadBlob_TSS_KEY(&offset, keyBlob, &keyToChange))) { + LogDebug("UnloadBlob_TSS_KEY failed. " + "result=0x%x", result); + return result; + } + + if ((result = obj_rsakey_get_policy(hObjectToChange, TSS_POLICY_USAGE, &hPolicy, NULL))) + return result; + + if ((result = obj_rsakey_get_tcs_handle(hParentObject, &keyHandle))) + return result; + + if ((result = authsess_xsap_init(tspContext, hParentObject, hNewPolicy, + TSS_AUTH_POLICY_REQUIRED, TPM_ORD_ChangeAuth, + keyHandle == TPM_KEYHND_SRK ? + TPM_ET_SRK : TPM_ET_KEYHANDLE, &xsap))) + return result; + + /* caluculate auth data */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_ChangeAuth); + result |= Trspi_Hash_UINT16(&hashCtx, TCPA_PID_ADCP); + result |= Trspi_Hash_ENCAUTH(&hashCtx, xsap->encAuthUse.authdata); + result |= Trspi_Hash_UINT16(&hashCtx, TCPA_ET_KEY); + result |= Trspi_Hash_UINT32(&hashCtx, keyToChange.encSize); + result |= Trspi_HashUpdate(&hashCtx, keyToChange.encSize, + keyToChange.encData); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto error; + + if ((result = authsess_xsap_hmac(xsap, &digest))) + goto error; + + if ((result = secret_PerformAuth_OIAP(hObjectToChange, TPM_ORD_ChangeAuth, + hPolicy, FALSE, &digest, &auth2))) + goto error; + + if ((result = TCS_API(tspContext)->ChangeAuth(tspContext, keyHandle, TPM_PID_ADCP, + &xsap->encAuthUse, TPM_ET_KEY, + keyToChange.encSize, keyToChange.encData, + xsap->pAuth, &auth2, &newEncSize, + &newEncData))) + goto error; + + /* Validate the Auths */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_ChangeAuth); + result |= Trspi_Hash_UINT32(&hashCtx, newEncSize); + result |= Trspi_HashUpdate(&hashCtx, newEncSize, newEncData); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto error; + + if ((result = authsess_xsap_verify(xsap, &digest))) + goto error; + + if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, &auth2))) + return result; + + memcpy(keyToChange.encData, newEncData, newEncSize); + free(newEncData); + + offset = 0; + LoadBlob_TSS_KEY(&offset, keyBlob, &keyToChange); + objectLength = offset; + + result = obj_rsakey_set_tcpakey(hObjectToChange, objectLength, keyBlob); +error: + authsess_free(xsap); + + return result; +} + + +#ifdef TSS_BUILD_TRANSPORT +TSS_RESULT +Transport_ChangeAuth(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE parentHandle, /* in */ + TCPA_PROTOCOL_ID protocolID, /* in */ + TCPA_ENCAUTH *newAuth, /* in */ + TCPA_ENTITY_TYPE entityType, /* in */ + UINT32 encDataSize, /* in */ + BYTE * encData, /* in */ + TPM_AUTH * ownerAuth, /* in, out */ + TPM_AUTH * entityAuth, /* in, out */ + UINT32 * outDataSize, /* out */ + BYTE ** outData) /* out */ +{ + TSS_RESULT result; + UINT32 handlesLen, dataLen, decLen; + TCS_HANDLE *handles, handle; + BYTE *dec = NULL; + TPM_DIGEST pubKeyHash; + Trspi_HashCtx hashCtx; + UINT64 offset; + BYTE *data; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + if ((result = obj_tcskey_get_pubkeyhash(parentHandle, pubKeyHash.digest))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_DIGEST(&hashCtx, pubKeyHash.digest); + if ((result |= Trspi_HashFinal(&hashCtx, pubKeyHash.digest))) + return result; + + handlesLen = 1; + handle = parentHandle; + handles = &handle; + + dataLen = sizeof(TCPA_PROTOCOL_ID) + sizeof(TCPA_ENCAUTH) + + sizeof(TCPA_ENTITY_TYPE) + + sizeof(UINT32) + + encDataSize; + if ((data = malloc(dataLen)) == NULL) { + LogError("malloc of %u bytes failed", dataLen); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + offset = 0; + Trspi_LoadBlob_UINT16(&offset, protocolID, data); + Trspi_LoadBlob(&offset, sizeof(TCPA_ENCAUTH), data, newAuth->authdata); + Trspi_LoadBlob_UINT16(&offset, entityType, data); + Trspi_LoadBlob_UINT32(&offset, encDataSize, data); + Trspi_LoadBlob(&offset, encDataSize, data, encData); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_ChangeAuth, dataLen, data, + &pubKeyHash, &handlesLen, &handles, + ownerAuth, entityAuth, &decLen, &dec))) { + free(data); + return result; + } + free(data); + + offset = 0; + Trspi_UnloadBlob_UINT32(&offset, outDataSize, dec); + + if ((*outData = malloc(*outDataSize)) == NULL) { + free(dec); + LogError("malloc of %u bytes failed", *outDataSize); + *outDataSize = 0; + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(&offset, *outDataSize, dec, *outData); + + free(dec); + + return result; +} + +TSS_RESULT +Transport_ChangeAuthOwner(TSS_HCONTEXT tspContext, /* in */ + TCPA_PROTOCOL_ID protocolID, /* in */ + TCPA_ENCAUTH *newAuth, /* in */ + TCPA_ENTITY_TYPE entityType, /* in */ + TPM_AUTH * ownerAuth) /* in, out */ +{ + TSS_RESULT result; + UINT32 handlesLen = 0; + UINT64 offset; + BYTE data[sizeof(TCPA_PROTOCOL_ID) + sizeof(TCPA_ENCAUTH) + sizeof(TCPA_ENTITY_TYPE)]; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + offset = 0; + Trspi_LoadBlob_UINT16(&offset, protocolID, data); + Trspi_LoadBlob(&offset, sizeof(TCPA_ENCAUTH), data, newAuth->authdata); + Trspi_LoadBlob_UINT16(&offset, entityType, data); + + return obj_context_transport_execute(tspContext, TPM_ORD_ChangeAuthOwner, sizeof(data), + data, NULL, &handlesLen, NULL, ownerAuth, NULL, NULL, + NULL); +} +#endif diff --git a/src/tspi/tsp_context_mem.c b/src/tspi/tsp_context_mem.c new file mode 100644 index 0000000..13f1243 --- /dev/null +++ b/src/tspi/tsp_context_mem.c @@ -0,0 +1,258 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "memmgr.h" +#include "tsplog.h" +#include "obj.h" + +static struct memTable * +__tspi_createTable() +{ + struct memTable *table = NULL; + /* + * No table has yet been created to hold the memory allocations of + * this context, so we need to create one + */ + table = calloc(1, sizeof(struct memTable)); + if (table == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(struct memTable)); + return NULL; + } + return (table); +} + +/* caller needs to lock memtable lock */ +struct memTable * +getTable(TSS_HCONTEXT tspContext) +{ + struct memTable *tmp; + + for (tmp = SpiMemoryTable; tmp; tmp = tmp->nextTable) + if (tmp->tspContext == tspContext) + return tmp; + + return NULL; +} + +/* caller needs to lock memtable lock */ +static void +__tspi_addTable(struct memTable *new) +{ + struct memTable *tmp = SpiMemoryTable; + + /* base case, this is the first table */ + if (SpiMemoryTable == NULL) { + SpiMemoryTable = new; + return; + } + + /* else add @new onto the end */ + for (; tmp; tmp = tmp->nextTable) + if (tmp->nextTable == NULL) { + tmp->nextTable = new; + break; + } +} + +/* caller needs to lock memtable lock and be sure the context mem slot for + * @tspContext exists before calling. + */ +void +__tspi_addEntry(TSS_HCONTEXT tspContext, struct memEntry *new) +{ + struct memTable *tmp = getTable(tspContext); + struct memEntry *tmp_entry; + + if (tmp == NULL) { + if ((tmp = __tspi_createTable()) == NULL) + return; + tmp->tspContext = tspContext; + __tspi_addTable(tmp); + } + + tmp_entry = tmp->entries; + + if (tmp->entries == NULL) { + tmp->entries = new; + return; + } + + /* else tack @new onto the end */ + for (; tmp_entry; tmp_entry = tmp_entry->nextEntry) { + if (tmp_entry->nextEntry == NULL) { + tmp_entry->nextEntry = new; + break; + } + } +} + +/* caller needs to lock memtable lock */ +TSS_RESULT +__tspi_freeTable(TSS_HCONTEXT tspContext) +{ + struct memTable *prev = NULL, *index = NULL, *next = NULL; + struct memEntry *entry = NULL, *entry_next = NULL; + + for(index = SpiMemoryTable; index; index = index->nextTable) { + next = index->nextTable; + if (index->tspContext == tspContext) { + for (entry = index->entries; entry; entry = entry_next) { + /* this needs to be set before we do free(entry) */ + entry_next = entry->nextEntry; + free(entry->memPointer); + free(entry); + } + + if (prev != NULL) + prev->nextTable = next; + else + SpiMemoryTable = NULL; + + free(index); + break; + } + prev = index; + } + + return TSS_SUCCESS; +} + +TSS_RESULT +__tspi_freeEntry(struct memTable *table, void *pointer) +{ + struct memEntry *index = NULL; + struct memEntry *prev = NULL; + struct memEntry *toKill = NULL; + + for (index = table->entries; index; prev = index, index = index->nextEntry) { + if (index->memPointer == pointer) { + toKill = index; + if (prev == NULL) + table->entries = toKill->nextEntry; + else + prev->nextEntry = toKill->nextEntry; + + free(pointer); + free(toKill); + return TSS_SUCCESS; + } + } + + return TSPERR(TSS_E_INVALID_RESOURCE); +} + +TSS_RESULT +__tspi_add_mem_entry(TSS_HCONTEXT tspContext, void *allocd_mem) +{ + struct memEntry *newEntry = calloc(1, sizeof(struct memEntry)); + if (newEntry == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(struct memEntry)); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + newEntry->memPointer = allocd_mem; + + MUTEX_LOCK(memtable_lock); + + __tspi_addEntry(tspContext, newEntry); + + MUTEX_UNLOCK(memtable_lock); + + return TSS_SUCCESS; +} + +/* + * calloc_tspi will be called by functions outside of this file. All locking + * is done here. + */ +void * +calloc_tspi(TSS_HCONTEXT tspContext, UINT32 howMuch) +{ + struct memTable *table = NULL; + struct memEntry *newEntry = NULL; + + MUTEX_LOCK(memtable_lock); + + table = getTable(tspContext); + if (table == NULL) { + if ((table = __tspi_createTable()) == NULL) { + MUTEX_UNLOCK(memtable_lock); + return NULL; + } + table->tspContext = tspContext; + __tspi_addTable(table); + } + + newEntry = calloc(1, sizeof(struct memEntry)); + if (newEntry == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(struct memEntry)); + MUTEX_UNLOCK(memtable_lock); + return NULL; + } + + newEntry->memPointer = calloc(1, howMuch); + if (newEntry->memPointer == NULL) { + LogError("malloc of %d bytes failed.", howMuch); + free(newEntry); + MUTEX_UNLOCK(memtable_lock); + return NULL; + } + + /* this call must happen inside the lock or else another thread could + * remove the context mem slot, causing a segfault + */ + __tspi_addEntry(tspContext, newEntry); + + MUTEX_UNLOCK(memtable_lock); + + return newEntry->memPointer; +} + +/* + * free_tspi will be called by functions outside of this file. All locking + * is done here. + */ +TSS_RESULT +free_tspi(TSS_HCONTEXT tspContext, void *memPointer) +{ + struct memTable *index; + TSS_RESULT result; + + MUTEX_LOCK(memtable_lock); + + if (memPointer == NULL) { + result = __tspi_freeTable(tspContext); + MUTEX_UNLOCK(memtable_lock); + return result; + } + + if ((index = getTable(tspContext)) == NULL) { + MUTEX_UNLOCK(memtable_lock); + /* Tspi_Context_FreeMemory checks that the TSP context is good before calling us, + * so we can be sure that the problem is with memPointer */ + return TSPERR(TSS_E_INVALID_RESOURCE); + } + + /* just free one entry */ + result = __tspi_freeEntry(index, memPointer); + + MUTEX_UNLOCK(memtable_lock); + + return result; +} diff --git a/src/tspi/tsp_counter.c b/src/tspi/tsp_counter.c new file mode 100644 index 0000000..a8d4744 --- /dev/null +++ b/src/tspi/tsp_counter.c @@ -0,0 +1,57 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +#ifdef TSS_BUILD_TRANSPORT +TSS_RESULT +Transport_ReadCounter(TSS_HCONTEXT tspContext, /* in */ + TSS_COUNTER_ID idCounter, /* in */ + TPM_COUNTER_VALUE* counterValue) /* out */ +{ + TSS_RESULT result; + UINT32 decLen = 0; + BYTE *dec = NULL; + UINT64 offset; + TCS_HANDLE handlesLen = 0; + BYTE data[sizeof(UINT32)]; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + offset = 0; + Trspi_LoadBlob_UINT32(&offset, idCounter, data); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_ReadCounter, sizeof(data), + data, NULL, &handlesLen, NULL, NULL, NULL, + &decLen, &dec))) + return result; + + offset = 0; + Trspi_UnloadBlob_COUNTER_VALUE(&offset, dec, counterValue); + + free(dec); + + return TSS_SUCCESS; +} +#endif diff --git a/src/tspi/tsp_daa.c b/src/tspi/tsp_daa.c new file mode 100644 index 0000000..5afbf96 --- /dev/null +++ b/src/tspi/tsp_daa.c @@ -0,0 +1,207 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2006 + * + */ + + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "tcs_tsp.h" +#include "tspps.h" + + +void +Trspi_LoadBlob_DAA_PK(UINT64 *offset, BYTE *blob, TSS_DAA_PK *pk) +{ + UINT32 i; + + Trspi_LoadBlob_TSS_VERSION(offset, blob, pk->versionInfo); + + Trspi_LoadBlob_UINT32(offset, pk->modulusLength, blob); + Trspi_LoadBlob(offset, pk->modulusLength, blob, pk->modulus); + + Trspi_LoadBlob_UINT32(offset, pk->capitalSLength, blob); + Trspi_LoadBlob(offset, pk->capitalSLength, blob, pk->capitalS); + + Trspi_LoadBlob_UINT32(offset, pk->capitalZLength, blob); + Trspi_LoadBlob(offset, pk->capitalZLength, blob, pk->capitalZ); + + Trspi_LoadBlob_UINT32(offset, pk->capitalR0Length, blob); + Trspi_LoadBlob(offset, pk->capitalR0Length, blob, pk->capitalR0); + + Trspi_LoadBlob_UINT32(offset, pk->capitalR1Length, blob); + Trspi_LoadBlob(offset, pk->capitalR1Length, blob, pk->capitalR1); + + Trspi_LoadBlob_UINT32(offset, pk->gammaLength, blob); + Trspi_LoadBlob(offset, pk->gammaLength, blob, pk->gamma); + + Trspi_LoadBlob_UINT32(offset, pk->capitalGammaLength, blob); + Trspi_LoadBlob(offset, pk->capitalGammaLength, blob, pk->capitalGamma); + + Trspi_LoadBlob_UINT32(offset, pk->rhoLength, blob); + Trspi_LoadBlob(offset, pk->rhoLength, blob, pk->rho); + + for (i = 0; i < pk->capitalYLength; i++) + Trspi_LoadBlob(offset, pk->capitalYLength2, blob, pk->capitalY[i]); + + Trspi_LoadBlob_UINT32(offset, pk->capitalYPlatformLength, blob); + + Trspi_LoadBlob_UINT32(offset, pk->issuerBaseNameLength, blob); + Trspi_LoadBlob(offset, pk->issuerBaseNameLength, blob, pk->issuerBaseName); +} + +TSS_RESULT +Trspi_UnloadBlob_DAA_PK(UINT64 *offset, BYTE *blob, TSS_DAA_PK *pk) +{ + UINT32 i = 0, j; + + memset(pk, 0, sizeof(TSS_DAA_PK)); + + Trspi_UnloadBlob_TSS_VERSION(offset, blob, &pk->versionInfo); + + Trspi_UnloadBlob_UINT32(offset, &pk->modulusLength, blob); + if (pk->modulusLength > 0) { + if ((pk->modulus = malloc(pk->modulusLength)) == NULL) + return TSPERR(TSS_E_OUTOFMEMORY); + + Trspi_UnloadBlob(offset, pk->modulusLength, blob, pk->modulus); + } else { + pk->modulus = NULL; + } + + Trspi_UnloadBlob_UINT32(offset, &pk->capitalSLength, blob); + if (pk->capitalSLength > 0) { + if ((pk->capitalS = malloc(pk->capitalSLength)) == NULL) + goto error; + + Trspi_UnloadBlob(offset, pk->capitalSLength, blob, pk->capitalS); + } else { + pk->capitalS = NULL; + } + + Trspi_UnloadBlob_UINT32(offset, &pk->capitalZLength, blob); + if (pk->capitalZLength > 0) { + if ((pk->capitalZ = malloc(pk->capitalZLength)) == NULL) + goto error; + + Trspi_UnloadBlob(offset, pk->capitalZLength, blob, pk->capitalZ); + } else { + pk->capitalZ = NULL; + } + + Trspi_UnloadBlob_UINT32(offset, &pk->capitalR0Length, blob); + if (pk->capitalR0Length > 0) { + if ((pk->capitalR0 = malloc(pk->capitalR0Length)) == NULL) + goto error; + + Trspi_UnloadBlob(offset, pk->capitalR0Length, blob, pk->capitalR0); + } else { + pk->capitalR0 = NULL; + } + + Trspi_UnloadBlob_UINT32(offset, &pk->capitalR1Length, blob); + if (pk->capitalR1Length > 0) { + if ((pk->capitalR1 = malloc(pk->capitalR1Length)) == NULL) + goto error; + + Trspi_UnloadBlob(offset, pk->capitalR1Length, blob, pk->capitalR1); + } else { + pk->capitalR1 = NULL; + } + + Trspi_UnloadBlob_UINT32(offset, &pk->gammaLength, blob); + if (pk->gammaLength > 0) { + if ((pk->gamma = malloc(pk->gammaLength)) == NULL) + goto error; + + Trspi_UnloadBlob(offset, pk->gammaLength, blob, pk->gamma); + } else { + pk->gamma = NULL; + } + + Trspi_UnloadBlob_UINT32(offset, &pk->capitalGammaLength, blob); + if (pk->capitalGammaLength > 0) { + if ((pk->capitalGamma = malloc(pk->capitalGammaLength)) == NULL) + goto error; + + Trspi_UnloadBlob(offset, pk->capitalGammaLength, blob, pk->capitalGamma); + } else { + pk->capitalGamma = NULL; + } + + Trspi_UnloadBlob_UINT32(offset, &pk->rhoLength, blob); + if (pk->rhoLength > 0) { + if ((pk->rho = malloc(pk->rhoLength)) == NULL) + goto error; + + Trspi_UnloadBlob(offset, pk->rhoLength, blob, pk->rho); + } else { + pk->rho = NULL; + } + + Trspi_UnloadBlob_UINT32(offset, &pk->capitalYLength, blob); + Trspi_UnloadBlob_UINT32(offset, &pk->capitalYLength2, blob); + + if (pk->capitalYLength > 0 && pk->capitalYLength2 > 0) { + if ((pk->capitalY = calloc(pk->capitalYLength, sizeof(BYTE *))) == NULL) + goto error; + + for (i = 0; i < pk->capitalYLength; i++) { + if ((pk->capitalY[i] = malloc(pk->capitalYLength2)) == NULL) + goto error; + + Trspi_UnloadBlob(offset, pk->capitalYLength2, blob, pk->capitalY[i]); + } + } else { + pk->capitalY = NULL; + } + + Trspi_UnloadBlob_UINT32(offset, &pk->capitalYPlatformLength, blob); + + Trspi_UnloadBlob_UINT32(offset, &pk->issuerBaseNameLength, blob); + if (pk->issuerBaseNameLength > 0) { + if ((pk->issuerBaseName = malloc(pk->issuerBaseNameLength)) == NULL) + goto error; + + Trspi_UnloadBlob(offset, pk->issuerBaseNameLength, blob, pk->issuerBaseName); + } else { + pk->issuerBaseName = NULL; + } + + return TSS_SUCCESS; + +error: + free(pk->modulus); + free(pk->capitalS); + free(pk->capitalZ); + free(pk->capitalR0); + free(pk->capitalR1); + free(pk->gamma); + free(pk->capitalGamma); + free(pk->rho); + if (pk->capitalY) { + for (j = 0; j < i; j++) + free(pk->capitalY[j]); + + free(pk->capitalY); + } + free(pk->issuerBaseName); + + memset(pk, 0, sizeof(TSS_DAA_PK)); + + return TSPERR(TSS_E_OUTOFMEMORY); +} diff --git a/src/tspi/tsp_delegate.c b/src/tspi/tsp_delegate.c new file mode 100644 index 0000000..0319e58 --- /dev/null +++ b/src/tspi/tsp_delegate.c @@ -0,0 +1,865 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "obj.h" +#include "tsplog.h" +#include "tsp_delegate.h" +#include "authsess.h" + + +TSS_RESULT +do_delegate_manage(TSS_HTPM hTpm, UINT32 familyID, UINT32 opFlag, + UINT32 opDataSize, BYTE *opData, UINT32 *outDataSize, BYTE **outData) +{ + TSS_HCONTEXT hContext; + TSS_HPOLICY hPolicy; + UINT32 secretMode = TSS_SECRET_MODE_NONE; + Trspi_HashCtx hashCtx; + TCPA_DIGEST digest; + TPM_AUTH ownerAuth, *pAuth; + UINT32 retDataSize; + BYTE *retData = NULL; + TSS_RESULT result; + + if ((result = obj_tpm_get_tsp_context(hTpm, &hContext))) + return result; + + if ((result = obj_tpm_get_policy(hTpm, TSS_POLICY_USAGE, &hPolicy))) + return result; + + if (hPolicy != NULL_HPOLICY) { + if ((result = obj_policy_get_mode(hPolicy, &secretMode))) + return result; + } + + if (secretMode != TSS_SECRET_MODE_NONE) { + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_Delegate_Manage); + result |= Trspi_Hash_UINT32(&hashCtx, familyID); + result |= Trspi_Hash_UINT32(&hashCtx, opFlag); + result |= Trspi_Hash_UINT32(&hashCtx, opDataSize); + result |= Trspi_HashUpdate(&hashCtx, opDataSize, opData); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + pAuth = &ownerAuth; + if ((result = secret_PerformAuth_OIAP(hTpm, TPM_ORD_Delegate_Manage, hPolicy, FALSE, + &digest, pAuth))) + return result; + } else + pAuth = NULL; + + /* Perform the delegation operation */ + if ((result = TCS_API(hContext)->Delegate_Manage(hContext, familyID, opFlag, opDataSize, + opData, pAuth, &retDataSize, &retData))) + return result; + + if (pAuth) { + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_Delegate_Manage); + result |= Trspi_Hash_UINT32(&hashCtx, retDataSize); + result |= Trspi_HashUpdate(&hashCtx, retDataSize, retData); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) { + free(retData); + goto done; + } + + if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, pAuth))) { + free(retData); + goto done; + } + } + + *outDataSize = retDataSize; + *outData = retData; + +done: + return result; +} + +TSS_RESULT +create_owner_delegation(TSS_HTPM hTpm, + BYTE bLabel, + UINT32 ulFlags, + TSS_HPCRS hPcrs, + TSS_HDELFAMILY hFamily, + TSS_HPOLICY hDelegation) +{ + TSS_HCONTEXT hContext; + TSS_BOOL incrementCount = FALSE; + UINT32 type; + UINT32 publicInfoSize; + BYTE *publicInfo = NULL; + Trspi_HashCtx hashCtx; + TCPA_DIGEST digest; + UINT32 blobSize; + BYTE *blob = NULL; + TSS_RESULT result; + struct authsess *xsap = NULL; + + if ((result = obj_tpm_get_tsp_context(hTpm, &hContext))) + return result; + + if ((ulFlags & ~TSS_DELEGATE_INCREMENTVERIFICATIONCOUNT) > 0) + return TSPERR(TSS_E_BAD_PARAMETER); + + if (ulFlags & TSS_DELEGATE_INCREMENTVERIFICATIONCOUNT) + incrementCount = TRUE; + + if ((result = obj_policy_get_delegation_type(hDelegation, &type))) + return result; + + if (type != TSS_DELEGATIONTYPE_OWNER) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = __tspi_build_delegate_public_info(bLabel, hPcrs, hFamily, hDelegation, + &publicInfoSize, &publicInfo))) + return result; + + if ((result = authsess_xsap_init(hContext, hTpm, hDelegation, TSS_AUTH_POLICY_NOT_REQUIRED, + TPM_ORD_Delegate_CreateOwnerDelegation, TPM_ET_OWNER, + &xsap))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_Delegate_CreateOwnerDelegation); + result |= Trspi_Hash_BOOL(&hashCtx, incrementCount); + result |= Trspi_HashUpdate(&hashCtx, publicInfoSize, publicInfo); + result |= Trspi_Hash_DIGEST(&hashCtx, xsap->encAuthUse.authdata); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto done; + + if ((result = authsess_xsap_hmac(xsap, &digest))) + goto done; + + /* Create the delegation */ + if ((result = TCS_API(hContext)->Delegate_CreateOwnerDelegation(hContext, incrementCount, + publicInfoSize, publicInfo, + &xsap->encAuthUse, + xsap->pAuth, &blobSize, + &blob))) + goto done; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_Delegate_CreateOwnerDelegation); + result |= Trspi_Hash_UINT32(&hashCtx, blobSize); + result |= Trspi_HashUpdate(&hashCtx, blobSize, blob); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto done; + + if (authsess_xsap_verify(xsap, &digest)) { + result = TSPERR(TSS_E_TSP_AUTHFAIL); + goto done; + } + + result = obj_policy_set_delegation_blob(hDelegation, TSS_DELEGATIONTYPE_OWNER, + blobSize, blob); + +done: + authsess_free(xsap); + free(publicInfo); + free(blob); + + return result; +} + +TSS_RESULT +create_key_delegation(TSS_HKEY hKey, + BYTE bLabel, + UINT32 ulFlags, + TSS_HPCRS hPcrs, + TSS_HDELFAMILY hFamily, + TSS_HPOLICY hDelegation) +{ + TSS_HCONTEXT hContext; + UINT32 type; + TCS_KEY_HANDLE tcsKeyHandle; + UINT32 publicInfoSize; + BYTE *publicInfo = NULL; + Trspi_HashCtx hashCtx; + TCPA_DIGEST digest; + UINT32 blobSize; + BYTE *blob = NULL; + TSS_RESULT result; + struct authsess *xsap = NULL; + + if ((result = obj_rsakey_get_tsp_context(hKey, &hContext))) + return result; + + if (ulFlags != 0) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_policy_get_delegation_type(hDelegation, &type))) + return result; + + if (type != TSS_DELEGATIONTYPE_KEY) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_rsakey_get_tcs_handle(hKey, &tcsKeyHandle))) + return result; + + if ((result = __tspi_build_delegate_public_info(bLabel, hPcrs, hFamily, hDelegation, + &publicInfoSize, &publicInfo))) + return result; + + if ((result = authsess_xsap_init(hContext, hKey, hDelegation, TSS_AUTH_POLICY_REQUIRED, + TPM_ORD_Delegate_CreateKeyDelegation, TPM_ET_KEYHANDLE, + &xsap))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_Delegate_CreateKeyDelegation); + result |= Trspi_HashUpdate(&hashCtx, publicInfoSize, publicInfo); + result |= Trspi_Hash_ENCAUTH(&hashCtx, xsap->encAuthUse.authdata); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto done; + + if ((result = authsess_xsap_hmac(xsap, &digest))) + goto done; + + /* Create the delegation */ + if ((result = TCS_API(hContext)->Delegate_CreateKeyDelegation(hContext, tcsKeyHandle, + publicInfoSize, publicInfo, + &xsap->encAuthUse, + xsap->pAuth, &blobSize, + &blob))) + goto done; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_Delegate_CreateKeyDelegation); + result |= Trspi_Hash_UINT32(&hashCtx, blobSize); + result |= Trspi_HashUpdate(&hashCtx, blobSize, blob); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto done; + + if (authsess_xsap_verify(xsap, &digest)) { + result = TSPERR(TSS_E_TSP_AUTHFAIL); + goto done; + } + + result = obj_policy_set_delegation_blob(hDelegation, TSS_DELEGATIONTYPE_KEY, blobSize, + blob); + +done: + free(blob); + authsess_free(xsap); + free(publicInfo); + + return result; +} + +TSS_RESULT +update_delfamily_object(TSS_HTPM hTpm, UINT32 familyID) +{ + TSS_HCONTEXT hContext; + UINT32 familyTableSize, delegateTableSize; + BYTE *familyTable = NULL, *delegateTable = NULL; + UINT64 offset; + TPM_FAMILY_TABLE_ENTRY familyTableEntry; + TSS_BOOL familyState; + TSS_HDELFAMILY hFamily; + TSS_RESULT result; + + if ((result = obj_tpm_get_tsp_context(hTpm, &hContext))) + return result; + + if ((result = TCS_API(hContext)->Delegate_ReadTable(hContext, &familyTableSize, + &familyTable, &delegateTableSize, + &delegateTable))) + return result; + + for (offset = 0; offset < familyTableSize;) { + Trspi_UnloadBlob_TPM_FAMILY_TABLE_ENTRY(&offset, familyTable, &familyTableEntry); + if (familyTableEntry.familyID == familyID) { + obj_delfamily_find_by_familyid(hContext, familyID, &hFamily); + if (hFamily == NULL_HDELFAMILY) { + if ((result = obj_delfamily_add(hContext, &hFamily))) + goto done; + if ((result = obj_delfamily_set_familyid(hFamily, + familyTableEntry.familyID))) + goto done; + if ((result = obj_delfamily_set_label(hFamily, + familyTableEntry.label.label))) + goto done; + } + + /* Set/Update the family attributes */ + familyState = (familyTableEntry.flags & TPM_FAMFLAG_DELEGATE_ADMIN_LOCK) ? + TRUE : FALSE; + if ((result = obj_delfamily_set_locked(hFamily, familyState, FALSE))) + goto done; + familyState = (familyTableEntry.flags & TPM_FAMFLAG_ENABLE) ? TRUE : FALSE; + if ((result = obj_delfamily_set_enabled(hFamily, familyState, FALSE))) + goto done; + if ((result = obj_delfamily_set_vercount(hFamily, + familyTableEntry.verificationCount))) + goto done; + + break; + } + } + +done: + free(familyTable); + free(delegateTable); + + return result; +} + +TSS_RESULT +get_delegate_index(TSS_HCONTEXT hContext, UINT32 index, TPM_DELEGATE_PUBLIC *public) +{ + UINT32 familyTableSize, delegateTableSize; + BYTE *familyTable = NULL, *delegateTable = NULL; + UINT64 offset; + UINT32 tpmIndex; + TPM_DELEGATE_PUBLIC tempPublic; + TSS_RESULT result; + + if ((result = TCS_API(hContext)->Delegate_ReadTable(hContext, &familyTableSize, + &familyTable, &delegateTableSize, + &delegateTable))) + goto done; + + for (offset = 0; offset < delegateTableSize;) { + Trspi_UnloadBlob_UINT32(&offset, &tpmIndex, delegateTable); + if (tpmIndex == index) { + result = Trspi_UnloadBlob_TPM_DELEGATE_PUBLIC(&offset, delegateTable, public); + goto done; + } else { + if ((result = Trspi_UnloadBlob_TPM_DELEGATE_PUBLIC(&offset, delegateTable, &tempPublic))) + goto done; + } + + free(tempPublic.pcrInfo.pcrSelection.pcrSelect); + } + + /* Didn't find a matching index */ + result = TSPERR(TSS_E_BAD_PARAMETER); + +done: + free(familyTable); + free(delegateTable); + + return result; +} + +TSS_RESULT +__tspi_build_delegate_public_info(BYTE bLabel, + TSS_HPCRS hPcrs, + TSS_HDELFAMILY hFamily, + TSS_HPOLICY hDelegation, + UINT32 *publicInfoSize, + BYTE **publicInfo) +{ + TPM_DELEGATE_PUBLIC public; + UINT32 delegateType; + UINT32 pcrInfoSize; + BYTE *pcrInfo = NULL; + UINT64 offset; + TSS_RESULT result = TSS_SUCCESS; + + if (hDelegation == NULL_HPOLICY) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_policy_get_delegation_type(hDelegation, &delegateType))) + return result; + + /* This call will create a "null" PCR_INFO_SHORT if hPcrs is null */ + if ((result = obj_pcrs_create_info_short(hPcrs, &pcrInfoSize, &pcrInfo))) + return result; + + memset(&public, 0, sizeof(public)); + public.tag = TPM_TAG_DELEGATE_PUBLIC; + public.label.label = bLabel; + offset = 0; + if ((result = Trspi_UnloadBlob_PCR_INFO_SHORT(&offset, pcrInfo, &public.pcrInfo))) + goto done; + public.permissions.tag = TPM_TAG_DELEGATIONS; + public.permissions.delegateType = + (delegateType == TSS_DELEGATIONTYPE_OWNER) ? TPM_DEL_OWNER_BITS : TPM_DEL_KEY_BITS; + if ((result = obj_policy_get_delegation_per1(hDelegation, &public.permissions.per1))) + goto done; + if ((result = obj_policy_get_delegation_per2(hDelegation, &public.permissions.per2))) + goto done; + if ((result = obj_delfamily_get_familyid(hFamily, &public.familyID))) + goto done; + if ((result = obj_delfamily_get_vercount(hFamily, &public.verificationCount))) + goto done; + + offset = 0; + Trspi_LoadBlob_TPM_DELEGATE_PUBLIC(&offset, NULL, &public); + *publicInfoSize = offset; + *publicInfo = malloc(*publicInfoSize); + if (*publicInfo == NULL) { + LogError("malloc of %u bytes failed.", *publicInfoSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + offset = 0; + Trspi_LoadBlob_TPM_DELEGATE_PUBLIC(&offset, *publicInfo, &public); + +done: + free(pcrInfo); + free(public.pcrInfo.pcrSelection.pcrSelect); + + return result; +} + +#ifdef TSS_BUILD_TRANSPORT +TSS_RESULT +Transport_Delegate_Manage(TSS_HCONTEXT tspContext, /* in */ + TPM_FAMILY_ID familyID, /* in */ + TPM_FAMILY_OPERATION opFlag, /* in */ + UINT32 opDataSize, /* in */ + BYTE *opData, /* in */ + TPM_AUTH *ownerAuth, /* in, out */ + UINT32 *retDataSize, /* out */ + BYTE **retData) /* out */ +{ + TSS_RESULT result; + UINT32 handlesLen = 0, decLen, dataLen; + UINT64 offset; + BYTE *data, *dec = NULL; + + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + dataLen = sizeof(TPM_FAMILY_ID) + + sizeof(TPM_FAMILY_OPERATION) + + sizeof(UINT32) + + opDataSize; + if ((data = malloc(dataLen)) == NULL) { + LogError("malloc of %u bytes failed", dataLen); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + offset = 0; + Trspi_LoadBlob_UINT32(&offset, familyID, data); + Trspi_LoadBlob_UINT32(&offset, opFlag, data); + Trspi_LoadBlob_UINT32(&offset, opDataSize, data); + Trspi_LoadBlob(&offset, opDataSize, data, opData); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_Delegate_Manage, dataLen, + data, NULL, &handlesLen, NULL, ownerAuth, + NULL, &decLen, &dec))) { + free(data); + return result; + } + free(data); + + offset = 0; + Trspi_UnloadBlob_UINT32(&offset, retDataSize, dec); + + if ((*retData = malloc(*retDataSize)) == NULL) { + free(dec); + LogError("malloc of %u bytes failed", *retDataSize); + *retDataSize = 0; + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(&offset, *retDataSize, dec, *retData); + + free(dec); + + return result; +} + +TSS_RESULT +Transport_Delegate_CreateKeyDelegation(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE hKey, /* in */ + UINT32 publicInfoSize, /* in */ + BYTE *publicInfo, /* in */ + TPM_ENCAUTH *encDelAuth, /* in */ + TPM_AUTH *keyAuth, /* in, out */ + UINT32 *blobSize, /* out */ + BYTE **blob) /* out */ +{ + TSS_RESULT result; + UINT32 handlesLen, decLen, dataLen; + TCS_HANDLE *handles, handle; + TPM_DIGEST pubKeyHash; + Trspi_HashCtx hashCtx; + UINT64 offset; + BYTE *data, *dec = NULL; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + if ((result = obj_tcskey_get_pubkeyhash(hKey, pubKeyHash.digest))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_DIGEST(&hashCtx, pubKeyHash.digest); + if ((result |= Trspi_HashFinal(&hashCtx, pubKeyHash.digest))) + return result; + + handlesLen = 1; + handle = hKey; + handles = &handle; + + dataLen = publicInfoSize + sizeof(TPM_ENCAUTH); + if ((data = malloc(dataLen)) == NULL) { + LogError("malloc of %u bytes failed", dataLen); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + offset = 0; + Trspi_LoadBlob(&offset, publicInfoSize, data, publicInfo); + Trspi_LoadBlob(&offset, sizeof(TPM_ENCAUTH), data, encDelAuth->authdata); + + if ((result = obj_context_transport_execute(tspContext, + TPM_ORD_Delegate_CreateKeyDelegation, dataLen, + data, &pubKeyHash, &handlesLen, &handles, + keyAuth, NULL, &decLen, &dec))) { + free(data); + return result; + } + free(data); + + offset = 0; + Trspi_UnloadBlob_UINT32(&offset, blobSize, dec); + + if ((*blob = malloc(*blobSize)) == NULL) { + free(dec); + LogError("malloc of %u bytes failed", *blobSize); + *blobSize = 0; + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(&offset, *blobSize, dec, *blob); + + free(dec); + + return result; +} + +TSS_RESULT +Transport_Delegate_CreateOwnerDelegation(TSS_HCONTEXT tspContext, /* in */ + TSS_BOOL increment, /* in */ + UINT32 publicInfoSize, /* in */ + BYTE *publicInfo, /* in */ + TPM_ENCAUTH *encDelAuth, /* in */ + TPM_AUTH *ownerAuth, /* in, out */ + UINT32 *blobSize, /* out */ + BYTE **blob) /* out */ +{ + TSS_RESULT result; + UINT32 handlesLen = 0, decLen, dataLen; + UINT64 offset; + BYTE *data, *dec = NULL; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + dataLen = sizeof(TSS_BOOL) + publicInfoSize + sizeof(TPM_ENCAUTH); + if ((data = malloc(dataLen)) == NULL) { + LogError("malloc of %u bytes failed", dataLen); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + offset = 0; + Trspi_LoadBlob_BOOL(&offset, increment, data); + Trspi_LoadBlob(&offset, publicInfoSize, data, publicInfo); + Trspi_LoadBlob(&offset, sizeof(TPM_ENCAUTH), data, encDelAuth->authdata); + + if ((result = obj_context_transport_execute(tspContext, + TPM_ORD_Delegate_CreateOwnerDelegation, dataLen, + data, NULL, &handlesLen, NULL, ownerAuth, + NULL, &decLen, &dec))) { + free(data); + return result; + } + free(data); + + offset = 0; + Trspi_UnloadBlob_UINT32(&offset, blobSize, dec); + + if ((*blob = malloc(*blobSize)) == NULL) { + free(dec); + LogError("malloc of %u bytes failed", *blobSize); + *blobSize = 0; + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(&offset, *blobSize, dec, *blob); + + free(dec); + + return result; +} + +TSS_RESULT +Transport_Delegate_LoadOwnerDelegation(TSS_HCONTEXT tspContext, /* in */ + TPM_DELEGATE_INDEX index, /* in */ + UINT32 blobSize, /* in */ + BYTE *blob, /* in */ + TPM_AUTH *ownerAuth) /* in, out */ +{ + TSS_RESULT result; + UINT32 handlesLen = 0, dataLen, decLen; + UINT64 offset; + BYTE *data, *dec = NULL; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + dataLen = sizeof(TPM_DELEGATE_INDEX) + sizeof(UINT32) + blobSize; + if ((data = malloc(dataLen)) == NULL) { + LogError("malloc of %u bytes failed", dataLen); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + offset = 0; + Trspi_LoadBlob_UINT32(&offset, index, data); + Trspi_LoadBlob_UINT32(&offset, blobSize, data); + Trspi_LoadBlob(&offset, blobSize, data, blob); + + if ((result = obj_context_transport_execute(tspContext, + TPM_ORD_Delegate_LoadOwnerDelegation, dataLen, + data, NULL, &handlesLen, NULL, ownerAuth, + NULL, &decLen, &dec))) { + free(data); + return result; + } + free(data); + free(dec); + + return result; +} + +TSS_RESULT +Transport_Delegate_ReadTable(TSS_HCONTEXT tspContext, /* in */ + UINT32 *familyTableSize, /* out */ + BYTE **familyTable, /* out */ + UINT32 *delegateTableSize, /* out */ + BYTE **delegateTable) /* out */ +{ + TSS_RESULT result; + UINT32 handlesLen = 0, decLen; + UINT64 offset; + BYTE *dec = NULL; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_Delegate_ReadTable, 0, NULL, + NULL, &handlesLen, NULL, NULL, NULL, &decLen, + &dec))) + return result; + + offset = 0; + Trspi_UnloadBlob_UINT32(&offset, familyTableSize, dec); + + if ((*familyTable = malloc(*familyTableSize)) == NULL) { + free(dec); + LogError("malloc of %u bytes failed", *familyTableSize); + *familyTableSize = 0; + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(&offset, *familyTableSize, dec, *familyTable); + + Trspi_UnloadBlob_UINT32(&offset, delegateTableSize, dec); + + if ((*delegateTable = malloc(*delegateTableSize)) == NULL) { + free(dec); + free(*familyTable); + *familyTable = NULL; + *familyTableSize = 0; + LogError("malloc of %u bytes failed", *delegateTableSize); + *delegateTableSize = 0; + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(&offset, *delegateTableSize, dec, *delegateTable); + + free(dec); + + return result; +} + +TSS_RESULT +Transport_Delegate_UpdateVerificationCount(TSS_HCONTEXT tspContext, /* in */ + UINT32 inputSize, /* in */ + BYTE *input, /* in */ + TPM_AUTH *ownerAuth, /* in, out */ + UINT32 *outputSize, /* out */ + BYTE **output) /* out */ +{ + TSS_RESULT result; + UINT32 handlesLen = 0, decLen, dataLen; + UINT64 offset; + BYTE *data, *dec = NULL; + + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + dataLen = sizeof(UINT32) + inputSize; + if ((data = malloc(dataLen)) == NULL) { + LogError("malloc of %u bytes failed", dataLen); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + offset = 0; + Trspi_LoadBlob_UINT32(&offset, inputSize, data); + Trspi_LoadBlob(&offset, inputSize, data, input); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_Delegate_UpdateVerification, + dataLen, data, NULL, &handlesLen, NULL, + ownerAuth, NULL, &decLen, &dec))) { + free(data); + return result; + } + free(data); + + offset = 0; + Trspi_UnloadBlob_UINT32(&offset, outputSize, dec); + + if ((*output = malloc(*outputSize)) == NULL) { + free(dec); + LogError("malloc of %u bytes failed", *outputSize); + *outputSize = 0; + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(&offset, *outputSize, dec, *output); + + free(dec); + + return result; +} + +TSS_RESULT +Transport_Delegate_VerifyDelegation(TSS_HCONTEXT tspContext, /* in */ + UINT32 delegateSize, /* in */ + BYTE *delegate) /* in */ +{ + TSS_RESULT result; + UINT32 handlesLen = 0, dataLen, decLen; + UINT64 offset; + BYTE *data, *dec = NULL; + + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + dataLen = + sizeof(UINT32) + delegateSize; + if ((data = malloc(dataLen)) == NULL) { + LogError("malloc of %u bytes failed", dataLen); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + offset = 0; + Trspi_LoadBlob_UINT32(&offset, delegateSize, data); + Trspi_LoadBlob(&offset, delegateSize, data, delegate); + + result = obj_context_transport_execute(tspContext, TPM_ORD_Delegate_VerifyDelegation, + dataLen, data, NULL, &handlesLen, NULL, NULL, NULL, + &decLen, &dec); + free(data); + free(dec); + + return result; +} + +TSS_RESULT +Transport_DSAP(TSS_HCONTEXT tspContext, /* in */ + TPM_ENTITY_TYPE entityType, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + TPM_NONCE *nonceOddDSAP, /* in */ + UINT32 entityValueSize, /* in */ + BYTE * entityValue, /* in */ + TCS_AUTHHANDLE *authHandle, /* out */ + TPM_NONCE *nonceEven, /* out */ + TPM_NONCE *nonceEvenDSAP) /* out */ +{ + TSS_RESULT result; + UINT32 handlesLen, dataLen, decLen; + TCS_HANDLE *handles, handle; + TPM_DIGEST pubKeyHash; + Trspi_HashCtx hashCtx; + UINT64 offset; + BYTE *data, *dec = NULL; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + if ((result = obj_tcskey_get_pubkeyhash(keyHandle, pubKeyHash.digest))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_DIGEST(&hashCtx, pubKeyHash.digest); + if ((result |= Trspi_HashFinal(&hashCtx, pubKeyHash.digest))) + return result; + + dataLen = sizeof(TPM_ENTITY_TYPE) + sizeof(TPM_KEY_HANDLE) + + sizeof(TPM_NONCE) + + sizeof(UINT32) + + entityValueSize; + if ((data = malloc(dataLen)) == NULL) { + LogError("malloc of %u bytes failed", dataLen); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + handlesLen = 1; + handle = keyHandle; + handles = &handle; + + offset = 0; + Trspi_LoadBlob_UINT32(&offset, entityType, data); + Trspi_LoadBlob_UINT32(&offset, keyHandle, data); + Trspi_LoadBlob(&offset, sizeof(TPM_NONCE), data, nonceEvenDSAP->nonce); + Trspi_LoadBlob_UINT32(&offset, entityValueSize, data); + Trspi_LoadBlob(&offset, entityValueSize, data, entityValue); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_DSAP, dataLen, data, + &pubKeyHash, &handlesLen, &handles, NULL, NULL, + &decLen, &dec))) { + free(data); + return result; + } + free(data); + + offset = 0; + Trspi_UnloadBlob_UINT32(&offset, authHandle, dec); + + Trspi_UnloadBlob(&offset, sizeof(TPM_NONCE), dec, nonceEven->nonce); + Trspi_UnloadBlob(&offset, sizeof(TPM_NONCE), dec, nonceEvenDSAP->nonce); + + free(dec); + + return result; +} +#endif diff --git a/src/tspi/tsp_dir.c b/src/tspi/tsp_dir.c new file mode 100644 index 0000000..9e5bb94 --- /dev/null +++ b/src/tspi/tsp_dir.c @@ -0,0 +1,83 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + + +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +#ifdef TSS_BUILD_TRANSPORT +TSS_RESULT +Transport_DirWriteAuth(TSS_HCONTEXT tspContext, /* in */ + TCPA_DIRINDEX dirIndex, /* in */ + TCPA_DIRVALUE *newContents, /* in */ + TPM_AUTH * ownerAuth) /* in, out */ +{ + TSS_RESULT result; + UINT32 handlesLen = 0; + UINT64 offset; + BYTE data[sizeof(TCPA_DIRINDEX) + sizeof(TCPA_DIRVALUE)]; + + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + offset = 0; + Trspi_LoadBlob_UINT32(&offset, dirIndex, data); + Trspi_LoadBlob_DIGEST(&offset, data, (TPM_DIGEST *)newContents); + + result = obj_context_transport_execute(tspContext, TPM_ORD_DirWriteAuth, sizeof(data), data, + NULL, &handlesLen, NULL, ownerAuth, NULL, NULL, + NULL); + + return result; +} + +TSS_RESULT +Transport_DirRead(TSS_HCONTEXT tspContext, /* in */ + TCPA_DIRINDEX dirIndex, /* in */ + TCPA_DIRVALUE * dirValue) /* out */ +{ + TSS_RESULT result; + UINT32 handlesLen = 0, decLen; + UINT64 offset; + BYTE data[sizeof(TCPA_DIRINDEX)], *dec; + + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + offset = 0; + Trspi_LoadBlob_UINT32(&offset, dirIndex, data); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_DirRead, sizeof(data), data, + NULL, &handlesLen, NULL, NULL, NULL, &decLen, + &dec))) + return result; + + offset = 0; + Trspi_UnloadBlob_DIGEST(&offset, dec, dirValue); + + return result; +} +#endif + diff --git a/src/tspi/tsp_ek.c b/src/tspi/tsp_ek.c new file mode 100644 index 0000000..4c2ae4f --- /dev/null +++ b/src/tspi/tsp_ek.c @@ -0,0 +1,108 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +TSS_RESULT +owner_get_pubek(TSS_HCONTEXT tspContext, TSS_HTPM hTPM, TSS_HKEY *hPubEk) +{ + TSS_RESULT result; + UINT32 tpmVersion, pubEKSize; + TSS_HPOLICY hPolicy; + Trspi_HashCtx hashCtx; + BYTE *pubEK = NULL; + TSS_HKEY hRetKey; + TPM_AUTH ownerAuth; + TPM_DIGEST digest; + + + if ((result = obj_context_get_tpm_version(tspContext, &tpmVersion))) + return result; + + if ((result = obj_tpm_get_policy(hTPM, TSS_POLICY_USAGE, &hPolicy))) + return result; + + switch (tpmVersion) { + case 2: + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_OwnerReadInternalPub); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_KH_EK); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto done; + + if ((result = secret_PerformAuth_OIAP(hTPM, TPM_ORD_OwnerReadInternalPub, + hPolicy, FALSE, &digest, &ownerAuth))) + goto done; + + if ((result = TCS_API(tspContext)->OwnerReadInternalPub(tspContext, TPM_KH_EK, + &ownerAuth, &pubEKSize, + &pubEK))) + goto done; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_SUCCESS); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_OwnerReadInternalPub); + result |= Trspi_HashUpdate(&hashCtx, pubEKSize, pubEK); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto done; + + if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, &ownerAuth))) + goto done; + break; + default: + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_OwnerReadPubek); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto done; + + if ((result = secret_PerformAuth_OIAP(hTPM, TPM_ORD_OwnerReadPubek, hPolicy, FALSE, + &digest, &ownerAuth))) + goto done; + + if ((result = TCS_API(tspContext)->OwnerReadPubek(tspContext, &ownerAuth, + &pubEKSize, &pubEK))) + goto done; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_SUCCESS); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_OwnerReadPubek); + result |= Trspi_HashUpdate(&hashCtx, pubEKSize, pubEK); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto done; + + if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, &ownerAuth))) + goto done; + + break; + } + + if ((result = obj_rsakey_add(tspContext, TSS_KEY_SIZE_2048|TSS_KEY_TYPE_LEGACY, &hRetKey))) + goto done; + + if ((result = obj_rsakey_set_pubkey(hRetKey, TRUE, pubEK))) + goto done; + + *hPubEk = hRetKey; +done: + free(pubEK); + return result; +} diff --git a/src/tspi/tsp_get_flags.c b/src/tspi/tsp_get_flags.c new file mode 100644 index 0000000..f974052 --- /dev/null +++ b/src/tspi/tsp_get_flags.c @@ -0,0 +1,67 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + + +#include +#include +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +TSS_RESULT +get_tpm_flags(TSS_HCONTEXT tspContext, TSS_HTPM hTPM, UINT32 *volFlags, UINT32 *nonVolFlags) +{ + TCPA_DIGEST digest; + TPM_AUTH auth; + TCPA_VERSION version; + TSS_RESULT result; + TSS_HPOLICY hPolicy; + Trspi_HashCtx hashCtx; + + if ((result = obj_tpm_get_policy(hTPM, TSS_POLICY_USAGE, &hPolicy))) + return result; + + /* do an owner authorized get capability call */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_GetCapabilityOwner); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if ((result = secret_PerformAuth_OIAP(hTPM, TPM_ORD_GetCapabilityOwner, hPolicy, FALSE, + &digest, &auth))) + return result; + + if ((result = TCS_API(tspContext)->GetCapabilityOwner(tspContext, &auth, &version, + nonVolFlags, volFlags))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_GetCapabilityOwner); + result |= Trspi_Hash_VERSION(&hashCtx, (TSS_VERSION *)&version); + result |= Trspi_Hash_UINT32(&hashCtx, *nonVolFlags); + result |= Trspi_Hash_UINT32(&hashCtx, *volFlags); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + return obj_policy_validate_auth_oiap(hPolicy, &digest, &auth); +} diff --git a/src/tspi/tsp_key.c b/src/tspi/tsp_key.c new file mode 100644 index 0000000..d882527 --- /dev/null +++ b/src/tspi/tsp_key.c @@ -0,0 +1,337 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + + +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +void +free_key_refs(TSS_KEY *key) +{ + free(key->algorithmParms.parms); + key->algorithmParms.parms = NULL; + key->algorithmParms.parmSize = 0; + + free(key->pubKey.key); + key->pubKey.key = NULL; + key->pubKey.keyLength = 0; + + free(key->encData); + key->encData = NULL; + key->encSize = 0; + + free(key->PCRInfo); + key->PCRInfo = NULL; + key->PCRInfoSize = 0; +} + +void +LoadBlob_TSS_KEY(UINT64 *offset, BYTE *blob, TSS_KEY *key) +{ + if (key->hdr.key12.tag == TPM_TAG_KEY12) + Trspi_LoadBlob_KEY12(offset, blob, (TPM_KEY12 *)key); + else + Trspi_LoadBlob_KEY(offset, blob, (TCPA_KEY *)key); +} + +TSS_RESULT +UnloadBlob_TSS_KEY(UINT64 *offset, BYTE *blob, TSS_KEY *key) +{ + UINT16 tag; + UINT64 keyOffset = *offset; + TSS_RESULT result; + + Trspi_UnloadBlob_UINT16(&keyOffset, &tag, blob); + if (tag == TPM_TAG_KEY12) + result = Trspi_UnloadBlob_KEY12(offset, blob, (TPM_KEY12 *)key); + else + result = Trspi_UnloadBlob_KEY(offset, blob, (TCPA_KEY *)key); + + return result; +} + +TSS_RESULT +Hash_TSS_KEY(Trspi_HashCtx *c, TSS_KEY *key) +{ + TSS_RESULT result; + + if (key->hdr.key12.tag == TPM_TAG_KEY12) + result = Trspi_Hash_KEY12(c, (TPM_KEY12 *)key); + else + result = Trspi_Hash_KEY(c, (TCPA_KEY *)key); + + return result; +} + +void +LoadBlob_TSS_PRIVKEY_DIGEST(UINT64 *offset, BYTE *blob, TSS_KEY *key) +{ + if (key->hdr.key12.tag == TPM_TAG_KEY12) + Trspi_LoadBlob_PRIVKEY_DIGEST12(offset, blob, (TPM_KEY12 *)key); + else + Trspi_LoadBlob_PRIVKEY_DIGEST(offset, blob, (TCPA_KEY *)key); +} + +TSS_RESULT +Hash_TSS_PRIVKEY_DIGEST(Trspi_HashCtx *c, TSS_KEY *key) +{ + TSS_RESULT result; + + if (key->hdr.key12.tag == TPM_TAG_KEY12) + result = Trspi_Hash_PRIVKEY_DIGEST12(c, (TPM_KEY12 *)key); + else + result = Trspi_Hash_PRIVKEY_DIGEST(c, (TCPA_KEY *)key); + + return result; +} + +#ifdef TSS_BUILD_TRANSPORT +TSS_RESULT +Transport_EvictKey(TSS_HCONTEXT tspContext, + TCS_KEY_HANDLE hKey) +{ + TSS_RESULT result; + UINT32 handlesLen; + TCS_HANDLE *handles, handle; + TPM_DIGEST pubKeyHash; + Trspi_HashCtx hashCtx; + + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + if ((result = obj_tcskey_get_pubkeyhash(hKey, pubKeyHash.digest))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_DIGEST(&hashCtx, pubKeyHash.digest); + if ((result |= Trspi_HashFinal(&hashCtx, pubKeyHash.digest))) + return result; + + handlesLen = 1; + handle = hKey; + handles = &handle; + + result = obj_context_transport_execute(tspContext, TPM_ORD_EvictKey, 0, NULL, &pubKeyHash, + &handlesLen, &handles, NULL, NULL, NULL, NULL); + + return result; +} + +TSS_RESULT +Transport_GetPubKey(TSS_HCONTEXT tspContext, + TCS_KEY_HANDLE hKey, + TPM_AUTH *pAuth, + UINT32 *pcPubKeySize, + BYTE **prgbPubKey) +{ + TSS_RESULT result; + UINT32 handlesLen, decLen; + TCS_HANDLE *handles, handle; + BYTE *dec = NULL; + TPM_DIGEST pubKeyHash; + Trspi_HashCtx hashCtx; + + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + if ((result = obj_tcskey_get_pubkeyhash(hKey, pubKeyHash.digest))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_DIGEST(&hashCtx, pubKeyHash.digest); + if ((result |= Trspi_HashFinal(&hashCtx, pubKeyHash.digest))) + return result; + + handlesLen = 1; + handle = hKey; + handles = &handle; + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_GetPubKey, 0, NULL, + &pubKeyHash, &handlesLen, &handles, pAuth, NULL, + &decLen, &dec))) + return result; + + *prgbPubKey = dec; + *pcPubKeySize = decLen; + + return result; +} + +TSS_RESULT +Transport_CreateWrapKey(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE hWrappingKey, /* in */ + TPM_ENCAUTH *KeyUsageAuth, /* in */ + TPM_ENCAUTH *KeyMigrationAuth, /* in */ + UINT32 keyInfoSize, /* in */ + BYTE * keyInfo, /* in */ + UINT32 * keyDataSize, /* out */ + BYTE ** keyData, /* out */ + TPM_AUTH * pAuth) /* in, out */ +{ + TSS_RESULT result; + UINT32 handlesLen, decLen; + TCS_HANDLE *handles, handle; + BYTE *dec = NULL; + TPM_DIGEST pubKeyHash; + Trspi_HashCtx hashCtx; + UINT64 offset; + BYTE *data; + + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + if ((result = obj_tcskey_get_pubkeyhash(hWrappingKey, pubKeyHash.digest))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_DIGEST(&hashCtx, pubKeyHash.digest); + if ((result |= Trspi_HashFinal(&hashCtx, pubKeyHash.digest))) + return result; + + handlesLen = 1; + handle = hWrappingKey; + handles = &handle; + + if ((data = malloc(2 * sizeof(TPM_ENCAUTH) + keyInfoSize)) == NULL) { + LogError("malloc of %zd bytes failed", 2 * sizeof(TPM_ENCAUTH) + keyInfoSize); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + offset = 0; + Trspi_LoadBlob(&offset, sizeof(TPM_ENCAUTH), data, KeyUsageAuth->authdata); + Trspi_LoadBlob(&offset, sizeof(TPM_ENCAUTH), data, KeyMigrationAuth->authdata); + Trspi_LoadBlob(&offset, keyInfoSize, data, keyInfo); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_CreateWrapKey, + (2 * sizeof(TPM_ENCAUTH) + keyInfoSize), data, + &pubKeyHash, &handlesLen, &handles, pAuth, NULL, + &decLen, &dec))) + goto done; + + *keyDataSize = decLen; + *keyData = dec; +done: + free(data); + + return result; +} + +TSS_RESULT +Transport_LoadKeyByBlob(TSS_HCONTEXT tspContext, + TCS_KEY_HANDLE hParentKey, + UINT32 ulBlobLength, + BYTE* rgbBlobData, + TPM_AUTH* pAuth, + TCS_KEY_HANDLE* phKey, + TPM_KEY_HANDLE* phSlot) +{ + TSS_RESULT result; + UINT32 handlesLen, decLen; + TCS_HANDLE *handles, handle; + BYTE *dec = NULL; + TPM_DIGEST pubKeyHash; + Trspi_HashCtx hashCtx; + + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + if ((result = obj_tcskey_get_pubkeyhash(hParentKey, pubKeyHash.digest))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_DIGEST(&hashCtx, pubKeyHash.digest); + if ((result |= Trspi_HashFinal(&hashCtx, pubKeyHash.digest))) + return result; + + handlesLen = 1; + handle = hParentKey; + handles = &handle; + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_LoadKey2, ulBlobLength, + rgbBlobData, &pubKeyHash, &handlesLen, + &handles, pAuth, NULL, &decLen, &dec))) + return result; + + if (handlesLen == 1) + *phKey = *(TCS_KEY_HANDLE *)handles; + else + result = TSPERR(TSS_E_INTERNAL_ERROR); + + free(dec); + + return result; +} + +/* This function both encrypts the handle of the pubkey being requested and requires the hash + * of that pubkey for the transport log when logging is enabled. */ +TSS_RESULT +Transport_OwnerReadInternalPub(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE hKey, /* in */ + TPM_AUTH* pOwnerAuth, /* in, out */ + UINT32* punPubKeySize, /* out */ + BYTE** ppbPubKeyData) /* out */ +{ + UINT64 offset; + TSS_RESULT result; + UINT32 handlesLen = 0, decLen; + TPM_DIGEST pubKeyHash; + Trspi_HashCtx hashCtx; + BYTE *dec = NULL, data[sizeof(TCS_KEY_HANDLE)]; + + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + if ((result = obj_tcskey_get_pubkeyhash(hKey, pubKeyHash.digest))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_DIGEST(&hashCtx, pubKeyHash.digest); + if ((result |= Trspi_HashFinal(&hashCtx, pubKeyHash.digest))) + return result; + + offset = 0; + Trspi_LoadBlob_UINT32(&offset, hKey, data); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_OwnerReadInternalPub, + sizeof(data), data, &pubKeyHash, &handlesLen, + NULL, pOwnerAuth, NULL, &decLen, &dec))) + return result; + + *punPubKeySize = decLen; + *ppbPubKeyData = dec; + + return result; +} +#endif + diff --git a/src/tspi/tsp_maint.c b/src/tspi/tsp_maint.c new file mode 100644 index 0000000..3e50ddd --- /dev/null +++ b/src/tspi/tsp_maint.c @@ -0,0 +1,197 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + +#ifdef TSS_BUILD_TRANSPORT +TSS_RESULT +Transport_CreateMaintenanceArchive(TSS_HCONTEXT tspContext, /* in */ + TSS_BOOL generateRandom, /* in */ + TPM_AUTH * ownerAuth, /* in, out */ + UINT32 * randomSize, /* out */ + BYTE ** random, /* out */ + UINT32 * archiveSize, /* out */ + BYTE ** archive) /* out */ +{ + UINT64 offset; + TSS_RESULT result; + UINT32 handlesLen = 0, decLen; + BYTE *dec; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_CreateMaintenanceArchive, + sizeof(TSS_BOOL), (BYTE *)&generateRandom, NULL, + &handlesLen, NULL, ownerAuth, NULL, &decLen, + &dec))) + return result; + + offset = 0; + Trspi_UnloadBlob_UINT32(&offset, randomSize, dec); + if (*randomSize > 0) { + if ((*random = malloc(*randomSize)) == NULL) { + *randomSize = 0; + free(dec); + LogError("malloc of %u bytes failed", *randomSize); + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(&offset, *randomSize, dec, *random); + } + + Trspi_UnloadBlob_UINT32(&offset, archiveSize, dec); + if ((*archive = malloc(*archiveSize)) == NULL) { + free(*random); + *random = NULL; + *randomSize = 0; + free(dec); + LogError("malloc of %u bytes failed", *archiveSize); + *archiveSize = 0; + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(&offset, *archiveSize, dec, *archive); + free(dec); + + return result; +} + +TSS_RESULT +Transport_LoadMaintenanceArchive(TSS_HCONTEXT tspContext, /* in */ + UINT32 dataInSize, /* in */ + BYTE * dataIn, /* in */ + TPM_AUTH * ownerAuth, /* in, out */ + UINT32 * dataOutSize, /* out */ + BYTE ** dataOut) /* out */ +{ + UINT64 offset; + TSS_RESULT result; + UINT32 handlesLen = 0, decLen; + BYTE *dec; + + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_LoadMaintenanceArchive, + dataInSize, dataIn, NULL, &handlesLen, NULL, + ownerAuth, NULL, &decLen, &dec))) + return result; + + offset = 0; + Trspi_UnloadBlob_UINT32(&offset, dataOutSize, dec); + + /* sacrifice 4 bytes */ + *dataOut = &dec[offset]; + + return result; +} + +TSS_RESULT +Transport_KillMaintenanceFeature(TSS_HCONTEXT tspContext, /* in */ + TPM_AUTH * ownerAuth) /* in, out */ +{ + TSS_RESULT result; + UINT32 handlesLen = 0; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + return obj_context_transport_execute(tspContext, TPM_ORD_KillMaintenanceFeature, 0, NULL, + NULL, &handlesLen, NULL, ownerAuth, NULL, NULL, NULL); +} + +TSS_RESULT +Transport_LoadManuMaintPub(TSS_HCONTEXT tspContext, /* in */ + TCPA_NONCE antiReplay, /* in */ + UINT32 PubKeySize, /* in */ + BYTE * PubKey, /* in */ + TCPA_DIGEST * checksum) /* out */ +{ + UINT64 offset; + TSS_RESULT result; + UINT32 handlesLen = 0, dataLen, decLen; + BYTE *data, *dec; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + dataLen = sizeof(TCPA_NONCE) + PubKeySize; + if ((data = malloc(dataLen)) == NULL) { + LogError("malloc of %u bytes failed", dataLen); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + offset = 0; + Trspi_LoadBlob(&offset, TPM_SHA1_160_HASH_LEN, data, antiReplay.nonce); + Trspi_LoadBlob(&offset, PubKeySize, data, PubKey); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_LoadManuMaintPub, + dataLen, data, NULL, &handlesLen, NULL, NULL, + NULL, &decLen, &dec))) { + free(data); + return result; + } + free(data); + + offset = 0; + Trspi_UnloadBlob_DIGEST(&offset, dec, checksum); + free(dec); + + return result; +} + +TSS_RESULT +Transport_ReadManuMaintPub(TSS_HCONTEXT tspContext, /* in */ + TCPA_NONCE antiReplay, /* in */ + TCPA_DIGEST * checksum) /* out */ +{ + UINT64 offset; + TSS_RESULT result; + UINT32 handlesLen = 0, decLen; + BYTE *dec; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_ReadManuMaintPub, + sizeof(TCPA_NONCE), antiReplay.nonce, NULL, + &handlesLen, NULL, NULL, NULL, &decLen, + &dec))) + return result; + + offset = 0; + Trspi_UnloadBlob_DIGEST(&offset, dec, checksum); + free(dec); + + return result; +} +#endif + diff --git a/src/tspi/tsp_migration.c b/src/tspi/tsp_migration.c new file mode 100644 index 0000000..9c83753 --- /dev/null +++ b/src/tspi/tsp_migration.c @@ -0,0 +1,263 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + +#ifdef TSS_BUILD_TRANSPORT +TSS_RESULT +Transport_CreateMigrationBlob(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE parentHandle, /* in */ + TCPA_MIGRATE_SCHEME migrationType, /* in */ + UINT32 MigrationKeyAuthSize, /* in */ + BYTE * MigrationKeyAuth, /* in */ + UINT32 encDataSize, /* in */ + BYTE * encData, /* in */ + TPM_AUTH * parentAuth, /* in, out */ + TPM_AUTH * entityAuth, /* in, out */ + UINT32 * randomSize, /* out */ + BYTE ** random, /* out */ + UINT32 * outDataSize, /* out */ + BYTE ** outData) /* out */ +{ + UINT64 offset; + TSS_RESULT result; + UINT32 handlesLen, dataLen, decLen; + TCS_HANDLE *handles, handle; + TPM_DIGEST pubKeyHash; + Trspi_HashCtx hashCtx; + BYTE *data, *dec; + + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + if ((result = obj_tcskey_get_pubkeyhash(parentHandle, pubKeyHash.digest))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_DIGEST(&hashCtx, pubKeyHash.digest); + if ((result |= Trspi_HashFinal(&hashCtx, pubKeyHash.digest))) + return result; + + handlesLen = 1; + handle = parentHandle; + handles = &handle; + + dataLen = sizeof(TCPA_MIGRATE_SCHEME) + + MigrationKeyAuthSize + + sizeof(UINT32) + + encDataSize; + if ((data = malloc(dataLen)) == NULL) { + LogError("malloc of %u bytes failed", dataLen); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + offset = 0; + Trspi_LoadBlob_UINT16(&offset, migrationType, data); + Trspi_LoadBlob(&offset, MigrationKeyAuthSize, data, MigrationKeyAuth); + Trspi_LoadBlob_UINT32(&offset, encDataSize, data); + Trspi_LoadBlob(&offset, encDataSize, data, encData); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_CreateMigrationBlob, + dataLen, data, &pubKeyHash, &handlesLen, + &handles, parentAuth, entityAuth, &decLen, + &dec))) { + free(data); + return result; + } + free(data); + + offset = 0; + Trspi_UnloadBlob_UINT32(&offset, randomSize, dec); + + if ((*random = malloc(*randomSize)) == NULL) { + free(dec); + LogError("malloc of %u bytes failed", *randomSize); + *randomSize = 0; + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(&offset, *randomSize, dec, *random); + + Trspi_UnloadBlob_UINT32(&offset, outDataSize, dec); + + if ((*outData = malloc(*outDataSize)) == NULL) { + free(*random); + *random = NULL; + *randomSize = 0; + free(dec); + LogError("malloc of %u bytes failed", *outDataSize); + *outDataSize = 0; + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(&offset, *outDataSize, dec, *outData); + free(dec); + + return result; +} + +TSS_RESULT +Transport_ConvertMigrationBlob(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE parentHandle, /* in */ + UINT32 inDataSize, /* in */ + BYTE * inData, /* in */ + UINT32 randomSize, /* in */ + BYTE * random, /* in */ + TPM_AUTH * parentAuth, /* in, out */ + UINT32 * outDataSize, /* out */ + BYTE ** outData) /* out */ +{ + UINT64 offset; + TSS_RESULT result; + UINT32 handlesLen, dataLen, decLen; + TCS_HANDLE *handles, handle; + TPM_DIGEST pubKeyHash; + Trspi_HashCtx hashCtx; + BYTE *data, *dec; + + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + if ((result = obj_tcskey_get_pubkeyhash(parentHandle, pubKeyHash.digest))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_DIGEST(&hashCtx, pubKeyHash.digest); + if ((result |= Trspi_HashFinal(&hashCtx, pubKeyHash.digest))) + return result; + + handlesLen = 1; + handle = parentHandle; + handles = &handle; + + dataLen = (2 * sizeof(UINT32)) + randomSize + inDataSize; + if ((data = malloc(dataLen)) == NULL) { + LogError("malloc of %u bytes failed", dataLen); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + offset = 0; + Trspi_LoadBlob_UINT32(&offset, inDataSize, data); + Trspi_LoadBlob(&offset, inDataSize, data, inData); + Trspi_LoadBlob_UINT32(&offset, randomSize, data); + Trspi_LoadBlob(&offset, randomSize, data, random); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_ConvertMigrationBlob, + dataLen, data, &pubKeyHash, &handlesLen, + &handles, parentAuth, NULL, &decLen, &dec))) { + free(data); + return result; + } + free(data); + + offset = 0; + Trspi_UnloadBlob_UINT32(&offset, outDataSize, dec); + + if ((*outData = malloc(*outDataSize)) == NULL) { + free(dec); + LogError("malloc of %u bytes failed", *outDataSize); + *outDataSize = 0; + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(&offset, *outDataSize, dec, *outData); + free(dec); + + return result; +} + +TSS_RESULT +Transport_AuthorizeMigrationKey(TSS_HCONTEXT tspContext, /* in */ + TCPA_MIGRATE_SCHEME migrateScheme, /* in */ + UINT32 MigrationKeySize, /* in */ + BYTE * MigrationKey, /* in */ + TPM_AUTH * ownerAuth, /* in, out */ + UINT32 * MigrationKeyAuthSize, /* out */ + BYTE ** MigrationKeyAuth) /* out */ +{ + UINT64 offset; + UINT16 tpmMigrateScheme; + TSS_RESULT result; + UINT32 handlesLen = 0, dataLen, decLen; + BYTE *data, *dec; + + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + /* The TSS_MIGRATE_SCHEME must be changed to a TPM_MIGRATE_SCHEME here, since the TCS + * expects a TSS migrate scheme, but this could be wrapped by the TSP before it gets to the + * TCS. */ + switch (migrateScheme) { + case TSS_MS_MIGRATE: + tpmMigrateScheme = TCPA_MS_MIGRATE; + break; + case TSS_MS_REWRAP: + tpmMigrateScheme = TCPA_MS_REWRAP; + break; + case TSS_MS_MAINT: + tpmMigrateScheme = TCPA_MS_MAINT; + break; +#ifdef TSS_BUILD_CMK + case TSS_MS_RESTRICT_MIGRATE: + tpmMigrateScheme = TPM_MS_RESTRICT_MIGRATE; + break; + + case TSS_MS_RESTRICT_APPROVE_DOUBLE: + tpmMigrateScheme = TPM_MS_RESTRICT_APPROVE_DOUBLE; + break; +#endif + default: + return TSPERR(TSS_E_BAD_PARAMETER); + break; + } + + dataLen = sizeof(TCPA_MIGRATE_SCHEME) + MigrationKeySize; + if ((data = malloc(dataLen)) == NULL) { + LogError("malloc of %u bytes failed", dataLen); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + offset = 0; + Trspi_LoadBlob_UINT16(&offset, tpmMigrateScheme, data); + Trspi_LoadBlob(&offset, MigrationKeySize, data, MigrationKey); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_AuthorizeMigrationKey, + dataLen, data, NULL, &handlesLen, NULL, + ownerAuth, NULL, &decLen, &dec))) { + free(data); + return result; + } + free(data); + + *MigrationKeyAuthSize = decLen; + *MigrationKeyAuth = dec; + + return result; +} + +#endif + diff --git a/src/tspi/tsp_nv.c b/src/tspi/tsp_nv.c new file mode 100644 index 0000000..511a6c9 --- /dev/null +++ b/src/tspi/tsp_nv.c @@ -0,0 +1,245 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +#ifdef TSS_BUILD_TRANSPORT +TSS_RESULT +Transport_NV_DefineOrReleaseSpace(TSS_HCONTEXT tspContext, /* in */ + UINT32 cPubInfoSize, /* in */ + BYTE* pPubInfo, /* in */ + TCPA_ENCAUTH encAuth, /* in */ + TPM_AUTH* pAuth) /* in, out */ +{ + TSS_RESULT result; + UINT32 dataLen; + UINT64 offset; + TCS_HANDLE handlesLen = 0; + BYTE *data; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + dataLen = sizeof(TCPA_ENCAUTH) + cPubInfoSize; + if ((data = malloc(dataLen)) == NULL) { + LogError("malloc of %u bytes failed", dataLen); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + offset = 0; + Trspi_LoadBlob(&offset, cPubInfoSize, data, pPubInfo); + Trspi_LoadBlob(&offset, TPM_SHA1_160_HASH_LEN, data, encAuth.authdata); + + result = obj_context_transport_execute(tspContext, TPM_ORD_NV_DefineSpace, dataLen, data, + NULL, &handlesLen, NULL, pAuth, NULL, NULL, NULL); + free(data); + + return result; +} + +TSS_RESULT +Transport_NV_WriteValue(TSS_HCONTEXT tspContext, /* in */ + TSS_NV_INDEX hNVStore, /* in */ + UINT32 offset, /* in */ + UINT32 ulDataLength, /* in */ + BYTE* rgbDataToWrite, /* in */ + TPM_AUTH* privAuth) /* in, out */ +{ + TSS_RESULT result; + UINT32 dataLen; + UINT64 offset64; + TCS_HANDLE handlesLen = 0; + BYTE *data; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + dataLen = sizeof(TSS_NV_INDEX) + (2 * sizeof(UINT32)) + ulDataLength; + if ((data = malloc(dataLen)) == NULL) { + LogError("malloc of %u bytes failed", dataLen); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + offset64 = 0; + Trspi_LoadBlob_UINT32(&offset64, hNVStore, data); + Trspi_LoadBlob_UINT32(&offset64, offset, data); + Trspi_LoadBlob_UINT32(&offset64, ulDataLength, data); + Trspi_LoadBlob(&offset64, ulDataLength, data, rgbDataToWrite); + + result = obj_context_transport_execute(tspContext, TPM_ORD_NV_WriteValue, dataLen, data, + NULL, &handlesLen, NULL, privAuth, NULL, NULL, NULL); + free(data); + + return result; +} + +TSS_RESULT +Transport_NV_WriteValueAuth(TSS_HCONTEXT tspContext, /* in */ + TSS_NV_INDEX hNVStore, /* in */ + UINT32 offset, /* in */ + UINT32 ulDataLength, /* in */ + BYTE* rgbDataToWrite, /* in */ + TPM_AUTH* NVAuth) /* in, out */ +{ + TSS_RESULT result; + UINT32 dataLen; + UINT64 offset64; + TCS_HANDLE handlesLen = 0; + BYTE *data; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + dataLen = sizeof(TSS_NV_INDEX) + (2 * sizeof(UINT32)) + ulDataLength; + if ((data = malloc(dataLen)) == NULL) { + LogError("malloc of %u bytes failed", dataLen); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + offset64 = 0; + Trspi_LoadBlob_UINT32(&offset64, hNVStore, data); + Trspi_LoadBlob_UINT32(&offset64, offset, data); + Trspi_LoadBlob_UINT32(&offset64, ulDataLength, data); + Trspi_LoadBlob(&offset64, ulDataLength, data, rgbDataToWrite); + + result = obj_context_transport_execute(tspContext, TPM_ORD_NV_WriteValueAuth, dataLen, data, + NULL, &handlesLen, NULL, NVAuth, NULL, NULL, NULL); + free(data); + + return result; +} + + +TSS_RESULT +Transport_NV_ReadValue(TSS_HCONTEXT tspContext, /* in */ + TSS_NV_INDEX hNVStore, /* in */ + UINT32 offset, /* in */ + UINT32* pulDataLength, /* in, out */ + TPM_AUTH* privAuth, /* in, out */ + BYTE** rgbDataRead) /* out */ +{ + TSS_RESULT result; + UINT32 dataLen, decLen; + UINT64 offset64; + TCS_HANDLE handlesLen = 0; + BYTE *data, *dec; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + dataLen = sizeof(TSS_NV_INDEX) + sizeof(UINT32) + *pulDataLength; + if ((data = malloc(dataLen)) == NULL) { + LogError("malloc of %u bytes failed", dataLen); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + offset64 = 0; + Trspi_LoadBlob_UINT32(&offset64, hNVStore, data); + Trspi_LoadBlob_UINT32(&offset64, offset, data); + Trspi_LoadBlob_UINT32(&offset64, *pulDataLength, data); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_NV_ReadValue, dataLen, data, + NULL, &handlesLen, NULL, privAuth, NULL, + &decLen, &dec))) { + free(data); + return result; + } + free(data); + + offset64 = 0; + Trspi_UnloadBlob_UINT32(&offset64, pulDataLength, dec); + + if ((*rgbDataRead = malloc(*pulDataLength)) == NULL) { + free(dec); + LogError("malloc of %u bytes failed", *pulDataLength); + *pulDataLength = 0; + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(&offset64, *pulDataLength, dec, *rgbDataRead); + free(dec); + + return result; +} + + +TSS_RESULT +Transport_NV_ReadValueAuth(TSS_HCONTEXT tspContext, /* in */ + TSS_NV_INDEX hNVStore, /* in */ + UINT32 offset, /* in */ + UINT32* pulDataLength, /* in, out */ + TPM_AUTH* NVAuth, /* in, out */ + BYTE** rgbDataRead) /* out */ +{ + TSS_RESULT result; + UINT32 dataLen, decLen; + UINT64 offset64; + TCS_HANDLE handlesLen = 0; + BYTE *data, *dec; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + dataLen = sizeof(TSS_NV_INDEX) + sizeof(UINT32) + *pulDataLength; + if ((data = malloc(dataLen)) == NULL) { + LogError("malloc of %u bytes failed", dataLen); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + offset64 = 0; + Trspi_LoadBlob_UINT32(&offset64, hNVStore, data); + Trspi_LoadBlob_UINT32(&offset64, offset, data); + Trspi_LoadBlob_UINT32(&offset64, *pulDataLength, data); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_NV_ReadValueAuth, dataLen, + data, NULL, &handlesLen, NULL, NVAuth, NULL, + &decLen, &dec))) { + free(data); + return result; + } + free(data); + + offset64 = 0; + Trspi_UnloadBlob_UINT32(&offset64, pulDataLength, dec); + + if ((*rgbDataRead = malloc(*pulDataLength)) == NULL) { + free(dec); + LogError("malloc of %u bytes failed", *pulDataLength); + *pulDataLength = 0; + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(&offset64, *pulDataLength, dec, *rgbDataRead); + free(dec); + + return result; +} + +#endif diff --git a/src/tspi/tsp_oper.c b/src/tspi/tsp_oper.c new file mode 100644 index 0000000..092b5ce --- /dev/null +++ b/src/tspi/tsp_oper.c @@ -0,0 +1,48 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +#ifdef TSS_BUILD_TRANSPORT +TSS_RESULT +Transport_SetOperatorAuth(TSS_HCONTEXT tspContext, /* in */ + TCPA_SECRET *operatorAuth) /* in */ +{ + TSS_RESULT result; + UINT64 offset; + TCS_HANDLE handlesLen = 0; + BYTE data[sizeof(TCPA_SECRET)]; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + offset = 0; + Trspi_LoadBlob(&offset, TPM_SHA1_160_HASH_LEN, data, operatorAuth->authdata); + + return obj_context_transport_execute(tspContext, TPM_ORD_SetOperatorAuth, sizeof(data), + data, NULL, &handlesLen, NULL, NULL, NULL, NULL, NULL); +} +#endif diff --git a/src/tspi/tsp_own.c b/src/tspi/tsp_own.c new file mode 100644 index 0000000..812277a --- /dev/null +++ b/src/tspi/tsp_own.c @@ -0,0 +1,193 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +TSS_RESULT +secret_TakeOwnership(TSS_HKEY hEndorsementPubKey, + TSS_HTPM hTPM, + TSS_HKEY hKeySRK, + TPM_AUTH * auth, + UINT32 * encOwnerAuthLength, + BYTE * encOwnerAuth, UINT32 * encSRKAuthLength, BYTE * encSRKAuth) +{ + TSS_RESULT result; + UINT32 endorsementKeySize; + BYTE *endorsementKey; + TSS_KEY dummyKey; + UINT64 offset; + TCPA_SECRET ownerSecret; + TCPA_SECRET srkSecret; + TCPA_DIGEST digest; + TSS_HPOLICY hSrkPolicy; + TSS_HPOLICY hOwnerPolicy; + UINT32 srkKeyBlobLength; + BYTE *srkKeyBlob; + TSS_HCONTEXT tspContext; + UINT32 ownerMode, srkMode; + Trspi_HashCtx hashCtx; + + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + /************************************************* + * First, get the policy objects and check them for how + * to handle the secrets. If they cannot be found + * or there is an error, then we must fail + **************************************************/ + + /* First get the Owner Policy */ + if ((result = obj_tpm_get_policy(hTPM, TSS_POLICY_USAGE, &hOwnerPolicy))) + return result; + + /* Now get the SRK Policy */ + if ((result = obj_rsakey_get_policy(hKeySRK, TSS_POLICY_USAGE, &hSrkPolicy, NULL))) + return result; + + if ((result = obj_policy_get_mode(hOwnerPolicy, &ownerMode))) + return result; + + if ((result = obj_policy_get_mode(hSrkPolicy, &srkMode))) + return result; + + /* If the policy callback's aren't the same, that's an error if one is callback */ + if (srkMode == TSS_SECRET_MODE_CALLBACK || ownerMode == TSS_SECRET_MODE_CALLBACK) { + if (srkMode != TSS_SECRET_MODE_CALLBACK || ownerMode != TSS_SECRET_MODE_CALLBACK) { + LogError("Policy callback modes for SRK policy and Owner policy differ."); + return TSPERR(TSS_E_BAD_PARAMETER); + } + } + + if (ownerMode != TSS_SECRET_MODE_CALLBACK) { + /* First, get the Endorsement Public Key for Encrypting */ + if ((result = obj_rsakey_get_blob(hEndorsementPubKey, &endorsementKeySize, + &endorsementKey))) + return result; + + /* now stick it in a Key Structure */ + offset = 0; + if ((result = UnloadBlob_TSS_KEY(&offset, endorsementKey, &dummyKey))) { + free_tspi(tspContext, endorsementKey); + return result; + } + free_tspi(tspContext, endorsementKey); + + if ((result = obj_policy_get_secret(hOwnerPolicy, TR_SECRET_CTX_NEW, + &ownerSecret))) { + free(dummyKey.pubKey.key); + free(dummyKey.algorithmParms.parms); + return result; + } + + if ((result = obj_policy_get_secret(hSrkPolicy, TR_SECRET_CTX_NEW, &srkSecret))) { + free(dummyKey.pubKey.key); + free(dummyKey.algorithmParms.parms); + return result; + } + + /* Encrypt the Owner, SRK Authorizations */ + if ((result = Trspi_RSA_Encrypt(ownerSecret.authdata, 20, encOwnerAuth, + encOwnerAuthLength, dummyKey.pubKey.key, + dummyKey.pubKey.keyLength))) { + free(dummyKey.pubKey.key); + free(dummyKey.algorithmParms.parms); + return result; + } + + if ((result = Trspi_RSA_Encrypt(srkSecret.authdata, 20, encSRKAuth, + encSRKAuthLength, dummyKey.pubKey.key, + dummyKey.pubKey.keyLength))) { + free(dummyKey.pubKey.key); + free(dummyKey.algorithmParms.parms); + return result; + } + + free(dummyKey.pubKey.key); + free(dummyKey.algorithmParms.parms); + } else { + *encOwnerAuthLength = 256; + *encSRKAuthLength = 256; + if ((result = obj_policy_do_takeowner(hOwnerPolicy, hTPM, hEndorsementPubKey, + *encOwnerAuthLength, encOwnerAuth))) + return result; + } + + if ((result = obj_rsakey_get_blob(hKeySRK, &srkKeyBlobLength, &srkKeyBlob))) + return result; + + /* Authorizatin Digest Calculation */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_TakeOwnership); + result |= Trspi_Hash_UINT16(&hashCtx, TCPA_PID_OWNER); + result |= Trspi_Hash_UINT32(&hashCtx, *encOwnerAuthLength); + result |= Trspi_HashUpdate(&hashCtx, *encOwnerAuthLength, encOwnerAuth); + result |= Trspi_Hash_UINT32(&hashCtx, *encSRKAuthLength); + result |= Trspi_HashUpdate(&hashCtx, *encSRKAuthLength, encSRKAuth); + result |= Trspi_HashUpdate(&hashCtx, srkKeyBlobLength, srkKeyBlob); + free_tspi(tspContext, srkKeyBlob); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + /* HMAC for the final digest */ + if ((result = secret_PerformAuth_OIAP(hTPM, TPM_ORD_TakeOwnership, hOwnerPolicy, FALSE, + &digest, auth))) + return result; + + return TSS_SUCCESS; +} + +#ifdef TSS_BUILD_TRANSPORT +TSS_RESULT +Transport_OwnerClear(TSS_HCONTEXT tspContext, /* in */ + TPM_AUTH * ownerAuth) /* in, out */ +{ + TSS_RESULT result; + UINT32 handlesLen = 0; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + return obj_context_transport_execute(tspContext, TPM_ORD_OwnerClear, 0, NULL, NULL, + &handlesLen, NULL, ownerAuth, NULL, NULL, NULL); +} + +TSS_RESULT +Transport_ForceClear(TSS_HCONTEXT tspContext) /* in */ +{ + TSS_RESULT result; + UINT32 handlesLen = 0; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + return obj_context_transport_execute(tspContext, TPM_ORD_ForceClear, 0, NULL, NULL, + &handlesLen, NULL, NULL, NULL, NULL, NULL); +} +#endif + diff --git a/src/tspi/tsp_pcr.c b/src/tspi/tsp_pcr.c new file mode 100644 index 0000000..cc562d7 --- /dev/null +++ b/src/tspi/tsp_pcr.c @@ -0,0 +1,148 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + + +#include +#include +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +UINT16 +get_num_pcrs(TSS_HCONTEXT tspContext) +{ + TSS_RESULT result; + static UINT16 ret = 0; + UINT32 subCap; + UINT32 respSize; + BYTE *resp; + + if (ret != 0) + return ret; + + subCap = endian32(TPM_CAP_PROP_PCR); + if ((result = TCS_API(tspContext)->GetTPMCapability(tspContext, TPM_CAP_PROPERTY, + sizeof(UINT32), (BYTE *)&subCap, + &respSize, &resp))) { + if ((resp = (BYTE *)getenv("TSS_DEFAULT_NUM_PCRS")) == NULL) + return TSS_DEFAULT_NUM_PCRS; + + /* don't set ret here, next time we may be connected */ + return atoi((char *)resp); + } + + ret = (UINT16)Decode_UINT32(resp); + free(resp); + + return ret; +} + +TSS_RESULT +pcrs_calc_composite(TPM_PCR_SELECTION *select, TPM_PCRVALUE *arrayOfPcrs, TPM_DIGEST *digestOut) +{ + UINT32 size, index; + BYTE mask; + BYTE hashBlob[1024]; + UINT32 numPCRs = 0; + UINT64 offset = 0; + UINT64 sizeOffset = 0; + + if (select->sizeOfSelect > 0) { + sizeOffset = 0; + Trspi_LoadBlob_PCR_SELECTION(&sizeOffset, hashBlob, select); + offset = sizeOffset + 4; + + for (size = 0; size < select->sizeOfSelect; size++) { + for (index = 0, mask = 1; index < 8; index++, mask = mask << 1) { + if (select->pcrSelect[size] & mask) { + memcpy(&hashBlob[(numPCRs * TPM_SHA1_160_HASH_LEN) + offset], + arrayOfPcrs[index + (size << 3)].digest, + TPM_SHA1_160_HASH_LEN); + numPCRs++; + } + } + } + + if (numPCRs > 0) { + offset += (numPCRs * TPM_SHA1_160_HASH_LEN); + UINT32ToArray(numPCRs * TPM_SHA1_160_HASH_LEN, &hashBlob[sizeOffset]); + + return Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob, digestOut->digest); + } + } + + return TSPERR(TSS_E_INTERNAL_ERROR); +} + +TSS_RESULT +pcrs_sanity_check_selection(TSS_HCONTEXT tspContext, + struct tr_pcrs_obj *pcrs, + TPM_PCR_SELECTION *select) +{ + UINT16 num_pcrs, bytes_to_hold; + + if ((num_pcrs = get_num_pcrs(tspContext)) == 0) + return TSPERR(TSS_E_INTERNAL_ERROR); + + bytes_to_hold = num_pcrs / 8; + + /* Is the current select object going to be interpretable by the TPM? + * If the select object is of a size greater than the one the TPM + * wants, just calculate the composite hash and let the TPM return an + * error code to the user. If its less than the size of the one the + * TPM wants, add extra zero bytes until its the right size. */ + if (bytes_to_hold > select->sizeOfSelect) { + if ((select->pcrSelect = realloc(select->pcrSelect, bytes_to_hold)) == NULL) { + LogError("malloc of %hu bytes failed.", bytes_to_hold); + return TSPERR(TSS_E_OUTOFMEMORY); + } + /* set the newly allocated bytes to 0 */ + memset(&select->pcrSelect[select->sizeOfSelect], 0, + bytes_to_hold - select->sizeOfSelect); + select->sizeOfSelect = bytes_to_hold; + + /* realloc the pcr array as well */ + if ((pcrs->pcrs = realloc(pcrs->pcrs, + (bytes_to_hold * 8) * TPM_SHA1_160_HASH_LEN)) == NULL) { + LogError("malloc of %d bytes failed.", + (bytes_to_hold * 8) * TPM_SHA1_160_HASH_LEN); + return TSPERR(TSS_E_OUTOFMEMORY); + } + } + +#ifdef TSS_DEBUG + { + int i; + for (i = 0; i < select->sizeOfSelect * 8; i++) { + if (select->pcrSelect[i/8] & (1 << (i % 8))) { + LogDebug("PCR%d: Selected", i); + LogBlobData(APPID, TPM_SHA1_160_HASH_LEN, + (unsigned char *)&pcrs->pcrs[i]); + } else { + LogDebug("PCR%d: Not Selected", i); + } + } + } +#endif + + return TSS_SUCCESS; +} diff --git a/src/tspi/tsp_pcr_extend.c b/src/tspi/tsp_pcr_extend.c new file mode 100644 index 0000000..cd7ada1 --- /dev/null +++ b/src/tspi/tsp_pcr_extend.c @@ -0,0 +1,112 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +#ifdef TSS_BUILD_TRANSPORT +TSS_RESULT +Transport_Extend(TSS_HCONTEXT tspContext, /* in */ + TCPA_PCRINDEX pcrNum, /* in */ + TCPA_DIGEST inDigest, /* in */ + TCPA_PCRVALUE * outDigest) /* out */ +{ + TSS_RESULT result; + UINT64 offset; + TCS_HANDLE handlesLen = 0; + UINT32 decLen; + BYTE data[sizeof(TCPA_PCRINDEX) + sizeof(TCPA_DIGEST)], *dec; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + offset = 0; + Trspi_LoadBlob_UINT32(&offset, pcrNum, data); + Trspi_LoadBlob(&offset, TPM_SHA1_160_HASH_LEN, data, inDigest.digest); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_Extend, sizeof(data), data, + NULL, &handlesLen, NULL, NULL, NULL, &decLen, + &dec))) + return result; + + offset = 0; + Trspi_UnloadBlob(&offset, decLen, dec, outDigest->digest); + + free(dec); + + return TSS_SUCCESS; +} + +TSS_RESULT +Transport_PcrRead(TSS_HCONTEXT tspContext, /* in */ + TCPA_PCRINDEX pcrNum, /* in */ + TCPA_PCRVALUE * outDigest) /* out */ +{ + TSS_RESULT result; + UINT64 offset; + TCS_HANDLE handlesLen = 0; + UINT32 decLen; + BYTE data[sizeof(TCPA_PCRINDEX)], *dec; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + offset = 0; + Trspi_LoadBlob_UINT32(&offset, pcrNum, data); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_PcrRead, sizeof(data), + data, NULL, &handlesLen, NULL, NULL, NULL, + &decLen, &dec))) + return result; + + offset = 0; + Trspi_UnloadBlob(&offset, decLen, dec, outDigest->digest); + + free(dec); + + return TSS_SUCCESS; +} + + +TSS_RESULT +Transport_PcrReset(TSS_HCONTEXT tspContext, /* in */ + UINT32 pcrDataSizeIn, /* in */ + BYTE * pcrDataIn) /* in */ +{ + TSS_RESULT result; + TCS_HANDLE handlesLen = 0; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + return obj_context_transport_execute(tspContext, TPM_ORD_PCR_Reset, pcrDataSizeIn, + pcrDataIn, NULL, &handlesLen, NULL, NULL, NULL, NULL, + NULL); +} +#endif diff --git a/src/tspi/tsp_policy.c b/src/tspi/tsp_policy.c new file mode 100644 index 0000000..9d5ec5d --- /dev/null +++ b/src/tspi/tsp_policy.c @@ -0,0 +1,123 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004, 2005 + * + */ + + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + +#define PGSIZE sysconf(_SC_PAGESIZE) +#define PGOFFSET (PGSIZE - 1) +#define PGMASK (~PGOFFSET) + +/* + * popup_GetSecret() + * + * newPIN - non-zero to popup the dialog to enter a new PIN, zero to popup a dialog + * to enter an existing PIN + * hash_mode - flag indicating whether to include null terminating data in the hash + * of the secret (1.2 backport only). + * popup_str - string to appear in the title bar of the popup dialog + * auth_hash - the 20+ byte buffer that receives the SHA1 hash of the auth data + * entered into the dialog box + * + */ +TSS_RESULT +popup_GetSecret(UINT32 new_pin, UINT32 hash_mode, BYTE *popup_str, void *auth_hash) +{ + BYTE secret[UI_MAX_SECRET_STRING_LENGTH] = { 0 }; + BYTE *dflt = (BYTE *)"TSS Authentication Dialog"; + UINT32 secret_len = 0; + TSS_RESULT result; + + if (popup_str == NULL) + popup_str = dflt; + + /* pin the area where the secret will be put in memory */ + if (pin_mem(&secret, UI_MAX_SECRET_STRING_LENGTH)) { + LogError("Failed to pin secret in memory."); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + if (new_pin) + DisplayNewPINWindow(secret, &secret_len, popup_str); + else + DisplayPINWindow(secret, &secret_len, popup_str); + + if (!secret_len) { + unpin_mem(&secret, UI_MAX_SECRET_STRING_LENGTH); + return TSPERR(TSS_E_POLICY_NO_SECRET); + } + + if (hash_mode == TSS_TSPATTRIB_HASH_MODE_NOT_NULL) + secret_len -= sizeof(TSS_UNICODE); // Take off the NULL terminator + + LogDebug("Hashing these %u bytes as the secret:", secret_len); + LogDebugData(secret_len, secret); + result = Trspi_Hash(TSS_HASH_SHA1, secret_len, secret, auth_hash); + + /* zero, then unpin the memory */ + memset(secret, 0, secret_len); + unpin_mem(&secret, UI_MAX_SECRET_STRING_LENGTH); + + return result; +} + +int +pin_mem(void *addr, size_t len) +{ + /* only root can lock pages into RAM */ + if (getuid() != (uid_t)0) { + LogWarn("Not pinning secrets in memory due to insufficient perms."); + return 0; + } + + len += (uintptr_t)addr & PGOFFSET; + addr = (void *)((uintptr_t)addr & PGMASK); + if (mlock(addr, len) == -1) { + LogError("mlock: %s", strerror(errno)); + return 1; + } + + return 0; +} + +int +unpin_mem(void *addr, size_t len) +{ + /* only root can lock pages into RAM */ + if (getuid() != (uid_t)0) { + return 0; + } + + len += (uintptr_t)addr & PGOFFSET; + addr = (void *)((uintptr_t)addr & PGMASK); + if (munlock(addr, len) == -1) { + LogError("mlock: %s", strerror(errno)); + return 1; + } + + return 0; +} + + diff --git a/src/tspi/tsp_ps.c b/src/tspi/tsp_ps.c new file mode 100644 index 0000000..96c267a --- /dev/null +++ b/src/tspi/tsp_ps.c @@ -0,0 +1,347 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "tcs_tsp.h" +#include "tspps.h" +#include "tsplog.h" +#include "obj.h" + +/* + * tsp_ps.c + * + * Functions used to query the user persistent storage file. + * + * Since other apps may be altering the file, all operations must be atomic WRT the file and no + * cache will be kept, since another app could delete keys from the file out from under us. + * + * Atomicity is guaranteed for operations inbetween calls to get_file() and put_file(). + * + * A PS file will have the lifetime of the TSP context. For instance, this code will store hKeyA + * and hKeyB in the file "a": + * + * setenv("TSS_USER_PS_FILE=a"); + * Tspi_Context_Create(&hContext); + * Tspi_Context_RegisterKey(hKeyA); + * setenv("TSS_USER_PS_FILE=b"); + * Tspi_Context_RegisterKey(hKeyB); + * + * but this code will store hKeyA in file "a" and hKeyB in file "b": + * + * setenv("TSS_USER_PS_FILE=a"); + * Tspi_Context_Create(&hContext); + * Tspi_Context_RegisterKey(hKeyA); + * Tspi_Context_Close(hContext); + * + * setenv("TSS_USER_PS_FILE=b"); + * Tspi_Context_Create(&hContext); + * Tspi_Context_RegisterKey(hKeyB); + * + */ + +TSS_RESULT +ps_get_registered_keys(TSS_UUID *uuid, TSS_UUID *tcs_uuid, UINT32 *size, TSS_KM_KEYINFO **keys) +{ + int fd; + UINT32 result; + + if ((result = get_file(&fd))) + return result; + + result = psfile_get_registered_keys(fd, uuid, tcs_uuid, size, keys); + + put_file(fd); + + return result; +} + +TSS_RESULT +ps_get_registered_keys2(TSS_UUID *uuid, TSS_UUID *tcs_uuid, UINT32 *size, TSS_KM_KEYINFO2 **keys) +{ + int fd; + UINT32 result; + + if ((result = get_file(&fd))) + return result; + + /* Sets the proper TSS_KM_KEYINFO2 fields according to the UUID type */ + result = psfile_get_registered_keys2(fd, uuid, tcs_uuid, size, keys); + + put_file(fd); + + return result; +} + +TSS_RESULT +ps_is_key_registered(TSS_UUID *uuid, TSS_BOOL *answer) +{ + int fd; + TSS_RESULT result; + + if ((result = get_file(&fd))) + return result; + + result = psfile_is_key_registered(fd, uuid, answer); + + put_file(fd); + + return result; +} + +TSS_RESULT +ps_write_key(TSS_UUID *uuid, TSS_UUID *parent_uuid, UINT32 parent_ps, UINT32 blob_size, BYTE *blob) +{ + int fd; + TSS_RESULT result; + UINT16 short_blob_size = (UINT16)blob_size; + + if (blob_size > USHRT_MAX) { + LogError("Blob data being written to disk is too large(%u bytes)!", blob_size); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + if ((result = get_file(&fd))) + return result; + + result = psfile_write_key(fd, uuid, parent_uuid, parent_ps, blob, short_blob_size); + + put_file(fd); + return result; +} + + +TSS_RESULT +ps_remove_key(TSS_UUID *uuid) +{ + int fd; + TSS_RESULT result; + + if ((result = get_file(&fd))) + return result; + + result = psfile_remove_key(fd, uuid); + + put_file(fd); + return result; +} + +TSS_RESULT +ps_get_key_by_pub(TSS_HCONTEXT tspContext, UINT32 pub_size, BYTE *pub, TSS_HKEY *hKey) +{ + int fd; + TSS_RESULT result = TSS_SUCCESS; + BYTE key[4096]; + TSS_UUID uuid; + + if ((result = get_file(&fd))) + return result; + + if ((result = psfile_get_key_by_pub(fd, &uuid, pub_size, pub, key))) { + put_file(fd); + return result; + } + + put_file(fd); + + result = obj_rsakey_add_by_key(tspContext, &uuid, key, TSS_OBJ_FLAG_USER_PS, hKey); + + return result; +} + +TSS_RESULT +ps_get_key_by_uuid(TSS_HCONTEXT tspContext, TSS_UUID *uuid, TSS_HKEY *hKey) +{ + int fd; + TSS_RESULT result = TSS_SUCCESS; + BYTE key[4096]; + + if ((result = get_file(&fd))) + return result; + + if ((result = psfile_get_key_by_uuid(fd, uuid, key))) { + put_file(fd); + return result; + } + + put_file(fd); + + result = obj_rsakey_add_by_key(tspContext, uuid, key, TSS_OBJ_FLAG_USER_PS, hKey); + + return result; +} + +TSS_RESULT +ps_get_parent_uuid_by_uuid(TSS_UUID *uuid, TSS_UUID *parent_uuid) +{ + int fd; + TSS_RESULT result; + + if ((result = get_file(&fd))) + return result; + + result = psfile_get_parent_uuid_by_uuid(fd, uuid, parent_uuid); + + put_file(fd); + return result; +} + +TSS_RESULT +ps_get_parent_ps_type_by_uuid(TSS_UUID *uuid, UINT32 *type) +{ + int fd; + TSS_RESULT result; + + if ((result = get_file(&fd))) + return result; + + result = psfile_get_parent_ps_type(fd, uuid, type); + + put_file(fd); + + return result; +} + +TSS_RESULT +ps_close() +{ + TSS_RESULT result; + int fd; + + if ((result = get_file(&fd))) + return result; + + psfile_close(fd); + + /* No need to call put_file() here, the file is closed */ + + return TSS_SUCCESS; +} + +TSS_RESULT +merge_key_hierarchies(TSS_HCONTEXT tspContext, UINT32 tsp_size, TSS_KM_KEYINFO *tsp_hier, + UINT32 tcs_size, TSS_KM_KEYINFO *tcs_hier, UINT32 *merged_size, + TSS_KM_KEYINFO **merged_hier) +{ + UINT32 i, j; + + *merged_hier = malloc((tsp_size + tcs_size) * sizeof(TSS_KM_KEYINFO)); + if (*merged_hier == NULL) { + LogError("malloc of %zu bytes failed.", (tsp_size + tcs_size) * + sizeof(TSS_KM_KEYINFO)); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + for (i = 0; i < tsp_size; i++) + memcpy(&((*merged_hier)[i]), &tsp_hier[i], sizeof(TSS_KM_KEYINFO)); + + for (j = 0; j < tcs_size; j++) + memcpy(&((*merged_hier)[i + j]), &tcs_hier[j], sizeof(TSS_KM_KEYINFO)); + + *merged_size = i + j; + + return TSS_SUCCESS; +} + + +TSS_RESULT +merge_key_hierarchies2(TSS_HCONTEXT tspContext, UINT32 tsp_size, TSS_KM_KEYINFO2 *tsp_hier, + UINT32 tcs_size, TSS_KM_KEYINFO2 *tcs_hier, UINT32 *merged_size, + TSS_KM_KEYINFO2 **merged_hier) +{ + UINT32 i, j; + + *merged_hier = malloc((tsp_size + tcs_size) * sizeof(TSS_KM_KEYINFO2)); + if (*merged_hier == NULL) { + LogError("malloc of %zu bytes failed.", (tsp_size + tcs_size) * + sizeof(TSS_KM_KEYINFO2)); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + for (i = 0; i < tsp_size; i++) + memcpy(&((*merged_hier)[i]), &tsp_hier[i], sizeof(TSS_KM_KEYINFO2)); + + for (j = 0; j < tcs_size; j++) + memcpy(&((*merged_hier)[i + j]), &tcs_hier[j], sizeof(TSS_KM_KEYINFO2)); + + *merged_size = i + j; + + return TSS_SUCCESS; +} + + +#if 0 +TSS_RESULT +load_from_system_ps(TSS_HCONTEXT tspContext, TSS_UUID *uuid, TSS_HKEY *phKey) +{ + TCS_KEY_HANDLE tcsKeyHandle; + TCS_LOADKEY_INFO info; + BYTE *keyBlob = NULL; + + memset(&info, 0, sizeof(TCS_LOADKEY_INFO)); + + result = TCSP_LoadKeyByUUID(tspContext, uuidData, &info, &tcsKeyHandle); + + if (TSS_ERROR_CODE(result) == TCS_E_KM_LOADFAILED) { + TSS_HKEY keyHandle; + TSS_HPOLICY hPolicy; + + /* load failed, due to some key in the chain needing auth + * which doesn't yet exist at the TCS level. However, the + * auth may already be set in policies at the TSP level. + * To find out, get the key handle of the key requiring + * auth. First, look at the list of keys in memory. */ + if ((obj_rsakey_get_by_uuid(&info.parentKeyUUID, &keyHandle))) { + /* If that failed, look on disk, in User PS. */ + if (ps_get_key_by_uuid(tspContext, &info.parentKeyUUID, &keyHandle)) + return result; + } + + if (obj_rsakey_get_policy(keyHandle, TSS_POLICY_USAGE, &hPolicy, NULL)) + return result; + + if (secret_PerformAuth_OIAP(keyHandle, TPM_ORD_LoadKey, hPolicy, &info.paramDigest, + &info.authData)) + return result; + + if ((result = TCSP_LoadKeyByUUID(tspContext, *uuid, &info, &tcsKeyHandle))) + return result; + } else if (result) + return result; + + if ((result = TCS_GetRegisteredKeyBlob(tspContext, *uuid, &keyBlobSize, &keyBlob))) + return result; + + if ((result = obj_rsakey_add_by_key(tspContext, uuid, keyBlob, TSS_OBJ_FLAG_SYSTEM_PS, + phKey))) { + free(keyBlob); + return result; + } + + result = obj_rsakey_set_tcs_handle(*phKey, tcsKeyHandle); + + free(keyBlob); + + return result; +} +#endif + diff --git a/src/tspi/tsp_quote.c b/src/tspi/tsp_quote.c new file mode 100644 index 0000000..24e026b --- /dev/null +++ b/src/tspi/tsp_quote.c @@ -0,0 +1,114 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +#ifdef TSS_BUILD_TRANSPORT +TSS_RESULT +Transport_Quote(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + TCPA_NONCE *antiReplay, /* in */ + UINT32 pcrDataSizeIn, /* in */ + BYTE * pcrDataIn, /* in */ + TPM_AUTH * privAuth, /* in, out */ + UINT32 * pcrDataSizeOut, /* out */ + BYTE ** pcrDataOut, /* out */ + UINT32 * sigSize, /* out */ + BYTE ** sig) /* out */ +{ + TSS_RESULT result; + UINT32 handlesLen, dataLen, decLen; + TCS_HANDLE *handles, handle; + BYTE *dec = NULL; + TPM_DIGEST pubKeyHash; + Trspi_HashCtx hashCtx; + UINT64 offset; + BYTE *data; + + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + if ((result = obj_tcskey_get_pubkeyhash(keyHandle, pubKeyHash.digest))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_DIGEST(&hashCtx, pubKeyHash.digest); + if ((result |= Trspi_HashFinal(&hashCtx, pubKeyHash.digest))) + return result; + + handlesLen = 1; + handle = keyHandle; + handles = &handle; + + dataLen = sizeof(TCPA_NONCE) + pcrDataSizeIn; + if ((data = malloc(dataLen)) == NULL) { + LogError("malloc of %u bytes failed", dataLen); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + offset = 0; + Trspi_LoadBlob_NONCE(&offset, data, antiReplay); + Trspi_LoadBlob(&offset, pcrDataSizeIn, data, pcrDataIn); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_Quote, dataLen, data, + &pubKeyHash, &handlesLen, &handles, + privAuth, NULL, &decLen, &dec))) { + free(data); + return result; + } + free(data); + + offset = 0; + Trspi_UnloadBlob_PCR_COMPOSITE(&offset, dec, NULL); + *pcrDataSizeOut = offset; + + if ((*pcrDataOut = malloc(*pcrDataSizeOut)) == NULL) { + free(dec); + LogError("malloc of %u bytes failed", *pcrDataSizeOut); + *pcrDataSizeOut = 0; + return TSPERR(TSS_E_OUTOFMEMORY); + } + + offset = 0; + Trspi_UnloadBlob(&offset, *pcrDataSizeOut, dec, *pcrDataOut); + Trspi_UnloadBlob_UINT32(&offset, sigSize, dec); + + if ((*sig = malloc(*sigSize)) == NULL) { + free(*pcrDataOut); + *pcrDataOut = NULL; + *pcrDataSizeOut = 0; + free(dec); + LogError("malloc of %u bytes failed", *sigSize); + *sigSize = 0; + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(&offset, *sigSize, dec, *sig); + + free(dec); + + return result; +} +#endif + diff --git a/src/tspi/tsp_quote2.c b/src/tspi/tsp_quote2.c new file mode 100644 index 0000000..76ccc2e --- /dev/null +++ b/src/tspi/tsp_quote2.c @@ -0,0 +1,133 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +#ifdef TSS_BUILD_TRANSPORT +TSS_RESULT +Transport_Quote2(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + TCPA_NONCE *antiReplay, /* in */ + UINT32 pcrDataSizeIn, /* in */ + BYTE * pcrDataIn, /* in */ + TSS_BOOL addVersion, /* in */ + TPM_AUTH * privAuth, /* in,out */ + UINT32 * pcrDataSizeOut, /* out */ + BYTE ** pcrDataOut, /* out */ + UINT32 * versionInfoSize, /* out */ + BYTE ** versionInfo, /* out */ + UINT32 * sigSize, /* out */ + BYTE ** sig) /* out */ +{ + TSS_RESULT result; + UINT32 handlesLen, dataLen, decLen; + TCS_HANDLE *handles, handle; + BYTE *dec = NULL; + TPM_DIGEST pubKeyHash; + Trspi_HashCtx hashCtx; + UINT64 offset; + BYTE *data; + + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + if ((result = obj_tcskey_get_pubkeyhash(keyHandle, pubKeyHash.digest))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_DIGEST(&hashCtx, pubKeyHash.digest); + if ((result |= Trspi_HashFinal(&hashCtx, pubKeyHash.digest))) + return result; + + handlesLen = 1; + handle = keyHandle; + handles = &handle; + + dataLen = sizeof(TCPA_NONCE) + pcrDataSizeIn + sizeof(TSS_BOOL); + if ((data = malloc(dataLen)) == NULL) { + LogError("malloc of %u bytes failed", dataLen); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + offset = 0; + Trspi_LoadBlob_NONCE(&offset, data, antiReplay); + Trspi_LoadBlob(&offset, pcrDataSizeIn, data, pcrDataIn); + Trspi_LoadBlob_BOOL(&offset, addVersion, data); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_Quote2, dataLen, data, + &pubKeyHash, &handlesLen, &handles, + privAuth, NULL, &decLen, &dec))) { + free(data); + return result; + } + free(data); + + offset = 0; + Trspi_UnloadBlob_PCR_INFO_SHORT(&offset, dec, NULL); + *pcrDataSizeOut = offset; + + if ((*pcrDataOut = malloc(*pcrDataSizeOut)) == NULL) { + free(dec); + LogError("malloc of %u bytes failed", *pcrDataSizeOut); + *pcrDataSizeOut = 0; + return TSPERR(TSS_E_OUTOFMEMORY); + } + + offset = 0; + Trspi_UnloadBlob(&offset, *pcrDataSizeOut, dec, *pcrDataOut); + Trspi_UnloadBlob_UINT32(&offset, versionInfoSize, dec); + + if ((*versionInfo = malloc(*versionInfoSize)) == NULL) { + free(*pcrDataOut); + *pcrDataOut = NULL; + *pcrDataSizeOut = 0; + free(dec); + LogError("malloc of %u bytes failed", *versionInfoSize); + *versionInfoSize = 0; + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(&offset, *versionInfoSize, dec, *versionInfo); + + Trspi_UnloadBlob_UINT32(&offset, sigSize, dec); + + if ((*sig = malloc(*sigSize)) == NULL) { + free(*versionInfo); + *versionInfo = NULL; + *versionInfoSize = 0; + free(*pcrDataOut); + *pcrDataOut = NULL; + *pcrDataSizeOut = 0; + free(dec); + LogError("malloc of %u bytes failed", *sigSize); + *sigSize = 0; + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(&offset, *sigSize, dec, *sig); + free(dec); + + return result; +} +#endif + diff --git a/src/tspi/tsp_random.c b/src/tspi/tsp_random.c new file mode 100644 index 0000000..80aff66 --- /dev/null +++ b/src/tspi/tsp_random.c @@ -0,0 +1,89 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004, 2007 + * + */ + + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "tsplog.h" +#include "obj.h" + + +#ifdef TSS_BUILD_TRANSPORT +TSS_RESULT +Transport_GetRandom(TSS_HCONTEXT tspContext, /* in */ + UINT32 bytesRequested, /* in */ + BYTE ** randomBytes) /* out */ +{ + TSS_RESULT result; + UINT32 decLen = 0; + BYTE *dec = NULL; + UINT64 offset; + TCS_HANDLE handlesLen = 0; + BYTE data[sizeof(UINT32)]; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + offset = 0; + Trspi_LoadBlob_UINT32(&offset, bytesRequested, data); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_GetRandom, sizeof(data), + data, NULL, &handlesLen, NULL, NULL, NULL, + &decLen, &dec))) + return result; + + *randomBytes = dec; + + return result; + +} + +TSS_RESULT +Transport_StirRandom(TSS_HCONTEXT tspContext, /* in */ + UINT32 inDataSize, /* in */ + BYTE * inData) /* in */ +{ + TSS_RESULT result; + UINT64 offset; + UINT32 dataLen; + TCS_HANDLE handlesLen = 0; + BYTE *data; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + dataLen = sizeof(UINT32) + inDataSize; + if ((data = malloc(dataLen)) == NULL) { + LogError("malloc of %u bytes failed", dataLen); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + offset = 0; + Trspi_LoadBlob_UINT32(&offset, inDataSize, data); + Trspi_LoadBlob(&offset, inDataSize, data, inData); + + result = obj_context_transport_execute(tspContext, TPM_ORD_StirRandom, dataLen, data, NULL, + &handlesLen, NULL, NULL, NULL, NULL, NULL); + free(data); + + return result; +} +#endif + diff --git a/src/tspi/tsp_seal.c b/src/tspi/tsp_seal.c new file mode 100644 index 0000000..89c7ee0 --- /dev/null +++ b/src/tspi/tsp_seal.c @@ -0,0 +1,254 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "obj.h" +#include "tsplog.h" +#include "authsess.h" + + +#ifdef TSS_BUILD_SEALX +TSS_RESULT +sealx_mask_cb(PVOID lpAppData, + TSS_HKEY hEncKey, + TSS_HENCDATA hEncData, + TSS_ALGORITHM_ID algId, + UINT32 ulSizeNonces, + BYTE *rgbNonceEven, + BYTE *rgbNonceOdd, + BYTE *rgbNonceEvenOSAP, + BYTE *rgbNonceOddOSAP, + UINT32 ulDataLength, + BYTE *rgbDataToMask, + BYTE *rgbMaskedData) +{ + UINT32 mgf1SeedLen, sharedSecretLen = sizeof(TPM_DIGEST); + BYTE *mgf1Seed, *mgf1Buffer; + UINT32 i; + TSS_RESULT result; + struct authsess *sess = (struct authsess *)lpAppData; + + mgf1SeedLen = (ulSizeNonces * 2) + strlen("XOR") + sharedSecretLen; + if ((mgf1Seed = (BYTE *)calloc(1, mgf1SeedLen)) == NULL) { + LogError("malloc of %u bytes failed.", mgf1SeedLen); + return TSPERR(TSS_E_OUTOFMEMORY); + } + mgf1Buffer = mgf1Seed; + memcpy(mgf1Buffer, rgbNonceEven, ulSizeNonces); + mgf1Buffer += ulSizeNonces; + memcpy(mgf1Buffer, rgbNonceOdd, ulSizeNonces); + mgf1Buffer += ulSizeNonces; + memcpy(mgf1Buffer, "XOR", strlen("XOR")); + mgf1Buffer += strlen("XOR"); + memcpy(mgf1Buffer, sess->sharedSecret.digest, sharedSecretLen); + + if ((result = Trspi_MGF1(TSS_HASH_SHA1, mgf1SeedLen, mgf1Seed, ulDataLength, + rgbMaskedData))) + goto done; + + for (i = 0; i < ulDataLength; i++) + rgbMaskedData[i] ^= rgbDataToMask[i]; + +done: + free(mgf1Seed); + + return result; +} +#endif + +#ifdef TSS_BUILD_TRANSPORT +TSS_RESULT +Transport_Seal(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + TCPA_ENCAUTH *encAuth, /* in */ + UINT32 pcrInfoSize, /* in */ + BYTE * PcrInfo, /* in */ + UINT32 inDataSize, /* in */ + BYTE * inData, /* in */ + TPM_AUTH * pubAuth, /* in, out */ + UINT32 * SealedDataSize, /* out */ + BYTE ** SealedData) /* out */ +{ + TSS_RESULT result; + UINT32 handlesLen, decLen, dataLen; + TCS_HANDLE *handles, handle; + TPM_DIGEST pubKeyHash; + Trspi_HashCtx hashCtx; + UINT64 offset; + BYTE *data, *dec; + + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + if ((result = obj_tcskey_get_pubkeyhash(keyHandle, pubKeyHash.digest))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_DIGEST(&hashCtx, pubKeyHash.digest); + if ((result |= Trspi_HashFinal(&hashCtx, pubKeyHash.digest))) + return result; + + handlesLen = 1; + handle = keyHandle; + handles = &handle; + + dataLen = (2 * sizeof(UINT32)) + sizeof(TPM_ENCAUTH) + pcrInfoSize + inDataSize; + if ((data = malloc(dataLen)) == NULL) { + LogError("malloc of %u bytes failed", dataLen); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + offset = 0; + Trspi_LoadBlob_DIGEST(&offset, data, (TPM_DIGEST *)encAuth); + Trspi_LoadBlob_UINT32(&offset, pcrInfoSize, data); + Trspi_LoadBlob(&offset, pcrInfoSize, data, PcrInfo); + Trspi_LoadBlob_UINT32(&offset, inDataSize, data); + Trspi_LoadBlob(&offset, inDataSize, data, inData); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_Seal, dataLen, data, + &pubKeyHash, &handlesLen, &handles, pubAuth, + NULL, &decLen, &dec))) + return result; + + *SealedDataSize = decLen; + *SealedData = dec; + + return result; +} + +TSS_RESULT +Transport_Sealx(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + TCPA_ENCAUTH *encAuth, /* in */ + UINT32 pcrInfoSize, /* in */ + BYTE * PcrInfo, /* in */ + UINT32 inDataSize, /* in */ + BYTE * inData, /* in */ + TPM_AUTH * pubAuth, /* in, out */ + UINT32 * SealedDataSize, /* out */ + BYTE ** SealedData) /* out */ +{ + TSS_RESULT result; + UINT32 handlesLen, decLen, dataLen; + TCS_HANDLE *handles, handle; + TPM_DIGEST pubKeyHash; + Trspi_HashCtx hashCtx; + UINT64 offset; + BYTE *data, *dec; + + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + if ((result = obj_tcskey_get_pubkeyhash(keyHandle, pubKeyHash.digest))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_DIGEST(&hashCtx, pubKeyHash.digest); + if ((result |= Trspi_HashFinal(&hashCtx, pubKeyHash.digest))) + return result; + + handlesLen = 1; + handle = keyHandle; + handles = &handle; + + dataLen = (2 * sizeof(UINT32)) + sizeof(TPM_ENCAUTH) + pcrInfoSize + inDataSize; + if ((data = malloc(dataLen)) == NULL) { + LogError("malloc of %u bytes failed", dataLen); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + offset = 0; + Trspi_LoadBlob(&offset, sizeof(TPM_ENCAUTH), data, encAuth->authdata); + Trspi_LoadBlob_UINT32(&offset, pcrInfoSize, data); + Trspi_LoadBlob(&offset, pcrInfoSize, data, PcrInfo); + Trspi_LoadBlob_UINT32(&offset, inDataSize, data); + Trspi_LoadBlob(&offset, inDataSize, data, inData); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_Sealx, dataLen, data, + &pubKeyHash, &handlesLen, &handles, pubAuth, + NULL, &decLen, &dec))) + return result; + + *SealedDataSize = decLen; + *SealedData = dec; + + return result; +} + +TSS_RESULT +Transport_Unseal(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE parentHandle, /* in */ + UINT32 SealedDataSize, /* in */ + BYTE * SealedData, /* in */ + TPM_AUTH * parentAuth, /* in, out */ + TPM_AUTH * dataAuth, /* in, out */ + UINT32 * DataSize, /* out */ + BYTE ** Data) /* out */ +{ + UINT64 offset; + TSS_RESULT result; + UINT32 handlesLen, decLen; + TCS_HANDLE *handles, handle; + TPM_DIGEST pubKeyHash; + Trspi_HashCtx hashCtx; + BYTE *dec; + + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + if ((result = obj_tcskey_get_pubkeyhash(parentHandle, pubKeyHash.digest))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_DIGEST(&hashCtx, pubKeyHash.digest); + if ((result |= Trspi_HashFinal(&hashCtx, pubKeyHash.digest))) + return result; + + handlesLen = 1; + handle = parentHandle; + handles = &handle; + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_Unseal, SealedDataSize, + SealedData, &pubKeyHash, &handlesLen, &handles, + parentAuth, dataAuth, &decLen, &dec))) + return result; + + offset = 0; + Trspi_UnloadBlob_UINT32(&offset, DataSize, dec); + + if ((*Data = malloc(*DataSize)) == NULL) { + free(dec); + LogError("malloc of %u bytes failed", *DataSize); + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(&offset, *DataSize, dec, *Data); + + free(dec); + + return result; +} +#endif diff --git a/src/tspi/tsp_selftest.c b/src/tspi/tsp_selftest.c new file mode 100644 index 0000000..5a27110 --- /dev/null +++ b/src/tspi/tsp_selftest.c @@ -0,0 +1,132 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +#ifdef TSS_BUILD_TRANSPORT +TSS_RESULT +Transport_SelfTestFull(TSS_HCONTEXT tspContext) +{ + TSS_RESULT result; + TCS_HANDLE handlesLen = 0; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + return obj_context_transport_execute(tspContext, TPM_ORD_SelfTestFull, 0, NULL, NULL, + &handlesLen, NULL, NULL, NULL, NULL, NULL); +} + +TSS_RESULT +Transport_CertifySelfTest(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + TCPA_NONCE antiReplay, /* in */ + TPM_AUTH * privAuth, /* in, out */ + UINT32 * sigSize, /* out */ + BYTE ** sig) /* out */ +{ + TSS_RESULT result; + UINT32 handlesLen, decLen = 0; + BYTE *dec = NULL; + UINT64 offset; + TPM_DIGEST pubKeyHash; + Trspi_HashCtx hashCtx; + TCS_HANDLE *handles, handle; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + if ((result = obj_tcskey_get_pubkeyhash(keyHandle, pubKeyHash.digest))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_DIGEST(&hashCtx, pubKeyHash.digest); + if ((result |= Trspi_HashFinal(&hashCtx, pubKeyHash.digest))) + return result; + + handlesLen = 1; + handle = keyHandle; + handles = &handle; + + LogDebugFn("Executing in a transport session"); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_CertifySelfTest, + sizeof(TCPA_NONCE), antiReplay.nonce, + &pubKeyHash, &handlesLen, &handles, privAuth, + NULL, &decLen, &dec))) + return result; + + offset = 0; + Trspi_UnloadBlob_UINT32(&offset, sigSize, dec); + + if ((*sig = malloc(*sigSize)) == NULL) { + free(dec); + LogError("malloc of %u bytes failed", *sigSize); + *sigSize = 0; + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(&offset, *sigSize, dec, *sig); + + free(dec); + + return result; +} + +TSS_RESULT +Transport_GetTestResult(TSS_HCONTEXT tspContext, /* in */ + UINT32 * outDataSize, /* out */ + BYTE ** outData) /* out */ +{ + TSS_RESULT result; + UINT32 decLen = 0; + BYTE *dec = NULL; + UINT64 offset; + TCS_HANDLE handlesLen = 0; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_GetTestResult, 0, NULL, + NULL, &handlesLen, NULL, NULL, NULL, &decLen, + &dec))) + return result; + + offset = 0; + Trspi_UnloadBlob_UINT32(&offset, outDataSize, dec); + + if ((*outData = malloc(*outDataSize)) == NULL) { + free(dec); + LogError("malloc of %u bytes failed", *outDataSize); + *outDataSize = 0; + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(&offset, *outDataSize, dec, *outData); + + free(dec); + + return result; +} +#endif diff --git a/src/tspi/tsp_sign.c b/src/tspi/tsp_sign.c new file mode 100644 index 0000000..3a33cb6 --- /dev/null +++ b/src/tspi/tsp_sign.c @@ -0,0 +1,92 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + + +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +#ifdef TSS_BUILD_TRANSPORT +TSS_RESULT +Transport_Sign(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE keyHandle, /* in */ + UINT32 areaToSignSize, /* in */ + BYTE * areaToSign, /* in */ + TPM_AUTH * privAuth, /* in, out */ + UINT32 * sigSize, /* out */ + BYTE ** sig) /* out */ +{ + UINT64 offset; + TSS_RESULT result; + UINT32 handlesLen, decLen, dataLen; + TCS_HANDLE *handles, handle; + TPM_DIGEST pubKeyHash; + Trspi_HashCtx hashCtx; + BYTE *dec, *data; + + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + if ((result = obj_tcskey_get_pubkeyhash(keyHandle, pubKeyHash.digest))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_DIGEST(&hashCtx, pubKeyHash.digest); + if ((result |= Trspi_HashFinal(&hashCtx, pubKeyHash.digest))) + return result; + + handlesLen = 1; + handle = keyHandle; + handles = &handle; + + dataLen = sizeof(UINT32) + areaToSignSize; + if ((data = malloc(dataLen)) == NULL) { + LogError("malloc of %u bytes failed", dataLen); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + offset = 0; + Trspi_LoadBlob_UINT32(&offset, areaToSignSize, data); + Trspi_LoadBlob(&offset, areaToSignSize, data, areaToSign); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_Sign, dataLen, data, + &pubKeyHash, &handlesLen, &handles, + privAuth, NULL, &decLen, &dec))) { + free(data); + return result; + } + free(data); + + offset = 0; + Trspi_UnloadBlob_UINT32(&offset, sigSize, dec); + + if ((*sig = malloc(*sigSize)) == NULL) { + free(dec); + LogError("malloc of %u bytes failed", *sigSize); + *sigSize = 0; + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(&offset, *sigSize, dec, *sig); + + return result; +} +#endif + diff --git a/src/tspi/tsp_tick.c b/src/tspi/tsp_tick.c new file mode 100644 index 0000000..dd20bec --- /dev/null +++ b/src/tspi/tsp_tick.c @@ -0,0 +1,124 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +#ifdef TSS_BUILD_TRANSPORT +TSS_RESULT +Transport_ReadCurrentTicks(TSS_HCONTEXT tspContext, /* in */ + UINT32* pulCurrentTime, /* out */ + BYTE** prgbCurrentTime) /* out */ +{ + TSS_RESULT result; + UINT32 decLen = 0; + BYTE *dec = NULL; + TCS_HANDLE handlesLen = 0; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_GetTicks, 0, NULL, + NULL, &handlesLen, NULL, NULL, NULL, &decLen, + &dec))) + return result; + + *pulCurrentTime = decLen; + *prgbCurrentTime = dec; + + return TSS_SUCCESS; +} + +TSS_RESULT +Transport_TickStampBlob(TSS_HCONTEXT tspContext, /* in */ + TCS_KEY_HANDLE hKey, /* in */ + TPM_NONCE* antiReplay, /* in */ + TPM_DIGEST* digestToStamp, /* in */ + TPM_AUTH* privAuth, /* in, out */ + UINT32* pulSignatureLength, /* out */ + BYTE** prgbSignature, /* out */ + UINT32* pulTickCountLength, /* out */ + BYTE** prgbTickCount) /* out */ +{ + TSS_RESULT result; + UINT32 handlesLen, decLen = 0; + TCS_HANDLE *handles, handle; + BYTE *dec = NULL; + UINT64 offset; + TPM_DIGEST pubKeyHash; + Trspi_HashCtx hashCtx; + BYTE data[sizeof(TPM_NONCE) + sizeof(TPM_DIGEST)]; + + if ((result = obj_context_transport_init(tspContext))) + return result; + + LogDebugFn("Executing in a transport session"); + + if ((result = obj_tcskey_get_pubkeyhash(hKey, pubKeyHash.digest))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_DIGEST(&hashCtx, pubKeyHash.digest); + if ((result |= Trspi_HashFinal(&hashCtx, pubKeyHash.digest))) + return result; + + handlesLen = 1; + handle = hKey; + handles = &handle; + + offset = 0; + Trspi_LoadBlob_NONCE(&offset, data, antiReplay); + Trspi_LoadBlob_DIGEST(&offset, data, digestToStamp); + + if ((result = obj_context_transport_execute(tspContext, TPM_ORD_TickStampBlob, sizeof(data), + data, &pubKeyHash, &handlesLen, &handles, + privAuth, NULL, &decLen, &dec))) + return result; + + offset = 0; + Trspi_UnloadBlob_CURRENT_TICKS(&offset, dec, NULL); + *pulTickCountLength = (UINT32)offset; + if ((*prgbTickCount = malloc(*pulTickCountLength)) == NULL) { + free(dec); + LogError("malloc of %u bytes failed", *pulTickCountLength); + return TSPERR(TSS_E_OUTOFMEMORY); + } + offset = 0; + Trspi_UnloadBlob(&offset, *pulTickCountLength, dec, *prgbTickCount); + + Trspi_UnloadBlob_UINT32(&offset, pulSignatureLength, dec); + if ((*prgbSignature = malloc(*pulSignatureLength)) == NULL) { + free(dec); + free(*prgbTickCount); + *pulTickCountLength = 0; + LogError("malloc of %u bytes failed", *pulSignatureLength); + *pulSignatureLength = 0; + return TSPERR(TSS_E_OUTOFMEMORY); + } + Trspi_UnloadBlob(&offset, *pulSignatureLength, dec, *prgbSignature); + + free(dec); + + return result; +} +#endif diff --git a/src/tspi/tsp_transport.c b/src/tspi/tsp_transport.c new file mode 100644 index 0000000..1fa6611 --- /dev/null +++ b/src/tspi/tsp_transport.c @@ -0,0 +1,88 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +TSS_RESULT +Transport_LoadKeyByBlob(TSS_HCONTEXT hContext, + TPM_COMMAND_CODE ordinal, + TSS_HKEY hParentKey, + UINT32 ulBlobLength, + BYTE* rgbBlobData, + TPM_AUTH* pAuth, + TCS_KEY_HANDLE* phKey, + TPM_KEY_HANDLE* phSlot) +{ + TSS_RESULT result; + UINT32 handleListSize, decLen; + TCS_KEY_HANDLE hTCSParentKey; + TCS_HANDLE *handleList; + BYTE *dec = NULL; + TPM_DIGEST pubKeyHash; + Trspi_HashCtx hashCtx; + + + if ((result = obj_context_transport_init(hContext)) == TSS_TSPATTRIB_DISABLE_TRANSPORT) { + if ((result = obj_rsakey_get_tcs_handle(hParentKey, &hTCSParentKey))) + return result; + + return TCSP_LoadKeyByBlob(hContext, hTCSParentKey, ulBlobLength, rgbBlobData, pAuth, + phKey, phSlot); + } else if (result != TSS_TSPATTRIB_ENABLE_TRANSPORT) + return result; + + LogDebugFn("Executing in a transport session"); + + if ((result = obj_rsakey_get_transport_attribs(hParentKey, &hTCSParentKey, &pubKeyHash))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_DIGEST(&hashCtx, pubKeyHash.digest); + if ((result |= Trspi_HashFinal(&hashCtx, pubKeyHash.digest))) + return result; + + /* Call ExecuteTransport */ + handleListSize = 1; + if ((handleList = malloc(sizeof(TCS_HANDLE))) == NULL) { + LogError("malloc of %zd bytes failed", sizeof(TCS_HANDLE)); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + *handleList = hTCSParentKey; + + if ((result = obj_context_transport_execute(hContext, ordinal, ulBlobLength, + rgbBlobData, &pubKeyHash, &handleListSize, + &handleList, pAuth, NULL, &decLen, &dec))) { + free(handleList); + return result; + } + + if (handleListSize == 1) + *phKey = *(TCS_KEY_HANDLE *)handleList; + else + result = TSPERR(TSS_E_INTERNAL_ERROR); + + free(handleList); + free(dec); + + return result; +} diff --git a/src/tspi/tspi_admin.c b/src/tspi/tspi_admin.c new file mode 100644 index 0000000..a20ab45 --- /dev/null +++ b/src/tspi/tspi_admin.c @@ -0,0 +1,362 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +TSS_RESULT +Tspi_TPM_SetStatus(TSS_HTPM hTPM, /* in */ + TSS_FLAG statusFlag, /* in */ + TSS_BOOL fTpmState) /* in */ +{ + TPM_AUTH auth, *pAuth; + TSS_RESULT result; + TCPA_DIGEST hashDigest; + TSS_HCONTEXT tspContext; + TSS_HPOLICY hPolicy; + TSS_HPOLICY hOperatorPolicy; + Trspi_HashCtx hashCtx; + UINT32 tpmVersion; + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + if ((result = obj_tpm_get_policy(hTPM, TSS_POLICY_USAGE, &hPolicy))) + return result; + + switch (statusFlag) { + case TSS_TPMSTATUS_DISABLEOWNERCLEAR: + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_DisableOwnerClear); + if ((result |= Trspi_HashFinal(&hashCtx, hashDigest.digest))) + return result; + + if ((result = secret_PerformAuth_OIAP(hTPM, TPM_ORD_DisableOwnerClear, hPolicy, + FALSE, &hashDigest, &auth))) + return result; + + if ((result = TCS_API(tspContext)->DisableOwnerClear(tspContext, &auth))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_DisableOwnerClear); + if ((result |= Trspi_HashFinal(&hashCtx, hashDigest.digest))) + return result; + + if ((result = obj_policy_validate_auth_oiap(hPolicy, &hashDigest, &auth))) + return result; + break; + case TSS_TPMSTATUS_DISABLEFORCECLEAR: + result = TCS_API(tspContext)->DisableForceClear(tspContext); + break; + case TSS_TPMSTATUS_DISABLED: + case TSS_TPMSTATUS_OWNERSETDISABLE: + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_OwnerSetDisable); + result |= Trspi_Hash_BOOL(&hashCtx, fTpmState); + if ((result |= Trspi_HashFinal(&hashCtx, hashDigest.digest))) + return result; + + if ((result = secret_PerformAuth_OIAP(hTPM, TPM_ORD_OwnerSetDisable, hPolicy, + FALSE, &hashDigest, &auth))) + return result; + + if ((result = TCS_API(tspContext)->OwnerSetDisable(tspContext, fTpmState, &auth))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_OwnerSetDisable); + if ((result |= Trspi_HashFinal(&hashCtx, hashDigest.digest))) + return result; + + if ((result = obj_policy_validate_auth_oiap(hPolicy, &hashDigest, &auth))) + return result; + break; + case TSS_TPMSTATUS_PHYSICALDISABLE: + if (fTpmState) + result = TCS_API(tspContext)->PhysicalDisable(tspContext); + else + result = TCS_API(tspContext)->PhysicalEnable(tspContext); + break; + case TSS_TPMSTATUS_DEACTIVATED: + case TSS_TPMSTATUS_PHYSICALSETDEACTIVATED: + result = TCS_API(tspContext)->PhysicalSetDeactivated(tspContext, fTpmState); + break; + case TSS_TPMSTATUS_SETTEMPDEACTIVATED: + if ((result = obj_context_get_tpm_version(tspContext, &tpmVersion))) + return result; + + /* XXX Change 0,1,2 to #defines */ + switch (tpmVersion) { + case 0: + case 1: + result = TCS_API(tspContext)->SetTempDeactivated(tspContext); + break; + case 2: + if ((result = obj_tpm_get_policy(hTPM, TSS_POLICY_OPERATOR, &hOperatorPolicy))) + return result; + + if (hOperatorPolicy != NULL_HPOLICY) { + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_SetTempDeactivated); + if ((result |= Trspi_HashFinal(&hashCtx, hashDigest.digest))) + return result; + + pAuth = &auth; + if ((result = secret_PerformAuth_OIAP(hTPM, + TPM_ORD_SetTempDeactivated, + hOperatorPolicy, FALSE, + &hashDigest, pAuth))) + return result; + } + else + pAuth = NULL; + + if ((result = TCS_API(tspContext)->SetTempDeactivated2(tspContext, pAuth))) + return result; + + if (pAuth) { + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_SetTempDeactivated); + if ((result |= Trspi_HashFinal(&hashCtx, hashDigest.digest))) + return result; + + if ((result = obj_policy_validate_auth_oiap(hOperatorPolicy, + &hashDigest, + pAuth))) + return result; + } + break; + default: + return TSPERR(TSS_E_INTERNAL_ERROR); + } + break; + case TSS_TPMSTATUS_SETOWNERINSTALL: + result = TCS_API(tspContext)->SetOwnerInstall(tspContext, fTpmState); + break; + case TSS_TPMSTATUS_DISABLEPUBEKREAD: + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_DisablePubekRead); + if ((result |= Trspi_HashFinal(&hashCtx, hashDigest.digest))) + return result; + + if ((result = secret_PerformAuth_OIAP(hTPM, TPM_ORD_DisablePubekRead, hPolicy, + FALSE, &hashDigest, &auth))) + return result; + + if ((result = TCS_API(tspContext)->DisablePubekRead(tspContext, &auth))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_DisablePubekRead); + if ((result |= Trspi_HashFinal(&hashCtx, hashDigest.digest))) + return result; + + if ((result = obj_policy_validate_auth_oiap(hPolicy, &hashDigest, &auth))) + return result; + break; + case TSS_TPMSTATUS_ALLOWMAINTENANCE: + /* Allow maintenance cannot be set to TRUE in the TPM */ + if (fTpmState) + return TSPERR(TSS_E_BAD_PARAMETER); + + /* The path to setting allow maintenance to FALSE is through + * KillMaintenanceFeature */ + return Tspi_TPM_KillMaintenanceFeature(hTPM); + break; +#ifdef TSS_BUILD_TSS12 + case TSS_TPMSTATUS_DISABLEPUBSRKREAD: + /* The logic of setting a 'disable' flag is reversed in the TPM, where setting this + * flag to TRUE will enable the SRK read, while FALSE disables it. So we need to + * flip the bool here. Sigh... */ + fTpmState = fTpmState ? FALSE : TRUE; + + result = TSP_SetCapability(tspContext, hTPM, hPolicy, TPM_SET_PERM_FLAGS, + TPM_PF_READSRKPUB, fTpmState); + break; + case TSS_TPMSTATUS_RESETLOCK: + /* ignoring the bool here */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_ResetLockValue); + if ((result |= Trspi_HashFinal(&hashCtx, hashDigest.digest))) + return result; + + if ((result = secret_PerformAuth_OIAP(hTPM, TPM_ORD_ResetLockValue, hPolicy, + FALSE, &hashDigest, &auth))) + return result; + + if ((result = TCS_API(tspContext)->ResetLockValue(tspContext, &auth))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_ResetLockValue); + if ((result |= Trspi_HashFinal(&hashCtx, hashDigest.digest))) + return result; + + if ((result = obj_policy_validate_auth_oiap(hPolicy, &hashDigest, &auth))) + return result; + break; +#endif +#ifndef TSS_SPEC_COMPLIANCE + case TSS_TPMSTATUS_PHYSPRES_LIFETIMELOCK: + /* set the lifetime lock bit */ + result = TCS_API(tspContext)->PhysicalPresence(tspContext, + TPM_PHYSICAL_PRESENCE_LIFETIME_LOCK); + break; + case TSS_TPMSTATUS_PHYSPRES_HWENABLE: + /* set the HW enable bit */ + result = TCS_API(tspContext)->PhysicalPresence(tspContext, + TPM_PHYSICAL_PRESENCE_HW_ENABLE); + break; + case TSS_TPMSTATUS_PHYSPRES_CMDENABLE: + /* set the command enable bit */ + result = TCS_API(tspContext)->PhysicalPresence(tspContext, + TPM_PHYSICAL_PRESENCE_CMD_ENABLE); + break; + case TSS_TPMSTATUS_PHYSPRES_LOCK: + /* set the physical presence lock bit */ + result = TCS_API(tspContext)->PhysicalPresence(tspContext, + TPM_PHYSICAL_PRESENCE_LOCK); + break; + case TSS_TPMSTATUS_PHYSPRESENCE: + /* set the physical presence state */ + result = TCS_API(tspContext)->PhysicalPresence(tspContext, (fTpmState ? + TPM_PHYSICAL_PRESENCE_PRESENT : + TPM_PHYSICAL_PRESENCE_NOTPRESENT)); + break; +#endif + default: + return TSPERR(TSS_E_BAD_PARAMETER); + break; + } + + return result; +} + +TSS_RESULT +Tspi_TPM_GetStatus(TSS_HTPM hTPM, /* in */ + TSS_FLAG statusFlag, /* in */ + TSS_BOOL * pfTpmState) /* out */ +{ + TSS_HCONTEXT tspContext; + TSS_RESULT result; + UINT32 nonVolFlags; + UINT32 volFlags; + + if (pfTpmState == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + if ((result = get_tpm_flags(tspContext, hTPM, &volFlags, &nonVolFlags))) + return result; + + switch (statusFlag) { + case TSS_TPMSTATUS_DISABLEOWNERCLEAR: + *pfTpmState = BOOL(nonVolFlags & TSS_TPM_PF_DISABLEOWNERCLEAR_BIT); + break; + case TSS_TPMSTATUS_DISABLEFORCECLEAR: + *pfTpmState = BOOL(volFlags & TSS_TPM_SF_DISABLEFORCECLEAR_BIT); + break; + case TSS_TPMSTATUS_DISABLED: + case TSS_TPMSTATUS_OWNERSETDISABLE: + *pfTpmState = BOOL(nonVolFlags & TSS_TPM_PF_DISABLE_BIT); + break; + case TSS_TPMSTATUS_DEACTIVATED: + case TSS_TPMSTATUS_PHYSICALSETDEACTIVATED: + *pfTpmState = BOOL(nonVolFlags & TSS_TPM_PF_DEACTIVATED_BIT); + break; + case TSS_TPMSTATUS_SETTEMPDEACTIVATED: + *pfTpmState = BOOL(volFlags & TSS_TPM_SF_DEACTIVATED_BIT); + break; + case TSS_TPMSTATUS_SETOWNERINSTALL: + *pfTpmState = BOOL(nonVolFlags & TSS_TPM_PF_OWNERSHIP_BIT); + break; + case TSS_TPMSTATUS_DISABLEPUBEKREAD: + *pfTpmState = INVBOOL(nonVolFlags & TSS_TPM_PF_READPUBEK_BIT); + break; + case TSS_TPMSTATUS_ALLOWMAINTENANCE: + *pfTpmState = BOOL(nonVolFlags & TSS_TPM_PF_ALLOWMAINTENANCE_BIT); + break; + case TSS_TPMSTATUS_MAINTENANCEUSED: + *pfTpmState = BOOL(nonVolFlags & TSS_TPM_PF_MAINTENANCEDONE_BIT); + break; + case TSS_TPMSTATUS_PHYSPRES_LIFETIMELOCK: + *pfTpmState = BOOL(nonVolFlags & TSS_TPM_PF_PHYSICALPRESENCELIFETIMELOCK_BIT); + break; + case TSS_TPMSTATUS_PHYSPRES_HWENABLE: + *pfTpmState = BOOL(nonVolFlags & TSS_TPM_PF_PHYSICALPRESENCEHWENABLE_BIT); + break; + case TSS_TPMSTATUS_PHYSPRES_CMDENABLE: + *pfTpmState = BOOL(nonVolFlags & TSS_TPM_PF_PHYSICALPRESENCECMDENABLE_BIT); + break; + case TSS_TPMSTATUS_CEKP_USED: + *pfTpmState = BOOL(nonVolFlags & TSS_TPM_PF_CEKPUSED_BIT); + break; + case TSS_TPMSTATUS_PHYSPRESENCE: + *pfTpmState = BOOL(volFlags & TSS_TPM_SF_PHYSICALPRESENCE_BIT); + break; + case TSS_TPMSTATUS_PHYSPRES_LOCK: + *pfTpmState = BOOL(volFlags & TSS_TPM_SF_PHYSICALPRESENCELOCK_BIT); + break; + case TSS_TPMSTATUS_TPMPOST: + *pfTpmState = BOOL(nonVolFlags & TSS_TPM_PF_TPMPOST_BIT); + break; + case TSS_TPMSTATUS_TPMPOSTLOCK: + *pfTpmState = BOOL(nonVolFlags & TSS_TPM_PF_TPMPOSTLOCK_BIT); + break; + case TSS_TPMSTATUS_FIPS: + *pfTpmState = BOOL(nonVolFlags & TSS_TPM_PF_FIPS_BIT); + break; + case TSS_TPMSTATUS_ENABLE_REVOKEEK: + *pfTpmState = BOOL(nonVolFlags & TSS_TPM_PF_ENABLEREVOKEEK_BIT); + break; + case TSS_TPMSTATUS_TPM_ESTABLISHED: + *pfTpmState = BOOL(nonVolFlags & TSS_TPM_PF_RESETESTABLISHMENTBIT_BIT); + break; + case TSS_TPMSTATUS_NV_LOCK: + *pfTpmState = BOOL(nonVolFlags & TSS_TPM_PF_NV_LOCKED_BIT); + break; + case TSS_TPMSTATUS_POSTINITIALISE: + /* There is no way to query the TPM for this flag. */ + result = TSPERR(TSS_E_NOTIMPL); + break; +#ifdef TSS_BUILD_TSS12 + case TSS_TPMSTATUS_DISABLEPUBSRKREAD: + *pfTpmState = INVBOOL(nonVolFlags & TSS_TPM_PF_READSRKPUB_BIT); + break; + case TSS_TPMSTATUS_OPERATORINSTALLED: + *pfTpmState = BOOL(nonVolFlags & TSS_TPM_PF_OPERATOR_BIT); + break; +#endif + default: + return TSPERR(TSS_E_BAD_PARAMETER); + break; + } + + return TSS_SUCCESS; +} diff --git a/src/tspi/tspi_aik.c b/src/tspi/tspi_aik.c new file mode 100644 index 0000000..9476341 --- /dev/null +++ b/src/tspi/tspi_aik.c @@ -0,0 +1,579 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" +#include "authsess.h" + + +TSS_RESULT +Tspi_TPM_CollateIdentityRequest(TSS_HTPM hTPM, /* in */ + TSS_HKEY hKeySRK, /* in */ + TSS_HKEY hCAPubKey, /* in */ + UINT32 ulIdentityLabelLength, /* in */ + BYTE * rgbIdentityLabelData, /* in */ + TSS_HKEY hIdentityKey, /* in */ + TSS_ALGORITHM_ID algID, /* in */ + UINT32 * pulTcpaIdentityReqLength, /* out */ + BYTE ** prgbTcpaIdentityReq) /* out */ +{ +#ifdef TSS_BUILD_TRANSPORT + UINT32 transport; +#endif + TPM_AUTH srkAuth; + TCPA_RESULT result; + UINT64 offset; + BYTE hashblob[USHRT_MAX], idReqBlob[USHRT_MAX], testblob[USHRT_MAX]; + TCPA_DIGEST digest; + TSS_HPOLICY hSRKPolicy, hIDPolicy, hCAPolicy; + UINT32 caKeyBlobSize, idKeySize, idPubSize; + BYTE *caKeyBlob, *idKey, *newIdKey, *idPub; + TSS_KEY caKey; + TCPA_CHOSENID_HASH chosenIDHash = { { 0, } }; + UINT32 pcIdentityBindingSize; + BYTE *prgbIdentityBinding = NULL; + UINT32 pcEndorsementCredentialSize; + BYTE *prgbEndorsementCredential = NULL; + UINT32 pcPlatformCredentialSize; + BYTE *prgbPlatformCredential = NULL; + UINT32 pcConformanceCredentialSize; + BYTE *prgbConformanceCredential = NULL; +#define CHOSENID_BLOB_SIZE 2048 + BYTE chosenIDBlob[CHOSENID_BLOB_SIZE]; + TSS_HCONTEXT tspContext; + UINT32 encSymKeySize = 256, tmp; + BYTE encSymKey[256], *cb_var; + TSS_BOOL usesAuth; + TPM_AUTH *pSrkAuth = &srkAuth; + TCPA_IDENTITY_REQ rgbTcpaIdentityReq; + TCPA_KEY_PARMS symParms, asymParms; + TCPA_SYMMETRIC_KEY symKey; + int padding; + TSS_CALLBACK *cb; + Trspi_HashCtx hashCtx; + UINT32 tempCredSize; + BYTE *tempCred = NULL; + struct authsess *xsap = NULL; + + if (pulTcpaIdentityReqLength == NULL || prgbTcpaIdentityReq == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + if ((result = obj_tpm_get_cb12(hTPM, TSS_TSPATTRIB_TPM_CALLBACK_COLLATEIDENTITY, &tmp, + &cb_var))) + return result; + + cb = (TSS_CALLBACK *)cb_var; + if (cb->callback == NULL) { + free_tspi(tspContext, cb); + cb = NULL; + } + + /* Get Policies */ + if ((result = obj_rsakey_get_policy(hKeySRK, TSS_POLICY_USAGE, &hSRKPolicy, &usesAuth))) + return result; + + if ((result = obj_rsakey_get_policy(hCAPubKey, TSS_POLICY_USAGE, + &hCAPolicy, NULL))) + return result; + + if ((result = obj_rsakey_get_policy(hIdentityKey, TSS_POLICY_USAGE, + &hIDPolicy, NULL))) + return result; + + /* setup the symmetric key's parms. */ + memset(&symParms, 0, sizeof(TCPA_KEY_PARMS)); + switch (algID) { + case TSS_ALG_AES: + symParms.algorithmID = TCPA_ALG_AES; + symKey.algId = TCPA_ALG_AES; + symKey.size = 128/8; + break; + case TSS_ALG_DES: + symParms.algorithmID = TCPA_ALG_DES; + symKey.algId = TCPA_ALG_DES; + symKey.size = 64/8; + break; + case TSS_ALG_3DES: + symParms.algorithmID = TCPA_ALG_3DES; + symKey.algId = TCPA_ALG_3DES; + symKey.size = 192/8; + break; + default: + result = TSPERR(TSS_E_BAD_PARAMETER); + goto error; + break; + } + + /* No symmetric key encryption schemes existed in the 1.1 time frame */ + symParms.encScheme = TCPA_ES_NONE; + + /* get the CA Pubkey's encryption scheme */ + if ((result = obj_rsakey_get_es(hCAPubKey, &tmp))) + return TSPERR(TSS_E_BAD_PARAMETER); + + switch (tmp) { + case TSS_ES_RSAESPKCSV15: + padding = TR_RSA_PKCS1_PADDING; + break; + case TSS_ES_RSAESOAEP_SHA1_MGF1: + padding = TR_RSA_PKCS1_OAEP_PADDING; + break; + case TSS_ES_NONE: + /* fall through */ + default: + padding = TR_RSA_NO_PADDING; + break; + } + + /* Get Key blobs */ + if ((result = obj_rsakey_get_blob(hIdentityKey, &idKeySize, &idKey))) + return result; + + if ((result = obj_rsakey_get_blob(hCAPubKey, &caKeyBlobSize, &caKeyBlob))) + return result; + + offset = 0; + memset(&caKey, 0, sizeof(TSS_KEY)); + if ((result = UnloadBlob_TSS_KEY(&offset, caKeyBlob, &caKey))) + return result; + + /* ChosenID hash = SHA1(label || TCPA_PUBKEY(CApub)) */ + offset = 0; + Trspi_LoadBlob(&offset, ulIdentityLabelLength, chosenIDBlob, rgbIdentityLabelData); + Trspi_LoadBlob_KEY_PARMS(&offset, chosenIDBlob, &caKey.algorithmParms); + Trspi_LoadBlob_STORE_PUBKEY(&offset, chosenIDBlob, &caKey.pubKey); + + if (offset > CHOSENID_BLOB_SIZE) + return TSPERR(TSS_E_INTERNAL_ERROR); + + if ((result = Trspi_Hash(TSS_HASH_SHA1, offset, chosenIDBlob, chosenIDHash.digest))) { + free_key_refs(&caKey); + return result; + } + + /* use chosenIDBlob temporarily */ + offset = 0; + Trspi_LoadBlob_KEY_PARMS(&offset, chosenIDBlob, &caKey.algorithmParms); + + offset = 0; + if ((result = Trspi_UnloadBlob_KEY_PARMS(&offset, chosenIDBlob, &asymParms))) + return result; + + if ((result = authsess_xsap_init(tspContext, hTPM, hIdentityKey, TSS_AUTH_POLICY_REQUIRED, + TPM_ORD_MakeIdentity, TPM_ET_OWNER, &xsap))) + return result; + + /* Hash the Auth data */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_MakeIdentity); + result |= Trspi_Hash_ENCAUTH(&hashCtx, xsap->encAuthUse.authdata); + result |= Trspi_HashUpdate(&hashCtx, TCPA_SHA1_160_HASH_LEN, chosenIDHash.digest); + result |= Trspi_HashUpdate(&hashCtx, idKeySize, idKey); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto error; + + /* Do the Auth's */ + if (usesAuth) { + if ((result = secret_PerformAuth_OIAP(hKeySRK, TPM_ORD_MakeIdentity, hSRKPolicy, + FALSE, &digest, &srkAuth))) + goto error; + pSrkAuth = &srkAuth; + } else { + pSrkAuth = NULL; + } + + if ((result = authsess_xsap_hmac(xsap, &digest))) + goto error; + +#ifdef TSS_BUILD_TRANSPORT + if ((result = obj_context_transport_get_control(tspContext, TSS_TSPATTRIB_ENABLE_TRANSPORT, + &transport))) + goto error; + + if (transport) { + if ((result = Transport_MakeIdentity2(tspContext, xsap->encAuthUse, chosenIDHash, + idKeySize, idKey, pSrkAuth, xsap->pAuth, + &idKeySize, &newIdKey, &pcIdentityBindingSize, + &prgbIdentityBinding))) + goto error; + } else { +#endif + if ((result = RPC_MakeIdentity(tspContext, xsap->encAuthUse, chosenIDHash, + idKeySize, idKey, pSrkAuth, xsap->pAuth, &idKeySize, + &newIdKey, &pcIdentityBindingSize, + &prgbIdentityBinding, &pcEndorsementCredentialSize, + &prgbEndorsementCredential, + &pcPlatformCredentialSize, &prgbPlatformCredential, + &pcConformanceCredentialSize, + &prgbConformanceCredential))) + goto error; +#ifdef TSS_BUILD_TRANSPORT + } +#endif + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_MakeIdentity); + result |= Trspi_HashUpdate(&hashCtx, idKeySize, newIdKey); + result |= Trspi_Hash_UINT32(&hashCtx, pcIdentityBindingSize); + result |= Trspi_HashUpdate(&hashCtx, pcIdentityBindingSize, prgbIdentityBinding); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) { + free(newIdKey); + goto error; + } + + if ((result = authsess_xsap_verify(xsap, &digest))) { + free(newIdKey); + goto error; + } + + if (usesAuth == TRUE) { + if ((result = obj_policy_validate_auth_oiap(hSRKPolicy, &digest, &srkAuth))) { + free(newIdKey); + goto error; + } + } + + if ((result = obj_rsakey_set_tcpakey(hIdentityKey, idKeySize, newIdKey))) { + free(newIdKey); + goto error; + } + free(newIdKey); + if ((result = obj_rsakey_set_tcs_handle(hIdentityKey, 0))) + goto error; + + if ((result = obj_rsakey_get_pub_blob(hIdentityKey, &idPubSize, &idPub))) + goto error; + + if ((result = obj_tpm_get_cred(hTPM, TSS_TPMATTRIB_EKCERT, &tempCredSize, &tempCred))) + goto error; + + if (tempCred != NULL) { + free(prgbEndorsementCredential); + prgbEndorsementCredential = tempCred; + pcEndorsementCredentialSize = tempCredSize; + } + + if ((result = obj_tpm_get_cred(hTPM, TSS_TPMATTRIB_TPM_CC, &tempCredSize, &tempCred))) + goto error; + + if (tempCred != NULL) { + free(prgbConformanceCredential); + prgbConformanceCredential = tempCred; + pcConformanceCredentialSize = tempCredSize; + } + + if ((result = obj_tpm_get_cred(hTPM, TSS_TPMATTRIB_PLATFORMCERT, &tempCredSize, &tempCred))) + goto error; + + if (tempCred != NULL) { + free(prgbPlatformCredential); + prgbPlatformCredential = tempCred; + pcPlatformCredentialSize = tempCredSize; + } + + /* set up the TCPA_IDENTITY_PROOF structure */ + /* XXX This should be DER encoded first. TPM1.1b section 9.4 */ + /* XXX hash this incrementally using a Trspi_HashCtx */ + offset = 0; + Trspi_LoadBlob_TSS_VERSION(&offset, hashblob, VERSION_1_1); + Trspi_LoadBlob_UINT32(&offset, ulIdentityLabelLength, hashblob); + Trspi_LoadBlob_UINT32(&offset, pcIdentityBindingSize, hashblob); + Trspi_LoadBlob_UINT32(&offset, pcEndorsementCredentialSize, hashblob); + Trspi_LoadBlob_UINT32(&offset, pcPlatformCredentialSize, hashblob); + Trspi_LoadBlob_UINT32(&offset, pcConformanceCredentialSize, hashblob); + Trspi_LoadBlob(&offset, idPubSize, hashblob, idPub); + free_tspi(tspContext, idPub); + Trspi_LoadBlob(&offset, ulIdentityLabelLength, hashblob, rgbIdentityLabelData); + Trspi_LoadBlob(&offset, pcIdentityBindingSize, hashblob, prgbIdentityBinding); + Trspi_LoadBlob(&offset, pcEndorsementCredentialSize, hashblob, prgbEndorsementCredential); + Trspi_LoadBlob(&offset, pcPlatformCredentialSize, hashblob, prgbPlatformCredential); + Trspi_LoadBlob(&offset, pcConformanceCredentialSize, hashblob, prgbConformanceCredential); + + if (cb && cb->callback) { + /* Alloc the space for the callback to copy into. The additional 32 bytes will + * attempt to account for padding that the symmetric encryption will do. */ + rgbTcpaIdentityReq.asymBlob = calloc(1, (int)offset + 32); + rgbTcpaIdentityReq.symBlob = calloc(1, (int)offset + 32); + if (rgbTcpaIdentityReq.asymBlob == NULL || + rgbTcpaIdentityReq.symBlob == NULL) { + free(rgbTcpaIdentityReq.asymBlob); + free(rgbTcpaIdentityReq.symBlob); + LogError("malloc of %" PRIu64 " bytes failed", offset); + free_tspi(tspContext, cb); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto error; + } + rgbTcpaIdentityReq.asymSize = (UINT32)offset + 32; + rgbTcpaIdentityReq.symSize = (UINT32)offset + 32; + + if ((result = ((TSS_RESULT (*)(PVOID, UINT32, BYTE *, UINT32, UINT32 *, BYTE *, + UINT32 *, BYTE *))cb->callback)(cb->appData, (UINT32)offset, + hashblob, algID, + &rgbTcpaIdentityReq.asymSize, + rgbTcpaIdentityReq.asymBlob, + &rgbTcpaIdentityReq.symSize, + rgbTcpaIdentityReq.symBlob))) { + LogDebug("CollateIdentityRequest callback returned error 0x%x", result); + free_tspi(tspContext, cb); + goto error; + } + } else { + /* generate the symmetric key. */ + if ((result = get_local_random(tspContext, TRUE, symKey.size, &symKey.data))) + goto error; + + /* No symmetric key encryption schemes existed in the 1.1 time frame */ + symKey.encScheme = TCPA_ES_NONE; + + /* encrypt the proof */ + rgbTcpaIdentityReq.symSize = sizeof(testblob); + if ((result = Trspi_SymEncrypt(algID, TR_SYM_MODE_CBC, symKey.data, NULL, hashblob, + offset, testblob, &rgbTcpaIdentityReq.symSize))) + goto error; + + rgbTcpaIdentityReq.symBlob = testblob; + + /* XXX This should be DER encoded first. TPM1.1b section 9.4 */ + offset = 0; + Trspi_LoadBlob_SYMMETRIC_KEY(&offset, hashblob, &symKey); + + if ((result = Trspi_RSA_Public_Encrypt(hashblob, offset, encSymKey, &encSymKeySize, + caKey.pubKey.key, caKey.pubKey.keyLength, + 65537, padding))) + goto error; + + rgbTcpaIdentityReq.asymSize = encSymKeySize; + rgbTcpaIdentityReq.asymBlob = encSymKey; + } + + rgbTcpaIdentityReq.asymAlgorithm = asymParms; + rgbTcpaIdentityReq.symAlgorithm = symParms; + + /* XXX This should be DER encoded first. TPM1.1b section 9.4 */ + offset = 0; + Trspi_LoadBlob_IDENTITY_REQ(&offset, idReqBlob, &rgbTcpaIdentityReq); + + if (cb && cb->callback) { + free(rgbTcpaIdentityReq.symBlob); + free(rgbTcpaIdentityReq.asymBlob); + free_tspi(tspContext, cb); + } + + if ((*prgbTcpaIdentityReq = calloc_tspi(tspContext, offset)) == NULL) { + result = TSPERR(TSS_E_OUTOFMEMORY); + goto error; + } + + memcpy(*prgbTcpaIdentityReq, idReqBlob, offset); + *pulTcpaIdentityReqLength = offset; +error: + authsess_free(xsap); + free_key_refs(&caKey); + free(prgbIdentityBinding); + free(prgbEndorsementCredential); + free(prgbPlatformCredential); + free(prgbConformanceCredential); + + return result; +} + +TSS_RESULT +Tspi_TPM_ActivateIdentity(TSS_HTPM hTPM, /* in */ + TSS_HKEY hIdentKey, /* in */ + UINT32 ulAsymCAContentsBlobLength, /* in */ + BYTE * rgbAsymCAContentsBlob, /* in */ + UINT32 ulSymCAAttestationBlobLength, /* in */ + BYTE * rgbSymCAAttestationBlob, /* in */ + UINT32 * pulCredentialLength, /* out */ + BYTE ** prgbCredential) /* out */ +{ + TPM_AUTH idKeyAuth; + TPM_AUTH ownerAuth; + TSS_HCONTEXT tspContext; + TSS_HPOLICY hIDPolicy, hTPMPolicy; + UINT64 offset; + BYTE credBlob[0x1000]; + TCPA_DIGEST digest; + TSS_RESULT result; + TCS_KEY_HANDLE tcsKeyHandle; + TSS_BOOL usesAuth; + TPM_AUTH *pIDKeyAuth; + BYTE *symKeyBlob, *credCallback, *cb_var; + UINT32 symKeyBlobLen, credLen, tmp; + TCPA_SYMMETRIC_KEY symKey; + TSS_CALLBACK *cb; + Trspi_HashCtx hashCtx; + TPM_SYM_CA_ATTESTATION symCAAttestation; + + if (pulCredentialLength == NULL || prgbCredential == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + if ((result = obj_tpm_get_cb12(hTPM, TSS_TSPATTRIB_TPM_CALLBACK_ACTIVATEIDENTITY, &tmp, + &cb_var))) + return result; + + cb = (TSS_CALLBACK *)cb_var; + if (cb->callback == NULL) { + free_tspi(tspContext, cb); + cb = NULL; + } + + if ((result = obj_rsakey_get_tcs_handle(hIdentKey, &tcsKeyHandle))) + return result; + + if ((result = obj_rsakey_get_policy(hIdentKey, TSS_POLICY_USAGE, + &hIDPolicy, &usesAuth))) + return result; + + if ((result = obj_tpm_get_policy(hTPM, TSS_POLICY_USAGE, &hTPMPolicy))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_ActivateIdentity); + result |= Trspi_Hash_UINT32(&hashCtx, ulAsymCAContentsBlobLength); + result |= Trspi_HashUpdate(&hashCtx, ulAsymCAContentsBlobLength, rgbAsymCAContentsBlob); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if (usesAuth) { + if ((result = secret_PerformAuth_OIAP(hIDPolicy, TPM_ORD_ActivateIdentity, + hIDPolicy, FALSE, &digest, &idKeyAuth))) + return result; + pIDKeyAuth = &idKeyAuth; + } else { + pIDKeyAuth = NULL; + } + + if ((result = secret_PerformAuth_OIAP(hTPM, TPM_ORD_ActivateIdentity, hTPMPolicy, FALSE, + &digest, &ownerAuth))) + return result; + + if ((result = TCS_API(tspContext)->ActivateTPMIdentity(tspContext, tcsKeyHandle, + ulAsymCAContentsBlobLength, + rgbAsymCAContentsBlob, pIDKeyAuth, + &ownerAuth, &symKeyBlobLen, + &symKeyBlob))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_ActivateIdentity); + result |= Trspi_HashUpdate(&hashCtx, symKeyBlobLen, symKeyBlob); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if (usesAuth) { + if ((result = obj_policy_validate_auth_oiap(hIDPolicy, &digest, + &idKeyAuth))) { + LogDebugFn("Identity key auth validation of the symmetric key failed."); + return result; + } + } + + if ((result = obj_policy_validate_auth_oiap(hTPMPolicy, &digest, + &ownerAuth))) { + LogDebugFn("Owner auth validation of the symmetric key failed."); + return result; + } + + offset = 0; + if ((result = Trspi_UnloadBlob_SYM_CA_ATTESTATION(&offset, rgbSymCAAttestationBlob, + &symCAAttestation))) { + LogDebugFn("Error unloading CA's attestation blob."); + return result; + } + + if (cb && cb->callback) { + /* alloc the space for the callback to copy into */ + credCallback = calloc(1, ulSymCAAttestationBlobLength); + if (credCallback == NULL) { + LogDebug("malloc of %u bytes failed", ulSymCAAttestationBlobLength); + free(symKeyBlob); + free_tspi(tspContext, cb); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + credLen = ulSymCAAttestationBlobLength; + + if ((result = ((TSS_RESULT (*)(PVOID, UINT32, BYTE *, UINT32, BYTE *, UINT32 *, + BYTE *))cb->callback)(cb->appData, symKeyBlobLen, symKeyBlob, + symCAAttestation.credSize, + symCAAttestation.credential, + &credLen, credCallback))) { + LogDebug("ActivateIdentity callback returned error 0x%x", result); + free(symCAAttestation.credential); + free(symKeyBlob); + free_tspi(tspContext, cb); + free(credCallback); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + free(symCAAttestation.credential); + free_tspi(tspContext, cb); + free(symKeyBlob); + + if ((*prgbCredential = calloc_tspi(tspContext, credLen)) == NULL) { + free(credCallback); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + memcpy(*prgbCredential, credCallback, credLen); + *pulCredentialLength = credLen; + free(credCallback); + + return TSS_SUCCESS; + } + + /* decrypt the symmetric blob using the recovered symmetric key */ + offset = 0; + if ((result = Trspi_UnloadBlob_SYMMETRIC_KEY(&offset, symKeyBlob, &symKey))) { + free(symCAAttestation.credential); + free(symKeyBlob); + return result; + } + free(symKeyBlob); + + if ((result = Trspi_SymDecrypt(symKey.algId, symKey.encScheme, symKey.data, NULL, + symCAAttestation.credential, symCAAttestation.credSize, + credBlob, &credLen))) { + free(symCAAttestation.credential); + free(symKey.data); + return result; + } + free(symCAAttestation.credential); + + if ((*prgbCredential = calloc_tspi(tspContext, credLen)) == NULL) { + free(symKey.data); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + free(symKey.data); + memcpy(*prgbCredential, credBlob, credLen); + *pulCredentialLength = credLen; + + return TSS_SUCCESS; +} diff --git a/src/tspi/tspi_asn1.c b/src/tspi/tspi_asn1.c new file mode 100644 index 0000000..f17ce41 --- /dev/null +++ b/src/tspi/tspi_asn1.c @@ -0,0 +1,255 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + + +#include +#include +#include + +#include +#include + +#ifndef TSS_BUILD_ASN1_OPENSSL +#include +#endif + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "tsplog.h" + +#define TSS_OPENSSL_ASN1_ERROR (0xffffffff) + +#if (OPENSSL_VERSION_NUMBER >= 0x0090800FL) +#define OPENSSL_COMPAT_CONST const +#else +#define OPENSSL_COMPAT_CONST +#endif + +#define OPENSSL_COMPAT_ASN1_SEQUENCE(tname) \ + static const ASN1_TEMPLATE tname##_seq_tt[] + +typedef struct tdTSS_BLOB { + ASN1_INTEGER * structVersion; + ASN1_INTEGER * blobType; + ASN1_INTEGER * blobLength; + ASN1_OCTET_STRING * blob; +} TSS_BLOB; + +OPENSSL_COMPAT_ASN1_SEQUENCE(TSS_BLOB) = { + ASN1_SIMPLE(TSS_BLOB, structVersion, ASN1_INTEGER), + ASN1_SIMPLE(TSS_BLOB, blobType, ASN1_INTEGER), + ASN1_SIMPLE(TSS_BLOB, blobLength, ASN1_INTEGER), + ASN1_SIMPLE(TSS_BLOB, blob, ASN1_OCTET_STRING) +} ASN1_SEQUENCE_END(TSS_BLOB) +IMPLEMENT_ASN1_FUNCTIONS(TSS_BLOB) + + +TSS_RESULT +Tspi_EncodeDER_TssBlob(UINT32 rawBlobSize, /* in */ + BYTE *rawBlob, /* in */ + UINT32 blobType, /* in */ + UINT32 *derBlobSize, /* in/out */ + BYTE *derBlob) /* out */ +{ +#ifdef TSS_BUILD_ASN1_OPENSSL + TSS_BLOB *tssBlob = NULL; +#endif + BYTE *encBlob = NULL; + UINT32 encBlobLen; + + if ((rawBlobSize == 0) || (rawBlob == NULL)) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((blobType < TSS_BLOB_TYPE_KEY) || (blobType > TSS_BLOB_TYPE_CMK_BYTE_STREAM)) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((*derBlobSize != 0) && (derBlob == NULL)) + return TSPERR(TSS_E_BAD_PARAMETER); + + /* The TSS working group has stated that the ASN1 encoding will be done in a + * specific way that generates an ASN1 encoding that is exactly 20 bytes + * larger than the blob being encoded. + * + * OpenSSL uses the smallest number of bytes possible to encode and object + * and as a result cannot be used to perform the encoding. The encoding + * must be done manually. + * + * The 20 byte fixed header will result in issues for objects greater than + * 2^16 in size since some fields are now limited to 16-bit lengths. + */ + +#ifdef TSS_BUILD_ASN1_OPENSSL + tssBlob = TSS_BLOB_new(); + if (!tssBlob) + return TSPERR(TSS_E_OUTOFMEMORY); + + if (ASN1_INTEGER_set(tssBlob->structVersion, TSS_BLOB_STRUCT_VERSION) == 0) { + TSS_BLOB_free(tssBlob); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + if (ASN1_INTEGER_set(tssBlob->blobType, blobType) == 0) { + TSS_BLOB_free(tssBlob); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + if (ASN1_INTEGER_set(tssBlob->blobLength, rawBlobSize) == 0) { + TSS_BLOB_free(tssBlob); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + if (ASN1_OCTET_STRING_set(tssBlob->blob, rawBlob, rawBlobSize) == 0) { + TSS_BLOB_free(tssBlob); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + encBlobLen = i2d_TSS_BLOB(tssBlob, &encBlob); + if (encBlobLen <= 0) { + TSS_BLOB_free(tssBlob); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + if (*derBlobSize != 0) { + if (encBlobLen <= *derBlobSize) { + memcpy(derBlob, encBlob, encBlobLen); + } + else { + OPENSSL_free(encBlob); + TSS_BLOB_free(tssBlob); + return TSPERR(TSS_E_BAD_PARAMETER); + } + } + + *derBlobSize = encBlobLen; + + OPENSSL_free(encBlob); + TSS_BLOB_free(tssBlob); +#else + if ((rawBlobSize + 16) > UINT16_MAX) + return TSPERR(TSS_E_INTERNAL_ERROR); + + encBlobLen = rawBlobSize + 20; + + if (*derBlobSize != 0) { + if (encBlobLen <= *derBlobSize) { + UINT16 *pShort; + UINT32 *pLong; + + encBlob = derBlob; + encBlob[0] = 0x30; /* Sequence tag */ + encBlob[1] = 0x82; /* Length in the two octets that follow */ + encBlob += 2; + pShort = (UINT16 *)encBlob; + *pShort = htons(rawBlobSize + 16); + encBlob += sizeof(UINT16); + + encBlob[0] = 0x02; /* Integer tag */ + encBlob[1] = 0x01; /* Length is one */ + encBlob[2] = (BYTE)TSS_BLOB_STRUCT_VERSION; + encBlob += 3; + + encBlob[0] = 0x02; /* Integer tag */ + encBlob[1] = 0x01; /* Length is one */ + encBlob[2] = (BYTE)blobType; + encBlob += 3; + + encBlob[0] = 0x02; /* Integer tag */ + encBlob[1] = 0x04; /* Length is four */ + encBlob += 2; + pLong = (UINT32 *)encBlob; + *pLong = htonl(rawBlobSize); + encBlob += sizeof(UINT32); + + encBlob[0] = 0x04; /* Octet string tag */ + encBlob[1] = 0x82; /* Length in the two octets that follow */ + encBlob += 2; + pShort = (UINT16 *)encBlob; + *pShort = htons(rawBlobSize); + encBlob += sizeof(UINT16); + memcpy(encBlob, rawBlob, rawBlobSize); + } + else + return TSPERR(TSS_E_BAD_PARAMETER); + } + + *derBlobSize = encBlobLen; +#endif + + return TSS_SUCCESS; +} + +TSS_RESULT +Tspi_DecodeBER_TssBlob(UINT32 berBlobSize, /* in */ + BYTE *berBlob, /* in */ + UINT32 *blobType, /* out */ + UINT32 *rawBlobSize, /* in/out */ + BYTE *rawBlob) /* out */ +{ + TSS_BLOB *tssBlob = NULL; + OPENSSL_COMPAT_CONST BYTE *encBlob = berBlob; + + UINT32 encBlobLen = berBlobSize; + UINT32 decStructVersion, decBlobType, decBlobSize; + + if ((berBlobSize == 0) || (berBlob == NULL)) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((*rawBlobSize != 0) && (rawBlob == NULL)) + return TSPERR(TSS_E_BAD_PARAMETER); + + tssBlob = d2i_TSS_BLOB(NULL, &encBlob, encBlobLen); + if (!tssBlob) + return TSPERR(TSS_E_INTERNAL_ERROR); + + decStructVersion = ASN1_INTEGER_get(tssBlob->structVersion); + if (decStructVersion == TSS_OPENSSL_ASN1_ERROR) { + TSS_BLOB_free(tssBlob); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + if (decStructVersion > TSS_BLOB_STRUCT_VERSION) { + TSS_BLOB_free(tssBlob); + return TSPERR(TSS_E_BAD_PARAMETER); + } + + decBlobType = ASN1_INTEGER_get(tssBlob->blobType); + if (decBlobType == TSS_OPENSSL_ASN1_ERROR) { + TSS_BLOB_free(tssBlob); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + if ((decBlobType < TSS_BLOB_TYPE_KEY) || (decBlobType > TSS_BLOB_TYPE_CMK_BYTE_STREAM)) { + TSS_BLOB_free(tssBlob); + return TSPERR(TSS_E_BAD_PARAMETER); + } + + decBlobSize = ASN1_INTEGER_get(tssBlob->blobLength); + if (decBlobSize == TSS_OPENSSL_ASN1_ERROR) { + TSS_BLOB_free(tssBlob); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + if (*rawBlobSize != 0) { + if (decBlobSize <= *rawBlobSize) { + memcpy(rawBlob, tssBlob->blob->data, decBlobSize); + } + else { + TSS_BLOB_free(tssBlob); + return TSPERR(TSS_E_BAD_PARAMETER); + } + } + + *rawBlobSize = decBlobSize; + *blobType = decBlobType; + + TSS_BLOB_free(tssBlob); + + return TSS_SUCCESS; +} + diff --git a/src/tspi/tspi_audit.c b/src/tspi/tspi_audit.c new file mode 100644 index 0000000..1c13ca1 --- /dev/null +++ b/src/tspi/tspi_audit.c @@ -0,0 +1,313 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "obj.h" +#include "tsplog.h" + + +/* XXX Split into two functions */ +TSS_RESULT +Tspi_TPM_GetAuditDigest(TSS_HTPM hTpm, /* in */ + TSS_HKEY hKey, /* in */ + TSS_BOOL closeAudit, /* in */ + UINT32* pulAuditDigestSize, /* out */ + BYTE** prgbAuditDigest, /* out */ + TPM_COUNTER_VALUE* pCounterValue, /* out */ + TSS_VALIDATION* pValidationData, /* out */ + UINT32* ordSize, /* out */ + UINT32** ordList) /* out */ +{ + TSS_HCONTEXT tspContext; + UINT32 counterValueSize; + BYTE *counterValue = NULL; + TPM_DIGEST auditDigest; + TSS_RESULT result = TSS_SUCCESS; + UINT64 offset; + + if ((pulAuditDigestSize == NULL) || (prgbAuditDigest == NULL) || (pCounterValue == NULL)) + return TSPERR(TSS_E_BAD_PARAMETER); + + if (hKey == NULL_HKEY) + if ((ordSize == NULL) || (ordList == NULL)) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_tpm_get_tsp_context(hTpm, &tspContext))) + return result; + + if (hKey == NULL_HKEY) { + UINT32 startOrdinal = 0; + TSS_BOOL more; + UINT32 tcsOrdSize; + UINT32 *tcsOrdList = NULL; + UINT32 *pulTemp; + + *prgbAuditDigest = NULL; + *pulAuditDigestSize = 0; + *ordList = NULL; + *ordSize = 0; + do { + if ((result = TCS_API(tspContext)->GetAuditDigest(tspContext, startOrdinal, + &auditDigest, + &counterValueSize, + &counterValue, &more, + &tcsOrdSize, + &tcsOrdList))) + goto done1; + + if ((pulTemp = + calloc_tspi(tspContext, + (*ordSize + tcsOrdSize) * sizeof(UINT32))) == NULL) { + LogError("malloc of %u bytes failed.", *ordSize + tcsOrdSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done1; + } + + if (*ordList) + memcpy(pulTemp, *ordList, *ordSize * sizeof(UINT32)); + memcpy(pulTemp + *ordSize, tcsOrdList, tcsOrdSize * sizeof(UINT32)); + + free(tcsOrdList); + tcsOrdList = NULL; + + if (*ordList) + free_tspi(tspContext, *ordList); + *ordList = pulTemp; + *ordSize += tcsOrdSize; + + if (more == TRUE) { + offset = 0; + Trspi_UnloadBlob_UINT32(&offset, &startOrdinal, + (BYTE *)(*ordList + (*ordSize - 1))); + startOrdinal++; + free(counterValue); + counterValue = NULL; + } + } while (more == TRUE); + + *pulAuditDigestSize = sizeof(auditDigest.digest); + if ((*prgbAuditDigest = calloc_tspi(tspContext, *pulAuditDigestSize)) == NULL) { + LogError("malloc of %u bytes failed.", *pulAuditDigestSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done1; + } + offset = 0; + Trspi_LoadBlob_DIGEST(&offset, *prgbAuditDigest, &auditDigest); + + offset = 0; + Trspi_UnloadBlob_COUNTER_VALUE(&offset, counterValue, pCounterValue); + + result = TSS_SUCCESS; + +done1: + if (result != TSS_SUCCESS) { + if (*prgbAuditDigest) + free_tspi(tspContext, *prgbAuditDigest); + if (*ordList) + free_tspi(tspContext, *ordList); + *prgbAuditDigest = NULL; + *pulAuditDigestSize = 0; + *ordList = NULL; + *ordSize = 0; + } + free(counterValue); + free(tcsOrdList); + + return result; + } + else { + TSS_HPOLICY hPolicy; + TSS_BOOL usesAuth; + TCS_KEY_HANDLE tcsKeyHandle; + TPM_AUTH keyAuth, *pAuth; + Trspi_HashCtx hashCtx; + TCPA_DIGEST digest; + TPM_NONCE antiReplay; + TPM_DIGEST auditDigest; + TPM_DIGEST ordinalDigest; + UINT32 sigSize; + BYTE *sig = NULL; + TPM_SIGN_INFO signInfo; + UINT32 signInfoBlobSize; + BYTE *signInfoBlob = NULL; + + if (pValidationData == NULL) { + LogDebug("Internal Verify"); + if ((result = get_local_random(tspContext, FALSE, TPM_NONCE_SIZE, + (BYTE **)antiReplay.nonce))) + return result; + } else { + LogDebug("External Verify"); + if (pValidationData->ulExternalDataLength < sizeof(antiReplay.nonce)) + return TSPERR(TSS_E_BAD_PARAMETER); + + if (pValidationData->rgbExternalData == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + memcpy(antiReplay.nonce, pValidationData->rgbExternalData, + sizeof(antiReplay.nonce)); + + pValidationData->ulDataLength = 0; + pValidationData->rgbData = NULL; + pValidationData->ulValidationDataLength = 0; + pValidationData->rgbValidationData = NULL; + } + + if ((result = obj_rsakey_get_policy(hKey, TSS_POLICY_USAGE, &hPolicy, &usesAuth))) + return result; + + if ((result = obj_rsakey_get_tcs_handle(hKey, &tcsKeyHandle))) + return result; + + if (usesAuth) { + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_GetAuditDigestSigned); + result |= Trspi_Hash_BOOL(&hashCtx, closeAudit); + result |= Trspi_Hash_NONCE(&hashCtx, antiReplay.nonce); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + pAuth = &keyAuth; + if ((result = secret_PerformAuth_OIAP(hKey, TPM_ORD_GetAuditDigestSigned, + hPolicy, FALSE, &digest, pAuth))) + return result; + } + else + pAuth = NULL; + + if ((result = TCS_API(tspContext)->GetAuditDigestSigned(tspContext, tcsKeyHandle, + closeAudit, &antiReplay, + pAuth, &counterValueSize, + &counterValue, &auditDigest, + &ordinalDigest, &sigSize, + &sig))) + return result; + + memset(&signInfo, 0, sizeof(signInfo)); + signInfo.tag = TPM_TAG_SIGNINFO; + memcpy(signInfo.fixed, "ADIG", strlen("ADIG")); + signInfo.replay = antiReplay; + signInfo.dataLen = sizeof(auditDigest.digest) + counterValueSize + + sizeof(ordinalDigest.digest); + if ((signInfo.data = malloc(signInfo.dataLen)) == NULL) { + LogError("malloc of %u bytes failed.", signInfo.dataLen); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done2; + } + offset = 0; + Trspi_LoadBlob_DIGEST(&offset, signInfo.data, &auditDigest); + Trspi_LoadBlob(&offset, counterValueSize, signInfo.data, counterValue); + Trspi_LoadBlob_DIGEST(&offset, signInfo.data, &ordinalDigest); + + if (usesAuth) { + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_GetAuditDigestSigned); + result |= Trspi_HashUpdate(&hashCtx, counterValueSize, counterValue); + result |= Trspi_Hash_DIGEST(&hashCtx, auditDigest.digest); + result |= Trspi_Hash_DIGEST(&hashCtx, ordinalDigest.digest); + result |= Trspi_Hash_UINT32(&hashCtx, sigSize); + result |= Trspi_HashUpdate(&hashCtx, sigSize, sig); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto done2; + + if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, pAuth))) + goto done2; + } + + offset = 0; + Trspi_LoadBlob_SIGN_INFO(&offset, NULL, &signInfo); + signInfoBlobSize = offset; + signInfoBlob = malloc(signInfoBlobSize); + if (signInfoBlob == NULL) { + LogError("malloc of %u bytes failed.", signInfoBlobSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done2; + } + offset = 0; + Trspi_LoadBlob_SIGN_INFO(&offset, signInfoBlob, &signInfo); + + if (pValidationData == NULL) { + if ((result = Trspi_Hash(TSS_HASH_SHA1, signInfoBlobSize, signInfoBlob, + digest.digest))) + goto done2; + + if ((result = __tspi_rsa_verify(hKey, TSS_HASH_SHA1, sizeof(digest.digest), + digest.digest, sigSize, sig))) { + result = TSPERR(TSS_E_VERIFICATION_FAILED); + goto done2; + } + } else { + pValidationData->ulDataLength = signInfoBlobSize; + pValidationData->rgbData = calloc_tspi(tspContext, signInfoBlobSize); + if (pValidationData->rgbData == NULL) { + LogError("malloc of %u bytes failed.", signInfoBlobSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done2; + } + memcpy(pValidationData->rgbData, signInfoBlob, signInfoBlobSize); + + pValidationData->ulValidationDataLength = sigSize; + pValidationData->rgbValidationData = calloc_tspi(tspContext, sigSize); + if (pValidationData->rgbValidationData == NULL) { + LogError("malloc of %u bytes failed.", sigSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done2; + } + memcpy(pValidationData->rgbValidationData, sig, sigSize); + } + + *pulAuditDigestSize = sizeof(auditDigest.digest); + if ((*prgbAuditDigest = calloc_tspi(tspContext, *pulAuditDigestSize)) == NULL) { + LogError("malloc of %u bytes failed.", *pulAuditDigestSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done2; + } + offset = 0; + Trspi_LoadBlob_DIGEST(&offset, *prgbAuditDigest, &auditDigest); + + offset = 0; + Trspi_UnloadBlob_COUNTER_VALUE(&offset, counterValue, pCounterValue); + + result = TSS_SUCCESS; + +done2: + if (result != TSS_SUCCESS) { + if (*prgbAuditDigest) + free_tspi(tspContext, *prgbAuditDigest); + *prgbAuditDigest = NULL; + *pulAuditDigestSize = 0; + if (pValidationData != NULL) { + if (pValidationData->rgbData) + free_tspi(tspContext, pValidationData->rgbData); + if (pValidationData->rgbValidationData) + free_tspi(tspContext, pValidationData->rgbValidationData); + pValidationData->ulDataLength = 0; + pValidationData->rgbData = NULL; + pValidationData->ulValidationDataLength = 0; + pValidationData->rgbValidationData = NULL; + } + } + free(counterValue); + free(sig); + free(signInfo.data); + free(signInfoBlob); + + return result; + } +} diff --git a/src/tspi/tspi_bind.c b/src/tspi/tspi_bind.c new file mode 100644 index 0000000..ae9a8ba --- /dev/null +++ b/src/tspi/tspi_bind.c @@ -0,0 +1,217 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +TSS_RESULT +Tspi_Data_Bind(TSS_HENCDATA hEncData, /* in */ + TSS_HKEY hEncKey, /* in */ + UINT32 ulDataLength, /* in */ + BYTE *rgbDataToBind) /* in */ +{ + UINT32 encDataLength; + BYTE encData[256]; + BYTE *keyData; + UINT32 keyDataLength; + TCPA_BOUND_DATA boundData; + UINT64 offset; + BYTE bdblob[256]; + TCPA_RESULT result; + TSS_KEY keyContainer; + TSS_HCONTEXT tspContext; + + if (rgbDataToBind == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if (!obj_is_encdata(hEncData)) + return TSPERR(TSS_E_INVALID_HANDLE); + + if ((result = obj_rsakey_get_tsp_context(hEncKey, &tspContext))) + return result; + + /* XXX Just get the pubkey here */ + if ((result = obj_rsakey_get_blob(hEncKey, &keyDataLength, &keyData))) + return result; + + offset = 0; + if ((result = UnloadBlob_TSS_KEY(&offset, keyData, &keyContainer))) { + free_tspi(tspContext, keyData); + return result; + } + free_tspi(tspContext, keyData); + + if (keyContainer.keyUsage != TPM_KEY_BIND && + keyContainer.keyUsage != TPM_KEY_LEGACY) { + result = TSPERR(TSS_E_INVALID_KEYUSAGE); + goto done; + } + + if (keyContainer.pubKey.keyLength < ulDataLength) { + result = TSPERR(TSS_E_ENC_INVALID_LENGTH); + goto done; + } + + if (keyContainer.algorithmParms.encScheme == TCPA_ES_RSAESPKCSv15 && + keyContainer.keyUsage == TPM_KEY_LEGACY) { + if ((result = Trspi_RSA_PKCS15_Encrypt(rgbDataToBind, ulDataLength, encData, + &encDataLength, keyContainer.pubKey.key, + keyContainer.pubKey.keyLength))) + goto done; + } else if (keyContainer.algorithmParms.encScheme == TCPA_ES_RSAESPKCSv15 && + keyContainer.keyUsage == TPM_KEY_BIND) { + boundData.payload = TCPA_PT_BIND; + + memcpy(&boundData.ver, &VERSION_1_1, sizeof(TCPA_VERSION)); + + boundData.payloadData = malloc(ulDataLength); + if (boundData.payloadData == NULL) { + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + memcpy(boundData.payloadData, rgbDataToBind, ulDataLength); + + offset = 0; + Trspi_LoadBlob_BOUND_DATA(&offset, boundData, ulDataLength, bdblob); + + if ((result = Trspi_RSA_PKCS15_Encrypt(bdblob, offset, encData, + &encDataLength, keyContainer.pubKey.key, + keyContainer.pubKey.keyLength))) { + free(boundData.payloadData); + goto done; + } + free(boundData.payloadData); + } else { + boundData.payload = TCPA_PT_BIND; + + memcpy(&boundData.ver, &VERSION_1_1, sizeof(TCPA_VERSION)); + + boundData.payloadData = malloc(ulDataLength); + if (boundData.payloadData == NULL) { + LogError("malloc of %u bytes failed.", ulDataLength); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + memcpy(boundData.payloadData, rgbDataToBind, ulDataLength); + + offset = 0; + Trspi_LoadBlob_BOUND_DATA(&offset, boundData, ulDataLength, bdblob); + + if ((result = Trspi_RSA_Encrypt(bdblob, offset, encData, &encDataLength, + keyContainer.pubKey.key, + keyContainer.pubKey.keyLength))) { + free(boundData.payloadData); + goto done; + } + + free(boundData.payloadData); + } + + if ((result = obj_encdata_set_data(hEncData, encDataLength, encData))) { + LogError("Error in calling SetAttribData on the encrypted data object."); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } +done: + free_key_refs(&keyContainer); + return result; +} + +TSS_RESULT +Tspi_Data_Unbind(TSS_HENCDATA hEncData, /* in */ + TSS_HKEY hKey, /* in */ + UINT32 * pulUnboundDataLength, /* out */ + BYTE ** prgbUnboundData) /* out */ +{ + TCPA_RESULT result; + TPM_AUTH privAuth; + TCPA_DIGEST digest; + TSS_HPOLICY hPolicy; + BYTE *encData; + UINT32 encDataSize; + TCS_KEY_HANDLE tcsKeyHandle; + TSS_BOOL usesAuth; + TPM_AUTH *pPrivAuth; + TSS_HCONTEXT tspContext; + Trspi_HashCtx hashCtx; + + if (pulUnboundDataLength == NULL || prgbUnboundData == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_encdata_get_tsp_context(hEncData, &tspContext))) + return result; + + if ((result = obj_rsakey_get_policy(hKey, TSS_POLICY_USAGE, &hPolicy, &usesAuth))) + return result; + + if ((result = obj_encdata_get_data(hEncData, &encDataSize, &encData))) + return result == (TSS_E_INVALID_OBJ_ACCESS | TSS_LAYER_TSP) ? + TSPERR(TSS_E_ENC_NO_DATA) : + result; + + if ((result = obj_rsakey_get_tcs_handle(hKey, &tcsKeyHandle))) + return result; + + if (usesAuth) { + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_UnBind); + result |= Trspi_Hash_UINT32(&hashCtx, encDataSize); + result |= Trspi_HashUpdate(&hashCtx, encDataSize, encData); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if ((result = secret_PerformAuth_OIAP(hKey, TPM_ORD_UnBind, hPolicy, FALSE, &digest, + &privAuth))) + return result; + pPrivAuth = &privAuth; + } else { + pPrivAuth = NULL; + } + + if ((result = TCS_API(tspContext)->UnBind(tspContext, tcsKeyHandle, encDataSize, encData, + pPrivAuth, pulUnboundDataLength, + prgbUnboundData))) + return result; + + if (usesAuth) { + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_UnBind); + result |= Trspi_Hash_UINT32(&hashCtx, *pulUnboundDataLength); + result |= Trspi_HashUpdate(&hashCtx, *pulUnboundDataLength, *prgbUnboundData); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto error; + + if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, &privAuth))) + goto error; + } + + if ((result = __tspi_add_mem_entry(tspContext, *prgbUnboundData))) + goto error; + + return TSS_SUCCESS; +error: + free(*prgbUnboundData); + *prgbUnboundData = NULL; + *pulUnboundDataLength = 0; + return result; +} + diff --git a/src/tspi/tspi_caps.c b/src/tspi/tspi_caps.c new file mode 100644 index 0000000..2997d8d --- /dev/null +++ b/src/tspi/tspi_caps.c @@ -0,0 +1,87 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "tcs_tsp.h" +#include "tspps.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "obj.h" + + +TSS_RESULT +Tspi_Context_GetCapability(TSS_HCONTEXT tspContext, /* in */ + TSS_FLAG capArea, /* in */ + UINT32 ulSubCapLength, /* in */ + BYTE * rgbSubCap, /* in */ + UINT32 * pulRespDataLength, /* out */ + BYTE ** prgbRespData) /* out */ +{ + TSS_RESULT result; + + if (prgbRespData == NULL || pulRespDataLength == NULL ) + return TSPERR(TSS_E_BAD_PARAMETER); + + if (rgbSubCap == NULL && ulSubCapLength != 0) + return TSPERR(TSS_E_BAD_PARAMETER); + + if (ulSubCapLength > sizeof(UINT32)) + return TSPERR(TSS_E_BAD_PARAMETER); + + if (!obj_is_context(tspContext)) + return TSPERR(TSS_E_INVALID_HANDLE); + + switch (capArea) { + case TSS_TSPCAP_ALG: + case TSS_TSPCAP_RETURNVALUE_INFO: + case TSS_TSPCAP_PLATFORM_INFO: + case TSS_TSPCAP_MANUFACTURER: + if (ulSubCapLength != sizeof(UINT32) || !rgbSubCap) + return TSPERR(TSS_E_BAD_PARAMETER); + /* fall through */ + case TSS_TSPCAP_VERSION: + case TSS_TSPCAP_PERSSTORAGE: + result = internal_GetCap(tspContext, capArea, + rgbSubCap ? *(UINT32 *)rgbSubCap : 0, + pulRespDataLength, + prgbRespData); + break; + case TSS_TCSCAP_ALG: + if (ulSubCapLength != sizeof(UINT32) || !rgbSubCap) + return TSPERR(TSS_E_BAD_PARAMETER); + /* fall through */ + case TSS_TCSCAP_VERSION: + case TSS_TCSCAP_CACHING: + case TSS_TCSCAP_PERSSTORAGE: + case TSS_TCSCAP_MANUFACTURER: + case TSS_TCSCAP_TRANSPORT: + case TSS_TCSCAP_PLATFORM_CLASS: + result = RPC_GetCapability(tspContext, capArea, ulSubCapLength, rgbSubCap, + pulRespDataLength, prgbRespData); + break; + default: + LogDebug("Invalid capArea: 0x%x", capArea); + result = TSPERR(TSS_E_BAD_PARAMETER); + break; + } + + return result; +} diff --git a/src/tspi/tspi_caps_tpm.c b/src/tspi/tspi_caps_tpm.c new file mode 100644 index 0000000..131e67b --- /dev/null +++ b/src/tspi/tspi_caps_tpm.c @@ -0,0 +1,356 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +TSS_RESULT +Tspi_TPM_GetCapability(TSS_HTPM hTPM, /* in */ + TSS_FLAG capArea, /* in */ + UINT32 ulSubCapLength, /* in */ + BYTE * rgbSubCap, /* in */ + UINT32 * pulRespDataLength, /* out */ + BYTE ** prgbRespData) /* out */ +{ + TSS_HCONTEXT tspContext; + TPM_CAPABILITY_AREA tcsCapArea; + UINT32 tcsSubCap = 0; + UINT32 tcsSubCapContainer; + TSS_RESULT result; + UINT32 nonVolFlags, volFlags, respLen; + BYTE *respData; + UINT64 offset; + TSS_BOOL fOwnerAuth = FALSE, endianFlag = TRUE; + + if (pulRespDataLength == NULL || prgbRespData == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + /* Verify the caps and subcaps */ + switch (capArea) { + case TSS_TPMCAP_ORD: + if ((ulSubCapLength != sizeof(UINT32)) || !rgbSubCap) + return TSPERR(TSS_E_BAD_PARAMETER); + + tcsCapArea = TCPA_CAP_ORD; + tcsSubCap = *(UINT32 *)rgbSubCap; + break; + case TSS_TPMCAP_FLAG: + fOwnerAuth = TRUE; + break; + case TSS_TPMCAP_AUTH_ENCRYPT: + case TSS_TPMCAP_ALG: + if ((ulSubCapLength != sizeof(UINT32)) || !rgbSubCap) + return TSPERR(TSS_E_BAD_PARAMETER); + + /* Test capArea again here in order to keep from having to duplicate the switch + * statement below */ + tcsCapArea = (capArea == TSS_TPMCAP_ALG ? TPM_CAP_ALG : TPM_CAP_AUTH_ENCRYPT); + + switch (*(UINT32 *)rgbSubCap) { + case TSS_ALG_RSA: + tcsSubCap = TPM_ALG_RSA; + break; + case TSS_ALG_AES128: + tcsSubCap = TPM_ALG_AES128; + break; + case TSS_ALG_AES192: + tcsSubCap = TPM_ALG_AES192; + break; + case TSS_ALG_AES256: + tcsSubCap = TPM_ALG_AES256; + break; + case TSS_ALG_3DES: + tcsSubCap = TPM_ALG_3DES; + break; + case TSS_ALG_DES: + tcsSubCap = TPM_ALG_DES; + break; + case TSS_ALG_SHA: + tcsSubCap = TPM_ALG_SHA; + break; + case TSS_ALG_HMAC: + tcsSubCap = TPM_ALG_HMAC; + break; + case TSS_ALG_MGF1: + tcsSubCap = TPM_ALG_MGF1; + break; + case TSS_ALG_XOR: + tcsSubCap = TPM_ALG_XOR; + break; + default: + tcsSubCap = *(UINT32 *)rgbSubCap; + break; + } + break; +#ifdef TSS_BUILD_NV + case TSS_TPMCAP_NV_LIST: + tcsCapArea = TPM_CAP_NV_LIST; + endianFlag = FALSE; + break; + case TSS_TPMCAP_NV_INDEX: + if ((ulSubCapLength != sizeof(UINT32)) || !rgbSubCap) + return TSPERR(TSS_E_BAD_PARAMETER); + + tcsCapArea = TPM_CAP_NV_INDEX; + tcsSubCap = *(UINT32 *)rgbSubCap; + break; +#endif + case TSS_TPMCAP_PROPERTY: /* Determines a physical property of the TPM. */ + if ((ulSubCapLength != sizeof(UINT32)) || !rgbSubCap) + return TSPERR(TSS_E_BAD_PARAMETER); + + tcsCapArea = TCPA_CAP_PROPERTY; + tcsSubCapContainer = *(UINT32 *)rgbSubCap; + + switch (tcsSubCapContainer) { + case TSS_TPMCAP_PROP_PCR: + tcsSubCap = TPM_CAP_PROP_PCR; + break; + case TSS_TPMCAP_PROP_DIR: + tcsSubCap = TPM_CAP_PROP_DIR; + break; + /* case TSS_TPMCAP_PROP_SLOTS: */ + case TSS_TPMCAP_PROP_KEYS: + tcsSubCap = TPM_CAP_PROP_SLOTS; + break; + case TSS_TPMCAP_PROP_MANUFACTURER: + tcsSubCap = TPM_CAP_PROP_MANUFACTURER; + endianFlag = FALSE; + break; + case TSS_TPMCAP_PROP_COUNTERS: + tcsSubCap = TPM_CAP_PROP_COUNTERS; + break; + case TSS_TPMCAP_PROP_MAXCOUNTERS: + tcsSubCap = TPM_CAP_PROP_MAX_COUNTERS; + break; + /*case TSS_TPMCAP_PROP_MINCOUNTERINCTIME: */ + case TSS_TPMCAP_PROP_MIN_COUNTER: + tcsSubCap = TPM_CAP_PROP_MIN_COUNTER; + break; + case TSS_TPMCAP_PROP_ACTIVECOUNTER: + tcsSubCap = TPM_CAP_PROP_ACTIVE_COUNTER; + break; + case TSS_TPMCAP_PROP_TRANSESSIONS: + tcsSubCap = TPM_CAP_PROP_TRANSSESS; + break; + case TSS_TPMCAP_PROP_MAXTRANSESSIONS: + tcsSubCap = TPM_CAP_PROP_MAX_TRANSSESS; + break; + case TSS_TPMCAP_PROP_SESSIONS: + tcsSubCap = TPM_CAP_PROP_SESSIONS; + break; + case TSS_TPMCAP_PROP_MAXSESSIONS: + tcsSubCap = TPM_CAP_PROP_MAX_SESSIONS; + break; + case TSS_TPMCAP_PROP_FAMILYROWS: + tcsSubCap = TPM_CAP_PROP_FAMILYROWS; + break; + case TSS_TPMCAP_PROP_DELEGATEROWS: + tcsSubCap = TPM_CAP_PROP_DELEGATE_ROW; + break; + case TSS_TPMCAP_PROP_OWNER: + tcsSubCap = TPM_CAP_PROP_OWNER; + break; + case TSS_TPMCAP_PROP_MAXKEYS: + tcsSubCap = TPM_CAP_PROP_MAX_KEYS; + break; + case TSS_TPMCAP_PROP_AUTHSESSIONS: + tcsSubCap = TPM_CAP_PROP_AUTHSESS; + break; + case TSS_TPMCAP_PROP_MAXAUTHSESSIONS: + tcsSubCap = TPM_CAP_PROP_MAX_AUTHSESS; + break; + case TSS_TPMCAP_PROP_CONTEXTS: + tcsSubCap = TPM_CAP_PROP_CONTEXT; + break; + case TSS_TPMCAP_PROP_MAXCONTEXTS: + tcsSubCap = TPM_CAP_PROP_MAX_CONTEXT; + break; + case TSS_TPMCAP_PROP_DAASESSIONS: + tcsSubCap = TPM_CAP_PROP_SESSION_DAA; + break; + case TSS_TPMCAP_PROP_MAXDAASESSIONS: + tcsSubCap = TPM_CAP_PROP_DAA_MAX; + break; + case TSS_TPMCAP_PROP_TISTIMEOUTS: + tcsSubCap = TPM_CAP_PROP_TIS_TIMEOUT; + break; + case TSS_TPMCAP_PROP_STARTUPEFFECTS: + tcsSubCap = TPM_CAP_PROP_STARTUP_EFFECT; + endianFlag = FALSE; + break; + case TSS_TPMCAP_PROP_MAXCONTEXTCOUNTDIST: + tcsSubCap = TPM_CAP_PROP_CONTEXT_DIST; + break; + case TSS_TPMCAP_PROP_CMKRESTRICTION: + tcsSubCap = TPM_CAP_PROP_CMK_RESTRICTION; + break; + case TSS_TPMCAP_PROP_DURATION: + tcsSubCap = TPM_CAP_PROP_DURATION; + break; + case TSS_TPMCAP_PROP_MAXNVAVAILABLE: + tcsSubCap = TPM_CAP_PROP_NV_AVAILABLE; + break; + case TSS_TPMCAP_PROP_INPUTBUFFERSIZE: + tcsSubCap = TPM_CAP_PROP_INPUT_BUFFER; + break; +#if 0 + /* There isn't a way to query the TPM for these, the TPMWG is considering how to + * address some of them in the next version of the TPM - KEY Oct 15, 2007*/ + case TSS_TPMCAP_PROP_MAXNVWRITE: + break; + case TSS_TPMCAP_PROP_REVISION: + break; + case TSS_TPMCAP_PROP_LOCALITIES_AVAIL: + break; + case TSS_TPMCAP_PROP_PCRMAP: + break; +#endif + default: + return TSPERR(TSS_E_BAD_PARAMETER); + } + break; + case TSS_TPMCAP_VERSION: /* Queries the current TPM version. */ + tcsCapArea = TCPA_CAP_VERSION; + endianFlag = FALSE; + break; + case TSS_TPMCAP_VERSION_VAL: /* Queries the current TPM version for 1.2 TPM device. */ + tcsCapArea = TPM_CAP_VERSION_VAL; + endianFlag = FALSE; + break; + case TSS_TPMCAP_MFR: + tcsCapArea = TPM_CAP_MFR; + endianFlag = FALSE; + break; + case TSS_TPMCAP_SYM_MODE: + if ((ulSubCapLength != sizeof(UINT32)) || !rgbSubCap) + return TSPERR(TSS_E_BAD_PARAMETER); + + tcsCapArea = TPM_CAP_SYM_MODE; + tcsSubCap = *(UINT32 *)rgbSubCap; + break; + case TSS_TPMCAP_HANDLE: + if ((ulSubCapLength != sizeof(UINT32)) || !rgbSubCap) + return TSPERR(TSS_E_BAD_PARAMETER); + + tcsCapArea = TPM_CAP_HANDLE; + tcsSubCap = *(UINT32 *)rgbSubCap; + break; + case TSS_TPMCAP_TRANS_ES: + if ((ulSubCapLength != sizeof(UINT32)) || !rgbSubCap) + return TSPERR(TSS_E_BAD_PARAMETER); + + tcsCapArea = TPM_CAP_TRANS_ES; + switch (*(UINT32 *)rgbSubCap) { + case TSS_ES_NONE: + tcsSubCap = TPM_ES_NONE; + break; + case TSS_ES_RSAESPKCSV15: + tcsSubCap = TPM_ES_RSAESPKCSv15; + break; + case TSS_ES_RSAESOAEP_SHA1_MGF1: + tcsSubCap = TPM_ES_RSAESOAEP_SHA1_MGF1; + break; + case TSS_ES_SYM_CNT: + tcsSubCap = TPM_ES_SYM_CNT; + break; + case TSS_ES_SYM_OFB: + tcsSubCap = TPM_ES_SYM_OFB; + break; + case TSS_ES_SYM_CBC_PKCS5PAD: + tcsSubCap = TPM_ES_SYM_CBC_PKCS5PAD; + break; + default: + tcsSubCap = *(UINT32 *)rgbSubCap; + break; + } + break; + default: + return TSPERR(TSS_E_BAD_PARAMETER); + break; + } + + if (fOwnerAuth) { + /* do an owner authorized get capability call */ + if ((result = get_tpm_flags(tspContext, hTPM, &volFlags, &nonVolFlags))) + return result; + + respLen = 2 * sizeof(UINT32); + respData = calloc_tspi(tspContext, respLen); + if (respData == NULL) { + LogError("malloc of %u bytes failed.", respLen); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + offset = 0; + Trspi_LoadBlob_UINT32(&offset, nonVolFlags, respData); + Trspi_LoadBlob_UINT32(&offset, volFlags, respData); + + *pulRespDataLength = respLen; + *prgbRespData = respData; + + return TSS_SUCCESS; + } + + tcsSubCap = endian32(tcsSubCap); + + if ((result = TCS_API(tspContext)->GetTPMCapability(tspContext, tcsCapArea, ulSubCapLength, + (BYTE *)&tcsSubCap, pulRespDataLength, + prgbRespData))) + return result; + + if (endianFlag) { + if (*pulRespDataLength == sizeof(UINT32)) + *(UINT32 *)(*prgbRespData) = endian32(*(UINT32 *)(*prgbRespData)); + else if (*pulRespDataLength == sizeof(UINT16)) + *(UINT32 *)(*prgbRespData) = endian16(*(UINT32 *)(*prgbRespData)); + } + + if ((result = __tspi_add_mem_entry(tspContext, *prgbRespData))) { + free(*prgbRespData); + *prgbRespData = NULL; + *pulRespDataLength = 0; + return result; + } + + return TSS_SUCCESS; +} + +TSS_RESULT +Tspi_TPM_GetCapabilitySigned(TSS_HTPM hTPM, /* in */ + TSS_HTPM hKey, /* in */ + TSS_FLAG capArea, /* in */ + UINT32 ulSubCapLength, /* in */ + BYTE * rgbSubCap, /* in */ + TSS_VALIDATION * pValidationData, /* in, out */ + UINT32 * pulRespDataLength, /* out */ + BYTE ** prgbRespData) /* out */ +{ + /* + * Function was found to have a vulnerability, so implementation is not + * required by the TSS 1.1b spec. + */ + return TSPERR(TSS_E_NOTIMPL); +} + diff --git a/src/tspi/tspi_certify.c b/src/tspi/tspi_certify.c new file mode 100644 index 0000000..795d2d4 --- /dev/null +++ b/src/tspi/tspi_certify.c @@ -0,0 +1,164 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +TSS_RESULT +Tspi_Key_CertifyKey(TSS_HKEY hKey, /* in */ + TSS_HKEY hCertifyingKey, /* in */ + TSS_VALIDATION * pValidationData) /* in, out */ +{ + TCPA_RESULT result; + TPM_AUTH certAuth; + TPM_AUTH keyAuth; + TCPA_DIGEST digest; + TCPA_NONCE antiReplay; + UINT32 CertifyInfoSize; + BYTE *CertifyInfo; + UINT32 outDataSize; + BYTE *outData; + TSS_HPOLICY hPolicy; + TSS_HPOLICY hCertPolicy; + TCS_KEY_HANDLE certifyTCSKeyHandle, keyTCSKeyHandle; + TSS_BOOL useAuthCert; + TSS_BOOL useAuthKey; + TPM_AUTH *pCertAuth = &certAuth; + TPM_AUTH *pKeyAuth = &keyAuth; + TSS_HCONTEXT tspContext; + Trspi_HashCtx hashCtx; + + + if ((result = obj_rsakey_get_tsp_context(hKey, &tspContext))) + return result; + + if ((result = obj_rsakey_get_policy(hKey, TSS_POLICY_USAGE, + &hPolicy, &useAuthKey))) + return result; + + if ((result = obj_rsakey_get_policy(hCertifyingKey, TSS_POLICY_USAGE, + &hCertPolicy, &useAuthCert))) + return result; + + if ((result = obj_rsakey_get_tcs_handle(hCertifyingKey, &certifyTCSKeyHandle))) + return result; + + if ((result = obj_rsakey_get_tcs_handle(hKey, &keyTCSKeyHandle))) + return result; + + if (pValidationData == NULL) { + LogDebug("Internal Verify"); + if ((result = get_local_random(tspContext, FALSE, sizeof(TCPA_NONCE), + (BYTE **)antiReplay.nonce))) + return result; + } else { + LogDebug("External Verify"); + if (pValidationData->ulExternalDataLength < sizeof(antiReplay.nonce)) + return TSPERR(TSS_E_BAD_PARAMETER); + + memcpy(antiReplay.nonce, pValidationData->rgbExternalData, + sizeof(antiReplay.nonce)); + } + + if (useAuthCert && !useAuthKey) + return TSPERR(TSS_E_BAD_PARAMETER); + + /* Setup the auths */ + if (useAuthCert || useAuthKey) { + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_CertifyKey); + result |= Trspi_HashUpdate(&hashCtx, sizeof(antiReplay.nonce), antiReplay.nonce); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + } + + if (useAuthKey) { + if ((result = secret_PerformAuth_OIAP(hKey, TPM_ORD_CertifyKey, hPolicy, FALSE, + &digest, &keyAuth))) + return result; + } else + pKeyAuth = NULL; + + if (useAuthCert) { + if ((result = secret_PerformAuth_OIAP(hCertifyingKey, TPM_ORD_CertifyKey, + hCertPolicy, FALSE, &digest, + &certAuth))) + return result; + } else + pCertAuth = NULL; + + /* XXX free CertifyInfo */ + if ((result = TCS_API(tspContext)->CertifyKey(tspContext, certifyTCSKeyHandle, + keyTCSKeyHandle, &antiReplay, pCertAuth, + pKeyAuth, &CertifyInfoSize, &CertifyInfo, + &outDataSize, &outData))) + return result; + + /* Validate auth */ + if (useAuthCert || useAuthKey) { + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_CertifyKey); + result |= Trspi_HashUpdate(&hashCtx, CertifyInfoSize, CertifyInfo); + result |= Trspi_Hash_UINT32(&hashCtx, outDataSize); + result |= Trspi_HashUpdate(&hashCtx, outDataSize, outData); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if (useAuthKey) + if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, &keyAuth))) + return result; + + if (useAuthCert) + if ((result = obj_policy_validate_auth_oiap(hCertPolicy, &digest, + &certAuth))) + return result; + } + + if (pValidationData == NULL) { + if ((result = Trspi_Hash(TSS_HASH_SHA1, CertifyInfoSize, CertifyInfo, + digest.digest))) + return result; + + if ((result = __tspi_rsa_verify(hCertifyingKey, TSS_HASH_SHA1, TPM_SHA1_160_HASH_LEN, + digest.digest, outDataSize, outData))) + return TSPERR(TSS_E_VERIFICATION_FAILED); + } else { + pValidationData->ulDataLength = CertifyInfoSize; + pValidationData->rgbData = calloc_tspi(tspContext, CertifyInfoSize); + if (pValidationData->rgbData == NULL) { + LogError("malloc of %u bytes failed.", CertifyInfoSize); + return TSPERR(TSS_E_OUTOFMEMORY); + } + memcpy(pValidationData->rgbData, CertifyInfo, CertifyInfoSize); + pValidationData->ulValidationDataLength = outDataSize; + pValidationData->rgbValidationData = calloc_tspi(tspContext, outDataSize); + if (pValidationData->rgbValidationData == NULL) { + LogError("malloc of %u bytes failed.", outDataSize); + return TSPERR(TSS_E_OUTOFMEMORY); + } + memcpy(pValidationData->rgbValidationData, outData, outDataSize); + } + + return TSS_SUCCESS; +} + diff --git a/src/tspi/tspi_changeauth.c b/src/tspi/tspi_changeauth.c new file mode 100644 index 0000000..1d6d8f1 --- /dev/null +++ b/src/tspi/tspi_changeauth.c @@ -0,0 +1,434 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" +#include "authsess.h" + +TSS_RESULT +Tspi_ChangeAuth(TSS_HOBJECT hObjectToChange, /* in */ + TSS_HOBJECT hParentObject, /* in */ + TSS_HPOLICY hNewPolicy) /* in */ +{ + UINT32 keyToChangeHandle; + TSS_RESULT result; + TSS_HCONTEXT tspContext; + + if ((result = obj_policy_get_tsp_context(hNewPolicy, &tspContext))) + return result; + + /* if the object to change is the TPM object, then the parent should + * be NULL. If the object to change is not the TPM, then the parent + * object must be either an rsakey or the TPM */ + if (obj_is_tpm(hObjectToChange)) { + if (hParentObject != NULL_HOBJECT) + return TSPERR(TSS_E_BAD_PARAMETER); + } else if (!obj_is_rsakey(hParentObject) && !obj_is_tpm(hParentObject)) { + return TSPERR(TSS_E_INVALID_HANDLE); + } + + if (obj_is_tpm(hObjectToChange)) { + if ((result = changeauth_owner(tspContext, hObjectToChange, NULL_HTPM, hNewPolicy))) + return result; + } else if (obj_is_rsakey(hObjectToChange)) { + if ((result = obj_rsakey_get_tcs_handle(hObjectToChange, &keyToChangeHandle))) + return result; + + if (keyToChangeHandle == TPM_KEYHND_SRK) { + if ((result = changeauth_srk(tspContext, hObjectToChange, hParentObject, + hNewPolicy))) + return result; + } else { + if ((result = changeauth_key(tspContext, hObjectToChange, hParentObject, + hNewPolicy))) + return result; + } + } else if (obj_is_encdata(hObjectToChange)) { + if ((result = changeauth_encdata(tspContext, hObjectToChange, hParentObject, + hNewPolicy))) + return result; + } else if (obj_is_policy(hObjectToChange) || obj_is_hash(hObjectToChange) || + obj_is_pcrs(hObjectToChange) || obj_is_context(hObjectToChange)) { + return TSPERR(TSS_E_BAD_PARAMETER); + } else { + return TSPERR(TSS_E_INVALID_HANDLE); + } + + if ((result = obj_policy_set_type(hNewPolicy, TSS_POLICY_USAGE))) + return result; + + return Tspi_Policy_AssignToObject(hNewPolicy, hObjectToChange); + +} + +TSS_RESULT +Tspi_ChangeAuthAsym(TSS_HOBJECT hObjectToChange, /* in */ + TSS_HOBJECT hParentObject, /* in */ + TSS_HKEY hIdentKey, /* in */ + TSS_HPOLICY hNewPolicy) /* in */ +{ +#if 0 + TPM_AUTH auth; + UINT64 offset; + BYTE hashBlob[0x1000]; + TCPA_DIGEST digest; + TCPA_RESULT result; + UINT32 keyHandle; + UINT32 idHandle; + TSS_HPOLICY hPolicy; + TSS_HPOLICY hParentPolicy; + UINT32 keyToChangeHandle; + TCPA_NONCE antiReplay; + UINT32 bytesRequested; + UINT64 tempSize; + BYTE tempKey[512]; + TCPA_KEY_PARMS keyParms; + /* XXX Wow... */ + BYTE ephParms[] = { 0, 0, 0x08, 0, 0, 0, 0, 0x02, 0, 0, 0, 0 }; + UINT32 KeySizeOut; + BYTE *KeyDataOut; + UINT32 CertifyInfoSize; + BYTE *CertifyInfo; + UINT32 sigSize; + BYTE *sig; + UINT32 ephHandle; + TPM_CHANGEAUTH_VALIDATE caValidate; + TCPA_SECRET newSecret, oldSecret; + BYTE seed[20]; + BYTE a1[256]; + UINT32 a1Size; + TSS_KEY ephemeralKey; + TCPA_DIGEST newAuthLink; + UINT32 encObjectSize; + BYTE *encObject = NULL; + UINT32 encDataSizeOut; + BYTE *encDataOut; + TCPA_NONCE saltNonce; + TCPA_DIGEST changeProof; + TSS_HPOLICY hOldPolicy; + UINT32 caValidSize; + UINT32 keyObjectSize; + BYTE *keyObject; + TSS_KEY keyContainer; + TCPA_STORED_DATA dataContainer; + BYTE *dataObject; + UINT32 dataObjectSize; + UINT16 entityType; + TSS_BOOL useAuth = TRUE; // XXX + TPM_AUTH *pAuth; + BYTE dataBlob[1024]; + TSS_HCONTEXT tspContext; + Trspi_HashCtx hashCtx; + + if ((result = obj_policy_get_tsp_context(hNewPolicy, &tspContext))) + return result; + + /* grab all of the needed handles */ + if ((result = obj_rsakey_get_tcs_handle(hIdentKey, &idHandle))) + return result; + + /* get the secret for the parent */ + if ((result = obj_rsakey_get_policy(hIdentKey, TSS_POLICY_USAGE, &hPolicy, &useAuth))) + return result; + + /* get the parent secret */ + if ((result = Tspi_GetPolicyObject(hParentObject, TSS_POLICY_USAGE, &hParentPolicy))) + return result; + + if (!obj_is_rsakey(hParentObject) && !obj_is_tpm(hParentObject)) + return TSPERR(TSS_E_INVALID_HANDLE); + + /* get the keyObject */ + if ((result = obj_rsakey_get_tcs_handle(hParentObject, &keyHandle))) + return result; + + if (obj_is_rsakey(hObjectToChange) || + obj_is_encdata(hObjectToChange)) { + + if ((result = obj_rsakey_get_tcs_handle(hObjectToChange, &keyToChangeHandle))) + return result; + + if (keyToChangeHandle == TPM_KEYHND_SRK) { + return TSPERR(TSS_E_BAD_PARAMETER); + } else { + /* generate container for ephemeral key */ + keyParms.algorithmID = 1; /* rsa */ + keyParms.encScheme = 3; + keyParms.sigScheme = 1; + keyParms.parmSize = 12; + keyParms.parms = malloc(12); + if (keyParms.parms == NULL) { + LogError("malloc of %d bytes failed.", 12); + return TSPERR(TSS_E_OUTOFMEMORY); + } + memcpy(keyParms.parms, ephParms, 12); + + tempSize = 0; + Trspi_LoadBlob_KEY_PARMS(&tempSize, tempKey, &keyParms); + + /* generate antireplay nonce */ + bytesRequested = 20; + if ((result = get_local_random(tspContext, FALSE, bytesRequested, + (BYTE **)antiReplay.nonce))) + return result; + + /* caluculate auth data */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_ChangeAuthAsymStart); + result |= Trspi_HashUpdate(&hashCtx, TCPA_SHA1_160_HASH_LEN, + antiReplay.nonce); + result |= Trspi_Hash_KEY_PARMS(&hashCtx, &keyParms); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if (useAuth) { + if ((result = secret_PerformAuth_OIAP(hIdentKey, + TPM_ORD_ChangeAuthAsymStart, + hPolicy, FALSE, &digest, + &auth))) + return result; + + pAuth = &auth; + } else { + pAuth = NULL; + } + + if ((result = TCSP_ChangeAuthAsymStart(tspContext, idHandle, antiReplay, + tempSize, tempKey, pAuth, + &KeySizeOut, &KeyDataOut, + &CertifyInfoSize, &CertifyInfo, + &sigSize, &sig, &ephHandle))) + return result; + + /* Validate the Auth's */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_ChangeAuthAsymStart); + result |= Trspi_HashUpdate(&hashCtx, CertifyInfoSize, CertifyInfo); + result |= Trspi_Hash_UINT32(&hashCtx, sigSize); + result |= Trspi_HashUpdate(&hashCtx, sigSize, sig); + result |= Trspi_Hash_UINT32(&hashCtx, ephHandle); + result |= Trspi_HashUpdate(&hashCtx, KeySizeOut, KeyDataOut); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if (useAuth) { + if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, + &auth))) + return result; + } + + /* generate random data for asymfinish */ + if ((result = get_local_random(tspContext, FALSE, bytesRequested, + (BYTE **)&caValidate.n1.nonce))) + return result; + + if ((result = get_local_random(tspContext, FALSE, bytesRequested, + (BYTE **)&antiReplay.nonce))) + return result; + + if ((result = get_local_random(tspContext, FALSE, bytesRequested, + (BYTE **)&seed))) + return result; + + if ((result = Tspi_GetPolicyObject(hObjectToChange, TSS_POLICY_USAGE, + &hOldPolicy))) + return result; + + if ((result = obj_policy_get_secret(hNewPolicy, TR_SECRET_CTX_NEW, + &newSecret))) + return result; + if ((result = obj_policy_get_secret(hOldPolicy, TR_SECRET_CTX_NOT_NEW, + &oldSecret))) + return result; + + /* Encrypt the ChangeAuthValidate structure with the + * ephemeral key */ + + memcpy(caValidate.newAuthSecret.authdata, newSecret.authdata, 20); + + offset = 0; + Trspi_LoadBlob_CHANGEAUTH_VALIDATE(&offset, hashBlob, &caValidate); + caValidSize = offset; + + offset = 0; + if ((result = UnloadBlob_TSS_KEY(&offset, KeyDataOut, &ephemeralKey))) + return result; + + Trspi_RSA_Encrypt(hashBlob, caValidSize, a1, &a1Size, + ephemeralKey.pubKey.key, + ephemeralKey.pubKey.keyLength); + + free_key_refs(&ephemeralKey); + + Trspi_HMAC(TSS_HASH_SHA1, 20, oldSecret.authdata, + 20, newSecret.authdata, + newAuthLink.digest); + + if (obj_is_rsakey(hObjectToChange)) { + if ((result = obj_rsakey_get_blob(hObjectToChange, + &keyObjectSize, &keyObject))) + return result; + + memset(&keyContainer, 0, sizeof(TSS_KEY)); + + offset = 0; + if ((result = UnloadBlob_TSS_KEY(&offset, + keyObject, + &keyContainer))) + return result; + + encObjectSize = keyContainer.encSize; + encObject = malloc(encObjectSize); + if (encObject == NULL) { + LogError("malloc of %d bytes failed.", + encObjectSize); + free_key_refs(&keyContainer); + return TSPERR(TSS_E_OUTOFMEMORY); + } + memcpy(encObject, keyContainer.encData, + encObjectSize); + entityType = TCPA_ET_KEY; + } else { + if ((result = obj_encdata_get_data(hObjectToChange, + &dataObjectSize, &dataObject))) + return result; + + offset = 0; + if ((result = Trspi_UnloadBlob_STORED_DATA(&offset, + dataObject, + &dataContainer))) + return result; + + encObjectSize = dataContainer.encDataSize; + encObject = malloc(encObjectSize); + if (encObject == NULL) { + LogError("malloc of %d bytes failed.", encObjectSize); + free(dataContainer.sealInfo); + free(dataContainer.encData); + return TSPERR(TSS_E_OUTOFMEMORY); + } + memcpy(encObject, dataContainer.encData, + encObjectSize); + entityType = TCPA_ET_DATA; + } + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_ChangeAuthAsymFinish); + result |= Trspi_Hash_UINT16(&hashCtx, entityType); + result |= Trspi_HashUpdate(&hashCtx, TCPA_SHA1_160_HASH_LEN, + newAuthLink.digest); + result |= Trspi_Hash_UINT32(&hashCtx, a1Size); + result |= Trspi_HashUpdate(&hashCtx, a1Size, a1); + result |= Trspi_Hash_UINT32(&hashCtx, encObjectSize); + result |= Trspi_HashUpdate(&hashCtx, encObjectSize, encObject); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if (useAuth) { + if ((result = secret_PerformAuth_OIAP(hParentObject, + TPM_ORD_ChangeAuthAsymFinish, + hParentPolicy, FALSE, + &digest, &auth))) { + free(encObject); + free_key_refs(&keyContainer); + return result; + } + pAuth = &auth; + } else { + pAuth = NULL; + } + + if ((result = TCSP_ChangeAuthAsymFinish(tspContext, keyHandle, ephHandle, + entityType, newAuthLink, a1Size, a1, + encObjectSize, encObject, pAuth, + &encDataSizeOut, &encDataOut, + &saltNonce, &changeProof))) { + free_key_refs(&keyContainer); + free(encObject); + return result; + } + + /* --- Validate the Auth's */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_ChangeAuthAsymFinish); + result |= Trspi_Hash_UINT32(&hashCtx, encDataSizeOut); + result |= Trspi_HashUpdate(&hashCtx, encDataSizeOut, encDataOut); + result |= Trspi_HashUpdate(&hashCtx, TCPA_SHA1_160_HASH_LEN, + saltNonce.nonce); + result |= Trspi_HashUpdate(&hashCtx, TCPA_SHA1_160_HASH_LEN, + changeProof.digest); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if (useAuth) { + if ((result = obj_policy_validate_auth_oiap(hParentPolicy, + &digest, + &auth))) { + free_key_refs(&keyContainer); + free(encObject); + return result; + } + } + + if (entityType == TCPA_ET_KEY || + entityType == TCPA_ET_KEYHANDLE) { + memcpy(keyContainer.encData, encDataOut, encDataSizeOut); + keyContainer.encSize = encDataSizeOut; + + offset = 0; + LoadBlob_TSS_KEY(&offset, keyObject, &keyContainer); + free_key_refs(&keyContainer); + if ((result = obj_rsakey_set_tcpakey(hObjectToChange, offset, + keyObject))) { + free(encObject); + return result; + } + } + + if (entityType == TCPA_ET_DATA) { + memcpy(dataContainer.encData, encDataOut, + encDataSizeOut); + dataContainer.encDataSize = encDataSizeOut; + + offset = 0; + Trspi_LoadBlob_STORED_DATA(&offset, dataBlob, + &dataContainer); + free(dataContainer.sealInfo); + free(dataContainer.encData); + obj_encdata_set_data(hObjectToChange, + offset, dataBlob); + } + } + } else + return TSPERR(TSS_E_BAD_PARAMETER); + + free(encObject); + + return Tspi_Policy_AssignToObject(hNewPolicy, hObjectToChange); +#else + return TSPERR(TSS_E_NOTIMPL); +#endif +} + diff --git a/src/tspi/tspi_cmk.c b/src/tspi/tspi_cmk.c new file mode 100644 index 0000000..6ced203 --- /dev/null +++ b/src/tspi/tspi_cmk.c @@ -0,0 +1,475 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "obj.h" +#include "tsplog.h" + + +TSS_RESULT +Tspi_TPM_CMKSetRestrictions(TSS_HTPM hTpm, /* in */ + TSS_CMK_DELEGATE CmkDelegate) /* in */ +{ + TSS_HCONTEXT hContext; + TSS_HPOLICY hPolicy; + Trspi_HashCtx hashCtx; + TPM_DIGEST digest; + TPM_AUTH ownerAuth; + TSS_RESULT result; + + if ((result = obj_tpm_get_tsp_context(hTpm, &hContext))) + return result; + + if ((result = obj_tpm_get_policy(hTpm, TSS_POLICY_USAGE, &hPolicy))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_CMK_SetRestrictions); + result |= Trspi_Hash_UINT32(&hashCtx, CmkDelegate); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if ((result = secret_PerformAuth_OIAP(hTpm, TPM_ORD_CMK_SetRestrictions, + hPolicy, FALSE, &digest, &ownerAuth))) + return result; + + if ((result = RPC_CMK_SetRestrictions(hContext, CmkDelegate, &ownerAuth))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_CMK_SetRestrictions); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, &ownerAuth))) + return result; + + return result; +} + +TSS_RESULT +Tspi_TPM_CMKApproveMA(TSS_HTPM hTpm, /* in */ + TSS_HMIGDATA hMaAuthData) /* in */ +{ + TSS_HCONTEXT hContext; + TSS_HPOLICY hPolicy; + UINT32 blobSize; + BYTE *blob; + TPM_DIGEST msaDigest; + TPM_HMAC msaHmac; + Trspi_HashCtx hashCtx; + TPM_DIGEST digest; + TPM_AUTH ownerAuth; + TSS_RESULT result; + + if ((result = obj_tpm_get_tsp_context(hTpm, &hContext))) + return result; + + if ((result = obj_tpm_get_policy(hTpm, TSS_POLICY_USAGE, &hPolicy))) + return result; + + if ((result = obj_migdata_get_msa_digest(hMaAuthData, &blobSize, &blob))) + return result; + memcpy(msaDigest.digest, blob, sizeof(msaDigest.digest)); + free_tspi(hContext, blob); + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_CMK_ApproveMA); + result |= Trspi_Hash_DIGEST(&hashCtx, msaDigest.digest); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if ((result = secret_PerformAuth_OIAP(hTpm, TPM_ORD_CMK_ApproveMA, + hPolicy, FALSE, &digest, &ownerAuth))) + return result; + + if ((result = RPC_CMK_ApproveMA(hContext, msaDigest, &ownerAuth, &msaHmac))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_CMK_ApproveMA); + result |= Trspi_Hash_HMAC(&hashCtx, msaHmac.digest); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, &ownerAuth))) + return result; + + if ((result = obj_migdata_set_msa_hmac(hMaAuthData, sizeof(msaHmac.digest), msaHmac.digest))) + return result; + + return result; +} + +TSS_RESULT +Tspi_TPM_CMKCreateTicket(TSS_HTPM hTpm, /* in */ + TSS_HKEY hVerifyKey, /* in */ + TSS_HMIGDATA hSigData) /* in */ +{ + TSS_HCONTEXT hContext; + TSS_HPOLICY hPolicy; + UINT32 pubKeySize; + BYTE *pubKey = NULL; + UINT32 blobSize; + BYTE *blob; + TPM_DIGEST sigData; + UINT32 sigSize; + BYTE *sig = NULL; + TPM_HMAC sigTicket; + Trspi_HashCtx hashCtx; + TPM_DIGEST digest; + TPM_AUTH ownerAuth; + TSS_RESULT result; + + if ((result = obj_tpm_get_tsp_context(hTpm, &hContext))) + return result; + + if ((result = obj_tpm_get_policy(hTpm, TSS_POLICY_USAGE, &hPolicy))) + return result; + + if ((result = obj_rsakey_get_pub_blob(hVerifyKey, &pubKeySize, &pubKey))) + return result; + + if ((result = obj_migdata_get_sig_data(hSigData, &blobSize, &blob))) + goto done; + memcpy(sigData.digest, blob, sizeof(sigData.digest)); + free_tspi(hContext, blob); + + if ((result = obj_migdata_get_sig_value(hSigData, &sigSize, &sig))) + goto done; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_CMK_CreateTicket); + result |= Trspi_HashUpdate(&hashCtx, pubKeySize, pubKey); + result |= Trspi_Hash_DIGEST(&hashCtx, sigData.digest); + result |= Trspi_Hash_UINT32(&hashCtx, sigSize); + result |= Trspi_HashUpdate(&hashCtx, sigSize, sig); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto done; + + if ((result = secret_PerformAuth_OIAP(hTpm, TPM_ORD_CMK_CreateTicket, + hPolicy, FALSE, &digest, &ownerAuth))) + goto done; + + if ((result = RPC_CMK_CreateTicket(hContext, pubKeySize, pubKey, sigData, sigSize, sig, + &ownerAuth, &sigTicket))) + goto done; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_CMK_CreateTicket); + result |= Trspi_Hash_HMAC(&hashCtx, sigTicket.digest); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto done; + + if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, &ownerAuth))) + goto done; + + if ((result = obj_migdata_set_sig_ticket(hSigData, sizeof(sigTicket.digest), sigTicket.digest))) + goto done; + +done: + free_tspi(hContext, pubKey); + free_tspi(hContext, sig); + + return result; +} + +TSS_RESULT +Tspi_Key_CMKCreateBlob(TSS_HKEY hKeyToMigrate, /* in */ + TSS_HKEY hParentKey, /* in */ + TSS_HMIGDATA hMigrationData, /* in */ + UINT32* pulRandomLength, /* out */ + BYTE** prgbRandom) /* out */ +{ + TSS_HCONTEXT hContext; + TSS_HPOLICY hPolicy; + TSS_BOOL usageAuth; + TCS_KEY_HANDLE tcsKeyHandle; + TSS_MIGRATE_SCHEME migScheme; + UINT32 migTicketSize; + BYTE *migTicket = NULL; + TPM_MIGRATIONKEYAUTH tpmMigKeyAuth; + UINT32 msaListSize, restrictTicketSize, sigTicketSize, blobSize; + BYTE *msaList = NULL, *restrictTicket = NULL, *blob = NULL; + BYTE *sigTicket = NULL; + UINT32 pubBlobSize; + BYTE *pubBlob = NULL; + TPM_DIGEST srcPubKeyDigest; + TSS_KEY tssKey; + UINT32 randomDataSize, outDataSize, newBlobSize; + BYTE *randomData = NULL, *outData = NULL, *newBlob = NULL; + Trspi_HashCtx hashCtx; + TPM_DIGEST digest; + TPM_AUTH parentAuth, *pAuth; + UINT64 offset; + TSS_RESULT result; + + memset(&tssKey, 0, sizeof(tssKey)); + + if (!pulRandomLength || !prgbRandom) + return TSPERR(TSS_E_BAD_PARAMETER); + + if (!obj_rsakey_is_cmk(hKeyToMigrate)) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_rsakey_get_tsp_context(hKeyToMigrate, &hContext))) + return result; + + if ((result = obj_rsakey_get_policy(hParentKey, TSS_POLICY_USAGE, &hPolicy, &usageAuth))) + return result; + + if ((result = obj_rsakey_get_tcs_handle(hParentKey, &tcsKeyHandle))) + return result; + + if ((result = obj_migdata_get_ticket_blob(hMigrationData, &migTicketSize, &migTicket))) + return result; + + /* Just to get the migration scheme... */ + offset = 0; + if ((result = Trspi_UnloadBlob_MIGRATIONKEYAUTH(&offset, migTicket, &tpmMigKeyAuth))) + goto done; + /* ... so free everything now */ + free(tpmMigKeyAuth.migrationKey.algorithmParms.parms); + free(tpmMigKeyAuth.migrationKey.pubKey.key); + migScheme = tpmMigKeyAuth.migrationScheme; + + if ((result = obj_rsakey_get_pub_blob(hKeyToMigrate, &pubBlobSize, &pubBlob))) + goto done; + if ((result = obj_migdata_calc_pubkey_digest(pubBlobSize, pubBlob, &srcPubKeyDigest))) + goto done; + + if ((result = obj_migdata_get_msa_list_blob(hMigrationData, &msaListSize, &msaList))) + goto done; + + if (tpmMigKeyAuth.migrationScheme == TPM_MS_RESTRICT_APPROVE_DOUBLE) { + if ((result = obj_migdata_get_cmk_auth_blob(hMigrationData, &restrictTicketSize, + &restrictTicket))) + goto done; + if ((result = obj_migdata_get_sig_ticket(hMigrationData, &sigTicketSize, + &sigTicket))) + goto done; + } else { + restrictTicketSize = 0; + sigTicketSize = 0; + } + + if ((result = obj_rsakey_get_blob(hKeyToMigrate, &blobSize, &blob))) + goto done; + + offset = 0; + if ((result = UnloadBlob_TSS_KEY(&offset, blob, &tssKey))) + goto done; + + if (usageAuth) { + pAuth = &parentAuth; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_CMK_CreateBlob); + result |= Trspi_Hash_UINT16(&hashCtx, migScheme); + result |= Trspi_HashUpdate(&hashCtx, migTicketSize, migTicket); + result |= Trspi_Hash_DIGEST(&hashCtx, srcPubKeyDigest.digest); + result |= Trspi_Hash_UINT32(&hashCtx, msaListSize); + result |= Trspi_HashUpdate(&hashCtx, msaListSize, msaList); + result |= Trspi_Hash_UINT32(&hashCtx, restrictTicketSize); + result |= Trspi_HashUpdate(&hashCtx, restrictTicketSize, restrictTicket); + result |= Trspi_Hash_UINT32(&hashCtx, sigTicketSize); + result |= Trspi_HashUpdate(&hashCtx, sigTicketSize, sigTicket); + result |= Trspi_Hash_UINT32(&hashCtx, tssKey.encSize); + result |= Trspi_HashUpdate(&hashCtx, tssKey.encSize, tssKey.encData); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto done; + + if ((result = secret_PerformAuth_OIAP(hParentKey, TPM_ORD_CMK_CreateBlob, + hPolicy, FALSE, &digest, pAuth))) + goto done; + } else + pAuth = NULL; + + if ((result = RPC_CMK_CreateBlob(hContext, tcsKeyHandle, migScheme, + migTicketSize, migTicket, srcPubKeyDigest, msaListSize, msaList, + restrictTicketSize, restrictTicket, sigTicketSize, sigTicket, + tssKey.encSize, tssKey.encData, pAuth, &randomDataSize, &randomData, + &outDataSize, &outData))) + goto done; + + if (pAuth) { + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_CMK_CreateBlob); + result |= Trspi_Hash_UINT32(&hashCtx, randomDataSize); + result |= Trspi_HashUpdate(&hashCtx, randomDataSize, randomData); + result |= Trspi_Hash_UINT32(&hashCtx, outDataSize); + result |= Trspi_HashUpdate(&hashCtx, outDataSize, outData); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto done; + } + + if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, pAuth))) + goto done; + + /* Create the migdata key blob */ + free(tssKey.encData); + tssKey.encSize = outDataSize; + tssKey.encData = outData; + /* Set outData to null since it will now be freed during key ref freeing */ + outData = NULL; + + offset = 0; + LoadBlob_TSS_KEY(&offset, NULL, &tssKey); + + newBlobSize = offset; + if ((newBlob = malloc(newBlobSize)) == NULL) { + LogError("malloc of %u bytes failed.", newBlobSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + offset = 0; + LoadBlob_TSS_KEY(&offset, newBlob, &tssKey); + + if ((result = obj_migdata_set_blob(hMigrationData, newBlobSize, newBlob))) + goto done; + + if ((*prgbRandom = calloc_tspi(hContext, randomDataSize)) == NULL) { + LogError("malloc of %u bytes failed.", randomDataSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + memcpy(*prgbRandom, randomData, randomDataSize); + *pulRandomLength = randomDataSize; + +done: + free_tspi(hContext, migTicket); + free_tspi(hContext, pubBlob); + free_tspi(hContext, msaList); + free_tspi(hContext, restrictTicket); + free_tspi(hContext, sigTicket); + free_tspi(hContext, blob); + free(randomData); + free(outData); + free(newBlob); + free_key_refs(&tssKey); + + return result; +} + +TSS_RESULT +Tspi_Key_CMKConvertMigration(TSS_HKEY hKeyToMigrate, /* in */ + TSS_HKEY hParentKey, /* in */ + TSS_HMIGDATA hMigrationData, /* in */ + UINT32 ulRandomLength, /* in */ + BYTE* rgbRandom) /* in */ +{ + TSS_HCONTEXT hContext; + TSS_HPOLICY hPolicy; + TSS_BOOL usageAuth; + TCS_KEY_HANDLE tcsKeyHandle; + TPM_CMK_AUTH restrictTicket; + UINT32 blobSize; + BYTE *blob; + TPM_HMAC sigTicket; + UINT32 migDataSize, msaListSize; + BYTE *migData = NULL, *msaList = NULL; + UINT32 outDataSize; + BYTE *outData = NULL; + Trspi_HashCtx hashCtx; + TPM_DIGEST digest; + TPM_AUTH parentAuth, *pAuth; + TSS_RESULT result; + + if ((result = obj_rsakey_get_tsp_context(hKeyToMigrate, &hContext))) + return result; + + if ((result = obj_rsakey_get_policy(hParentKey, TSS_POLICY_USAGE, &hPolicy, &usageAuth))) + return result; + + if ((result = obj_rsakey_get_tcs_handle(hParentKey, &tcsKeyHandle))) + return result; + + if ((result = obj_migdata_get_cmk_auth(hMigrationData, &restrictTicket))) + return result; + + if ((result = obj_migdata_get_sig_ticket(hMigrationData, &blobSize, &blob))) + return result; + memcpy(sigTicket.digest, blob, sizeof(sigTicket.digest)); + free_tspi(hContext, blob); + + if ((result = obj_migdata_get_blob(hMigrationData, &migDataSize, &migData))) + goto done; + + if ((result = obj_migdata_get_msa_list_blob(hMigrationData, &msaListSize, &msaList))) + goto done; + + if (usageAuth) { + pAuth = &parentAuth; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_CMK_ConvertMigration); + result |= Trspi_HashUpdate(&hashCtx, sizeof(restrictTicket), + (BYTE *)&restrictTicket); + result |= Trspi_Hash_HMAC(&hashCtx, sigTicket.digest); + result |= Trspi_HashUpdate(&hashCtx, migDataSize, migData); + result |= Trspi_Hash_UINT32(&hashCtx, msaListSize); + result |= Trspi_HashUpdate(&hashCtx, msaListSize, msaList); + result |= Trspi_Hash_UINT32(&hashCtx, ulRandomLength); + result |= Trspi_HashUpdate(&hashCtx, ulRandomLength, rgbRandom); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto done; + + if ((result = secret_PerformAuth_OIAP(hParentKey, TPM_ORD_CMK_ConvertMigration, + hPolicy, FALSE, &digest, pAuth))) + goto done; + } else + pAuth = NULL; + + if ((result = RPC_CMK_ConvertMigration(hContext, tcsKeyHandle, restrictTicket, sigTicket, + migDataSize, migData, msaListSize, msaList, ulRandomLength, rgbRandom, + pAuth, &outDataSize, &outData))) + goto done; + + if (pAuth) { + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_CMK_ConvertMigration); + result |= Trspi_Hash_UINT32(&hashCtx, outDataSize); + result |= Trspi_HashUpdate(&hashCtx, outDataSize, outData); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto done; + } + + if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, pAuth))) + goto done; + + /* Set the key object to the now migrated key */ + if ((result = obj_rsakey_set_tcpakey(hKeyToMigrate, migDataSize, migData))) + goto done; + if ((result = obj_rsakey_set_privkey(hKeyToMigrate, TRUE, outDataSize, outData))) + goto done; + result = obj_rsakey_set_tcs_handle(hKeyToMigrate, 0); + +done: + free_tspi(hContext, migData); + free_tspi(hContext, msaList); + free(outData); + + return result; +} + diff --git a/src/tspi/tspi_context.c b/src/tspi/tspi_context.c new file mode 100644 index 0000000..c935a28 --- /dev/null +++ b/src/tspi/tspi_context.c @@ -0,0 +1,381 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "tcs_tsp.h" +#include "tspps.h" +#include "hosttable.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "obj.h" + + +TSS_RESULT +Tspi_Context_Create(TSS_HCONTEXT * phContext) /* out */ +{ + if (phContext == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + return obj_context_add(phContext); +} + +TSS_RESULT +Tspi_Context_Close(TSS_HCONTEXT tspContext) /* in */ +{ + if (!obj_is_context(tspContext)) + return TSPERR(TSS_E_INVALID_HANDLE); + + obj_context_close(tspContext); + + /* Have the TCS do its thing */ + RPC_CloseContext(tspContext); + + /* Note: Memory that was returned to the app that was alloc'd by this + * context isn't free'd here. Any memory that the app doesn't explicitly + * free is left for it to free itself. */ + + /* Destroy all objects */ + obj_close_context(tspContext); + + Tspi_Context_FreeMemory(tspContext, NULL); + + /* close the ps file */ + PS_close(); + + /* We're not a connected context, so just exit */ + return TSS_SUCCESS; +} + +TSS_RESULT +Tspi_Context_Connect(TSS_HCONTEXT tspContext, /* in */ + TSS_UNICODE *wszDestination) /* in */ +{ + TSS_RESULT result; + BYTE *machine_name = NULL; + TSS_HOBJECT hTpm; + UINT32 string_len = 0; + + + if (wszDestination == NULL) { + if ((result = obj_context_get_machine_name(tspContext, + &string_len, + &machine_name))) + return result; + + if ((result = RPC_OpenContext(tspContext, machine_name, + CONNECTION_TYPE_TCP_PERSISTANT))) + return result; + } else { + if ((machine_name = + Trspi_UNICODE_To_Native((BYTE *)wszDestination, NULL)) == NULL) { + LogError("Error converting hostname to UTF-8"); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + if ((result = RPC_OpenContext(tspContext, machine_name, + CONNECTION_TYPE_TCP_PERSISTANT))) + return result; + + if ((result = obj_context_set_machine_name(tspContext, machine_name, + strlen((char *)machine_name)+1))) + return result; + } + + if ((obj_tpm_add(tspContext, &hTpm))) + return TSPERR(TSS_E_INTERNAL_ERROR); + + return TSS_SUCCESS; +} + +TSS_RESULT +Tspi_Context_FreeMemory(TSS_HCONTEXT tspContext, /* in */ + BYTE * rgbMemory) /* in */ +{ + if (!obj_is_context(tspContext)) + return TSPERR(TSS_E_INVALID_HANDLE); + + return free_tspi(tspContext, rgbMemory); +} + +TSS_RESULT +Tspi_Context_GetDefaultPolicy(TSS_HCONTEXT tspContext, /* in */ + TSS_HPOLICY * phPolicy) /* out */ +{ + if (phPolicy == NULL ) + return TSPERR(TSS_E_BAD_PARAMETER); + + if (!obj_is_context(tspContext)) + return TSPERR(TSS_E_INVALID_HANDLE); + + return obj_context_get_policy(tspContext, TSS_POLICY_USAGE, phPolicy); +} + +TSS_RESULT +Tspi_Context_CreateObject(TSS_HCONTEXT tspContext, /* in */ + TSS_FLAG objectType, /* in */ + TSS_FLAG initFlags, /* in */ + TSS_HOBJECT * phObject) /* out */ +{ + TSS_RESULT result; + + if (phObject == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if (!obj_is_context(tspContext)) + return TSPERR(TSS_E_INVALID_HANDLE); + + switch (objectType) { + case TSS_OBJECT_TYPE_POLICY: + switch (initFlags) { +#ifdef TSS_BUILD_TSS12 + case TSS_POLICY_OPERATOR: + /* fall through */ +#endif + case TSS_POLICY_MIGRATION: + /* fall through */ + case TSS_POLICY_USAGE: + break; + default: + return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG); + } + + result = obj_policy_add(tspContext, initFlags, phObject); + break; +#ifdef TSS_BUILD_RSAKEY_LIST + case TSS_OBJECT_TYPE_RSAKEY: + /* If other flags are set that disagree with the SRK, this will + * help catch that conflict in the later steps */ + if (initFlags & TSS_KEY_TSP_SRK) { + initFlags |= (TSS_KEY_TYPE_STORAGE | TSS_KEY_NOT_MIGRATABLE | + TSS_KEY_NON_VOLATILE | TSS_KEY_SIZE_2048); + } + + /* Set default key flags */ + + /* Default key size = 2k */ + if ((initFlags & TSS_KEY_SIZE_MASK) == 0) + initFlags |= TSS_KEY_SIZE_2048; + + /* Default key type = storage */ + if ((initFlags & TSS_KEY_TYPE_MASK) == 0) + initFlags |= TSS_KEY_TYPE_STORAGE; + + /* Check the key flags */ + switch (initFlags & TSS_KEY_SIZE_MASK) { + case TSS_KEY_SIZE_512: + /* fall through */ + case TSS_KEY_SIZE_1024: + /* fall through */ + case TSS_KEY_SIZE_2048: + /* fall through */ + case TSS_KEY_SIZE_4096: + /* fall through */ + case TSS_KEY_SIZE_8192: + /* fall through */ + case TSS_KEY_SIZE_16384: + break; + default: + return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG); + } + + switch (initFlags & TSS_KEY_TYPE_MASK) { + case TSS_KEY_TYPE_STORAGE: + /* fall through */ + case TSS_KEY_TYPE_SIGNING: + /* fall through */ + case TSS_KEY_TYPE_BIND: + /* fall through */ + case TSS_KEY_TYPE_AUTHCHANGE: + /* fall through */ + case TSS_KEY_TYPE_LEGACY: + /* fall through */ + case TSS_KEY_TYPE_IDENTITY: + break; + default: + return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG); + } + + result = obj_rsakey_add(tspContext, initFlags, phObject); + break; +#endif +#ifdef TSS_BUILD_ENCDATA_LIST + case TSS_OBJECT_TYPE_ENCDATA: + switch (initFlags & TSS_ENCDATA_TYPE_MASK) { + case TSS_ENCDATA_LEGACY: + /* fall through */ + case TSS_ENCDATA_SEAL: + /* fall through */ + case TSS_ENCDATA_BIND: + break; + default: + return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG); + } + + result = obj_encdata_add(tspContext, (initFlags & TSS_ENCDATA_TYPE_MASK), phObject); + break; +#endif +#ifdef TSS_BUILD_PCRS_LIST + case TSS_OBJECT_TYPE_PCRS: + switch (initFlags) { + case TSS_PCRS_STRUCT_DEFAULT: + /* fall through */ + case TSS_PCRS_STRUCT_INFO: + /* fall through */ + case TSS_PCRS_STRUCT_INFO_LONG: + /* fall through */ + case TSS_PCRS_STRUCT_INFO_SHORT: + /* fall through */ + break; + default: + return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG); + } + + result = obj_pcrs_add(tspContext, initFlags, phObject); + break; +#endif +#ifdef TSS_BUILD_HASH_LIST + case TSS_OBJECT_TYPE_HASH: + switch (initFlags) { + case TSS_HASH_DEFAULT: + /* fall through */ + case TSS_HASH_SHA1: + /* fall through */ + case TSS_HASH_OTHER: + break; + default: + return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG); + } + + result = obj_hash_add(tspContext, initFlags, phObject); + break; +#endif +#ifdef TSS_BUILD_DAA + //case TSS_OBJECT_TYPE_DAA_CREDENTIAL: + case TSS_OBJECT_TYPE_DAA_CERTIFICATE: + if (initFlags & ~(0UL)) + return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG); + + result = obj_daacred_add(tspContext, phObject); + break; + case TSS_OBJECT_TYPE_DAA_ISSUER_KEY: + if (initFlags & ~(0UL)) + return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG); + + result = obj_daaissuerkey_add(tspContext, phObject); + break; + case TSS_OBJECT_TYPE_DAA_ARA_KEY: + if (initFlags & ~(0UL)) + return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG); + + result = obj_daaarakey_add(tspContext, phObject); + break; +#endif +#ifdef TSS_BUILD_NV + case TSS_OBJECT_TYPE_NV: + /* There are no valid flags for a NV object */ + if (initFlags & ~(0UL)) + return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG); + + result = obj_nvstore_add(tspContext, phObject); + break; +#endif +#ifdef TSS_BUILD_DELEGATION + case TSS_OBJECT_TYPE_DELFAMILY: + /* There are no valid flags for a DELFAMILY object */ + if (initFlags & ~(0UL)) + return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG); + + result = obj_delfamily_add(tspContext, phObject); + break; +#endif +#ifdef TSS_BUILD_CMK + case TSS_OBJECT_TYPE_MIGDATA: + /* There are no valid flags for a MIGDATA object */ + if (initFlags & ~(0UL)) + return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG); + + result = obj_migdata_add(tspContext, phObject); + break; +#endif + default: + LogDebug("Invalid Object type"); + return TSPERR(TSS_E_INVALID_OBJECT_TYPE); + break; + } + + return result; +} + +TSS_RESULT +Tspi_Context_CloseObject(TSS_HCONTEXT tspContext, /* in */ + TSS_HOBJECT hObject) /* in */ +{ + TSS_RESULT result; + + if (!obj_is_context(tspContext)) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (obj_is_pcrs(hObject)) { +#ifdef TSS_BUILD_PCRS_LIST + result = obj_pcrs_remove(hObject, tspContext); +#endif + } else if (obj_is_encdata(hObject)) { +#ifdef TSS_BUILD_ENCDATA_LIST + result = obj_encdata_remove(hObject, tspContext); +#endif + } else if (obj_is_hash(hObject)) { +#ifdef TSS_BUILD_HASH_LIST + result = obj_hash_remove(hObject, tspContext); +#endif + } else if (obj_is_rsakey(hObject)) { +#ifdef TSS_BUILD_RSAKEY_LIST + result = obj_rsakey_remove(hObject, tspContext); +#endif + } else if (obj_is_policy(hObject)) { + result = obj_policy_remove(hObject, tspContext); + } else if (obj_is_delfamily(hObject)) { +#ifdef TSS_BUILD_DELEGATION + result = obj_delfamily_remove(hObject, tspContext); +#endif + } else if (obj_is_migdata(hObject)) { +#ifdef TSS_BUILD_CMK + result = obj_migdata_remove(hObject, tspContext); +#endif + } else { + result = TSPERR(TSS_E_INVALID_HANDLE); + } + + return result; +} + +TSS_RESULT +Tspi_Context_GetTpmObject(TSS_HCONTEXT tspContext, /* in */ + TSS_HTPM * phTPM) /* out */ +{ + if (phTPM == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if (!obj_is_context(tspContext)) + return TSPERR(TSS_E_INVALID_HANDLE); + + return obj_tpm_get(tspContext, phTPM); +} + diff --git a/src/tspi/tspi_counter.c b/src/tspi/tspi_counter.c new file mode 100644 index 0000000..d494cc1 --- /dev/null +++ b/src/tspi/tspi_counter.c @@ -0,0 +1,48 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +TSS_RESULT +Tspi_TPM_ReadCounter(TSS_HTPM hTPM, /* in */ + UINT32* counterValue) /* out */ +{ + TSS_HCONTEXT tspContext; + TCPA_RESULT result; + TSS_COUNTER_ID counterID; + TPM_COUNTER_VALUE counter_value; + + if (counterValue == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + if ((result = obj_tpm_get_current_counter(hTPM, &counterID))) + return result; + + if ((result = TCS_API(tspContext)->ReadCounter(tspContext, counterID, &counter_value))) + return result; + + *counterValue = counter_value.counter; + + return TSS_SUCCESS; +} diff --git a/src/tspi/tspi_daa.c b/src/tspi/tspi_daa.c new file mode 100644 index 0000000..f68849c --- /dev/null +++ b/src/tspi/tspi_daa.c @@ -0,0 +1,698 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +//#include "trousers_types.h" +#include "spi_utils.h" +//#include "capabilities.h" +#include "tsplog.h" +//#include "tcs_tsp.h" +//#include "tspps.h" +//#include "hosttable.h" +//#include "tcsd_wrap.h" +//#include "tcsd.h" +#include "obj.h" +#include "daa/issuer.h" +#include "daa/platform.h" +#include "daa/verifier.h" +#include "daa/anonymity_revocation.h" + +#include "daa/key_correct.h" +#include "daa/issuer.h" + +// static TSS_HCONTEXT _hContext; + +static void *tss_alloc( size_t size, TSS_HOBJECT hContext) { + void *ret = calloc_tspi( hContext, size); + + LogDebug("[intern_alloc (%d)] -> %d", (int)size, (int)ret); + return ret; +} + +/* +static void *normal_malloc( size_t size, TSS_HOBJECT object) { + void *ret = malloc( size); + return ret; +} +*/ + +/** +This is the first out of 3 functions to execute in order to receive a DAA Credential. +It verifies the keys of the DAA Issuer and computes the TPM DAA public key. + +Parameters + - hDAA: Handle of the DAA object + - hTPM: Handle of the TPM object + - daaCounter: DAA counter + - issuerPk: Handle of the DAA Issuer public key + - issuerAuthPKsLength: Length of the array of issuerAuthPKs + - issuerAuthPKs:Handle of an array of RSA public keys (key chain) of the DAA Issuer used + to authenticate the DAA Issuer public key. The size of the modulus + must be TPM_DAA_SIZE_issuerModulus (256) + - issuerAuthPKSignaturesLength:Length of the array of issuerAuthPKSignatures. It is equal + to issuerAuthPKsLength . The length of an element of the array is + TPM_DAA_SIZE_issuerModulus (256) + - issuerAuthPKSignatures: An array of byte arrays representing signatures on the modulus + of the above key chain (issuerAuthPKs) in more details, the array has the + following content (S(K[1],K[0]),S(K[2],N[1]),..S(K[ k ],K[n-1]), + S(TPM_DAA_ISSUER,K[ k ])), where S(msg,privateKey) denotes + the signature function with msg being signed by the privateKey. + - capitalUprimeLength: Length of capitalUprime which is ln/8. ln is defined as the size of the RSA modulus (2048). + - capitalUprime: U? + - identityProof: This structure contains the endorsement, platform and conformance credential. + - joinSession: This structure contains DAA Join session information. +*/ +#if 0 +TSPICALL +Tspi_TPM_DAA_JoinInit(TSS_HDAA hDAA, // in + TSS_HTPM hTPM, // in + UINT32 daaCounter, // in + TSS_HDAA_DATA issuerPk, // in + UINT32 issuerAuthPKsLength, // in + TSS_HKEY* issuerAuthPKs, // in + UINT32 issuerAuthPKSignaturesLength, // in + BYTE** issuerAuthPKSignatures, // in + UINT32* capitalUprimeLength, // out + BYTE** capitalUprime, // out + TSS_DAA_IDENTITY_PROOF** identityProof, // out + TSS_DAA_JOIN_SESSION** joinSession) // out +{ + TSS_RESULT result; +#ifdef TSS_DEBUG + int before = mallinfo().uordblks; +#endif + + LogDebug("-> TSPI_TPM_DAA_joinInit hDAA=%x hTPM=%x daaCounter=%x issuerPk=%x", + (int)hDAA, (int)hTPM, daaCounter, (int)issuerPk); + result = Tspi_TPM_DAA_JoinInit_internal( + hDAA, + hTPM, + daaCounter, + (TSS_DAA_PK *)issuerPk, + issuerAuthPKsLength, + (RSA **)issuerAuthPKs, + issuerAuthPKSignaturesLength, + issuerAuthPKSignatures, + capitalUprimeLength, + capitalUprime, + identityProof, + joinSession); + bi_flush_memory(); + + LogDebug("TSPI_TPM_DAA_joinInit ALLOC DELTA:%d",mallinfo().uordblks-before); + LogDebug("<- TSPI_TPM_DAA_joinInit result=%d", result); + return result; +} +#else +TSS_RESULT +Tspi_TPM_DAA_JoinInit(TSS_HTPM hTPM, /* in */ + TSS_HDAA_ISSUER_KEY hIssuerKey, /* in */ + UINT32 daaCounter, /* in */ + UINT32 issuerAuthPKsLength, /* in */ + TSS_HKEY* issuerAuthPKs, /* in */ + UINT32 issuerAuthPKSignaturesLength, /* in */ + UINT32 issuerAuthPKSignaturesLength2, /* in */ + BYTE** issuerAuthPKSignatures, /* in */ + UINT32* capitalUprimeLength, /* out */ + BYTE** capitalUprime, /* out */ + TSS_DAA_IDENTITY_PROOF** identityProof, /* out */ + UINT32* joinSessionLength, /* out */ + BYTE** joinSession) /* out */ +{ + TSS_RESULT result; +#ifdef TSS_DEBUG + int before = mallinfo().uordblks; +#endif + + if (!capitalUprimeLength || !capitalUprime || !identityProof || !joinSessionLength || + !joinSession) + return TSPERR(TSS_E_BAD_PARAMETER); + + result = Tspi_TPM_DAA_JoinInit_internal(hTPM, hIssuerKey, daaCounter, issuerAuthPKsLength, + issuerAuthPKs, issuerAuthPKSignaturesLength, + issuerAuthPKSignaturesLength2, + issuerAuthPKSignatures, capitalUprimeLength, + capitalUprime, identityProof, joinSessionLength, + joinSession); + + bi_flush_memory(); + + LogDebug("TSPI_TPM_DAA_joinInit ALLOC DELTA:%d",mallinfo().uordblks-before); + LogDebug("<- TSPI_TPM_DAA_joinInit result=%d", result); + + return result; +} +#endif +/** +This function is part of the DAA Issuer component. It defines the generation of a DAA Issuer +public and secret key. Further it defines the generation of a non-interactive proof (using +the Fiat-Shamir heuristic) that the public keys were chosen correctly. The latter will guarantee +the security requirements of the platform (respectively, its user), i.e., that the privacy and +anonymity of signatures will hold. +The generation of the authentication keys of the DAA Issuer, which are used to authenticate +(main) DAA Issuer keys, is not defined by this function. +This is an optional function and does not require a TPM or a TCS. + +Parameters + - hDAA: Handle of the DAA object + - issuerBaseNameLength: Length of issuerBaseName + - issuerBaseName: Unique name of the DAA Issuer + - numberPlatformAttributes: Number of attributes that the Platform can choose and which + will not be visible to the Issuer. + - numberIssuerAttributes:Number of attributes that the Issuer can choose and which will + be visible to both the Platform and the Issuer. + - keyPair: Handle of the main DAA Issuer key pair (private and public portion) + - publicKeyProof:Handle of the proof of the main DAA Issuer public key +*/ +#if 0 +TSPICALL +Tspi_DAA_IssueSetup(TSS_HDAA hDAA, // in + UINT32 issuerBaseNameLength, // in + BYTE* issuerBaseName, // in + UINT32 numberPlatformAttributes, // in + UINT32 numberIssuerAttributes, // in + TSS_HDAA_DATA* keyPair, // out (TSS_KEY_PAIR) + TSS_HDAA_DATA* publicKeyProof) // out (TSS_DAA_PK_PROOF) +{ + TSS_RESULT result; + KEY_PAIR_WITH_PROOF_internal *key_proof; + TSS_DAA_KEY_PAIR *tss_daa_key_pair; + TSS_HCONTEXT hContext; +#ifdef TSS_DEBUG + int before = mallinfo().uordblks; +#endif + + LogDebug( "TSPI_DAA_IssueSetup hDAA=%d ",hDAA); + // TODO: lock access to _hContext + if ((result = obj_daa_get_tsp_context(hDAA, &hContext))) + return result; + result = generate_key_pair(numberIssuerAttributes, + numberPlatformAttributes, + issuerBaseNameLength, + issuerBaseName, + &key_proof); + if (result != TSS_SUCCESS) + return result; + LogDebug("TSPI_DAA_IssueSetup convert internal structure to public allocated using tspi_alloc"); + LogDebug("key_proof->proof->length_challenge=%d key_proof->proof->length_response=%d", + key_proof->proof->length_challenge, key_proof->proof->length_response); + // prepare out parameters + *publicKeyProof = i_2_e_TSS_DAA_PK_PROOF( key_proof->proof, &tss_alloc, hContext); + + tss_daa_key_pair = (TSS_DAA_KEY_PAIR *)tss_alloc( sizeof(TSS_DAA_KEY_PAIR), hContext); + if (tss_daa_key_pair == NULL) { + LogError("malloc of %d bytes failed", sizeof(TSS_DAA_KEY_PAIR)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + tss_daa_key_pair->private_key = i_2_e_TSS_DAA_PRIVATE_KEY( key_proof->private_key, + &tss_alloc, + hContext); + tss_daa_key_pair->public_key = i_2_e_TSS_DAA_PK( key_proof->pk, + &tss_alloc, + hContext); + *keyPair = (TSS_HKEY)tss_daa_key_pair; +close: + bi_flush_memory(); + + LogDebug("TSPI_DAA_IssueSetup ALLOC DELTA:%d", mallinfo().uordblks-before); + LogDebug( "TSPI_DAA_IssueSetup end return=%d ",result); + return result; +} +#else +TSS_RESULT +Tspi_DAA_Issuer_GenerateKey(TSS_HDAA_ISSUER_KEY hIssuerKey, // in + UINT32 issuerBaseNameLength, // in + BYTE* issuerBaseName) // in +{ + TSS_RESULT result; + KEY_PAIR_WITH_PROOF_internal *key_proof; + TSS_DAA_KEY_PAIR *tss_daa_key_pair; + TSS_HCONTEXT tspContext; + UINT32 numberPlatformAttributes, numberIssuerAttributes; +#ifdef TSS_DEBUG + int before = mallinfo().uordblks; +#endif + + if ((result = obj_daaissuerkey_get_tsp_context(hIssuerKey, &tspContext))) + return result; + + if ((result = obj_daaissuerkey_get_attribs(hIssuerKey, &numberIssuerAttributes, + &numberPlatformAttributes))) + return result; + + if ((result = generate_key_pair(numberIssuerAttributes, numberPlatformAttributes, + issuerBaseNameLength, issuerBaseName, &key_proof))) + return result; + + LogDebugFn("convert internal structure to public allocated using tspi_alloc"); + LogDebug("key_proof->proof->length_challenge=%d key_proof->proof->length_response=%d", + key_proof->proof->length_challenge, key_proof->proof->length_response); + + // prepare out parameters + *publicKeyProof = i_2_e_TSS_DAA_PK_PROOF( key_proof->proof, &tss_alloc, tspContext); + + tss_daa_key_pair = (TSS_DAA_KEY_PAIR *)tss_alloc( sizeof(TSS_DAA_KEY_PAIR), tspContext); + if (tss_daa_key_pair == NULL) { + LogError("malloc of %d bytes failed", sizeof(TSS_DAA_KEY_PAIR)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto close; + } + tss_daa_key_pair->private_key = i_2_e_TSS_DAA_PRIVATE_KEY( key_proof->private_key, + &tss_alloc, + tspContext); + tss_daa_key_pair->public_key = i_2_e_TSS_DAA_PK( key_proof->pk, + &tss_alloc, + tspContext); + *keyPair = (TSS_HKEY)tss_daa_key_pair; +close: + bi_flush_memory(); + + LogDebug("TSPI_DAA_IssueSetup ALLOC DELTA:%d", mallinfo().uordblks-before); + LogDebug( "TSPI_DAA_IssueSetup end return=%d ",result); + return result; +} +#endif +/** +This function is part of the DAA Issuer component. It's the first function out of 2 in order to +issue a DAA Credential for a TCG Platform. It assumes that the endorsement key and its +associated credentials are from a genuine and valid TPM. (Verification of the credentials is + a process defined by the TCG Infrastructure WG.) +This is an optional function and does not require a TPM or a TCS. +*/ +TSPICALL +Tspi_DAA_IssueInit(TSS_HDAA hDAA, // in + TSS_HKEY issuerAuthPK, // in + TSS_HDAA_DATA issuerKeyPair, // in (TSS_DAA_KEY_PAIR) + TSS_DAA_IDENTITY_PROOF* identityProof, // in + UINT32 capitalUprimeLength, // in + BYTE* capitalUprime, // in + UINT32 daaCounter, // in + UINT32* nonceIssuerLength, // out + BYTE** nonceIssuer, // out + UINT32* authenticationChallengeLength, // out + BYTE** authenticationChallenge, // out + TSS_DAA_JOIN_ISSUER_SESSION** joinSession) // out +{ + TSS_RESULT result; +#ifdef TSS_DEBUG + int before = mallinfo().uordblks; +#endif + + LogDebug("Tspi_DAA_IssueInit_internal hDAA=%d daaCounter=%d", (int)hDAA, (int)daaCounter); + result = Tspi_DAA_IssueInit_internal( + hDAA, // in + issuerAuthPK, // in + issuerKeyPair, // in + identityProof, // in + capitalUprimeLength, // in + capitalUprime, // in + daaCounter, // in + nonceIssuerLength, // out + nonceIssuer, // out + authenticationChallengeLength, // out + authenticationChallenge, // out + joinSession // out + ); + bi_flush_memory(); + + LogDebug("Tspi_DAA_IssueInit_internal ALLOC DELTA:%d", mallinfo().uordblks-before); + + return result; +} + +/** +This function verifies the DAA public key of a DAA Issuer with respect to its associated proof. +This is a resource consuming task. It can be done by trusted third party (certification). +This is an optional function and does not require a TPM or a TCS. +Parameters: + - hDAA: Handle of the DAA object + - issuerPk: DAA Issuer public key + - issuerPkProof: Proofs the correctness of the DAA Issuer public key + - isCorrect: Proofs the correctness of the DAA Issuer public key +*/ +TSPICALL +Tspi_DAA_IssuerKeyVerification(TSS_HDAA hDAA, // in + TSS_HDAA_DATA issuerPk, // in (TSS_DAA_PK) + TSS_HDAA_DATA issuerPkProof, // in (TSS_DAA_PK_PROOF) + TSS_BOOL* isCorrect) // out +{ + TSS_RESULT result; + int is_correct; +#ifdef TSS_DEBUG + int before = mallinfo().uordblks; +#endif + + LogDebug("TSPI_DAA_IssuerKeyVerification hDAA=%ld issuerPk=%ld issuerPkProof=%ld", + (long)hDAA, (long)issuerPk, (long)issuerPkProof); + TSS_DAA_PK_internal *pk_internal = e_2_i_TSS_DAA_PK( (TSS_DAA_PK *)issuerPk); + TSS_DAA_PK_PROOF_internal *proof_internal = e_2_i_TSS_DAA_PK_PROOF( issuerPkProof); + LogDebug( "challenge=[%s]", dump_byte_array( proof_internal->length_challenge, + proof_internal->challenge)); + result = is_pk_correct( pk_internal, proof_internal, &is_correct ); + if( is_correct) *isCorrect = TRUE; + else *isCorrect = FALSE; + bi_flush_memory(); +#ifdef TSS_DEBUG + LogDebug("TSPI_DAA_IssuerKeyVerification ALLOC DELTA:%d", mallinfo().uordblks-before); +#endif + return result; +} + +/** +This function is part of the DAA Issuer component. It?s the last function out of 2 in order to +issue DAA Credential for a TCG Platform. It detects rogue TPM according to published rogue +TPM DAA keys. +This is an optional function and does not require a TPM or a TCS. +*/ +TSPICALL +Tspi_DAA_IssueCredential(TSS_HDAA hDAA, // in + UINT32 attributesIssuerLength, // in + BYTE** attributesIssuer, // in + TSS_DAA_CREDENTIAL_REQUEST* credentialRequest, // in + TSS_DAA_JOIN_ISSUER_SESSION* joinSession, // in + TSS_DAA_CRED_ISSUER** credIssuer) // out +{ + TSS_RESULT result; +#ifdef TSS_DEBUG + int before = mallinfo().uordblks; +#endif + + LogDebug("Tspi_DAA_IssueCredential hDAA=%d attributesIssuerLength=%d", + (int)hDAA, + (int)attributesIssuerLength); + result = Tspi_DAA_IssueCredential_internal( + hDAA, + attributesIssuerLength, + attributesIssuer, + credentialRequest, + joinSession, + credIssuer + ); + bi_flush_memory(); +#ifdef TSS_DEBUG + LogDebug("Tspi_DAA_IssueCredential ALLOC DELTA:%d", mallinfo().uordblks-before); +#endif + return result; +} + + +/** +This function is part of the DAA Verifier component. It is the first function out of 2 in order +to verify a DAA credential of a TCG platform. It creates a challenge for the TCG platform.last +function out of 2 in order to issue a This is an optional function and does not require a +TPM or a TCS. +*/ +TSPICALL +Tspi_DAA_VerifyInit(TSS_HDAA hDAA, // in + UINT32* nonceVerifierLength, // out + BYTE** nonceVerifier, // out + UINT32* baseNameLength, // out + BYTE** baseName) // out +{ + TSS_RESULT result; +#ifdef TSS_DEBUG + int before = mallinfo().uordblks; +#endif + + // TODO which interface to use ? with or without baseName ? + LogDebug("Tspi_DAA_VerifyInit hDAA=%d", (int)hDAA); + result = Tspi_DAA_VerifyInit_internal( hDAA, + nonceVerifierLength, + nonceVerifier, + baseNameLength, + baseName); + bi_flush_memory(); +#ifdef TSS_DEBUG + LogDebug("Tspi_DAA_VerifyInit ALLOC DELTA:%d", mallinfo().uordblks-before); +#endif + return result; +} + + +/** +This function is part of the DAA Verifier component. It is the last function out of 2 in +order to verify a DAA Credential of a TCG Platform. It verifies the DAA credential and +detects public rogue TPMs. This is an optional function and does not require a TPM +or a TCS. +*/ +TSPICALL +Tspi_DAA_VerifySignature(TSS_HDAA hDAA, // in + TSS_DAA_SIGNATURE* daaSignature, // in + TSS_HDAA_DATA hPubKeyIssuer, // in (TSS_DAA_PK) + TSS_DAA_SIGN_DATA* signData, // in + UINT32 attributesLength, // in + BYTE** attributes, // in + UINT32 nonceVerifierLength,// in + BYTE* nonceVerifier, // in + UINT32 baseNameLength, // in + BYTE* baseName, // in + TSS_BOOL* isCorrect) // out +{ + TSS_RESULT result; +#ifdef TSS_DEBUG + int before = mallinfo().uordblks; +#endif + + LogDebug("Tspi_DAA_VerifySignature hDAA=%d", (int)hDAA); + result = Tspi_DAA_VerifySignature_internal( hDAA, + daaSignature, + hPubKeyIssuer, + signData, + attributesLength, + attributes, + nonceVerifierLength, + nonceVerifier, + baseNameLength, + baseName, + isCorrect); + bi_flush_memory(); +#ifdef TSS_DEBUG + LogDebug("Tspi_DAA_VerifySignature ALLOC DELTA:%d", mallinfo().uordblks-before); +#endif + return result; +} + + +/** +This function is part of the DAA Issuer component. It is the last function out of 2 in +order to issue a DAA Credential for a TCG Platform. It detects rogue TPM according +to published rogue TPM DAA keys. +This is an optional function and does not require a TPM or a TCS. + +Parameters + - hDAA: Handle of the DAA object + - daaPublicKey: daaPublickKey + - keyPair: Public and private key of the DAA Anonymity Revocation Authority to encrypt + the pseudonym of a DAA Signature +*/ +TSPICALL +Tspi_DAA_RevokeSetup(TSS_HDAA hDAA, // in + TSS_HDAA_DATA daaPublicKey, // in + TSS_HDAA_DATA* arPublicKey, // out (TSS_DAA_AR_PK) + TSS_HDAA_DATA* arPrivateKey) // out (TSS_DAA_AR_SK) +{ + TSS_RESULT result; +#ifdef TSS_DEBUG + int before = mallinfo().uordblks; +#endif + + result = Tspi_DAA_RevokeSetup_internal( + hDAA, // in +//TODO: remove cast when the above interface is changed + daaPublicKey, // in + keyPair // out + ); + bi_flush_memory(); +#ifdef TSS_DEBUG + LogDebug("Tspi_DAA_RevokeSetup ALLOC DELTA:%d", mallinfo().uordblks-before); +#endif + return TSS_SUCCESS; +} + + +/** +This function is part of the DAA Anonymity Revocation Authority component. It defines the +Cramer-Shoup decryption algorithm to revoke the anonymity of a DAA Signature. The pseudonym, +with respect to either the DAA Verifier?s base name, the DAA Issuer?s base name or (just for +completeness) a random base name, can be revealed. +The pseudonym with respect to a DAA Signature and the used base name is V N . An encryption of +V N is the tuple (d1,d 2 ,d 3,d 4 ) and is decrypted using the secret key ( 0 5 x ,?, x ), the +decryption condition and the DAA public key. +This is an optional function and does not require a TPM or a TCS. + +Parameters: + - hDAA: Handle of the DAA object + - encryptedPseudonym: encryptedPseudonym + - decryptCondition: Condition for the decryption of the pseudonym. + - arPrivateKey: arPrivateKey + - daaPublicKey: daaPublicKey + - pseudonym: pseudonym +*/ +TSPICALL +Tspi_DAA_ARDecrypt(TSS_HDAA hDAA, // in + TSS_DAA_PSEUDONYM_ENCRYPTED* encryptedPseudonym, // in + TSS_HHASH decryptCondition, // in + TSS_HDAA_DATA arPrivateKey, // in (TSS_DAA_AR_SK) + TSS_HDAA_DATA daaPublicKey, // in (TSS_DAA_PK) + TSS_DAA_PSEUDONYM_PLAIN** pseudonym) // out +{ + TSS_RESULT result; +#ifdef TSS_DEBUG + int before = mallinfo().uordblks; +#endif + + result = Tspi_DAA_ARDecrypt_internal( + hDAA, // in + encryptedPseudonym, // in + decryptCondition, // in +//TODO: remove cast when the above interface is changed + (void *)arPrivateKey, // in + (void *)daaPublicKey, // in + pseudonym // out + ); + bi_flush_memory(); +#ifdef TSS_DEBUG + LogDebug("Tspi_DAA_ARDecrypt ALLOC DELTA:%d", mallinfo().uordblks-before); +#endif + return result; +} + +/** +This is the second out of 3 functions to execute in order to receive a DAA Credential. It +computes the credential request for the DAA Issuer, which also includes the Platform +DAA public key and the attributes that were chosen by the Platform, and which are not +visible to the DAA Issuer. The Platform can commit to the attribute values it has chosen. +*/ +TSPICALL +Tspi_TPM_DAA_JoinCreateDaaPubKey(TSS_HDAA hDAA, // in + TSS_HTPM hTPM, // in + UINT32 authenticationChallengeLength,// in + BYTE* authenticationChallenge, // in + UINT32 nonceIssuerLength, // in + BYTE* nonceIssuer, // in + UINT32 attributesPlatformLength, // in + BYTE** attributesPlatform, // in + TSS_DAA_JOIN_SESSION* joinSession, // in, out + TSS_DAA_CREDENTIAL_REQUEST** credentialRequest) // out +{ + TSS_RESULT result; +#ifdef TSS_DEBUG + int before = mallinfo().uordblks; +#endif + + LogDebug("Tspi_TPM_DAA_JoinCreateDaaPubKey hDAA=%d joinSession=%d", + (int)hDAA, (int)joinSession); + result = Tspi_TPM_DAA_JoinCreateDaaPubKey_internal( + hDAA, // in + hTPM, // in + authenticationChallengeLength, // in + authenticationChallenge, // in + nonceIssuerLength, // in + nonceIssuer, // in + attributesPlatformLength, // in + attributesPlatform, // in + joinSession, // in, out + credentialRequest // out + ); + bi_flush_memory(); +#ifdef TSS_DEBUG + LogDebug("Tspi_TPM_DAA_JoinCreateDaaPubKey ALLOC DELTA:%d", mallinfo().uordblks-before); +#endif + return result; +} + + +/** +This is the last out of 3 functions to execute in order to receive a DAA Credential. +It verifies the issued credential from the DAA Issuer and computes the final DAA Credential. +*/ +TSPICALL +Tspi_TPM_DAA_JoinStoreCredential(TSS_HDAA hDAA, // in + TSS_HTPM hTPM, // in + TSS_DAA_CRED_ISSUER* credIssuer, // in + TSS_DAA_JOIN_SESSION* joinSession, // in + TSS_HDAA_DATA* phDaaCredential) // out (TSS_DAA_CREDENTIAL) +{ + TSS_RESULT result; +#ifdef TSS_DEBUG + int before = mallinfo().uordblks; +#endif + + LogDebug("Tspi_TPM_DAA_JoinStoreCredential hDAA=%d credIssuer=%d joinSession=%d", + (int)hDAA, (int)&credIssuer, (int)&joinSession); + result = Tspi_TPM_DAA_JoinStoreCredential_internal(hDAA, + hTPM, + credIssuer, + joinSession, + phDaaCredential); + bi_flush_memory(); +#ifdef TSS_DEBUG + LogDebug("Tspi_TPM_DAA_JoinStoreCredential ALLOC DELTA:%d", mallinfo().uordblks-before); +#endif + return result; +} + + +/** +This function creates a DAA Signature that proofs ownership of the DAA Credential and +includes a signature on either a public AIK or a message. +If anonymity revocation is enabled, the value Nv is not provided in the clear anymore but +encrypted under the public key of anonymity revocation authority, a trusted third party (TTP). +Thus the DAA Verifier cannot check for revocation or link a transaction/signature to prior ones. +Depending on how z is chosen, the protocol either allows to implementing anonymity revocation +(i.e., using the DAA Issuer long-term base name bsn I as the DAA Verifier base name bsnV ), or +having the TTP doing the linking of different signatures for the same DAA Verifier (i.e., +using the DAA Verifier base name ). +*/ +TSPICALL +Tspi_TPM_DAA_Sign(TSS_HDAA hDAA, // in + TSS_HTPM hTPM, // in + TSS_HDAA_DATA hDaaCredential, // in (TSS_DAA_CREDENTIAL) + TSS_DAA_SELECTED_ATTRIB* revealAttributes, // in + UINT32 verifierBaseNameLength, // in + BYTE* verifierBaseName, // in + UINT32 verifierNonceLength, // in + BYTE* verifierNonce, // in + TSS_DAA_SIGN_DATA* signData, // in + TSS_DAA_SIGNATURE** daaSignature) // out +{ + TSS_RESULT result; +#ifdef TSS_DEBUG + int before = mallinfo().uordblks; +#endif + + LogDebug("-> TSPI_TPM_DAA_Sign hDAA=%ld hTPM=%ld ", (long)hDAA, (long)hTPM); + + result = Tspi_TPM_DAA_Sign_internal(hDAA, + hTPM, + hDaaCredential, + revealAttributes, + verifierBaseNameLength, + verifierBaseName, + verifierNonceLength, + verifierNonce, + signData, + daaSignature); + bi_flush_memory(); +#ifdef TSS_DEBUG + LogDebug("TSPI_TPM_DAA_joinInit ALLOC DELTA:%d", mallinfo().uordblks-before); +#endif + LogDebug("<- TSPI_TPM_DAA_joinInit result=%d", result); + return result; +} diff --git a/src/tspi/tspi_delegate.c b/src/tspi/tspi_delegate.c new file mode 100644 index 0000000..c8fcb6a --- /dev/null +++ b/src/tspi/tspi_delegate.c @@ -0,0 +1,470 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "obj.h" +#include "tsp_delegate.h" +#include "tsplog.h" + + +TSS_RESULT +Tspi_TPM_Delegate_AddFamily(TSS_HTPM hTpm, /* in, must not be NULL */ + BYTE bLabel, /* in */ + TSS_HDELFAMILY* phFamily) /* out */ +{ + TPM_FAMILY_ID familyID = 0; + UINT32 outDataSize; + BYTE *outData = NULL; + UINT64 offset; + TSS_RESULT result; + + if (phFamily == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + *phFamily = NULL_HDELFAMILY; + + if ((result = do_delegate_manage(hTpm, familyID, TPM_FAMILY_CREATE, sizeof(bLabel), &bLabel, + &outDataSize, &outData))) + return result; + + offset = 0; + Trspi_UnloadBlob_UINT32(&offset, &familyID, outData); + + /* Create or update the delfamily object */ + if ((result = update_delfamily_object(hTpm, familyID))) + goto done; + + obj_delfamily_find_by_familyid(hTpm, familyID, phFamily); + if (*phFamily == NULL_HDELFAMILY) + result = TSPERR(TSS_E_INTERNAL_ERROR); + +done: + free(outData); + + return result; +} + +TSS_RESULT +Tspi_TPM_Delegate_GetFamily(TSS_HTPM hTpm, /* in, must not NULL */ + UINT32 ulFamilyID, /* in */ + TSS_HDELFAMILY* phFamily) /* out */ +{ + TSS_RESULT result; + + if (phFamily == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + *phFamily = NULL_HDELFAMILY; + + /* Update the delfamily object */ + if ((result = update_delfamily_object(hTpm, ulFamilyID))) + return result; + + obj_delfamily_find_by_familyid(hTpm, ulFamilyID, phFamily); + if (*phFamily == NULL_HDELFAMILY) + result = TSPERR(TSS_E_BAD_PARAMETER); + + return result; +} + +TSS_RESULT +Tspi_TPM_Delegate_InvalidateFamily(TSS_HTPM hTpm, /* in, must not be NULL */ + TSS_HDELFAMILY hFamily) /* in */ +{ + TPM_FAMILY_ID familyID; + UINT32 outDataSize; + BYTE *outData = NULL; + TSS_RESULT result; + + if ((result = obj_delfamily_get_familyid(hFamily, &familyID))) + return result; + + if ((result = do_delegate_manage(hTpm, familyID, TPM_FAMILY_INVALIDATE, 0, NULL, + &outDataSize, &outData))) + return result; + + /* Delete the delfamily object */ + result = obj_delfamily_remove(hFamily, hTpm); + + free(outData); + + return result; +} + +TSS_RESULT +Tspi_TPM_Delegate_CreateDelegation(TSS_HOBJECT hObject, /* in */ + BYTE bLabel, /* in */ + UINT32 ulFlags, /* in */ + TSS_HPCRS hPcrs, /* in */ + TSS_HDELFAMILY hFamily, /* in */ + TSS_HPOLICY hDelegation) /* in, out */ +{ + TSS_RESULT result; + + if (obj_is_tpm(hObject)) { + if ((result = create_owner_delegation(hObject, bLabel, ulFlags, hPcrs, hFamily, + hDelegation))) + return result; + } else if (obj_is_rsakey(hObject)) { + if ((result = create_key_delegation(hObject, bLabel, ulFlags, hPcrs, hFamily, + hDelegation))) + return result; + } else + return TSPERR(TSS_E_INVALID_HANDLE); + + return TSS_SUCCESS; +} + +TSS_RESULT +Tspi_TPM_Delegate_CacheOwnerDelegation(TSS_HTPM hTpm, /* in */ + TSS_HPOLICY hDelegation, /* in */ + UINT32 ulIndex, /* in */ + UINT32 ulFlags) /* in */ +{ + TSS_HCONTEXT hContext; + TSS_HPOLICY hPolicy; + UINT32 blobSize; + BYTE *blob = NULL; + UINT32 secretMode = TSS_SECRET_MODE_NONE; + Trspi_HashCtx hashCtx; + TCPA_DIGEST digest; + TPM_AUTH ownerAuth, *pAuth; + TSS_RESULT result; + + if ((result = obj_tpm_get_tsp_context(hTpm, &hContext))) + return result; + + if ((result = obj_tpm_get_policy(hTpm, TSS_POLICY_USAGE, &hPolicy))) + return result; + + if ((result = obj_policy_get_delegation_blob(hDelegation, TSS_DELEGATIONTYPE_OWNER, + &blobSize, &blob))) + return result; + + if (ulFlags & ~TSS_DELEGATE_CACHEOWNERDELEGATION_OVERWRITEEXISTING) { + result = TSPERR(TSS_E_BAD_PARAMETER); + goto done; + } + + if ((ulFlags & TSS_DELEGATE_CACHEOWNERDELEGATION_OVERWRITEEXISTING) == 0) { + TPM_DELEGATE_PUBLIC public; + + /* Verify there is nothing occupying the specified row */ + result = get_delegate_index(hContext, ulIndex, &public); + if (result == TSS_SUCCESS) { + free(public.pcrInfo.pcrSelection.pcrSelect); + result = TSPERR(TSS_E_DELFAMILY_ROWEXISTS); + goto done; + } + } + + if (hPolicy != NULL_HPOLICY) { + if ((result = obj_policy_get_mode(hPolicy, &secretMode))) + goto done; + } + + if (secretMode != TSS_SECRET_MODE_NONE) { + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_Delegate_LoadOwnerDelegation); + result |= Trspi_Hash_UINT32(&hashCtx, ulIndex); + result |= Trspi_Hash_UINT32(&hashCtx, blobSize); + result |= Trspi_HashUpdate(&hashCtx, blobSize, blob); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto done; + + pAuth = &ownerAuth; + if ((result = secret_PerformAuth_OIAP(hTpm, TPM_ORD_Delegate_LoadOwnerDelegation, + hPolicy, FALSE, &digest, pAuth))) + goto done; + } else + pAuth = NULL; + + if ((result = TCS_API(hContext)->Delegate_LoadOwnerDelegation(hContext, ulIndex, blobSize, + blob, pAuth))) + goto done; + + if (pAuth) { + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_Delegate_LoadOwnerDelegation); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto done; + + if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, pAuth))) + goto done; + } + + result = obj_policy_set_delegation_index(hDelegation, ulIndex); + +done: + free_tspi(hContext, blob); + + return result; +} + +TSS_RESULT +Tspi_TPM_Delegate_UpdateVerificationCount(TSS_HTPM hTpm, /* in */ + TSS_HPOLICY hDelegation) /* in, out */ +{ + TSS_HCONTEXT hContext; + TSS_HPOLICY hPolicy; + UINT32 secretMode = TSS_SECRET_MODE_NONE; + Trspi_HashCtx hashCtx; + TCPA_DIGEST digest; + TPM_AUTH ownerAuth, *pAuth; + TSS_BOOL indexSet; + UINT32 inputSize; + BYTE *input = NULL; + UINT32 outputSize; + BYTE *output = NULL; + UINT64 offset; + TSS_RESULT result; + + if ((result = obj_tpm_get_tsp_context(hTpm, &hContext))) + return result; + + if ((result = obj_tpm_get_policy(hTpm, TSS_POLICY_USAGE, &hPolicy))) + return result; + + if (hPolicy != NULL_HPOLICY) { + if ((result = obj_policy_get_mode(hPolicy, &secretMode))) + goto done; + } + + if ((result = obj_policy_is_delegation_index_set(hDelegation, &indexSet))) + return result; + if (indexSet) { + UINT32 index; + + if ((result = obj_policy_get_delegation_index(hDelegation, &index))) + return result; + inputSize = sizeof(UINT32); + input = calloc_tspi(hContext, inputSize); + if (!input) { + LogError("malloc of %zd bytes failed.", sizeof(UINT32)); + return TSPERR(TSS_E_OUTOFMEMORY); + } + offset = 0; + Trspi_LoadBlob_UINT32(&offset, index, input); + } else { + if ((result = obj_policy_get_delegation_blob(hDelegation, 0, + &inputSize, &input))) + return result; + } + + if (secretMode != TSS_SECRET_MODE_NONE) { + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_Delegate_UpdateVerification); + result |= Trspi_Hash_UINT32(&hashCtx, inputSize); + result |= Trspi_HashUpdate(&hashCtx, inputSize, input); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto done; + + pAuth = &ownerAuth; + if ((result = secret_PerformAuth_OIAP(hTpm, TPM_ORD_Delegate_UpdateVerification, + hPolicy, FALSE, &digest, pAuth))) + goto done; + } else + pAuth = NULL; + + if ((result = TCS_API(hContext)->Delegate_UpdateVerificationCount(hContext, inputSize, + input, pAuth, &outputSize, + &output))) + goto done; + + if (pAuth) { + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_Delegate_UpdateVerification); + result |= Trspi_Hash_UINT32(&hashCtx, outputSize); + result |= Trspi_HashUpdate(&hashCtx, outputSize, output); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto done; + + if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, pAuth))) + goto done; + } + + result = obj_policy_set_delegation_blob(hDelegation, 0, outputSize, output); + +done: + free_tspi(hContext, input); + free(output); + + return result; +} + +TSS_RESULT +Tspi_TPM_Delegate_VerifyDelegation(TSS_HPOLICY hDelegation) /* in, out */ +{ + TSS_HCONTEXT hContext; + UINT32 delegateSize; + BYTE *delegate = NULL; + TSS_RESULT result; + + if ((result = obj_policy_get_tsp_context(hDelegation, &hContext))) + return result; + + if ((result = obj_policy_get_delegation_blob(hDelegation, 0, &delegateSize, &delegate))) + return result; + + result = TCS_API(hContext)->Delegate_VerifyDelegation(hContext, delegateSize, delegate); + + free_tspi(hContext, delegate); + + return result; +} + +TSS_RESULT +Tspi_TPM_Delegate_ReadTables(TSS_HCONTEXT hContext, /* in */ + UINT32* pulFamilyTableSize, /* out */ + TSS_FAMILY_TABLE_ENTRY** ppFamilyTable, /* out */ + UINT32* pulDelegateTableSize, /* out */ + TSS_DELEGATION_TABLE_ENTRY** ppDelegateTable) /* out */ +{ + UINT32 tpmFamilyTableSize, tpmDelegateTableSize; + BYTE *tpmFamilyTable = NULL, *tpmDelegateTable = NULL; + TPM_FAMILY_TABLE_ENTRY tpmFamilyEntry; + TSS_FAMILY_TABLE_ENTRY tssFamilyEntry, *tssFamilyTable = NULL; + UINT32 tssFamilyTableSize = 0; + TPM_DELEGATE_PUBLIC tpmDelegatePublic; + TSS_DELEGATION_TABLE_ENTRY tssDelegateEntry, *tssDelegateTable = NULL; + UINT32 tssDelegateTableSize = 0; + UINT32 tableIndex; + UINT64 tpmOffset; + UINT64 tssOffset; + TSS_RESULT result; + + if (!pulFamilyTableSize || !ppFamilyTable || !pulDelegateTableSize || !ppDelegateTable) + return TSPERR(TSS_E_BAD_PARAMETER); + + if (!obj_is_context(hContext)) + return TSPERR(TSS_E_INVALID_HANDLE); + + if ((result = TCS_API(hContext)->Delegate_ReadTable(hContext, &tpmFamilyTableSize, + &tpmFamilyTable, &tpmDelegateTableSize, + &tpmDelegateTable))) + return result; + + if (tpmFamilyTableSize > 0) { + /* Create the TSS_FAMILY_TABLE_ENTRY array */ + for (tpmOffset = 0, tssOffset = 0; tpmOffset < tpmFamilyTableSize;) { + Trspi_UnloadBlob_TPM_FAMILY_TABLE_ENTRY(&tpmOffset, tpmFamilyTable, + &tpmFamilyEntry); + + /* No pointers in the family table entries, so no + assignments required before doing LoadBlob */ + Trspi_LoadBlob_TSS_FAMILY_TABLE_ENTRY(&tssOffset, NULL, &tssFamilyEntry); + } + + if ((tssFamilyTable = calloc_tspi(hContext, tssOffset)) == NULL) { + LogError("malloc of %" PRIu64 " bytes failed.", tssOffset); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + for (tpmOffset = 0, tssOffset = 0; tpmOffset < tpmFamilyTableSize; tssFamilyTableSize++) { + Trspi_UnloadBlob_TPM_FAMILY_TABLE_ENTRY(&tpmOffset, tpmFamilyTable, + &tpmFamilyEntry); + + tssFamilyEntry.familyID = tpmFamilyEntry.familyID; + tssFamilyEntry.label = tpmFamilyEntry.label.label; + tssFamilyEntry.verificationCount = tpmFamilyEntry.verificationCount; + tssFamilyEntry.enabled = + (tpmFamilyEntry.flags & TPM_FAMFLAG_ENABLE) ? TRUE : FALSE; + tssFamilyEntry.locked = + (tpmFamilyEntry.flags & TPM_FAMFLAG_DELEGATE_ADMIN_LOCK) ? TRUE : FALSE; + Trspi_LoadBlob_TSS_FAMILY_TABLE_ENTRY(&tssOffset, (BYTE *)tssFamilyTable, + &tssFamilyEntry); + } + } + + if (tpmDelegateTableSize > 0) { + /* Create the TSS_DELEGATION_TABLE_ENTRY array */ + for (tpmOffset = 0, tssOffset = 0; tpmOffset < tpmDelegateTableSize;) { + Trspi_UnloadBlob_UINT32(&tpmOffset, &tableIndex, tpmDelegateTable); + if ((result = Trspi_UnloadBlob_TPM_DELEGATE_PUBLIC(&tpmOffset, tpmDelegateTable, + &tpmDelegatePublic))) { + free_tspi(hContext, tssFamilyTable); + goto done; + } + + /* Some pointers in the delegate table entries, so + do some assignments before doing LoadBlob */ + tssDelegateEntry.pcrInfo.sizeOfSelect = + tpmDelegatePublic.pcrInfo.pcrSelection.sizeOfSelect; + tssDelegateEntry.pcrInfo.selection = + tpmDelegatePublic.pcrInfo.pcrSelection.pcrSelect; + tssDelegateEntry.pcrInfo.sizeOfDigestAtRelease = + sizeof(tpmDelegatePublic.pcrInfo.digestAtRelease.digest); + tssDelegateEntry.pcrInfo.digestAtRelease = + tpmDelegatePublic.pcrInfo.digestAtRelease.digest; + Trspi_LoadBlob_TSS_DELEGATION_TABLE_ENTRY(&tssOffset, NULL, + &tssDelegateEntry); + + free(tpmDelegatePublic.pcrInfo.pcrSelection.pcrSelect); + } + + if ((tssDelegateTable = calloc_tspi(hContext, tssOffset)) == NULL) { + LogError("malloc of %" PRIu64 " bytes failed.", tssOffset); + free_tspi(hContext, tssFamilyTable); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + for (tpmOffset = 0, tssOffset = 0; tpmOffset < tpmDelegateTableSize; tssDelegateTableSize++) { + Trspi_UnloadBlob_UINT32(&tpmOffset, &tableIndex, tpmDelegateTable); + if ((result = Trspi_UnloadBlob_TPM_DELEGATE_PUBLIC(&tpmOffset, + tpmDelegateTable, &tpmDelegatePublic))) { + free_tspi(hContext, tssFamilyTable); + free_tspi(hContext, tssDelegateTable); + goto done; + } + + tssDelegateEntry.tableIndex = tableIndex; + tssDelegateEntry.label = tpmDelegatePublic.label.label; + tssDelegateEntry.pcrInfo.sizeOfSelect = + tpmDelegatePublic.pcrInfo.pcrSelection.sizeOfSelect; + tssDelegateEntry.pcrInfo.selection = + tpmDelegatePublic.pcrInfo.pcrSelection.pcrSelect; + tssDelegateEntry.pcrInfo.localityAtRelease = + tpmDelegatePublic.pcrInfo.localityAtRelease; + tssDelegateEntry.pcrInfo.sizeOfDigestAtRelease = + sizeof(tpmDelegatePublic.pcrInfo.digestAtRelease.digest); + tssDelegateEntry.pcrInfo.digestAtRelease = + tpmDelegatePublic.pcrInfo.digestAtRelease.digest; + tssDelegateEntry.per1 = tpmDelegatePublic.permissions.per1; + tssDelegateEntry.per2 = tpmDelegatePublic.permissions.per2; + tssDelegateEntry.familyID = tpmDelegatePublic.familyID; + tssDelegateEntry.verificationCount = tpmDelegatePublic.verificationCount; + Trspi_LoadBlob_TSS_DELEGATION_TABLE_ENTRY(&tssOffset, + (BYTE *)tssDelegateTable, &tssDelegateEntry); + + free(tpmDelegatePublic.pcrInfo.pcrSelection.pcrSelect); + } + } + + *ppFamilyTable = tssFamilyTable; + *pulFamilyTableSize = tssFamilyTableSize; + *ppDelegateTable = tssDelegateTable; + *pulDelegateTableSize = tssDelegateTableSize; + +done: + free(tpmFamilyTable); + free(tpmDelegateTable); + + return result; +} + diff --git a/src/tspi/tspi_dir.c b/src/tspi/tspi_dir.c new file mode 100644 index 0000000..10c0c38 --- /dev/null +++ b/src/tspi/tspi_dir.c @@ -0,0 +1,105 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +TSS_RESULT +Tspi_TPM_DirWrite(TSS_HTPM hTPM, /* in */ + UINT32 ulDirIndex, /* in */ + UINT32 ulDirDataLength, /* in */ + BYTE * rgbDirData) /* in */ +{ + TSS_HCONTEXT tspContext; + TCPA_RESULT result; + TPM_AUTH auth; + TCPA_DIGEST hashDigest; + TSS_HPOLICY hPolicy; + TCPA_DIRVALUE dirValue = { { 0 } }; + Trspi_HashCtx hashCtx; + + if (rgbDirData == NULL && ulDirDataLength != 0) + return TSPERR(TSS_E_BAD_PARAMETER); + + if (ulDirDataLength > (UINT32)sizeof(TCPA_DIRVALUE)) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + if ((result = obj_tpm_get_policy(hTPM, TSS_POLICY_USAGE, &hPolicy))) + return result; + + memcpy((BYTE *)&dirValue, rgbDirData, ulDirDataLength); + + /* hash to be used for the OIAP calc */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_DirWriteAuth); + result |= Trspi_Hash_UINT32(&hashCtx, ulDirIndex); + result |= Trspi_HashUpdate(&hashCtx, (UINT32)sizeof(TCPA_DIRVALUE), (BYTE *)&dirValue); + if ((result |= Trspi_HashFinal(&hashCtx, hashDigest.digest))) + return result; + + /* hashDigest now has the hash result */ + if ((result = secret_PerformAuth_OIAP(hTPM, TPM_ORD_DirWriteAuth, hPolicy, FALSE, + &hashDigest, &auth))) + return result; + + if ((result = TCS_API(tspContext)->DirWriteAuth(tspContext, ulDirIndex, &dirValue, &auth))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_DirWriteAuth); + if ((result |= Trspi_HashFinal(&hashCtx, hashDigest.digest))) + return result; + + return obj_policy_validate_auth_oiap(hPolicy, &hashDigest, &auth); +} + +TSS_RESULT +Tspi_TPM_DirRead(TSS_HTPM hTPM, /* in */ + UINT32 ulDirIndex, /* in */ + UINT32 * pulDirDataLength, /* out */ + BYTE ** prgbDirData) /* out */ +{ + TCPA_DIRVALUE dirValue; + TSS_RESULT result; + TSS_HCONTEXT tspContext; + + if (pulDirDataLength == NULL || prgbDirData == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + if ((result = TCS_API(tspContext)->DirRead(tspContext, ulDirIndex, &dirValue))) + return result; + + *pulDirDataLength = 20; + *prgbDirData = calloc_tspi(tspContext, *pulDirDataLength); + if (*prgbDirData == NULL) { + LogError("malloc of %d bytes failed.", *pulDirDataLength); + return TSPERR(TSS_E_OUTOFMEMORY); + } + memcpy(*prgbDirData, dirValue.digest, *pulDirDataLength); + return TSS_SUCCESS; +} diff --git a/src/tspi/tspi_ek.c b/src/tspi/tspi_ek.c new file mode 100644 index 0000000..d1b2065 --- /dev/null +++ b/src/tspi/tspi_ek.c @@ -0,0 +1,438 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +TSS_RESULT +Tspi_TPM_CreateEndorsementKey(TSS_HTPM hTPM, /* in */ + TSS_HKEY hKey, /* in */ + TSS_VALIDATION * pValidationData) /* in, out */ +{ + TCPA_NONCE antiReplay; + TCPA_DIGEST digest; + TSS_RESULT result; + UINT32 ekSize; + BYTE *ek; + TSS_KEY dummyKey; + UINT64 offset; + TCPA_DIGEST hash; + UINT32 newEKSize; + BYTE *newEK; + TSS_HCONTEXT tspContext; + TCPA_PUBKEY pubEK; + Trspi_HashCtx hashCtx; + + memset(&pubEK, 0, sizeof(TCPA_PUBKEY)); + memset(&dummyKey, 0, sizeof(TSS_KEY)); + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + if ((result = obj_rsakey_get_blob(hKey, &ekSize, &ek))) + return result; + + offset = 0; + if ((result = UnloadBlob_TSS_KEY(&offset, ek, &dummyKey))) + return result; + + offset = 0; + Trspi_LoadBlob_KEY_PARMS(&offset, ek, &dummyKey.algorithmParms); + free_key_refs(&dummyKey); + ekSize = offset; + + if (pValidationData == NULL) { + if ((result = get_local_random(tspContext, FALSE, sizeof(TCPA_NONCE), + (BYTE **)antiReplay.nonce))) { + LogError("Failed to create random nonce"); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + } else { + if (pValidationData->ulExternalDataLength < sizeof(antiReplay.nonce)) + return TSPERR(TSS_E_BAD_PARAMETER); + + memcpy(antiReplay.nonce, pValidationData->rgbExternalData, + sizeof(antiReplay.nonce)); + } + + if ((result = TCS_API(tspContext)->CreateEndorsementKeyPair(tspContext, antiReplay, ekSize, + ek, &newEKSize, &newEK, + &digest))) + return result; + + if (pValidationData == NULL) { + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_HashUpdate(&hashCtx, newEKSize, newEK); + result |= Trspi_HashUpdate(&hashCtx, TCPA_SHA1_160_HASH_LEN, antiReplay.nonce); + if ((result |= Trspi_HashFinal(&hashCtx, hash.digest))) + goto done; + + if (memcmp(hash.digest, digest.digest, TCPA_SHA1_160_HASH_LEN)) { + LogError("Internal verification failed"); + result = TSPERR(TSS_E_EK_CHECKSUM); + goto done; + } + } else { + pValidationData->rgbData = calloc_tspi(tspContext, newEKSize); + if (pValidationData->rgbData == NULL) { + LogError("malloc of %u bytes failed.", newEKSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + pValidationData->ulDataLength = newEKSize; + memcpy(pValidationData->rgbData, newEK, newEKSize); + memcpy(&pValidationData->rgbData[ekSize], antiReplay.nonce, + sizeof(antiReplay.nonce)); + + pValidationData->rgbValidationData = calloc_tspi(tspContext, + TCPA_SHA1_160_HASH_LEN); + if (pValidationData->rgbValidationData == NULL) { + LogError("malloc of %d bytes failed.", TCPA_SHA1_160_HASH_LEN); + free_tspi(tspContext, pValidationData->rgbData); + pValidationData->rgbData = NULL; + pValidationData->ulDataLength = 0; + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + pValidationData->ulValidationDataLength = TCPA_SHA1_160_HASH_LEN; + memcpy(pValidationData->rgbValidationData, digest.digest, TCPA_SHA1_160_HASH_LEN); + } + + if ((result = obj_rsakey_set_pubkey(hKey, FALSE, newEK)) && pValidationData) { + free_tspi(tspContext, pValidationData->rgbValidationData); + free_tspi(tspContext, pValidationData->rgbData); + pValidationData->rgbData = NULL; + pValidationData->ulDataLength = 0; + pValidationData->rgbValidationData = NULL; + pValidationData->ulValidationDataLength = 0; + } + +done: + free(newEK); + + return result; +} + +TSS_RESULT +Tspi_TPM_GetPubEndorsementKey(TSS_HTPM hTPM, /* in */ + TSS_BOOL fOwnerAuthorized, /* in */ + TSS_VALIDATION *pValidationData, /* in, out */ + TSS_HKEY *phEndorsementPubKey) /* out */ +{ + TCPA_DIGEST digest; + TSS_RESULT result; + UINT64 offset; + UINT32 pubEKSize; + BYTE *pubEK; + TCPA_NONCE antiReplay; + TCPA_DIGEST checkSum; + TSS_HOBJECT retKey; + TSS_HCONTEXT tspContext; + TCPA_PUBKEY pubKey; + Trspi_HashCtx hashCtx; + + memset(&pubKey, 0, sizeof(TCPA_PUBKEY)); + + if (phEndorsementPubKey == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + if (fOwnerAuthorized) + return owner_get_pubek(tspContext, hTPM, phEndorsementPubKey); + + if (pValidationData == NULL) { + if ((result = get_local_random(tspContext, FALSE, sizeof(TCPA_NONCE), + (BYTE **)antiReplay.nonce))) { + LogDebug("Failed to generate random nonce"); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + } else { + if (pValidationData->ulExternalDataLength < sizeof(antiReplay.nonce)) + return TSPERR(TSS_E_BAD_PARAMETER); + + memcpy(antiReplay.nonce, pValidationData->rgbExternalData, + sizeof(antiReplay.nonce)); + } + + /* call down to the TPM */ + if ((result = TCS_API(tspContext)->ReadPubek(tspContext, antiReplay, &pubEKSize, &pubEK, + &checkSum))) + return result; + + /* validate the returned hash, or set up the return so that the user can */ + if (pValidationData == NULL) { + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_HashUpdate(&hashCtx, pubEKSize, pubEK); + result |= Trspi_HashUpdate(&hashCtx, TPM_SHA1_160_HASH_LEN, antiReplay.nonce); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto done; + + /* check validation of the entire pubkey structure */ + if (memcmp(digest.digest, checkSum.digest, TPM_SHA1_160_HASH_LEN)) { + /* validation failed, unload the pubEK in order to hash + * just the pubKey portion of the pubEK. This is done on + * Atmel chips specifically. + */ + offset = 0; + memset(&pubKey, 0, sizeof(TCPA_PUBKEY)); + if ((result = Trspi_UnloadBlob_PUBKEY(&offset, pubEK, &pubKey))) + goto done; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_HashUpdate(&hashCtx, pubKey.pubKey.keyLength, + pubKey.pubKey.key); + result |= Trspi_HashUpdate(&hashCtx, TPM_SHA1_160_HASH_LEN, + antiReplay.nonce); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto done; + + if (memcmp(digest.digest, checkSum.digest, TCPA_SHA1_160_HASH_LEN)) { + result = TSPERR(TSS_E_EK_CHECKSUM); + goto done; + } + } + } else { + /* validate the entire TCPA_PUBKEY structure */ + pValidationData->ulDataLength = pubEKSize + TCPA_SHA1_160_HASH_LEN; + pValidationData->rgbData = calloc_tspi(tspContext, + pValidationData->ulDataLength); + if (pValidationData->rgbData == NULL) { + LogError("malloc of %u bytes failed.", + pValidationData->ulDataLength); + pValidationData->ulDataLength = 0; + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + memcpy(pValidationData->rgbData, pubEK, pubEKSize); + memcpy(&pValidationData->rgbData[pubEKSize], antiReplay.nonce, + TCPA_SHA1_160_HASH_LEN); + + pValidationData->ulValidationDataLength = TCPA_SHA1_160_HASH_LEN; + pValidationData->rgbValidationData = calloc_tspi(tspContext, + TCPA_SHA1_160_HASH_LEN); + if (pValidationData->rgbValidationData == NULL) { + LogError("malloc of %d bytes failed.", TCPA_SHA1_160_HASH_LEN); + pValidationData->ulValidationDataLength = 0; + pValidationData->ulDataLength = 0; + free_tspi(tspContext,pValidationData->rgbData); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + memcpy(pValidationData->rgbValidationData, checkSum.digest, + TPM_SHA1_160_HASH_LEN); + } + + if ((result = obj_rsakey_add(tspContext, TSS_KEY_SIZE_2048|TSS_KEY_TYPE_LEGACY, &retKey))) + goto done; + + if ((result = obj_rsakey_set_pubkey(retKey, TRUE, pubEK))) + goto done; + + *phEndorsementPubKey = retKey; + +done: + free(pubEK); + return result; +} + +#ifdef TSS_BUILD_TSS12 +TSS_RESULT +Tspi_TPM_CreateRevocableEndorsementKey(TSS_HTPM hTPM, /* in */ + TSS_HKEY hKey, /* in */ + TSS_VALIDATION * pValidationData,/* in, out */ + UINT32 * pulEkResetDataLength, /* in, out */ + BYTE ** prgbEkResetData) /* in, out */ +{ + TPM_NONCE antiReplay; + TPM_DIGEST digest; + TSS_RESULT result; + UINT32 ekSize; + BYTE *ek; + TSS_KEY dummyKey; + UINT64 offset; + TSS_BOOL genResetAuth; + TPM_DIGEST eKResetAuth; + TPM_DIGEST hash; + UINT32 newEKSize; + BYTE *newEK; + TSS_HCONTEXT tspContext; + TPM_PUBKEY pubEK; + Trspi_HashCtx hashCtx; + + memset(&pubEK, 0, sizeof(TPM_PUBKEY)); + memset(&dummyKey, 0, sizeof(TSS_KEY)); + memset(&eKResetAuth, 0xff, sizeof(eKResetAuth)); + + if (!pulEkResetDataLength || !prgbEkResetData) + return TSPERR(TSS_E_BAD_PARAMETER); + + if (*pulEkResetDataLength != 0) { + if (*prgbEkResetData == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if (*pulEkResetDataLength < sizeof(eKResetAuth.digest)) + return TSPERR(TSS_E_BAD_PARAMETER); + + memcpy(eKResetAuth.digest, *prgbEkResetData, sizeof(eKResetAuth.digest)); + genResetAuth = FALSE; + } else { + if (*prgbEkResetData != NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + genResetAuth = TRUE; + } + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + if ((result = obj_rsakey_get_blob(hKey, &ekSize, &ek))) + return result; + + offset = 0; + if ((result = UnloadBlob_TSS_KEY(&offset, ek, &dummyKey))) + return result; + + offset = 0; + Trspi_LoadBlob_KEY_PARMS(&offset, ek, &dummyKey.algorithmParms); + free_key_refs(&dummyKey); + ekSize = offset; + + if (pValidationData == NULL) { + if ((result = get_local_random(tspContext, FALSE, sizeof(TPM_NONCE), + (BYTE **)antiReplay.nonce))) { + LogError("Failed to create random nonce"); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + } else { + if (pValidationData->ulExternalDataLength < sizeof(antiReplay.nonce)) + return TSPERR(TSS_E_BAD_PARAMETER); + + memcpy(antiReplay.nonce, pValidationData->rgbExternalData, + sizeof(antiReplay.nonce)); + } + + if ((result = RPC_CreateRevocableEndorsementKeyPair(tspContext, antiReplay, ekSize, ek, + genResetAuth, &eKResetAuth, &newEKSize, + &newEK, &digest))) + return result; + + if (pValidationData == NULL) { + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_HashUpdate(&hashCtx, newEKSize, newEK); + result |= Trspi_HashUpdate(&hashCtx, TPM_SHA1_160_HASH_LEN, antiReplay.nonce); + if ((result |= Trspi_HashFinal(&hashCtx, hash.digest))) + goto done; + + if (memcmp(hash.digest, digest.digest, TPM_SHA1_160_HASH_LEN)) { + LogError("Internal verification failed"); + result = TSPERR(TSS_E_EK_CHECKSUM); + goto done; + } + } else { + pValidationData->rgbData = calloc_tspi(tspContext, newEKSize); + if (pValidationData->rgbData == NULL) { + LogError("malloc of %u bytes failed.", newEKSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + pValidationData->ulDataLength = newEKSize; + memcpy(pValidationData->rgbData, newEK, newEKSize); + memcpy(&pValidationData->rgbData[ekSize], antiReplay.nonce, + sizeof(antiReplay.nonce)); + + pValidationData->rgbValidationData = calloc_tspi(tspContext, + TPM_SHA1_160_HASH_LEN); + if (pValidationData->rgbValidationData == NULL) { + LogError("malloc of %d bytes failed.", TPM_SHA1_160_HASH_LEN); + free_tspi(tspContext, pValidationData->rgbData); + pValidationData->rgbData = NULL; + pValidationData->ulDataLength = 0; + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + pValidationData->ulValidationDataLength = TPM_SHA1_160_HASH_LEN; + memcpy(pValidationData->rgbValidationData, digest.digest, TPM_SHA1_160_HASH_LEN); + } + + if ((result = obj_rsakey_set_pubkey(hKey, FALSE, newEK))) { + if (pValidationData) { + free_tspi(tspContext, pValidationData->rgbValidationData); + free_tspi(tspContext, pValidationData->rgbData); + pValidationData->rgbData = NULL; + pValidationData->ulDataLength = 0; + pValidationData->rgbValidationData = NULL; + pValidationData->ulValidationDataLength = 0; + } + goto done; + } + + if (genResetAuth) { + if ((*prgbEkResetData = calloc_tspi(tspContext, sizeof(eKResetAuth.digest))) == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(eKResetAuth.digest)); + if (pValidationData) { + free_tspi(tspContext, pValidationData->rgbValidationData); + free_tspi(tspContext, pValidationData->rgbData); + pValidationData->rgbData = NULL; + pValidationData->ulDataLength = 0; + pValidationData->rgbValidationData = NULL; + pValidationData->ulValidationDataLength = 0; + } + goto done; + } + + memcpy(*prgbEkResetData, eKResetAuth.digest, sizeof(eKResetAuth.digest)); + *pulEkResetDataLength = sizeof(eKResetAuth.digest); + } + +done: + free(newEK); + + return result; +} + +TSS_RESULT +Tspi_TPM_RevokeEndorsementKey(TSS_HTPM hTPM, /* in */ + UINT32 ulEkResetDataLength, /* in */ + BYTE * rgbEkResetData) /* in */ +{ + TSS_HCONTEXT tspContext; + TPM_DIGEST eKResetAuth; + TSS_RESULT result; + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + if (ulEkResetDataLength < sizeof(eKResetAuth.digest) || !rgbEkResetData) + return TSPERR(TSS_E_BAD_PARAMETER); + + memcpy(eKResetAuth.digest, rgbEkResetData, sizeof(eKResetAuth.digest)); + + if ((result = RPC_RevokeEndorsementKeyPair(tspContext, &eKResetAuth))) + return result; + + return result; +} +#endif + diff --git a/src/tspi/tspi_getset.c b/src/tspi/tspi_getset.c new file mode 100644 index 0000000..3fa8727 --- /dev/null +++ b/src/tspi/tspi_getset.c @@ -0,0 +1,1168 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" +#include "tsp_audit.h" + + +TSS_RESULT +Tspi_SetAttribUint32(TSS_HOBJECT hObject, /* in */ + TSS_FLAG attribFlag, /* in */ + TSS_FLAG subFlag, /* in */ + UINT32 ulAttrib) /* in */ +{ + TSS_RESULT result; + + if (obj_is_rsakey(hObject)) { +#ifdef TSS_BUILD_RSAKEY_LIST + if (attribFlag == TSS_TSPATTRIB_KEY_REGISTER) { + if (subFlag) + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + + if (ulAttrib == TSS_TSPATTRIB_KEYREGISTER_USER) + result = obj_rsakey_set_pstype(hObject, TSS_PS_TYPE_USER); + else if (ulAttrib == TSS_TSPATTRIB_KEYREGISTER_SYSTEM) + result = obj_rsakey_set_pstype(hObject, TSS_PS_TYPE_SYSTEM); + else if (ulAttrib == TSS_TSPATTRIB_KEYREGISTER_NO) + result = obj_rsakey_set_pstype(hObject, TSS_PS_TYPE_NO); + else + return TSPERR(TSS_E_INVALID_ATTRIB_DATA); + } else if (attribFlag == TSS_TSPATTRIB_KEY_INFO) { + switch (subFlag) { + case TSS_TSPATTRIB_KEYINFO_USAGE: + result = obj_rsakey_set_usage(hObject, ulAttrib); + break; + case TSS_TSPATTRIB_KEYINFO_MIGRATABLE: + if (ulAttrib != TRUE && ulAttrib != FALSE) + return TSPERR(TSS_E_INVALID_ATTRIB_DATA); + + result = obj_rsakey_set_migratable(hObject, ulAttrib); + break; + case TSS_TSPATTRIB_KEYINFO_REDIRECTED: + if (ulAttrib != TRUE && ulAttrib != FALSE) + return TSPERR(TSS_E_INVALID_ATTRIB_DATA); + + result = obj_rsakey_set_redirected(hObject, ulAttrib); + break; + case TSS_TSPATTRIB_KEYINFO_VOLATILE: + if (ulAttrib != TRUE && ulAttrib != FALSE) + return TSPERR(TSS_E_INVALID_ATTRIB_DATA); + + result = obj_rsakey_set_volatile(hObject, ulAttrib); + break; + case TSS_TSPATTRIB_KEYINFO_AUTHUSAGE: + /* fall through */ + case TSS_TSPATTRIB_KEYINFO_AUTHDATAUSAGE: + if (ulAttrib != TRUE && ulAttrib != FALSE) + return TSPERR(TSS_E_INVALID_ATTRIB_DATA); + + result = obj_rsakey_set_authdata_usage(hObject, ulAttrib); + break; + case TSS_TSPATTRIB_KEYINFO_ALGORITHM: + result = obj_rsakey_set_alg(hObject, ulAttrib); + break; + case TSS_TSPATTRIB_KEYINFO_ENCSCHEME: + if (ulAttrib != TSS_ES_NONE && + ulAttrib != TSS_ES_RSAESPKCSV15 && + ulAttrib != TSS_ES_RSAESOAEP_SHA1_MGF1) + return TSPERR(TSS_E_INVALID_ATTRIB_DATA); + + result = obj_rsakey_set_es(hObject, ulAttrib); + break; + case TSS_TSPATTRIB_KEYINFO_SIGSCHEME: + if (ulAttrib != TSS_SS_NONE && + ulAttrib != TSS_SS_RSASSAPKCS1V15_SHA1 && + ulAttrib != TSS_SS_RSASSAPKCS1V15_DER && + ulAttrib != TSS_SS_RSASSAPKCS1V15_INFO) + return TSPERR(TSS_E_INVALID_ATTRIB_DATA); + + result = obj_rsakey_set_ss(hObject, ulAttrib); + break; + case TSS_TSPATTRIB_KEYINFO_KEYFLAGS: + result = obj_rsakey_set_flags(hObject, ulAttrib); + break; + case TSS_TSPATTRIB_KEYINFO_SIZE: + result = obj_rsakey_set_size(hObject, ulAttrib); + break; + default: + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } + } else if (attribFlag == TSS_TSPATTRIB_RSAKEY_INFO) { + if (subFlag == TSS_TSPATTRIB_KEYINFO_RSA_PRIMES) { + result = obj_rsakey_set_num_primes(hObject, ulAttrib); + } else + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } else + return TSPERR(TSS_E_INVALID_ATTRIB_FLAG); +#endif +#ifdef TSS_BUILD_NV + } else if (obj_is_nvstore(hObject)) { + switch (attribFlag) { + case TSS_TSPATTRIB_NV_INDEX: + if ((result = obj_nvstore_set_index(hObject, ulAttrib))) + return result; + break; + case TSS_TSPATTRIB_NV_DATASIZE: + if ((result = obj_nvstore_set_datasize(hObject, ulAttrib))) + return result; + break; + case TSS_TSPATTRIB_NV_PERMISSIONS: + if ((result = obj_nvstore_set_permission(hObject, ulAttrib))) + return result; + break; + default: + return TSPERR(TSS_E_INVALID_ATTRIB_FLAG); + break; + } +#endif + } else if (obj_is_policy(hObject)) { + switch (attribFlag) { + case TSS_TSPATTRIB_POLICY_CALLBACK_HMAC: + case TSS_TSPATTRIB_POLICY_CALLBACK_XOR_ENC: + case TSS_TSPATTRIB_POLICY_CALLBACK_TAKEOWNERSHIP: + case TSS_TSPATTRIB_POLICY_CALLBACK_CHANGEAUTHASYM: + result = obj_policy_set_cb11(hObject, attribFlag, + subFlag, ulAttrib); + break; + case TSS_TSPATTRIB_POLICY_SECRET_LIFETIME: + if (subFlag == TSS_TSPATTRIB_POLICYSECRET_LIFETIME_ALWAYS || + subFlag == TSS_TSPATTRIB_POLICYSECRET_LIFETIME_COUNTER || + subFlag == TSS_TSPATTRIB_POLICYSECRET_LIFETIME_TIMER) { + result = obj_policy_set_lifetime(hObject, subFlag, + ulAttrib); + } else { + result = TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } + break; + case TSS_TSPATTRIB_SECRET_HASH_MODE: + result = obj_policy_set_hash_mode(hObject, ulAttrib); + break; +#ifdef TSS_BUILD_DELEGATION + case TSS_TSPATTRIB_POLICY_DELEGATION_INFO: + switch (subFlag) { + case TSS_TSPATTRIB_POLDEL_TYPE: + switch (ulAttrib) { + case TSS_DELEGATIONTYPE_NONE: + case TSS_DELEGATIONTYPE_OWNER: + case TSS_DELEGATIONTYPE_KEY: + result = obj_policy_set_delegation_type(hObject, + ulAttrib); + break; + default: + result = TSPERR(TSS_E_INVALID_ATTRIB_DATA); + } + break; + case TSS_TSPATTRIB_POLDEL_INDEX: + result = obj_policy_set_delegation_index(hObject, ulAttrib); + break; + case TSS_TSPATTRIB_POLDEL_PER1: + result = obj_policy_set_delegation_per1(hObject, ulAttrib); + break; + case TSS_TSPATTRIB_POLDEL_PER2: + result = obj_policy_set_delegation_per2(hObject, ulAttrib); + break; + default: + result = TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } + break; +#endif + default: + return TSPERR(TSS_E_INVALID_ATTRIB_FLAG); + break; + } + } else if (obj_is_context(hObject)) { + switch (attribFlag) { + case TSS_TSPATTRIB_CONTEXT_SILENT_MODE: + if (ulAttrib == TSS_TSPATTRIB_CONTEXT_NOT_SILENT) + result = obj_context_set_mode(hObject, ulAttrib); + else if (ulAttrib == TSS_TSPATTRIB_CONTEXT_SILENT) { + if (obj_context_has_popups(hObject)) + return TSPERR(TSS_E_SILENT_CONTEXT); + result = obj_context_set_mode(hObject, ulAttrib); + } else + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + break; +#ifdef TSS_BUILD_TRANSPORT + case TSS_TSPATTRIB_CONTEXT_TRANSPORT: + if (subFlag == TSS_TSPATTRIB_CONTEXTTRANS_CONTROL) { + if (ulAttrib != TSS_TSPATTRIB_DISABLE_TRANSPORT && + ulAttrib != TSS_TSPATTRIB_ENABLE_TRANSPORT) + return TSPERR(TSS_E_INVALID_ATTRIB_DATA); + + result = obj_context_transport_set_control(hObject, + ulAttrib); + } else if (subFlag == TSS_TSPATTRIB_CONTEXTTRANS_MODE) { + switch (ulAttrib) { + case TSS_TSPATTRIB_TRANSPORT_NO_DEFAULT_ENCRYPTION: + case TSS_TSPATTRIB_TRANSPORT_DEFAULT_ENCRYPTION: + case TSS_TSPATTRIB_TRANSPORT_AUTHENTIC_CHANNEL: + case TSS_TSPATTRIB_TRANSPORT_EXCLUSIVE: + case TSS_TSPATTRIB_TRANSPORT_STATIC_AUTH: + break; + default: + return TSPERR(TSS_E_INVALID_ATTRIB_DATA); + } + + result = obj_context_transport_set_mode(hObject, ulAttrib); + } else + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + + break; +#endif + case TSS_TSPATTRIB_SECRET_HASH_MODE: + result = obj_context_set_hash_mode(hObject, ulAttrib); + break; + default: + return TSPERR(TSS_E_INVALID_ATTRIB_FLAG); + break; + } + } else if (obj_is_tpm(hObject)) { + switch (attribFlag) { + case TSS_TSPATTRIB_TPM_CALLBACK_COLLATEIDENTITY: + case TSS_TSPATTRIB_TPM_CALLBACK_ACTIVATEIDENTITY: + if ((result = obj_tpm_set_cb11(hObject, attribFlag, subFlag, + ulAttrib))) + return result; + break; +#ifdef TSS_BUILD_AUDIT + case TSS_TSPATTRIB_TPM_ORDINAL_AUDIT_STATUS: + result = __tspi_audit_set_ordinal_audit_status(hObject, attribFlag, + subFlag, ulAttrib); + break; +#endif + default: + result = TSPERR(TSS_E_INVALID_ATTRIB_FLAG); + break; + } +#ifdef TSS_BUILD_SEALX + } else if (obj_is_encdata(hObject)) { + if (attribFlag != TSS_TSPATTRIB_ENCDATA_SEAL) + return TSPERR(TSS_E_INVALID_ATTRIB_FLAG); + if (subFlag == TSS_TSPATTRIB_ENCDATASEAL_PROTECT_MODE) { + if (ulAttrib != TSS_TSPATTRIB_ENCDATASEAL_NO_PROTECT && + ulAttrib != TSS_TSPATTRIB_ENCDATASEAL_PROTECT) + return TSPERR(TSS_E_INVALID_ATTRIB_DATA); + + result = obj_encdata_set_seal_protect_mode(hObject, ulAttrib); + } else + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); +#endif +#ifdef TSS_BUILD_DELEGATION + } else if (obj_is_delfamily(hObject)) { + switch (attribFlag) { + case TSS_TSPATTRIB_DELFAMILY_STATE: + switch (subFlag) { + case TSS_TSPATTRIB_DELFAMILYSTATE_LOCKED: + result = obj_delfamily_set_locked(hObject, (TSS_BOOL)ulAttrib, TRUE); + break; + case TSS_TSPATTRIB_DELFAMILYSTATE_ENABLED: + result = obj_delfamily_set_enabled(hObject, (TSS_BOOL)ulAttrib, TRUE); + break; + default: + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } + break; + default: + return TSPERR(TSS_E_INVALID_ATTRIB_FLAG); + } +#endif + } else { + if (obj_is_hash(hObject) || obj_is_pcrs(hObject)) + result = TSPERR(TSS_E_BAD_PARAMETER); + else + result = TSPERR(TSS_E_INVALID_HANDLE); + } + + return result; +} + +TSS_RESULT +Tspi_GetAttribUint32(TSS_HOBJECT hObject, /* in */ + TSS_FLAG attribFlag, /* in */ + TSS_FLAG subFlag, /* in */ + UINT32 * pulAttrib) /* out */ +{ + UINT32 attrib; + TSS_RESULT result = TSS_SUCCESS; + + if (pulAttrib == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if (obj_is_rsakey(hObject)) { +#ifdef TSS_BUILD_RSAKEY_LIST + if (attribFlag == TSS_TSPATTRIB_KEY_REGISTER) { + if (subFlag != 0) + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + + if ((result = obj_rsakey_get_pstype(hObject, &attrib))) + return result; + + if (attrib == TSS_PS_TYPE_USER) + *pulAttrib = TSS_TSPATTRIB_KEYREGISTER_USER; + else if (attrib == TSS_PS_TYPE_SYSTEM) + *pulAttrib = TSS_TSPATTRIB_KEYREGISTER_SYSTEM; + else + *pulAttrib = TSS_TSPATTRIB_KEYREGISTER_NO; + } else if (attribFlag == TSS_TSPATTRIB_KEY_INFO) { + switch (subFlag) { + case TSS_TSPATTRIB_KEYINFO_USAGE: + if ((result = obj_rsakey_get_usage(hObject, pulAttrib))) + return result; + break; + case TSS_TSPATTRIB_KEYINFO_MIGRATABLE: + *pulAttrib = obj_rsakey_is_migratable(hObject); + break; + case TSS_TSPATTRIB_KEYINFO_REDIRECTED: + *pulAttrib = obj_rsakey_is_redirected(hObject); + break; + case TSS_TSPATTRIB_KEYINFO_VOLATILE: + *pulAttrib = obj_rsakey_is_volatile(hObject); + break; + case TSS_TSPATTRIB_KEYINFO_AUTHUSAGE: + /* fall through */ + case TSS_TSPATTRIB_KEYINFO_AUTHDATAUSAGE: + if ((result = obj_rsakey_get_authdata_usage(hObject, pulAttrib))) + return result; + break; + case TSS_TSPATTRIB_KEYINFO_ALGORITHM: + if ((result = obj_rsakey_get_alg(hObject, pulAttrib))) + return result; + break; + case TSS_TSPATTRIB_KEYINFO_ENCSCHEME: + if ((result = obj_rsakey_get_es(hObject, pulAttrib))) + return result; + break; + case TSS_TSPATTRIB_KEYINFO_SIGSCHEME: + if ((result = obj_rsakey_get_ss(hObject, pulAttrib))) + return result; + break; + case TSS_TSPATTRIB_KEYINFO_KEYFLAGS: + if ((result = obj_rsakey_get_flags(hObject, pulAttrib))) + return result; + break; + case TSS_TSPATTRIB_KEYINFO_SIZE: + if ((result = obj_rsakey_get_size(hObject, pulAttrib))) + return result; + break; +#ifdef TSS_BUILD_CMK + case TSS_TSPATTRIB_KEYINFO_CMK: + *pulAttrib = obj_rsakey_is_cmk(hObject); + break; +#endif + default: + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } + } else if (attribFlag == TSS_TSPATTRIB_RSAKEY_INFO) { + if (subFlag == TSS_TSPATTRIB_KEYINFO_RSA_KEYSIZE) { + if ((result = obj_rsakey_get_size(hObject, pulAttrib))) + return result; + } else if (subFlag == TSS_TSPATTRIB_KEYINFO_RSA_PRIMES) { + if ((result = obj_rsakey_get_num_primes(hObject, pulAttrib))) + return result; + } else { + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } + } else if (attribFlag == TSS_TSPATTRIB_KEY_PCR_LONG) { + if (subFlag == TSS_TSPATTRIB_KEYPCRLONG_LOCALITY_ATCREATION || + subFlag == TSS_TSPATTRIB_KEYPCRLONG_LOCALITY_ATRELEASE) { + result = obj_rsakey_get_pcr_locality(hObject, subFlag, pulAttrib); + } else + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } else + return TSPERR(TSS_E_INVALID_ATTRIB_FLAG); +#endif +#ifdef TSS_BUILD_NV + } else if (obj_is_nvstore(hObject)) { + switch (attribFlag) { + case TSS_TSPATTRIB_NV_INDEX: + if ((result = obj_nvstore_get_index(hObject, pulAttrib))) + return result; + break; + case TSS_TSPATTRIB_NV_DATASIZE: + if ((result = obj_nvstore_get_datasize(hObject, pulAttrib))) + return result; + break; + case TSS_TSPATTRIB_NV_PERMISSIONS: + if ((result = obj_nvstore_get_permission(hObject, pulAttrib))) + return result; + break; + case TSS_TSPATTRIB_NV_STATE: + switch (subFlag) { + case TSS_TSPATTRIB_NVSTATE_READSTCLEAR: + if ((result = + obj_nvstore_get_state_readstclear(hObject, + pulAttrib))) + return result; + break; + case TSS_TSPATTRIB_NVSTATE_WRITEDEFINE: + if ((result = + obj_nvstore_get_state_writedefine(hObject, + pulAttrib))) + return result; + break; + case TSS_TSPATTRIB_NVSTATE_WRITESTCLEAR: + if ((result = + obj_nvstore_get_state_writestclear(hObject, + pulAttrib))) + return result; + break; + default: + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } + break; + case TSS_TSPATTRIB_NV_PCR: + switch (subFlag) { + case TSS_TSPATTRIB_NVPCR_READLOCALITYATRELEASE: + if ((result = + obj_nvstore_get_readlocalityatrelease(hObject, + pulAttrib))) + return result; + break; + case TSS_TSPATTRIB_NVPCR_WRITELOCALITYATRELEASE: + if ((result = + obj_nvstore_get_writelocalityatrelease(hObject, + pulAttrib))) + return result; + break; + default: + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } + break; + case TSS_TSPATTRIB_KEYCONTROL_OWNEREVICT: + if ((result = obj_rsakey_get_ownerevict(hObject, pulAttrib))) + return result; + break; + default: + return TSPERR(TSS_E_INVALID_ATTRIB_FLAG); + } +#endif + } else if (obj_is_policy(hObject)) { + switch (attribFlag) { + case TSS_TSPATTRIB_POLICY_CALLBACK_HMAC: + case TSS_TSPATTRIB_POLICY_CALLBACK_XOR_ENC: + case TSS_TSPATTRIB_POLICY_CALLBACK_TAKEOWNERSHIP: + case TSS_TSPATTRIB_POLICY_CALLBACK_CHANGEAUTHASYM: + if ((result = obj_policy_get_cb11(hObject, attribFlag, pulAttrib))) + return result; + break; + case TSS_TSPATTRIB_POLICY_SECRET_LIFETIME: + if ((result = obj_policy_get_lifetime(hObject, &attrib))) + return result; + + if (subFlag == TSS_TSPATTRIB_POLICYSECRET_LIFETIME_ALWAYS) { + if (attrib == TSS_TSPATTRIB_POLICYSECRET_LIFETIME_ALWAYS) + *pulAttrib = TRUE; + else + *pulAttrib = FALSE; + } else if (subFlag == TSS_TSPATTRIB_POLICYSECRET_LIFETIME_COUNTER) { + if (attrib != TSS_TSPATTRIB_POLICYSECRET_LIFETIME_COUNTER) + return TSPERR(TSS_E_BAD_PARAMETER); + if ((result = obj_policy_get_counter(hObject, pulAttrib))) + return result; + } else if (subFlag == TSS_TSPATTRIB_POLICYSECRET_LIFETIME_TIMER) { + if ((result = + obj_policy_get_secs_until_expired(hObject, pulAttrib))) + return result; + } else + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + break; + case TSS_TSPATTRIB_SECRET_HASH_MODE: + if (subFlag == TSS_TSPATTRIB_SECRET_HASH_MODE_POPUP) + result = obj_policy_get_hash_mode(hObject, pulAttrib); + else + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + break; +#ifdef TSS_BUILD_DELEGATION + case TSS_TSPATTRIB_POLICY_DELEGATION_INFO: + switch (subFlag) { + case TSS_TSPATTRIB_POLDEL_TYPE: + result = obj_policy_get_delegation_type(hObject, + pulAttrib); + break; + case TSS_TSPATTRIB_POLDEL_INDEX: + result = obj_policy_get_delegation_index(hObject, + pulAttrib); + break; + case TSS_TSPATTRIB_POLDEL_PER1: + result = obj_policy_get_delegation_per1(hObject, + pulAttrib); + break; + case TSS_TSPATTRIB_POLDEL_PER2: + result = obj_policy_get_delegation_per2(hObject, + pulAttrib); + break; + case TSS_TSPATTRIB_POLDEL_LABEL: + result = obj_policy_get_delegation_label(hObject, + (BYTE *)pulAttrib); + break; + case TSS_TSPATTRIB_POLDEL_FAMILYID: + result = obj_policy_get_delegation_familyid(hObject, + pulAttrib); + break; + case TSS_TSPATTRIB_POLDEL_VERCOUNT: + result = obj_policy_get_delegation_vercount(hObject, + pulAttrib); + break; + default: + result = TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } + break; + case TSS_TSPATTRIB_POLICY_DELEGATION_PCR: + switch (subFlag) { + case TSS_TSPATTRIB_POLDELPCR_LOCALITY: + result = obj_policy_get_delegation_pcr_locality(hObject, + pulAttrib); + break; + default: + result = TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } + break; +#endif + default: + return TSPERR(TSS_E_INVALID_ATTRIB_FLAG); + break; + } + } else if (obj_is_context(hObject)) { + switch (attribFlag) { + case TSS_TSPATTRIB_CONTEXT_SILENT_MODE: + if ((result = obj_context_get_mode(hObject, pulAttrib))) + return result; + break; + case TSS_TSPATTRIB_SECRET_HASH_MODE: + if (subFlag == TSS_TSPATTRIB_SECRET_HASH_MODE_POPUP) + result = obj_context_get_hash_mode(hObject, pulAttrib); + else + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + break; +#ifdef TSS_BUILD_TRANSPORT + case TSS_TSPATTRIB_CONTEXT_TRANSPORT: + if (subFlag == TSS_TSPATTRIB_DISABLE_TRANSPORT || + subFlag == TSS_TSPATTRIB_ENABLE_TRANSPORT) { + result = obj_context_transport_get_control(hObject, subFlag, + pulAttrib); + } else if ( + subFlag == TSS_TSPATTRIB_TRANSPORT_NO_DEFAULT_ENCRYPTION || + subFlag == TSS_TSPATTRIB_TRANSPORT_DEFAULT_ENCRYPTION || + subFlag == TSS_TSPATTRIB_TRANSPORT_AUTHENTIC_CHANNEL || + subFlag == TSS_TSPATTRIB_TRANSPORT_EXCLUSIVE || + subFlag == TSS_TSPATTRIB_TRANSPORT_STATIC_AUTH) { + result = obj_context_transport_get_mode(hObject, subFlag, + pulAttrib); + } else + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + break; +#endif + default: + return TSPERR(TSS_E_INVALID_ATTRIB_FLAG); + break; + } + } else if (obj_is_tpm(hObject)) { + switch (attribFlag) { + case TSS_TSPATTRIB_TPM_CALLBACK_COLLATEIDENTITY: + case TSS_TSPATTRIB_TPM_CALLBACK_ACTIVATEIDENTITY: + if ((result = obj_tpm_get_cb11(hObject, attribFlag, pulAttrib))) + return result; + break; + default: + result = TSPERR(TSS_E_INVALID_ATTRIB_FLAG); + break; + } + } else if (obj_is_encdata(hObject)) { +#ifdef TSS_BUILD_SEALX + if (attribFlag == TSS_TSPATTRIB_ENCDATA_SEAL) { + if (subFlag == TSS_TSPATTRIB_ENCDATASEAL_PROTECT_MODE) + result = obj_encdata_get_seal_protect_mode(hObject, pulAttrib); + else + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } else if (attribFlag == TSS_TSPATTRIB_ENCDATA_PCR_LONG) { + if (subFlag == TSS_TSPATTRIB_ENCDATAPCRLONG_LOCALITY_ATCREATION || + subFlag == TSS_TSPATTRIB_ENCDATAPCRLONG_LOCALITY_ATRELEASE) { + result = obj_encdata_get_pcr_locality(hObject, subFlag, pulAttrib); + } else + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } else + return TSPERR(TSS_E_INVALID_ATTRIB_FLAG); +#endif +#ifdef TSS_BUILD_DELEGATION + } else if (obj_is_delfamily(hObject)) { + switch (attribFlag) { + case TSS_TSPATTRIB_DELFAMILY_STATE: + switch (subFlag) { + case TSS_TSPATTRIB_DELFAMILYSTATE_LOCKED: + result = obj_delfamily_get_locked(hObject, (TSS_BOOL *)pulAttrib); + break; + case TSS_TSPATTRIB_DELFAMILYSTATE_ENABLED: + result = obj_delfamily_get_enabled(hObject, (TSS_BOOL *)pulAttrib); + break; + default: + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } + break; + case TSS_TSPATTRIB_DELFAMILY_INFO: + switch (subFlag) { + case TSS_TSPATTRIB_DELFAMILYINFO_LABEL: + result = obj_delfamily_get_label(hObject, (BYTE *)pulAttrib); + break; + case TSS_TSPATTRIB_DELFAMILYINFO_VERCOUNT: + result = obj_delfamily_get_vercount(hObject, pulAttrib); + break; + case TSS_TSPATTRIB_DELFAMILYINFO_FAMILYID: + result = obj_delfamily_get_familyid(hObject, pulAttrib); + break; + default: + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } + break; + default: + return TSPERR(TSS_E_INVALID_ATTRIB_FLAG); + } +#endif + } else { + if (obj_is_hash(hObject) || obj_is_pcrs(hObject)) + result = TSPERR(TSS_E_BAD_PARAMETER); + else + result = TSPERR(TSS_E_INVALID_HANDLE); + } + + return result; +} + +TSS_RESULT +Tspi_SetAttribData(TSS_HOBJECT hObject, /* in */ + TSS_FLAG attribFlag, /* in */ + TSS_FLAG subFlag, /* in */ + UINT32 ulAttribDataSize, /* in */ + BYTE * rgbAttribData) /* in */ +{ + TSS_RESULT result; + BYTE *string = NULL; + + if (obj_is_rsakey(hObject)) { +#ifdef TSS_BUILD_RSAKEY_LIST + if (attribFlag == TSS_TSPATTRIB_KEY_BLOB) { + if (subFlag == TSS_TSPATTRIB_KEYBLOB_BLOB) { + /* A TPM_KEY(12) structure, in blob form */ + result = obj_rsakey_set_tcpakey(hObject, ulAttribDataSize, + rgbAttribData); + if (result == TSS_SUCCESS) + result = obj_rsakey_set_tcs_handle(hObject, 0); + } else if (subFlag == TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY) { + /* A TCPA_PUBKEY structure, in blob form */ + result = obj_rsakey_set_pubkey(hObject, FALSE, rgbAttribData); + } else if (subFlag == TSS_TSPATTRIB_KEYBLOB_PRIVATE_KEY) { + /* A blob, either encrypted or unencrypted */ + result = obj_rsakey_set_privkey(hObject, FALSE, ulAttribDataSize, + rgbAttribData); + } else { + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } + } else if (attribFlag == TSS_TSPATTRIB_RSAKEY_INFO) { + if (subFlag == TSS_TSPATTRIB_KEYINFO_RSA_EXPONENT) { + result = obj_rsakey_set_exponent(hObject, ulAttribDataSize, + rgbAttribData); + } else if (subFlag == TSS_TSPATTRIB_KEYINFO_RSA_MODULUS) { + result = obj_rsakey_set_modulus(hObject, ulAttribDataSize, + rgbAttribData); + } else { + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } +#ifdef TSS_BUILD_CMK + } else if (attribFlag == TSS_TSPATTRIB_KEY_CMKINFO) { + if (subFlag == TSS_TSPATTRIB_KEYINFO_CMK_MA_APPROVAL) { + result = obj_rsakey_set_msa_approval(hObject, ulAttribDataSize, + rgbAttribData); + } else if (subFlag == TSS_TSPATTRIB_KEYINFO_CMK_MA_DIGEST) { + result = obj_rsakey_set_msa_digest(hObject, ulAttribDataSize, + rgbAttribData); + } else { + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } +#endif + } else { + return TSPERR(TSS_E_INVALID_ATTRIB_FLAG); + } +#endif + } else if (obj_is_encdata(hObject)) { +#ifdef TSS_BUILD_ENCDATA_LIST + if (attribFlag != TSS_TSPATTRIB_ENCDATA_BLOB) + return TSPERR(TSS_E_INVALID_ATTRIB_FLAG); + if (subFlag != TSS_TSPATTRIB_ENCDATABLOB_BLOB) + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + + result = obj_encdata_set_data(hObject, ulAttribDataSize, rgbAttribData); +#endif + } else if (obj_is_policy(hObject)) { + switch (attribFlag) { + case TSS_TSPATTRIB_POLICY_POPUPSTRING: + if ((string = Trspi_UNICODE_To_Native(rgbAttribData, + NULL)) == NULL) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = obj_policy_set_string(hObject, + ulAttribDataSize, + string); + break; + case TSS_TSPATTRIB_POLICY_CALLBACK_HMAC: + case TSS_TSPATTRIB_POLICY_CALLBACK_XOR_ENC: + case TSS_TSPATTRIB_POLICY_CALLBACK_TAKEOWNERSHIP: + case TSS_TSPATTRIB_POLICY_CALLBACK_CHANGEAUTHASYM: +#ifdef TSS_BUILD_SEALX + case TSS_TSPATTRIB_POLICY_CALLBACK_SEALX_MASK: +#endif + result = obj_policy_set_cb12(hObject, attribFlag, + rgbAttribData); + break; +#ifdef TSS_BUILD_DELEGATION + case TSS_TSPATTRIB_POLICY_DELEGATION_INFO: + switch (subFlag) { + case TSS_TSPATTRIB_POLDEL_OWNERBLOB: + result = obj_policy_set_delegation_blob(hObject, + TSS_DELEGATIONTYPE_OWNER, + ulAttribDataSize, rgbAttribData); + break; + case TSS_TSPATTRIB_POLDEL_KEYBLOB: + result = obj_policy_set_delegation_blob(hObject, + TSS_DELEGATIONTYPE_KEY, + ulAttribDataSize, rgbAttribData); + break; + default: + result = TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } + break; +#endif + default: + return TSPERR(TSS_E_INVALID_ATTRIB_FLAG); + break; + } + } else if (obj_is_hash(hObject)) { +#ifdef TSS_BUILD_HASH_LIST + if (attribFlag != TSS_TSPATTRIB_HASH_IDENTIFIER) + return TSPERR(TSS_E_INVALID_ATTRIB_FLAG); + + if (subFlag != 0) + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + + result = obj_hash_set_value(hObject, ulAttribDataSize, rgbAttribData); +#endif + } else if (obj_is_tpm(hObject)) { + switch (attribFlag) { + case TSS_TSPATTRIB_TPM_CALLBACK_COLLATEIDENTITY: + case TSS_TSPATTRIB_TPM_CALLBACK_ACTIVATEIDENTITY: + result = obj_tpm_set_cb12(hObject, attribFlag, + rgbAttribData); + break; + case TSS_TSPATTRIB_TPM_CREDENTIAL: + if (subFlag == TSS_TPMATTRIB_EKCERT || + subFlag == TSS_TPMATTRIB_TPM_CC || + subFlag == TSS_TPMATTRIB_PLATFORMCERT || + subFlag == TSS_TPMATTRIB_PLATFORM_CC) { + result = obj_tpm_set_cred(hObject, subFlag, + ulAttribDataSize, rgbAttribData); + } else { + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } + break; + default: + return TSPERR(TSS_E_INVALID_ATTRIB_FLAG); + break; + } + } else if (obj_is_migdata(hObject)) { +#ifdef TSS_BUILD_CMK + switch (attribFlag) { + case TSS_MIGATTRIB_MIGRATIONBLOB: + switch (subFlag) { + case TSS_MIGATTRIB_MIG_MSALIST_PUBKEY_BLOB: + case TSS_MIGATTRIB_MIG_AUTHORITY_PUBKEY_BLOB: + case TSS_MIGATTRIB_MIG_DESTINATION_PUBKEY_BLOB: + case TSS_MIGATTRIB_MIG_SOURCE_PUBKEY_BLOB: + result = obj_migdata_set_migrationblob(hObject, subFlag, + ulAttribDataSize, rgbAttribData); + break; + default: + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } + break; + case TSS_MIGATTRIB_MIGRATIONTICKET: + if (subFlag != 0) + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + result = obj_migdata_set_ticket_blob(hObject, ulAttribDataSize, rgbAttribData); + break; + case TSS_MIGATTRIB_AUTHORITY_DATA: + switch (subFlag) { + case TSS_MIGATTRIB_AUTHORITY_DIGEST: + case TSS_MIGATTRIB_AUTHORITY_APPROVAL_HMAC: + case TSS_MIGATTRIB_AUTHORITY_MSALIST: + result = obj_migdata_set_authoritydata(hObject, subFlag, + ulAttribDataSize, rgbAttribData); + break; + default: + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } + break; + case TSS_MIGATTRIB_MIG_AUTH_DATA: + switch (subFlag) { + case TSS_MIGATTRIB_MIG_AUTH_AUTHORITY_DIGEST: + case TSS_MIGATTRIB_MIG_AUTH_DESTINATION_DIGEST: + case TSS_MIGATTRIB_MIG_AUTH_SOURCE_DIGEST: + result = obj_migdata_set_migauthdata(hObject, subFlag, + ulAttribDataSize, rgbAttribData); + break; + default: + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } + break; + case TSS_MIGATTRIB_TICKET_DATA: + switch (subFlag) { + case TSS_MIGATTRIB_TICKET_SIG_DIGEST: + case TSS_MIGATTRIB_TICKET_SIG_VALUE: + case TSS_MIGATTRIB_TICKET_SIG_TICKET: + case TSS_MIGATTRIB_TICKET_RESTRICT_TICKET: + result = obj_migdata_set_ticketdata(hObject, subFlag, + ulAttribDataSize, rgbAttribData); + break; + default: + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } + break; + default: + return TSPERR(TSS_E_INVALID_ATTRIB_FLAG); + break; + } +#endif + } else { + if (obj_is_pcrs(hObject) || obj_is_context(hObject)) + result = TSPERR(TSS_E_BAD_PARAMETER); +#ifdef TSS_BUILD_NV + else if (obj_is_nvstore(hObject)) + result = TSPERR(TSS_E_BAD_PARAMETER); +#endif + else + result = TSPERR(TSS_E_INVALID_HANDLE); + } + + return result; +} + +TSS_RESULT +Tspi_GetAttribData(TSS_HOBJECT hObject, /* in */ + TSS_FLAG attribFlag, /* in */ + TSS_FLAG subFlag, /* in */ + UINT32 * pulAttribDataSize, /* out */ + BYTE ** prgbAttribData) /* out */ +{ + TSS_RESULT result; + + if (pulAttribDataSize == NULL || prgbAttribData == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if (obj_is_rsakey(hObject)) { +#ifdef TSS_BUILD_RSAKEY_LIST + if (attribFlag == TSS_TSPATTRIB_KEY_BLOB) { + if (subFlag == TSS_TSPATTRIB_KEYBLOB_BLOB) { + /* A TPM_KEY(12) structure, in blob form */ + result = obj_rsakey_get_blob(hObject, pulAttribDataSize, + prgbAttribData); + } else if (subFlag == TSS_TSPATTRIB_KEYBLOB_PRIVATE_KEY) { + /* A blob, either encrypted or unencrypted */ + result = obj_rsakey_get_priv_blob(hObject, pulAttribDataSize, + prgbAttribData); + } else if (subFlag == TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY) { + /* A TCPA_PUBKEY structure, in blob form */ + result = obj_rsakey_get_pub_blob(hObject, pulAttribDataSize, + prgbAttribData); + } else { + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } + } else if (attribFlag == TSS_TSPATTRIB_KEY_INFO) { + if (subFlag != TSS_TSPATTRIB_KEYINFO_VERSION) + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + + result = obj_rsakey_get_version(hObject, pulAttribDataSize, + prgbAttribData); + } else if (attribFlag == TSS_TSPATTRIB_RSAKEY_INFO) { + if (subFlag == TSS_TSPATTRIB_KEYINFO_RSA_EXPONENT) { + result = obj_rsakey_get_exponent(hObject, pulAttribDataSize, + prgbAttribData); + } else if (subFlag == TSS_TSPATTRIB_KEYINFO_RSA_MODULUS) { + result = obj_rsakey_get_modulus(hObject, pulAttribDataSize, + prgbAttribData); + } else + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } else if (attribFlag == TSS_TSPATTRIB_KEY_UUID) { + if (subFlag) + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + + result = obj_rsakey_get_uuid(hObject, pulAttribDataSize, prgbAttribData); + } else if (attribFlag == TSS_TSPATTRIB_KEY_PCR) { + if (subFlag == TSS_TSPATTRIB_KEYPCR_DIGEST_ATCREATION || + subFlag == TSS_TSPATTRIB_KEYPCR_DIGEST_ATRELEASE) { + result = obj_rsakey_get_pcr_digest(hObject, TSS_PCRS_STRUCT_INFO, + subFlag, pulAttribDataSize, + prgbAttribData); + } else if (subFlag == TSS_TSPATTRIB_KEYPCR_SELECTION) { + result = obj_rsakey_get_pcr_selection(hObject, TSS_PCRS_STRUCT_INFO, + subFlag, pulAttribDataSize, + prgbAttribData); + } else + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } else if (attribFlag == TSS_TSPATTRIB_KEY_PCR_LONG) { + if (subFlag == TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION || + subFlag == TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE) { + result = obj_rsakey_get_pcr_digest(hObject, + TSS_PCRS_STRUCT_INFO_LONG, + subFlag, pulAttribDataSize, + prgbAttribData); + } else if (subFlag == TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION || + subFlag == TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION) { + result = obj_rsakey_get_pcr_selection(hObject, + TSS_PCRS_STRUCT_INFO_LONG, + subFlag, pulAttribDataSize, + prgbAttribData); + } else + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); +#ifdef TSS_BUILD_CMK + } else if (attribFlag == TSS_TSPATTRIB_KEY_CMKINFO) { + if (subFlag == TSS_TSPATTRIB_KEYINFO_CMK_MA_APPROVAL) { + result = obj_rsakey_get_msa_approval(hObject, pulAttribDataSize, + prgbAttribData); + } else if (subFlag == TSS_TSPATTRIB_KEYINFO_CMK_MA_DIGEST) { + result = obj_rsakey_get_msa_digest(hObject, pulAttribDataSize, + prgbAttribData); + } else { + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } +#endif + } else + return TSPERR(TSS_E_INVALID_ATTRIB_FLAG); +#endif +#ifdef TSS_BUILD_NV + } else if (obj_is_nvstore(hObject)) { + if (attribFlag == TSS_TSPATTRIB_NV_PCR) { + switch (subFlag) { + case TSS_TSPATTRIB_NVPCR_READDIGESTATRELEASE: + if ((result = obj_nvstore_get_readdigestatrelease(hObject, + pulAttribDataSize, + prgbAttribData))) + return result; + break; + case TSS_TSPATTRIB_NVPCR_READPCRSELECTION: + if ((result = obj_nvstore_get_readpcrselection( + hObject, + pulAttribDataSize, + prgbAttribData))) + return result; + break; + case TSS_TSPATTRIB_NVPCR_WRITEDIGESTATRELEASE: + if ((result = obj_nvstore_get_writedigestatrelease(hObject, + pulAttribDataSize, + prgbAttribData))) + return result; + break; + case TSS_TSPATTRIB_NVPCR_WRITEPCRSELECTION: + if ((result = obj_nvstore_get_writepcrselection(hObject, + pulAttribDataSize, + prgbAttribData))) + return result; + break; + default: + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } + } else + return TSPERR(TSS_E_INVALID_ATTRIB_FLAG); +#endif + } else if (obj_is_encdata(hObject)) { +#ifdef TSS_BUILD_ENCDATA_LIST + if (attribFlag == TSS_TSPATTRIB_ENCDATA_BLOB) { + if (subFlag != TSS_TSPATTRIB_ENCDATABLOB_BLOB) + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + + result = obj_encdata_get_data(hObject, pulAttribDataSize, prgbAttribData); + } else if (attribFlag == TSS_TSPATTRIB_ENCDATA_PCR) { + if (subFlag == TSS_TSPATTRIB_ENCDATAPCR_DIGEST_ATCREATION || + subFlag == TSS_TSPATTRIB_ENCDATAPCR_DIGEST_RELEASE) { + result = obj_encdata_get_pcr_digest(hObject, TSS_PCRS_STRUCT_INFO, + subFlag, pulAttribDataSize, + prgbAttribData); + } else if (subFlag == TSS_TSPATTRIB_ENCDATAPCR_SELECTION) { + result = obj_encdata_get_pcr_selection(hObject, + TSS_PCRS_STRUCT_INFO, + subFlag, pulAttribDataSize, + prgbAttribData); + } else { + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } + } else if (attribFlag == TSS_TSPATTRIB_ENCDATA_PCR_LONG) { + if (subFlag == TSS_TSPATTRIB_ENCDATAPCRLONG_CREATION_SELECTION || + subFlag == TSS_TSPATTRIB_ENCDATAPCRLONG_RELEASE_SELECTION) { + result = obj_encdata_get_pcr_selection(hObject, + TSS_PCRS_STRUCT_INFO_LONG, + subFlag, pulAttribDataSize, + prgbAttribData); + } else if (subFlag == TSS_TSPATTRIB_ENCDATAPCRLONG_DIGEST_ATCREATION || + subFlag == TSS_TSPATTRIB_ENCDATAPCRLONG_DIGEST_ATRELEASE) { + result = obj_encdata_get_pcr_digest(hObject, + TSS_PCRS_STRUCT_INFO_LONG, + subFlag, pulAttribDataSize, + prgbAttribData); + } else { + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } + } else { + return TSPERR(TSS_E_INVALID_ATTRIB_FLAG); + } +#endif + } else if (obj_is_context(hObject)) { + if (attribFlag != TSS_TSPATTRIB_CONTEXT_MACHINE_NAME) + return TSPERR(TSS_E_INVALID_ATTRIB_FLAG); + + if ((result = obj_context_get_machine_name_attrib(hObject, + pulAttribDataSize, + prgbAttribData))) + return result; + } else if (obj_is_policy(hObject)) { + switch (attribFlag) { + case TSS_TSPATTRIB_POLICY_CALLBACK_HMAC: + case TSS_TSPATTRIB_POLICY_CALLBACK_XOR_ENC: + case TSS_TSPATTRIB_POLICY_CALLBACK_TAKEOWNERSHIP: + case TSS_TSPATTRIB_POLICY_CALLBACK_CHANGEAUTHASYM: +#ifdef TSS_BUILD_SEALX + case TSS_TSPATTRIB_POLICY_CALLBACK_SEALX_MASK: +#endif + result = obj_policy_get_cb12(hObject, attribFlag, + pulAttribDataSize, prgbAttribData); + break; + case TSS_TSPATTRIB_POLICY_POPUPSTRING: + if ((result = obj_policy_get_string(hObject, pulAttribDataSize, + prgbAttribData))) + return result; + break; +#ifdef TSS_BUILD_DELEGATION + case TSS_TSPATTRIB_POLICY_DELEGATION_INFO: + switch (subFlag) { + case TSS_TSPATTRIB_POLDEL_OWNERBLOB: + result = obj_policy_get_delegation_blob(hObject, + TSS_DELEGATIONTYPE_OWNER, + pulAttribDataSize, prgbAttribData); + break; + case TSS_TSPATTRIB_POLDEL_KEYBLOB: + result = obj_policy_get_delegation_blob(hObject, + TSS_DELEGATIONTYPE_KEY, + pulAttribDataSize, prgbAttribData); + break; + default: + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } + break; + case TSS_TSPATTRIB_POLICY_DELEGATION_PCR: + switch (subFlag) { + case TSS_TSPATTRIB_POLDELPCR_DIGESTATRELEASE: + result = obj_policy_get_delegation_pcr_digest(hObject, + pulAttribDataSize, prgbAttribData); + break; + case TSS_TSPATTRIB_POLDELPCR_SELECTION: + result = obj_policy_get_delegation_pcr_selection(hObject, + pulAttribDataSize, prgbAttribData); + break; + default: + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } + break; +#endif + default: + result = TSPERR(TSS_E_INVALID_ATTRIB_FLAG); + break; + } + } else if (obj_is_tpm(hObject)) { + switch (attribFlag) { + case TSS_TSPATTRIB_TPM_CALLBACK_COLLATEIDENTITY: + case TSS_TSPATTRIB_TPM_CALLBACK_ACTIVATEIDENTITY: + result = obj_tpm_get_cb12(hObject, attribFlag, + pulAttribDataSize, prgbAttribData); + break; + default: + return TSPERR(TSS_E_INVALID_ATTRIB_FLAG); + break; + } + } else if (obj_is_migdata(hObject)) { +#ifdef TSS_BUILD_CMK + switch (attribFlag) { + case TSS_MIGATTRIB_MIGRATIONBLOB: + switch (subFlag) { + case TSS_MIGATTRIB_MIG_XOR_BLOB: + result = obj_migdata_get_migrationblob(hObject, subFlag, + pulAttribDataSize, prgbAttribData); + break; + default: + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } + break; + case TSS_MIGATTRIB_AUTHORITY_DATA: + switch (subFlag) { + case TSS_MIGATTRIB_AUTHORITY_DIGEST: + case TSS_MIGATTRIB_AUTHORITY_APPROVAL_HMAC: + case TSS_MIGATTRIB_AUTHORITY_MSALIST: + result = obj_migdata_get_authoritydata(hObject, subFlag, + pulAttribDataSize, prgbAttribData); + break; + default: + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } + break; + case TSS_MIGATTRIB_MIG_AUTH_DATA: + switch (subFlag) { + case TSS_MIGATTRIB_MIG_AUTH_AUTHORITY_DIGEST: + case TSS_MIGATTRIB_MIG_AUTH_DESTINATION_DIGEST: + case TSS_MIGATTRIB_MIG_AUTH_SOURCE_DIGEST: + result = obj_migdata_get_migauthdata(hObject, subFlag, + pulAttribDataSize, prgbAttribData); + break; + default: + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } + break; + case TSS_MIGATTRIB_TICKET_DATA: + switch (subFlag) { + case TSS_MIGATTRIB_TICKET_SIG_TICKET: + result = obj_migdata_get_ticketdata(hObject, subFlag, + pulAttribDataSize, prgbAttribData); + break; + default: + return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG); + } + break; + default: + return TSPERR(TSS_E_INVALID_ATTRIB_FLAG); + break; + } +#endif + } else { + if (obj_is_hash(hObject) || obj_is_pcrs(hObject)) + result = TSPERR(TSS_E_BAD_PARAMETER); + else + result = TSPERR(TSS_E_INVALID_HANDLE); + } + + return result; +} + diff --git a/src/tspi/tspi_hash.c b/src/tspi/tspi_hash.c new file mode 100644 index 0000000..dfd3fcb --- /dev/null +++ b/src/tspi/tspi_hash.c @@ -0,0 +1,59 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +TSS_RESULT +Tspi_Hash_SetHashValue(TSS_HHASH hHash, /* in */ + UINT32 ulHashValueLength, /* in */ + BYTE * rgbHashValue) /* in */ +{ + if (ulHashValueLength == 0 || rgbHashValue == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + return obj_hash_set_value(hHash, ulHashValueLength, rgbHashValue); +} + +TSS_RESULT +Tspi_Hash_GetHashValue(TSS_HHASH hHash, /* in */ + UINT32 * pulHashValueLength, /* out */ + BYTE ** prgbHashValue) /* out */ +{ + if (pulHashValueLength == NULL || prgbHashValue == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + return obj_hash_get_value(hHash, pulHashValueLength, prgbHashValue); +} + +TSS_RESULT +Tspi_Hash_UpdateHashValue(TSS_HHASH hHash, /* in */ + UINT32 ulDataLength, /* in */ + BYTE *rgbData) /* in */ +{ + if (rgbData == NULL && ulDataLength != 0) + return TSPERR(TSS_E_BAD_PARAMETER); + + if (ulDataLength == 0) + return TSS_SUCCESS; + + return obj_hash_update_value(hHash, ulDataLength, rgbData); +} diff --git a/src/tspi/tspi_key.c b/src/tspi/tspi_key.c new file mode 100644 index 0000000..5acd605 --- /dev/null +++ b/src/tspi/tspi_key.c @@ -0,0 +1,706 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" +#include "authsess.h" + + +TSS_RESULT +Tspi_Key_UnloadKey(TSS_HKEY hKey) /* in */ +{ + TSS_HCONTEXT tspContext; + TCS_KEY_HANDLE hTcsKey; + TSS_RESULT result; + + if ((result = obj_rsakey_get_tsp_context(hKey, &tspContext))) + return result; + + if ((result = obj_rsakey_get_tcs_handle(hKey, &hTcsKey))) + return result; + + return __tspi_free_resource(tspContext, hTcsKey, TPM_RT_KEY); +} + +TSS_RESULT +Tspi_Key_LoadKey(TSS_HKEY hKey, /* in */ + TSS_HKEY hUnwrappingKey) /* in */ +{ + TPM_AUTH auth; + TCPA_DIGEST digest; + TSS_RESULT result; + UINT32 keyslot; + TSS_HCONTEXT tspContext; + TSS_HPOLICY hPolicy; + UINT32 keySize; + BYTE *keyBlob; + TCS_KEY_HANDLE tcsKey, tcsParentHandle; + TSS_BOOL usesAuth; + TPM_AUTH *pAuth; + Trspi_HashCtx hashCtx; + TPM_COMMAND_CODE ordinal; + + if (!obj_is_rsakey(hUnwrappingKey)) + return TSPERR(TSS_E_INVALID_HANDLE); + + if ((result = obj_rsakey_get_tsp_context(hKey, &tspContext))) + return result; + + if ((result = obj_context_get_loadkey_ordinal(tspContext, &ordinal))) + return result; + + if ((result = obj_rsakey_get_blob(hKey, &keySize, &keyBlob))) + return result; + + if ((result = obj_rsakey_get_tcs_handle(hUnwrappingKey, &tcsParentHandle))) + return result; + + if ((result = obj_rsakey_get_policy(hUnwrappingKey, TSS_POLICY_USAGE, &hPolicy, + &usesAuth))) { + free_tspi(tspContext, keyBlob); + return result; + } + + if (usesAuth) { + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, ordinal); + result |= Trspi_HashUpdate(&hashCtx, keySize, keyBlob); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) { + free_tspi(tspContext, keyBlob); + return result; + } + + if ((result = secret_PerformAuth_OIAP(hUnwrappingKey, ordinal, hPolicy, FALSE, + &digest, &auth))) { + free_tspi(tspContext, keyBlob); + return result; + } + pAuth = &auth; + } else { + pAuth = NULL; + } + + if ((result = TCS_API(tspContext)->LoadKeyByBlob(tspContext, tcsParentHandle, keySize, + keyBlob, pAuth, &tcsKey, &keyslot))) { + free_tspi(tspContext, keyBlob); + return result; + } + + free_tspi(tspContext, keyBlob); + + if (usesAuth) { + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, ordinal); + if (ordinal == TPM_ORD_LoadKey) + result |= Trspi_Hash_UINT32(&hashCtx, keyslot); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, &auth))) + return result; + } + + return obj_rsakey_set_tcs_handle(hKey, tcsKey); +} + +TSS_RESULT +Tspi_Key_GetPubKey(TSS_HKEY hKey, /* in */ + UINT32 * pulPubKeyLength, /* out */ + BYTE ** prgbPubKey) /* out */ +{ + TPM_AUTH auth; + TPM_AUTH *pAuth; + TCPA_DIGEST digest; + TCPA_RESULT result; + TSS_HCONTEXT tspContext; + TSS_HPOLICY hPolicy; + TCS_KEY_HANDLE tcsKeyHandle; + TSS_BOOL usesAuth; + Trspi_HashCtx hashCtx; + + if (pulPubKeyLength == NULL || prgbPubKey == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_rsakey_get_tsp_context(hKey, &tspContext))) + return result; + + if ((result = obj_rsakey_get_policy(hKey, TSS_POLICY_USAGE, + &hPolicy, &usesAuth))) + return result; + + if ((result = obj_rsakey_get_tcs_handle(hKey, &tcsKeyHandle))) + return result; + + if (usesAuth) { + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_GetPubKey); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if ((result = secret_PerformAuth_OIAP(hKey, TPM_ORD_GetPubKey, hPolicy, FALSE, + &digest, &auth))) + return result; + pAuth = &auth; + } else { + pAuth = NULL; + } + + if ((result = TCS_API(tspContext)->GetPubKey(tspContext, tcsKeyHandle, pAuth, + pulPubKeyLength, prgbPubKey))) + return result; + + if (usesAuth) { + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_GetPubKey); + result |= Trspi_HashUpdate(&hashCtx, *pulPubKeyLength, *prgbPubKey); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto error; + + /* goto error here since prgbPubKey has been set */ + if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, &auth))) + goto error; + } + + if ((result = __tspi_add_mem_entry(tspContext, *prgbPubKey))) + goto error; + + if (tcsKeyHandle == TPM_KEYHND_SRK) + obj_rsakey_set_pubkey(hKey, TRUE, *prgbPubKey); + + return TSS_SUCCESS; +error: + free(*prgbPubKey); + *prgbPubKey = NULL; + *pulPubKeyLength = 0; + return result; +} + +TSS_RESULT +Tspi_Key_CreateKey(TSS_HKEY hKey, /* in */ + TSS_HKEY hWrappingKey, /* in */ + TSS_HPCRS hPcrComposite) /* in, may be NULL */ +{ +#ifdef TSS_BUILD_CMK + UINT32 blobSize; + BYTE *blob; + TSS_BOOL isCmk = FALSE; + TPM_HMAC msaApproval; + TPM_DIGEST msaDigest; +#endif + TCPA_DIGEST digest; + TCPA_RESULT result; + TCS_KEY_HANDLE parentTCSKeyHandle; + BYTE *keyBlob = NULL; + UINT32 keySize; + UINT32 newKeySize; + BYTE *newKey = NULL; + UINT32 ordinal = TPM_ORD_CreateWrapKey; + TSS_HCONTEXT tspContext; + Trspi_HashCtx hashCtx; + struct authsess *xsap = NULL; + + if ((result = obj_rsakey_get_tsp_context(hKey, &tspContext))) + return result; + + if (hPcrComposite) { + /* its possible that hPcrComposite could be a bad handle here, + * or that no indices of it are yet set, which would throw + * internal error. Blanket both those codes with bad + * parameter to help the user out */ + if ((result = obj_rsakey_set_pcr_data(hKey, hPcrComposite))) + return TSPERR(TSS_E_BAD_PARAMETER); + } + + if ((result = obj_rsakey_get_tcs_handle(hWrappingKey, &parentTCSKeyHandle))) + return result; + + if ((result = obj_rsakey_get_blob(hKey, &keySize, &keyBlob))) + return result; + +#ifdef TSS_BUILD_CMK + isCmk = obj_rsakey_is_cmk(hKey); + if (isCmk) { + if ((result = obj_rsakey_get_msa_approval(hKey, &blobSize, &blob))) + goto done; + memcpy(msaApproval.digest, blob, sizeof(msaApproval.digest)); + free_tspi(tspContext, blob); + + if ((result = obj_rsakey_get_msa_digest(hKey, &blobSize, &blob))) + goto done; + memcpy(msaDigest.digest, blob, sizeof(msaDigest.digest)); + free_tspi(tspContext, blob); + + ordinal = TPM_ORD_CMK_CreateKey; + } +#endif + + if ((result = authsess_xsap_init(tspContext, hWrappingKey, hKey, TSS_AUTH_POLICY_REQUIRED, + ordinal, TPM_ET_KEYHANDLE, &xsap))) + return result; + + /* Setup the Hash Data for the HMAC */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, ordinal); +#ifdef TSS_BUILD_CMK + if (isCmk) { + result |= Trspi_Hash_ENCAUTH(&hashCtx, xsap->encAuthUse.authdata); + result |= Trspi_HashUpdate(&hashCtx, keySize, keyBlob); + result |= Trspi_Hash_HMAC(&hashCtx, msaApproval.digest); + result |= Trspi_Hash_DIGEST(&hashCtx, msaDigest.digest); + } else { +#endif + result |= Trspi_Hash_DIGEST(&hashCtx, xsap->encAuthUse.authdata); + result |= Trspi_Hash_DIGEST(&hashCtx, xsap->encAuthMig.authdata); + result |= Trspi_HashUpdate(&hashCtx, keySize, keyBlob); +#ifdef TSS_BUILD_CMK + } +#endif + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto done; + + if ((result = authsess_xsap_hmac(xsap, &digest))) + goto done; + + /* Now call the function */ +#ifdef TSS_BUILD_CMK + if (isCmk) { + if ((newKey = malloc(keySize)) == NULL) { + LogError("malloc of %u bytes failed.", keySize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + memcpy(newKey, keyBlob, keySize); + newKeySize = keySize; + + if ((result = RPC_CMK_CreateKey(tspContext, parentTCSKeyHandle, + (TPM_ENCAUTH *)&xsap->encAuthUse, + &msaApproval, &msaDigest, &newKeySize, &newKey, + xsap->pAuth))) + goto done; + } else { +#endif + if ((result = TCS_API(tspContext)->CreateWrapKey(tspContext, parentTCSKeyHandle, + (TPM_ENCAUTH *)&xsap->encAuthUse, + (TPM_ENCAUTH *)&xsap->encAuthMig, + keySize, keyBlob, &newKeySize, + &newKey, xsap->pAuth))) + goto done; +#ifdef TSS_BUILD_CMK + } +#endif + + /* Validate the Authorization before using the new key */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, ordinal); + result |= Trspi_HashUpdate(&hashCtx, newKeySize, newKey); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto done; + + if (authsess_xsap_verify(xsap, &digest)) { + result = TSPERR(TSS_E_TSP_AUTHFAIL); + goto done; + } + + /* Push the new key into the existing object */ + result = obj_rsakey_set_tcpakey(hKey, newKeySize, newKey); + +done: + authsess_free(xsap); + free_tspi(tspContext, keyBlob); + free(newKey); + + return result; +} + +TSS_RESULT +Tspi_Key_WrapKey(TSS_HKEY hKey, /* in */ + TSS_HKEY hWrappingKey, /* in */ + TSS_HPCRS hPcrComposite) /* in, may be NULL */ +{ + TSS_HPOLICY hUsePolicy, hMigPolicy; + TCPA_SECRET usage, migration; + TSS_RESULT result; + BYTE *keyPrivBlob = NULL, *wrappingPubKey = NULL, *keyBlob = NULL; + UINT32 keyPrivBlobLen, wrappingPubKeyLen, keyBlobLen; + BYTE newPrivKey[214]; /* its not magic, see TPM 1.1b spec p.71 */ + BYTE encPrivKey[256]; + UINT32 newPrivKeyLen = 214, encPrivKeyLen = 256; + UINT64 offset; + TSS_KEY keyContainer; + TCPA_DIGEST digest; + TSS_HCONTEXT tspContext; + Trspi_HashCtx hashCtx; + + if ((result = obj_rsakey_get_tsp_context(hKey, &tspContext))) + return result; + + if (hPcrComposite) { + if ((result = obj_rsakey_set_pcr_data(hKey, hPcrComposite))) + return result; + } + + /* get the key to be wrapped's private key */ + if ((result = obj_rsakey_get_priv_blob(hKey, &keyPrivBlobLen, &keyPrivBlob))) + goto done; + + /* get the key to be wrapped's blob */ + if ((result = obj_rsakey_get_blob(hKey, &keyBlobLen, &keyBlob))) + goto done; + + /* get the wrapping key's public key */ + if ((result = obj_rsakey_get_modulus(hWrappingKey, &wrappingPubKeyLen, &wrappingPubKey))) + goto done; + + /* get the key to be wrapped's usage policy */ + if ((result = obj_rsakey_get_policy(hKey, TSS_POLICY_USAGE, &hUsePolicy, NULL))) + goto done; + + if ((result = obj_rsakey_get_policy(hKey, TSS_POLICY_MIGRATION, &hMigPolicy, NULL))) + goto done; + + if ((result = obj_policy_get_secret(hUsePolicy, TR_SECRET_CTX_NEW, &usage))) + goto done; + + if ((result = obj_policy_get_secret(hMigPolicy, TR_SECRET_CTX_NEW, &migration))) + goto done; + + memset(&keyContainer, 0, sizeof(TSS_KEY)); + + /* unload the key to be wrapped's blob */ + offset = 0; + if ((result = UnloadBlob_TSS_KEY(&offset, keyBlob, &keyContainer))) + return result; + + /* load the key's attributes into an object and get its hash value */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Hash_TSS_PRIVKEY_DIGEST(&hashCtx, &keyContainer); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + free_key_refs(&keyContainer); + + /* create the plaintext private key blob */ + offset = 0; + Trspi_LoadBlob_BYTE(&offset, TCPA_PT_ASYM, newPrivKey); + Trspi_LoadBlob(&offset, 20, newPrivKey, usage.authdata); + Trspi_LoadBlob(&offset, 20, newPrivKey, migration.authdata); + Trspi_LoadBlob(&offset, 20, newPrivKey, digest.digest); + Trspi_LoadBlob_UINT32(&offset, keyPrivBlobLen, newPrivKey); + Trspi_LoadBlob(&offset, keyPrivBlobLen, newPrivKey, keyPrivBlob); + newPrivKeyLen = offset; + + /* encrypt the private key blob */ + if ((result = Trspi_RSA_Encrypt(newPrivKey, newPrivKeyLen, encPrivKey, + &encPrivKeyLen, wrappingPubKey, + wrappingPubKeyLen))) + goto done; + + /* set the new encrypted private key in the wrapped key object */ + if ((result = obj_rsakey_set_privkey(hKey, FALSE, encPrivKeyLen, encPrivKey))) + goto done; + +done: + free_tspi(tspContext, keyPrivBlob); + free_tspi(tspContext, keyBlob); + free_tspi(tspContext, wrappingPubKey); + return result; +} + +TSS_RESULT +Tspi_Context_LoadKeyByBlob(TSS_HCONTEXT tspContext, /* in */ + TSS_HKEY hUnwrappingKey, /* in */ + UINT32 ulBlobLength, /* in */ + BYTE * rgbBlobData, /* in */ + TSS_HKEY * phKey) /* out */ +{ + TPM_AUTH auth; + UINT64 offset; + TCPA_DIGEST digest; + TSS_RESULT result; + UINT32 keyslot; + TSS_HPOLICY hPolicy; + TCS_KEY_HANDLE tcsParentHandle, myTCSKeyHandle; + TSS_KEY keyContainer; + TSS_BOOL useAuth; + TPM_AUTH *pAuth; + TSS_FLAG initFlags; + UINT16 realKeyBlobSize; + TCPA_KEY_USAGE keyUsage; + UINT32 pubLen; + Trspi_HashCtx hashCtx; + TPM_COMMAND_CODE ordinal; + + if (phKey == NULL || rgbBlobData == NULL ) + return TSPERR(TSS_E_BAD_PARAMETER); + + if (!obj_is_rsakey(hUnwrappingKey)) + return TSPERR(TSS_E_INVALID_HANDLE); + + if ((result = obj_context_get_loadkey_ordinal(tspContext, &ordinal))) + return result; + + if ((result = obj_rsakey_get_tcs_handle(hUnwrappingKey, &tcsParentHandle))) + return result; + + offset = 0; + if ((result = UnloadBlob_TSS_KEY(&offset, rgbBlobData, &keyContainer))) + return result; + realKeyBlobSize = offset; + pubLen = keyContainer.pubKey.keyLength; + keyUsage = keyContainer.keyUsage; + /* free these now, since they're not used below */ + free_key_refs(&keyContainer); + + if ((result = obj_rsakey_get_policy(hUnwrappingKey, TSS_POLICY_USAGE, &hPolicy, &useAuth))) + return result; + + if (useAuth) { + /* Create the Authorization */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, ordinal); + result |= Trspi_HashUpdate(&hashCtx, ulBlobLength, rgbBlobData); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if ((result = secret_PerformAuth_OIAP(hUnwrappingKey, ordinal, hPolicy, FALSE, + &digest, &auth))) + return result; + + pAuth = &auth; + } else { + pAuth = NULL; + } + + if ((result = TCS_API(tspContext)->LoadKeyByBlob(tspContext, tcsParentHandle, ulBlobLength, + rgbBlobData, pAuth, &myTCSKeyHandle, + &keyslot))) + return result; + + if (useAuth) { + /* --- Validate return auth */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, ordinal); + if (ordinal == TPM_ORD_LoadKey) + result |= Trspi_Hash_UINT32(&hashCtx, keyslot); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, &auth))) + return result; + } + + /* --- Create a new Object */ + initFlags = 0; + if (pubLen == 0x100) + initFlags |= TSS_KEY_SIZE_2048; + else if (pubLen == 0x80) + initFlags |= TSS_KEY_SIZE_1024; + else if (pubLen == 0x40) + initFlags |= TSS_KEY_SIZE_512; + + /* clear the key type field */ + initFlags &= ~TSS_KEY_TYPE_MASK; + + if (keyUsage == TPM_KEY_STORAGE) + initFlags |= TSS_KEY_TYPE_STORAGE; + else + initFlags |= TSS_KEY_TYPE_SIGNING; /* loading the blob + will fix this + back to what it + should be. */ + + if ((result = obj_rsakey_add(tspContext, initFlags, phKey))) { + LogDebug("Failed create object"); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + if ((result = obj_rsakey_set_tcpakey(*phKey,realKeyBlobSize, rgbBlobData))) { + LogDebug("Key loaded but failed to setup the key object" + "correctly"); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + return obj_rsakey_set_tcs_handle(*phKey, myTCSKeyHandle); +} + +TSS_RESULT +Tspi_TPM_OwnerGetSRKPubKey(TSS_HTPM hTPM, /* in */ + UINT32 * pulPuKeyLength, /* out */ + BYTE ** prgbPubKey) /* out */ +{ + TSS_RESULT result; + TSS_HPOLICY hPolicy; + TSS_HCONTEXT tspContext; + TCS_KEY_HANDLE hKey; + TPM_AUTH auth; + Trspi_HashCtx hashCtx; + TCPA_DIGEST digest; + + if (pulPuKeyLength == NULL || prgbPubKey == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + hKey = TPM_KEYHND_SRK; + + if ((result = obj_tpm_get_policy(hTPM, TSS_POLICY_USAGE, &hPolicy))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_OwnerReadInternalPub); + result |= Trspi_Hash_UINT32(&hashCtx, hKey); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if ((result = secret_PerformAuth_OIAP(hTPM, TPM_ORD_OwnerReadInternalPub, + hPolicy, FALSE, &digest, &auth))) + return result; + + if ((result = TCS_API(tspContext)->OwnerReadInternalPub(tspContext, hKey, &auth, + pulPuKeyLength, prgbPubKey))) + return result; + + /* Validate return auth */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TSS_SUCCESS); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_OwnerReadInternalPub); + result |= Trspi_HashUpdate(&hashCtx, *pulPuKeyLength, *prgbPubKey); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto error; + + if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, &auth))) + goto error; + + /* Call a special SRK-seeking command to transparently add the public data to the object */ + if ((result = obj_rsakey_set_srk_pubkey(*prgbPubKey))) { + LogError("Error setting SRK public data, SRK key object may not exist"); + } + + if ((result = __tspi_add_mem_entry(tspContext, *prgbPubKey))) + goto error; + + return result; + +error: + free(*prgbPubKey); + pulPuKeyLength = 0; + return result; +} + +/* TSS 1.2-only interfaces */ +#ifdef TSS_BUILD_TSS12 +TSS_RESULT +Tspi_TPM_KeyControlOwner(TSS_HTPM hTPM, /* in */ + TSS_HKEY hTssKey, /* in */ + UINT32 attribName, /* in */ + TSS_BOOL attribValue, /* in */ + TSS_UUID* pUuidData) /* out */ +{ + TSS_RESULT result; + TSS_HPOLICY hPolicy; + TSS_HCONTEXT tspContext; + TCS_KEY_HANDLE hTcsKey; + BYTE *pubKey = NULL; + UINT32 pubKeyLen; + TPM_KEY_CONTROL tpmAttribName; + Trspi_HashCtx hashCtx; + TCPA_DIGEST digest; + TPM_AUTH ownerAuth; + + LogDebugFn("Enter"); + + /* Check valid TPM context, get TSP context */ + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + /* Get Tcs KeyHandle */ + if ((result = obj_rsakey_get_tcs_handle(hTssKey, &hTcsKey))) + return result; + + /* Validate/convert attribName */ + switch (attribName) { + case TSS_TSPATTRIB_KEYCONTROL_OWNEREVICT: + tpmAttribName = TPM_KEY_CONTROL_OWNER_EVICT; + break; + default: + return TSPERR(TSS_E_BAD_PARAMETER); + } + + /* Begin Auth - get TPM Policy Handler */ + if ((result = obj_tpm_get_policy(hTPM, TSS_POLICY_USAGE, &hPolicy))) + return result; + + /* Get associated pubKey */ + if ((result = obj_rsakey_get_pub_blob(hTssKey, &pubKeyLen, &pubKey))) + return result; + + /* Create hash digest */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_KeyControlOwner); + LogDebugData(pubKeyLen, pubKey); + result |= Trspi_HashUpdate(&hashCtx, pubKeyLen, pubKey); + result |= Trspi_Hash_UINT32(&hashCtx, tpmAttribName); + result |= Trspi_Hash_BOOL(&hashCtx, attribValue); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) { + free_tspi(tspContext, pubKey); + return result; + } + + if ((result = secret_PerformAuth_OIAP(hTPM, TPM_ORD_KeyControlOwner, hPolicy, FALSE, + &digest, &ownerAuth))) { + free_tspi(tspContext, pubKey); + return result; + } + + if ((result = RPC_KeyControlOwner(tspContext, hTcsKey, pubKeyLen, pubKey, tpmAttribName, + attribValue, &ownerAuth, pUuidData))) { + free_tspi(tspContext, pubKey); + return result; + } + + /* Validate return auth */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TSS_SUCCESS); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_KeyControlOwner); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, &ownerAuth))) + return result; + + /* change hKey internal flag, according to attrib[Name|Value] */ + switch (attribName) { + case TSS_TSPATTRIB_KEYCONTROL_OWNEREVICT: + result = obj_rsakey_set_ownerevict(hTssKey, attribValue); + break; + default: + /* NOT-REACHED */ + result = TSPERR(TSS_E_BAD_PARAMETER); + } + + return result; +} +#endif diff --git a/src/tspi/tspi_maint.c b/src/tspi/tspi_maint.c new file mode 100644 index 0000000..5576ed3 --- /dev/null +++ b/src/tspi/tspi_maint.c @@ -0,0 +1,269 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +TSS_RESULT +Tspi_TPM_CreateMaintenanceArchive(TSS_HTPM hTPM, /* in */ + TSS_BOOL fGenerateRndNumber, /* in */ + UINT32 * pulRndNumberLength, /* out */ + BYTE ** prgbRndNumber, /* out */ + UINT32 * pulArchiveDataLength, /* out */ + BYTE ** prgbArchiveData) /* out */ +{ + TSS_RESULT result; + TSS_HCONTEXT tspContext; + TSS_HPOLICY hOwnerPolicy; + TPM_AUTH ownerAuth; + TCPA_DIGEST digest; + Trspi_HashCtx hashCtx; + + if (pulArchiveDataLength == NULL || prgbArchiveData == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if (fGenerateRndNumber && + (pulRndNumberLength == NULL || prgbRndNumber == NULL)) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + if ((result = obj_tpm_get_policy(hTPM, TSS_POLICY_USAGE, &hOwnerPolicy))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_CreateMaintenanceArchive); + result |= Trspi_Hash_BYTE(&hashCtx, fGenerateRndNumber); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if ((result = secret_PerformAuth_OIAP(hTPM, TPM_ORD_CreateMaintenanceArchive, hOwnerPolicy, + FALSE, &digest, &ownerAuth))) + return result; + + if ((result = TCS_API(tspContext)->CreateMaintenanceArchive(tspContext, fGenerateRndNumber, + &ownerAuth, pulRndNumberLength, + prgbRndNumber, + pulArchiveDataLength, + prgbArchiveData))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_CreateMaintenanceArchive); + result |= Trspi_Hash_UINT32(&hashCtx, *pulRndNumberLength); + result |= Trspi_HashUpdate(&hashCtx, *pulRndNumberLength, *prgbRndNumber); + result |= Trspi_Hash_UINT32(&hashCtx, *pulArchiveDataLength); + result |= Trspi_HashUpdate(&hashCtx, *pulArchiveDataLength, *prgbArchiveData); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto error1; + + if ((result = obj_policy_validate_auth_oiap(hOwnerPolicy, &digest, &ownerAuth))) + goto error1; + + if ((result = __tspi_add_mem_entry(tspContext, *prgbRndNumber))) + goto error1; + + if ((result = __tspi_add_mem_entry(tspContext, *prgbArchiveData))) { + free_tspi(tspContext, *prgbRndNumber); + goto error2; + } + + return TSS_SUCCESS; +error1: + free(*prgbRndNumber); +error2: + free(*prgbArchiveData); + return result; +} + +TSS_RESULT +Tspi_TPM_KillMaintenanceFeature(TSS_HTPM hTPM) /* in */ +{ + TSS_RESULT result; + TSS_HCONTEXT tspContext; + TSS_HPOLICY hOwnerPolicy; + TPM_AUTH ownerAuth; + TCPA_DIGEST digest; + Trspi_HashCtx hashCtx; + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + if ((result = obj_tpm_get_policy(hTPM, TSS_POLICY_USAGE, &hOwnerPolicy))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_KillMaintenanceFeature); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if ((result = secret_PerformAuth_OIAP(hTPM, TPM_ORD_KillMaintenanceFeature, hOwnerPolicy, + FALSE, &digest, &ownerAuth))) + return result; + + if ((result = TCS_API(tspContext)->KillMaintenanceFeature(tspContext, &ownerAuth))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_KillMaintenanceFeature); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if ((result = obj_policy_validate_auth_oiap(hOwnerPolicy, &digest, &ownerAuth))) + return result; + + return TSS_SUCCESS; +} + +TSS_RESULT +Tspi_TPM_LoadMaintenancePubKey(TSS_HTPM hTPM, /* in */ + TSS_HKEY hMaintenanceKey, /* in */ + TSS_VALIDATION * pValidationData) /* in, out */ +{ + TSS_RESULT result; + TSS_HCONTEXT tspContext; + TCPA_DIGEST checkSum, digest; + TCPA_NONCE nonce; + UINT64 offset; + UINT32 pubBlobSize; + BYTE hashBlob[512], *pubBlob; + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + if (pValidationData == NULL) { + if ((result = get_local_random(tspContext, FALSE, sizeof(TCPA_NONCE), + (BYTE **)nonce.nonce))) + return result; + } else { + if (pValidationData->ulExternalDataLength < sizeof(nonce.nonce)) + return TSPERR(TSS_E_BAD_PARAMETER); + + memcpy(&nonce.nonce, pValidationData->rgbExternalData, sizeof(nonce.nonce)); + } + + if ((result = obj_rsakey_get_pub_blob(hMaintenanceKey, &pubBlobSize, &pubBlob))) + return result; + + if ((result = TCS_API(tspContext)->LoadManuMaintPub(tspContext, nonce, pubBlobSize, pubBlob, + &checkSum))) + return result; + + offset = 0; + Trspi_LoadBlob(&offset, pubBlobSize, hashBlob, pubBlob); + Trspi_LoadBlob(&offset, TCPA_SHA1_160_HASH_LEN, hashBlob, (BYTE *)&nonce.nonce); + + if (pValidationData == NULL) { + if ((result = Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob, digest.digest))) + return result; + + if (memcmp(&digest.digest, &checkSum.digest, TCPA_SHA1_160_HASH_LEN)) + result = TSPERR(TSS_E_FAIL); + } else { + if ((pValidationData->rgbData = calloc_tspi(tspContext, offset)) == NULL) + return TSPERR(TSS_E_OUTOFMEMORY); + + pValidationData->ulDataLength = offset; + memcpy(pValidationData->rgbData, hashBlob, offset); + + if ((pValidationData->rgbValidationData = calloc_tspi(tspContext, + TPM_SHA1_160_HASH_LEN)) + == NULL) { + free_tspi(tspContext, pValidationData->rgbData); + pValidationData->rgbData = NULL; + pValidationData->ulDataLength = 0; + return TSPERR(TSS_E_OUTOFMEMORY); + } + pValidationData->ulValidationDataLength = TCPA_SHA1_160_HASH_LEN; + + memcpy(pValidationData->rgbValidationData, checkSum.digest, TCPA_SHA1_160_HASH_LEN); + } + + return result; +} + +TSS_RESULT +Tspi_TPM_CheckMaintenancePubKey(TSS_HTPM hTPM, /* in */ + TSS_HKEY hMaintenanceKey, /* in */ + TSS_VALIDATION * pValidationData) /* in, out */ +{ + TSS_RESULT result; + TSS_HCONTEXT tspContext; + TCPA_DIGEST checkSum, digest; + TCPA_NONCE nonce; + UINT32 pubBlobSize; + BYTE *pubBlob; + Trspi_HashCtx hashCtx; + + if ((pValidationData && hMaintenanceKey) || (!pValidationData && !hMaintenanceKey)) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + if (pValidationData == NULL) { + if ((result = get_local_random(tspContext, FALSE, sizeof(TCPA_NONCE), + (BYTE **)nonce.nonce))) + return result; + } else { + if (pValidationData->ulExternalDataLength < sizeof(nonce.nonce)) + return TSPERR(TSS_E_BAD_PARAMETER); + + memcpy(&nonce.nonce, pValidationData->rgbExternalData, sizeof(nonce.nonce)); + } + + if ((result = TCS_API(tspContext)->ReadManuMaintPub(tspContext, nonce, &checkSum))) + return result; + + if (pValidationData == NULL) { + if ((result = obj_rsakey_get_pub_blob(hMaintenanceKey, &pubBlobSize, &pubBlob))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_HashUpdate(&hashCtx, pubBlobSize, pubBlob); + result |= Trspi_HashUpdate(&hashCtx, TCPA_SHA1_160_HASH_LEN, (BYTE *)&nonce.nonce); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if (memcmp(&digest.digest, &checkSum.digest, TCPA_SHA1_160_HASH_LEN)) + result = TSPERR(TSS_E_FAIL); + + free_tspi(tspContext, pubBlob); + } else { + /* Ignore Data and DataLength, the application must already have this data. + * Do, however, copy out the checksum so that the application can verify */ + if ((pValidationData->rgbValidationData = calloc_tspi(tspContext, + TCPA_SHA1_160_HASH_LEN)) + == NULL) { + free_tspi(tspContext, pubBlob); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + pValidationData->ulValidationDataLength = TCPA_SHA1_160_HASH_LEN; + memcpy(pValidationData->rgbValidationData, checkSum.digest, TCPA_SHA1_160_HASH_LEN); + } + + return result; +} + diff --git a/src/tspi/tspi_migration.c b/src/tspi/tspi_migration.c new file mode 100644 index 0000000..83b73f4 --- /dev/null +++ b/src/tspi/tspi_migration.c @@ -0,0 +1,400 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +TSS_RESULT +Tspi_TPM_AuthorizeMigrationTicket(TSS_HTPM hTPM, /* in */ + TSS_HKEY hMigrationKey, /* in */ + TSS_MIGRATION_SCHEME migrationScheme, /* in */ + UINT32 * pulMigTicketLength, /* out */ + BYTE ** prgbMigTicket) /* out */ +{ + UINT64 offset; + TCPA_DIGEST digest; + TCPA_RESULT result; + TSS_HPOLICY hOwnerPolicy; + UINT32 migrationKeySize; + BYTE *migrationKeyBlob; + TSS_KEY tssKey; + BYTE pubKeyBlob[0x1000]; + TPM_AUTH ownerAuth; + UINT32 pubKeySize; + TSS_HCONTEXT tspContext; + UINT32 tpmMigrationScheme; + Trspi_HashCtx hashCtx; + + if (pulMigTicketLength == NULL || prgbMigTicket == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + /* get the tpm Policy */ + if ((result = obj_tpm_get_policy(hTPM, TSS_POLICY_USAGE, &hOwnerPolicy))) + return result; + + switch (migrationScheme) { + case TSS_MS_MIGRATE: + tpmMigrationScheme = TCPA_MS_MIGRATE; + break; + case TSS_MS_REWRAP: + tpmMigrationScheme = TCPA_MS_REWRAP; + break; + case TSS_MS_MAINT: + tpmMigrationScheme = TCPA_MS_MAINT; + break; +#ifdef TSS_BUILD_CMK + case TSS_MS_RESTRICT_MIGRATE: + tpmMigrationScheme = TPM_MS_RESTRICT_MIGRATE; + break; + + case TSS_MS_RESTRICT_APPROVE_DOUBLE: + tpmMigrationScheme = TPM_MS_RESTRICT_APPROVE_DOUBLE; + break; +#endif + default: + return TSPERR(TSS_E_BAD_PARAMETER); + break; + } + + /* Get the migration key blob */ + if ((result = obj_rsakey_get_blob(hMigrationKey, &migrationKeySize, &migrationKeyBlob))) + return result; + + /* First, turn the keyBlob into a TSS_KEY structure */ + offset = 0; + memset(&tssKey, 0, sizeof(TSS_KEY)); + if ((result = UnloadBlob_TSS_KEY(&offset, migrationKeyBlob, &tssKey))) { + free_tspi(tspContext, migrationKeyBlob); + return result; + } + free_tspi(tspContext, migrationKeyBlob); + + /* Then pull the _PUBKEY portion out of that struct into a blob */ + offset = 0; + Trspi_LoadBlob_KEY_PARMS(&offset, pubKeyBlob, &tssKey.algorithmParms); + Trspi_LoadBlob_STORE_PUBKEY(&offset, pubKeyBlob, &tssKey.pubKey); + pubKeySize = offset; + free_key_refs(&tssKey); + + /* Auth */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_AuthorizeMigrationKey); + result |= Trspi_Hash_UINT16(&hashCtx, tpmMigrationScheme); + result |= Trspi_HashUpdate(&hashCtx, pubKeySize, pubKeyBlob); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if ((result = secret_PerformAuth_OIAP(hTPM, TPM_ORD_AuthorizeMigrationKey, hOwnerPolicy, + FALSE, &digest, &ownerAuth))) + return result; + + /* Send command */ + if ((result = TCS_API(tspContext)->AuthorizeMigrationKey(tspContext, migrationScheme, + pubKeySize, pubKeyBlob, &ownerAuth, + pulMigTicketLength, + prgbMigTicket))) + return result; + + /* Validate Auth */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_AuthorizeMigrationKey); + result |= Trspi_HashUpdate(&hashCtx, *pulMigTicketLength, *prgbMigTicket); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) { + *pulMigTicketLength = 0; + free(*prgbMigTicket); + return result; + } + + if ((result = obj_policy_validate_auth_oiap(hOwnerPolicy, &digest, &ownerAuth))) { + *pulMigTicketLength = 0; + free(*prgbMigTicket); + return result; + } + + if ((result = __tspi_add_mem_entry(tspContext, *prgbMigTicket))) { + *pulMigTicketLength = 0; + free(*prgbMigTicket); + return result; + } + + return TSS_SUCCESS; +} + +TSS_RESULT +Tspi_Key_CreateMigrationBlob(TSS_HKEY hKeyToMigrate, /* in */ + TSS_HKEY hParentKey, /* in */ + UINT32 ulMigTicketLength, /* in */ + BYTE * rgbMigTicket, /* in */ + UINT32 * pulRandomLength, /* out */ + BYTE ** prgbRandom, /* out */ + UINT32 * pulMigrationBlobLength, /* out */ + BYTE ** prgbMigrationBlob) /* out */ +{ + TPM_AUTH parentAuth, entityAuth; + TPM_AUTH *pParentAuth; + TCPA_RESULT result; + UINT64 offset; + TCPA_DIGEST digest; + UINT32 keyToMigrateSize; + BYTE *keyToMigrateBlob = NULL; + TSS_HPOLICY hParentPolicy; + TSS_HPOLICY hMigratePolicy; + TCPA_MIGRATIONKEYAUTH migAuth; + TSS_KEY tssKey; + TCS_KEY_HANDLE parentHandle; + TSS_BOOL parentUsesAuth; + UINT32 randomSize; + BYTE *random = NULL; + UINT32 blobSize; + BYTE *blob = NULL; + TSS_HCONTEXT tspContext; + Trspi_HashCtx hashCtx; + + memset(&tssKey, 0, sizeof(TSS_KEY)); + + if (pulRandomLength == NULL || prgbRandom == NULL || rgbMigTicket == NULL || + pulMigrationBlobLength == NULL || prgbMigrationBlob == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if (!obj_is_rsakey(hKeyToMigrate)) + return TSPERR(TSS_E_INVALID_HANDLE); + + if ((result = obj_rsakey_get_tsp_context(hKeyToMigrate, &tspContext))) + return result; + + if ((result = obj_rsakey_get_blob(hKeyToMigrate, &keyToMigrateSize, &keyToMigrateBlob))) + goto done; + + if ((result = obj_rsakey_get_policy(hParentKey, TSS_POLICY_USAGE, &hParentPolicy, + &parentUsesAuth))) + goto done; + + if ((result = obj_rsakey_get_policy(hKeyToMigrate, TSS_POLICY_MIGRATION, &hMigratePolicy, + NULL))) + goto done; + + /* Parsing the migration scheme from the blob and key object */ + memset(&migAuth, 0, sizeof(TCPA_MIGRATIONKEYAUTH)); + + offset = 0; + if ((result = Trspi_UnloadBlob_MIGRATIONKEYAUTH(&offset, rgbMigTicket, &migAuth))) + goto done; + + /* free these now, since none are used below */ + free(migAuth.migrationKey.algorithmParms.parms); + migAuth.migrationKey.algorithmParms.parmSize = 0; + free(migAuth.migrationKey.pubKey.key); + migAuth.migrationKey.pubKey.keyLength = 0; + + offset = 0; + if ((result = UnloadBlob_TSS_KEY(&offset, keyToMigrateBlob, &tssKey))) + goto done; + + /* Generate the Authorization data */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_CreateMigrationBlob); + result |= Trspi_Hash_UINT16(&hashCtx, migAuth.migrationScheme); + result |= Trspi_HashUpdate(&hashCtx, ulMigTicketLength, rgbMigTicket); + result |= Trspi_Hash_UINT32(&hashCtx, tssKey.encSize); + result |= Trspi_HashUpdate(&hashCtx, tssKey.encSize, tssKey.encData); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto done; + + if (parentUsesAuth) { + if ((result = secret_PerformAuth_OIAP(hParentPolicy, TPM_ORD_CreateMigrationBlob, + hParentPolicy, FALSE, &digest, + &parentAuth))) + goto done; + pParentAuth = &parentAuth; + } else { + pParentAuth = NULL; + } + + if ((result = secret_PerformAuth_OIAP(hKeyToMigrate, TPM_ORD_CreateMigrationBlob, + hMigratePolicy, FALSE, &digest, &entityAuth))) + goto done; + + if ((result = obj_rsakey_get_tcs_handle(hParentKey, &parentHandle))) + goto done; + + if ((result = TCS_API(tspContext)->CreateMigrationBlob(tspContext, parentHandle, + migAuth.migrationScheme, + ulMigTicketLength, rgbMigTicket, + tssKey.encSize, tssKey.encData, + pParentAuth, &entityAuth, + &randomSize, &random, + &blobSize, &blob))) + goto done; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_CreateMigrationBlob); + result |= Trspi_Hash_UINT32(&hashCtx, randomSize); + result |= Trspi_HashUpdate(&hashCtx, randomSize, random); + result |= Trspi_Hash_UINT32(&hashCtx, blobSize); + result |= Trspi_HashUpdate(&hashCtx, blobSize, blob); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto done; + + if (parentUsesAuth) { + if ((result = obj_policy_validate_auth_oiap(hParentPolicy, &digest, &parentAuth))) + goto done; + } + + if ((result = obj_policy_validate_auth_oiap(hMigratePolicy, &digest, &entityAuth))) + goto done; + + free(tssKey.encData); + tssKey.encSize = blobSize; + tssKey.encData = blob; + /* Set blob to null since it will now be freed during key ref freeing */ + blob = NULL; + + offset = 0; + LoadBlob_TSS_KEY(&offset, NULL, &tssKey); + + *pulMigrationBlobLength = offset; + *prgbMigrationBlob = calloc_tspi(tspContext, *pulMigrationBlobLength); + if (*prgbMigrationBlob == NULL) { + LogError("malloc of %u bytes failed.", *pulMigrationBlobLength); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + offset = 0; + LoadBlob_TSS_KEY(&offset, *prgbMigrationBlob, &tssKey); + + if (randomSize) { + if ((result = __tspi_add_mem_entry(tspContext, random))) + goto done; + } + *pulRandomLength = randomSize; + *prgbRandom = random; + +done: + if (result) + free(random); + free_tspi(tspContext, keyToMigrateBlob); + free_key_refs(&tssKey); + free(blob); + + return result; +} + +TSS_RESULT +Tspi_Key_ConvertMigrationBlob(TSS_HKEY hKeyToMigrate, /* in */ + TSS_HKEY hParentKey, /* in */ + UINT32 ulRandomLength, /* in */ + BYTE * rgbRandom, /* in */ + UINT32 ulMigrationBlobLength, /* in */ + BYTE * rgbMigrationBlob) /* in */ +{ + TCPA_RESULT result; + TSS_KEY tssKey; + UINT32 outDataSize; + BYTE *outData = NULL; + TCS_KEY_HANDLE parentHandle; + TPM_AUTH parentAuth; + TSS_HPOLICY hParentPolicy; + TCPA_DIGEST digest; + TSS_BOOL useAuth; + TPM_AUTH *pParentAuth; + TSS_HCONTEXT tspContext; + Trspi_HashCtx hashCtx; + UINT64 offset; + + memset(&tssKey, 0, sizeof(TSS_KEY)); + + if ((result = obj_rsakey_get_tsp_context(hKeyToMigrate, &tspContext))) + return result; + + if (!obj_is_rsakey(hParentKey)) + return TSPERR(TSS_E_INVALID_HANDLE); + + /* Get the parent key handle */ + if ((result = obj_rsakey_get_tcs_handle(hParentKey, &parentHandle))) + return result; + + /* Get the policy */ + if ((result = obj_rsakey_get_policy(hParentKey, TSS_POLICY_USAGE, + &hParentPolicy, &useAuth))) + return result; + + offset = 0; + if ((result = UnloadBlob_TSS_KEY(&offset, rgbMigrationBlob, &tssKey))) + return result; + + /* Generate the authorization */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_ConvertMigrationBlob); + result |= Trspi_Hash_UINT32(&hashCtx, tssKey.encSize); + result |= Trspi_HashUpdate(&hashCtx, tssKey.encSize, tssKey.encData); + result |= Trspi_Hash_UINT32(&hashCtx, ulRandomLength); + result |= Trspi_HashUpdate(&hashCtx, ulRandomLength, rgbRandom); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto done; + + if (useAuth) { + if ((result = secret_PerformAuth_OIAP(hParentPolicy, TPM_ORD_ConvertMigrationBlob, + hParentPolicy, FALSE, &digest, &parentAuth))) + goto done; + pParentAuth = &parentAuth; + } else { + pParentAuth = NULL; + } + + if ((result = TCS_API(tspContext)->ConvertMigrationBlob(tspContext, parentHandle, + tssKey.encSize, tssKey.encData, + ulRandomLength, rgbRandom, + pParentAuth, + &outDataSize, &outData))) + goto done; + + /* add validation */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_ConvertMigrationBlob); + result |= Trspi_Hash_UINT32(&hashCtx, outDataSize); + result |= Trspi_HashUpdate(&hashCtx, outDataSize, outData); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto done; + + if (useAuth) { + if ((result = obj_policy_validate_auth_oiap(hParentPolicy, &digest, &parentAuth))) + goto done; + } + + /* Set the key object to the now migrated key */ + if ((result = obj_rsakey_set_tcpakey(hKeyToMigrate, ulMigrationBlobLength, rgbMigrationBlob))) + goto done; + if ((result = obj_rsakey_set_privkey(hKeyToMigrate, TRUE, outDataSize, outData))) + goto done; + result = obj_rsakey_set_tcs_handle(hKeyToMigrate, 0); + +done: + free_key_refs(&tssKey); + free(outData); + + return result; +} diff --git a/src/tspi/tspi_nv.c b/src/tspi/tspi_nv.c new file mode 100644 index 0000000..bdf10ad --- /dev/null +++ b/src/tspi/tspi_nv.c @@ -0,0 +1,527 @@ +/* + * The Initial Developer of the Original Code is Intel Corporation. + * Portions created by Intel Corporation are Copyright (C) 2007 Intel Corporation. + * All Rights Reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the Common Public License as published by + * IBM Corporation; either version 1 of the License, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * Common Public License for more details. + * + * You should have received a copy of the Common Public License + * along with this program; if not, a copy can be viewed at + * http://www.opensource.org/licenses/cpl1.0.php. + * + * trousers - An open source TCG Software Stack + * + * Author: james.xu@intel.com Rossey.liu@intel.com + * + * Kent Yoder - updates for new authsession mechanism + * (C) International Business Machines Corp. 2007 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" +#include "authsess.h" + +TSS_RESULT +Tspi_NV_DefineSpace(TSS_HNVSTORE hNvstore, /* in */ + TSS_HPCRS hReadPcrComposite, /* in, may be NULL */ + TSS_HPCRS hWritePcrComposite) /* in, may be NULL*/ +{ + TSS_HCONTEXT tspContext; + TSS_HTPM hTpm; + TSS_RESULT result; + UINT32 uiResultLen; + BYTE *pResult; + UINT32 i; + + TPM_BOOL defined_index = FALSE; + NV_DATA_PUBLIC nv_data_public; + TSS_BOOL need_authdata = FALSE; + TCPA_DIGEST digest; + BYTE *pReadPCR; + UINT32 pReadPCR_len; + BYTE *pWritePCR; + UINT32 pWritePCR_len; + UINT64 NVPublic_DataSize; + BYTE NVPublicData[MAX_PUBLIC_DATA_SIZE]; + Trspi_HashCtx hashCtx; + struct authsess *xsap = NULL; + + if ((result = obj_nvstore_get_tsp_context(hNvstore, &tspContext))) + return result; + + memset(&nv_data_public, 0, sizeof(NV_DATA_PUBLIC)); + + if ((result = obj_nvstore_get_index(hNvstore, &nv_data_public.nvIndex))) + return result; + + if ((result = obj_nvstore_get_datasize(hNvstore, &nv_data_public.dataSize))) + return result; + + if ((result = obj_nvstore_get_permission(hNvstore, &nv_data_public.permission.attributes))) + return result; + + if ((result = obj_tpm_get(tspContext, &hTpm))) + return result; + + if((result = Tspi_TPM_GetCapability(hTpm, TSS_TPMCAP_NV_LIST, 0, + NULL, &uiResultLen, &pResult))) + return result; + + for (i = 0; i < uiResultLen/sizeof(UINT32); i++) { + if (nv_data_public.nvIndex == Decode_UINT32(pResult + i * sizeof(UINT32))) { + defined_index = TRUE; + break; + } + } + free_tspi(tspContext, pResult); + + if (defined_index) { + result = TSPERR(TSS_E_NV_AREA_EXIST); + return result; + } + + need_authdata = (nv_data_public.permission.attributes + & (TPM_NV_PER_AUTHREAD |TPM_NV_PER_AUTHWRITE)) ? TRUE : FALSE; + + nv_data_public.tag = TPM_TAG_NV_DATA_PUBLIC; + + if ((result = obj_nvstore_create_pcrshortinfo(hNvstore, hReadPcrComposite, + &pReadPCR_len, &pReadPCR))) + return result; + + if ((result = obj_nvstore_create_pcrshortinfo(hNvstore, hWritePcrComposite, + &pWritePCR_len, &pWritePCR))) { + free_tspi(tspContext, pReadPCR); + return result; + } + + NVPublic_DataSize = 0; + Trspi_LoadBlob_UINT16(&NVPublic_DataSize, TPM_TAG_NV_DATA_PUBLIC, NVPublicData); + Trspi_LoadBlob_UINT32(&NVPublic_DataSize, nv_data_public.nvIndex, NVPublicData); + Trspi_LoadBlob(&NVPublic_DataSize, pReadPCR_len, NVPublicData, pReadPCR); + Trspi_LoadBlob(&NVPublic_DataSize, pWritePCR_len, NVPublicData, pWritePCR); + Trspi_LoadBlob_UINT16(&NVPublic_DataSize, TPM_TAG_NV_ATTRIBUTES, NVPublicData); + Trspi_LoadBlob_UINT32(&NVPublic_DataSize, nv_data_public.permission.attributes, NVPublicData); + Trspi_LoadBlob_BOOL(&NVPublic_DataSize, nv_data_public.bReadSTClear, NVPublicData); + Trspi_LoadBlob_BOOL(&NVPublic_DataSize, nv_data_public.bWriteSTClear, NVPublicData); + Trspi_LoadBlob_BOOL(&NVPublic_DataSize, nv_data_public.bWriteDefine, NVPublicData); + Trspi_LoadBlob_UINT32(&NVPublic_DataSize, nv_data_public.dataSize, NVPublicData); + free_tspi(tspContext, pReadPCR); + free_tspi(tspContext, pWritePCR); + + if ((result = authsess_xsap_init(tspContext, hTpm, hNvstore, need_authdata, + TPM_ORD_NV_DefineSpace, TPM_ET_OWNER, &xsap))) { + if (result == TSPERR(TSS_E_TSP_AUTHREQUIRED)) + result = TSS_ERROR_CODE(TSS_E_BAD_PARAMETER); + return result; + } + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_NV_DefineSpace); + result |= Trspi_HashUpdate(&hashCtx, NVPublic_DataSize, NVPublicData); + result |= Trspi_Hash_ENCAUTH(&hashCtx, xsap->encAuthUse.authdata); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto error; + + if ((result = authsess_xsap_hmac(xsap, &digest))) + goto error; + + if ((result = TCS_API(tspContext)->NV_DefineOrReleaseSpace(tspContext, NVPublic_DataSize, + NVPublicData, xsap->encAuthUse, + xsap->pAuth))) + goto error; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_SUCCESS); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_NV_DefineSpace); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto error; + + result = authsess_xsap_verify(xsap, &digest); +error: + authsess_free(xsap); + + return result; +} + +TSS_RESULT +Tspi_NV_ReleaseSpace(TSS_HNVSTORE hNvstore) /* in */ +{ + TSS_HCONTEXT tspContext; + TSS_HTPM hTpm; + TSS_RESULT result; + UINT32 uiResultLen; + BYTE *pResult; + UINT32 i; + TPM_BOOL defined_index = FALSE; + NV_DATA_PUBLIC nv_data_public; + TCPA_DIGEST digest; + BYTE *pPCR; + UINT32 pPCR_len; + + UINT64 NVPublic_DataSize; + BYTE NVPublicData[MAX_PUBLIC_DATA_SIZE]; + Trspi_HashCtx hashCtx; + struct authsess *xsap = NULL; + + memset(&nv_data_public, 0, sizeof(NV_DATA_PUBLIC)); + + if ((result = obj_nvstore_get_tsp_context(hNvstore, &tspContext))) + return result; + + if ((result = obj_nvstore_get_index(hNvstore, &nv_data_public.nvIndex))) + return result; + + if ((result = obj_nvstore_get_datasize(hNvstore, &nv_data_public.dataSize))) + return result; + + if ((result = obj_nvstore_get_permission(hNvstore, &nv_data_public.permission.attributes))) + return result; + + if ((result = obj_tpm_get(tspContext, &hTpm))) + return result; + + if((result = Tspi_TPM_GetCapability(hTpm, TSS_TPMCAP_NV_LIST, 0, + NULL, &uiResultLen, &pResult))) + return result; + + for (i = 0; i < uiResultLen/sizeof(UINT32); i++) { + if (nv_data_public.nvIndex == Decode_UINT32(pResult + i * sizeof(UINT32))) { + defined_index = TRUE; + break; + } + } + free_tspi(tspContext, pResult); + + if (!defined_index) { + result = TSPERR(TSS_E_NV_AREA_NOT_EXIST); + return result; + } + + nv_data_public.tag = TPM_TAG_NV_DATA_PUBLIC; + + if ((result = obj_nvstore_create_pcrshortinfo(hNvstore, NULL_HPCRS, &pPCR_len, &pPCR))) + return result; + + NVPublic_DataSize = 0; + Trspi_LoadBlob_UINT16(&NVPublic_DataSize, TPM_TAG_NV_DATA_PUBLIC, NVPublicData); + Trspi_LoadBlob_UINT32(&NVPublic_DataSize, nv_data_public.nvIndex, NVPublicData); + /* load the read pcr short info */ + Trspi_LoadBlob(&NVPublic_DataSize, pPCR_len, NVPublicData, pPCR); + /* load the write pcr short info */ + Trspi_LoadBlob(&NVPublic_DataSize, pPCR_len, NVPublicData, pPCR); + Trspi_LoadBlob_UINT16(&NVPublic_DataSize, TPM_TAG_NV_ATTRIBUTES, NVPublicData); + Trspi_LoadBlob_UINT32(&NVPublic_DataSize, + nv_data_public.permission.attributes, NVPublicData); + Trspi_LoadBlob_BOOL(&NVPublic_DataSize, nv_data_public.bReadSTClear, NVPublicData); + Trspi_LoadBlob_BOOL(&NVPublic_DataSize, nv_data_public.bWriteSTClear, NVPublicData); + Trspi_LoadBlob_BOOL(&NVPublic_DataSize, nv_data_public.bWriteDefine, NVPublicData); + /*Trspi_LoadBlob_UINT32(&NVPublic_DataSize, nv_data_public.dataSize, NVPublicData);*/ + Trspi_LoadBlob_UINT32(&NVPublic_DataSize, 0, NVPublicData); + free_tspi(tspContext, pPCR); + + if ((result = authsess_xsap_init(tspContext, hTpm, hNvstore, TSS_AUTH_POLICY_NOT_REQUIRED, + TPM_ORD_NV_DefineSpace, TPM_ET_OWNER, &xsap))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_NV_DefineSpace); + result |= Trspi_HashUpdate(&hashCtx, NVPublic_DataSize, NVPublicData); + result |= Trspi_Hash_ENCAUTH(&hashCtx, xsap->encAuthUse.authdata); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto error; + + if ((result = authsess_xsap_hmac(xsap, &digest))) + goto error; + + if ((result = TCS_API(tspContext)->NV_DefineOrReleaseSpace(tspContext, NVPublic_DataSize, + NVPublicData, xsap->encAuthUse, + xsap->pAuth))) + goto error; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_SUCCESS); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_NV_DefineSpace); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto error; + + result = authsess_xsap_verify(xsap, &digest); +error: + authsess_free(xsap); + + return result; +} + +TSS_RESULT +Tspi_NV_WriteValue(TSS_HNVSTORE hNvstore, /* in */ + UINT32 offset, /* in */ + UINT32 ulDataLength, /* in */ + BYTE* rgbDataToWrite) /* in */ +{ + TSS_HCONTEXT tspContext; + TSS_HTPM hTpm; + TSS_RESULT result; + NV_DATA_PUBLIC nv_data_public; + UINT32 need_authdata = 0; + UINT32 authwrite =0; + TSS_HPOLICY hPolicy; + TPM_AUTH auth; + TCPA_DIGEST digest; + Trspi_HashCtx hashCtx; + + if ((ulDataLength != 0) && (rgbDataToWrite == NULL)) + return TSPERR(TSS_E_BAD_PARAMETER); + + if((result = obj_nvstore_get_tsp_context(hNvstore, &tspContext))) + return result; + + if ((result = obj_tpm_get(tspContext, &hTpm))) + return result; + + if ((result = obj_nvstore_get_index(hNvstore, &nv_data_public.nvIndex))) + return result; + + if ((result = obj_nvstore_get_policy(hNvstore, TSS_POLICY_USAGE, &hPolicy))) + return result; + + if (hPolicy) { + if ((result = obj_nvstore_get_permission_from_tpm(hNvstore, + &nv_data_public.permission.attributes))) + return result; + + need_authdata = nv_data_public.permission.attributes + & (TPM_NV_PER_AUTHWRITE | TPM_NV_PER_OWNERWRITE); + + authwrite = nv_data_public.permission.attributes & TPM_NV_PER_AUTHWRITE; + + if (need_authdata) { + if (!authwrite) { + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_NV_WriteValue); + result |= Trspi_Hash_UINT32(&hashCtx, nv_data_public.nvIndex); + result |= Trspi_Hash_UINT32(&hashCtx, offset); + result |= Trspi_Hash_UINT32(&hashCtx, ulDataLength); + result |= Trspi_HashUpdate(&hashCtx, ulDataLength, rgbDataToWrite); + + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if ((result = secret_PerformAuth_OIAP(hNvstore, + TPM_ORD_NV_WriteValue, + hPolicy, FALSE, &digest, + &auth))) + return result; + + if ((result = TCS_API(tspContext)->NV_WriteValue(tspContext, + nv_data_public.nvIndex, + offset, ulDataLength, + rgbDataToWrite, &auth))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_NV_WriteValue); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if ((result = obj_policy_validate_auth_oiap(hPolicy, + &digest, &auth))) + return result; + } else { + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_NV_WriteValueAuth); + result |= Trspi_Hash_UINT32(&hashCtx, nv_data_public.nvIndex); + result |= Trspi_Hash_UINT32(&hashCtx, offset); + result |= Trspi_Hash_UINT32(&hashCtx, ulDataLength); + result |= Trspi_HashUpdate(&hashCtx, ulDataLength, rgbDataToWrite); + + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if ((result = secret_PerformAuth_OIAP(hNvstore, + TPM_ORD_NV_WriteValueAuth, + hPolicy, FALSE, &digest, + &auth))) + return result; + + if ((result = TCS_API(tspContext)->NV_WriteValueAuth(tspContext, + nv_data_public.nvIndex, + offset, ulDataLength, + rgbDataToWrite, &auth))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_NV_WriteValueAuth); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if ((result = obj_policy_validate_auth_oiap(hPolicy, + &digest, &auth))) + return result; + } + } else { + if ((result = TCS_API(tspContext)->NV_WriteValue(tspContext, + nv_data_public.nvIndex, + offset, ulDataLength, + rgbDataToWrite, NULL))) + return result; + } + } else { + LogDebug("no policy, so noauthentication"); + if ((result = TCS_API(tspContext)->NV_WriteValue(tspContext, nv_data_public.nvIndex, + offset, ulDataLength, + rgbDataToWrite, NULL))) + return result; + } + + return result; +} + +TSS_RESULT +Tspi_NV_ReadValue(TSS_HNVSTORE hNvstore, /* in */ + UINT32 offset, /* in */ + UINT32* ulDataLength, /* in, out */ + BYTE** rgbDataRead) /* out */ +{ + TSS_HCONTEXT tspContext; + TSS_HTPM hTpm; + TSS_RESULT result; + NV_DATA_PUBLIC nv_data_public; + UINT32 need_authdata = 0; + UINT32 authread =0; + TSS_HPOLICY hPolicy; + + TPM_AUTH auth; + TCPA_DIGEST digest; + Trspi_HashCtx hashCtx; + + if (ulDataLength == NULL || rgbDataRead == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if((result = obj_nvstore_get_tsp_context(hNvstore, &tspContext))) + return result; + + if ((result = obj_tpm_get(tspContext, &hTpm))) + return result; + + if ((result = obj_nvstore_get_index(hNvstore, &nv_data_public.nvIndex))) + return result; + + if ((result = obj_nvstore_get_policy(hNvstore, TSS_POLICY_USAGE, &hPolicy))) + return result; + + if (hPolicy) {/*if the policy secret is set*/ + if ((result = obj_nvstore_get_permission_from_tpm(hNvstore, + &nv_data_public.permission.attributes))) + return result; + + need_authdata = nv_data_public.permission.attributes + & (TPM_NV_PER_AUTHREAD | TPM_NV_PER_OWNERREAD); + + authread = nv_data_public.permission.attributes & TPM_NV_PER_AUTHREAD; + + if (need_authdata) { + if (!authread) { + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_NV_ReadValue); + result |= Trspi_Hash_UINT32(&hashCtx, nv_data_public.nvIndex); + result |= Trspi_Hash_UINT32(&hashCtx, offset); + result |= Trspi_Hash_UINT32(&hashCtx, *ulDataLength); + + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if ((result = secret_PerformAuth_OIAP(hNvstore, + TPM_ORD_NV_ReadValue, + hPolicy, FALSE, &digest, + &auth))) + return result; + + if ((result = TCS_API(tspContext)->NV_ReadValue(tspContext, + nv_data_public.nvIndex, + offset, ulDataLength, + &auth, rgbDataRead))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TSS_SUCCESS); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_NV_ReadValue); + result |= Trspi_Hash_UINT32(&hashCtx, *ulDataLength); + result |= Trspi_HashUpdate(&hashCtx, *ulDataLength, *rgbDataRead); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if ((result = obj_policy_validate_auth_oiap(hPolicy, + &digest, &auth))) + return result; + } else { + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_NV_ReadValueAuth); + result |= Trspi_Hash_UINT32(&hashCtx, nv_data_public.nvIndex); + result |= Trspi_Hash_UINT32(&hashCtx, offset); + result |= Trspi_Hash_UINT32(&hashCtx, *ulDataLength); + + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if ((result = secret_PerformAuth_OIAP(hNvstore, + TPM_ORD_NV_ReadValueAuth, + hPolicy, FALSE, &digest, + &auth))) + return result; + + if ((result = TCS_API(tspContext)->NV_ReadValueAuth(tspContext, + nv_data_public.nvIndex, + offset, ulDataLength, + &auth, rgbDataRead))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TSS_SUCCESS); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_NV_ReadValueAuth); + result |= Trspi_Hash_UINT32(&hashCtx, *ulDataLength); + result |= Trspi_HashUpdate(&hashCtx, *ulDataLength, *rgbDataRead); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if ((result = obj_policy_validate_auth_oiap(hPolicy, + &digest, &auth))) + return result; + } + } else { + if ((result = TCS_API(tspContext)->NV_ReadValue(tspContext, + nv_data_public.nvIndex, + offset, ulDataLength, NULL, + rgbDataRead))) + return result; + } + } else { + if ((result = TCS_API(tspContext)->NV_ReadValue(tspContext, nv_data_public.nvIndex, + offset, ulDataLength, NULL, + rgbDataRead))) + return result; + } + + return result; +} diff --git a/src/tspi/tspi_oper.c b/src/tspi/tspi_oper.c new file mode 100644 index 0000000..01db9ff --- /dev/null +++ b/src/tspi/tspi_oper.c @@ -0,0 +1,52 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "obj.h" +#include "tsplog.h" + + +TSS_RESULT +Tspi_TPM_SetOperatorAuth(TSS_HTPM hTpm, /* in */ + TSS_HPOLICY hOperatorPolicy) /* in */ +{ + TSS_HCONTEXT tspContext; + UINT32 type; + TCPA_SECRET operatorAuth; + TSS_RESULT result = TSS_SUCCESS; + + if ((result = obj_tpm_get_tsp_context(hTpm, &tspContext))) + return result; + + if ((result = obj_policy_get_type(hOperatorPolicy, &type))) + return result; + + if (type != TSS_POLICY_OPERATOR) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_policy_get_secret(hOperatorPolicy, TR_SECRET_CTX_NEW, &operatorAuth))) + return result; + + if ((result = TCS_API(tspContext)->SetOperatorAuth(tspContext, &operatorAuth))) + return result; + + if ((result = obj_tpm_set_policy(hTpm, hOperatorPolicy))) + return result; + + return result; +} diff --git a/src/tspi/tspi_own.c b/src/tspi/tspi_own.c new file mode 100644 index 0000000..ef6a44c --- /dev/null +++ b/src/tspi/tspi_own.c @@ -0,0 +1,163 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +TSS_RESULT +Tspi_TPM_TakeOwnership(TSS_HTPM hTPM, /* in */ + TSS_HKEY hKeySRK, /* in */ + TSS_HKEY hEndorsementPubKey) /* in */ +{ + TPM_AUTH privAuth; + BYTE encOwnerAuth[256]; + UINT32 encOwnerAuthLength; + BYTE encSRKAuth[256]; + UINT32 encSRKAuthLength; + TCPA_DIGEST digest; + TSS_RESULT result; + TSS_HCONTEXT tspContext; + UINT32 srkKeyBlobLength; + BYTE *srkKeyBlob; + TSS_HPOLICY hOwnerPolicy; + UINT32 newSrkBlobSize; + BYTE *newSrkBlob = NULL; + BYTE oldAuthDataUsage; + TSS_HKEY hPubEK; + Trspi_HashCtx hashCtx; + + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + if (hEndorsementPubKey == NULL_HKEY) { + if ((result = Tspi_TPM_GetPubEndorsementKey(hTPM, FALSE, NULL, &hPubEK))) { + return result; + } + } else { + hPubEK = hEndorsementPubKey; + } + + /* Get the srkKeyData */ + if ((result = obj_rsakey_get_blob(hKeySRK, &srkKeyBlobLength, &srkKeyBlob))) + return result; + + /* Need to check for Atmel bug where authDataUsage is changed */ + oldAuthDataUsage = srkKeyBlob[10]; + LogDebug("oldAuthDataUsage is %.2X. Wait to see if it changes", oldAuthDataUsage); + + /* Now call the module that will encrypt the secrets. This + * will either get the secrets from the policy objects or + * use the callback function to encrypt the secrets */ + + if ((result = secret_TakeOwnership(hPubEK, hTPM, hKeySRK, &privAuth, &encOwnerAuthLength, + encOwnerAuth, &encSRKAuthLength, encSRKAuth))) + return result; + + /* Now, take ownership is ready to call. The auth structure should be complete + * and the encrypted data structures should be ready */ + if ((result = RPC_TakeOwnership(tspContext, TPM_PID_OWNER, encOwnerAuthLength, encOwnerAuth, + encSRKAuthLength, encSRKAuth, srkKeyBlobLength, srkKeyBlob, + &privAuth, &newSrkBlobSize, &newSrkBlob))) + return result; + + /* The final step is to validate the return Auth */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_TakeOwnership); + result |= Trspi_HashUpdate(&hashCtx, newSrkBlobSize, newSrkBlob); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if ((result = obj_tpm_get_policy(hTPM, TSS_POLICY_USAGE, &hOwnerPolicy))) { + free(newSrkBlob); + return result; + } + if ((result = obj_policy_validate_auth_oiap(hOwnerPolicy, &digest, &privAuth))) { + free(newSrkBlob); + return result; + } + + /* Now that it's all happy, stuff the keyBlob into the object + * If atmel, need to adjust the authDataUsage if it changed */ + if (oldAuthDataUsage != newSrkBlob[10]) { /* hardcoded blob stuff */ + LogDebug("auth data usage changed. Atmel bug. Fixing in key object"); + newSrkBlob[10] = oldAuthDataUsage; /* this will fix it */ + } + + result = obj_rsakey_set_tcpakey(hKeySRK, newSrkBlobSize, newSrkBlob); + free(newSrkBlob); + + if (result) + return result; + + /* The SRK is loaded at this point, so insert it into the key handle list */ + return obj_rsakey_set_tcs_handle(hKeySRK, TPM_KEYHND_SRK); +} + +TSS_RESULT +Tspi_TPM_ClearOwner(TSS_HTPM hTPM, /* in */ + TSS_BOOL fForcedClear) /* in */ +{ + TCPA_RESULT result; + TPM_AUTH auth; + TSS_HCONTEXT tspContext; + TCPA_DIGEST hashDigest; + TSS_HPOLICY hPolicy; + Trspi_HashCtx hashCtx; + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + if (!fForcedClear) { /* TPM_OwnerClear */ + if ((result = obj_tpm_get_policy(hTPM, TSS_POLICY_USAGE, &hPolicy))) + return result; + + /* Now do some Hash'ing */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_OwnerClear); + if ((result |= Trspi_HashFinal(&hashCtx, hashDigest.digest))) + return result; + + /* hashDigest now has the hash result */ + if ((result = secret_PerformAuth_OIAP(hTPM, TPM_ORD_OwnerClear, hPolicy, FALSE, + &hashDigest, &auth))) + return result; + + if ((result = TCS_API(tspContext)->OwnerClear(tspContext, &auth))) + return result; + + /* validate auth */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_OwnerClear); + if ((result |= Trspi_HashFinal(&hashCtx, hashDigest.digest))) + return result; + + if ((result = obj_policy_validate_auth_oiap(hPolicy, &hashDigest, &auth))) + return result; + } else { + if ((result = TCS_API(tspContext)->ForceClear(tspContext))) + return result; + } + + return TSS_SUCCESS; +} diff --git a/src/tspi/tspi_pcr_comp.c b/src/tspi/tspi_pcr_comp.c new file mode 100644 index 0000000..e475ee2 --- /dev/null +++ b/src/tspi/tspi_pcr_comp.c @@ -0,0 +1,56 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + +TSS_RESULT +Tspi_PcrComposite_SetPcrValue(TSS_HPCRS hPcrComposite, /* in */ + UINT32 ulPcrIndex, /* in */ + UINT32 ulPcrValueLength, /* in */ + BYTE * rgbPcrValue) /* in */ +{ + if (ulPcrValueLength == 0 || rgbPcrValue == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if (ulPcrValueLength != TCPA_SHA1_160_HASH_LEN) + return TSPERR(TSS_E_BAD_PARAMETER); + + return obj_pcrs_set_value(hPcrComposite, ulPcrIndex, ulPcrValueLength, rgbPcrValue); +} + +TSS_RESULT +Tspi_PcrComposite_GetPcrValue(TSS_HPCRS hPcrComposite, /* in */ + UINT32 ulPcrIndex, /* in */ + UINT32 * pulPcrValueLength, /* out */ + BYTE ** prgbPcrValue) /* out */ +{ + if (pulPcrValueLength == NULL || prgbPcrValue == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + return obj_pcrs_get_value(hPcrComposite, ulPcrIndex, pulPcrValueLength, + prgbPcrValue); + +} + +TSS_RESULT +Tspi_PcrComposite_SelectPcrIndex(TSS_HPCRS hPcrComposite, /* in */ + UINT32 ulPcrIndex) /* in */ +{ + return obj_pcrs_select_index(hPcrComposite, ulPcrIndex); +} diff --git a/src/tspi/tspi_pcr_comp12.c b/src/tspi/tspi_pcr_comp12.c new file mode 100644 index 0000000..4133d2b --- /dev/null +++ b/src/tspi/tspi_pcr_comp12.c @@ -0,0 +1,67 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2007 + * + */ + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +TSS_RESULT +Tspi_PcrComposite_SetPcrLocality(TSS_HPCRS hPcrComposite, /* in */ + UINT32 LocalityValue) /* in */ +{ + /* LocalityValue must be some combination of TPM_LOC_* values logically or'd together */ + if (!LocalityValue || (LocalityValue & (~TSS_LOCALITY_ALL))) + return TSPERR(TSS_E_BAD_PARAMETER); + + return obj_pcrs_set_locality(hPcrComposite, LocalityValue); +} + +TSS_RESULT +Tspi_PcrComposite_GetPcrLocality(TSS_HPCRS hPcrComposite, /* in */ + UINT32* pLocalityValue) /* out */ +{ + if (pLocalityValue == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + return obj_pcrs_get_locality(hPcrComposite, pLocalityValue); + +} + +TSS_RESULT +Tspi_PcrComposite_GetCompositeHash(TSS_HPCRS hPcrComposite, /* in */ + UINT32* pLen, /* out */ + BYTE** ppbHashData) /* out */ +{ + if (pLen == NULL || ppbHashData == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + return obj_pcrs_get_digest_at_release(hPcrComposite, pLen, ppbHashData); + +} + +TSS_RESULT +Tspi_PcrComposite_SelectPcrIndexEx(TSS_HPCRS hPcrComposite, /* in */ + UINT32 ulPcrIndex, /* in */ + UINT32 Direction) /* in */ +{ + if (Direction != TSS_PCRS_DIRECTION_CREATION && Direction != TSS_PCRS_DIRECTION_RELEASE) + return TSPERR(TSS_E_BAD_PARAMETER); + + return obj_pcrs_select_index_ex(hPcrComposite, Direction, ulPcrIndex); +} diff --git a/src/tspi/tspi_pcr_events.c b/src/tspi/tspi_pcr_events.c new file mode 100644 index 0000000..c860715 --- /dev/null +++ b/src/tspi/tspi_pcr_events.c @@ -0,0 +1,120 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +TSS_RESULT +Tspi_TPM_GetEvent(TSS_HTPM hTPM, /* in */ + UINT32 ulPcrIndex, /* in */ + UINT32 ulEventNumber, /* in */ + TSS_PCR_EVENT * pPcrEvent) /* out */ +{ + TSS_HCONTEXT tspContext; + TSS_RESULT result; + TSS_PCR_EVENT *event = NULL; + + if (pPcrEvent == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + if ((result = RPC_GetPcrEvent(tspContext, ulPcrIndex, &ulEventNumber, &event))) + return result; + + memcpy(pPcrEvent, event, sizeof(TSS_PCR_EVENT)); + free(event); + + return TSS_SUCCESS; +} + +TSS_RESULT +Tspi_TPM_GetEvents(TSS_HTPM hTPM, /* in */ + UINT32 ulPcrIndex, /* in */ + UINT32 ulStartNumber, /* in */ + UINT32 * pulEventNumber, /* in, out */ + TSS_PCR_EVENT ** prgbPcrEvents) /* out */ +{ + TSS_HCONTEXT tspContext; + TSS_RESULT result; + TSS_PCR_EVENT *events = NULL; + + if (pulEventNumber == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + if (prgbPcrEvents) { + if ((result = RPC_GetPcrEventsByPcr(tspContext, ulPcrIndex, ulStartNumber, + pulEventNumber, &events))) + return result; + + *prgbPcrEvents = events; + } else { + /* if the pointer to receive events is NULL, the app only + * wants a total number of events for this PCR. */ + if ((result = RPC_GetPcrEvent(tspContext, ulPcrIndex, pulEventNumber, NULL))) + return result; + } + + return TSS_SUCCESS; +} + +TSS_RESULT +Tspi_TPM_GetEventLog(TSS_HTPM hTPM, /* in */ + UINT32 * pulEventNumber, /* out */ + TSS_PCR_EVENT ** prgbPcrEvents) /* out */ +{ + TSS_HCONTEXT tspContext; + TSS_RESULT result; + + if (pulEventNumber == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + /* if the pointer to receive events is NULL, the app only wants a + * total number of events for all PCRs. */ + if (prgbPcrEvents == NULL) { + UINT16 numPcrs = get_num_pcrs(tspContext); + UINT32 i, numEvents = 0; + + if (numPcrs == 0) { + LogDebugFn("Error querying the TPM for its number of PCRs"); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + *pulEventNumber = 0; + for (i = 0; i < numPcrs; i++) { + if ((result = RPC_GetPcrEvent(tspContext, i, &numEvents, NULL))) + return result; + + *pulEventNumber += numEvents; + } + } else + return RPC_GetPcrEventLog(tspContext, pulEventNumber, prgbPcrEvents); + + return TSS_SUCCESS; +} + diff --git a/src/tspi/tspi_pcr_extend.c b/src/tspi/tspi_pcr_extend.c new file mode 100644 index 0000000..6193fd2 --- /dev/null +++ b/src/tspi/tspi_pcr_extend.c @@ -0,0 +1,158 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * (C) Christian Kummer 2007 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +TSS_RESULT +Tspi_TPM_PcrExtend(TSS_HTPM hTPM, /* in */ + UINT32 ulPcrIndex, /* in */ + UINT32 ulPcrDataLength, /* in */ + BYTE *pbPcrData, /* in */ + TSS_PCR_EVENT *pPcrEvent, /* in */ + UINT32 * pulPcrValueLength, /* out */ + BYTE ** prgbPcrValue) /* out */ +{ + TCPA_PCRVALUE outDigest; + TSS_RESULT result; + BYTE *extendData; + TPM_DIGEST digest; + UINT32 number; + TSS_HCONTEXT tspContext; + Trspi_HashCtx hashCtx; + + if (pulPcrValueLength == NULL || prgbPcrValue == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if (ulPcrDataLength > 0 && pbPcrData == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + if (pPcrEvent) { + /* Create data to extend according to the TSS 1.2 spec section 2.6.2 + * 'TSS_PCR_EVENT', in the 'rgbPcrValue' parameter description. */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, ulPcrIndex); + result |= Trspi_HashUpdate(&hashCtx, ulPcrDataLength, pbPcrData); + result |= Trspi_Hash_UINT32(&hashCtx, pPcrEvent->eventType); + result |= Trspi_HashUpdate(&hashCtx, pPcrEvent->ulEventLength, pPcrEvent->rgbEvent); + if ((result |= Trspi_HashFinal(&hashCtx, (BYTE *)&digest.digest))) + return result; + + extendData = (BYTE *)&digest.digest; + } else { + if (ulPcrDataLength != TPM_SHA1_160_HASH_LEN) + return TSPERR(TSS_E_BAD_PARAMETER); + + extendData = pbPcrData; + } + + if ((result = TCS_API(tspContext)->Extend(tspContext, ulPcrIndex, *(TPM_DIGEST *)extendData, + &outDigest))) + return result; + + /* log the event structure if its passed in */ + if (pPcrEvent) { + /* Set the PCR index in the event struct */ + pPcrEvent->ulPcrIndex = ulPcrIndex; + + if ((pPcrEvent->rgbPcrValue = calloc_tspi(tspContext, + TPM_SHA1_160_HASH_LEN)) == NULL) { + LogError("malloc of %d bytes failed.", TPM_SHA1_160_HASH_LEN); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + memcpy(pPcrEvent->rgbPcrValue, (BYTE *)&digest.digest, TPM_SHA1_160_HASH_LEN); + pPcrEvent->ulPcrValueLength = TPM_SHA1_160_HASH_LEN; + + /* Set the version info in the event struct */ + memcpy(&pPcrEvent->versionInfo, &VERSION_1_1, sizeof(TCPA_VERSION)); + + if ((result = RPC_LogPcrEvent(tspContext, *pPcrEvent, &number))) + return result; + } + + *prgbPcrValue = calloc_tspi(tspContext, sizeof(TPM_PCRVALUE)); + if (*prgbPcrValue == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(TPM_PCRVALUE)); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + memcpy(*prgbPcrValue, &outDigest, sizeof(TPM_PCRVALUE)); + *pulPcrValueLength = sizeof(TPM_PCRVALUE); + + return result; +} + +TSS_RESULT +Tspi_TPM_PcrRead(TSS_HTPM hTPM, /* in */ + UINT32 ulPcrIndex, /* in */ + UINT32 *pulPcrValueLength, /* out */ + BYTE **prgbPcrValue) /* out */ +{ + TCPA_PCRVALUE outDigest; + TSS_RESULT result; + TSS_HCONTEXT tspContext; + + if (pulPcrValueLength == NULL || prgbPcrValue == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + if ((result = TCS_API(tspContext)->PcrRead(tspContext, ulPcrIndex, &outDigest))) + return result; + + *prgbPcrValue = calloc_tspi(tspContext, sizeof(TCPA_PCRVALUE)); + if (*prgbPcrValue == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(TCPA_PCRVALUE)); + return TSPERR(TSS_E_OUTOFMEMORY); + } + memcpy(*prgbPcrValue, outDigest.digest, sizeof(TCPA_PCRVALUE)); + *pulPcrValueLength = sizeof(TCPA_PCRVALUE); + + return TSS_SUCCESS; +} + +TSS_RESULT +Tspi_TPM_PcrReset(TSS_HTPM hTPM, /* in */ + TSS_HPCRS hPcrComposite) /* in */ +{ + TSS_RESULT result; + TSS_HCONTEXT tspContext; + UINT32 pcrDataSize; + BYTE pcrData[16]; + + if (!hPcrComposite) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + if ((result = obj_pcrs_get_selection(hPcrComposite, &pcrDataSize, pcrData))) + return result; + + return TCS_API(tspContext)->PcrReset(tspContext, pcrDataSize, pcrData); +} + diff --git a/src/tspi/tspi_policy.c b/src/tspi/tspi_policy.c new file mode 100644 index 0000000..ac2c4dd --- /dev/null +++ b/src/tspi/tspi_policy.c @@ -0,0 +1,115 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + + +#include +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +TSS_RESULT +Tspi_GetPolicyObject(TSS_HOBJECT hObject, /* in */ + TSS_FLAG policyType, /* in */ + TSS_HPOLICY * phPolicy) /* out */ +{ + TSS_RESULT result; + + if (phPolicy == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if (obj_is_tpm(hObject)) { + result = obj_tpm_get_policy(hObject, policyType, phPolicy); +#ifdef TSS_BUILD_NV + } else if (obj_is_nvstore(hObject)) { + result = obj_nvstore_get_policy(hObject, policyType, phPolicy); +#endif +#ifdef TSS_BUILD_RSAKEY_LIST + } else if (obj_is_rsakey(hObject)) { + result = obj_rsakey_get_policy(hObject, policyType, phPolicy, NULL); +#endif +#ifdef TSS_BUILD_ENCDATA_LIST + } else if (obj_is_encdata(hObject)) { + result = obj_encdata_get_policy(hObject, policyType, phPolicy); +#endif + } else { + if (obj_is_policy(hObject) || obj_is_hash(hObject) || + obj_is_pcrs(hObject) || obj_is_context(hObject)) + result = TSPERR(TSS_E_BAD_PARAMETER); + else + result = TSPERR(TSS_E_INVALID_HANDLE); + } + + if (result == TSS_SUCCESS && *phPolicy == NULL_HPOLICY) + result = TSPERR(TSS_E_INTERNAL_ERROR); + + return result; +} + +TSS_RESULT +Tspi_Policy_SetSecret(TSS_HPOLICY hPolicy, /* in */ + TSS_FLAG secretMode, /* in */ + UINT32 ulSecretLength, /* in */ + BYTE * rgbSecret) /* in */ +{ + TSS_RESULT result; + TSS_HCONTEXT tspContext; + + if ((result = obj_policy_get_tsp_context(hPolicy, &tspContext))) + return result; + + if (obj_context_is_silent(tspContext) && secretMode == TSS_SECRET_MODE_POPUP) + return TSPERR(TSS_E_SILENT_CONTEXT); + + return obj_policy_set_secret(hPolicy, secretMode, ulSecretLength, rgbSecret); +} + +TSS_RESULT +Tspi_Policy_FlushSecret(TSS_HPOLICY hPolicy) /* in */ +{ + return obj_policy_flush_secret(hPolicy); +} + +TSS_RESULT +Tspi_Policy_AssignToObject(TSS_HPOLICY hPolicy, /* in */ + TSS_HOBJECT hObject) /* in */ +{ + TSS_RESULT result; + + if (obj_is_tpm(hObject)) { + result = obj_tpm_set_policy(hObject, hPolicy); +#ifdef TSS_BUILD_NV + } else if (obj_is_nvstore(hObject)) { + result = obj_nvstore_set_policy(hObject, hPolicy); +#endif +#ifdef TSS_BUILD_RSAKEY_LIST + } else if (obj_is_rsakey(hObject)) { + result = obj_rsakey_set_policy(hObject, hPolicy); +#endif +#ifdef TSS_BUILD_ENCDATA_LIST + } else if (obj_is_encdata(hObject)) { + result = obj_encdata_set_policy(hObject, hPolicy); +#endif + } else { + result = TSPERR(TSS_E_BAD_PARAMETER); + } + + return result; +} diff --git a/src/tspi/tspi_ps.c b/src/tspi/tspi_ps.c new file mode 100644 index 0000000..b6df78c --- /dev/null +++ b/src/tspi/tspi_ps.c @@ -0,0 +1,581 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "tcs_tsp.h" +#include "tspps.h" +#include "hosttable.h" +#include "tcsd_wrap.h" +#include "tcsd.h" +#include "obj.h" + +TSS_UUID owner_evict_uuid = {0, 0, 0, 0, 0, {0, 0, 0, 0, 1, 0}}; + +TSS_RESULT +Tspi_Context_LoadKeyByUUID(TSS_HCONTEXT tspContext, /* in */ + TSS_FLAG persistentStorageType, /* in */ + TSS_UUID uuidData, /* in */ + TSS_HKEY * phKey) /* out */ +{ + TSS_RESULT result; + TSS_UUID parentUUID; + UINT32 keyBlobSize, parentPSType; + BYTE *keyBlob = NULL; + TCS_KEY_HANDLE tcsKeyHandle; + TSS_HKEY parentTspHandle; + TCS_LOADKEY_INFO info; + UINT32 ulPubKeyLength; + BYTE *rgbPubKey; + TPM_COMMAND_CODE ordinal; + + if (phKey == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((!obj_is_context(tspContext))) + return TSPERR(TSS_E_INVALID_HANDLE); + + if ((result = obj_context_get_loadkey_ordinal(tspContext, &ordinal))) + return result; + + /* This key is in the System Persistant storage */ + if (persistentStorageType == TSS_PS_TYPE_SYSTEM) { +#if 1 + memset(&info, 0, sizeof(TCS_LOADKEY_INFO)); + + result = RPC_LoadKeyByUUID(tspContext, uuidData, &info, &tcsKeyHandle); + + if (TSS_ERROR_CODE(result) == TCS_E_KM_LOADFAILED) { + TSS_HKEY keyHandle; + TSS_HPOLICY hPolicy; + + /* load failed, due to some key in the chain needing auth + * which doesn't yet exist at the TCS level. However, the + * auth may already be set in policies at the TSP level. + * To find out, get the key handle of the key requiring + * auth. First, look at the list of keys in memory. */ + if ((obj_rsakey_get_by_uuid(&info.parentKeyUUID, &keyHandle))) { + /* If that failed, look on disk, in User PS. */ + if (ps_get_key_by_uuid(tspContext, &info.parentKeyUUID, + &keyHandle)) + return result; + } + + if (obj_rsakey_get_policy(keyHandle, TSS_POLICY_USAGE, + &hPolicy, NULL)) + return result; + + if (secret_PerformAuth_OIAP(keyHandle, ordinal, hPolicy, FALSE, + &info.paramDigest, &info.authData)) + return result; + + if ((result = RPC_LoadKeyByUUID(tspContext, uuidData, &info, + &tcsKeyHandle))) + return result; + } else if (result) + return result; + + /*check if provided UUID has an owner evict key UUID prefix */ + if (!memcmp(&uuidData, &owner_evict_uuid, sizeof(TSS_UUID)-1)) { + if ((result = obj_rsakey_add(tspContext, TSS_RSAKEY_FLAG_OWNEREVICT, + phKey))) + return result; + if ((result = obj_rsakey_set_tcs_handle(*phKey, tcsKeyHandle))) + return result; + + //The cached public key portion of the owner evict key is used + //further by TPM_KEY_CONTROLOWNER command for sanity check + if ((result = Tspi_Key_GetPubKey(*phKey, &ulPubKeyLength, &rgbPubKey))) + return result; + + result = obj_rsakey_set_pubkey(*phKey, FALSE, rgbPubKey); + + free(rgbPubKey); + if (result != TSS_SUCCESS) + return result; + } else { + if ((result = RPC_GetRegisteredKeyBlob(tspContext, uuidData, &keyBlobSize, + &keyBlob))) + return result; + + if ((result = obj_rsakey_add_by_key(tspContext, &uuidData, keyBlob, + TSS_OBJ_FLAG_SYSTEM_PS, phKey))) { + free (keyBlob); + return result; + } + + result = obj_rsakey_set_tcs_handle(*phKey, tcsKeyHandle); + + free (keyBlob); + } +#else + if ((result = load_from_system_ps(tspContext, &uuidData, phKey))) + return result; +#endif + } else if (persistentStorageType == TSS_PS_TYPE_USER) { + if ((result = ps_get_parent_uuid_by_uuid(&uuidData, &parentUUID))) + return result; + + /* If the parent is not in memory, recursively call ourselves on it */ + if (obj_rsakey_get_by_uuid(&parentUUID, &parentTspHandle) != TSS_SUCCESS) { + if ((result = ps_get_parent_ps_type_by_uuid(&uuidData, &parentPSType))) + return result; + + if ((result = Tspi_Context_LoadKeyByUUID(tspContext, parentPSType, + parentUUID, &parentTspHandle))) + return result; + } + + if ((result = ps_get_key_by_uuid(tspContext, &uuidData, phKey))) + return result; + + /* The parent is loaded and we have the parent key handle, so call the TCS to + * actually load the child. */ + return Tspi_Key_LoadKey(*phKey, parentTspHandle); + } else { + return TSPERR(TSS_E_BAD_PARAMETER); + } + + return TSS_SUCCESS; +} + +TSS_RESULT +Tspi_Context_RegisterKey(TSS_HCONTEXT tspContext, /* in */ + TSS_HKEY hKey, /* in */ + TSS_FLAG persistentStorageType, /* in */ + TSS_UUID uuidKey, /* in */ + TSS_FLAG persistentStorageTypeParent, /* in */ + TSS_UUID uuidParentKey) /* in */ +{ + BYTE *keyBlob; + UINT32 keyBlobSize; + TSS_RESULT result; + TSS_BOOL answer; + + if (!obj_is_context(tspContext) || !obj_is_rsakey(hKey)) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (persistentStorageType == TSS_PS_TYPE_SYSTEM) { + if (persistentStorageTypeParent == TSS_PS_TYPE_USER) { + return TSPERR(TSS_E_NOTIMPL); + } else if (persistentStorageTypeParent == TSS_PS_TYPE_SYSTEM) { + if ((result = obj_rsakey_get_blob(hKey, &keyBlobSize, + &keyBlob))) + return result; + + if ((result = RPC_RegisterKey(tspContext, uuidParentKey, uuidKey, + keyBlobSize, keyBlob, + strlen(PACKAGE_STRING) + 1, + (BYTE *)PACKAGE_STRING))) + return result; + } else { + return TSPERR(TSS_E_BAD_PARAMETER); + } + } else if (persistentStorageType == TSS_PS_TYPE_USER) { + if ((result = ps_is_key_registered(&uuidKey, &answer))) + return result; + + if (answer == TRUE) + return TSPERR(TSS_E_KEY_ALREADY_REGISTERED); + + if ((result = obj_rsakey_get_blob (hKey, &keyBlobSize, &keyBlob))) + return result; + + if ((result = ps_write_key(&uuidKey, &uuidParentKey, + persistentStorageTypeParent, + keyBlobSize, keyBlob))) + return result; + } else { + return TSPERR(TSS_E_BAD_PARAMETER); + } + + if ((result = obj_rsakey_set_uuid(hKey, persistentStorageType, &uuidKey))) + return result; + + return TSS_SUCCESS; +} + +TSS_RESULT +Tspi_Context_UnregisterKey(TSS_HCONTEXT tspContext, /* in */ + TSS_FLAG persistentStorageType, /* in */ + TSS_UUID uuidKey, /* in */ + TSS_HKEY *phKey) /* out */ +{ + BYTE *keyBlob = NULL; + UINT32 keyBlobSize; + TSS_RESULT result; + + if (phKey == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((!obj_is_context(tspContext))) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (persistentStorageType == TSS_PS_TYPE_SYSTEM) { + /* get the key first, so it doesn't disappear when we + * unregister it */ + if ((result = RPC_GetRegisteredKeyBlob(tspContext, uuidKey, &keyBlobSize, + &keyBlob))) + return result; + + if ((obj_rsakey_add_by_key(tspContext, &uuidKey, keyBlob, TSS_OBJ_FLAG_SYSTEM_PS, + phKey))) { + free(keyBlob); + return result; + } + + free(keyBlob); + + /* now unregister it */ + if ((result = RPC_UnregisterKey(tspContext, uuidKey))) + return result; + } else if (persistentStorageType == TSS_PS_TYPE_USER) { + /* get the key first, so it doesn't disappear when we + * unregister it */ + if ((result = ps_get_key_by_uuid(tspContext, &uuidKey, phKey))) + return result; + + /* now unregister it */ + if ((result = ps_remove_key(&uuidKey))) + return result; + } else { + return TSPERR(TSS_E_BAD_PARAMETER); + } + + return TSS_SUCCESS; +} + +TSS_RESULT +Tspi_Context_GetKeyByUUID(TSS_HCONTEXT tspContext, /* in */ + TSS_FLAG persistentStorageType, /* in */ + TSS_UUID uuidData, /* in */ + TSS_HKEY * phKey) /* out */ +{ + TCPA_RESULT result; + UINT32 keyBlobSize = 0; + BYTE *keyBlob = NULL; + + if (phKey == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((!obj_is_context(tspContext))) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (persistentStorageType == TSS_PS_TYPE_SYSTEM) { + if ((result = RPC_GetRegisteredKeyBlob(tspContext, uuidData, &keyBlobSize, + &keyBlob))) + return result; + + if ((obj_rsakey_add_by_key(tspContext, &uuidData, keyBlob, TSS_OBJ_FLAG_SYSTEM_PS, + phKey))) { + free(keyBlob); + return result; + } + + free(keyBlob); + } else if (persistentStorageType == TSS_PS_TYPE_USER) { + if (!obj_is_context(tspContext)) + return TSPERR(TSS_E_INVALID_HANDLE); + + if ((result = ps_get_key_by_uuid(tspContext, &uuidData, phKey))) + return result; + } else + return TSPERR(TSS_E_BAD_PARAMETER); + + return TSS_SUCCESS; +} + +TSS_RESULT +Tspi_Context_GetKeyByPublicInfo(TSS_HCONTEXT tspContext, /* in */ + TSS_FLAG persistentStorageType, /* in */ + TSS_ALGORITHM_ID algID, /* in */ + UINT32 ulPublicInfoLength, /* in */ + BYTE * rgbPublicInfo, /* in */ + TSS_HKEY * phKey) /* out */ +{ + TCPA_ALGORITHM_ID tcsAlgID; + UINT32 keyBlobSize; + BYTE *keyBlob; + TSS_RESULT result; + TSS_HKEY keyOutHandle; + UINT32 flag = 0; + TSS_KEY keyContainer; + UINT64 offset; + + if (phKey == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if (!obj_is_context(tspContext)) + return TSPERR(TSS_E_INVALID_HANDLE); + + switch (algID) { + case TSS_ALG_RSA: + tcsAlgID = TCPA_ALG_RSA; + break; + default: + LogError("Algorithm ID was not type RSA."); + return TSPERR(TSS_E_BAD_PARAMETER); + } + + if (persistentStorageType == TSS_PS_TYPE_SYSTEM) { + if ((result = RPC_GetRegisteredKeyByPublicInfo(tspContext, tcsAlgID, + ulPublicInfoLength, rgbPublicInfo, + &keyBlobSize, &keyBlob))) + return result; + + } else if (persistentStorageType == TSS_PS_TYPE_USER) { + return ps_get_key_by_pub(tspContext, ulPublicInfoLength, rgbPublicInfo, + phKey); + } else + return TSPERR(TSS_E_BAD_PARAMETER); + + /* need to setup the init flags of the create object based on + * the size of the blob's pubkey */ + offset = 0; + if ((result = UnloadBlob_TSS_KEY(&offset, keyBlob, &keyContainer))) { + free(keyBlob); + return result; + } + + /* begin setting up the key object */ + switch (keyContainer.pubKey.keyLength) { + case 16384/8: + flag |= TSS_KEY_SIZE_16384; + break; + case 8192/8: + flag |= TSS_KEY_SIZE_8192; + break; + case 4096/8: + flag |= TSS_KEY_SIZE_4096; + break; + case 2048/8: + flag |= TSS_KEY_SIZE_2048; + break; + case 1024/8: + flag |= TSS_KEY_SIZE_1024; + break; + case 512/8: + flag |= TSS_KEY_SIZE_512; + break; + default: + LogError("Key was not a known keylength."); + free(keyBlob); + free_key_refs(&keyContainer); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + if (keyContainer.keyUsage == TPM_KEY_SIGNING) + flag |= TSS_KEY_TYPE_SIGNING; + else if (keyContainer.keyUsage == TPM_KEY_STORAGE) + flag |= TSS_KEY_TYPE_STORAGE; + else if (keyContainer.keyUsage == TPM_KEY_IDENTITY) + flag |= TSS_KEY_TYPE_IDENTITY; + else if (keyContainer.keyUsage == TPM_KEY_AUTHCHANGE) + flag |= TSS_KEY_TYPE_AUTHCHANGE; + else if (keyContainer.keyUsage == TPM_KEY_BIND) + flag |= TSS_KEY_TYPE_BIND; + else if (keyContainer.keyUsage == TPM_KEY_LEGACY) + flag |= TSS_KEY_TYPE_LEGACY; + + if (keyContainer.authDataUsage == TPM_AUTH_NEVER) + flag |= TSS_KEY_NO_AUTHORIZATION; + else + flag |= TSS_KEY_AUTHORIZATION; + + if (keyContainer.keyFlags & TPM_MIGRATABLE) + flag |= TSS_KEY_MIGRATABLE; + else + flag |= TSS_KEY_NOT_MIGRATABLE; + + if (keyContainer.keyFlags & TPM_VOLATILE) + flag |= TSS_KEY_VOLATILE; + else + flag |= TSS_KEY_NON_VOLATILE; + +#ifdef TSS_BUILD_CMK + if (keyContainer.keyFlags & TPM_MIGRATEAUTHORITY) + flag |= TSS_KEY_CERTIFIED_MIGRATABLE; + else + flag |= TSS_KEY_NOT_CERTIFIED_MIGRATABLE; +#endif + + /* Create a new Key Object */ + if ((result = obj_rsakey_add(tspContext, flag, &keyOutHandle))) { + free(keyBlob); + free_key_refs(&keyContainer); + return result; + } + /* Stick the info into this net KeyObject */ + if ((result = obj_rsakey_set_tcpakey(keyOutHandle, keyBlobSize, keyBlob))) { + free(keyBlob); + free_key_refs(&keyContainer); + return result; + } + + free(keyBlob); + free_key_refs(&keyContainer); + *phKey = keyOutHandle; + + return TSS_SUCCESS; +} + +TSS_RESULT +Tspi_Context_GetRegisteredKeysByUUID(TSS_HCONTEXT tspContext, /* in */ + TSS_FLAG persistentStorageType, /* in */ + TSS_UUID * pUuidData, /* in */ + UINT32 * pulKeyHierarchySize, /* out */ + TSS_KM_KEYINFO ** ppKeyHierarchy) /* out */ +{ + TSS_RESULT result; + TSS_KM_KEYINFO *tcsHier, *tspHier; + UINT32 tcsHierSize, tspHierSize; + TSS_UUID tcs_uuid; + + if (pulKeyHierarchySize == NULL || ppKeyHierarchy == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if (!obj_is_context(tspContext)) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (pUuidData) { + if (persistentStorageType == TSS_PS_TYPE_SYSTEM) { + if ((result = RPC_EnumRegisteredKeys(tspContext, pUuidData, + pulKeyHierarchySize, + ppKeyHierarchy))) + return result; + } else if (persistentStorageType == TSS_PS_TYPE_USER) { + if ((result = ps_get_registered_keys(pUuidData, &tcs_uuid, + &tspHierSize, &tspHier))) + return result; + + if ((result = RPC_EnumRegisteredKeys(tspContext, &tcs_uuid, &tcsHierSize, + &tcsHier))) { + free(tspHier); + return result; + } + + result = merge_key_hierarchies(tspContext, tspHierSize, tspHier, + tcsHierSize, tcsHier, pulKeyHierarchySize, + ppKeyHierarchy); + free(tcsHier); + free(tspHier); + } else + return TSPERR(TSS_E_BAD_PARAMETER); + } else { + if ((result = RPC_EnumRegisteredKeys(tspContext, pUuidData, &tcsHierSize, + &tcsHier))) + return result; + + if ((result = ps_get_registered_keys(pUuidData, NULL, &tspHierSize, &tspHier))) { + free(tcsHier); + return result; + } + + result = merge_key_hierarchies(tspContext, tspHierSize, tspHier, tcsHierSize, + tcsHier, pulKeyHierarchySize, ppKeyHierarchy); + free(tcsHier); + free(tspHier); + } + + if ((result = __tspi_add_mem_entry(tspContext, *ppKeyHierarchy))) { + free(*ppKeyHierarchy); + *ppKeyHierarchy = NULL; + *pulKeyHierarchySize = 0; + } + + return result; +} + +TSS_RESULT +Tspi_Context_GetRegisteredKeysByUUID2(TSS_HCONTEXT tspContext, /* in */ + TSS_FLAG persistentStorageType, /* in */ + TSS_UUID * pUuidData, /* in */ + UINT32 * pulKeyHierarchySize, /* out */ + TSS_KM_KEYINFO2 ** ppKeyHierarchy) /* out */ +{ + TSS_RESULT result; + TSS_KM_KEYINFO2 *tcsHier, *tspHier; + UINT32 tcsHierSize, tspHierSize; + TSS_UUID tcs_uuid; + + /* If out parameters are NULL, return error */ + if (pulKeyHierarchySize == NULL || ppKeyHierarchy == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if (!obj_is_context(tspContext)) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (pUuidData) { + /* TSS 1.2 Spec: If a certain key UUID is provided, the returned array of + * TSS_KM_KEYINFO2 structures only contains data reflecting the path of the key + * hierarchy regarding that key. The first array entry is the key addressed by the + * given UUID followed by its parent key up to and including the root key. */ + if (persistentStorageType == TSS_PS_TYPE_SYSTEM) { + if ((result = RPC_EnumRegisteredKeys2(tspContext, pUuidData, + pulKeyHierarchySize, ppKeyHierarchy))) + return result; + } else if (persistentStorageType == TSS_PS_TYPE_USER) { + if ((result = ps_get_registered_keys2(pUuidData, &tcs_uuid, &tspHierSize, + &tspHier))) + return result; + /* The tcs_uuid returned by ps_get_registered_key2 will always be a parent + * of some key into the system ps of a user key into the user ps. This key + * needs to be searched for in the system ps to be merged */ + if ((result = RPC_EnumRegisteredKeys2(tspContext, &tcs_uuid, &tcsHierSize, + &tcsHier))) { + free(tspHier); + return result; + } + + result = merge_key_hierarchies2(tspContext, tspHierSize, tspHier, + tcsHierSize, tcsHier, pulKeyHierarchySize, + ppKeyHierarchy); + free(tcsHier); + free(tspHier); + } else + return TSPERR(TSS_E_BAD_PARAMETER); + } else { + /* If this field is set to NULL, the returned array of TSS_KM_KEYINFO2 structures + * contains data reflecting the entire key hierarchy starting with root key. The + * array will include keys from both the user and the system TSS key store. The + * persistentStorageType field will be ignored. */ + if ((result = RPC_EnumRegisteredKeys2(tspContext, pUuidData, &tcsHierSize, + &tcsHier))) + return result; + + if ((result = ps_get_registered_keys2(pUuidData, NULL, &tspHierSize, &tspHier))) { + free(tcsHier); + return result; + } + + result = merge_key_hierarchies2(tspContext, tspHierSize, tspHier, tcsHierSize, + tcsHier, pulKeyHierarchySize, ppKeyHierarchy); + free(tcsHier); + free(tspHier); + } + + if ((result = __tspi_add_mem_entry(tspContext, *ppKeyHierarchy))) { + free(*ppKeyHierarchy); + *ppKeyHierarchy = NULL; + *pulKeyHierarchySize = 0; + } + + return result; +} diff --git a/src/tspi/tspi_quote.c b/src/tspi/tspi_quote.c new file mode 100644 index 0000000..58d5de0 --- /dev/null +++ b/src/tspi/tspi_quote.c @@ -0,0 +1,217 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +TSS_RESULT +Tspi_TPM_Quote(TSS_HTPM hTPM, /* in */ + TSS_HKEY hIdentKey, /* in */ + TSS_HPCRS hPcrComposite, /* in */ + TSS_VALIDATION * pValidationData) /* in, out */ +{ + TCPA_RESULT result; + TPM_AUTH privAuth; + TPM_AUTH *pPrivAuth = &privAuth; + UINT64 offset; + TCPA_DIGEST digest; + TCS_KEY_HANDLE tcsKeyHandle; + TSS_HPOLICY hPolicy; + TCPA_NONCE antiReplay; + UINT32 pcrDataSize; + BYTE pcrData[128]; + UINT32 validationLength = 0; + BYTE *validationData = NULL; + UINT32 pcrDataOutSize; + BYTE *pcrDataOut; + UINT32 keyDataSize; + BYTE *keyData; + TSS_KEY keyContainer; + BYTE quoteinfo[1024]; + TSS_BOOL usesAuth; + TSS_HCONTEXT tspContext; + TCPA_VERSION version = {1, 1, 0, 0}; + Trspi_HashCtx hashCtx; + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + if (hPcrComposite && !obj_is_pcrs(hPcrComposite)) + return TSPERR(TSS_E_INVALID_HANDLE); + + /* get the identKey Policy */ + if ((result = obj_rsakey_get_policy(hIdentKey, TSS_POLICY_USAGE, &hPolicy, &usesAuth))) + return result; + + /* get the Identity TCS keyHandle */ + if ((result = obj_rsakey_get_tcs_handle(hIdentKey, &tcsKeyHandle))) + return result; + + if (pValidationData == NULL) { + if ((result = get_local_random(tspContext, FALSE, sizeof(TCPA_NONCE), + (BYTE **)antiReplay.nonce))) + return result; + } else { + if (pValidationData->ulExternalDataLength < sizeof(antiReplay.nonce)) + return TSPERR(TSS_E_BAD_PARAMETER); + + memcpy(antiReplay.nonce, pValidationData->rgbExternalData, + sizeof(antiReplay.nonce)); + } + + pcrDataSize = 0; + if (hPcrComposite) { + if ((result = obj_pcrs_get_selection(hPcrComposite, &pcrDataSize, pcrData))) + return result; + } + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_Quote); + result |= Trspi_HashUpdate(&hashCtx, TPM_SHA1_160_HASH_LEN, antiReplay.nonce); + result |= Trspi_HashUpdate(&hashCtx, pcrDataSize, pcrData); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if (usesAuth) { + if ((result = secret_PerformAuth_OIAP(hIdentKey, TPM_ORD_Quote, hPolicy, FALSE, + &digest, &privAuth))) { + return result; + } + pPrivAuth = &privAuth; + } else { + pPrivAuth = NULL; + } + + if ((result = TCS_API(tspContext)->Quote(tspContext, tcsKeyHandle, &antiReplay, pcrDataSize, + pcrData, pPrivAuth, &pcrDataOutSize, &pcrDataOut, + &validationLength, &validationData))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_Quote); + result |= Trspi_HashUpdate(&hashCtx, pcrDataOutSize, pcrDataOut); + result |= Trspi_Hash_UINT32(&hashCtx, validationLength); + result |= Trspi_HashUpdate(&hashCtx, validationLength, validationData); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if (usesAuth == TRUE) { + if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, &privAuth))) { + free(pcrDataOut); + free(validationData); + return result; + } + } + + if (hPcrComposite) { + TCPA_PCR_COMPOSITE pcrComp; + + offset = 0; + if ((result = Trspi_UnloadBlob_PCR_COMPOSITE(&offset, pcrDataOut, &pcrComp))) { + free(pcrDataOut); + free(validationData); + return result; + } + + if ((result = obj_pcrs_set_values(hPcrComposite, &pcrComp))) { + free(pcrDataOut); + free(validationData); + return result; + } + } + + if ((result = Tspi_GetAttribData(hIdentKey, TSS_TSPATTRIB_KEY_BLOB, + TSS_TSPATTRIB_KEYBLOB_BLOB, &keyDataSize, &keyData))) { + free(pcrDataOut); + free(validationData); + return result; + } + + /* create the validation data */ + offset = 0; + memset(&keyContainer, 0, sizeof(TSS_KEY)); + if ((result = UnloadBlob_TSS_KEY(&offset, keyData, &keyContainer))) + return result; + + /* creating pcrCompositeHash */ + Trspi_Hash(TSS_HASH_SHA1, pcrDataOutSize, pcrDataOut, digest.digest); + free(pcrDataOut); + + /* generate Quote_info struct */ + /* 1. add version */ + offset = 0; + if (keyContainer.hdr.key12.tag == TPM_TAG_KEY12) + Trspi_LoadBlob_TCPA_VERSION(&offset, quoteinfo, version); + else + Trspi_LoadBlob_TCPA_VERSION(&offset, quoteinfo, keyContainer.hdr.key11.ver); + /* 2. add "QUOT" */ + quoteinfo[offset++] = 'Q'; + quoteinfo[offset++] = 'U'; + quoteinfo[offset++] = 'O'; + quoteinfo[offset++] = 'T'; + /* 3. Composite Hash */ + Trspi_LoadBlob(&offset, TCPA_SHA1_160_HASH_LEN, quoteinfo, + digest.digest); + /* 4. AntiReplay Nonce */ + Trspi_LoadBlob(&offset, TCPA_SHA1_160_HASH_LEN, quoteinfo, + antiReplay.nonce); + + if (pValidationData == NULL) { + /* validate the data here */ + Trspi_Hash(TSS_HASH_SHA1, offset, quoteinfo, digest.digest); + + if ((result = Trspi_Verify(TSS_HASH_SHA1, digest.digest, 20, + keyContainer.pubKey.key, + keyContainer.pubKey.keyLength, + validationData, + validationLength))) { + free_key_refs(&keyContainer); + free(validationData); + return result; + } + free_key_refs(&keyContainer); + } else { + free_key_refs(&keyContainer); + + pValidationData->rgbValidationData = calloc_tspi(tspContext, validationLength); + if (pValidationData->rgbValidationData == NULL) { + LogError("malloc of %u bytes failed.", validationLength); + return TSPERR(TSS_E_OUTOFMEMORY); + } + pValidationData->ulValidationDataLength = validationLength; + memcpy(pValidationData->rgbValidationData, validationData, validationLength); + free(validationData); + + pValidationData->rgbData = calloc_tspi(tspContext, offset); + if (pValidationData->rgbData == NULL) { + LogError("malloc of %" PRIu64 " bytes failed.", offset); + free_tspi(tspContext, pValidationData->rgbValidationData); + pValidationData->rgbValidationData = NULL; + pValidationData->ulValidationDataLength = 0; + return TSPERR(TSS_E_OUTOFMEMORY); + } + pValidationData->ulDataLength = (UINT32)offset; + memcpy(pValidationData->rgbData, quoteinfo, offset); + } + + return TSS_SUCCESS; +} diff --git a/src/tspi/tspi_quote2.c b/src/tspi/tspi_quote2.c new file mode 100644 index 0000000..67d4dc1 --- /dev/null +++ b/src/tspi/tspi_quote2.c @@ -0,0 +1,286 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + +TSS_RESULT +Tspi_TPM_Quote2(TSS_HTPM hTPM, // in + TSS_HKEY hIdentKey, // in + TSS_BOOL fAddVersion, // in + TSS_HPCRS hPcrComposite, // in + TSS_VALIDATION* pValidationData, // in, out + UINT32* versionInfoSize, // out + BYTE** versionInfo) // out +{ + TPM_RESULT result; + TSS_HCONTEXT tspContext; + TPM_AUTH privAuth; + TPM_AUTH *pPrivAuth = &privAuth; + UINT64 offset; + TPM_DIGEST digest; + TSS_BOOL usesAuth; + TCS_KEY_HANDLE tcsKeyHandle; + TSS_HPOLICY hPolicy; + TPM_NONCE antiReplay; + UINT32 pcrDataSize; + BYTE pcrData[128]; + UINT32 sigSize = 0; + BYTE *sig = NULL; + UINT32 pcrDataOutSize; + BYTE *pcrDataOut; + BYTE quoteinfo[1024]; + Trspi_HashCtx hashCtx; + + LogDebug("Tspi_TPM_Quote2 Start:"); + + /* Takes the context that this TPM handle is on */ + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + /* Test if the hPcrComposite is valid */ + if ((hPcrComposite) && !obj_is_pcrs(hPcrComposite)) + return TSPERR(TSS_E_INVALID_HANDLE); + + /* get the identKey Policy */ + if ((result = obj_rsakey_get_policy(hIdentKey, TSS_POLICY_USAGE, &hPolicy, &usesAuth))) + return result; + + /* get the Identity TCS keyHandle */ + if ((result = obj_rsakey_get_tcs_handle(hIdentKey, &tcsKeyHandle))) + return result; + + /* Sets the validation data - if NULL, TSS provides it's own random value. If + * not NULL, takes the validation external data and sets the antiReplay data + * with this */ + if (pValidationData == NULL) { + LogDebug("Internal Verify:"); + if ((result = get_local_random(tspContext, FALSE, sizeof(TPM_NONCE), + (BYTE **)antiReplay.nonce))) + return result; + } else { + LogDebug("External Verify:"); + if (pValidationData->ulExternalDataLength < sizeof(antiReplay.nonce)) + return TSPERR(TSS_E_BAD_PARAMETER); + + memcpy(antiReplay.nonce, pValidationData->rgbExternalData, + sizeof(antiReplay.nonce)); + } + + /* Create the TPM_PCR_COMPOSITE object */ + pcrDataSize = 0; + if (hPcrComposite) { + /* Load the PCR Selection Object into the pcrData */ + if ((result = obj_pcrs_get_selection(hPcrComposite, &pcrDataSize, pcrData))) + return result; + } + + if (usesAuth) { + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_Quote2); + result |= Trspi_HashUpdate(&hashCtx, TPM_SHA1_160_HASH_LEN, antiReplay.nonce); + result |= Trspi_HashUpdate(&hashCtx, pcrDataSize, pcrData); + result |= Trspi_Hash_BOOL(&hashCtx,fAddVersion); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + if ((result = secret_PerformAuth_OIAP(hIdentKey, TPM_ORD_Quote2, hPolicy, FALSE, + &digest, &privAuth))) { + return result; + } + pPrivAuth = &privAuth; + } else { + pPrivAuth = NULL; + } + + /* Send to TCS */ + if ((result = TCS_API(tspContext)->Quote2(tspContext, tcsKeyHandle, &antiReplay, + pcrDataSize, pcrData, fAddVersion, pPrivAuth, + &pcrDataOutSize, &pcrDataOut, versionInfoSize, + versionInfo, &sigSize, &sig))) + return result; + +#ifdef TSS_DEBUG + LogDebug("Got TCS Response:"); + LogDebug(" pcrDataOutSize: %u",pcrDataOutSize); + LogDebug(" pcrDataOut:"); + LogDebugData(pcrDataOutSize,pcrDataOut); + LogDebug(" versionInfoSize: %u",*versionInfoSize); + LogDebug(" versionInfo:"); + if (*versionInfoSize >0) + LogDebugData(*versionInfoSize,*versionInfo); + LogDebug(" sigSize: %u",sigSize); + LogDebug(" sig:"); + LogDebugData(sigSize,sig); +#endif + + if (usesAuth) { + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_Quote2); + result |= Trspi_HashUpdate(&hashCtx, pcrDataOutSize, pcrDataOut); + result |= Trspi_Hash_UINT32(&hashCtx,*versionInfoSize); + if (*versionInfoSize > 0) + result |= Trspi_HashUpdate(&hashCtx, *versionInfoSize,*versionInfo); + result |= Trspi_Hash_UINT32(&hashCtx, sigSize); + result |= Trspi_HashUpdate(&hashCtx, sigSize, sig); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) { + free(pcrDataOut); + if (*versionInfoSize > 0) + free(*versionInfo); + free(sig); + return result; + } + if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, &privAuth))) { + free(pcrDataOut); + if (*versionInfoSize > 0) + free(*versionInfo); + free(sig); + return result; + } + } + + /* Set the pcrDataOut back to the TSS */ + if (hPcrComposite){ + TPM_PCR_INFO_SHORT pcrInfo; + + offset = 0; + if ((result = Trspi_UnloadBlob_PCR_INFO_SHORT(&offset, pcrDataOut, &pcrInfo))) { + free(pcrDataOut); + if (*versionInfoSize > 0) + free(*versionInfo); + free(sig); + return result; + } + + /* Set both digestAtRelease and localityAtRelease */ + if ((result = obj_pcrs_set_locality(hPcrComposite, pcrInfo.localityAtRelease))) { + free(pcrDataOut); + if (*versionInfoSize > 0) + free(*versionInfo); + free(sig); + return result; + } + + if ((result = obj_pcrs_set_digest_at_release(hPcrComposite, + pcrInfo.digestAtRelease))) { + free(pcrDataOut); + if (*versionInfoSize > 0) + free(*versionInfo); + free(sig); + return result; + } + } + + /* generate TPM_QUOTE_INFO2 struct */ + memset("einfo, 0, sizeof(quoteinfo)); + offset = 0; + /* 1. Add Structure TAG */ + quoteinfo[offset++] = 0x00; + quoteinfo[offset++] = (BYTE) TPM_TAG_QUOTE_INFO2; + + /* 2. add "QUT2" */ + quoteinfo[offset++]='Q'; + quoteinfo[offset++]='U'; + quoteinfo[offset++]='T'; + quoteinfo[offset++]='2'; + + /* 3. AntiReplay Nonce - add the external data*/ + Trspi_LoadBlob(&offset, TCPA_SHA1_160_HASH_LEN, quoteinfo, + antiReplay.nonce); + /* 4. add the infoshort TPM_PCR_INFO_SHORT data */ + Trspi_LoadBlob(&offset,pcrDataOutSize,quoteinfo,pcrDataOut); + free(pcrDataOut); + + if (fAddVersion) + Trspi_LoadBlob(&offset,*versionInfoSize,quoteinfo,*versionInfo); + else { + /* versionInfo was not allocated and versionInfoSize has invalid value */ + *versionInfoSize = 0; + *versionInfo = NULL; + } + + LogDebug("TPM_QUOTE_INFO2 data: "); + LogDebugData(offset,quoteinfo); + + if (pValidationData == NULL) { + if ((result = Trspi_Hash(TSS_HASH_SHA1, offset, quoteinfo, digest.digest))) { + free(sig); + if (*versionInfoSize > 0) + free(*versionInfo); + return result; + } + if ((result = __tspi_rsa_verify(hIdentKey,TSS_HASH_SHA1,sizeof(digest.digest), + digest.digest, sigSize, sig))) { + free(sig); + if (*versionInfoSize > 0) + free(*versionInfo); + return TSPERR(TSS_E_VERIFICATION_FAILED); + } + free(sig); + } else { + pValidationData->rgbValidationData = calloc_tspi(tspContext, sigSize); + if (pValidationData->rgbValidationData == NULL) { + LogError("malloc of %u bytes failed.", sigSize); + free(sig); + if (*versionInfoSize > 0) + free(*versionInfo); + return TSPERR(TSS_E_OUTOFMEMORY); + } + pValidationData->ulValidationDataLength = sigSize; + memcpy(pValidationData->rgbValidationData, sig, sigSize); + free(sig); + + pValidationData->rgbData = calloc_tspi(tspContext, offset); + if (pValidationData->rgbData == NULL) { + LogError("malloc of %" PRIu64 " bytes failed.", offset); + free_tspi(tspContext, pValidationData->rgbValidationData); + pValidationData->rgbValidationData = NULL; + pValidationData->ulValidationDataLength = 0; + if (*versionInfoSize > 0) + free(*versionInfo); + return TSPERR(TSS_E_OUTOFMEMORY); + } + pValidationData->ulDataLength = (UINT32)offset; + memcpy(pValidationData->rgbData, quoteinfo, offset); + } + + + if(*versionInfoSize > 0) { + if(fAddVersion) { + /* tag versionInfo so that it can be free'd by the app through Tspi_Context_FreeMemory */ + if ((result = __tspi_add_mem_entry(tspContext, *versionInfo))) { + free_tspi(tspContext, pValidationData->rgbValidationData); + pValidationData->rgbValidationData = NULL; + pValidationData->ulValidationDataLength = 0; + free_tspi(tspContext, pValidationData->rgbData); + pValidationData->rgbData = NULL; + pValidationData->ulDataLength = 0; + free(*versionInfo); + return result; + } + } + else { + free(*versionInfo); + } + } + + LogDebug("Tspi_TPM_Quote2 End"); + return TSS_SUCCESS; +} diff --git a/src/tspi/tspi_random.c b/src/tspi/tspi_random.c new file mode 100644 index 0000000..9fe8c27 --- /dev/null +++ b/src/tspi/tspi_random.c @@ -0,0 +1,74 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +TSS_RESULT +Tspi_TPM_GetRandom(TSS_HTPM hTPM, /* in */ + UINT32 ulRandomDataLength, /* in */ + BYTE ** prgbRandomData) /* out */ +{ + TSS_HCONTEXT tspContext; + TSS_RESULT result; + + if (prgbRandomData == NULL || ulRandomDataLength > 4096) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + if (ulRandomDataLength == 0) + return TSS_SUCCESS; + + if ((result = TCS_API(tspContext)->GetRandom(tspContext, ulRandomDataLength, + prgbRandomData))) + return result; + + if ((result = __tspi_add_mem_entry(tspContext, *prgbRandomData))) { + free(*prgbRandomData); + *prgbRandomData = NULL; + return result; + } + + return TSS_SUCCESS; +} + +TSS_RESULT +Tspi_TPM_StirRandom(TSS_HTPM hTPM, /* in */ + UINT32 ulEntropyDataLength, /* in */ + BYTE * rgbEntropyData) /* in */ +{ + TSS_RESULT result; + TSS_HCONTEXT tspContext; + + if (ulEntropyDataLength > 0 && rgbEntropyData == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + if ((result = TCS_API(tspContext)->StirRandom(tspContext, ulEntropyDataLength, + rgbEntropyData))) + return result; + + return TSS_SUCCESS; +} diff --git a/src/tspi/tspi_seal.c b/src/tspi/tspi_seal.c new file mode 100644 index 0000000..95250c6 --- /dev/null +++ b/src/tspi/tspi_seal.c @@ -0,0 +1,327 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" +#include "authsess.h" + + +TSS_RESULT +Tspi_Data_Seal(TSS_HENCDATA hEncData, /* in */ + TSS_HKEY hEncKey, /* in */ + UINT32 ulDataLength, /* in */ + BYTE * rgbDataToSeal, /* in */ + TSS_HPCRS hPcrComposite) /* in */ +{ + TPM_DIGEST digest; + TSS_RESULT result; + TSS_HPOLICY hPolicy, hEncPolicy; + BYTE *encData = NULL; + BYTE *pcrData = NULL; + UINT32 encDataSize; + UINT32 pcrDataSize; + UINT32 pcrInfoType = TSS_PCRS_STRUCT_DEFAULT; + UINT32 sealOrdinal = TPM_ORD_Seal; + TCS_KEY_HANDLE tcsKeyHandle; + TSS_HCONTEXT tspContext; + Trspi_HashCtx hashCtx; + BYTE *sealData = NULL; + struct authsess *xsap = NULL; +#ifdef TSS_BUILD_SEALX + UINT32 protectMode; +#endif + + if (rgbDataToSeal == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_encdata_get_tsp_context(hEncData, &tspContext))) + return result; + + if ((result = obj_rsakey_get_policy(hEncKey, TSS_POLICY_USAGE, + &hPolicy, NULL))) + return result; + + if ((result = obj_encdata_get_policy(hEncData, TSS_POLICY_USAGE, + &hEncPolicy))) + return result; + + if ((result = obj_rsakey_get_tcs_handle(hEncKey, &tcsKeyHandle))) + return result; + +#ifdef TSS_BUILD_SEALX + /* Get the TSS_TSPATTRIB_ENCDATASEAL_PROTECT_MODE attribute + to determine the seal function to invoke */ + if ((result = obj_encdata_get_seal_protect_mode(hEncData, &protectMode))) + return result; + + if (protectMode == TSS_TSPATTRIB_ENCDATASEAL_NO_PROTECT) { + sealOrdinal = TPM_ORD_Seal; + pcrInfoType = 0; + } else if (protectMode == TSS_TSPATTRIB_ENCDATASEAL_PROTECT) { + sealOrdinal = TPM_ORD_Sealx; + pcrInfoType = TSS_PCRS_STRUCT_INFO_LONG; + } else + return TSPERR(TSS_E_INTERNAL_ERROR); +#endif + + /* If PCR's are of interest */ + pcrDataSize = 0; + if (hPcrComposite) { + if ((result = obj_pcrs_create_info_type(hPcrComposite, &pcrInfoType, &pcrDataSize, + &pcrData))) + return result; + } + + if ((result = authsess_xsap_init(tspContext, hEncKey, hEncData, TSS_AUTH_POLICY_REQUIRED, + sealOrdinal, TPM_ET_KEYHANDLE, &xsap))) + goto error; + +#ifdef TSS_BUILD_SEALX + if (sealOrdinal == TPM_ORD_Seal) + sealData = rgbDataToSeal; + else { + if ((sealData = (BYTE *)calloc(1, ulDataLength)) == NULL) { + LogError("malloc of %u bytes failed", ulDataLength); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto error; + } + + if ((result = + ((TSS_RESULT (*)(PVOID, TSS_HKEY, TSS_HENCDATA, TSS_ALGORITHM_ID, + UINT32, BYTE *, BYTE *, BYTE *, BYTE *, UINT32, BYTE *, + BYTE *))xsap->cb_sealx.callback)(xsap->cb_sealx.appData, hEncKey, hEncData, + xsap->cb_sealx.alg, sizeof(TPM_NONCE), + xsap->auth.NonceEven.nonce, + xsap->auth.NonceOdd.nonce, + xsap->nonceEvenxSAP.nonce, + xsap->nonceOddxSAP.nonce, ulDataLength, + rgbDataToSeal, sealData))) + goto error; + } +#else + sealData = rgbDataToSeal; +#endif + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, sealOrdinal); + result |= Trspi_Hash_ENCAUTH(&hashCtx, xsap->encAuthUse.authdata); + result |= Trspi_Hash_UINT32(&hashCtx, pcrDataSize); + result |= Trspi_HashUpdate(&hashCtx, pcrDataSize, pcrData); + result |= Trspi_Hash_UINT32(&hashCtx, ulDataLength); + result |= Trspi_HashUpdate(&hashCtx, ulDataLength, sealData); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) { + goto error; + } + + if ((result = authsess_xsap_hmac(xsap, &digest))) + goto error; + +#ifdef TSS_BUILD_SEALX + if (sealOrdinal == TPM_ORD_Seal) { + if ((result = TCS_API(tspContext)->Seal(tspContext, tcsKeyHandle, &xsap->encAuthUse, + pcrDataSize, pcrData, ulDataLength, + sealData, xsap->pAuth, &encDataSize, + &encData))) { + goto error; + } + } else if (sealOrdinal == TPM_ORD_Sealx) { + if ((result = TCS_API(tspContext)->Sealx(tspContext, tcsKeyHandle, &xsap->encAuthUse, + pcrDataSize, pcrData, ulDataLength, sealData, + xsap->pAuth, &encDataSize, &encData))) { + goto error; + } + } else { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto error; + } +#else + if ((result = TCS_API(tspContext)->Seal(tspContext, tcsKeyHandle, &xsap->encAuthUse, + pcrDataSize, pcrData, ulDataLength, sealData, + xsap->pAuth, &encDataSize, &encData))) + goto error; +#endif + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, sealOrdinal); + result |= Trspi_HashUpdate(&hashCtx, encDataSize, encData); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto error; + + if ((result = authsess_xsap_verify(xsap, &digest))) + goto error; + + /* Need to set the object with the blob and the pcr's */ + if ((result = obj_encdata_set_data(hEncData, encDataSize, encData))) + goto error; + + if (pcrDataSize) + result = obj_encdata_set_pcr_info(hEncData, pcrInfoType, pcrData); + +error: + authsess_free(xsap); + free(encData); + free(pcrData); + if (sealData != rgbDataToSeal) + free(sealData); + return result; +} + +TSS_RESULT +Tspi_Data_Unseal(TSS_HENCDATA hEncData, /* in */ + TSS_HKEY hKey, /* in */ + UINT32 * pulUnsealedDataLength,/* out */ + BYTE ** prgbUnsealedData) /* out */ +{ + UINT64 offset; + TPM_AUTH privAuth2; + TPM_DIGEST digest; + TPM_NONCE authLastNonceEven; + TSS_RESULT result; + TSS_HPOLICY hPolicy, hEncPolicy; + TCS_KEY_HANDLE tcsKeyHandle; + TSS_HCONTEXT tspContext; + UINT32 ulDataLen, unSealedDataLen; + BYTE *data = NULL, *unSealedData = NULL, *maskedData; + UINT16 mask; + Trspi_HashCtx hashCtx; + struct authsess *xsap = NULL; + + if (pulUnsealedDataLength == NULL || prgbUnsealedData == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_encdata_get_tsp_context(hEncData, &tspContext))) + return result; + + if ((result = obj_rsakey_get_policy(hKey, TSS_POLICY_USAGE, &hPolicy, NULL))) + return result; + + if ((result = obj_encdata_get_policy(hEncData, TSS_POLICY_USAGE, &hEncPolicy))) + return result; + + if ((result = obj_encdata_get_data(hEncData, &ulDataLen, &data))) + return result == (TSS_E_INVALID_OBJ_ACCESS | TSS_LAYER_TSP) ? + TSPERR(TSS_E_ENC_NO_DATA) : + result; + + offset = 0; + Trspi_UnloadBlob_UINT16(&offset, &mask, data); + if (mask == TPM_TAG_STORED_DATA12) { + /* The second UINT16 in a TPM_STORED_DATA12 is the entity type. If its non-zero + * then we must unmask the unsealed data after it returns from the TCS */ + Trspi_UnloadBlob_UINT16(&offset, &mask, data); + } else + mask = 0; + + if ((result = obj_rsakey_get_tcs_handle(hKey, &tcsKeyHandle))) + goto error; + + if ((result = authsess_xsap_init(tspContext, hKey, hEncData, TSS_AUTH_POLICY_REQUIRED, + TPM_ORD_Unseal, TPM_ET_KEYHANDLE, &xsap))) + goto error; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_Unseal); + result |= Trspi_HashUpdate(&hashCtx, ulDataLen, data); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto error; + + if ((result = authsess_xsap_hmac(xsap, &digest))) + goto error; + + if ((result = secret_PerformAuth_OIAP(hEncData, TPM_ORD_Unseal, hEncPolicy, FALSE, &digest, + &privAuth2))) + goto error; + + if (mask) { + /* save off last nonce even to pass to sealx callback */ + memcpy(authLastNonceEven.nonce, xsap->auth.NonceEven.nonce, sizeof(TPM_NONCE)); + } + + if ((result = TCS_API(tspContext)->Unseal(tspContext, tcsKeyHandle, ulDataLen, data, + xsap->pAuth, &privAuth2, &unSealedDataLen, + &unSealedData))) + goto error; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TSS_SUCCESS); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_Unseal); + result |= Trspi_Hash_UINT32(&hashCtx, unSealedDataLen); + result |= Trspi_HashUpdate(&hashCtx, unSealedDataLen, unSealedData); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) { + free(unSealedData); + goto error; + } + + if ((result = authsess_xsap_verify(xsap, &digest))) { + free(unSealedData); + goto error; + } + + if ((result = obj_policy_validate_auth_oiap(hEncPolicy, &digest, &privAuth2))) { + free(unSealedData); + goto error; + } + + /* If the data is masked, use the callback set up in authsess_xsap_init */ + if (mask) { + maskedData = unSealedData; + + if ((unSealedData = calloc_tspi(tspContext, unSealedDataLen)) == NULL) { + free(maskedData); + LogError("malloc of %u bytes failed", unSealedDataLen); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto error; + } + + /* XXX pass in out saved-off authLastNonceEven. This conflicts with the + * description of the rgbNonceEven parameter in the spec, but without it, its not + * possible to compute the MGF1 key */ + if ((result = + ((TSS_RESULT (*)(PVOID, TSS_HKEY, TSS_HENCDATA, TSS_ALGORITHM_ID, + UINT32, BYTE *, BYTE *, BYTE *, BYTE *, UINT32, BYTE *, + BYTE *))xsap->cb_sealx.callback)(xsap->cb_sealx.appData, hKey, hEncData, + xsap->cb_sealx.alg, sizeof(TPM_NONCE), + authLastNonceEven.nonce, + xsap->auth.NonceOdd.nonce, + xsap->nonceEvenxSAP.nonce, + xsap->nonceOddxSAP.nonce, + unSealedDataLen, maskedData, + unSealedData))) { + free(maskedData); + goto error; + } + + free(maskedData); + } else { + if ((result = __tspi_add_mem_entry(tspContext, unSealedData))) + goto error; + } + + *pulUnsealedDataLength = unSealedDataLen; + *prgbUnsealedData = unSealedData; + +error: + authsess_free(xsap); + if (data) + free_tspi(tspContext, data); + + return result; +} diff --git a/src/tspi/tspi_selftest.c b/src/tspi/tspi_selftest.c new file mode 100644 index 0000000..2cd31d2 --- /dev/null +++ b/src/tspi/tspi_selftest.c @@ -0,0 +1,206 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +TSS_RESULT +Tspi_TPM_SelfTestFull(TSS_HTPM hTPM) /* in */ +{ + TSS_RESULT result; + TSS_HCONTEXT tspContext; + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + return TCS_API(tspContext)->SelfTestFull(tspContext); +} + +TSS_RESULT +Tspi_TPM_CertifySelfTest(TSS_HTPM hTPM, /* in */ + TSS_HKEY hKey, /* in */ + TSS_VALIDATION *pValidationData) /* in, out */ +{ + TCPA_RESULT result; + TPM_AUTH keyAuth; + UINT64 offset = 0; + TCPA_DIGEST digest; + TCPA_NONCE antiReplay; + UINT32 outDataSize; + BYTE *outData; + TSS_HPOLICY hPolicy; + TCS_KEY_HANDLE keyTCSKeyHandle; + BYTE *keyData = NULL; + UINT32 keyDataSize; + TSS_KEY keyContainer; + TPM_AUTH *pKeyAuth; + TSS_BOOL useAuth; + TSS_HCONTEXT tspContext; + Trspi_HashCtx hashCtx; + + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + if ((result = obj_rsakey_get_policy(hKey, TSS_POLICY_USAGE, + &hPolicy, &useAuth))) + return result; + + if ((result = obj_rsakey_get_tcs_handle(hKey, &keyTCSKeyHandle))) + return result; + + if (pValidationData == NULL) { + if ((result = get_local_random(tspContext, FALSE, sizeof(TCPA_NONCE), + (BYTE **)antiReplay.nonce))) { + LogError("Failed creating random nonce"); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + } else { + if (pValidationData->ulExternalDataLength < sizeof(antiReplay.nonce)) + return TSPERR(TSS_E_BAD_PARAMETER); + + memcpy(antiReplay.nonce, pValidationData->rgbExternalData, + sizeof(antiReplay.nonce)); + } + + if (useAuth) { + LogDebug("Uses Auth"); + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_CertifySelfTest); + result |= Trspi_HashUpdate(&hashCtx, sizeof(TCPA_NONCE), antiReplay.nonce); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if ((result = secret_PerformAuth_OIAP(hKey, TPM_ORD_CertifySelfTest, hPolicy, FALSE, + &digest, &keyAuth))) + return result; + pKeyAuth = &keyAuth; + } else { + LogDebug("No Auth"); + pKeyAuth = NULL; + } + + if ((result = TCS_API(tspContext)->CertifySelfTest(tspContext, keyTCSKeyHandle, antiReplay, + pKeyAuth, &outDataSize, &outData))) + return result; + + /* validate auth */ + if (useAuth) { + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_CertifySelfTest); + result |= Trspi_Hash_UINT32(&hashCtx, outDataSize); + result |= Trspi_HashUpdate(&hashCtx, outDataSize, outData); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, &keyAuth))) + return result; + } + + if (pValidationData == NULL) { + if ((result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, + TSS_TSPATTRIB_KEYBLOB_BLOB, &keyDataSize, &keyData))) { + LogError("Failed call to GetAttribData to get key blob"); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + offset = 0; + memset(&keyContainer, 0, sizeof(TSS_KEY)); + if ((result = UnloadBlob_TSS_KEY(&offset, keyData, &keyContainer))) + return result; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_HashUpdate(&hashCtx, strlen("Test Passed"), (BYTE *)"Test Passed"); + result |= Trspi_HashUpdate(&hashCtx, sizeof(TCPA_NONCE), antiReplay.nonce); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_CertifySelfTest); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + return result; + + if ((result = Trspi_Verify(TSS_HASH_SHA1, digest.digest, 20, + keyContainer.pubKey.key, keyContainer.pubKey.keyLength, + outData, outDataSize))) { + free(outData); + free_key_refs(&keyContainer); + return TSPERR(TSS_E_VERIFICATION_FAILED); + } + + } else { + pValidationData->ulDataLength = sizeof(TCPA_NONCE) + sizeof(UINT32) + + strlen("Test Passed"); + pValidationData->rgbData = calloc_tspi(tspContext, pValidationData->ulDataLength); + if (pValidationData->rgbData == NULL) { + LogError("malloc of %u bytes failed.", pValidationData->ulDataLength); + pValidationData->ulDataLength = 0; + return TSPERR(TSS_E_OUTOFMEMORY); + } + offset = 0; + Trspi_LoadBlob(&offset, strlen("Test Passed"), pValidationData->rgbData, + (BYTE *)"Test Passed"); + Trspi_LoadBlob(&offset, sizeof(TCPA_NONCE), pValidationData->rgbData, + antiReplay.nonce); + Trspi_LoadBlob_UINT32(&offset, TPM_ORD_CertifySelfTest, pValidationData->rgbData); + pValidationData->ulValidationDataLength = outDataSize; + pValidationData->rgbValidationData = calloc_tspi(tspContext, outDataSize); + if (pValidationData->rgbValidationData == NULL) { + free_tspi(tspContext, pValidationData->rgbData); + pValidationData->rgbData = NULL; + pValidationData->ulDataLength = 0; + LogError("malloc of %u bytes failed.", + pValidationData->ulValidationDataLength); + pValidationData->ulValidationDataLength = 0; + return TSPERR(TSS_E_OUTOFMEMORY); + } + memcpy(pValidationData->rgbValidationData, outData, outDataSize); + free(outData); + } + + return TSS_SUCCESS; +} + +TSS_RESULT +Tspi_TPM_GetTestResult(TSS_HTPM hTPM, /* in */ + UINT32 * pulTestResultLength, /* out */ + BYTE ** prgbTestResult) /* out */ +{ + TSS_HCONTEXT tspContext; + TSS_RESULT result; + + if (pulTestResultLength == NULL || prgbTestResult == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + if ((result = TCS_API(tspContext)->GetTestResult(tspContext, pulTestResultLength, + prgbTestResult))) + return result; + + if ((result = __tspi_add_mem_entry(tspContext, *prgbTestResult))) { + free(*prgbTestResult); + *prgbTestResult = NULL; + *pulTestResultLength = 0; + } + + return TSS_SUCCESS; +} + diff --git a/src/tspi/tspi_sign.c b/src/tspi/tspi_sign.c new file mode 100644 index 0000000..9880cf2 --- /dev/null +++ b/src/tspi/tspi_sign.c @@ -0,0 +1,150 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2006 + * + */ + + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + +TSS_RESULT +Tspi_Hash_Sign(TSS_HHASH hHash, /* in */ + TSS_HKEY hKey, /* in */ + UINT32 * pulSignatureLength, /* out */ + BYTE ** prgbSignature) /* out */ +{ + TPM_AUTH privAuth; + TPM_AUTH *pPrivAuth = &privAuth; + TCPA_DIGEST digest; + TCPA_RESULT result; + TSS_HPOLICY hPolicy; + TCS_KEY_HANDLE tcsKeyHandle; + TSS_BOOL usesAuth; + TSS_HCONTEXT tspContext; + UINT32 ulDataLen; + BYTE *data; + Trspi_HashCtx hashCtx; + + if (pulSignatureLength == NULL || prgbSignature == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_hash_get_tsp_context(hHash, &tspContext))) + return result; + + if ((result = obj_rsakey_get_policy(hKey, TSS_POLICY_USAGE, &hPolicy, &usesAuth))) + return result; + + if ((result = obj_hash_get_value(hHash, &ulDataLen, &data))) + return result; + + if ((result = obj_rsakey_get_tcs_handle(hKey, &tcsKeyHandle))) + goto done; + + if (usesAuth) { + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_Sign); + result |= Trspi_Hash_UINT32(&hashCtx, ulDataLen); + result |= Trspi_HashUpdate(&hashCtx, ulDataLen, data); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) + goto done; + + pPrivAuth = &privAuth; + + if ((result = secret_PerformAuth_OIAP(hKey, TPM_ORD_Sign, hPolicy, FALSE, &digest, + &privAuth))) + goto done; + } else { + pPrivAuth = NULL; + } + + if ((result = TCS_API(tspContext)->Sign(tspContext, tcsKeyHandle, ulDataLen, data, + pPrivAuth, pulSignatureLength, prgbSignature))) + goto done; + + if (usesAuth) { + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_Sign); + result |= Trspi_Hash_UINT32(&hashCtx, *pulSignatureLength); + result |= Trspi_HashUpdate(&hashCtx, *pulSignatureLength, *prgbSignature); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) { + free(*prgbSignature); + goto done; + } + + if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, &privAuth))) { + free(*prgbSignature); + goto done; + } + } + + if ((result = __tspi_add_mem_entry(tspContext, *prgbSignature))) + free(*prgbSignature); + +done: + free_tspi(tspContext, data); + return result; +} + +TSS_RESULT +Tspi_Hash_VerifySignature(TSS_HHASH hHash, /* in */ + TSS_HKEY hKey, /* in */ + UINT32 ulSignatureLength, /* in */ + BYTE * rgbSignature) /* in */ +{ + TCPA_RESULT result; + BYTE *pubKey = NULL; + UINT32 pubKeySize; + BYTE *hashData = NULL; + UINT32 hashDataSize; + UINT32 sigScheme; + TSS_HCONTEXT tspContext; + + if (ulSignatureLength > 0 && rgbSignature == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_rsakey_get_tsp_context(hKey, &tspContext))) + return result; + + if ((result = obj_rsakey_get_modulus(hKey, &pubKeySize, &pubKey))) + return result; + + if ((result = obj_rsakey_get_ss(hKey, &sigScheme))) { + free_tspi(tspContext, pubKey); + return result; + } + + if ((result = obj_hash_get_value(hHash, &hashDataSize, &hashData))) { + free_tspi(tspContext, pubKey); + return result; + } + + if (sigScheme == TSS_SS_RSASSAPKCS1V15_SHA1) { + result = Trspi_Verify(TSS_HASH_SHA1, hashData, hashDataSize, pubKey, pubKeySize, + rgbSignature, ulSignatureLength); + } else if (sigScheme == TSS_SS_RSASSAPKCS1V15_DER) { + result = Trspi_Verify(TSS_HASH_OTHER, hashData, hashDataSize, pubKey, pubKeySize, + rgbSignature, ulSignatureLength); + } else { + result = TSPERR(TSS_E_INVALID_SIGSCHEME); + } + + free_tspi(tspContext, pubKey); + free_tspi(tspContext, hashData); + + return result; +} diff --git a/src/tspi/tspi_tick.c b/src/tspi/tspi_tick.c new file mode 100644 index 0000000..65ab07d --- /dev/null +++ b/src/tspi/tspi_tick.c @@ -0,0 +1,178 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + + +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +TSS_RESULT +Tspi_Hash_TickStampBlob(TSS_HHASH hHash, /* in */ + TSS_HKEY hIdentKey, /* in */ + TSS_VALIDATION* pValidationData) /* in */ +{ + TSS_RESULT result; + TSS_HCONTEXT tspContext; + TCS_KEY_HANDLE tcsKey; + TSS_HPOLICY hPolicy; + TPM_DIGEST digest; + TSS_BOOL usesAuth; + TPM_AUTH auth, *pAuth; + UINT32 hashLen, sigLen, tcLen, signInfoLen; + BYTE *hash, *sig, *tc, *signInfo = NULL; + UINT64 offset; + Trspi_HashCtx hashCtx; + + if (pValidationData == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_hash_get_tsp_context(hHash, &tspContext))) + return result; + + if (pValidationData->ulExternalDataLength != sizeof(TPM_NONCE)) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_hash_get_value(hHash, &hashLen, &hash))) + return result; + + if (hashLen != sizeof(TPM_DIGEST)) { + free_tspi(tspContext, hash); + return TSPERR(TSS_E_HASH_INVALID_LENGTH); + } + + if ((result = obj_rsakey_get_policy(hIdentKey, TSS_POLICY_USAGE, &hPolicy, &usesAuth))) + return result; + + if ((result = obj_rsakey_get_tcs_handle(hIdentKey, &tcsKey))) + return result; + + if (usesAuth) { + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_TickStampBlob); + result |= Trspi_HashUpdate(&hashCtx, sizeof(TPM_NONCE), + pValidationData->rgbExternalData); + result |= Trspi_HashUpdate(&hashCtx, sizeof(TPM_DIGEST), hash); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) { + free_tspi(tspContext, hash); + return result; + } + + if ((result = secret_PerformAuth_OIAP(hIdentKey, TPM_ORD_TickStampBlob, hPolicy, + FALSE, &digest, &auth))) { + free_tspi(tspContext, hash); + return result; + } + pAuth = &auth; + } else + pAuth = NULL; + + if ((result = TCS_API(tspContext)->TickStampBlob(tspContext, tcsKey, + (TPM_NONCE *)pValidationData->rgbExternalData, + (TPM_DIGEST *)hash, pAuth, &sigLen, &sig, &tcLen, + &tc))) { + free_tspi(tspContext, hash); + return result; + } + + if (usesAuth) { + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_UINT32(&hashCtx, result); + result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_TickStampBlob); + result |= Trspi_HashUpdate(&hashCtx, tcLen, tc); + result |= Trspi_Hash_UINT32(&hashCtx, sigLen); + result |= Trspi_HashUpdate(&hashCtx, sigLen, sig); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) { + free_tspi(tspContext, hash); + free(sig); + free(tc); + return result; + } + + if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, pAuth))) { + free_tspi(tspContext, hash); + free(sig); + free(tc); + return result; + } + } + + /* tag fixed replay length(Data) Data */ + signInfoLen = sizeof(UINT16) + 4 + sizeof(TPM_NONCE) + sizeof(UINT32) + sizeof(TPM_DIGEST) + tcLen; + if ((signInfo = calloc_tspi(tspContext, signInfoLen)) == NULL) { + free_tspi(tspContext, hash); + free(sig); + free(tc); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + offset = 0; + Trspi_LoadBlob_UINT16(&offset, TPM_TAG_SIGNINFO, signInfo); + Trspi_LoadBlob_BYTE(&offset, 'T', signInfo); + Trspi_LoadBlob_BYTE(&offset, 'S', signInfo); + Trspi_LoadBlob_BYTE(&offset, 'T', signInfo); + Trspi_LoadBlob_BYTE(&offset, 'P', signInfo); + Trspi_LoadBlob(&offset, sizeof(TPM_NONCE), signInfo, pValidationData->rgbExternalData); + Trspi_LoadBlob_UINT32(&offset, sizeof(TPM_DIGEST) + tcLen, signInfo); + Trspi_LoadBlob(&offset, sizeof(TPM_DIGEST), signInfo, hash); + Trspi_LoadBlob(&offset, (size_t)tcLen, signInfo, tc); + + free(tc); + free_tspi(tspContext, hash); + + pValidationData->rgbData = signInfo; + pValidationData->ulDataLength = signInfoLen; + + /* tag sig so that it can be free'd by the app through Tspi_Context_FreeMemory */ + if ((result = __tspi_add_mem_entry(tspContext, sig))) { + free_tspi(tspContext, signInfo); + free(sig); + return result; + } + + pValidationData->rgbValidationData = sig; + pValidationData->ulValidationDataLength = sigLen; + + return TSS_SUCCESS; +} + +TSS_RESULT +Tspi_TPM_ReadCurrentTicks(TSS_HTPM hTPM, /* in */ + TPM_CURRENT_TICKS* tickCount) /* out */ +{ + TSS_RESULT result; + TSS_HCONTEXT tspContext; + UINT32 tcLen; + BYTE *tc; + UINT64 offset; + + if (tickCount == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + if ((result = TCS_API(tspContext)->ReadCurrentTicks(tspContext, &tcLen, &tc))) + return result; + + offset = 0; + Trspi_UnloadBlob_CURRENT_TICKS(&offset, tc, tickCount); + free(tc); + + return result; +} diff --git a/src/tspi/tspi_transport.c b/src/tspi/tspi_transport.c new file mode 100644 index 0000000..bd956cd --- /dev/null +++ b/src/tspi/tspi_transport.c @@ -0,0 +1,119 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004-2007 + * + */ + + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + + +TSS_RESULT +Tspi_Context_SetTransEncryptionKey(TSS_HCONTEXT hContext, /* in */ + TSS_HKEY hIdentKey) /* in */ +{ + if (!obj_is_rsakey(hIdentKey)) + return TSPERR(TSS_E_INVALID_HANDLE); + + return obj_context_set_transport_key(hContext, hIdentKey); +} + +TSS_RESULT +Tspi_Context_CloseSignTransport(TSS_HCONTEXT hContext, /* in */ + TSS_HKEY hSigningKey, /* in */ + TSS_VALIDATION* pValidationData) /* in, out */ +{ + TSS_RESULT result; + TSS_HPOLICY hPolicy; + TSS_BOOL usesAuth; + UINT32 sigLen; + BYTE *sig; + UINT64 offset; + Trspi_HashCtx hashCtx; + TPM_DIGEST digest; + TPM_SIGN_INFO signInfo; + + if (!obj_is_context(hContext)) + return TSPERR(TSS_E_INVALID_HANDLE); + + if ((result = obj_rsakey_get_policy(hSigningKey, TSS_POLICY_USAGE, &hPolicy, &usesAuth))) + return result; + + if (pValidationData) { + if (pValidationData->ulExternalDataLength != sizeof(TPM_NONCE)) + return TSPERR(TSS_E_BAD_PARAMETER); + + memcpy(signInfo.replay.nonce, pValidationData->rgbExternalData, sizeof(TPM_NONCE)); + } else { + if ((result = get_local_random(hContext, FALSE, sizeof(TPM_NONCE), + (BYTE **)&signInfo.replay.nonce))) + return result; + } + + /* the transport sessions properties are kept in the context object itself, so just pass + * in what this function provides and let it call ReleaseTransportSigned */ + if ((result = obj_context_transport_close(hContext, hSigningKey, hPolicy, usesAuth, + &signInfo, &sigLen, &sig))) + return result; + + /* inside obj_context_transport_close we set up all the fields of the sign info structure + * other than the tag and 'fixed' */ + signInfo.tag = TPM_TAG_SIGNINFO; + signInfo.fixed[0] = 'T'; + signInfo.fixed[1] = 'R'; + signInfo.fixed[2] = 'A'; + signInfo.fixed[3] = 'N'; + + /* hash the sign info struct for use in verifying the TPM's signature */ + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_SIGN_INFO(&hashCtx, &signInfo); + if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) { + free(sig); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + offset = 0; + if (pValidationData) { + /* tag the returned allocated memory as alloc'd by the TSP */ + if ((result = __tspi_add_mem_entry(hContext, sig))) { + free(sig); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + pValidationData->rgbValidationData = sig; + pValidationData->ulValidationDataLength = sigLen; + + /* passing a NULL blob here puts the exact size of TPM_SIGN_INFO into offset */ + Trspi_LoadBlob_SIGN_INFO(&offset, NULL, &signInfo); + pValidationData->rgbData = calloc_tspi(hContext, offset); + if (pValidationData->rgbData == NULL) { + LogError("malloc of %" PRIu64 " bytes failed.", offset); + free_tspi(hContext, pValidationData->rgbValidationData); + pValidationData->rgbValidationData = NULL; + pValidationData->ulValidationDataLength = 0; + return TSPERR(TSS_E_OUTOFMEMORY); + } + pValidationData->ulDataLength = (UINT32)offset; + + offset = 0; + Trspi_LoadBlob_SIGN_INFO(&offset, pValidationData->rgbData, &signInfo); + } else + result = __tspi_rsa_verify(hSigningKey, TSS_HASH_SHA1, sizeof(TPM_DIGEST), digest.digest, + sigLen, sig); + + return result; +} -- cgit v1.2.3