1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
|
/*
* Licensed Materials - Property of IBM
*
* trousers - An open source TCG Software Stack
*
* (C) Copyright International Business Machines Corp. 2004
*
*/
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <inttypes.h>
#include "trousers/tss.h"
#include "trousers_types.h"
#include "tcs_tsp.h"
#include "tcsps.h"
#include "tcs_utils.h"
#include "tcs_int_literals.h"
#include "capabilities.h"
#include "tcslog.h"
#include "req_mgr.h"
#include "tcsd_wrap.h"
#include "tcsd.h"
TSS_RESULT
TCSP_Seal_Internal(UINT32 sealOrdinal, /* in */
TCS_CONTEXT_HANDLE hContext, /* in */
TCS_KEY_HANDLE keyHandle, /* in */
TCPA_ENCAUTH encAuth, /* in */
UINT32 pcrInfoSize, /* in */
BYTE * PcrInfo, /* in */
UINT32 inDataSize, /* in */
BYTE * inData, /* in */
TPM_AUTH * pubAuth, /* in, out */
UINT32 * SealedDataSize, /* out */
BYTE ** SealedData) /* out */
{
UINT64 offset = 0;
TSS_RESULT result;
UINT32 paramSize;
TCPA_KEY_HANDLE keySlot;
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
LogDebug("Entering Seal");
if (!pubAuth)
return TCSERR(TSS_E_BAD_PARAMETER);
if ((result = ctx_verify_context(hContext)))
goto done;
if ((result = auth_mgr_check(hContext, &pubAuth->AuthHandle)))
goto done;
if ((result = ensureKeyIsLoaded(hContext, keyHandle, &keySlot)))
goto done;
/* XXX What's this check for? */
if (keySlot == 0) {
result = TCSERR(TSS_E_FAIL);
goto done;
}
if ((result = tpm_rqu_build(sealOrdinal, &offset, txBlob, keySlot, encAuth.authdata,
pcrInfoSize, PcrInfo, inDataSize, inData, pubAuth)))
return result;
if ((result = req_mgr_submit_req(txBlob)))
goto done;
offset = 10;
result = UnloadBlob_Header(txBlob, ¶mSize);
if (!result) {
result = tpm_rsp_parse(sealOrdinal, txBlob, paramSize, SealedDataSize,
SealedData, pubAuth);
}
LogResult("Seal", result);
done:
auth_mgr_release_auth(pubAuth, NULL, hContext);
return result;
}
TSS_RESULT
TCSP_Unseal_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
TCS_KEY_HANDLE parentHandle, /* in */
UINT32 SealedDataSize, /* in */
BYTE * SealedData, /* in */
TPM_AUTH * parentAuth, /* in, out */
TPM_AUTH * dataAuth, /* in, out */
UINT32 * DataSize, /* out */
BYTE ** Data) /* out */
{
UINT64 offset = 0;
UINT32 paramSize;
TSS_RESULT result;
TCPA_KEY_HANDLE keySlot;
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
LogDebug("Entering Unseal");
if (dataAuth == NULL)
return TCSERR(TSS_E_BAD_PARAMETER);
if ((result = ctx_verify_context(hContext)))
goto done;
if (parentAuth != NULL) {
LogDebug("Auth used");
if ((result = auth_mgr_check(hContext, &parentAuth->AuthHandle)))
goto done;
} else {
LogDebug("No Auth");
}
if ((result = auth_mgr_check(hContext, &dataAuth->AuthHandle)))
goto done;
if ((result = ensureKeyIsLoaded(hContext, parentHandle, &keySlot)))
goto done;
/* XXX What's this check for? */
if (keySlot == 0) {
result = TCSERR(TSS_E_FAIL);
goto done;
}
if ((result = tpm_rqu_build(TPM_ORD_Unseal, &offset, txBlob, keySlot, SealedDataSize,
SealedData, parentAuth, dataAuth)))
return result;
if ((result = req_mgr_submit_req(txBlob)))
goto done;
offset = 10;
result = UnloadBlob_Header(txBlob, ¶mSize);
if (!result) {
result = tpm_rsp_parse(TPM_ORD_Unseal, txBlob, paramSize, DataSize, Data,
parentAuth, dataAuth);
}
LogResult("Unseal", result);
done:
auth_mgr_release_auth(parentAuth, dataAuth, hContext);
return result;
}
|
