1 2/* 3 * Licensed Materials - Property of IBM 4 * 5 * trousers - An open source TCG Software Stack 6 * 7 * (C) Copyright International Business Machines Corp. 2004-2006 8 * 9 */ 10 11#include <stdlib.h> 12#include <stdio.h> 13#include <syslog.h> 14#include <string.h> 15#include <netdb.h> 16 17#include "trousers/tss.h" 18#include "trousers_types.h" 19#include "tcs_tsp.h" 20#include "tcs_utils.h" 21#include "tcs_int_literals.h" 22#include "capabilities.h" 23#include "tcslog.h" 24#include "tcsd_wrap.h" 25#include "tcsd.h" 26#include "tcs_utils.h" 27#include "rpc_tcstp_tcs.h" 28 29 30TSS_RESULT 31tcs_common_Seal(UINT32 sealOrdinal, 32 struct tcsd_thread_data *data) 33{ 34 TSS_RESULT result; 35 TCS_CONTEXT_HANDLE hContext; 36 TCS_KEY_HANDLE keyHandle; 37 TCPA_ENCAUTH KeyUsageAuth; 38 UINT32 PCRInfoSize, inDataSize; 39 BYTE *PCRInfo = NULL, *inData = NULL; 40 TPM_AUTH emptyAuth, pubAuth, *pAuth; 41 UINT32 outDataSize; 42 BYTE *outData; 43 44 int i = 0; 45 46 memset(&emptyAuth, 0, sizeof(TPM_AUTH)); 47 memset(&pubAuth, 0, sizeof(TPM_AUTH)); 48 49 if (getData(TCSD_PACKET_TYPE_UINT32, i++, &hContext, 0, &data->comm)) 50 return TCSERR(TSS_E_INTERNAL_ERROR); 51 52 if ((result = ctx_verify_context(hContext))) 53 goto done; 54 55 LogDebugFn("thread %ld context %x", THREAD_ID, hContext); 56 57 if (getData(TCSD_PACKET_TYPE_UINT32, i++, &keyHandle, 0, &data->comm)) 58 return TCSERR(TSS_E_INTERNAL_ERROR); 59 if (getData(TCSD_PACKET_TYPE_ENCAUTH, i++, &KeyUsageAuth, 0, &data->comm)) 60 return TCSERR(TSS_E_INTERNAL_ERROR); 61 if (getData(TCSD_PACKET_TYPE_UINT32, i++, &PCRInfoSize, 0, &data->comm)) 62 return TCSERR(TSS_E_INTERNAL_ERROR); 63 64 if (PCRInfoSize > 0) { 65 PCRInfo = calloc(1, PCRInfoSize); 66 if (PCRInfo == NULL) { 67 LogError("malloc of %u bytes failed.", PCRInfoSize); 68 return TCSERR(TSS_E_OUTOFMEMORY); 69 } 70 71 if (getData(TCSD_PACKET_TYPE_PBYTE, i++, PCRInfo, PCRInfoSize, &data->comm)) { 72 free(PCRInfo); 73 return TCSERR(TSS_E_INTERNAL_ERROR); 74 } 75 } 76 77 if (getData(TCSD_PACKET_TYPE_UINT32, i++, &inDataSize, 0, &data->comm)) { 78 free(PCRInfo); 79 return TCSERR(TSS_E_INTERNAL_ERROR); 80 } 81 82 if (inDataSize > 0) { 83 inData = calloc(1, inDataSize); 84 if (inData == NULL) { 85 LogError("malloc of %u bytes failed.", inDataSize); 86 free(PCRInfo); 87 return TCSERR(TSS_E_OUTOFMEMORY); 88 } 89 90 if (getData(TCSD_PACKET_TYPE_PBYTE, i++, inData, inDataSize, &data->comm)) { 91 free(inData); 92 free(PCRInfo); 93 return TCSERR(TSS_E_INTERNAL_ERROR); 94 } 95 } 96 97 result = getData(TCSD_PACKET_TYPE_AUTH, i++, &pubAuth, 0, &data->comm); 98 if (result == TSS_TCP_RPC_BAD_PACKET_TYPE) 99 pAuth = NULL; 100 else if (result) { 101 free(inData); 102 free(PCRInfo); 103 return result; 104 } else 105 pAuth = &pubAuth; 106 107 MUTEX_LOCK(tcsp_lock); 108 109 result = TCSP_Seal_Internal(sealOrdinal, hContext, keyHandle, KeyUsageAuth, PCRInfoSize, 110 PCRInfo, inDataSize, inData, pAuth, &outDataSize, &outData); 111 112 MUTEX_UNLOCK(tcsp_lock); 113 free(inData); 114 free(PCRInfo); 115 116 if (result == TSS_SUCCESS) { 117 initData(&data->comm, 3); 118 if (pAuth != NULL) { 119 if (setData(TCSD_PACKET_TYPE_AUTH, 0, pAuth, 0, &data->comm)) { 120 free(outData); 121 return TCSERR(TSS_E_INTERNAL_ERROR); 122 } 123 } 124 125 if (setData(TCSD_PACKET_TYPE_UINT32, 1, &outDataSize, 0, &data->comm)) { 126 free(outData); 127 return TCSERR(TSS_E_INTERNAL_ERROR); 128 } 129 if (setData(TCSD_PACKET_TYPE_PBYTE, 2, outData, outDataSize, &data->comm)) { 130 free(outData); 131 return TCSERR(TSS_E_INTERNAL_ERROR); 132 } 133 free(outData); 134 } else 135done: initData(&data->comm, 0); 136 137 data->comm.hdr.u.result = result; 138 139 return TSS_SUCCESS; 140} 141 142TSS_RESULT 143tcs_wrap_Seal(struct tcsd_thread_data *data) 144{ 145 return tcs_common_Seal(TPM_ORD_Seal, data); 146} 147 148#ifdef TSS_BUILD_SEALX 149TSS_RESULT 150tcs_wrap_Sealx(struct tcsd_thread_data *data) 151{ 152 return tcs_common_Seal(TPM_ORD_Sealx, data); 153} 154#endif 155 156TSS_RESULT 157tcs_wrap_UnSeal(struct tcsd_thread_data *data) 158{ 159 TCS_CONTEXT_HANDLE hContext; 160 TCS_KEY_HANDLE parentHandle; 161 UINT32 inDataSize; 162 BYTE *inData; 163 164 TPM_AUTH parentAuth, dataAuth, emptyAuth; 165 TPM_AUTH *pParentAuth, *pDataAuth; 166 167 UINT32 outDataSize; 168 BYTE *outData; 169 TSS_RESULT result; 170 171 memset(&emptyAuth, 0, sizeof(TPM_AUTH)); 172 173 if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) 174 return TCSERR(TSS_E_INTERNAL_ERROR); 175 176 if ((result = ctx_verify_context(hContext))) 177 goto done; 178 179 LogDebugFn("thread %ld context %x", THREAD_ID, hContext); 180 181 if (getData(TCSD_PACKET_TYPE_UINT32, 1, &parentHandle, 0, &data->comm)) 182 return TCSERR(TSS_E_INTERNAL_ERROR); 183 if (getData(TCSD_PACKET_TYPE_UINT32, 2, &inDataSize, 0, &data->comm)) 184 return TCSERR(TSS_E_INTERNAL_ERROR); 185 186 inData = calloc(1, inDataSize); 187 if (inData == NULL) { 188 LogError("malloc of %d bytes failed.", inDataSize); 189 return TCSERR(TSS_E_OUTOFMEMORY); 190 } 191 192 if (getData(TCSD_PACKET_TYPE_PBYTE, 3, inData, inDataSize, &data->comm)) { 193 free(inData); 194 return TCSERR(TSS_E_INTERNAL_ERROR); 195 } 196 197 result = getData(TCSD_PACKET_TYPE_AUTH, 4, &parentAuth, 0, &data->comm); 198 if (result == TSS_TCP_RPC_BAD_PACKET_TYPE) 199 pParentAuth = NULL; 200 else if (result) { 201 free(inData); 202 return result; 203 } else 204 pParentAuth = &parentAuth; 205 206 result = getData(TCSD_PACKET_TYPE_AUTH, 5, &dataAuth, 0, &data->comm); 207 if (result == TSS_TCP_RPC_BAD_PACKET_TYPE) { 208 pDataAuth = pParentAuth; 209 pParentAuth = NULL; 210 } else if (result) { 211 free(inData); 212 return result; 213 } else 214 pDataAuth = &dataAuth; 215 216 MUTEX_LOCK(tcsp_lock); 217 218 result = TCSP_Unseal_Internal(hContext, parentHandle, inDataSize, inData, pParentAuth, 219 pDataAuth, &outDataSize, &outData); 220 221 MUTEX_UNLOCK(tcsp_lock); 222 free(inData); 223 224 if (result == TSS_SUCCESS) { 225 initData(&data->comm, 4); 226 if (pParentAuth != NULL) { 227 if (setData(TCSD_PACKET_TYPE_AUTH, 0, pParentAuth, 0, &data->comm)) { 228 free(outData); 229 return TCSERR(TSS_E_INTERNAL_ERROR); 230 } 231 } else { 232 if (setData(TCSD_PACKET_TYPE_AUTH, 0, &emptyAuth, 0, &data->comm)) { 233 free(outData); 234 return TCSERR(TSS_E_INTERNAL_ERROR); 235 } 236 } 237 238 if (setData(TCSD_PACKET_TYPE_AUTH, 1, &dataAuth, 0, &data->comm)) { 239 free(outData); 240 return TCSERR(TSS_E_INTERNAL_ERROR); 241 } 242 if (setData(TCSD_PACKET_TYPE_UINT32, 2, &outDataSize, 0, &data->comm)) { 243 free(outData); 244 return TCSERR(TSS_E_INTERNAL_ERROR); 245 } 246 if (setData(TCSD_PACKET_TYPE_PBYTE, 3, outData, outDataSize, &data->comm)) { 247 free(outData); 248 return TCSERR(TSS_E_INTERNAL_ERROR); 249 } 250 free(outData); 251 } else 252done: initData(&data->comm, 0); 253 254 data->comm.hdr.u.result = result; 255 256 return TSS_SUCCESS; 257} 258