1 2/* 3 * Licensed Materials - Property of IBM 4 * 5 * trousers - An open source TCG Software Stack 6 * 7 * (C) Copyright International Business Machines Corp. 2004 8 * 9 */ 10 11 12#include <stdlib.h> 13#include <stdio.h> 14#include <string.h> 15#include <inttypes.h> 16 17#include "trousers/tss.h" 18#include "trousers_types.h" 19#include "tcs_tsp.h" 20#include "tcsps.h" 21#include "tcs_utils.h" 22#include "tcs_int_literals.h" 23#include "capabilities.h" 24#include "tcslog.h" 25#include "req_mgr.h" 26#include "tcsd_wrap.h" 27#include "tcsd.h" 28 29TSS_RESULT 30TCSP_CreateMigrationBlob_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ 31 TCS_KEY_HANDLE parentHandle, /* in */ 32 TSS_MIGRATE_SCHEME migrationType, /* in */ 33 UINT32 MigrationKeyAuthSize, /* in */ 34 BYTE * MigrationKeyAuth, /* in */ 35 UINT32 encDataSize, /* in */ 36 BYTE * encData, /* in */ 37 TPM_AUTH * parentAuth, /* in, out */ 38 TPM_AUTH * entityAuth, /* in, out */ 39 UINT32 * randomSize, /* out */ 40 BYTE ** random, /* out */ 41 UINT32 * outDataSize, /* out */ 42 BYTE ** outData) /* out */ 43{ 44 UINT64 offset = 0; 45 UINT32 paramSize; 46 TSS_RESULT result; 47 TCPA_KEY_HANDLE keyHandle; 48 BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; 49 50 LogDebug("Entering TPM_CreateMigrationBlob"); 51 52 if ((result = ctx_verify_context(hContext))) 53 goto done; 54 55 if (parentAuth != NULL) { 56 if ((result = auth_mgr_check(hContext, &parentAuth->AuthHandle))) 57 goto done; 58 } 59 60 if ((result = auth_mgr_check(hContext, &entityAuth->AuthHandle))) 61 goto done; 62 63 if ((result = ensureKeyIsLoaded(hContext, parentHandle, &keyHandle))) 64 goto done; 65 66 switch (migrationType) { 67 case TSS_MS_MIGRATE: 68 migrationType = TCPA_MS_MIGRATE; 69 break; 70 case TSS_MS_REWRAP: 71 migrationType = TCPA_MS_REWRAP; 72 break; 73 case TSS_MS_MAINT: 74 migrationType = TCPA_MS_MAINT; 75 break; 76 default: 77 /* Let the TPM return an error */ 78 break; 79 } 80 81 if ((result = tpm_rqu_build(TPM_ORD_CreateMigrationBlob, &offset, txBlob, keyHandle, 82 migrationType, MigrationKeyAuthSize, MigrationKeyAuth, 83 encDataSize, encData, parentAuth, entityAuth))) 84 return result; 85 86 if ((result = req_mgr_submit_req(txBlob))) 87 goto done; 88 89 result = UnloadBlob_Header(txBlob, ¶mSize); 90 if (result == TSS_SUCCESS) { 91 result = tpm_rsp_parse(TPM_ORD_CreateMigrationBlob, txBlob, paramSize, randomSize, 92 random, outDataSize, outData, parentAuth, entityAuth); 93 } 94 LogResult("TPM_CreateMigrationBlob", result); 95 96done: 97 auth_mgr_release_auth(entityAuth, parentAuth, hContext); 98 return result; 99} 100 101TSS_RESULT 102TCSP_ConvertMigrationBlob_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ 103 TCS_KEY_HANDLE parentHandle, /* in */ 104 UINT32 inDataSize, /* in */ 105 BYTE * inData, /* in */ 106 UINT32 randomSize, /* in */ 107 BYTE * random, /* in */ 108 TPM_AUTH * parentAuth, /* in, out */ 109 UINT32 * outDataSize, /* out */ 110 BYTE ** outData) /* out */ 111{ 112 TSS_RESULT result; 113 UINT32 paramSize; 114 UINT64 offset = 0; 115 TCPA_KEY_HANDLE keySlot; 116 BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; 117 118 LogDebug("ConvertMigBlob"); 119 if ((result = ctx_verify_context(hContext))) 120 goto done; 121 122 if (parentAuth != NULL) { 123 LogDebug("Auth Used"); 124 if ((result = auth_mgr_check(hContext, &parentAuth->AuthHandle))) 125 goto done; 126 } else { 127 LogDebug("No Auth"); 128 } 129 if ((result = ensureKeyIsLoaded(hContext, parentHandle, &keySlot))) 130 goto done; 131 132 if ((result = tpm_rqu_build(TPM_ORD_ConvertMigrationBlob, &offset, txBlob, keySlot, 133 inDataSize, inData, randomSize, random, parentAuth))) 134 return result; 135 136 if ((result = req_mgr_submit_req(txBlob))) 137 goto done; 138 139 offset = 10; 140 result = UnloadBlob_Header(txBlob, ¶mSize); 141 142 if (!result) { 143 result = tpm_rsp_parse(TPM_ORD_ConvertMigrationBlob, txBlob, paramSize, outDataSize, 144 outData, parentAuth, NULL); 145 } 146 LogResult("***Leaving ConvertMigrationBlob with result ", result); 147done: 148 auth_mgr_release_auth(parentAuth, NULL, hContext); 149 return result; 150} 151 152TSS_RESULT 153TCSP_AuthorizeMigrationKey_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ 154 TSS_MIGRATE_SCHEME migrateScheme, /* in */ 155 UINT32 MigrationKeySize, /* in */ 156 BYTE * MigrationKey, /* in */ 157 TPM_AUTH * ownerAuth, /* in, out */ 158 UINT32 * MigrationKeyAuthSize, /* out */ 159 BYTE ** MigrationKeyAuth) /* out */ 160{ 161 162 TSS_RESULT result; 163 UINT32 paramSize; 164 UINT64 offset = 0; 165 //TCPA_MIGRATIONKEYAUTH container; 166 BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; 167 168 LogDebug("TCSP_AuthorizeMigrationKey"); 169 if ((result = ctx_verify_context(hContext))) 170 goto done; 171 172 if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) 173 goto done; 174 175 switch (migrateScheme) { 176 case TSS_MS_MIGRATE: 177 migrateScheme = TCPA_MS_MIGRATE; 178 break; 179 case TSS_MS_REWRAP: 180 migrateScheme = TCPA_MS_REWRAP; 181 break; 182 case TSS_MS_MAINT: 183 migrateScheme = TCPA_MS_MAINT; 184 break; 185#ifdef TSS_BUILD_CMK 186 case TSS_MS_RESTRICT_MIGRATE: 187 migrateScheme = TPM_MS_RESTRICT_MIGRATE; 188 break; 189 190 case TSS_MS_RESTRICT_APPROVE_DOUBLE: 191 migrateScheme = TPM_MS_RESTRICT_APPROVE_DOUBLE; 192 break; 193#endif 194 default: 195 /* Let the TPM return an error */ 196 break; 197 } 198 199 if ((result = tpm_rqu_build(TPM_ORD_AuthorizeMigrationKey, &offset, txBlob, migrateScheme, 200 MigrationKeySize, MigrationKey, ownerAuth))) 201 return result; 202 203 if ((result = req_mgr_submit_req(txBlob))) 204 goto done; 205 206 result = UnloadBlob_Header(txBlob, ¶mSize); 207 if (!result) { 208 result = tpm_rsp_parse(TPM_ORD_AuthorizeMigrationKey, txBlob, paramSize, 209 MigrationKeyAuthSize, MigrationKeyAuth, ownerAuth); 210 } 211 LogDebugFn("TPM_AuthorizeMigrationKey result: 0x%x", result); 212done: 213 auth_mgr_release_auth(ownerAuth, NULL, hContext); 214 return result; 215 216} 217 218