tcsi_seal.c revision 1.1.1.1.4.2 
1
2/*
3 * Licensed Materials - Property of IBM
4 *
5 * trousers - An open source TCG Software Stack
6 *
7 * (C) Copyright International Business Machines Corp. 2004
8 *
9 */
10
11
12#include <stdlib.h>
13#include <stdio.h>
14#include <string.h>
15#include <inttypes.h>
16
17#include "trousers/tss.h"
18#include "trousers_types.h"
19#include "tcs_tsp.h"
20#include "tcsps.h"
21#include "tcs_utils.h"
22#include "tcs_int_literals.h"
23#include "capabilities.h"
24#include "tcslog.h"
25#include "req_mgr.h"
26#include "tcsd_wrap.h"
27#include "tcsd.h"
28
29TSS_RESULT
30TCSP_Seal_Internal(UINT32 sealOrdinal,		/* in */
31		   TCS_CONTEXT_HANDLE hContext,	/* in */
32		   TCS_KEY_HANDLE keyHandle,	/* in */
33		   TCPA_ENCAUTH encAuth,	/* in */
34		   UINT32 pcrInfoSize,	/* in */
35		   BYTE * PcrInfo,	/* in */
36		   UINT32 inDataSize,	/* in */
37		   BYTE * inData,	/* in */
38		   TPM_AUTH * pubAuth,	/* in, out */
39		   UINT32 * SealedDataSize,	/* out */
40		   BYTE ** SealedData)	/* out */
41{
42	UINT64 offset = 0;
43	TSS_RESULT result;
44	UINT32 paramSize;
45	TCPA_KEY_HANDLE keySlot;
46	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
47
48	LogDebug("Entering Seal");
49	if (!pubAuth)
50		return TCSERR(TSS_E_BAD_PARAMETER);
51
52	if ((result = ctx_verify_context(hContext)))
53		goto done;
54
55	if ((result = auth_mgr_check(hContext, &pubAuth->AuthHandle)))
56		goto done;
57
58	if ((result = ensureKeyIsLoaded(hContext, keyHandle, &keySlot)))
59		goto done;
60
61	/* XXX What's this check for? */
62	if (keySlot == 0) {
63		result = TCSERR(TSS_E_FAIL);
64		goto done;
65	}
66
67	if ((result = tpm_rqu_build(sealOrdinal, &offset, txBlob, keySlot, encAuth.authdata,
68				    pcrInfoSize, PcrInfo, inDataSize, inData, pubAuth)))
69		return result;
70
71	if ((result = req_mgr_submit_req(txBlob)))
72		goto done;
73
74	offset = 10;
75	result = UnloadBlob_Header(txBlob, &paramSize);
76
77	if (!result) {
78		result = tpm_rsp_parse(sealOrdinal, txBlob, paramSize, SealedDataSize,
79				       SealedData, pubAuth);
80	}
81	LogResult("Seal", result);
82done:
83	auth_mgr_release_auth(pubAuth, NULL, hContext);
84	return result;
85}
86
87TSS_RESULT
88TCSP_Unseal_Internal(TCS_CONTEXT_HANDLE hContext,	/* in */
89		     TCS_KEY_HANDLE parentHandle,	/* in */
90		     UINT32 SealedDataSize,	/* in */
91		     BYTE * SealedData,	/* in */
92		     TPM_AUTH * parentAuth,	/* in, out */
93		     TPM_AUTH * dataAuth,	/* in, out */
94		     UINT32 * DataSize,	/* out */
95		     BYTE ** Data)	/* out */
96{
97	UINT64 offset = 0;
98	UINT32 paramSize;
99	TSS_RESULT result;
100	TCPA_KEY_HANDLE keySlot;
101	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
102
103	LogDebug("Entering Unseal");
104
105	if (dataAuth == NULL)
106		return TCSERR(TSS_E_BAD_PARAMETER);
107
108	if ((result = ctx_verify_context(hContext)))
109		goto done;
110
111	if (parentAuth != NULL) {
112		LogDebug("Auth used");
113		if ((result = auth_mgr_check(hContext, &parentAuth->AuthHandle)))
114			goto done;
115	} else {
116		LogDebug("No Auth");
117	}
118
119	if ((result = auth_mgr_check(hContext, &dataAuth->AuthHandle)))
120		goto done;
121
122	if ((result = ensureKeyIsLoaded(hContext, parentHandle, &keySlot)))
123		goto done;
124
125	/* XXX What's this check for? */
126	if (keySlot == 0) {
127		result = TCSERR(TSS_E_FAIL);
128		goto done;
129	}
130
131	if ((result = tpm_rqu_build(TPM_ORD_Unseal, &offset, txBlob, keySlot, SealedDataSize,
132				    SealedData, parentAuth, dataAuth)))
133		return result;
134
135	if ((result = req_mgr_submit_req(txBlob)))
136		goto done;
137
138	offset = 10;
139	result = UnloadBlob_Header(txBlob, &paramSize);
140
141	if (!result) {
142		result = tpm_rsp_parse(TPM_ORD_Unseal, txBlob, paramSize, DataSize, Data,
143				       parentAuth, dataAuth);
144	}
145	LogResult("Unseal", result);
146done:
147	auth_mgr_release_auth(parentAuth, dataAuth, hContext);
148	return result;
149}
150