tcsi_seal.c revision 1.1.1.1.4.2
1 2/* 3 * Licensed Materials - Property of IBM 4 * 5 * trousers - An open source TCG Software Stack 6 * 7 * (C) Copyright International Business Machines Corp. 2004 8 * 9 */ 10 11 12#include <stdlib.h> 13#include <stdio.h> 14#include <string.h> 15#include <inttypes.h> 16 17#include "trousers/tss.h" 18#include "trousers_types.h" 19#include "tcs_tsp.h" 20#include "tcsps.h" 21#include "tcs_utils.h" 22#include "tcs_int_literals.h" 23#include "capabilities.h" 24#include "tcslog.h" 25#include "req_mgr.h" 26#include "tcsd_wrap.h" 27#include "tcsd.h" 28 29TSS_RESULT 30TCSP_Seal_Internal(UINT32 sealOrdinal, /* in */ 31 TCS_CONTEXT_HANDLE hContext, /* in */ 32 TCS_KEY_HANDLE keyHandle, /* in */ 33 TCPA_ENCAUTH encAuth, /* in */ 34 UINT32 pcrInfoSize, /* in */ 35 BYTE * PcrInfo, /* in */ 36 UINT32 inDataSize, /* in */ 37 BYTE * inData, /* in */ 38 TPM_AUTH * pubAuth, /* in, out */ 39 UINT32 * SealedDataSize, /* out */ 40 BYTE ** SealedData) /* out */ 41{ 42 UINT64 offset = 0; 43 TSS_RESULT result; 44 UINT32 paramSize; 45 TCPA_KEY_HANDLE keySlot; 46 BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; 47 48 LogDebug("Entering Seal"); 49 if (!pubAuth) 50 return TCSERR(TSS_E_BAD_PARAMETER); 51 52 if ((result = ctx_verify_context(hContext))) 53 goto done; 54 55 if ((result = auth_mgr_check(hContext, &pubAuth->AuthHandle))) 56 goto done; 57 58 if ((result = ensureKeyIsLoaded(hContext, keyHandle, &keySlot))) 59 goto done; 60 61 /* XXX What's this check for? */ 62 if (keySlot == 0) { 63 result = TCSERR(TSS_E_FAIL); 64 goto done; 65 } 66 67 if ((result = tpm_rqu_build(sealOrdinal, &offset, txBlob, keySlot, encAuth.authdata, 68 pcrInfoSize, PcrInfo, inDataSize, inData, pubAuth))) 69 return result; 70 71 if ((result = req_mgr_submit_req(txBlob))) 72 goto done; 73 74 offset = 10; 75 result = UnloadBlob_Header(txBlob, ¶mSize); 76 77 if (!result) { 78 result = tpm_rsp_parse(sealOrdinal, txBlob, paramSize, SealedDataSize, 79 SealedData, pubAuth); 80 } 81 LogResult("Seal", result); 82done: 83 auth_mgr_release_auth(pubAuth, NULL, hContext); 84 return result; 85} 86 87TSS_RESULT 88TCSP_Unseal_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ 89 TCS_KEY_HANDLE parentHandle, /* in */ 90 UINT32 SealedDataSize, /* in */ 91 BYTE * SealedData, /* in */ 92 TPM_AUTH * parentAuth, /* in, out */ 93 TPM_AUTH * dataAuth, /* in, out */ 94 UINT32 * DataSize, /* out */ 95 BYTE ** Data) /* out */ 96{ 97 UINT64 offset = 0; 98 UINT32 paramSize; 99 TSS_RESULT result; 100 TCPA_KEY_HANDLE keySlot; 101 BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; 102 103 LogDebug("Entering Unseal"); 104 105 if (dataAuth == NULL) 106 return TCSERR(TSS_E_BAD_PARAMETER); 107 108 if ((result = ctx_verify_context(hContext))) 109 goto done; 110 111 if (parentAuth != NULL) { 112 LogDebug("Auth used"); 113 if ((result = auth_mgr_check(hContext, &parentAuth->AuthHandle))) 114 goto done; 115 } else { 116 LogDebug("No Auth"); 117 } 118 119 if ((result = auth_mgr_check(hContext, &dataAuth->AuthHandle))) 120 goto done; 121 122 if ((result = ensureKeyIsLoaded(hContext, parentHandle, &keySlot))) 123 goto done; 124 125 /* XXX What's this check for? */ 126 if (keySlot == 0) { 127 result = TCSERR(TSS_E_FAIL); 128 goto done; 129 } 130 131 if ((result = tpm_rqu_build(TPM_ORD_Unseal, &offset, txBlob, keySlot, SealedDataSize, 132 SealedData, parentAuth, dataAuth))) 133 return result; 134 135 if ((result = req_mgr_submit_req(txBlob))) 136 goto done; 137 138 offset = 10; 139 result = UnloadBlob_Header(txBlob, ¶mSize); 140 141 if (!result) { 142 result = tpm_rsp_parse(TPM_ORD_Unseal, txBlob, paramSize, DataSize, Data, 143 parentAuth, dataAuth); 144 } 145 LogResult("Unseal", result); 146done: 147 auth_mgr_release_auth(parentAuth, dataAuth, hContext); 148 return result; 149} 150