1 2/* 3 * Licensed Materials - Property of IBM 4 * 5 * trousers - An open source TCG Software Stack 6 * 7 * (C) Copyright International Business Machines Corp. 2004-2006 8 * 9 */ 10 11 12#include <stdlib.h> 13#include <stdio.h> 14#include <string.h> 15#include <unistd.h> 16#include <sys/types.h> 17#include <sys/mman.h> 18#include <errno.h> 19 20#include "trousers/tss.h" 21#include "trousers/trousers.h" 22#include "trousers_types.h" 23#include "trousers_types.h" 24#include "spi_utils.h" 25#include "capabilities.h" 26#include "tsplog.h" 27#include "obj.h" 28 29 30TSS_UUID NULL_UUID = { 0, 0, 0, 0, 0, { 0, 0, 0, 0, 0, 0 } }; 31 32TSS_VERSION VERSION_1_1 = { 1, 1, 0, 0 }; 33 34struct tcs_api_table tcs_normal_api = { 35#ifdef TSS_BUILD_KEY 36 .LoadKeyByBlob = RPC_LoadKeyByBlob, 37 .EvictKey = RPC_EvictKey, 38 .CreateWrapKey = RPC_CreateWrapKey, 39 .GetPubKey = RPC_GetPubKey, 40#ifdef TSS_BUILD_TSS12 41 .OwnerReadInternalPub = RPC_OwnerReadInternalPub, 42#endif 43#ifdef TSS_BUILD_CERTIFY 44 .CertifyKey = RPC_CertifyKey, 45#endif 46#endif 47#ifdef TSS_BUILD_OWN 48 .OwnerClear = RPC_OwnerClear, 49 .ForceClear = RPC_ForceClear, 50#endif 51#ifdef TSS_BUILD_AUTH 52 .TerminateHandle = RPC_TerminateHandle, 53 .OIAP = RPC_OIAP, 54 .OSAP = RPC_OSAP, 55#endif 56#ifdef TSS_BUILD_CHANGEAUTH 57 .ChangeAuth = RPC_ChangeAuth, 58 .ChangeAuthOwner = RPC_ChangeAuthOwner, 59 .ChangeAuthAsymStart = RPC_ChangeAuthAsymStart, 60 .ChangeAuthAsymFinish = RPC_ChangeAuthAsymFinish, 61#endif 62#ifdef TSS_BUILD_AIK 63 .ActivateTPMIdentity = RPC_ActivateTPMIdentity, 64#endif 65#ifdef TSS_BUILD_PCR_EXTEND 66 .Extend = RPC_Extend, 67 .PcrRead = RPC_PcrRead, 68 .PcrReset = RPC_PcrReset, 69#endif 70#ifdef TSS_BUILD_QUOTE 71 .Quote = RPC_Quote, 72#endif 73#ifdef TSS_BUILD_QUOTE2 74 .Quote2 = RPC_Quote2, 75#endif 76#ifdef TSS_BUILD_DIR 77 .DirWriteAuth = RPC_DirWriteAuth, 78 .DirRead = RPC_DirRead, 79#endif 80#ifdef TSS_BUILD_SEAL 81 .Seal = RPC_Seal, 82 .Unseal = RPC_Unseal, 83#ifdef TSS_BUILD_SEALX 84 .Sealx = RPC_Sealx, 85#endif 86#endif 87#ifdef TSS_BUILD_BIND 88 .UnBind = RPC_UnBind, 89#endif 90#ifdef TSS_BUILD_MIGRATION 91 .CreateMigrationBlob = RPC_CreateMigrationBlob, 92 .ConvertMigrationBlob = RPC_ConvertMigrationBlob, 93 .AuthorizeMigrationKey = RPC_AuthorizeMigrationKey, 94#endif 95#ifdef TSS_BUILD_SIGN 96 .Sign = RPC_Sign, 97#endif 98#ifdef TSS_BUILD_RANDOM 99 .GetRandom = RPC_GetRandom, 100 .StirRandom = RPC_StirRandom, 101#endif 102#ifdef TSS_BUILD_CAPS_TPM 103 .GetTPMCapability = RPC_GetTPMCapability, 104 .SetCapability = RPC_SetCapability, 105 .GetCapabilityOwner = RPC_GetCapabilityOwner, 106#endif 107#ifdef TSS_BUILD_EK 108 .CreateEndorsementKeyPair = RPC_CreateEndorsementKeyPair, 109 .ReadPubek = RPC_ReadPubek, 110 .OwnerReadPubek = RPC_OwnerReadPubek, 111#endif 112#ifdef TSS_BUILD_SELFTEST 113 .SelfTestFull = RPC_SelfTestFull, 114 .CertifySelfTest = RPC_CertifySelfTest, 115 .GetTestResult = RPC_GetTestResult, 116#endif 117#ifdef TSS_BUILD_ADMIN 118 .SetOwnerInstall = RPC_SetOwnerInstall, 119 .DisablePubekRead = RPC_DisablePubekRead, 120 .OwnerSetDisable = RPC_OwnerSetDisable, 121 .DisableOwnerClear = RPC_DisableOwnerClear, 122 .DisableForceClear = RPC_DisableForceClear, 123 .PhysicalDisable = RPC_PhysicalDisable, 124 .PhysicalEnable = RPC_PhysicalEnable, 125 .PhysicalSetDeactivated = RPC_PhysicalSetDeactivated, 126 .PhysicalPresence = RPC_PhysicalPresence, 127 .SetTempDeactivated = RPC_SetTempDeactivated, 128#ifdef TSS_BUILD_TSS12 129 .SetTempDeactivated2 = RPC_SetTempDeactivated2, 130 .ResetLockValue = RPC_ResetLockValue, 131#endif 132#endif 133#ifdef TSS_BUILD_MAINT 134 .CreateMaintenanceArchive = RPC_CreateMaintenanceArchive, 135 .LoadMaintenanceArchive = RPC_LoadMaintenanceArchive, 136 .KillMaintenanceFeature = RPC_KillMaintenanceFeature, 137 .LoadManuMaintPub = RPC_LoadManuMaintPub, 138 .ReadManuMaintPub = RPC_ReadManuMaintPub, 139#endif 140#ifdef TSS_BUILD_DAA 141 .DaaJoin = RPC_DaaJoin, 142 .DaaSign = RPC_DaaSign, 143#endif 144#ifdef TSS_BUILD_COUNTER 145 .ReadCounter = RPC_ReadCounter, 146 .CreateCounter = RPC_CreateCounter, 147 .IncrementCounter = RPC_IncrementCounter, 148 .ReleaseCounter = RPC_ReleaseCounter, 149 .ReleaseCounterOwner = RPC_ReleaseCounterOwner, 150#endif 151#ifdef TSS_BUILD_TICK 152 .ReadCurrentTicks = RPC_ReadCurrentTicks, 153 .TickStampBlob = RPC_TickStampBlob, 154#endif 155#ifdef TSS_BUILD_NV 156 .NV_DefineOrReleaseSpace = RPC_NV_DefineOrReleaseSpace, 157 .NV_WriteValue = RPC_NV_WriteValue, 158 .NV_WriteValueAuth = RPC_NV_WriteValueAuth, 159 .NV_ReadValue = RPC_NV_ReadValue, 160 .NV_ReadValueAuth = RPC_NV_ReadValueAuth, 161#endif 162#ifdef TSS_BUILD_AUDIT 163 .SetOrdinalAuditStatus = RPC_SetOrdinalAuditStatus, 164 .GetAuditDigest = RPC_GetAuditDigest, 165 .GetAuditDigestSigned = RPC_GetAuditDigestSigned, 166#endif 167#ifdef TSS_BUILD_TSS12 168 .SetOperatorAuth = RPC_SetOperatorAuth, 169 .FlushSpecific = RPC_FlushSpecific, 170#endif 171#ifdef TSS_BUILD_DELEGATION 172 .Delegate_Manage = RPC_Delegate_Manage, 173 .Delegate_CreateKeyDelegation = RPC_Delegate_CreateKeyDelegation, 174 .Delegate_CreateOwnerDelegation = RPC_Delegate_CreateOwnerDelegation, 175 .Delegate_LoadOwnerDelegation = RPC_Delegate_LoadOwnerDelegation, 176 .Delegate_ReadTable = RPC_Delegate_ReadTable, 177 .Delegate_UpdateVerificationCount = RPC_Delegate_UpdateVerificationCount, 178 .Delegate_VerifyDelegation = RPC_Delegate_VerifyDelegation, 179 .DSAP = RPC_DSAP, 180#endif 181 .FieldUpgrade = RPC_FieldUpgrade, 182 .SetRedirection = RPC_SetRedirection, 183}; 184 185#ifdef TSS_BUILD_TRANSPORT 186struct tcs_api_table tcs_transport_api = { 187#ifdef TSS_BUILD_KEY 188 .LoadKeyByBlob = Transport_LoadKeyByBlob, 189 .EvictKey = Transport_EvictKey, 190 .CreateWrapKey = Transport_CreateWrapKey, 191 .GetPubKey = Transport_GetPubKey, 192#ifdef TSS_BUILD_TSS12 193 .OwnerReadInternalPub = Transport_OwnerReadInternalPub, 194#endif 195#ifdef TSS_BUILD_CERTIFY 196 .CertifyKey = Transport_CertifyKey, 197#endif 198#endif 199#ifdef TSS_BUILD_OWN 200 .OwnerClear = Transport_OwnerClear, 201 .ForceClear = Transport_ForceClear, 202#endif 203#ifdef TSS_BUILD_AUTH 204 .OIAP = Transport_OIAP, 205 .OSAP = Transport_OSAP, 206 .TerminateHandle = Transport_TerminateHandle, 207#endif 208#ifdef TSS_BUILD_CHANGEAUTH 209 .ChangeAuth = Transport_ChangeAuth, 210 .ChangeAuthOwner = Transport_ChangeAuthOwner, 211 .ChangeAuthAsymStart = RPC_ChangeAuthAsymStart, 212 .ChangeAuthAsymFinish = RPC_ChangeAuthAsymFinish, 213#endif 214#ifdef TSS_BUILD_AIK 215 .ActivateTPMIdentity = Transport_ActivateTPMIdentity, 216#endif 217#ifdef TSS_BUILD_PCR_EXTEND 218 .Extend = Transport_Extend, 219 .PcrRead = Transport_PcrRead, 220 .PcrReset = Transport_PcrReset, 221#endif 222#ifdef TSS_BUILD_QUOTE 223 .Quote = Transport_Quote, 224#endif 225#ifdef TSS_BUILD_QUOTE2 226 .Quote2 = Transport_Quote2, 227#endif 228#ifdef TSS_BUILD_DIR 229 .DirWriteAuth = Transport_DirWriteAuth, 230 .DirRead = Transport_DirRead, 231#endif 232#ifdef TSS_BUILD_SEAL 233 .Seal = Transport_Seal, 234 .Sealx = Transport_Sealx, 235 .Unseal = Transport_Unseal, 236#endif 237#ifdef TSS_BUILD_BIND 238 .UnBind = Transport_UnBind, 239#endif 240#ifdef TSS_BUILD_MIGRATION 241 .CreateMigrationBlob = Transport_CreateMigrationBlob, 242 .ConvertMigrationBlob = Transport_ConvertMigrationBlob, 243 .AuthorizeMigrationKey = Transport_AuthorizeMigrationKey, 244#endif 245#ifdef TSS_BUILD_SIGN 246 .Sign = Transport_Sign, 247#endif 248#ifdef TSS_BUILD_RANDOM 249 .GetRandom = Transport_GetRandom, 250 .StirRandom = Transport_StirRandom, 251#endif 252#ifdef TSS_BUILD_CAPS_TPM 253 .GetTPMCapability = Transport_GetTPMCapability, 254 .SetCapability = Transport_SetCapability, 255 .GetCapabilityOwner = Transport_GetCapabilityOwner, 256#endif 257#ifdef TSS_BUILD_EK 258 .ReadPubek = RPC_ReadPubek, 259 .OwnerReadPubek = RPC_OwnerReadPubek, 260#endif 261#ifdef TSS_BUILD_SELFTEST 262 .SelfTestFull = Transport_SelfTestFull, 263 .CertifySelfTest = Transport_CertifySelfTest, 264 .GetTestResult = Transport_GetTestResult, 265#endif 266#ifdef TSS_BUILD_ADMIN 267 .SetOwnerInstall = Transport_SetOwnerInstall, 268 .DisablePubekRead = Transport_DisablePubekRead, 269 .OwnerSetDisable = Transport_OwnerSetDisable, 270 .ResetLockValue = Transport_ResetLockValue, 271 .DisableOwnerClear = Transport_DisableOwnerClear, 272 .DisableForceClear = Transport_DisableForceClear, 273 .PhysicalDisable = Transport_PhysicalDisable, 274 .PhysicalEnable = Transport_PhysicalEnable, 275 .PhysicalSetDeactivated = Transport_PhysicalSetDeactivated, 276 .PhysicalPresence = Transport_PhysicalPresence, 277 .SetTempDeactivated = Transport_SetTempDeactivated, 278 .SetTempDeactivated2 = Transport_SetTempDeactivated2, 279#endif 280#ifdef TSS_BUILD_MAINT 281 .CreateMaintenanceArchive = Transport_CreateMaintenanceArchive, 282 .LoadMaintenanceArchive = Transport_LoadMaintenanceArchive, 283 .KillMaintenanceFeature = Transport_KillMaintenanceFeature, 284 .LoadManuMaintPub = Transport_LoadManuMaintPub, 285 .ReadManuMaintPub = Transport_ReadManuMaintPub, 286#endif 287#ifdef TSS_BUILD_DAA 288 .DaaJoin = RPC_DaaJoin, 289 .DaaSign = RPC_DaaSign, 290#endif 291#ifdef TSS_BUILD_COUNTER 292 .ReadCounter = Transport_ReadCounter, 293 .CreateCounter = RPC_CreateCounter, 294 .IncrementCounter = RPC_IncrementCounter, 295 .ReleaseCounter = RPC_ReleaseCounter, 296 .ReleaseCounterOwner = RPC_ReleaseCounterOwner, 297#endif 298#ifdef TSS_BUILD_TICK 299 .ReadCurrentTicks = Transport_ReadCurrentTicks, 300 .TickStampBlob = Transport_TickStampBlob, 301#endif 302#ifdef TSS_BUILD_NV 303 .NV_DefineOrReleaseSpace = Transport_NV_DefineOrReleaseSpace, 304 .NV_WriteValue = Transport_NV_WriteValue, 305 .NV_WriteValueAuth = Transport_NV_WriteValueAuth, 306 .NV_ReadValue = Transport_NV_ReadValue, 307 .NV_ReadValueAuth = Transport_NV_ReadValueAuth, 308#endif 309#ifdef TSS_BUILD_AUDIT 310 .SetOrdinalAuditStatus = Transport_SetOrdinalAuditStatus, 311 .GetAuditDigest = Transport_GetAuditDigest, 312 .GetAuditDigestSigned = Transport_GetAuditDigestSigned, 313#endif 314#ifdef TSS_BUILD_TSS12 315 .SetOperatorAuth = Transport_SetOperatorAuth, 316 .FlushSpecific = Transport_FlushSpecific, 317#endif 318#ifdef TSS_BUILD_DELEGATION 319 .Delegate_Manage = Transport_Delegate_Manage, 320 .Delegate_CreateKeyDelegation = Transport_Delegate_CreateKeyDelegation, 321 .Delegate_CreateOwnerDelegation = Transport_Delegate_CreateOwnerDelegation, 322 .Delegate_LoadOwnerDelegation = Transport_Delegate_LoadOwnerDelegation, 323 .Delegate_ReadTable = Transport_Delegate_ReadTable, 324 .Delegate_UpdateVerificationCount = Transport_Delegate_UpdateVerificationCount, 325 .Delegate_VerifyDelegation = Transport_Delegate_VerifyDelegation, 326 .DSAP = Transport_DSAP, 327#endif 328 .FieldUpgrade = RPC_FieldUpgrade, 329 .SetRedirection = RPC_SetRedirection, 330}; 331#endif 332 333UINT16 334Decode_UINT16(BYTE * in) 335{ 336 UINT16 temp = 0; 337 temp = (in[1] & 0xFF); 338 temp |= (in[0] << 8); 339 return temp; 340} 341 342void 343UINT32ToArray(UINT32 i, BYTE * out) 344{ 345 out[0] = (BYTE) ((i >> 24) & 0xFF); 346 out[1] = (BYTE) ((i >> 16) & 0xFF); 347 out[2] = (BYTE) ((i >> 8) & 0xFF); 348 out[3] = (BYTE) i & 0xFF; 349} 350 351void 352UINT64ToArray(UINT64 i, BYTE *out) 353{ 354 out[0] = (BYTE) ((i >> 56) & 0xFF); 355 out[1] = (BYTE) ((i >> 48) & 0xFF); 356 out[2] = (BYTE) ((i >> 40) & 0xFF); 357 out[3] = (BYTE) ((i >> 32) & 0xFF); 358 out[4] = (BYTE) ((i >> 24) & 0xFF); 359 out[5] = (BYTE) ((i >> 16) & 0xFF); 360 out[6] = (BYTE) ((i >> 8) & 0xFF); 361 out[7] = (BYTE) i & 0xFF; 362} 363 364void 365UINT16ToArray(UINT16 i, BYTE * out) 366{ 367 out[0] = ((i >> 8) & 0xFF); 368 out[1] = i & 0xFF; 369} 370 371UINT64 372Decode_UINT64(BYTE *y) 373{ 374 UINT64 x = 0; 375 376 x = y[0]; 377 x = ((x << 8) | (y[1] & 0xFF)); 378 x = ((x << 8) | (y[2] & 0xFF)); 379 x = ((x << 8) | (y[3] & 0xFF)); 380 x = ((x << 8) | (y[4] & 0xFF)); 381 x = ((x << 8) | (y[5] & 0xFF)); 382 x = ((x << 8) | (y[6] & 0xFF)); 383 x = ((x << 8) | (y[7] & 0xFF)); 384 385 return x; 386} 387 388UINT32 389Decode_UINT32(BYTE * y) 390{ 391 UINT32 x = 0; 392 393 x = y[0]; 394 x = ((x << 8) | (y[1] & 0xFF)); 395 x = ((x << 8) | (y[2] & 0xFF)); 396 x = ((x << 8) | (y[3] & 0xFF)); 397 398 return x; 399} 400 401UINT32 402get_pcr_event_size(TSS_PCR_EVENT *e) 403{ 404 return (sizeof(TSS_PCR_EVENT) + e->ulEventLength + e->ulPcrValueLength); 405} 406 407void 408LoadBlob_AUTH(UINT64 *offset, BYTE *blob, TPM_AUTH *auth) 409{ 410 Trspi_LoadBlob_UINT32(offset, auth->AuthHandle, blob); 411 Trspi_LoadBlob(offset, 20, blob, auth->NonceOdd.nonce); 412 Trspi_LoadBlob_BOOL(offset, auth->fContinueAuthSession, blob); 413 Trspi_LoadBlob(offset, 20, blob, (BYTE *)&auth->HMAC); 414} 415 416void 417UnloadBlob_AUTH(UINT64 *offset, BYTE *blob, TPM_AUTH *auth) 418{ 419 Trspi_UnloadBlob(offset, 20, blob, auth->NonceEven.nonce); 420 Trspi_UnloadBlob_BOOL(offset, &auth->fContinueAuthSession, blob); 421 Trspi_UnloadBlob(offset, 20, blob, (BYTE *)&auth->HMAC); 422} 423 424/* If alloc is true, we allocate a new buffer for the bytes and set *data to that. 425 * If alloc is false, data is really a BYTE*, so write the bytes directly to that buffer */ 426TSS_RESULT 427get_local_random(TSS_HCONTEXT tspContext, TSS_BOOL alloc, UINT32 size, BYTE **data) 428{ 429 FILE *f = NULL; 430 BYTE *buf = NULL; 431 432 f = fopen(TSS_LOCAL_RANDOM_DEVICE, "r"); 433 if (f == NULL) { 434 LogError("open of %s failed: %s", TSS_LOCAL_RANDOM_DEVICE, strerror(errno)); 435 return TSPERR(TSS_E_INTERNAL_ERROR); 436 } 437 438 if (alloc) { 439 buf = calloc_tspi(tspContext, size); 440 if (buf == NULL) { 441 LogError("malloc of %u bytes failed", size); 442 fclose(f); 443 return TSPERR(TSS_E_OUTOFMEMORY); 444 } 445 } else 446 buf = (BYTE *)data; 447 448 if (fread(buf, size, 1, f) == 0) { 449 LogError("fread of %s failed: %s", TSS_LOCAL_RANDOM_DEVICE, strerror(errno)); 450 fclose(f); 451 return TSPERR(TSS_E_INTERNAL_ERROR); 452 } 453 454 if (alloc) 455 *data = buf; 456 fclose(f); 457 458 return TSS_SUCCESS; 459} 460