diff options
author | kaf24@firebug.cl.cam.ac.uk <kaf24@firebug.cl.cam.ac.uk> | 2005-11-30 12:07:28 +0100 |
---|---|---|
committer | kaf24@firebug.cl.cam.ac.uk <kaf24@firebug.cl.cam.ac.uk> | 2005-11-30 12:07:28 +0100 |
commit | 4b3fd3a9f3bee6ea545ba0e55bac893122fe6e7f (patch) | |
tree | 3d9461f819c2afdc43252e32bd1532d508bd43c2 /tools/vtpm_manager | |
parent | af9e4ad732f8e22c97af97aa1c5243eb6690b18f (diff) | |
download | xen-4b3fd3a9f3bee6ea545ba0e55bac893122fe6e7f.tar.gz xen-4b3fd3a9f3bee6ea545ba0e55bac893122fe6e7f.tar.bz2 xen-4b3fd3a9f3bee6ea545ba0e55bac893122fe6e7f.zip |
Removes the carriage returns from some of the vtpm
source files that were edited in windows at some point.
Signed-off-by: Vinnie Scarlata <vincent.r.scarlata@intel.com>
Diffstat (limited to 'tools/vtpm_manager')
-rw-r--r-- | tools/vtpm_manager/crypto/Makefile | 38 | ||||
-rw-r--r-- | tools/vtpm_manager/manager/Makefile | 54 | ||||
-rw-r--r-- | tools/vtpm_manager/manager/tpmpassthrough.c | 220 | ||||
-rw-r--r-- | tools/vtpm_manager/manager/vtpm_manager.h | 274 | ||||
-rw-r--r-- | tools/vtpm_manager/manager/vtpmd.c | 268 | ||||
-rw-r--r-- | tools/vtpm_manager/manager/vtpmpriv.h | 302 | ||||
-rw-r--r-- | tools/vtpm_manager/manager/vtsp.c | 1620 | ||||
-rw-r--r-- | tools/vtpm_manager/manager/vtsp.h | 204 | ||||
-rw-r--r-- | tools/vtpm_manager/util/Makefile | 38 | ||||
-rw-r--r-- | tools/vtpm_manager/util/depend | 7 |
10 files changed, 1509 insertions, 1516 deletions
diff --git a/tools/vtpm_manager/crypto/Makefile b/tools/vtpm_manager/crypto/Makefile index cb5f65806a..160fce812e 100644 --- a/tools/vtpm_manager/crypto/Makefile +++ b/tools/vtpm_manager/crypto/Makefile @@ -1,19 +1,19 @@ -XEN_ROOT = ../../..
-include $(XEN_ROOT)/tools/vtpm_manager/Rules.mk
-
-BIN = libtcpaCrypto.a
-
-all: build
-
-build: $(BIN)
-
-install: build
-
-clean:
- rm -f *.a *.so *.o *.rpm $(DEP_FILES)
-
-mrproper: clean
- rm -f *~
-
-$(BIN): $(OBJS)
- $(AR) rcs $(BIN) $(OBJS)
+XEN_ROOT = ../../.. +include $(XEN_ROOT)/tools/vtpm_manager/Rules.mk + +BIN = libtcpaCrypto.a + +all: build + +build: $(BIN) + +install: build + +clean: + rm -f *.a *.so *.o *.rpm $(DEP_FILES) + +mrproper: clean + rm -f *~ + +$(BIN): $(OBJS) + $(AR) rcs $(BIN) $(OBJS) diff --git a/tools/vtpm_manager/manager/Makefile b/tools/vtpm_manager/manager/Makefile index 2933627c84..6bf28e6066 100644 --- a/tools/vtpm_manager/manager/Makefile +++ b/tools/vtpm_manager/manager/Makefile @@ -1,27 +1,27 @@ -XEN_ROOT = ../../..
-include $(XEN_ROOT)/tools/vtpm_manager/Rules.mk
-
-BIN = vtpm_managerd
-
-all: build
-
-build: $(BIN)
-
-install: build
- if [ ! -d "$(DESTDIR)/var/vtpm/fifos" ]; \
- then mkdir -p $(DESTDIR)/var/vtpm/fifos; \
- fi
- $(INSTALL_PROG) $(BIN) $(TOOLS_INSTALL_DIR)
-
-clean:
- rm -f *.a *.so *.o *.rpm $(DEP_FILES)
-
-mrproper: clean
- rm -f $(BIN) *~
-
-$(BIN): $(OBJS)
- $(CC) $(LDFLAGS) $^ $(LIBS) -o $@
-
-# libraries
-LIBS += ../tcs/libTCS.a ../util/libTCGUtils.a ../crypto/libtcpaCrypto.a
-LIBS += -lcrypto -lpthread -lrt -lm
+XEN_ROOT = ../../.. +include $(XEN_ROOT)/tools/vtpm_manager/Rules.mk + +BIN = vtpm_managerd + +all: build + +build: $(BIN) + +install: build + if [ ! -d "$(DESTDIR)/var/vtpm/fifos" ]; \ + then mkdir -p $(DESTDIR)/var/vtpm/fifos; \ + fi + $(INSTALL_PROG) $(BIN) $(TOOLS_INSTALL_DIR) + +clean: + rm -f *.a *.so *.o *.rpm $(DEP_FILES) + +mrproper: clean + rm -f $(BIN) *~ + +$(BIN): $(OBJS) + $(CC) $(LDFLAGS) $^ $(LIBS) -o $@ + +# libraries +LIBS += ../tcs/libTCS.a ../util/libTCGUtils.a ../crypto/libtcpaCrypto.a +LIBS += -lcrypto -lpthread -lrt -lm diff --git a/tools/vtpm_manager/manager/tpmpassthrough.c b/tools/vtpm_manager/manager/tpmpassthrough.c index 6d82d9b649..9b1e5f849f 100644 --- a/tools/vtpm_manager/manager/tpmpassthrough.c +++ b/tools/vtpm_manager/manager/tpmpassthrough.c @@ -1,110 +1,110 @@ -// ===================================================================
-//
-// Copyright (c) 2005, Intel Corp.
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions
-// are met:
-//
-// * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-// * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following
-// disclaimer in the documentation and/or other materials provided
-// with the distribution.
-// * Neither the name of Intel Corporation nor the names of its
-// contributors may be used to endorse or promote products derived
-// from this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-// OF THE POSSIBILITY OF SUCH DAMAGE.
-// ===================================================================
-//
-// tpmpassthrough.c
-//
-// Functions regarding passing DMI requests to HWTPM
-//
-// ==================================================================
-
-#include "tcg.h"
-#include "vtpm_manager.h"
-#include "vtpmpriv.h"
-#include "vtsp.h"
-#include "log.h"
-
-TPM_RESULT VTPM_Handle_TPM_Command( VTPM_DMI_RESOURCE *dmi,
- buffer_t *inbuf,
- buffer_t *outbuf) {
-
- TPM_RESULT status = TPM_SUCCESS;
- TPM_COMMAND_CODE *ord;
-
- ord = (TPM_COMMAND_CODE *) (inbuf->bytes + sizeof(TPM_TAG) + sizeof(UINT32));
-
- switch (*ord) {
-
- // Forbidden for DMI use
- case TPM_ORD_TakeOwnership:
- case TPM_ORD_ChangeAuthOwner:
- case TPM_ORD_DirWriteAuth:
- case TPM_ORD_DirRead:
- case TPM_ORD_AuthorizeMigrationKey:
- case TPM_ORD_CreateMaintenanceArchive:
- case TPM_ORD_LoadMaintenanceArchive:
- case TPM_ORD_KillMaintenanceFeature:
- case TPM_ORD_LoadManuMaintPub:
- case TPM_ORD_ReadManuMaintPub:
- case TPM_ORD_SelfTestFull:
- case TPM_ORD_SelfTestStartup:
- case TPM_ORD_CertifySelfTest:
- case TPM_ORD_ContinueSelfTest:
- case TPM_ORD_GetTestResult:
- case TPM_ORD_Reset:
- case TPM_ORD_OwnerClear:
- case TPM_ORD_DisableOwnerClear:
- case TPM_ORD_ForceClear:
- case TPM_ORD_DisableForceClear:
- case TPM_ORD_GetCapabilityOwner:
- case TPM_ORD_OwnerSetDisable:
- case TPM_ORD_PhysicalEnable:
- case TPM_ORD_PhysicalDisable:
- case TPM_ORD_SetOwnerInstall:
- case TPM_ORD_PhysicalSetDeactivated:
- case TPM_ORD_SetTempDeactivated:
- case TPM_ORD_CreateEndorsementKeyPair:
- case TPM_ORD_GetAuditEvent:
- case TPM_ORD_GetAuditEventSigned:
- case TPM_ORD_GetOrdinalAuditStatus:
- case TPM_ORD_SetOrdinalAuditStatus:
- case TPM_ORD_SetRedirection:
- case TPM_ORD_FieldUpgrade:
- case TSC_ORD_PhysicalPresence:
- status = TPM_DISABLED_CMD;
- goto abort_egress;
- break;
-
- } // End ORD Switch
-
- // Call TCS with command
-
- TPMTRY(TPM_IOERROR, VTSP_RawTransmit( dmi->TCSContext,inbuf, outbuf) );
-
- goto egress;
-
- abort_egress:
- vtpmloginfo(VTPM_LOG_VTPM, "TPM Command Failed in tpmpassthrough.\n");
- egress:
-
- return status;
-}
+// =================================================================== +// +// Copyright (c) 2005, Intel Corp. +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions +// are met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following +// disclaimer in the documentation and/or other materials provided +// with the distribution. +// * Neither the name of Intel Corporation nor the names of its +// contributors may be used to endorse or promote products derived +// from this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +// OF THE POSSIBILITY OF SUCH DAMAGE. +// =================================================================== +// +// tpmpassthrough.c +// +// Functions regarding passing DMI requests to HWTPM +// +// ================================================================== + +#include "tcg.h" +#include "vtpm_manager.h" +#include "vtpmpriv.h" +#include "vtsp.h" +#include "log.h" + +TPM_RESULT VTPM_Handle_TPM_Command( VTPM_DMI_RESOURCE *dmi, + buffer_t *inbuf, + buffer_t *outbuf) { + + TPM_RESULT status = TPM_SUCCESS; + TPM_COMMAND_CODE *ord; + + ord = (TPM_COMMAND_CODE *) (inbuf->bytes + sizeof(TPM_TAG) + sizeof(UINT32)); + + switch (*ord) { + + // Forbidden for DMI use + case TPM_ORD_TakeOwnership: + case TPM_ORD_ChangeAuthOwner: + case TPM_ORD_DirWriteAuth: + case TPM_ORD_DirRead: + case TPM_ORD_AuthorizeMigrationKey: + case TPM_ORD_CreateMaintenanceArchive: + case TPM_ORD_LoadMaintenanceArchive: + case TPM_ORD_KillMaintenanceFeature: + case TPM_ORD_LoadManuMaintPub: + case TPM_ORD_ReadManuMaintPub: + case TPM_ORD_SelfTestFull: + case TPM_ORD_SelfTestStartup: + case TPM_ORD_CertifySelfTest: + case TPM_ORD_ContinueSelfTest: + case TPM_ORD_GetTestResult: + case TPM_ORD_Reset: + case TPM_ORD_OwnerClear: + case TPM_ORD_DisableOwnerClear: + case TPM_ORD_ForceClear: + case TPM_ORD_DisableForceClear: + case TPM_ORD_GetCapabilityOwner: + case TPM_ORD_OwnerSetDisable: + case TPM_ORD_PhysicalEnable: + case TPM_ORD_PhysicalDisable: + case TPM_ORD_SetOwnerInstall: + case TPM_ORD_PhysicalSetDeactivated: + case TPM_ORD_SetTempDeactivated: + case TPM_ORD_CreateEndorsementKeyPair: + case TPM_ORD_GetAuditEvent: + case TPM_ORD_GetAuditEventSigned: + case TPM_ORD_GetOrdinalAuditStatus: + case TPM_ORD_SetOrdinalAuditStatus: + case TPM_ORD_SetRedirection: + case TPM_ORD_FieldUpgrade: + case TSC_ORD_PhysicalPresence: + status = TPM_DISABLED_CMD; + goto abort_egress; + break; + + } // End ORD Switch + + // Call TCS with command + + TPMTRY(TPM_IOERROR, VTSP_RawTransmit( dmi->TCSContext,inbuf, outbuf) ); + + goto egress; + + abort_egress: + vtpmloginfo(VTPM_LOG_VTPM, "TPM Command Failed in tpmpassthrough.\n"); + egress: + + return status; +} diff --git a/tools/vtpm_manager/manager/vtpm_manager.h b/tools/vtpm_manager/manager/vtpm_manager.h index 92726297d2..70ceb61713 100644 --- a/tools/vtpm_manager/manager/vtpm_manager.h +++ b/tools/vtpm_manager/manager/vtpm_manager.h @@ -1,137 +1,137 @@ -// ===================================================================
-//
-// Copyright (c) 2005, Intel Corp.
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions
-// are met:
-//
-// * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-// * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following
-// disclaimer in the documentation and/or other materials provided
-// with the distribution.
-// * Neither the name of Intel Corporation nor the names of its
-// contributors may be used to endorse or promote products derived
-// from this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-// OF THE POSSIBILITY OF SUCH DAMAGE.
-// ===================================================================
-//
-// vtpm_manager.h
-//
-// Public Interface header for VTPM Manager
-//
-// ==================================================================
-
-#ifndef __VTPM_MANAGER_H__
-#define __VTPM_MANAGER_H__
-
-#include "tcg.h"
-
-#define VTPM_TAG_REQ 0x01c1
-#define VTPM_TAG_RSP 0x01c4
-#define COMMAND_BUFFER_SIZE 4096
-
-// Header sizes. Note Header MAY include the DMI
-#define VTPM_COMMAND_HEADER_SIZE_SRV ( sizeof(UINT32) + sizeof(TPM_TAG) + sizeof(UINT32) + sizeof(TPM_COMMAND_CODE))
-#define VTPM_COMMAND_HEADER_SIZE_CLT ( sizeof(TPM_TAG) + sizeof(UINT32) + sizeof(TPM_COMMAND_CODE))
-
-// ********************** Public Functions *************************
-TPM_RESULT VTPM_Init_Service(); // Start VTPM Service
-void VTPM_Stop_Service(); // Stop VTPM Service
-#ifdef VTPM_MULTI_VM
-int VTPM_Service_Handler();
-#else
-void *VTPM_Service_Handler(void *threadTypePtr);
-#endif
-
-//************************ Command Codes ****************************
-#define VTPM_ORD_OPEN 1 // ULM Creates New DMI
-#define VTPM_ORD_CLOSE 2 // ULM Closes a DMI
-#define VTPM_ORD_DELETE 3 // ULM Permemently Deletes DMI
-#define VTPM_ORD_SAVENVM 4 // DMI requests Secrets Unseal
-#define VTPM_ORD_LOADNVM 5 // DMI requests Secrets Saved
-#define VTPM_ORD_TPMCOMMAND 6 // DMI issues HW TPM Command
-
-//************************ Return Codes ****************************
-#define VTPM_SUCCESS 0
-#define VTPM_FAIL 1
-#define VTPM_UNSUPPORTED 2
-#define VTPM_FORBIDDEN 3
-#define VTPM_RESTORE_CONTEXT_FAILED 4
-#define VTPM_INVALID_REQUEST 5
-
-/******************* Command Parameter API *************************
-
-VTPM Command Format
- dmi: 4 bytes // Source of message.
- // WARNING: This is prepended by the channel.
- // Thus it is received by VTPM Manager,
- // but not sent by DMI
- tpm tag: 2 bytes
- command size: 4 bytes // Size of command including header but not DMI
- ord: 4 bytes // Command ordinal above
- parameters: size - 10 bytes // Command Parameter
-
-VTPM Response Format
- tpm tag: 2 bytes
- response_size: 4 bytes
- status: 4 bytes
- parameters: size - 10 bytes
-
-
-VTPM_Open:
- Input Parameters:
- Domain_type: 1 byte
- domain_id: 4 bytes
- instance_id: 4 bytes
- Output Parameters:
- None
-
-VTPM_Close
- Input Parameters:
- instance_id: 4 bytes
- Output Parameters:
- None
-
-VTPM_Delete
- Input Parameters:
- instance_id: 4 bytes
- Output Parameters:
- None
-
-VTPM_SaveNVM
- Input Parameters:
- data: n bytes (Header indicates size of data)
- Output Parameters:
- None
-
-VTPM_LoadNVM
- Input Parameters:
- None
- Output Parameters:
- data: n bytes (Header indicates size of data)
-
-VTPM_TPMCommand
- Input Parameters:
- TPM Command Byte Stream: n bytes
- Output Parameters:
- TPM Reponse Byte Stream: n bytes
-
-*********************************************************************/
-
-#endif //_VTPM_MANAGER_H_
+// =================================================================== +// +// Copyright (c) 2005, Intel Corp. +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions +// are met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following +// disclaimer in the documentation and/or other materials provided +// with the distribution. +// * Neither the name of Intel Corporation nor the names of its +// contributors may be used to endorse or promote products derived +// from this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +// OF THE POSSIBILITY OF SUCH DAMAGE. +// =================================================================== +// +// vtpm_manager.h +// +// Public Interface header for VTPM Manager +// +// ================================================================== + +#ifndef __VTPM_MANAGER_H__ +#define __VTPM_MANAGER_H__ + +#include "tcg.h" + +#define VTPM_TAG_REQ 0x01c1 +#define VTPM_TAG_RSP 0x01c4 +#define COMMAND_BUFFER_SIZE 4096 + +// Header sizes. Note Header MAY include the DMI +#define VTPM_COMMAND_HEADER_SIZE_SRV ( sizeof(UINT32) + sizeof(TPM_TAG) + sizeof(UINT32) + sizeof(TPM_COMMAND_CODE)) +#define VTPM_COMMAND_HEADER_SIZE_CLT ( sizeof(TPM_TAG) + sizeof(UINT32) + sizeof(TPM_COMMAND_CODE)) + +// ********************** Public Functions ************************* +TPM_RESULT VTPM_Init_Service(); // Start VTPM Service +void VTPM_Stop_Service(); // Stop VTPM Service +#ifdef VTPM_MULTI_VM +int VTPM_Service_Handler(); +#else +void *VTPM_Service_Handler(void *threadTypePtr); +#endif + +//************************ Command Codes **************************** +#define VTPM_ORD_OPEN 1 // ULM Creates New DMI +#define VTPM_ORD_CLOSE 2 // ULM Closes a DMI +#define VTPM_ORD_DELETE 3 // ULM Permemently Deletes DMI +#define VTPM_ORD_SAVENVM 4 // DMI requests Secrets Unseal +#define VTPM_ORD_LOADNVM 5 // DMI requests Secrets Saved +#define VTPM_ORD_TPMCOMMAND 6 // DMI issues HW TPM Command + +//************************ Return Codes **************************** +#define VTPM_SUCCESS 0 +#define VTPM_FAIL 1 +#define VTPM_UNSUPPORTED 2 +#define VTPM_FORBIDDEN 3 +#define VTPM_RESTORE_CONTEXT_FAILED 4 +#define VTPM_INVALID_REQUEST 5 + +/******************* Command Parameter API ************************* + +VTPM Command Format + dmi: 4 bytes // Source of message. + // WARNING: This is prepended by the channel. + // Thus it is received by VTPM Manager, + // but not sent by DMI + tpm tag: 2 bytes + command size: 4 bytes // Size of command including header but not DMI + ord: 4 bytes // Command ordinal above + parameters: size - 10 bytes // Command Parameter + +VTPM Response Format + tpm tag: 2 bytes + response_size: 4 bytes + status: 4 bytes + parameters: size - 10 bytes + + +VTPM_Open: + Input Parameters: + Domain_type: 1 byte + domain_id: 4 bytes + instance_id: 4 bytes + Output Parameters: + None + +VTPM_Close + Input Parameters: + instance_id: 4 bytes + Output Parameters: + None + +VTPM_Delete + Input Parameters: + instance_id: 4 bytes + Output Parameters: + None + +VTPM_SaveNVM + Input Parameters: + data: n bytes (Header indicates size of data) + Output Parameters: + None + +VTPM_LoadNVM + Input Parameters: + None + Output Parameters: + data: n bytes (Header indicates size of data) + +VTPM_TPMCommand + Input Parameters: + TPM Command Byte Stream: n bytes + Output Parameters: + TPM Reponse Byte Stream: n bytes + +*********************************************************************/ + +#endif //_VTPM_MANAGER_H_ diff --git a/tools/vtpm_manager/manager/vtpmd.c b/tools/vtpm_manager/manager/vtpmd.c index 5bf33882de..8e07ac3587 100644 --- a/tools/vtpm_manager/manager/vtpmd.c +++ b/tools/vtpm_manager/manager/vtpmd.c @@ -1,134 +1,134 @@ -// ===================================================================
-//
-// Copyright (c) 2005, Intel Corp.
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions
-// are met:
-//
-// * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-// * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following
-// disclaimer in the documentation and/or other materials provided
-// with the distribution.
-// * Neither the name of Intel Corporation nor the names of its
-// contributors may be used to endorse or promote products derived
-// from this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-// OF THE POSSIBILITY OF SUCH DAMAGE.
-// ===================================================================
-//
-// vtpmd.c
-//
-// Application
-//
-// ===================================================================
-
-#include <stdio.h>
-#include <signal.h>
-#include <sys/types.h>
-#include <unistd.h>
-#include "vtpm_manager.h"
-#include "vtpmpriv.h"
-#include "tcg.h"
-#include "log.h"
-
-#ifndef VTPM_MULTI_VM
- #include <pthread.h>
-#endif
-
-void signal_handler(int reason) {
-#ifndef VTPM_MULTI_VM
-
- if (pthread_equal(pthread_self(), vtpm_globals->master_pid)) {
- if (reason >= 0) { // Reason is a signal
- vtpmloginfo(VTPM_LOG_VTPM, "VTPM Manager shutting down for signal %d.\n", reason);
- } else {// Reason is a TPM_RESULT * -1
- vtpmloginfo(VTPM_LOG_VTPM,"VTPM Manager shuting down for: %s\n", tpm_get_error_name(-1 * reason) );
- }
-
- return;
- } else {
- vtpmloginfo(VTPM_LOG_VTPM, "Child shutting down\n");
- pthread_exit(NULL);
- }
-#else
- VTPM_Stop_Service();
- exit(-1);
-#endif
-}
-
-struct sigaction ctl_c_handler;
-
-int main(int argc, char **argv) {
-
- vtpmloginfo(VTPM_LOG_VTPM, "Starting VTPM.\n");
-
- if (VTPM_Init_Service() != TPM_SUCCESS) {
- vtpmlogerror(VTPM_LOG_VTPM, "Closing vtpmd due to error during startup.\n");
- return -1;
- }
-
- ctl_c_handler.sa_handler = signal_handler;
- sigemptyset(&ctl_c_handler.sa_mask);
- ctl_c_handler.sa_flags = 0;
-
- if (sigaction(SIGINT, &ctl_c_handler, NULL) == -1)
- vtpmlogerror(VTPM_LOG_VTPM, "Could not install SIGINT handler. Ctl+break will not stop service gently.\n");
-
- // For easier debuggin with gdb
- if (sigaction(SIGHUP, &ctl_c_handler, NULL) == -1)
- vtpmlogerror(VTPM_LOG_VTPM, "Could not install SIGHUP handler. Ctl+break will not stop service gently.\n");
-
-#ifdef VTPM_MULTI_VM
- TPM_RESULT status = VTPM_Service_Handler();
-
- if (status != TPM_SUCCESS)
- vtpmlogerror(VTPM_LOG_VTPM, "VTPM Manager exited with status %s. It never should exit.\n", tpm_get_error_name(status));
-
- return -1;
-#else
- sigset_t sig_mask;
-
- sigemptyset(&sig_mask);
- sigaddset(&sig_mask, SIGPIPE);
- sigprocmask(SIG_BLOCK, &sig_mask, NULL);
- //pthread_mutex_init(&vtpm_globals->dmi_mutex, NULL);
- pthread_t be_thread, dmi_thread;
- int betype_be, dmitype_dmi;
-
- vtpm_globals->master_pid = pthread_self();
-
- betype_be = BE_LISTENER_THREAD;
- if (pthread_create(&be_thread, NULL, VTPM_Service_Handler, &betype_be) != 0) {
- vtpmlogerror(VTPM_LOG_VTPM, "Failed to launch BE Thread.\n");
- exit(-1);
- }
-
- dmitype_dmi = DMI_LISTENER_THREAD;
- if (pthread_create(&dmi_thread, NULL, VTPM_Service_Handler, &dmitype_dmi) != 0) {
- vtpmlogerror(VTPM_LOG_VTPM, "Failed to launch DMI Thread.\n");
- exit(-1);
- }
-
- //Join the other threads until exit time.
- pthread_join(be_thread, NULL);
- pthread_join(dmi_thread, NULL);
-
- VTPM_Stop_Service();
- return 0;
-#endif
-}
+// =================================================================== +// +// Copyright (c) 2005, Intel Corp. +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions +// are met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following +// disclaimer in the documentation and/or other materials provided +// with the distribution. +// * Neither the name of Intel Corporation nor the names of its +// contributors may be used to endorse or promote products derived +// from this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +// OF THE POSSIBILITY OF SUCH DAMAGE. +// =================================================================== +// +// vtpmd.c +// +// Application +// +// =================================================================== + +#include <stdio.h> +#include <signal.h> +#include <sys/types.h> +#include <unistd.h> +#include "vtpm_manager.h" +#include "vtpmpriv.h" +#include "tcg.h" +#include "log.h" + +#ifndef VTPM_MULTI_VM + #include <pthread.h> +#endif + +void signal_handler(int reason) { +#ifndef VTPM_MULTI_VM + + if (pthread_equal(pthread_self(), vtpm_globals->master_pid)) { + if (reason >= 0) { // Reason is a signal + vtpmloginfo(VTPM_LOG_VTPM, "VTPM Manager shutting down for signal %d.\n", reason); + } else {// Reason is a TPM_RESULT * -1 + vtpmloginfo(VTPM_LOG_VTPM,"VTPM Manager shuting down for: %s\n", tpm_get_error_name(-1 * reason) ); + } + + return; + } else { + vtpmloginfo(VTPM_LOG_VTPM, "Child shutting down\n"); + pthread_exit(NULL); + } +#else + VTPM_Stop_Service(); + exit(-1); +#endif +} + +struct sigaction ctl_c_handler; + +int main(int argc, char **argv) { + + vtpmloginfo(VTPM_LOG_VTPM, "Starting VTPM.\n"); + + if (VTPM_Init_Service() != TPM_SUCCESS) { + vtpmlogerror(VTPM_LOG_VTPM, "Closing vtpmd due to error during startup.\n"); + return -1; + } + + ctl_c_handler.sa_handler = signal_handler; + sigemptyset(&ctl_c_handler.sa_mask); + ctl_c_handler.sa_flags = 0; + + if (sigaction(SIGINT, &ctl_c_handler, NULL) == -1) + vtpmlogerror(VTPM_LOG_VTPM, "Could not install SIGINT handler. Ctl+break will not stop service gently.\n"); + + // For easier debuggin with gdb + if (sigaction(SIGHUP, &ctl_c_handler, NULL) == -1) + vtpmlogerror(VTPM_LOG_VTPM, "Could not install SIGHUP handler. Ctl+break will not stop service gently.\n"); + +#ifdef VTPM_MULTI_VM + TPM_RESULT status = VTPM_Service_Handler(); + + if (status != TPM_SUCCESS) + vtpmlogerror(VTPM_LOG_VTPM, "VTPM Manager exited with status %s. It never should exit.\n", tpm_get_error_name(status)); + + return -1; +#else + sigset_t sig_mask; + + sigemptyset(&sig_mask); + sigaddset(&sig_mask, SIGPIPE); + sigprocmask(SIG_BLOCK, &sig_mask, NULL); + //pthread_mutex_init(&vtpm_globals->dmi_mutex, NULL); + pthread_t be_thread, dmi_thread; + int betype_be, dmitype_dmi; + + vtpm_globals->master_pid = pthread_self(); + + betype_be = BE_LISTENER_THREAD; + if (pthread_create(&be_thread, NULL, VTPM_Service_Handler, &betype_be) != 0) { + vtpmlogerror(VTPM_LOG_VTPM, "Failed to launch BE Thread.\n"); + exit(-1); + } + + dmitype_dmi = DMI_LISTENER_THREAD; + if (pthread_create(&dmi_thread, NULL, VTPM_Service_Handler, &dmitype_dmi) != 0) { + vtpmlogerror(VTPM_LOG_VTPM, "Failed to launch DMI Thread.\n"); + exit(-1); + } + + //Join the other threads until exit time. + pthread_join(be_thread, NULL); + pthread_join(dmi_thread, NULL); + + VTPM_Stop_Service(); + return 0; +#endif +} diff --git a/tools/vtpm_manager/manager/vtpmpriv.h b/tools/vtpm_manager/manager/vtpmpriv.h index 5777c1a3c2..bb613aec2c 100644 --- a/tools/vtpm_manager/manager/vtpmpriv.h +++ b/tools/vtpm_manager/manager/vtpmpriv.h @@ -1,151 +1,151 @@ -// ===================================================================
-//
-// Copyright (c) 2005, Intel Corp.
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions
-// are met:
-//
-// * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-// * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following
-// disclaimer in the documentation and/or other materials provided
-// with the distribution.
-// * Neither the name of Intel Corporation nor the names of its
-// contributors may be used to endorse or promote products derived
-// from this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-// OF THE POSSIBILITY OF SUCH DAMAGE.
-// ===================================================================
-//
-// vtpmpriv.h
-//
-// Structures and functions private to the manager
-//
-// ==================================================================
-
-#ifndef __VTPMPRIV_H__
-#define __VTPMPRIV_H__
-
-#include "tcg.h"
-#include "tcs.h"
-#include "buffer.h"
-#include "crypto.h"
-
-#define STATE_FILE "/var/vtpm/VTPM"
-#define DMI_NVM_FILE "/var/vtpm/vtpm_dm_%d.data"
-#define VTPM_BE_DEV "/dev/vtpm0"
-#define VTPM_CTL_DM 0
-
-#ifndef VTPM_MUTLI_VM
- #include <sys/types.h>
- #define GUEST_TX_FIFO "/var/vtpm/fifos/guest-to-%d.fifo"
- #define GUEST_RX_FIFO "/var/vtpm/fifos/guest-from-all.fifo"
-
- #define VTPM_TX_FIFO "/var/vtpm/fifos/vtpm-to-%d.fifo"
- #define VTPM_RX_FIFO "/var/vtpm/fifos/vtpm-from-all.fifo"
-
- #define BE_LISTENER_THREAD 1
- #define DMI_LISTENER_THREAD 2
-
- // Seconds until DMI timeout. Timeouts result in DMI being out
- // of sync, which may require a reboot of DMI and guest to recover
- // from. Don't set this to low. Also note that DMI may issue a TPM
- // call so we should expect time to process at DMI + TPM processing.
- #define DMI_TIMEOUT 90
-#endif
-
-
-// ------------------------ Private Structures -----------------------
-typedef struct VTPM_DMI_RESOURCE_T {
- // I/O info for Manager to talk to DMI's over FIFOs
-#ifndef VTPM_MUTLI_VM
- int guest_tx_fh; // open GUEST_TX_FIFO
- int vtpm_tx_fh; // open VTPM_TX_FIFO
- char *guest_tx_fname; // open GUEST_TX_FIFO
- char *vtpm_tx_fname; // open VTPM_TX_FIFO
-
- pid_t dmi_pid;
-#endif
- // Non-persistent Information
- bool connected;
- UINT32 dmi_domain_id;
- TCS_CONTEXT_HANDLE TCSContext; // TCS Handle
- char *NVMLocation; // NULL term string indicating location
- // of NVM.
- // Persistent Information about DMI
- UINT32 dmi_id;
- TPM_DIGEST NVM_measurement; // Equal to the SHA1 of the blob
- TPM_DIGEST DMI_measurement; // Correct measurement of the owning DMI
-} VTPM_DMI_RESOURCE;
-
-typedef struct tdVTPM_GLOBALS {
- // Non-persistent data
- int be_fh; // File handle to ipc used to communicate with backend
-#ifndef VTPM_MULTI_VM
- int vtpm_rx_fh;
- int guest_rx_fh;
-
- pid_t master_pid;
-#endif
- struct hashtable *dmi_map; // Table of all DMI's known indexed by persistent instance #
-#ifndef VTPM_MULTI_VM
- pthread_mutex_t dmi_map_mutex; //
-#endif
- TCS_CONTEXT_HANDLE manager_tcs_handle; // TCS Handle used by manager
- TPM_HANDLE storageKeyHandle; // Key used by persistent store
- CRYPTO_INFO storageKey; // For software encryption
- TCS_AUTH keyAuth; // OIAP session for storageKey
- BOOL DMI_table_dirty; // Indicates that a command
- // has updated the DMI table
-
-
- // Persistent Data
- TPM_AUTHDATA owner_usage_auth; // OwnerAuth of real TPM
- TPM_AUTHDATA srk_usage_auth; // SRK Auth of real TPM
- buffer_t storageKeyWrap; // Wrapped copy of storageKey
-
- TPM_AUTHDATA storage_key_usage_auth;
-
-}VTPM_GLOBALS;
-
-//Global dmi map
-extern VTPM_GLOBALS *vtpm_globals;
-
-// ********************** Command Handler Prototypes ***********************
-TPM_RESULT VTPM_Handle_Load_NVM( VTPM_DMI_RESOURCE *myDMI,
- const buffer_t *inbuf,
- buffer_t *outbuf);
-
-TPM_RESULT VTPM_Handle_Save_NVM( VTPM_DMI_RESOURCE *myDMI,
- const buffer_t *inbuf,
- buffer_t *outbuf);
-
-TPM_RESULT VTPM_Handle_TPM_Command( VTPM_DMI_RESOURCE *dmi,
- buffer_t *inbuf,
- buffer_t *outbuf);
-
-TPM_RESULT VTPM_Handle_New_DMI(const buffer_t *param_buf);
-
-TPM_RESULT VTPM_Handle_Close_DMI(const buffer_t *param_buf);
-
-TPM_RESULT VTPM_Handle_Delete_DMI(const buffer_t *param_buf);
-
-TPM_RESULT VTPM_SaveService(void);
-TPM_RESULT VTPM_LoadService(void);
-
-TPM_RESULT close_dmi( VTPM_DMI_RESOURCE *dmi_res);
-#endif // __VTPMPRIV_H__
+// =================================================================== +// +// Copyright (c) 2005, Intel Corp. +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions +// are met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following +// disclaimer in the documentation and/or other materials provided +// with the distribution. +// * Neither the name of Intel Corporation nor the names of its +// contributors may be used to endorse or promote products derived +// from this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +// OF THE POSSIBILITY OF SUCH DAMAGE. +// =================================================================== +// +// vtpmpriv.h +// +// Structures and functions private to the manager +// +// ================================================================== + +#ifndef __VTPMPRIV_H__ +#define __VTPMPRIV_H__ + +#include "tcg.h" +#include "tcs.h" +#include "buffer.h" +#include "crypto.h" + +#define STATE_FILE "/var/vtpm/VTPM" +#define DMI_NVM_FILE "/var/vtpm/vtpm_dm_%d.data" +#define VTPM_BE_DEV "/dev/vtpm0" +#define VTPM_CTL_DM 0 + +#ifndef VTPM_MUTLI_VM + #include <sys/types.h> + #define GUEST_TX_FIFO "/var/vtpm/fifos/guest-to-%d.fifo" + #define GUEST_RX_FIFO "/var/vtpm/fifos/guest-from-all.fifo" + + #define VTPM_TX_FIFO "/var/vtpm/fifos/vtpm-to-%d.fifo" + #define VTPM_RX_FIFO "/var/vtpm/fifos/vtpm-from-all.fifo" + + #define BE_LISTENER_THREAD 1 + #define DMI_LISTENER_THREAD 2 + + // Seconds until DMI timeout. Timeouts result in DMI being out + // of sync, which may require a reboot of DMI and guest to recover + // from. Don't set this to low. Also note that DMI may issue a TPM + // call so we should expect time to process at DMI + TPM processing. + #define DMI_TIMEOUT 90 +#endif + + +// ------------------------ Private Structures ----------------------- +typedef struct VTPM_DMI_RESOURCE_T { + // I/O info for Manager to talk to DMI's over FIFOs +#ifndef VTPM_MUTLI_VM + int guest_tx_fh; // open GUEST_TX_FIFO + int vtpm_tx_fh; // open VTPM_TX_FIFO + char *guest_tx_fname; // open GUEST_TX_FIFO + char *vtpm_tx_fname; // open VTPM_TX_FIFO + + pid_t dmi_pid; +#endif + // Non-persistent Information + bool connected; + UINT32 dmi_domain_id; + TCS_CONTEXT_HANDLE TCSContext; // TCS Handle + char *NVMLocation; // NULL term string indicating location + // of NVM. + // Persistent Information about DMI + UINT32 dmi_id; + TPM_DIGEST NVM_measurement; // Equal to the SHA1 of the blob + TPM_DIGEST DMI_measurement; // Correct measurement of the owning DMI +} VTPM_DMI_RESOURCE; + +typedef struct tdVTPM_GLOBALS { + // Non-persistent data + int be_fh; // File handle to ipc used to communicate with backend +#ifndef VTPM_MULTI_VM + int vtpm_rx_fh; + int guest_rx_fh; + + pid_t master_pid; +#endif + struct hashtable *dmi_map; // Table of all DMI's known indexed by persistent instance # +#ifndef VTPM_MULTI_VM + pthread_mutex_t dmi_map_mutex; // +#endif + TCS_CONTEXT_HANDLE manager_tcs_handle; // TCS Handle used by manager + TPM_HANDLE storageKeyHandle; // Key used by persistent store + CRYPTO_INFO storageKey; // For software encryption + TCS_AUTH keyAuth; // OIAP session for storageKey + BOOL DMI_table_dirty; // Indicates that a command + // has updated the DMI table + + + // Persistent Data + TPM_AUTHDATA owner_usage_auth; // OwnerAuth of real TPM + TPM_AUTHDATA srk_usage_auth; // SRK Auth of real TPM + buffer_t storageKeyWrap; // Wrapped copy of storageKey + + TPM_AUTHDATA storage_key_usage_auth; + +}VTPM_GLOBALS; + +//Global dmi map +extern VTPM_GLOBALS *vtpm_globals; + +// ********************** Command Handler Prototypes *********************** +TPM_RESULT VTPM_Handle_Load_NVM( VTPM_DMI_RESOURCE *myDMI, + const buffer_t *inbuf, + buffer_t *outbuf); + +TPM_RESULT VTPM_Handle_Save_NVM( VTPM_DMI_RESOURCE *myDMI, + const buffer_t *inbuf, + buffer_t *outbuf); + +TPM_RESULT VTPM_Handle_TPM_Command( VTPM_DMI_RESOURCE *dmi, + buffer_t *inbuf, + buffer_t *outbuf); + +TPM_RESULT VTPM_Handle_New_DMI(const buffer_t *param_buf); + +TPM_RESULT VTPM_Handle_Close_DMI(const buffer_t *param_buf); + +TPM_RESULT VTPM_Handle_Delete_DMI(const buffer_t *param_buf); + +TPM_RESULT VTPM_SaveService(void); +TPM_RESULT VTPM_LoadService(void); + +TPM_RESULT close_dmi( VTPM_DMI_RESOURCE *dmi_res); +#endif // __VTPMPRIV_H__ diff --git a/tools/vtpm_manager/manager/vtsp.c b/tools/vtpm_manager/manager/vtsp.c index c2cbc43a0b..b6f82e4b3a 100644 --- a/tools/vtpm_manager/manager/vtsp.c +++ b/tools/vtpm_manager/manager/vtsp.c @@ -1,810 +1,810 @@ -// ===================================================================
-//
-// Copyright (c) 2005, Intel Corp.
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions
-// are met:
-//
-// * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-// * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following
-// disclaimer in the documentation and/or other materials provided
-// with the distribution.
-// * Neither the name of Intel Corporation nor the names of its
-// contributors may be used to endorse or promote products derived
-// from this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-// OF THE POSSIBILITY OF SUCH DAMAGE.
-// ===================================================================
-//
-// vtsp.c
-//
-// Higher level interface to TCS for use in service.
-//
-// ==================================================================
-
-#include <string.h>
-#include "tcg.h"
-#include "tcs.h"
-#include "bsg.h"
-#include "log.h"
-#include "crypto.h"
-#include "vtsp.h"
-#include "buffer.h"
-
-#define RSA_KEY_SIZE 0x0800
-
-/***********************************************************************************
- * GenerateAuth: Generate authorization info to be sent back to application
- *
- * Parameters: outParamDigestText The concatenation of output parameters to be SHA1ed
- * outParamDigestTextSize Size of inParamDigestText
- * HMACkey Key to be used for HMACing
- * For OIAP use key.authUsage or PersistStore.ownerAuth
- * For OSAP use shared secret
- * pAuth Authorization information from the application
- *
- * Return: TPM_SUCCESS Authorization data created
- * TPM_AUTHFAIL Invalid (NULL) HMACkey presented for OSAP
- *************************************************************************************/
-TPM_RESULT GenerateAuth( /*[IN]*/ const BYTE *inParamDigestText,
- /*[IN]*/ UINT32 inParamDigestTextSize,
- /*[IN]*/ const TPM_SECRET *HMACkey,
- /*[IN,OUT]*/ TCS_AUTH *auth) {
-
- if (inParamDigestText == NULL || auth == NULL)
- return (TPM_AUTHFAIL);
- else {
-
- //Generate new OddNonce
- Crypto_GetRandom(auth->NonceOdd.nonce, sizeof(TPM_NONCE));
-
- // Create SHA1 inParamDigest
- TPM_DIGEST inParamDigest;
- Crypto_SHA1Full(inParamDigestText, inParamDigestTextSize, (BYTE *) &inParamDigest);
-
- // Create HMAC text. (Concat inParamsDigest with inAuthSetupParams).
- BYTE hmacText[sizeof(TPM_DIGEST) + (2 * sizeof(TPM_NONCE)) + sizeof(BOOL)];
-
- BSG_PackList( hmacText, 4,
- BSG_TPM_DIGEST, &inParamDigest,
- BSG_TPM_NONCE, &(auth->NonceEven),
- BSG_TPM_NONCE, &(auth->NonceOdd),
- BSG_TYPE_BOOL, &(auth->fContinueAuthSession) );
-
- Crypto_HMAC((BYTE *) hmacText, sizeof(hmacText), (BYTE *) HMACkey, sizeof(TPM_DIGEST), (BYTE *) &(auth->HMAC));
-
- return(TPM_SUCCESS);
-
- }
-}
-
-/***********************************************************************************
- * VerifyAuth: Verify the authdata for a command requiring authorization
- *
- * Parameters: inParamDigestText The concatenation of parameters to be SHA1ed
- * inParamDigestTextSize Size of inParamDigestText
- * authDataUsage AuthDataUsage for the Entity being used
- * Key->authDataUsage or TPM_AUTH_OWNER
- * HMACkey Key to be used for HMACing
- * For OIAP use key.authUsage or PersistStore.ownerAuth
- * For OSAP use NULL (It will be aquired from the Auth Session)
- * If unknown (default), assume OIAP
- * sessionAuth A TCS_AUTH info for the session
- * pAuth Authorization information from the application
- * hContext If specified, on failed Auth, VerifyAuth will
- * generate a new OIAP session in place of themselves
- * destroyed session.
- *
- * Return: TPM_SUCCESS Authorization Verified
- * TPM_AUTHFAIL Authorization Failed
- * TPM_FAIL Failure during SHA1 routines
- *************************************************************************************/
-TPM_RESULT VerifyAuth( /*[IN]*/ const BYTE *outParamDigestText,
- /*[IN]*/ UINT32 outParamDigestTextSize,
- /*[IN]*/ const TPM_SECRET *HMACkey,
- /*[IN,OUT]*/ TCS_AUTH *auth,
- /*[IN]*/ TCS_CONTEXT_HANDLE hContext) {
- if (outParamDigestText == NULL || auth == NULL)
- return (TPM_AUTHFAIL);
-
-
- // Create SHA1 inParamDigest
- TPM_DIGEST outParamDigest;
- Crypto_SHA1Full(outParamDigestText, outParamDigestTextSize, (BYTE *) &outParamDigest);
-
- // Create HMAC text. (Concat inParamsDigest with inAuthSetupParams).
- TPM_DIGEST hm;
- BYTE hmacText[sizeof(TPM_DIGEST) + (2 * sizeof(TPM_NONCE)) + sizeof(BOOL)];
-
- BSG_PackList( hmacText, 4,
- BSG_TPM_DIGEST, &outParamDigest,
- BSG_TPM_NONCE, &(auth->NonceEven),
- BSG_TPM_NONCE, &(auth->NonceOdd),
- BSG_TYPE_BOOL, &(auth->fContinueAuthSession) );
-
- Crypto_HMAC((BYTE *) hmacText, sizeof(hmacText),
- (BYTE *) HMACkey, sizeof(TPM_DIGEST), (BYTE *) &hm);
-
- // Compare correct HMAC with provided one.
- if (memcmp (&hm, &(auth->HMAC), sizeof(TPM_DIGEST)) == 0) // 0 indicates equality
- return (TPM_SUCCESS);
- else {
- VTSP_OIAP( hContext, auth);
- return (TPM_AUTHFAIL);
- }
-}
-
-TPM_RESULT VTSP_OIAP(const TCS_CONTEXT_HANDLE hContext,
- TCS_AUTH *auth) {
-
- vtpmloginfo(VTPM_LOG_VTSP, "OIAP.\n");
- TPM_RESULT status = TPM_SUCCESS;
- TPMTRYRETURN( TCSP_OIAP(hContext,
- &auth->AuthHandle,
- &auth->NonceEven) );
- goto egress;
-
- abort_egress:
-
- egress:
-
- return status;
-}
-
-TPM_RESULT VTSP_OSAP(const TCS_CONTEXT_HANDLE hContext,
- const TPM_ENTITY_TYPE entityType,
- const UINT32 entityValue,
- const TPM_AUTHDATA *usageAuth,
- TPM_SECRET *sharedSecret,
- TCS_AUTH *auth) {
-
- vtpmloginfo(VTPM_LOG_VTSP, "OSAP.\n");
- TPM_RESULT status = TPM_SUCCESS;
- TPM_NONCE nonceEvenOSAP, nonceOddOSAP;
-
- Crypto_GetRandom((BYTE *) &nonceOddOSAP, sizeof(TPM_NONCE) );
-
- TPMTRYRETURN( TCSP_OSAP( hContext,
- entityType,
- entityValue,
- nonceOddOSAP,
- &auth->AuthHandle,
- &auth->NonceEven,
- &nonceEvenOSAP) );
-
- // Calculating Session Secret
- BYTE sharedSecretText[TPM_DIGEST_SIZE * 2];
-
- BSG_PackList( sharedSecretText, 2,
- BSG_TPM_NONCE, &nonceEvenOSAP,
- BSG_TPM_NONCE, &nonceOddOSAP);
-
- Crypto_HMAC(sharedSecretText, sizeof(sharedSecretText), (BYTE *) usageAuth, TPM_DIGEST_SIZE, (BYTE *) sharedSecret);
-
- goto egress;
-
- abort_egress:
-
- egress:
-
- return status;
-}
-
-
-
-TPM_RESULT VTSP_ReadPubek( const TCS_CONTEXT_HANDLE hContext,
- CRYPTO_INFO *crypto_info) {
-
- TPM_RESULT status;
- TPM_NONCE antiReplay;
- TPM_DIGEST checksum;
- BYTE *pubEKtext;
- UINT32 pubEKtextsize;
-
- vtpmloginfo(VTPM_LOG_VTSP, "Reading Public EK.\n");
-
- // GenerateAuth new nonceOdd
- Crypto_GetRandom(&antiReplay, sizeof(TPM_NONCE) );
-
-
- TPMTRYRETURN( TCSP_ReadPubek( hContext,
- antiReplay,
- &pubEKtextsize,
- &pubEKtext,
- &checksum) );
-
-
- // Extract the remaining output parameters
- TPM_PUBKEY pubEK;
-
- BSG_Unpack(BSG_TPM_PUBKEY, pubEKtext, (BYTE *) &pubEK);
-
- // Build CryptoInfo for the bindingKey
- TPM_RSA_KEY_PARMS rsaKeyParms;
-
- BSG_Unpack(BSG_TPM_RSA_KEY_PARMS,
- pubEK.algorithmParms.parms,
- &rsaKeyParms);
-
- Crypto_RSABuildCryptoInfoPublic(rsaKeyParms.exponentSize,
- rsaKeyParms.exponent,
- pubEK.pubKey.keyLength,
- pubEK.pubKey.key,
- crypto_info);
-
- // Destroy rsaKeyParms
- BSG_Destroy(BSG_TPM_RSA_KEY_PARMS, &rsaKeyParms);
-
- // Set encryption scheme
- crypto_info->encScheme = CRYPTO_ES_RSAESOAEP_SHA1_MGF1;
- //crypto_info->encScheme = pubEK.algorithmParms.encScheme;
- crypto_info->algorithmID = pubEK.algorithmParms.algorithmID;
-
- goto egress;
-
- abort_egress:
-
- egress:
-
- return status;
-}
-
-TPM_RESULT VTSP_TakeOwnership( const TCS_CONTEXT_HANDLE hContext,
- const TPM_AUTHDATA *ownerAuth,
- const TPM_AUTHDATA *srkAuth,
- CRYPTO_INFO *ek_cryptoInfo,
- TCS_AUTH *auth) {
-
- vtpmloginfo(VTPM_LOG_VTSP, "Taking Ownership of TPM.\n");
-
- TPM_RESULT status = TPM_SUCCESS;
- TPM_COMMAND_CODE command = TPM_ORD_TakeOwnership;
- TPM_PROTOCOL_ID proto_id = TPM_PID_OWNER;
- BYTE *new_srk;
-
- BYTE *paramText; // Digest to make Auth.
- UINT32 paramTextSize;
-
- // vars for srkpubkey parameter
- TPM_KEY srkPub;
- TPM_KEY_PARMS srkKeyInfo = {TPM_ALG_RSA, TPM_ES_RSAESOAEP_SHA1_MGF1, TPM_SS_NONE, 12, 0};
- BYTE srkRSAkeyInfo[12] = { 0x00, 0x00, (RSA_KEY_SIZE >> 8), 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00};
- srkKeyInfo.parms = (BYTE *) &srkRSAkeyInfo;
-
- struct pack_buf_t srkText;
-
- // GenerateAuth new nonceOdd
- Crypto_GetRandom(&auth->NonceOdd, sizeof(TPM_NONCE) );
-
- //These values are accurate for an enc(AuthData).
- struct pack_buf_t encOwnerAuth, encSrkAuth;
-
- encOwnerAuth.data = (BYTE *)malloc(sizeof(BYTE) * 256);
- encSrkAuth.data = (BYTE *)malloc(sizeof(BYTE) * 256);
-
- if (encOwnerAuth.data == NULL || encSrkAuth.data == NULL) {
- vtpmloginfo(VTPM_LOG_VTSP, "Could not malloc encrypted auths.\n");
- status = TPM_RESOURCES;
- goto abort_egress;
- }
-
- Crypto_RSAEnc(ek_cryptoInfo, sizeof(TPM_SECRET), (BYTE *) ownerAuth, &encOwnerAuth.size, encOwnerAuth.data);
- Crypto_RSAEnc(ek_cryptoInfo, sizeof(TPM_SECRET), (BYTE *) srkAuth, &encSrkAuth.size, encSrkAuth.data);
-
-
- // Build srk public key struct
- srkPub.ver = TPM_STRUCT_VER_1_1;
- srkPub.keyUsage = TPM_KEY_STORAGE;
- srkPub.keyFlags = 0x00;
- srkPub.authDataUsage = TPM_AUTH_ALWAYS;
- memcpy(&srkPub.algorithmParms, &srkKeyInfo, sizeof(TPM_KEY_PARMS));
- srkPub.PCRInfoSize = 0;
- srkPub.PCRInfo = 0;
- srkPub.pubKey.keyLength= 0;
- srkPub.encDataSize = 0;
-
- srkText.data = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH);
- srkText.size = BSG_Pack(BSG_TPM_KEY, (BYTE *) &srkPub, srkText.data);
-
- paramText = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH);
-
- paramTextSize = BSG_PackList(paramText, 5,
- BSG_TPM_COMMAND_CODE,&command,
- BSG_TPM_PROTOCOL_ID, &proto_id,
- BSG_TPM_SIZE32_DATA, &encOwnerAuth,
- BSG_TPM_SIZE32_DATA, &encSrkAuth,
- BSG_TPM_KEY, &srkPub);
-
- TPMTRYRETURN( GenerateAuth( paramText, paramTextSize, ownerAuth, auth) );
-
- new_srk = srkText.data;
- TPMTRYRETURN( TCSP_TakeOwnership ( hContext,
- proto_id,
- encOwnerAuth.size,
- encOwnerAuth.data,
- encSrkAuth.size,
- encSrkAuth.data,
- &srkText.size,
- &new_srk,
- auth ) );
-
-
- paramTextSize = BSG_PackList(paramText, 2,
- BSG_TPM_RESULT, &status,
- BSG_TPM_COMMAND_CODE, &command);
- memcpy(paramText + paramTextSize, new_srk, srkText.size);
- paramTextSize += srkText.size;
-
-
- TPMTRYRETURN( VerifyAuth( paramText, paramTextSize,
- ownerAuth, auth,
- hContext) );
-
- goto egress;
-
- abort_egress:
-
- egress:
-
- free(srkText.data);
- free(encSrkAuth.data);
- free(encOwnerAuth.data);
- free(paramText);
-
- TCS_FreeMemory(hContext, new_srk);
-
- return status;
-}
-
-TPM_RESULT VTSP_DisablePubekRead( const TCS_CONTEXT_HANDLE hContext,
- const TPM_AUTHDATA *ownerAuth,
- TCS_AUTH *auth) {
-
- vtpmloginfo(VTPM_LOG_VTSP, "Disabling Pubek Read.\n");
-
- TPM_RESULT status = TPM_SUCCESS;
- TPM_COMMAND_CODE command = TPM_ORD_DisablePubekRead;
-
- BYTE *paramText; // Digest to make Auth.
- UINT32 paramTextSize;
-
- // Generate HMAC
- Crypto_GetRandom(&auth->NonceOdd, sizeof(TPM_NONCE) );
-
- paramText = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH);
-
- paramTextSize = BSG_PackList(paramText, 1,
- BSG_TPM_COMMAND_CODE, &command);
-
- TPMTRYRETURN( GenerateAuth( paramText, paramTextSize,
- ownerAuth, auth) );
-
- // Call TCS
- TPMTRYRETURN( TCSP_DisablePubekRead ( hContext, // in
- auth) );
-
- // Verify Auth
- paramTextSize = BSG_PackList(paramText, 2,
- BSG_TPM_RESULT, &status,
- BSG_TPM_COMMAND_CODE, &command);
-
- TPMTRYRETURN( VerifyAuth( paramText, paramTextSize,
- ownerAuth, auth,
- hContext) );
- goto egress;
-
- abort_egress:
- egress:
- free(paramText);
- return status;
-}
-
-TPM_RESULT VTSP_CreateWrapKey( const TCS_CONTEXT_HANDLE hContext,
- const TPM_KEY_USAGE usage,
- const TPM_AUTHDATA *newKeyAuth,
- const TCS_KEY_HANDLE parentHandle,
- const TPM_AUTHDATA *osapSharedSecret,
- buffer_t *pubKeyBuf,
- TCS_AUTH *auth) {
-
- int i;
- TPM_RESULT status = TPM_SUCCESS;
- TPM_COMMAND_CODE command = TPM_ORD_CreateWrapKey;
-
- vtpmloginfo(VTPM_LOG_VTSP, "Creating new key of type %d.\n", usage);
-
- // vars for Calculate encUsageAuth
- BYTE *paramText;
- UINT32 paramTextSize;
-
- // vars for Calculate encUsageAuth
- BYTE XORbuffer[sizeof(TPM_SECRET) + sizeof(TPM_NONCE)];
- TPM_DIGEST XORKey1;
- UINT32 XORbufferSize;
- TPM_SECRET encUsageAuth, encMigrationAuth;
-
- // vars for Flatten newKey prototype
- BYTE *flatKey = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH);
- UINT32 flatKeySize = TCPA_MAX_BUFFER_LENGTH;
- struct pack_buf_t newKeyText;
-
- // Fill in newKey
- TPM_KEY newKey;
-
- BYTE RSAkeyInfo[12] = { 0x00, 0x00, (RSA_KEY_SIZE >> 8), 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00};
- newKey.algorithmParms.algorithmID = TPM_ALG_RSA;
- newKey.algorithmParms.parms = (BYTE *) &RSAkeyInfo;
- newKey.algorithmParms.parmSize = 12;
-
- switch (usage) {
- case TPM_KEY_SIGNING:
- vtpmloginfo(VTPM_LOG_VTSP, "Creating Signing Key...\n");
- newKey.keyUsage = TPM_KEY_SIGNING;
- newKey.algorithmParms.encScheme = TPM_ES_NONE;
- newKey.algorithmParms.sigScheme = TPM_SS_RSASSAPKCS1v15_SHA1;
- break;
- case TPM_KEY_STORAGE:
- vtpmloginfo(VTPM_LOG_VTSP, "Creating Storage Key...\n");
- newKey.keyUsage = TPM_KEY_STORAGE;
- newKey.algorithmParms.encScheme = TPM_ES_RSAESOAEP_SHA1_MGF1;
- newKey.algorithmParms.sigScheme = TPM_SS_NONE;
- break;
- case TPM_KEY_BIND:
- vtpmloginfo(VTPM_LOG_VTSP, "Creating Binding Key...\n");
- newKey.keyUsage = TPM_KEY_BIND;
- newKey.algorithmParms.encScheme = TPM_ES_RSAESOAEP_SHA1_MGF1;
- newKey.algorithmParms.sigScheme = TPM_SS_NONE;
- break;
- default:
- vtpmloginfo(VTPM_LOG_VTSP, "Cannot create key. Invalid Key Type.\n");
- status = TPM_BAD_PARAMETER;
- goto abort_egress;
- }
-
-
- newKey.ver = TPM_STRUCT_VER_1_1;
-
- newKey.keyFlags = 0;
- newKey.authDataUsage = TPM_AUTH_ALWAYS;
- newKey.pubKey.keyLength= 0;
- newKey.encDataSize = 0;
- newKey.encData = NULL;
-
- // FIXME: Support PCR bindings
- newKey.PCRInfoSize = 0;
- newKey.PCRInfo = NULL;
-
- // Calculate encUsageAuth
- XORbufferSize = BSG_PackList( XORbuffer, 2,
- BSG_TPM_SECRET, osapSharedSecret,
- BSG_TPM_NONCE, &auth->NonceEven);
- Crypto_SHA1Full(XORbuffer, XORbufferSize, (BYTE *) &XORKey1);
-
- // FIXME: No support for migratable keys.
- for (i=0; i < TPM_DIGEST_SIZE; i++)
- ((BYTE *) &encUsageAuth)[i] = ((BYTE *) &XORKey1)[i] ^ ((BYTE *) newKeyAuth)[i];
-
- // Flatten newKey prototype
- flatKeySize = BSG_Pack(BSG_TPM_KEY, (BYTE *) &newKey, flatKey);
- newKeyText.data = flatKey;
- newKeyText.size = flatKeySize;
-
- // GenerateAuth new nonceOdd
- Crypto_GetRandom(&auth->NonceOdd, sizeof(TPM_NONCE) );
-
- // Generate HMAC
- paramText = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH);
-
- paramTextSize = BSG_PackList(paramText, 3,
- BSG_TPM_COMMAND_CODE, &command,
- BSG_TPM_AUTHDATA, &encUsageAuth,
- BSG_TPM_AUTHDATA, &encMigrationAuth);
- memcpy(paramText + paramTextSize, newKeyText.data, newKeyText.size);
- paramTextSize += newKeyText.size;
-
-
- TPMTRYRETURN( GenerateAuth( paramText, paramTextSize,
- osapSharedSecret, auth) );
-
- // Call TCS
- TPMTRYRETURN( TCSP_CreateWrapKey( hContext,
- parentHandle,
- encUsageAuth,
- encMigrationAuth,
- &newKeyText.size,
- &newKeyText.data,
- auth) );
-
- // Verify Auth
- paramTextSize = BSG_PackList(paramText, 2,
- BSG_TPM_RESULT, &status,
- BSG_TPM_COMMAND_CODE, &command);
- memcpy(paramText + paramTextSize, newKeyText.data, newKeyText.size);
- paramTextSize += newKeyText.size;
-
- TPMTRYRETURN( VerifyAuth( paramText, paramTextSize,
- osapSharedSecret, auth, 0) );
-
- // Unpack/return key structure
- TPMTRYRETURN(buffer_init(pubKeyBuf, 0, 0) );
- TPMTRYRETURN(buffer_append_raw(pubKeyBuf, newKeyText.size, newKeyText.data) );
-
- goto egress;
-
- abort_egress:
-
- egress:
-
- free(flatKey);
- free(paramText);
- TCS_FreeMemory(hContext, newKeyText.data);
-
- return status;
-}
-
-TPM_RESULT VTSP_LoadKey(const TCS_CONTEXT_HANDLE hContext,
- const TCS_KEY_HANDLE hUnwrappingKey,
- const buffer_t *rgbWrappedKeyBlob,
- const TPM_AUTHDATA *parentAuth,
- TPM_HANDLE *newKeyHandle,
- TCS_AUTH *auth,
- CRYPTO_INFO *cryptoinfo /*= NULL*/) {
-
-
- vtpmloginfo(VTPM_LOG_VTSP, "Loading Key.\n%s","");
-
- TPM_RESULT status = TPM_SUCCESS;
- TPM_COMMAND_CODE command = TPM_ORD_LoadKey;
-
- BYTE *paramText; // Digest to make Auth.
- UINT32 paramTextSize;
-
- if ((rgbWrappedKeyBlob == NULL) || (parentAuth == NULL) ||
- (newKeyHandle==NULL) || (auth==NULL)) {
- status = TPM_BAD_PARAMETER;
- goto abort_egress;
- }
-
- // Generate Extra TCS Parameters
- TPM_HANDLE phKeyHMAC;
-
- // Generate HMAC
- Crypto_GetRandom(&auth->NonceOdd, sizeof(TPM_NONCE) );
-
- paramText = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH);
-
- paramTextSize = BSG_PackList(paramText, 1,
- BSG_TPM_COMMAND_CODE, &command);
-
- memcpy(paramText + paramTextSize, rgbWrappedKeyBlob->bytes, buffer_len(rgbWrappedKeyBlob));
- paramTextSize += buffer_len(rgbWrappedKeyBlob);
-
- TPMTRYRETURN( GenerateAuth( paramText, paramTextSize,
- parentAuth, auth) );
-
- // Call TCS
- TPMTRYRETURN( TCSP_LoadKeyByBlob( hContext,
- hUnwrappingKey,
- buffer_len(rgbWrappedKeyBlob),
- rgbWrappedKeyBlob->bytes,
- auth,
- newKeyHandle,
- &phKeyHMAC) );
-
- // Verify Auth
- paramTextSize = BSG_PackList(paramText, 3,
- BSG_TPM_RESULT, &status,
- BSG_TPM_COMMAND_CODE, &command,
- BSG_TPM_HANDLE, newKeyHandle);
-
- TPMTRYRETURN( VerifyAuth( paramText, paramTextSize,
- parentAuth, auth,
- hContext) );
-
- // Unpack/return key structure
- if (cryptoinfo != NULL) {
- TPM_KEY newKey;
-
- BSG_Unpack(BSG_TPM_KEY, rgbWrappedKeyBlob->bytes , &newKey);
- TPM_RSA_KEY_PARMS rsaKeyParms;
-
- BSG_Unpack(BSG_TPM_RSA_KEY_PARMS,
- newKey.algorithmParms.parms,
- &rsaKeyParms);
-
- Crypto_RSABuildCryptoInfoPublic(rsaKeyParms.exponentSize,
- rsaKeyParms.exponent,
- newKey.pubKey.keyLength,
- newKey.pubKey.key,
- cryptoinfo);
-
- // Destroy rsaKeyParms
- BSG_Destroy(BSG_TPM_RSA_KEY_PARMS, &rsaKeyParms);
-
- // Set encryption scheme
- cryptoinfo->encScheme = CRYPTO_ES_RSAESOAEP_SHA1_MGF1;
- }
-
- goto egress;
-
- abort_egress:
-
- egress:
-
- free(paramText);
- return status;
-}
-
-TPM_RESULT VTSP_Unbind( const TCS_CONTEXT_HANDLE hContext,
- const TPM_KEY_HANDLE key_handle,
- const buffer_t *bound_data,
- const TPM_AUTHDATA *usage_auth,
- buffer_t *clear_data,
- TCS_AUTH *auth) {
-
- vtpmloginfo(VTPM_LOG_VTSP, "Unbinding %d bytes of data.\n", buffer_len(bound_data));
-
- TPM_RESULT status = TPM_SUCCESS;
- TPM_COMMAND_CODE command = TPM_ORD_UnBind;
-
- BYTE *paramText; // Digest to make Auth.
- UINT32 paramTextSize;
-
- // Generate Extra TCS Parameters
- struct pack_buf_t clear_data32;
- BYTE *clear_data_text;
- UINT32 clear_data_size;
-
- // Generate HMAC
- Crypto_GetRandom(&auth->NonceOdd, sizeof(TPM_NONCE) );
-
- struct pack_buf_t bound_data32 = {bound_data->size, bound_data->bytes};
-
- paramText = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH);
-
- paramTextSize = BSG_PackList(paramText, 2,
- BSG_TPM_COMMAND_CODE, &command,
- BSG_TPM_SIZE32_DATA, &bound_data32);
-
- TPMTRYRETURN( GenerateAuth( paramText, paramTextSize,
- usage_auth, auth) );
-
- // Call TCS
- TPMTRYRETURN( TCSP_UnBind( hContext,
- key_handle,
- buffer_len(bound_data),
- bound_data->bytes,
- auth,
- &clear_data_size,
- &clear_data_text) );
-
-
- // Verify Auth
- clear_data32.size = clear_data_size;
- clear_data32.data = clear_data_text;
- paramTextSize = BSG_PackList(paramText, 3,
- BSG_TPM_RESULT, &status,
- BSG_TPM_COMMAND_CODE, &command,
- BSG_TPM_SIZE32_DATA, &clear_data32);
-
- TPMTRYRETURN( VerifyAuth( paramText, paramTextSize,
- usage_auth, auth,
- hContext) );
-
- // Unpack/return key structure
- TPMTRYRETURN(buffer_init(clear_data, 0, 0));
- TPMTRYRETURN(buffer_append_raw (clear_data, clear_data_size, clear_data_text) );
-
- goto egress;
-
- abort_egress:
-
- egress:
-
- free(paramText);
- TCS_FreeMemory(hContext, clear_data_text);
-
- return status;
-}
-
-TPM_RESULT VTSP_Bind( CRYPTO_INFO *cryptoInfo,
- const buffer_t *inData,
- buffer_t *outData)
-{
- vtpmloginfo(VTPM_LOG_VTSP, "Binding %d bytes of data.\n", buffer_len(inData));
- TPM_BOUND_DATA boundData;
- UINT32 i;
-
- // Fill boundData's accessory information
- boundData.ver = TPM_STRUCT_VER_1_1;
- boundData.payload = TPM_PT_BIND;
- boundData.payloadData = inData->bytes;
-
- // Pack boundData before encryption
- BYTE* flatBoundData = (BYTE *)malloc(sizeof(BYTE) *
- (sizeof(TPM_VERSION) +
- sizeof(TPM_PAYLOAD_TYPE) +
- buffer_len(inData)));
- if (flatBoundData == NULL) {
- return TPM_NOSPACE;
- }
- UINT32 flatBoundDataSize = 0;
- flatBoundDataSize = BSG_PackList( flatBoundData, 2,
- BSG_TPM_VERSION, &boundData.ver,
- BSG_TYPE_BYTE, &boundData.payload);
-
- memcpy(flatBoundData+flatBoundDataSize, inData->bytes, buffer_len(inData));
- flatBoundDataSize += buffer_len(inData);
-
- BYTE out_tmp[RSA_KEY_SIZE/8]; // RSAEnc does not do blocking, So this is what will come out.
- UINT32 out_tmp_size;
-
- // Encrypt flatBoundData
- Crypto_RSAEnc( cryptoInfo,
- flatBoundDataSize,
- flatBoundData,
- &out_tmp_size,
- out_tmp);
-
- if (out_tmp_size > RSA_KEY_SIZE/8) {
- // The result of RSAEnc should be a fixed size based on key size.
- vtpmlogerror(VTPM_LOG_VTSP, "Enc buffer just overflowed.\n");
- }
-
- buffer_init(outData, 0, NULL);
- buffer_append_raw(outData, out_tmp_size, out_tmp);
-
- vtpmloginfo(VTPM_LOG_TXDATA, "Bind Generated[%d] = 0x", out_tmp_size);
- for(i = 0 ; i < out_tmp_size ; i++) {
- vtpmloginfomore(VTPM_LOG_TXDATA, "%2.2x ", out_tmp[i]);
- }
- vtpmloginfomore(VTPM_LOG_TXDATA, "\n");
-
- // Free flatBoundData
- free(flatBoundData);
-
- return TPM_SUCCESS;
-}
-
-// Function Reaches into unsupported TCS command, beware.
-TPM_RESULT VTSP_RawTransmit(const TCS_CONTEXT_HANDLE hContext,
- const buffer_t *inbuf,
- buffer_t *outbuf ) {
-
- vtpmloginfo(VTPM_LOG_VTSP, "Passthrough in use.\n");
- TPM_RESULT status = TPM_SUCCESS;
-
- // Generate Extra TCS Parameters
- BYTE *resultText = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH);
- UINT32 resultTextSize = TCPA_MAX_BUFFER_LENGTH;
-
- // Call TCS
- TPMTRYRETURN( TCSP_RawTransmitData(buffer_len(inbuf), inbuf->bytes,
- &resultTextSize, resultText) );
-
- // Unpack/return key structure
- TPMTRYRETURN(buffer_init (outbuf, resultTextSize, resultText) );
- goto egress;
-
- abort_egress:
-
- egress:
- TCS_FreeMemory(hContext, resultText);
- free(resultText);
- return status;
-}
+// =================================================================== +// +// Copyright (c) 2005, Intel Corp. +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions +// are met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following +// disclaimer in the documentation and/or other materials provided +// with the distribution. +// * Neither the name of Intel Corporation nor the names of its +// contributors may be used to endorse or promote products derived +// from this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +// OF THE POSSIBILITY OF SUCH DAMAGE. +// =================================================================== +// +// vtsp.c +// +// Higher level interface to TCS for use in service. +// +// ================================================================== + +#include <string.h> +#include "tcg.h" +#include "tcs.h" +#include "bsg.h" +#include "log.h" +#include "crypto.h" +#include "vtsp.h" +#include "buffer.h" + +#define RSA_KEY_SIZE 0x0800 + +/*********************************************************************************** + * GenerateAuth: Generate authorization info to be sent back to application + * + * Parameters: outParamDigestText The concatenation of output parameters to be SHA1ed + * outParamDigestTextSize Size of inParamDigestText + * HMACkey Key to be used for HMACing + * For OIAP use key.authUsage or PersistStore.ownerAuth + * For OSAP use shared secret + * pAuth Authorization information from the application + * + * Return: TPM_SUCCESS Authorization data created + * TPM_AUTHFAIL Invalid (NULL) HMACkey presented for OSAP + *************************************************************************************/ +TPM_RESULT GenerateAuth( /*[IN]*/ const BYTE *inParamDigestText, + /*[IN]*/ UINT32 inParamDigestTextSize, + /*[IN]*/ const TPM_SECRET *HMACkey, + /*[IN,OUT]*/ TCS_AUTH *auth) { + + if (inParamDigestText == NULL || auth == NULL) + return (TPM_AUTHFAIL); + else { + + //Generate new OddNonce + Crypto_GetRandom(auth->NonceOdd.nonce, sizeof(TPM_NONCE)); + + // Create SHA1 inParamDigest + TPM_DIGEST inParamDigest; + Crypto_SHA1Full(inParamDigestText, inParamDigestTextSize, (BYTE *) &inParamDigest); + + // Create HMAC text. (Concat inParamsDigest with inAuthSetupParams). + BYTE hmacText[sizeof(TPM_DIGEST) + (2 * sizeof(TPM_NONCE)) + sizeof(BOOL)]; + + BSG_PackList( hmacText, 4, + BSG_TPM_DIGEST, &inParamDigest, + BSG_TPM_NONCE, &(auth->NonceEven), + BSG_TPM_NONCE, &(auth->NonceOdd), + BSG_TYPE_BOOL, &(auth->fContinueAuthSession) ); + + Crypto_HMAC((BYTE *) hmacText, sizeof(hmacText), (BYTE *) HMACkey, sizeof(TPM_DIGEST), (BYTE *) &(auth->HMAC)); + + return(TPM_SUCCESS); + + } +} + +/*********************************************************************************** + * VerifyAuth: Verify the authdata for a command requiring authorization + * + * Parameters: inParamDigestText The concatenation of parameters to be SHA1ed + * inParamDigestTextSize Size of inParamDigestText + * authDataUsage AuthDataUsage for the Entity being used + * Key->authDataUsage or TPM_AUTH_OWNER + * HMACkey Key to be used for HMACing + * For OIAP use key.authUsage or PersistStore.ownerAuth + * For OSAP use NULL (It will be aquired from the Auth Session) + * If unknown (default), assume OIAP + * sessionAuth A TCS_AUTH info for the session + * pAuth Authorization information from the application + * hContext If specified, on failed Auth, VerifyAuth will + * generate a new OIAP session in place of themselves + * destroyed session. + * + * Return: TPM_SUCCESS Authorization Verified + * TPM_AUTHFAIL Authorization Failed + * TPM_FAIL Failure during SHA1 routines + *************************************************************************************/ +TPM_RESULT VerifyAuth( /*[IN]*/ const BYTE *outParamDigestText, + /*[IN]*/ UINT32 outParamDigestTextSize, + /*[IN]*/ const TPM_SECRET *HMACkey, + /*[IN,OUT]*/ TCS_AUTH *auth, + /*[IN]*/ TCS_CONTEXT_HANDLE hContext) { + if (outParamDigestText == NULL || auth == NULL) + return (TPM_AUTHFAIL); + + + // Create SHA1 inParamDigest + TPM_DIGEST outParamDigest; + Crypto_SHA1Full(outParamDigestText, outParamDigestTextSize, (BYTE *) &outParamDigest); + + // Create HMAC text. (Concat inParamsDigest with inAuthSetupParams). + TPM_DIGEST hm; + BYTE hmacText[sizeof(TPM_DIGEST) + (2 * sizeof(TPM_NONCE)) + sizeof(BOOL)]; + + BSG_PackList( hmacText, 4, + BSG_TPM_DIGEST, &outParamDigest, + BSG_TPM_NONCE, &(auth->NonceEven), + BSG_TPM_NONCE, &(auth->NonceOdd), + BSG_TYPE_BOOL, &(auth->fContinueAuthSession) ); + + Crypto_HMAC((BYTE *) hmacText, sizeof(hmacText), + (BYTE *) HMACkey, sizeof(TPM_DIGEST), (BYTE *) &hm); + + // Compare correct HMAC with provided one. + if (memcmp (&hm, &(auth->HMAC), sizeof(TPM_DIGEST)) == 0) // 0 indicates equality + return (TPM_SUCCESS); + else { + VTSP_OIAP( hContext, auth); + return (TPM_AUTHFAIL); + } +} + +TPM_RESULT VTSP_OIAP(const TCS_CONTEXT_HANDLE hContext, + TCS_AUTH *auth) { + + vtpmloginfo(VTPM_LOG_VTSP, "OIAP.\n"); + TPM_RESULT status = TPM_SUCCESS; + TPMTRYRETURN( TCSP_OIAP(hContext, + &auth->AuthHandle, + &auth->NonceEven) ); + goto egress; + + abort_egress: + + egress: + + return status; +} + +TPM_RESULT VTSP_OSAP(const TCS_CONTEXT_HANDLE hContext, + const TPM_ENTITY_TYPE entityType, + const UINT32 entityValue, + const TPM_AUTHDATA *usageAuth, + TPM_SECRET *sharedSecret, + TCS_AUTH *auth) { + + vtpmloginfo(VTPM_LOG_VTSP, "OSAP.\n"); + TPM_RESULT status = TPM_SUCCESS; + TPM_NONCE nonceEvenOSAP, nonceOddOSAP; + + Crypto_GetRandom((BYTE *) &nonceOddOSAP, sizeof(TPM_NONCE) ); + + TPMTRYRETURN( TCSP_OSAP( hContext, + entityType, + entityValue, + nonceOddOSAP, + &auth->AuthHandle, + &auth->NonceEven, + &nonceEvenOSAP) ); + + // Calculating Session Secret + BYTE sharedSecretText[TPM_DIGEST_SIZE * 2]; + + BSG_PackList( sharedSecretText, 2, + BSG_TPM_NONCE, &nonceEvenOSAP, + BSG_TPM_NONCE, &nonceOddOSAP); + + Crypto_HMAC(sharedSecretText, sizeof(sharedSecretText), (BYTE *) usageAuth, TPM_DIGEST_SIZE, (BYTE *) sharedSecret); + + goto egress; + + abort_egress: + + egress: + + return status; +} + + + +TPM_RESULT VTSP_ReadPubek( const TCS_CONTEXT_HANDLE hContext, + CRYPTO_INFO *crypto_info) { + + TPM_RESULT status; + TPM_NONCE antiReplay; + TPM_DIGEST checksum; + BYTE *pubEKtext; + UINT32 pubEKtextsize; + + vtpmloginfo(VTPM_LOG_VTSP, "Reading Public EK.\n"); + + // GenerateAuth new nonceOdd + Crypto_GetRandom(&antiReplay, sizeof(TPM_NONCE) ); + + + TPMTRYRETURN( TCSP_ReadPubek( hContext, + antiReplay, + &pubEKtextsize, + &pubEKtext, + &checksum) ); + + + // Extract the remaining output parameters + TPM_PUBKEY pubEK; + + BSG_Unpack(BSG_TPM_PUBKEY, pubEKtext, (BYTE *) &pubEK); + + // Build CryptoInfo for the bindingKey + TPM_RSA_KEY_PARMS rsaKeyParms; + + BSG_Unpack(BSG_TPM_RSA_KEY_PARMS, + pubEK.algorithmParms.parms, + &rsaKeyParms); + + Crypto_RSABuildCryptoInfoPublic(rsaKeyParms.exponentSize, + rsaKeyParms.exponent, + pubEK.pubKey.keyLength, + pubEK.pubKey.key, + crypto_info); + + // Destroy rsaKeyParms + BSG_Destroy(BSG_TPM_RSA_KEY_PARMS, &rsaKeyParms); + + // Set encryption scheme + crypto_info->encScheme = CRYPTO_ES_RSAESOAEP_SHA1_MGF1; + //crypto_info->encScheme = pubEK.algorithmParms.encScheme; + crypto_info->algorithmID = pubEK.algorithmParms.algorithmID; + + goto egress; + + abort_egress: + + egress: + + return status; +} + +TPM_RESULT VTSP_TakeOwnership( const TCS_CONTEXT_HANDLE hContext, + const TPM_AUTHDATA *ownerAuth, + const TPM_AUTHDATA *srkAuth, + CRYPTO_INFO *ek_cryptoInfo, + TCS_AUTH *auth) { + + vtpmloginfo(VTPM_LOG_VTSP, "Taking Ownership of TPM.\n"); + + TPM_RESULT status = TPM_SUCCESS; + TPM_COMMAND_CODE command = TPM_ORD_TakeOwnership; + TPM_PROTOCOL_ID proto_id = TPM_PID_OWNER; + BYTE *new_srk; + + BYTE *paramText; // Digest to make Auth. + UINT32 paramTextSize; + + // vars for srkpubkey parameter + TPM_KEY srkPub; + TPM_KEY_PARMS srkKeyInfo = {TPM_ALG_RSA, TPM_ES_RSAESOAEP_SHA1_MGF1, TPM_SS_NONE, 12, 0}; + BYTE srkRSAkeyInfo[12] = { 0x00, 0x00, (RSA_KEY_SIZE >> 8), 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00}; + srkKeyInfo.parms = (BYTE *) &srkRSAkeyInfo; + + struct pack_buf_t srkText; + + // GenerateAuth new nonceOdd + Crypto_GetRandom(&auth->NonceOdd, sizeof(TPM_NONCE) ); + + //These values are accurate for an enc(AuthData). + struct pack_buf_t encOwnerAuth, encSrkAuth; + + encOwnerAuth.data = (BYTE *)malloc(sizeof(BYTE) * 256); + encSrkAuth.data = (BYTE *)malloc(sizeof(BYTE) * 256); + + if (encOwnerAuth.data == NULL || encSrkAuth.data == NULL) { + vtpmloginfo(VTPM_LOG_VTSP, "Could not malloc encrypted auths.\n"); + status = TPM_RESOURCES; + goto abort_egress; + } + + Crypto_RSAEnc(ek_cryptoInfo, sizeof(TPM_SECRET), (BYTE *) ownerAuth, &encOwnerAuth.size, encOwnerAuth.data); + Crypto_RSAEnc(ek_cryptoInfo, sizeof(TPM_SECRET), (BYTE *) srkAuth, &encSrkAuth.size, encSrkAuth.data); + + + // Build srk public key struct + srkPub.ver = TPM_STRUCT_VER_1_1; + srkPub.keyUsage = TPM_KEY_STORAGE; + srkPub.keyFlags = 0x00; + srkPub.authDataUsage = TPM_AUTH_ALWAYS; + memcpy(&srkPub.algorithmParms, &srkKeyInfo, sizeof(TPM_KEY_PARMS)); + srkPub.PCRInfoSize = 0; + srkPub.PCRInfo = 0; + srkPub.pubKey.keyLength= 0; + srkPub.encDataSize = 0; + + srkText.data = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH); + srkText.size = BSG_Pack(BSG_TPM_KEY, (BYTE *) &srkPub, srkText.data); + + paramText = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH); + + paramTextSize = BSG_PackList(paramText, 5, + BSG_TPM_COMMAND_CODE,&command, + BSG_TPM_PROTOCOL_ID, &proto_id, + BSG_TPM_SIZE32_DATA, &encOwnerAuth, + BSG_TPM_SIZE32_DATA, &encSrkAuth, + BSG_TPM_KEY, &srkPub); + + TPMTRYRETURN( GenerateAuth( paramText, paramTextSize, ownerAuth, auth) ); + + new_srk = srkText.data; + TPMTRYRETURN( TCSP_TakeOwnership ( hContext, + proto_id, + encOwnerAuth.size, + encOwnerAuth.data, + encSrkAuth.size, + encSrkAuth.data, + &srkText.size, + &new_srk, + auth ) ); + + + paramTextSize = BSG_PackList(paramText, 2, + BSG_TPM_RESULT, &status, + BSG_TPM_COMMAND_CODE, &command); + memcpy(paramText + paramTextSize, new_srk, srkText.size); + paramTextSize += srkText.size; + + + TPMTRYRETURN( VerifyAuth( paramText, paramTextSize, + ownerAuth, auth, + hContext) ); + + goto egress; + + abort_egress: + + egress: + + free(srkText.data); + free(encSrkAuth.data); + free(encOwnerAuth.data); + free(paramText); + + TCS_FreeMemory(hContext, new_srk); + + return status; +} + +TPM_RESULT VTSP_DisablePubekRead( const TCS_CONTEXT_HANDLE hContext, + const TPM_AUTHDATA *ownerAuth, + TCS_AUTH *auth) { + + vtpmloginfo(VTPM_LOG_VTSP, "Disabling Pubek Read.\n"); + + TPM_RESULT status = TPM_SUCCESS; + TPM_COMMAND_CODE command = TPM_ORD_DisablePubekRead; + + BYTE *paramText; // Digest to make Auth. + UINT32 paramTextSize; + + // Generate HMAC + Crypto_GetRandom(&auth->NonceOdd, sizeof(TPM_NONCE) ); + + paramText = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH); + + paramTextSize = BSG_PackList(paramText, 1, + BSG_TPM_COMMAND_CODE, &command); + + TPMTRYRETURN( GenerateAuth( paramText, paramTextSize, + ownerAuth, auth) ); + + // Call TCS + TPMTRYRETURN( TCSP_DisablePubekRead ( hContext, // in + auth) ); + + // Verify Auth + paramTextSize = BSG_PackList(paramText, 2, + BSG_TPM_RESULT, &status, + BSG_TPM_COMMAND_CODE, &command); + + TPMTRYRETURN( VerifyAuth( paramText, paramTextSize, + ownerAuth, auth, + hContext) ); + goto egress; + + abort_egress: + egress: + free(paramText); + return status; +} + +TPM_RESULT VTSP_CreateWrapKey( const TCS_CONTEXT_HANDLE hContext, + const TPM_KEY_USAGE usage, + const TPM_AUTHDATA *newKeyAuth, + const TCS_KEY_HANDLE parentHandle, + const TPM_AUTHDATA *osapSharedSecret, + buffer_t *pubKeyBuf, + TCS_AUTH *auth) { + + int i; + TPM_RESULT status = TPM_SUCCESS; + TPM_COMMAND_CODE command = TPM_ORD_CreateWrapKey; + + vtpmloginfo(VTPM_LOG_VTSP, "Creating new key of type %d.\n", usage); + + // vars for Calculate encUsageAuth + BYTE *paramText; + UINT32 paramTextSize; + + // vars for Calculate encUsageAuth + BYTE XORbuffer[sizeof(TPM_SECRET) + sizeof(TPM_NONCE)]; + TPM_DIGEST XORKey1; + UINT32 XORbufferSize; + TPM_SECRET encUsageAuth, encMigrationAuth; + + // vars for Flatten newKey prototype + BYTE *flatKey = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH); + UINT32 flatKeySize = TCPA_MAX_BUFFER_LENGTH; + struct pack_buf_t newKeyText; + + // Fill in newKey + TPM_KEY newKey; + + BYTE RSAkeyInfo[12] = { 0x00, 0x00, (RSA_KEY_SIZE >> 8), 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00}; + newKey.algorithmParms.algorithmID = TPM_ALG_RSA; + newKey.algorithmParms.parms = (BYTE *) &RSAkeyInfo; + newKey.algorithmParms.parmSize = 12; + + switch (usage) { + case TPM_KEY_SIGNING: + vtpmloginfo(VTPM_LOG_VTSP, "Creating Signing Key...\n"); + newKey.keyUsage = TPM_KEY_SIGNING; + newKey.algorithmParms.encScheme = TPM_ES_NONE; + newKey.algorithmParms.sigScheme = TPM_SS_RSASSAPKCS1v15_SHA1; + break; + case TPM_KEY_STORAGE: + vtpmloginfo(VTPM_LOG_VTSP, "Creating Storage Key...\n"); + newKey.keyUsage = TPM_KEY_STORAGE; + newKey.algorithmParms.encScheme = TPM_ES_RSAESOAEP_SHA1_MGF1; + newKey.algorithmParms.sigScheme = TPM_SS_NONE; + break; + case TPM_KEY_BIND: + vtpmloginfo(VTPM_LOG_VTSP, "Creating Binding Key...\n"); + newKey.keyUsage = TPM_KEY_BIND; + newKey.algorithmParms.encScheme = TPM_ES_RSAESOAEP_SHA1_MGF1; + newKey.algorithmParms.sigScheme = TPM_SS_NONE; + break; + default: + vtpmloginfo(VTPM_LOG_VTSP, "Cannot create key. Invalid Key Type.\n"); + status = TPM_BAD_PARAMETER; + goto abort_egress; + } + + + newKey.ver = TPM_STRUCT_VER_1_1; + + newKey.keyFlags = 0; + newKey.authDataUsage = TPM_AUTH_ALWAYS; + newKey.pubKey.keyLength= 0; + newKey.encDataSize = 0; + newKey.encData = NULL; + + // FIXME: Support PCR bindings + newKey.PCRInfoSize = 0; + newKey.PCRInfo = NULL; + + // Calculate encUsageAuth + XORbufferSize = BSG_PackList( XORbuffer, 2, + BSG_TPM_SECRET, osapSharedSecret, + BSG_TPM_NONCE, &auth->NonceEven); + Crypto_SHA1Full(XORbuffer, XORbufferSize, (BYTE *) &XORKey1); + + // FIXME: No support for migratable keys. + for (i=0; i < TPM_DIGEST_SIZE; i++) + ((BYTE *) &encUsageAuth)[i] = ((BYTE *) &XORKey1)[i] ^ ((BYTE *) newKeyAuth)[i]; + + // Flatten newKey prototype + flatKeySize = BSG_Pack(BSG_TPM_KEY, (BYTE *) &newKey, flatKey); + newKeyText.data = flatKey; + newKeyText.size = flatKeySize; + + // GenerateAuth new nonceOdd + Crypto_GetRandom(&auth->NonceOdd, sizeof(TPM_NONCE) ); + + // Generate HMAC + paramText = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH); + + paramTextSize = BSG_PackList(paramText, 3, + BSG_TPM_COMMAND_CODE, &command, + BSG_TPM_AUTHDATA, &encUsageAuth, + BSG_TPM_AUTHDATA, &encMigrationAuth); + memcpy(paramText + paramTextSize, newKeyText.data, newKeyText.size); + paramTextSize += newKeyText.size; + + + TPMTRYRETURN( GenerateAuth( paramText, paramTextSize, + osapSharedSecret, auth) ); + + // Call TCS + TPMTRYRETURN( TCSP_CreateWrapKey( hContext, + parentHandle, + encUsageAuth, + encMigrationAuth, + &newKeyText.size, + &newKeyText.data, + auth) ); + + // Verify Auth + paramTextSize = BSG_PackList(paramText, 2, + BSG_TPM_RESULT, &status, + BSG_TPM_COMMAND_CODE, &command); + memcpy(paramText + paramTextSize, newKeyText.data, newKeyText.size); + paramTextSize += newKeyText.size; + + TPMTRYRETURN( VerifyAuth( paramText, paramTextSize, + osapSharedSecret, auth, 0) ); + + // Unpack/return key structure + TPMTRYRETURN(buffer_init(pubKeyBuf, 0, 0) ); + TPMTRYRETURN(buffer_append_raw(pubKeyBuf, newKeyText.size, newKeyText.data) ); + + goto egress; + + abort_egress: + + egress: + + free(flatKey); + free(paramText); + TCS_FreeMemory(hContext, newKeyText.data); + + return status; +} + +TPM_RESULT VTSP_LoadKey(const TCS_CONTEXT_HANDLE hContext, + const TCS_KEY_HANDLE hUnwrappingKey, + const buffer_t *rgbWrappedKeyBlob, + const TPM_AUTHDATA *parentAuth, + TPM_HANDLE *newKeyHandle, + TCS_AUTH *auth, + CRYPTO_INFO *cryptoinfo /*= NULL*/) { + + + vtpmloginfo(VTPM_LOG_VTSP, "Loading Key.\n%s",""); + + TPM_RESULT status = TPM_SUCCESS; + TPM_COMMAND_CODE command = TPM_ORD_LoadKey; + + BYTE *paramText; // Digest to make Auth. + UINT32 paramTextSize; + + if ((rgbWrappedKeyBlob == NULL) || (parentAuth == NULL) || + (newKeyHandle==NULL) || (auth==NULL)) { + status = TPM_BAD_PARAMETER; + goto abort_egress; + } + + // Generate Extra TCS Parameters + TPM_HANDLE phKeyHMAC; + + // Generate HMAC + Crypto_GetRandom(&auth->NonceOdd, sizeof(TPM_NONCE) ); + + paramText = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH); + + paramTextSize = BSG_PackList(paramText, 1, + BSG_TPM_COMMAND_CODE, &command); + + memcpy(paramText + paramTextSize, rgbWrappedKeyBlob->bytes, buffer_len(rgbWrappedKeyBlob)); + paramTextSize += buffer_len(rgbWrappedKeyBlob); + + TPMTRYRETURN( GenerateAuth( paramText, paramTextSize, + parentAuth, auth) ); + + // Call TCS + TPMTRYRETURN( TCSP_LoadKeyByBlob( hContext, + hUnwrappingKey, + buffer_len(rgbWrappedKeyBlob), + rgbWrappedKeyBlob->bytes, + auth, + newKeyHandle, + &phKeyHMAC) ); + + // Verify Auth + paramTextSize = BSG_PackList(paramText, 3, + BSG_TPM_RESULT, &status, + BSG_TPM_COMMAND_CODE, &command, + BSG_TPM_HANDLE, newKeyHandle); + + TPMTRYRETURN( VerifyAuth( paramText, paramTextSize, + parentAuth, auth, + hContext) ); + + // Unpack/return key structure + if (cryptoinfo != NULL) { + TPM_KEY newKey; + + BSG_Unpack(BSG_TPM_KEY, rgbWrappedKeyBlob->bytes , &newKey); + TPM_RSA_KEY_PARMS rsaKeyParms; + + BSG_Unpack(BSG_TPM_RSA_KEY_PARMS, + newKey.algorithmParms.parms, + &rsaKeyParms); + + Crypto_RSABuildCryptoInfoPublic(rsaKeyParms.exponentSize, + rsaKeyParms.exponent, + newKey.pubKey.keyLength, + newKey.pubKey.key, + cryptoinfo); + + // Destroy rsaKeyParms + BSG_Destroy(BSG_TPM_RSA_KEY_PARMS, &rsaKeyParms); + + // Set encryption scheme + cryptoinfo->encScheme = CRYPTO_ES_RSAESOAEP_SHA1_MGF1; + } + + goto egress; + + abort_egress: + + egress: + + free(paramText); + return status; +} + +TPM_RESULT VTSP_Unbind( const TCS_CONTEXT_HANDLE hContext, + const TPM_KEY_HANDLE key_handle, + const buffer_t *bound_data, + const TPM_AUTHDATA *usage_auth, + buffer_t *clear_data, + TCS_AUTH *auth) { + + vtpmloginfo(VTPM_LOG_VTSP, "Unbinding %d bytes of data.\n", buffer_len(bound_data)); + + TPM_RESULT status = TPM_SUCCESS; + TPM_COMMAND_CODE command = TPM_ORD_UnBind; + + BYTE *paramText; // Digest to make Auth. + UINT32 paramTextSize; + + // Generate Extra TCS Parameters + struct pack_buf_t clear_data32; + BYTE *clear_data_text; + UINT32 clear_data_size; + + // Generate HMAC + Crypto_GetRandom(&auth->NonceOdd, sizeof(TPM_NONCE) ); + + struct pack_buf_t bound_data32 = {bound_data->size, bound_data->bytes}; + + paramText = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH); + + paramTextSize = BSG_PackList(paramText, 2, + BSG_TPM_COMMAND_CODE, &command, + BSG_TPM_SIZE32_DATA, &bound_data32); + + TPMTRYRETURN( GenerateAuth( paramText, paramTextSize, + usage_auth, auth) ); + + // Call TCS + TPMTRYRETURN( TCSP_UnBind( hContext, + key_handle, + buffer_len(bound_data), + bound_data->bytes, + auth, + &clear_data_size, + &clear_data_text) ); + + + // Verify Auth + clear_data32.size = clear_data_size; + clear_data32.data = clear_data_text; + paramTextSize = BSG_PackList(paramText, 3, + BSG_TPM_RESULT, &status, + BSG_TPM_COMMAND_CODE, &command, + BSG_TPM_SIZE32_DATA, &clear_data32); + + TPMTRYRETURN( VerifyAuth( paramText, paramTextSize, + usage_auth, auth, + hContext) ); + + // Unpack/return key structure + TPMTRYRETURN(buffer_init(clear_data, 0, 0)); + TPMTRYRETURN(buffer_append_raw (clear_data, clear_data_size, clear_data_text) ); + + goto egress; + + abort_egress: + + egress: + + free(paramText); + TCS_FreeMemory(hContext, clear_data_text); + + return status; +} + +TPM_RESULT VTSP_Bind( CRYPTO_INFO *cryptoInfo, + const buffer_t *inData, + buffer_t *outData) +{ + vtpmloginfo(VTPM_LOG_VTSP, "Binding %d bytes of data.\n", buffer_len(inData)); + TPM_BOUND_DATA boundData; + UINT32 i; + + // Fill boundData's accessory information + boundData.ver = TPM_STRUCT_VER_1_1; + boundData.payload = TPM_PT_BIND; + boundData.payloadData = inData->bytes; + + // Pack boundData before encryption + BYTE* flatBoundData = (BYTE *)malloc(sizeof(BYTE) * + (sizeof(TPM_VERSION) + + sizeof(TPM_PAYLOAD_TYPE) + + buffer_len(inData))); + if (flatBoundData == NULL) { + return TPM_NOSPACE; + } + UINT32 flatBoundDataSize = 0; + flatBoundDataSize = BSG_PackList( flatBoundData, 2, + BSG_TPM_VERSION, &boundData.ver, + BSG_TYPE_BYTE, &boundData.payload); + + memcpy(flatBoundData+flatBoundDataSize, inData->bytes, buffer_len(inData)); + flatBoundDataSize += buffer_len(inData); + + BYTE out_tmp[RSA_KEY_SIZE/8]; // RSAEnc does not do blocking, So this is what will come out. + UINT32 out_tmp_size; + + // Encrypt flatBoundData + Crypto_RSAEnc( cryptoInfo, + flatBoundDataSize, + flatBoundData, + &out_tmp_size, + out_tmp); + + if (out_tmp_size > RSA_KEY_SIZE/8) { + // The result of RSAEnc should be a fixed size based on key size. + vtpmlogerror(VTPM_LOG_VTSP, "Enc buffer just overflowed.\n"); + } + + buffer_init(outData, 0, NULL); + buffer_append_raw(outData, out_tmp_size, out_tmp); + + vtpmloginfo(VTPM_LOG_TXDATA, "Bind Generated[%d] = 0x", out_tmp_size); + for(i = 0 ; i < out_tmp_size ; i++) { + vtpmloginfomore(VTPM_LOG_TXDATA, "%2.2x ", out_tmp[i]); + } + vtpmloginfomore(VTPM_LOG_TXDATA, "\n"); + + // Free flatBoundData + free(flatBoundData); + + return TPM_SUCCESS; +} + +// Function Reaches into unsupported TCS command, beware. +TPM_RESULT VTSP_RawTransmit(const TCS_CONTEXT_HANDLE hContext, + const buffer_t *inbuf, + buffer_t *outbuf ) { + + vtpmloginfo(VTPM_LOG_VTSP, "Passthrough in use.\n"); + TPM_RESULT status = TPM_SUCCESS; + + // Generate Extra TCS Parameters + BYTE *resultText = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH); + UINT32 resultTextSize = TCPA_MAX_BUFFER_LENGTH; + + // Call TCS + TPMTRYRETURN( TCSP_RawTransmitData(buffer_len(inbuf), inbuf->bytes, + &resultTextSize, resultText) ); + + // Unpack/return key structure + TPMTRYRETURN(buffer_init (outbuf, resultTextSize, resultText) ); + goto egress; + + abort_egress: + + egress: + TCS_FreeMemory(hContext, resultText); + free(resultText); + return status; +} diff --git a/tools/vtpm_manager/manager/vtsp.h b/tools/vtpm_manager/manager/vtsp.h index 95b5f82c60..ddae64e483 100644 --- a/tools/vtpm_manager/manager/vtsp.h +++ b/tools/vtpm_manager/manager/vtsp.h @@ -1,102 +1,102 @@ -// ===================================================================
-//
-// Copyright (c) 2005, Intel Corp.
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions
-// are met:
-//
-// * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-// * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following
-// disclaimer in the documentation and/or other materials provided
-// with the distribution.
-// * Neither the name of Intel Corporation nor the names of its
-// contributors may be used to endorse or promote products derived
-// from this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-// OF THE POSSIBILITY OF SUCH DAMAGE.
-// ===================================================================
-//
-// vtsp.h
-//
-// Higher level interface to TCS.
-//
-// ==================================================================
-
-#ifndef __VTSP_H__
-#define __VTSP_H__
-
-#include "tcg.h"
-#include "tcs.h"
-
-#define KEY_BUFFER_SIZE 2048
-
-TPM_RESULT VTSP_RawTransmit(const TCS_CONTEXT_HANDLE hContext,
- const buffer_t *inbuf,
- buffer_t *outbuf );
-
-TPM_RESULT VTSP_OIAP( const TCS_CONTEXT_HANDLE hContext,
- TCS_AUTH *auth);
-
-TPM_RESULT VTSP_OSAP( const TCS_CONTEXT_HANDLE hContext,
- const TPM_ENTITY_TYPE entityType,
- const UINT32 entityValue,
- const TPM_AUTHDATA *usageAuth,
- TPM_SECRET *sharedsecret,
- TCS_AUTH *auth);
-
-TPM_RESULT VTSP_ReadPubek( const TCS_CONTEXT_HANDLE hContext,
- CRYPTO_INFO *cypto_info);
-
-TPM_RESULT VTSP_TakeOwnership( const TCS_CONTEXT_HANDLE hContext,
- const TPM_AUTHDATA *ownerAuth,
- const TPM_AUTHDATA *srkAuth,
- CRYPTO_INFO *ek_cryptoInfo,
- TCS_AUTH *auth);
-
-TPM_RESULT VTSP_DisablePubekRead( const TCS_CONTEXT_HANDLE hContext,
- const TPM_AUTHDATA *ownerAuth,
- TCS_AUTH *auth);
-
-TPM_RESULT VTSP_CreateWrapKey( const TCS_CONTEXT_HANDLE hContext,
- const TPM_KEY_USAGE usage,
- const TPM_AUTHDATA *newKeyAuth,
- const TCS_KEY_HANDLE parentHandle,
- const TPM_AUTHDATA *osapSharedSecret,
- buffer_t *pubKeyBuf,
- TCS_AUTH *auth);
-
-TPM_RESULT VTSP_LoadKey(const TCS_CONTEXT_HANDLE hContext,
- const TCS_KEY_HANDLE hUnwrappingKey,
- const buffer_t *rgbWrappedKeyBlob,
- const TPM_AUTHDATA *parentAuth,
- TPM_HANDLE *newKeyHandle,
- TCS_AUTH *pAuth,
- CRYPTO_INFO *cryptoinfo);
-
-TPM_RESULT VTSP_Unbind( const TCS_CONTEXT_HANDLE hContext,
- const TPM_KEY_HANDLE key_handle,
- const buffer_t *bound_data,
- const TPM_AUTHDATA *usage_auth,
- buffer_t *clear_data,
- TCS_AUTH *auth);
-
-TPM_RESULT VTSP_Bind( CRYPTO_INFO *cryptoInfo,
- const buffer_t *inData,
- buffer_t *outData);
-
-#endif //_VTSP_H_
+// =================================================================== +// +// Copyright (c) 2005, Intel Corp. +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions +// are met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following +// disclaimer in the documentation and/or other materials provided +// with the distribution. +// * Neither the name of Intel Corporation nor the names of its +// contributors may be used to endorse or promote products derived +// from this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +// OF THE POSSIBILITY OF SUCH DAMAGE. +// =================================================================== +// +// vtsp.h +// +// Higher level interface to TCS. +// +// ================================================================== + +#ifndef __VTSP_H__ +#define __VTSP_H__ + +#include "tcg.h" +#include "tcs.h" + +#define KEY_BUFFER_SIZE 2048 + +TPM_RESULT VTSP_RawTransmit(const TCS_CONTEXT_HANDLE hContext, + const buffer_t *inbuf, + buffer_t *outbuf ); + +TPM_RESULT VTSP_OIAP( const TCS_CONTEXT_HANDLE hContext, + TCS_AUTH *auth); + +TPM_RESULT VTSP_OSAP( const TCS_CONTEXT_HANDLE hContext, + const TPM_ENTITY_TYPE entityType, + const UINT32 entityValue, + const TPM_AUTHDATA *usageAuth, + TPM_SECRET *sharedsecret, + TCS_AUTH *auth); + +TPM_RESULT VTSP_ReadPubek( const TCS_CONTEXT_HANDLE hContext, + CRYPTO_INFO *cypto_info); + +TPM_RESULT VTSP_TakeOwnership( const TCS_CONTEXT_HANDLE hContext, + const TPM_AUTHDATA *ownerAuth, + const TPM_AUTHDATA *srkAuth, + CRYPTO_INFO *ek_cryptoInfo, + TCS_AUTH *auth); + +TPM_RESULT VTSP_DisablePubekRead( const TCS_CONTEXT_HANDLE hContext, + const TPM_AUTHDATA *ownerAuth, + TCS_AUTH *auth); + +TPM_RESULT VTSP_CreateWrapKey( const TCS_CONTEXT_HANDLE hContext, + const TPM_KEY_USAGE usage, + const TPM_AUTHDATA *newKeyAuth, + const TCS_KEY_HANDLE parentHandle, + const TPM_AUTHDATA *osapSharedSecret, + buffer_t *pubKeyBuf, + TCS_AUTH *auth); + +TPM_RESULT VTSP_LoadKey(const TCS_CONTEXT_HANDLE hContext, + const TCS_KEY_HANDLE hUnwrappingKey, + const buffer_t *rgbWrappedKeyBlob, + const TPM_AUTHDATA *parentAuth, + TPM_HANDLE *newKeyHandle, + TCS_AUTH *pAuth, + CRYPTO_INFO *cryptoinfo); + +TPM_RESULT VTSP_Unbind( const TCS_CONTEXT_HANDLE hContext, + const TPM_KEY_HANDLE key_handle, + const buffer_t *bound_data, + const TPM_AUTHDATA *usage_auth, + buffer_t *clear_data, + TCS_AUTH *auth); + +TPM_RESULT VTSP_Bind( CRYPTO_INFO *cryptoInfo, + const buffer_t *inData, + buffer_t *outData); + +#endif //_VTSP_H_ diff --git a/tools/vtpm_manager/util/Makefile b/tools/vtpm_manager/util/Makefile index ea2e1988f7..8e59d0d8d3 100644 --- a/tools/vtpm_manager/util/Makefile +++ b/tools/vtpm_manager/util/Makefile @@ -1,19 +1,19 @@ -XEN_ROOT = ../../..
-include $(XEN_ROOT)/tools/vtpm_manager/Rules.mk
-
-BIN = libTCGUtils.a
-
-all: build
-
-build: $(BIN)
-
-install: build
-
-clean:
- rm -f *.a *.so *.o *.rpm $(DEP_FILES)
-
-mrproper: clean
- rm -f *~
-
-$(BIN): $(OBJS)
- $(AR) rcs $(BIN) $(OBJS)
+XEN_ROOT = ../../.. +include $(XEN_ROOT)/tools/vtpm_manager/Rules.mk + +BIN = libTCGUtils.a + +all: build + +build: $(BIN) + +install: build + +clean: + rm -f *.a *.so *.o *.rpm $(DEP_FILES) + +mrproper: clean + rm -f *~ + +$(BIN): $(OBJS) + $(AR) rcs $(BIN) $(OBJS) diff --git a/tools/vtpm_manager/util/depend b/tools/vtpm_manager/util/depend deleted file mode 100644 index c244e9b14b..0000000000 --- a/tools/vtpm_manager/util/depend +++ /dev/null @@ -1,7 +0,0 @@ -hashtable.o: hashtable.c hashtable.h hashtable_private.h -hashtable_itr.o: hashtable_itr.c hashtable.h hashtable_private.h \ - hashtable_itr.h -bsg.o: bsg.c tcg.h ../crypto/crypto.h ../crypto/sym_crypto.h buffer.h \ - bsg.h log.h -log.o: log.c buffer.h tcg.h -buffer.o: buffer.c tcg.h bsg.h buffer.h |