diff options
101 files changed, 2 insertions, 17106 deletions
diff --git a/tools/Makefile b/tools/Makefile index d8c8cc0786..2ca43b9cda 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -18,8 +18,6 @@ SUBDIRS-$(CONFIG_XCUTILS) += xcutils SUBDIRS-$(CONFIG_X86) += firmware SUBDIRS-y += console SUBDIRS-y += xenmon -SUBDIRS-$(VTPM_TOOLS) += vtpm_manager -SUBDIRS-$(VTPM_TOOLS) += vtpm SUBDIRS-y += xenstat SUBDIRS-$(CONFIG_Linux) += $(SUBDIRS-libaio) SUBDIRS-$(CONFIG_Linux) += memshr diff --git a/tools/blktap2/drivers/hashtable.c b/tools/blktap2/drivers/hashtable.c index 631306b3e4..90a6b85ad6 100644 --- a/tools/blktap2/drivers/hashtable.c +++ b/tools/blktap2/drivers/hashtable.c @@ -3,7 +3,6 @@ /* * There are duplicates of this code in: * - tools/xenstore/hashtable.c - * - tools/vtpm_manager/util/hashtable.c */ #include "hashtable.h" diff --git a/tools/blktap2/drivers/hashtable.h b/tools/blktap2/drivers/hashtable.h index 89aa3dcf3b..56ca0535b7 100644 --- a/tools/blktap2/drivers/hashtable.h +++ b/tools/blktap2/drivers/hashtable.h @@ -3,7 +3,6 @@ /* * There are duplicates of this code in: * - tools/xenstore/hashtable.h - * - tools/vtpm_manager/util/hashtable.h */ #ifndef __HASHTABLE_CWC22_H__ diff --git a/tools/blktap2/drivers/hashtable_itr.c b/tools/blktap2/drivers/hashtable_itr.c index 402e06b45d..731917ccf1 100644 --- a/tools/blktap2/drivers/hashtable_itr.c +++ b/tools/blktap2/drivers/hashtable_itr.c @@ -1,10 +1,5 @@ /* Copyright (C) 2002, 2004 Christopher Clark <firstname.lastname@cl.cam.ac.uk> */ -/* - * There are duplicates of this code in: - * - tools/vtpm_manager/util/hashtable_itr.c - */ - #include "hashtable.h" #include "hashtable_private.h" #include "hashtable_itr.h" diff --git a/tools/blktap2/drivers/hashtable_itr.h b/tools/blktap2/drivers/hashtable_itr.h index 3d806384d3..81da83855d 100644 --- a/tools/blktap2/drivers/hashtable_itr.h +++ b/tools/blktap2/drivers/hashtable_itr.h @@ -1,10 +1,5 @@ /* Copyright (C) 2002, 2004 Christopher Clark <firstname.lastname@cl.cam.ac.uk> */ -/* - * There are duplicates of this code in: - * - tools/vtpm_manager/util/hashtable_itr.h - */ - #ifndef __HASHTABLE_ITR_CWC22__ #define __HASHTABLE_ITR_CWC22__ #include "hashtable.h" diff --git a/tools/blktap2/drivers/hashtable_private.h b/tools/blktap2/drivers/hashtable_private.h index 5a13a65c00..954ecc3921 100644 --- a/tools/blktap2/drivers/hashtable_private.h +++ b/tools/blktap2/drivers/hashtable_private.h @@ -3,7 +3,6 @@ /* * There are duplicates of this code in: * - tools/xenstore/hashtable_private.h - * - tools/vtpm_manager/util/hashtable_private.h */ #ifndef __HASHTABLE_PRIVATE_CWC22_H__ diff --git a/tools/configure.ac b/tools/configure.ac index e708f015de..586313ddba 100644 --- a/tools/configure.ac +++ b/tools/configure.ac @@ -40,7 +40,6 @@ m4_include([m4/fetcher.m4]) # Enable/disable options AX_ARG_DEFAULT_DISABLE([githttp], [Download GIT repositories via HTTP]) AX_ARG_DEFAULT_ENABLE([monitors], [Disable xenstat and xentop monitoring tools]) -AX_ARG_DEFAULT_DISABLE([vtpm], [Enable Virtual Trusted Platform Module]) AX_ARG_DEFAULT_DISABLE([xenapi], [Enable Xen API Bindings]) AX_ARG_DEFAULT_ENABLE([ocamltools], [Disable Ocaml tools]) AX_ARG_DEFAULT_DISABLE([miniterm], [Enable miniterm]) diff --git a/tools/examples/README b/tools/examples/README index 5b0314efde..2225d5c3e8 100644 --- a/tools/examples/README +++ b/tools/examples/README @@ -25,13 +25,7 @@ vif-bridge - virtual network start/stop script in bridged mode vif-common.sh - sourced by vif-bridge vif-nat - xen virtual network start/stop script in NAT mode vif-route - xen virtual network start/stop script in routed mode -vtpm - called by xen-backend.agent to bind/unbind vTPM devices -vtpm-common.sh - common code for vTPM handling -vtpm-delete - remove an entry from the vTPM table given the - domain's name -vtpm-hotplug-common.sh - sourced by vtpm -vtpm-migration.sh - sourced by external-device-migrate -xen-backend.agent - calls block, vif-*, vtpm scripts to add, remove, hotplug +xen-backend.agent - calls block, vif-* scripts to add, remove, hotplug devices xen-backend.rules - hotplug script rules xend-config.sxp - default xend configuration file diff --git a/tools/examples/xmexample.pv-grub b/tools/examples/xmexample.pv-grub index 85f847c6e9..e04e6c1ea4 100644 --- a/tools/examples/xmexample.pv-grub +++ b/tools/examples/xmexample.pv-grub @@ -105,20 +105,6 @@ disk = [ 'phy:hda1,hda1,w' ] # configured in xend-config.sxp. #---------------------------------------------------------------------------- -# Define to which TPM instance the user domain should communicate. -# The vtpm entry is of the form 'instance=INSTANCE,backend=DOM' -# where INSTANCE indicates the instance number of the TPM the VM -# should be talking to and DOM provides the domain where the backend -# is located. -# Note that no two virtual machines should try to connect to the same -# TPM instance. The handling of all TPM instances does require -# some management effort in so far that VM configration files (and thus -# a VM) should be associated with a TPM instance throughout the lifetime -# of the VM / VM configuration file. The instance number must be -# greater or equal to 1. -#vtpm = [ 'instance=1,backend=0' ] - -#---------------------------------------------------------------------------- # Configure the behaviour when a domain exits. There are three 'reasons' # for a domain to stop: poweroff, reboot, and crash. For each of these you # may specify: diff --git a/tools/examples/xmexample1 b/tools/examples/xmexample1 index 330aaf0999..c95120014c 100644 --- a/tools/examples/xmexample1 +++ b/tools/examples/xmexample1 @@ -101,20 +101,6 @@ disk = [ 'phy:hda1,hda1,w' ] # configured in xend-config.sxp. #---------------------------------------------------------------------------- -# Define to which TPM instance the user domain should communicate. -# The vtpm entry is of the form 'instance=INSTANCE,backend=DOM' -# where INSTANCE indicates the instance number of the TPM the VM -# should be talking to and DOM provides the domain where the backend -# is located. -# Note that no two virtual machines should try to connect to the same -# TPM instance. The handling of all TPM instances does require -# some management effort in so far that VM configration files (and thus -# a VM) should be associated with a TPM instance throughout the lifetime -# of the VM / VM configuration file. The instance number must be -# greater or equal to 1. -#vtpm = [ 'instance=1,backend=0' ] - -#---------------------------------------------------------------------------- # Set the kernel command line for the new domain. # You only need to define the IP parameters and hostname if the domain's # IP config doesn't, e.g. in ifcfg-eth0 or via DHCP. diff --git a/tools/examples/xmexample2 b/tools/examples/xmexample2 index 4e5eb3dffb..8c5137ed85 100644 --- a/tools/examples/xmexample2 +++ b/tools/examples/xmexample2 @@ -137,20 +137,6 @@ disk = [ 'phy:sda%d,sda1,w' % (7+vmid), # configured in xend-config.sxp. #---------------------------------------------------------------------------- -# Define to which TPM instance the user domain should communicate. -# The vtpm entry is of the form 'instance=INSTANCE,backend=DOM' -# where INSTANCE indicates the instance number of the TPM the VM -# should be talking to and DOM provides the domain where the backend -# is located. -# Note that no two virtual machines should try to connect to the same -# TPM instance. The handling of all TPM instances does require -# some management effort in so far that VM configration files (and thus -# a VM) should be associated with a TPM instance throughout the lifetime -# of the VM / VM configuration file. The instance number must be -# greater or equal to 1. -#vtpm = ['instance=%d,backend=0' % (vmid) ] - -#---------------------------------------------------------------------------- # Set the kernel command line for the new domain. # You only need to define the IP parameters and hostname if the domain's # IP config doesn't, e.g. in ifcfg-eth0 or via DHCP. diff --git a/tools/examples/xmexample3 b/tools/examples/xmexample3 index dc22ce1db3..ae799f9088 100644 --- a/tools/examples/xmexample3 +++ b/tools/examples/xmexample3 @@ -122,20 +122,6 @@ disk = [ 'phy:hda%d,hda1,w' % (vmid)] # configured in xend-config.sxp. #---------------------------------------------------------------------------- -# Define to which TPM instance the user domain should communicate. -# The vtpm entry is of the form 'instance=INSTANCE,backend=DOM' -# where INSTANCE indicates the instance number of the TPM the VM -# should be talking to and DOM provides the domain where the backend -# is located. -# Note that no two virtual machines should try to connect to the same -# TPM instance. The handling of all TPM instances does require -# some management effort in so far that VM configration files (and thus -# a VM) should be associated with a TPM instance throughout the lifetime -# of the VM / VM configuration file. The instance number must be -# greater or equal to 1. -#vtpm = ['instance=%d,backend=0' % (vmid) ] - -#---------------------------------------------------------------------------- # Set the kernel command line for the new domain. # You only need to define the IP parameters and hostname if the domain's # IP config doesn't, e.g. in ifcfg-eth0 or via DHCP. diff --git a/tools/hotplug/Linux/Makefile b/tools/hotplug/Linux/Makefile index 016679081c..06055590f9 100644 --- a/tools/hotplug/Linux/Makefile +++ b/tools/hotplug/Linux/Makefile @@ -18,14 +18,12 @@ XEN_SCRIPTS += vif-setup XEN_SCRIPTS += block XEN_SCRIPTS += block-enbd block-nbd XEN_SCRIPTS += blktap -XEN_SCRIPTS += vtpm vtpm-delete XEN_SCRIPTS += xen-hotplug-cleanup XEN_SCRIPTS += external-device-migrate XEN_SCRIPTS += vscsi XEN_SCRIPT_DATA = xen-script-common.sh locking.sh logging.sh XEN_SCRIPT_DATA += xen-hotplug-common.sh xen-network-common.sh vif-common.sh -XEN_SCRIPT_DATA += block-common.sh vtpm-common.sh vtpm-hotplug-common.sh -XEN_SCRIPT_DATA += vtpm-migration.sh vtpm-impl +XEN_SCRIPT_DATA += block-common.sh UDEV_RULES_DIR = $(CONFIG_DIR)/udev UDEV_RULES = xen-backend.rules xend.rules diff --git a/tools/hotplug/Linux/vtpm b/tools/hotplug/Linux/vtpm deleted file mode 100644 index 38a4532fc2..0000000000 --- a/tools/hotplug/Linux/vtpm +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash - -dir=$(dirname "$0") -. "$dir/vtpm-hotplug-common.sh" - -vtpm_fatal_error=0 - -case "$command" in - add) - vtpm_create_instance - ;; - remove) - vtpm_remove_instance - ;; -esac - -if [ $vtpm_fatal_error -eq 0 ]; then - log debug "Successful vTPM operation '$command'." - success -else - fatal "Error while executing vTPM operation '$command'." -fi diff --git a/tools/hotplug/Linux/vtpm-common.sh b/tools/hotplug/Linux/vtpm-common.sh deleted file mode 100644 index d0d7935faf..0000000000 --- a/tools/hotplug/Linux/vtpm-common.sh +++ /dev/null @@ -1,448 +0,0 @@ -# -# Copyright (c) 2005 IBM Corporation -# Copyright (c) 2005 XenSource Ltd. -# -# This library is free software; you can redistribute it and/or -# modify it under the terms of version 2.1 of the GNU Lesser General Public -# License as published by the Free Software Foundation. -# -# This library is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this library; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# - -dir=$(dirname "$0") -. "$dir/logging.sh" -. "$dir/locking.sh" - -VTPMDB="/var/vtpm/vtpm.db" - -#In the vtpm-impl file some commands should be defined: -# vtpm_create, vtpm_setup, vtpm_start, etc. (see below) -if [ -r "$dir/vtpm-impl.alt" ]; then - . "$dir/vtpm-impl.alt" -elif [ -r "$dir/vtpm-impl" ]; then - . "$dir/vtpm-impl" -else - function vtpm_create () { - true - } - function vtpm_setup() { - true - } - function vtpm_start() { - true - } - function vtpm_suspend() { - true - } - function vtpm_resume() { - true - } - function vtpm_delete() { - true - } - function vtpm_migrate() { - echo "Error: vTPM migration accross machines not implemented." - } - function vtpm_migrate_local() { - echo "Error: local vTPM migration not supported" - } - function vtpm_migrate_recover() { - true - } -fi - - -#Find the instance number for the vtpm given the name of the domain -# Parameters -# - vmname : the name of the vm -# Return value -# Returns '0' if instance number could not be found, otherwise -# it returns the instance number in the variable 'instance' -function vtpmdb_find_instance () { - local vmname ret instance - vmname=$1 - ret=0 - - instance=$(cat $VTPMDB | \ - awk -vvmname=$vmname \ - '{ \ - if ( 1 != index($1,"#")) { \ - if ( $1 == vmname ) { \ - print $2; \ - exit; \ - } \ - } \ - }') - if [ "$instance" != "" ]; then - ret=$instance - fi - echo "$ret" -} - - -# Check whether a particular instance number is still available -# returns "0" if it is not available, "1" otherwise. -function vtpmdb_is_free_instancenum () { - local instance instances avail i - instance=$1 - avail=1 - #Allowed instance number range: 1-255 - if [ $instance -eq 0 -o $instance -gt 255 ]; then - avail=0 - else - instances=$(cat $VTPMDB | \ - awk \ - '{ \ - if (1 != index($1,"#")) { \ - printf("%s ",$2); \ - } \ - }') - for i in $instances; do - if [ $i -eq $instance ]; then - avail=0 - break - fi - done - fi - echo "$avail" -} - - -# Get an available instance number given the database -# Returns an unused instance number -function vtpmdb_get_free_instancenum () { - local ctr instances don found - instances=$(cat $VTPMDB | \ - awk \ - '{ \ - if (1 != index($1,"#")) { \ - printf("%s ",$2); \ - } \ - }') - ctr=1 - don=0 - while [ $don -eq 0 ]; do - found=0 - for i in $instances; do - if [ $i -eq $ctr ]; then - found=1; - break; - fi - done - - if [ $found -eq 0 ]; then - don=1 - break - fi - let ctr=ctr+1 - done - echo "$ctr" -} - - -# Add a domain name and instance number to the DB file -function vtpmdb_add_instance () { - local res vmname inst - vmname=$1 - inst=$2 - - if [ ! -f $VTPMDB ]; then - echo "#Database for VM to vTPM association" > $VTPMDB - echo "#1st column: domain name" >> $VTPMDB - echo "#2nd column: TPM instance number" >> $VTPMDB - fi - res=$(vtpmdb_validate_entry $vmname $inst) - if [ $res -eq 0 ]; then - echo "$vmname $inst" >> $VTPMDB - fi -} - - -#Validate whether an entry is the same as passed to this -#function -function vtpmdb_validate_entry () { - local res rc vmname inst - rc=0 - vmname=$1 - inst=$2 - - res=$(cat $VTPMDB | \ - awk -vvmname=$vmname \ - -vinst=$inst \ - '{ \ - if ( 1 == index($1,"#")) {\ - } else \ - if ( $1 == vmname && \ - $2 == inst) { \ - printf("1"); \ - exit; \ - } else \ - if ( $1 == vmname || \ - $2 == inst) { \ - printf("2"); \ - exit; \ - } \ - }') - - if [ "$res" == "1" ]; then - rc=1 - elif [ "$res" == "2" ]; then - rc=2 - fi - echo "$rc" -} - - -#Remove an entry from the vTPM database given its domain name -#and instance number -function vtpmdb_remove_entry () { - local vmname instance VTPMDB_TMP - vmname=$1 - instance=$2 - VTPMDB_TMP="$VTPMDB".tmp - - $(cat $VTPMDB | \ - awk -vvmname=$vmname \ - '{ \ - if ( $1 != vmname ) { \ - print $0; \ - } \ - '} > $VTPMDB_TMP) - if [ -e $VTPMDB_TMP ]; then - mv -f $VTPMDB_TMP $VTPMDB - vtpm_delete $instance - else - log err "Error creating temporary file '$VTPMDB_TMP'." - fi -} - - -# Find the reason for the creation of this device: -# Returns 'resume' or 'create' -function vtpm_get_create_reason () { - local resume - resume=$(xenstore_read $XENBUS_PATH/resume) - if [ "$resume" == "True" ]; then - echo "resume" - else - echo "create" - fi -} - - -#Create a vTPM instance -# If no entry in the TPM database is found, the instance is -# created and an entry added to the database. -function vtpm_create_instance () { - local res instance domname reason uuid - uuid=$(xenstore_read "$XENBUS_PATH"/uuid) - reason=$(vtpm_get_create_reason) - - claim_lock vtpmdb - - instance="0" - - if [ "$uuid" != "" ]; then - instance=$(vtpmdb_find_instance $uuid) - fi - if [ "$instance" == "0" ]; then - domname=$(xenstore_read "$XENBUS_PATH"/domain) - instance=$(vtpmdb_find_instance $domname) - fi - - if [ "$instance" == "0" -a "$reason" != "create" ]; then - release_lock vtpmdb - return - fi - - if [ "$instance" == "0" ]; then - #Try to give the preferred instance to the domain - instance=$(xenstore_read "$XENBUS_PATH"/pref_instance) - if [ "$instance" != "" ]; then - res=$(vtpmdb_is_free_instancenum $instance) - if [ $res -eq 0 ]; then - instance=$(vtpmdb_get_free_instancenum) - fi - else - instance=$(vtpmdb_get_free_instancenum) - fi - - vtpm_create $instance - - if [ $vtpm_fatal_error -eq 0 ]; then - if [ "$uuid" != "" ]; then - vtpmdb_add_instance $uuid $instance - else - vtpmdb_add_instance $domname $instance - fi - fi - else - if [ "$reason" == "resume" ]; then - vtpm_resume $instance - else - vtpm_start $instance - fi - fi - - release_lock vtpmdb - - xenstore_write $XENBUS_PATH/instance $instance -} - - -#Remove an instance when a VM is terminating or suspending. -#Since it is assumed that the VM will appear again, the -#entry is kept in the VTPMDB file. -function vtpm_remove_instance () { - local instance reason domname uuid - #Stop script execution quietly if path does not exist (anymore) - xenstore-exists "$XENBUS_PATH"/domain - uuid=$(xenstore_read "$XENBUS_PATH"/uuid) - - claim_lock vtpmdb - - instance="0" - - if [ "$uuid" != "" ]; then - instance=$(vtpmdb_find_instance $uuid) - fi - - if [ "$instance" == "0" ]; then - domname=$(xenstore_read "$XENBUS_PATH"/domain) - instance=$(vtpmdb_find_instance $domname) - fi - - if [ "$instance" != "0" ]; then - vtpm_suspend $instance - fi - - release_lock vtpmdb -} - - -#Remove an entry in the VTPMDB file given the domain's name -#1st parameter: The name of the domain -function vtpm_delete_instance () { - local instance - - claim_lock vtpmdb - - instance=$(vtpmdb_find_instance $1) - if [ "$instance" != "0" ]; then - vtpmdb_remove_entry $1 $instance - fi - - release_lock vtpmdb -} - -# Determine whether the given address is local to this machine -# Return values: -# "-1" : the given machine name is invalid -# "0" : this is not an address of this machine -# "1" : this is an address local to this machine -function vtpm_isLocalAddress() { - local addr res - addr=$(ping $1 -c 1 | \ - awk '{ print substr($3,2,length($3)-2); exit }') - if [ "$addr" == "" ]; then - echo "-1" - return - fi - res=$(ifconfig | grep "inet addr" | \ - awk -vaddr=$addr \ - '{ \ - if ( addr == substr($2, 6)) {\ - print "1"; \ - } \ - }' \ - ) - if [ "$res" == "" ]; then - echo "0" - return - fi - echo "1" -} - -# Perform a migration step. This function differentiates between migration -# to the local host or to a remote machine. -# Parameters: -# 1st: destination host to migrate to -# 2nd: name of the domain to migrate -# 3rd: the migration step to perform -function vtpm_migration_step() { - local res=$(vtpm_isLocalAddress $1) - if [ "$res" == "0" ]; then - vtpm_migrate $1 $2 $3 - else - vtpm_migrate_local - fi -} - -# Recover from migration due to an error. This function differentiates -# between migration to the local host or to a remote machine. -# Parameters: -# 1st: destination host the migration was going to -# 2nd: name of the domain that was to be migrated -# 3rd: the last successful migration step that was done -function vtpm_recover() { - local res - res=$(vtpm_isLocalAddress $1) - if [ "$res" == "0" ]; then - vtpm_migrate_recover $1 $2 $3 - fi -} - - -#Determine the domain id given a domain's name. -#1st parameter: name of the domain -#return value: domain id or -1 if domain id could not be determined -function vtpm_domid_from_name () { - local id name ids - ids=$(xenstore-list /local/domain) - for id in $ids; do - name=$(xenstore-read /local/domain/$id/name) - if [ "$name" == "$1" ]; then - echo "$id" - return - fi - done - echo "-1" -} - -#Determine the virtual TPM's instance number using the domain ID. -#1st parm: domain ID -function vtpm_uuid_by_domid() { - echo $(xenstore-read /local/domain/0/backend/vtpm/$1/0/uuid) -} - - -# Determine the vTPM's UUID by the name of the VM -function vtpm_uuid_from_vmname() { - local domid=$(vtpm_domid_from_name $1) - if [ "$domid" != "-1" ]; then - echo $(vtpm_uuid_by_domid $domid) - return - fi - echo "" -} - -#Add a virtual TPM instance number and its associated domain name -#to the VTPMDB file and activate usage of this virtual TPM instance -#by writing the instance number into the xenstore -#1st parm: name of virtual machine -#2nd parm: instance of associated virtual TPM -function vtpm_add_and_activate() { - local domid=$(vtpm_domid_from_name $1) - local vtpm_uuid=$(vtpm_uuid_from_vmname $1) - if [ "$vtpm_uuid" != "" -a "$domid" != "-1" ]; then - vtpmdb_add_instance $vtpm_uuid $2 - xenstore-write backend/vtpm/$domid/0/instance $2 - fi -} diff --git a/tools/hotplug/Linux/vtpm-delete b/tools/hotplug/Linux/vtpm-delete deleted file mode 100644 index b75b95bf0a..0000000000 --- a/tools/hotplug/Linux/vtpm-delete +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash - -# This scripts must be called the following way: -# vtpm-delete <vtpm uuid> -# or -# vtpm-delete --vmname <vm name> - -dir=$(dirname "$0") -. "$dir/vtpm-common.sh" - -if [ "$1" == "--vmname" ]; then - vtpm_uuid=$(vtpm_uuid_from_vmname $2) - if [ "$vtpm_uuid" != "" ];then - vtpm_delete_instance $vtpm_uuid - fi -else - vtpm_delete_instance $1 -fi diff --git a/tools/hotplug/Linux/vtpm-hotplug-common.sh b/tools/hotplug/Linux/vtpm-hotplug-common.sh deleted file mode 100644 index 9fd35e7402..0000000000 --- a/tools/hotplug/Linux/vtpm-hotplug-common.sh +++ /dev/null @@ -1,35 +0,0 @@ -# -# Copyright (c) 2005 IBM Corporation -# Copyright (c) 2005 XenSource Ltd. -# -# This library is free software; you can redistribute it and/or -# modify it under the terms of version 2.1 of the GNU Lesser General Public -# License as published by the Free Software Foundation. -# -# This library is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this library; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# - -dir=$(dirname "$0") -. "$dir/xen-hotplug-common.sh" - -findCommand "$@" -if [ "$command" != "online" ] && - [ "$command" != "offline" ] && - [ "$command" != "add" ] && - [ "$command" != "remove" ] -then - log err "Invalid command: $command" - exit 1 -fi - - -XENBUS_PATH="${XENBUS_PATH:?}" - -. "$dir/vtpm-common.sh" diff --git a/tools/hotplug/Linux/vtpm-impl b/tools/hotplug/Linux/vtpm-impl deleted file mode 100644 index 4f9a1fd85e..0000000000 --- a/tools/hotplug/Linux/vtpm-impl +++ /dev/null @@ -1,208 +0,0 @@ -#!/bin/bash -# =================================================================== -# -# Copyright (c) 2005, Intel Corp. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# * Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# * Redistributions in binary form must reproduce the above -# copyright notice, this list of conditions and the following -# disclaimer in the documentation and/or other materials provided -# with the distribution. -# * Neither the name of Intel Corporation nor the names of its -# contributors may be used to endorse or promote products derived -# from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -# OF THE POSSIBILITY OF SUCH DAMAGE. -# =================================================================== - -# | SRC | TAG | CMD SIZE | ORD |mtype|strt -TPM_CMD_OPEN=\\x00\\x00\\x00\\x00\\x01\\xc1\\x00\\x00\\x00\\x11\\x01\\x00\\x00\\x01\\x01\\x01 -TPM_CMD_RESM=\\x00\\x00\\x00\\x00\\x01\\xc1\\x00\\x00\\x00\\x11\\x01\\x00\\x00\\x01\\x01\\x02 -TPM_CMD_CLOS=\\x00\\x00\\x00\\x00\\x01\\xc1\\x00\\x00\\x00\\x0e\\x01\\x00\\x00\\x02 -TPM_CMD_DELE=\\x00\\x00\\x00\\x00\\x01\\xc1\\x00\\x00\\x00\\x0e\\x01\\x00\\x00\\x03 - -TPM_TYPE_PVM=\\x01 -TPM_TYPE_HVM=\\x02 - -TPM_SUCCESS=00000000 - -TX_VTPM_MANAGER=/var/vtpm/fifos/from_console.fifo -RX_VTPM_MANAGER=/var/vtpm/fifos/to_console.fifo - -VTPM_MIG=/usr/bin/vtpm_migrator - -# -------------------- Helpers for binary streams ----------- - -function str_to_hex32() { - printf "%0.8x" $1 -} - -function hex32_to_bin() { - local inst=$(str_to_hex32 $1); - - local n1=`echo $inst | sed 's/\(..\)....../\\\\x\1/'` - local n2=`echo $inst | sed 's/..\(..\)..../\\\\x\1/'` - local n3=`echo $inst | sed 's/....\(..\)../\\\\x\1/'` - local n4=`echo $inst | sed 's/......\(..\)/\\\\x\1/'` - - echo "$n1$n2$n3$n4" -} - -function vtpm_manager_cmd() { - local cmd=$1; - local inst=$2; - local inst_bin=$(hex32_to_bin $inst); - - claim_lock vtpm_mgr - - #send cmd to vtpm_manager - printf "$cmd$inst_bin" > $TX_VTPM_MANAGER - - #recv response - set +e - local resp_hex=`dd skip=10 bs=1 count=4 if=$RX_VTPM_MANAGER 2> /dev/null | xxd -ps` - set -e - - release_lock vtpm_mgr - - #return whether the command was successful - if [ $resp_hex -ne $TPM_SUCCESS ]; then - vtpm_fatal_error=1 - false - else - true - fi -} - -# Helper to get vm type to pass to vtpm_manager open/resume -function vtpm_get_type() { - local inst=$(xenstore_read $XENBUS_PATH/frontend-id) - local vm=$(xenstore_read /local/domain/$inst/vm) - if [ "$vm" != "" ]; then - local ostype=$(xenstore-read $vm/image/ostype) - if [ "$ostype" == "hvm" ]; then - echo $TPM_TYPE_HVM; - else - echo $TPM_TYPE_PVM; - fi - fi -} - -# ------------------ Command handlers ----------------- - -# Create new vtpm instance & set it up for use -function vtpm_create () { - # Creation is handled implicitly by the manager on first setup - # so just set it up for use - $(vtpm_start $1) -} - -# Setup vtpm instance for use. -function vtpm_start() { - local vmtype=$(vtpm_get_type); - $(vtpm_manager_cmd $TPM_CMD_OPEN$vmtype $1) -} - -function vtpm_resume() { - local vmtype=$(vtpm_get_type); - $(vtpm_manager_cmd $TPM_CMD_RESM$vmtype $1) -} - -# Reset the vtpm AKA clear PCRs -function vtpm_reset() { - #not used by current implemenation - true -} - -# Shutdown the vtpm while the vm is down -# This could be a suspend of shutdown -# we cannot distinquish, so save the state -# and decide on startup if we should keep is -function vtpm_suspend() { - $(vtpm_manager_cmd $TPM_CMD_CLOS $1) -} - - -function vtpm_delete() { - local inst=$1 - if $(vtpm_manager_cmd $TPM_CMD_DELE $inst); then - rm -f /var/vtpm/vtpm_dm_$1.data - true - else - vtpm_fatal_error=1 - false - fi -} - -# Perform a migration step. This function differentiates between migration -# to the local host or to a remote machine. -# Parameters: -# 1st: destination host to migrate to -# 2nd: name of the domain to migrate -# 3rd: the migration step to perform -function vtpm_migrate() { - local instance res - - instance=$(vtpmdb_find_instance $2) - if [ "$instance" == "" ]; then - log err "VTPM Migratoin failed. Unable to translation of domain name" - echo "Error: VTPM Migration failed while looking up instance number" - fi - - case "$3" in - 0) - #Incicate migration supported - echo "0" - ;; - - 1) - # Get Public Key from Destination - # Call vtpm_manager's migration part 1 - claim_lock vtpm_mgr - $VTPM_MIG $1 $2 $instance $3 - release_lock vtpm_mgr - ;; - - 2) - # Call manager's migration step 2 and send result to destination - # If successful remove from db - claim_lock vtpm_mgr - $VTPM_MIG $1 $2 $instance $3 - release_lock vtpm_mgr - ;; - - 3) - if `ps x | grep "$VTPM_MIG $1"`; then - log err "VTPM Migration failed to complete." - echo "Error: VTPM Migration failed to complete." - fi - ;; - esac - -} - - -function vtpm_migrate_recover() { - echo "Error: Recovery not supported yet" -} - -function vtpm_migrate_local() { - echo "Error: local vTPM migration not supported" -} diff --git a/tools/hotplug/Linux/vtpm-migration.sh b/tools/hotplug/Linux/vtpm-migration.sh deleted file mode 100644 index 7e38ae26f0..0000000000 --- a/tools/hotplug/Linux/vtpm-migration.sh +++ /dev/null @@ -1,19 +0,0 @@ -# -# Copyright (c) 2005 IBM Corporation -# -# This library is free software; you can redistribute it and/or -# modify it under the terms of version 2.1 of the GNU Lesser General Public -# License as published by the Free Software Foundation. -# -# This library is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this library; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# - -dir=$(dirname "$0") -. "$dir/vtpm-common.sh" diff --git a/tools/hotplug/Linux/xen-backend.rules b/tools/hotplug/Linux/xen-backend.rules index c591a3ff03..a0d409e1c2 100644 --- a/tools/hotplug/Linux/xen-backend.rules +++ b/tools/hotplug/Linux/xen-backend.rules @@ -1,6 +1,5 @@ SUBSYSTEM=="xen-backend", KERNEL=="tap*", ENV{UDEV_CALL}="1", RUN+="/etc/xen/scripts/blktap $env{ACTION}" SUBSYSTEM=="xen-backend", KERNEL=="vbd*", ENV{UDEV_CALL}="1", RUN+="/etc/xen/scripts/block $env{ACTION}" -SUBSYSTEM=="xen-backend", KERNEL=="vtpm*", RUN+="/etc/xen/scripts/vtpm $env{ACTION}" SUBSYSTEM=="xen-backend", KERNEL=="vif2-*", RUN+="/etc/xen/scripts/vif2 $env{ACTION}" SUBSYSTEM=="xen-backend", KERNEL=="vif-*", ENV{UDEV_CALL}="1", ACTION=="online", RUN+="/etc/xen/scripts/vif-setup online type_if=vif" SUBSYSTEM=="xen-backend", KERNEL=="vif-*", ENV{UDEV_CALL}="1", ACTION=="offline", RUN+="/etc/xen/scripts/vif-setup offline type_if=vif" diff --git a/tools/vtpm/Makefile b/tools/vtpm/Makefile deleted file mode 100644 index 7b3efa51dc..0000000000 --- a/tools/vtpm/Makefile +++ /dev/null @@ -1,74 +0,0 @@ -XEN_ROOT = $(CURDIR)/../.. - -# Base definitions and rules -include $(XEN_ROOT)/tools/vtpm/Rules.mk - -# Dir name for emulator (as dom0 tpm driver) -TPM_EMULATOR_DIR = tpm_emulator -# Dir name for vtpm instance -VTPM_DIR = vtpm -ORIG_DIR = orig - -# Emulator tarball name -TPM_EMULATOR_NAME = tpm_emulator-0.5.1 -TPM_EMULATOR_TARFILE = $(TPM_EMULATOR_NAME).tar.gz - -GMP_HEADER = /usr/include/gmp.h - -.PHONY: all -all: build - -.PHONY: build -build: build_sub - -.PHONY: install -install: build - $(MAKE) -C $(VTPM_DIR) install-recursive - -.PHONY: clean -clean: - @if [ -d $(TPM_EMULATOR_DIR) ]; \ - then $(MAKE) -C $(TPM_EMULATOR_DIR) clean; \ - fi - @if [ -d $(VTPM_DIR) ]; \ - then $(MAKE) -C $(VTPM_DIR) clean; \ - fi - -.PHONY: mrproper -mrproper: - rm -f $(TPM_EMULATOR_TARFILE) tpm_emulator.patch.old vtpm.patch.old - rm -rf $(TPM_EMULATOR_DIR) $(VTPM_DIR) $(ORIG_DIR) - -# Download Swiss emulator -$(TPM_EMULATOR_TARFILE): - wget http://download.berlios.de/tpm-emulator/$(TPM_EMULATOR_TARFILE) - -# Create vtpm dirs -$(VTPM_DIR)/tpmd/tpmd: $(TPM_EMULATOR_TARFILE) vtpm-0.5.1.patch - rm -rf $(VTPM_DIR) - tar -xzf $(TPM_EMULATOR_TARFILE) - mv $(TPM_EMULATOR_NAME) $(VTPM_DIR) - - set -e; cd $(VTPM_DIR); \ - patch -p1 < ../vtpm-0.5.1.patch; \ - patch -p1 < ../vtpm-0.5.1-LDLIBS.patch - -orig: $(TPM_EMULATOR_TARFILE) - mkdir $(ORIG_DIR); - set -e; cd $(ORIG_DIR); \ - tar -xzf ../$(TPM_EMULATOR_TARFILE); - -updatepatches: clean orig - find $(VTPM_DIR) -name "*.orig" -print | xargs rm -f; - mv vtpm.patch vtpm.patch.old; - diff -uprN $(TPM_EMULATOR_DIR) $(VTPM_DIR) > vtpm.patch || true; - -.PHONY: build_sub -build_sub: $(VTPM_DIR)/tpmd/tpmd - set -e; if [ -e $(GMP_HEADER) ]; then \ - $(MAKE) -C $(VTPM_DIR) version; \ - $(MAKE) -C $(VTPM_DIR) all-recursive; \ - else \ - echo "=== Unable to build VTPMs. libgmp could not be found."; \ - fi - diff --git a/tools/vtpm/README b/tools/vtpm/README deleted file mode 100644 index 2008cbdfb7..0000000000 --- a/tools/vtpm/README +++ /dev/null @@ -1,45 +0,0 @@ - -Directory Structure -=================== -tools/vtpm/tpm_emulator-0.2b.tar.gz -> TPM Emulator downloaded at build time that will - be patched and used for our vtpms -tools/vtpm/vtpm.patch -> patch applied to tpm_emulator to make vtpm -tools/vtpm/vtpm/ -> (created on build) tpm_emulator moved to ring 3, - listens on a pair of fifos for TPM commands, - persistent state is sent via named fifo to vtpm - manager, which encrypts it and protects it. -tools/vtpm/tpm_emulator.patch -> To allow for debugging and testing on non-TPM - platforms, this patches the emulator to allow - it to be inserted into the dom0 kernel -tools/vtpm/tpm_emulator-0.2 -> (created on build) directory containing patched emulator - -Compile Flags -=================== -VTPM_MULTI_VM -> Defined (not finished): VTPMs run in their own VMs - Not Defined (default): VTPMs are processes - -Requirements -============ -- xen-unstable -- IBM frontend/backend vtpm driver patch -- vtpm_managerd -- GNU MP Big number library (GMP) - -vtpmd Flow (for vtpm_manager. vtpmd never run by default) -============================ -- Launch the VTPM manager (vtpm_managerd) which which begins listening to the BE with one thread - and listens to a named fifo that is shared by the vtpms to commuincate with the manager. -- VTPM Manager listens to TPM BE. -- When xend launches a tpm frontend equipped VM it contacts the manager over the vtpm backend. -- When the manager receives the open message from the BE, it launches a vtpm -- Xend allows the VM to continue booting. -- When a TPM request is issued to the front end, the front end transmits the TPM request to the backend. -- The manager receives the TPM requests and uses a named fifo to forward the request to the vtpm. -- The fifo listener begins listening for the reply from vtpm for the request. -- Vtpm processes request and replies to manager over shared named fifo. -- If needed, the vtpm may send a request to the vtpm_manager at any time to save it's secrets to disk. -- Manager receives response from vtpm and passes it back to backend for forwarding to guest. - -tpm_emulator flow -================== -Read documentation in tpm_emulator-0.2 directory diff --git a/tools/vtpm/Rules.mk b/tools/vtpm/Rules.mk deleted file mode 100644 index 548cff02a9..0000000000 --- a/tools/vtpm/Rules.mk +++ /dev/null @@ -1,26 +0,0 @@ -# Base definitions and rules (XEN_ROOT must be defined in including Makefile) -include $(XEN_ROOT)/tools/Rules.mk - -# -# Tool definitions -# - -# General compiler flags -CFLAGS = -Werror -g3 - -# Generic project files -HDRS = $(wildcard *.h) -SRCS = $(wildcard *.c) -OBJS = $(patsubst %.c,%.o,$(SRCS)) - -# Generic (non-header) dependencies -$(SRCS): Makefile $(XEN_ROOT)/tools/Rules.mk $(XEN_ROOT)/tools/vtpm/Rules.mk - -$(OBJS): $(SRCS) - --include $(DEPS) - -BUILD_EMULATOR = y - -# Make sure these are just rules -.PHONY : all build install clean diff --git a/tools/vtpm/tpm_emulator.patch b/tools/vtpm/tpm_emulator.patch deleted file mode 100644 index c34c6650ed..0000000000 --- a/tools/vtpm/tpm_emulator.patch +++ /dev/null @@ -1,1919 +0,0 @@ -diff -uprN orig/tpm_emulator-0.4/AUTHORS tpm_emulator/AUTHORS ---- orig/tpm_emulator-0.4/AUTHORS 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/AUTHORS 2006-07-24 14:35:35.000000000 -0700 -@@ -1,2 +1,3 @@ - Mario Strasser <mast@gmx.net> - Heiko Stamer <stamer@gaos.org> [DAA] -+INTEL Corp <> [Dropped to Ring3] -diff -uprN orig/tpm_emulator-0.4/ChangeLog tpm_emulator/ChangeLog ---- orig/tpm_emulator-0.4/ChangeLog 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/ChangeLog 2006-07-24 14:35:35.000000000 -0700 -@@ -1,3 +1,6 @@ -+????-??-?? Intel Corp -+ * Moved module out of kernel to run as a ring 3 app -+ - 2006-06-23 Mario Strasser <mast@gmx.net> - * tpm_startup.c: behaviour of ST_CLEAR and storage of - persistent data adapted -diff -uprN orig/tpm_emulator-0.4/crypto/gmp_kernel_wrapper.c tpm_emulator/crypto/gmp_kernel_wrapper.c ---- orig/tpm_emulator-0.4/crypto/gmp_kernel_wrapper.c 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/crypto/gmp_kernel_wrapper.c 2006-07-24 14:35:35.000000000 -0700 -@@ -1,5 +1,6 @@ - /* Software-Based Trusted Platform Module (TPM) Emulator for Linux - * Copyright (C) 2004 Mario Strasser <mast@gmx.net>, -+ * Copyright (C) 2005 INTEL Corp - * - * This module is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published -@@ -24,15 +25,10 @@ int __gmp_junk; - void __attribute__ ((regparm(0))) __gmp_assert_fail(const char *filename, - int linenum, const char *expr) - { -- panic(KERN_CRIT TPM_MODULE_NAME "%s:%d: GNU MP assertion failed: %s\n", -+ error("%s:%d: GNU MP assertion failed: %s\n", - filename, linenum, expr); - } - --void __attribute__ ((regparm(0))) abort(void) --{ -- panic(KERN_CRIT TPM_MODULE_NAME "GNU MP abort() was called\n"); --} -- - /* overwrite GNU MP random functions (used by mpz/millerrabin.c) */ - - void __attribute__ ((regparm(0))) gmp_randinit(gmp_randstate_t rstate, -@@ -77,20 +73,19 @@ void __attribute__ ((regparm(0))) mpz_ur - - void __attribute__ ((regparm(0))) *kernel_allocate(size_t size) - { -- void *ret = (void*)kmalloc(size, GFP_KERNEL); -- if (!ret) panic(KERN_CRIT TPM_MODULE_NAME -- "GMP: cannot allocate memory (size=%u)\n", size); -+ void *ret = (void*)malloc(size); -+ if (!ret) error("GMP: cannot allocate memory (size=%Zu)\n", size); - return ret; - } - - void __attribute__ ((regparm(0))) *kernel_reallocate(void *oldptr, - size_t old_size, size_t new_size) - { -- void *ret = (void*)kmalloc(new_size, GFP_KERNEL); -- if (!ret) panic(KERN_CRIT TPM_MODULE_NAME "GMP: Cannot reallocate memory " -- "(old_size=%u new_size=%u)\n", old_size, new_size); -+ void *ret = (void*)malloc(new_size); -+ if (!ret) error("GMP: Cannot reallocate memory " -+ "(old_size=%Zu new_size=%Zu)\n", old_size, new_size); - memcpy(ret, oldptr, old_size); -- kfree(oldptr); -+ free(oldptr); - return ret; - } - -@@ -99,7 +94,7 @@ void __attribute__ ((regparm(0))) kernel - /* overwrite used memory */ - if (blk_ptr != NULL) { - memset(blk_ptr, 0, blk_size); -- kfree(blk_ptr); -+ free(blk_ptr); - } - } - -diff -uprN orig/tpm_emulator-0.4/crypto/rsa.c tpm_emulator/crypto/rsa.c ---- orig/tpm_emulator-0.4/crypto/rsa.c 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/crypto/rsa.c 2006-07-24 14:35:35.000000000 -0700 -@@ -1,5 +1,6 @@ - /* Software-Based Trusted Platform Module (TPM) Emulator for Linux - * Copyright (C) 2004 Mario Strasser <mast@gmx.net>, -+ * Copyright (C) 2005 INTEL Corp - * - * This module is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published -@@ -381,7 +382,7 @@ static int encode_message(int type, uint - msg[0] = 0x00; - get_random_bytes(&msg[1], SHA1_DIGEST_LENGTH); - sha1_init(&ctx); -- sha1_update(&ctx, "TCPA", 4); -+ sha1_update(&ctx, (uint8_t *) "TCPA", 4); - sha1_final(&ctx, &msg[1 + SHA1_DIGEST_LENGTH]); - memset(&msg[1 + 2 * SHA1_DIGEST_LENGTH], 0x00, - msg_len - data_len - 2 * SHA1_DIGEST_LENGTH - 2); -@@ -429,7 +430,7 @@ static int decode_message(int type, uint - mask_generation(&msg[1], SHA1_DIGEST_LENGTH, - &msg[1 + SHA1_DIGEST_LENGTH], msg_len - SHA1_DIGEST_LENGTH - 1); - sha1_init(&ctx); -- sha1_update(&ctx, "TCPA", 4); -+ sha1_update(&ctx, (uint8_t *) "TCPA", 4); - sha1_final(&ctx, &msg[1]); - if (memcmp(&msg[1], &msg[1 + SHA1_DIGEST_LENGTH], - SHA1_DIGEST_LENGTH) != 0) return -1; -diff -uprN orig/tpm_emulator-0.4/linux_module.c tpm_emulator/linux_module.c ---- orig/tpm_emulator-0.4/linux_module.c 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/linux_module.c 1969-12-31 16:00:00.000000000 -0800 -@@ -1,195 +0,0 @@ --/* Software-Based Trusted Platform Module (TPM) Emulator for Linux -- * Copyright (C) 2004 Mario Strasser <mast@gmx.net>, -- * -- * This module is free software; you can redistribute it and/or modify -- * it under the terms of the GNU General Public License as published -- * by the Free Software Foundation; either version 2 of the License, -- * or (at your option) any later version. -- * -- * This module is distributed in the hope that it will be useful, -- * but WITHOUT ANY WARRANTY; without even the implied warranty of -- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -- * GNU General Public License for more details. -- * -- * $Id: linux_module.c 91 2006-03-13 13:51:41Z mast $ -- */ -- --#include <linux/module.h> --#include <linux/kernel.h> --#include <linux/init.h> --#include <linux/miscdevice.h> --#include <linux/poll.h> --#include "linux_module.h" --#include "tpm/tpm_emulator.h" -- --MODULE_LICENSE("GPL"); --MODULE_AUTHOR("Mario Strasser <mast@gmx.net>"); --MODULE_DESCRIPTION("Trusted Platform Module (TPM) Emulator"); --MODULE_SUPPORTED_DEVICE(TPM_DEVICE_NAME); -- --/* module startup parameters */ --char *startup = "save"; --module_param(startup, charp, 0444); --MODULE_PARM_DESC(startup, " Sets the startup mode of the TPM. " -- "Possible values are 'clear', 'save' (default) and 'deactivated."); --char *storage_file = "/var/tpm/tpm_emulator-1.2.0.2"; --module_param(storage_file, charp, 0644); --MODULE_PARM_DESC(storage_file, " Sets the persistent-data storage " -- "file of the TPM."); -- --/* TPM lock */ --static struct semaphore tpm_mutex; -- --/* TPM command response */ --static struct { -- uint8_t *data; -- uint32_t size; --} tpm_response; -- --/* module state */ --#define STATE_IS_OPEN 0 --static uint32_t module_state; --static struct timespec old_time; -- --static int tpm_open(struct inode *inode, struct file *file) --{ -- debug("%s()", __FUNCTION__); -- if (test_and_set_bit(STATE_IS_OPEN, (void*)&module_state)) return -EBUSY; -- return 0; --} -- --static int tpm_release(struct inode *inode, struct file *file) --{ -- debug("%s()", __FUNCTION__); -- clear_bit(STATE_IS_OPEN, (void*)&module_state); -- down(&tpm_mutex); -- if (tpm_response.data != NULL) { -- kfree(tpm_response.data); -- tpm_response.data = NULL; -- } -- up(&tpm_mutex); -- return 0; --} -- --static ssize_t tpm_read(struct file *file, char *buf, size_t count, loff_t *ppos) --{ -- debug("%s(%d)", __FUNCTION__, count); -- down(&tpm_mutex); -- if (tpm_response.data != NULL) { -- count = min(count, (size_t)tpm_response.size - (size_t)*ppos); -- count -= copy_to_user(buf, &tpm_response.data[*ppos], count); -- *ppos += count; -- if ((size_t)tpm_response.size == (size_t)*ppos) { -- kfree(tpm_response.data); -- tpm_response.data = NULL; -- } -- } else { -- count = 0; -- } -- up(&tpm_mutex); -- return count; --} -- --static ssize_t tpm_write(struct file *file, const char *buf, size_t count, loff_t *ppos) --{ -- debug("%s(%d)", __FUNCTION__, count); -- down(&tpm_mutex); -- *ppos = 0; -- if (tpm_response.data != NULL) kfree(tpm_response.data); -- if (tpm_handle_command(buf, count, &tpm_response.data, -- &tpm_response.size) != 0) { -- count = -EILSEQ; -- tpm_response.data = NULL; -- } -- up(&tpm_mutex); -- return count; --} -- --#define TPMIOC_CANCEL _IO('T', 0x00) --#define TPMIOC_TRANSMIT _IO('T', 0x01) -- --static int tpm_ioctl(struct inode *inode, struct file *file, unsigned int cmd, unsigned long arg) --{ -- debug("%s(%d, %p)", __FUNCTION__, cmd, (char*)arg); -- if (cmd == TPMIOC_TRANSMIT) { -- uint32_t count = ntohl(*(uint32_t*)(arg + 2)); -- down(&tpm_mutex); -- if (tpm_response.data != NULL) kfree(tpm_response.data); -- if (tpm_handle_command((char*)arg, count, &tpm_response.data, -- &tpm_response.size) == 0) { -- tpm_response.size -= copy_to_user((char*)arg, tpm_response.data, -- tpm_response.size); -- kfree(tpm_response.data); -- tpm_response.data = NULL; -- } else { -- tpm_response.size = 0; -- tpm_response.data = NULL; -- } -- up(&tpm_mutex); -- return tpm_response.size; -- } -- return -1; --} -- --struct file_operations fops = { -- .owner = THIS_MODULE, -- .open = tpm_open, -- .release = tpm_release, -- .read = tpm_read, -- .write = tpm_write, -- .ioctl = tpm_ioctl, --}; -- --static struct miscdevice tpm_dev = { -- .minor = TPM_DEVICE_MINOR, -- .name = TPM_DEVICE_NAME, -- .fops = &fops, --}; -- --int __init init_tpm_module(void) --{ -- int res = misc_register(&tpm_dev); -- if (res != 0) { -- error("misc_register() failed for minor %d\n", TPM_DEVICE_MINOR); -- return res; -- } -- /* initialize variables */ -- sema_init(&tpm_mutex, 1); -- module_state = 0; -- tpm_response.data = NULL; -- old_time = current_kernel_time(); -- /* initialize TPM emulator */ -- if (!strcmp(startup, "clear")) { -- tpm_emulator_init(1); -- } else if (!strcmp(startup, "save")) { -- tpm_emulator_init(2); -- } else if (!strcmp(startup, "deactivated")) { -- tpm_emulator_init(3); -- } else { -- error("invalid startup mode '%s'; must be 'clear', " -- "'save' (default) or 'deactivated", startup); -- misc_deregister(&tpm_dev); -- return -EINVAL; -- } -- return 0; --} -- --void __exit cleanup_tpm_module(void) --{ -- tpm_emulator_shutdown(); -- misc_deregister(&tpm_dev); -- if (tpm_response.data != NULL) kfree(tpm_response.data); --} -- --module_init(init_tpm_module); --module_exit(cleanup_tpm_module); -- --uint64_t tpm_get_ticks(void) --{ -- struct timespec new_time = current_kernel_time(); -- uint64_t ticks = (uint64_t)(new_time.tv_sec - old_time.tv_sec) * 1000000 -- + (new_time.tv_nsec - old_time.tv_nsec) / 1000; -- old_time = new_time; -- return (ticks > 0) ? ticks : 1; --} -- -diff -uprN orig/tpm_emulator-0.4/linux_module.h tpm_emulator/linux_module.h ---- orig/tpm_emulator-0.4/linux_module.h 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/linux_module.h 2006-07-24 14:35:35.000000000 -0700 -@@ -1,5 +1,6 @@ - /* Software-Based Trusted Platform Module (TPM) Emulator for Linux - * Copyright (C) 2004 Mario Strasser <mast@gmx.net>, -+ * Copyright (C) 2005 INTEL Corp - * - * This module is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published -@@ -17,54 +18,62 @@ - #ifndef _LINUX_MODULE_H_ - #define _LINUX_MODULE_H_ - --#include <linux/version.h> --#include <linux/kernel.h> --#include <linux/slab.h> -+#include <malloc.h> -+#include <stdint.h> -+#include <stdio.h> -+#include <string.h> - #include <linux/types.h> --#include <linux/string.h> --#include <linux/random.h> --#include <linux/time.h> --#include <asm/byteorder.h> - --/* module settings */ -+#include <endian.h> -+#define __BYTEORDER_HAS_U64__ -+#ifdef LITTLE_ENDIAN -+ #include <linux/byteorder/little_endian.h> -+#else -+ #include <linux/byteorder/big_endian.h> -+#endif - -+/* module settings */ -+#define min(A,B) ((A)<(B)?(A):(B)) -+#ifndef STR - #define STR(s) __STR__(s) - #define __STR__(s) #s -+#endif - #include "tpm_version.h" - - #define TPM_DEVICE_MINOR 224 - #define TPM_DEVICE_NAME "tpm" - #define TPM_MODULE_NAME "tpm_emulator" - --/* debug and log output functions */ -- - #ifdef DEBUG --#define debug(fmt, ...) printk(KERN_DEBUG "%s %s:%d: Debug: " fmt "\n", \ -- TPM_MODULE_NAME, __FILE__, __LINE__, ## __VA_ARGS__) -+#define debug(fmt, ...) printf("TPMD: %s:%d: Debug: " fmt "\n", \ -+ __FILE__, __LINE__, ## __VA_ARGS__) - #else - #define debug(fmt, ...) - #endif --#define info(fmt, ...) printk(KERN_INFO "%s %s:%d: Info: " fmt "\n", \ -- TPM_MODULE_NAME, __FILE__, __LINE__, ## __VA_ARGS__) --#define error(fmt, ...) printk(KERN_ERR "%s %s:%d: Error: " fmt "\n", \ -- TPM_MODULE_NAME, __FILE__, __LINE__, ## __VA_ARGS__) --#define alert(fmt, ...) printk(KERN_ALERT "%s %s:%d: Alert: " fmt "\n", \ -- TPM_MODULE_NAME, __FILE__, __LINE__, ## __VA_ARGS__) -+#define info(fmt, ...) printf("TPMD: %s:%d: Info: " fmt "\n", \ -+ __FILE__, __LINE__, ## __VA_ARGS__) -+#define error(fmt, ...) printf("TPMD: %s:%d: Error: " fmt "\n", \ -+ __FILE__, __LINE__, ## __VA_ARGS__) -+#define alert(fmt, ...) printf("TPMD: %s:%d: Alert: " fmt "\n", \ -+ __FILE__, __LINE__, ## __VA_ARGS__) - - /* memory allocation */ - - static inline void *tpm_malloc(size_t size) - { -- return kmalloc(size, GFP_KERNEL); -+ return malloc(size); - } - - static inline void tpm_free(const void *ptr) - { -- if (ptr != NULL) kfree(ptr); -+ if (ptr != NULL) free( (void *) ptr); - } - - /* random numbers */ - -+//FIXME; -+void get_random_bytes(void *buf, int nbytes); -+ - static inline void tpm_get_random_bytes(void *buf, int nbytes) - { - get_random_bytes(buf, nbytes); -@@ -84,9 +93,9 @@ uint64_t tpm_get_ticks(void); - #define CPU_TO_LE16(x) __cpu_to_le16(x) - - #define BE64_TO_CPU(x) __be64_to_cpu(x) --#define LE64_TO_CPU(x) __be64_to_cpu(x) -+#define LE64_TO_CPU(x) __le64_to_cpu(x) - #define BE32_TO_CPU(x) __be32_to_cpu(x) --#define LE32_TO_CPU(x) __be32_to_cpu(x) -+#define LE32_TO_CPU(x) __le32_to_cpu(x) - #define BE16_TO_CPU(x) __be16_to_cpu(x) - #define LE16_TO_CPU(x) __le16_to_cpu(x) - -diff -uprN orig/tpm_emulator-0.4/Makefile tpm_emulator/Makefile ---- orig/tpm_emulator-0.4/Makefile 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/Makefile 2006-07-24 14:35:35.000000000 -0700 -@@ -1,24 +1,40 @@ - # Software-Based Trusted Platform Module (TPM) Emulator for Linux - # Copyright (C) 2004 Mario Strasser <mast@gmx.net> -+# Copyright (C) 2006 INTEL Corp. - # - # $Id: Makefile 115 2006-06-23 10:36:44Z mast $ - --# kernel settings --KERNEL_RELEASE := $(shell uname -r) --KERNEL_BUILD := /lib/modules/$(KERNEL_RELEASE)/build --MOD_SUBDIR := misc -+COMPILE_ARCH ?= $(shell uname -m | sed -e s/i.86/x86_32/) - - # module settings --MODULE_NAME := tpm_emulator -+BIN := tpm_emulator - VERSION_MAJOR := 0 - VERSION_MINOR := 4 - VERSION_BUILD := $(shell date +"%s") - --# enable/disable DEBUG messages --EXTRA_CFLAGS += -Wall -DDEBUG -g -+# Installation program and options -+INSTALL = install -+INSTALL_PROG = $(INSTALL) -m0755 -+INSTALL_DIR = $(INSTALL) -d -m0755 -+ -+# Xen tools installation directory -+TOOLS_INSTALL_DIR = $(DESTDIR)/usr/bin -+ -+CC := gcc -+CFLAGS += -g -Wall $(INCLUDE) -DDEBUG -+CFLAGS += -I. -Itpm -+ -+# Is the simulator running in it's own vm? -+#CFLAGS += -DVTPM_MULTI_VM -+ -+ifeq ($(COMPILE_ARCH),x86_64) -+LIBDIR = lib64 -+else -+LIBDIR = lib -+endif - - # GNU MP configuration --GMP_LIB := /usr/lib/libgmp.a -+GMP_LIB := /usr/$(LIBDIR)/libgmp.a - GMP_HEADER := /usr/include/gmp.h - - # sources and objects -@@ -27,38 +43,32 @@ DIRS := . crypto tpm - SRCS := $(foreach dir, $(DIRS), $(wildcard $(src)/$(dir)/*.c)) - OBJS := $(patsubst %.c, %.o, $(SRCS)) - SRCS += $(foreach dir, $(DIRS), $(wildcard $(src)/$(dir)/*.h)) --DISTSRC := ./README ./AUTHORS ./ChangeLog ./Makefile $(SRCS) --DISTDIR := tpm_emulator-$(VERSION_MAJOR).$(VERSION_MINOR) - --obj-m := $(MODULE_NAME).o --$(MODULE_NAME)-objs := $(patsubst $(src)/%.o, %.o, $(OBJS)) crypto/libgmp.a -+obj-m := $(BIN) -+$(BIN)-objs := $(patsubst $(src)/%.o, %.o, $(OBJS)) crypto/libgmp.a - - EXTRA_CFLAGS += -I$(src) -I$(src)/crypto -I$(src)/tpm - - # do not print "Entering directory ..." - MAKEFLAGS += --no-print-directory - --all: $(src)/crypto/gmp.h $(src)/crypto/libgmp.a version -- @$(MAKE) -C $(KERNEL_BUILD) M=$(CURDIR) modules -+all: $(BIN) - --install: -- @$(MAKE) -C $(KERNEL_BUILD) M=$(CURDIR) modules_install -- test -d /var/tpm || mkdir /var/tpm -- test -c /dev/tpm || mknod /dev/tpm c 10 224 -- chmod 666 /dev/tpm -- depmod -a -+$(BIN): $(src)/crypto/gmp.h $(src)/crypto/libgmp.a version $(SRCS) $(OBJS) -+ $(CC) $(CFLAGS) $(OBJS) $(src)/crypto/libgmp.a -o $(BIN) -+ -+%.o: %.c -+ $(CC) $(CFLAGS) -c $< -o $@ -+ -+install: $(BIN) -+ $(INSTALL_PROG) $(BIN) $(TOOLS_INSTALL_DIR) -+ @if [ ! -d "/var/tpm" ]; then mkdir /var/tpm; fi - - clean: -- @$(MAKE) -C $(KERNEL_BUILD) M=$(CURDIR) clean -- rm -f $(src)/crypto/gmp.h $(src)/crypto/libgmp.a -+ rm -f $(src)/crypto/gmp.h $(src)/crypto/libgmp.a $(OBJS) - --dist: $(DISTSRC) -- rm -rf $(DISTDIR) -- mkdir $(DISTDIR) -- cp --parents $(DISTSRC) $(DISTDIR)/ -- rm -f $(DISTDIR)/crypto/gmp.h -- tar -chzf $(DISTDIR).tar.gz $(DISTDIR) -- rm -rf $(DISTDIR) -+mrproper: clean -+ rm -f $(BIN) tpm_version.h - - $(src)/crypto/libgmp.a: - test -f $(src)/crypto/libgmp.a || ln -s $(GMP_LIB) $(src)/crypto/libgmp.a -@@ -88,4 +98,3 @@ version: - @echo "#endif /* _TPM_VERSION_H_ */" >> $(src)/tpm_version.h - - .PHONY: all install clean dist gmp version -- -diff -uprN orig/tpm_emulator-0.4/README tpm_emulator/README ---- orig/tpm_emulator-0.4/README 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/README 2006-07-24 14:35:35.000000000 -0700 -@@ -13,7 +13,8 @@ $Id: README 113 2006-06-18 12:38:13Z hst - Copyright - -------------------------------------------------------------------------- - Copyright (C) 2004 Mario Strasser <mast@gmx.net> and Swiss Federal --Institute of Technology (ETH) Zurich. -+ Institute of Technology (ETH) Zurich. -+Copyright (C) 2005 INTEL Corp - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by -@@ -43,6 +44,12 @@ Example: - GMP_LIB := /usr/lib/libgmp.a - GMP_HEADER := /usr/include/gmp.h - -+GNU MP Library on 64 bit Systems -+-------------------------------------------------------------------------- -+Some 64-bit kernels have problems with importing the user-space gmp -+library (/usr/lib*/libgmp.a) into kernel space. These kernels will require -+that the gmp library be recompiled for kernel space with -mcmodel=kernel. -+ - Installation - -------------------------------------------------------------------------- - The compilation and installation process uses the build environment for -diff -uprN orig/tpm_emulator-0.4/tpm/tpm_capability.c tpm_emulator/tpm/tpm_capability.c ---- orig/tpm_emulator-0.4/tpm/tpm_capability.c 2006-06-23 19:37:07.000000000 +0900 -+++ tpm_emulator/tpm/tpm_capability.c 2007-12-28 22:50:19.000000000 +0900 -@@ -701,7 +701,10 @@ TPM_RESULT TPM_GetCapabilityOwner(TPM_VE - TPM_RESULT res; - - info("TPM_GetCapabilityOwner()"); -- -+ -+ if (!tpmData.permanent.flags.owned) { -+ return TPM_NOSRK; -+ } - /* Verify owner authorization */ - res = tpm_verify_auth(auth1, tpmData.permanent.data.ownerAuth, TPM_KH_OWNER); - if (res != TPM_SUCCESS) return res; -diff -uprN orig/tpm_emulator-0.4/tpm/tpm_cmd_handler.c tpm_emulator/tpm/tpm_cmd_handler.c ---- orig/tpm_emulator-0.4/tpm/tpm_cmd_handler.c 2006-06-23 19:37:07.000000000 +0900 -+++ tpm_emulator/tpm/tpm_cmd_handler.c 2007-09-12 20:23:00.000000000 +0900 -@@ -565,7 +565,7 @@ static TPM_RESULT execute_TPM_Seal(TPM_R - if (tpm_unmarshal_TPM_KEY_HANDLE(&ptr, &len, &keyHandle) - || tpm_unmarshal_TPM_ENCAUTH(&ptr, &len, &encAuth) - || tpm_unmarshal_UINT32(&ptr, &len, &pcrInfoSize) -- || tpm_unmarshal_TPM_PCR_INFO(&ptr, &len, &pcrInfo) -+ || (pcrInfoSize >0 && tpm_unmarshal_TPM_PCR_INFO(&ptr, &len, &pcrInfo)) - || tpm_unmarshal_UINT32(&ptr, &len, &inDataSize) - || tpm_unmarshal_BLOB(&ptr, &len, &inData, inDataSize) - || len != 0) return TPM_BAD_PARAMETER; -@@ -798,7 +798,7 @@ static TPM_RESULT execute_TPM_Sealx(TPM_ - if (tpm_unmarshal_TPM_KEY_HANDLE(&ptr, &len, &keyHandle) - || tpm_unmarshal_TPM_ENCAUTH(&ptr, &len, &encAuth) - || tpm_unmarshal_UINT32(&ptr, &len, &pcrInfoSize) -- || tpm_unmarshal_TPM_PCR_INFO(&ptr, &len, &pcrInfo) -+ || (pcrInfoSize > 0 && tpm_unmarshal_TPM_PCR_INFO(&ptr, &len, &pcrInfo)) - || tpm_unmarshal_UINT32(&ptr, &len, &inDataSize) - || tpm_unmarshal_BLOB(&ptr, &len, &inData, inDataSize) - || len != 0) return TPM_BAD_PARAMETER; -diff -uprN orig/tpm_emulator-0.4/tpm/tpm_credentials.c tpm_emulator/tpm/tpm_credentials.c ---- orig/tpm_emulator-0.4/tpm/tpm_credentials.c 2006-06-23 19:37:07.000000000 +0900 -+++ tpm_emulator/tpm/tpm_credentials.c 2007-09-12 20:23:30.000000000 +0900 -@@ -47,20 +47,20 @@ int tpm_compute_pubkey_checksum(TPM_NONC - - TPM_RESULT tpm_get_pubek(TPM_PUBKEY *pubEndorsementKey) - { -- UINT32 key_length; -+ size_t key_length; - if (!tpmData.permanent.data.endorsementKey.size) return TPM_NO_ENDORSEMENT; - /* setup TPM_PUBKEY structure */ -- key_length = tpmData.permanent.data.endorsementKey.size; -- pubEndorsementKey->pubKey.keyLength = key_length >> 3; -+ pubEndorsementKey->pubKey.keyLength = tpmData.permanent.data.endorsementKey.size >> 3; - pubEndorsementKey->pubKey.key = tpm_malloc(pubEndorsementKey->pubKey.keyLength); - if (pubEndorsementKey->pubKey.key == NULL) return TPM_FAIL; - rsa_export_modulus(&tpmData.permanent.data.endorsementKey, -- pubEndorsementKey->pubKey.key, -- &pubEndorsementKey->pubKey.keyLength); -+ pubEndorsementKey->pubKey.key, -+ &key_length); -+ pubEndorsementKey->pubKey.keyLength = key_length; - pubEndorsementKey->algorithmParms.algorithmID = TPM_ALG_RSA; - pubEndorsementKey->algorithmParms.encScheme = TPM_ES_RSAESOAEP_SHA1_MGF1; - pubEndorsementKey->algorithmParms.sigScheme = TPM_SS_NONE; -- pubEndorsementKey->algorithmParms.parms.rsa.keyLength = key_length; -+ pubEndorsementKey->algorithmParms.parms.rsa.keyLength = key_length << 3; - pubEndorsementKey->algorithmParms.parms.rsa.numPrimes = 2; - pubEndorsementKey->algorithmParms.parms.rsa.exponentSize = 0; - pubEndorsementKey->algorithmParms.parms.rsa.exponent = NULL; -@@ -175,6 +175,7 @@ TPM_RESULT TPM_OwnerReadInternalPub(TPM_ - { - TPM_RESULT res; - TPM_KEY_DATA *srk = &tpmData.permanent.data.srk; -+ size_t key_length; - info("TPM_OwnerReadInternalPub()"); - /* verify authorization */ - res = tpm_verify_auth(auth1, tpmData.permanent.data.ownerAuth, TPM_KH_OWNER); -@@ -186,7 +187,8 @@ TPM_RESULT TPM_OwnerReadInternalPub(TPM_ - publicPortion->pubKey.key = tpm_malloc(publicPortion->pubKey.keyLength); - if (publicPortion->pubKey.key == NULL) return TPM_FAIL; - rsa_export_modulus(&srk->key, publicPortion->pubKey.key, -- &publicPortion->pubKey.keyLength); -+ &key_length); -+ publicPortion->pubKey.keyLength = key_length; - publicPortion->algorithmParms.algorithmID = TPM_ALG_RSA; - publicPortion->algorithmParms.encScheme = srk->encScheme; - publicPortion->algorithmParms.sigScheme = srk->sigScheme; -diff -uprN orig/tpm_emulator-0.4/tpm/tpm_crypto.c tpm_emulator/tpm/tpm_crypto.c ---- orig/tpm_emulator-0.4/tpm/tpm_crypto.c 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/tpm/tpm_crypto.c 2006-07-24 14:35:35.000000000 -0700 -@@ -182,7 +182,8 @@ TPM_RESULT TPM_CertifyKey(TPM_KEY_HANDLE - TPM_KEY_DATA *cert, *key; - sha1_ctx_t sha1_ctx; - BYTE *buf, *p; -- UINT32 length; -+ UINT32 length32; -+ size_t length; - info("TPM_CertifyKey()"); - /* get keys */ - cert = tpm_get_key(certHandle); -@@ -264,14 +265,15 @@ TPM_RESULT TPM_CertifyKey(TPM_KEY_HANDLE - /* compute the digest of the CERTIFY_INFO[2] structure and sign it */ - length = sizeof_TPM_CERTIFY_INFO((*certifyInfo)); - p = buf = tpm_malloc(length); -+ length32=(UINT32) length; - if (buf == NULL -- || tpm_marshal_TPM_CERTIFY_INFO(&p, &length, certifyInfo)) { -+ || tpm_marshal_TPM_CERTIFY_INFO(&p, &length32, certifyInfo)) { - free_TPM_KEY_PARMS(certifyInfo->algorithmParms); - return TPM_FAIL; - } - length = sizeof_TPM_CERTIFY_INFO((*certifyInfo)); - sha1_init(&sha1_ctx); -- sha1_update(&sha1_ctx, buf, length); -+ sha1_update(&sha1_ctx, buf, (size_t) length); - sha1_final(&sha1_ctx, buf); - res = tpm_sign(cert, auth1, FALSE, buf, SHA1_DIGEST_LENGTH, outData, outDataSize); - tpm_free(buf); -@@ -292,7 +294,8 @@ TPM_RESULT TPM_CertifyKey2(TPM_KEY_HANDL - TPM_KEY_DATA *cert, *key; - sha1_ctx_t sha1_ctx; - BYTE *buf, *p; -- UINT32 length; -+ size_t length; -+ UINT32 length32; - info("TPM_CertifyKey2()"); - /* get keys */ - cert = tpm_get_key(certHandle); -@@ -362,8 +365,9 @@ TPM_RESULT TPM_CertifyKey2(TPM_KEY_HANDL - /* compute the digest of the CERTIFY_INFO[2] structure and sign it */ - length = sizeof_TPM_CERTIFY_INFO((*certifyInfo)); - p = buf = tpm_malloc(length); -+ length32 = (UINT32) length; - if (buf == NULL -- || tpm_marshal_TPM_CERTIFY_INFO(&p, &length, certifyInfo)) { -+ || tpm_marshal_TPM_CERTIFY_INFO(&p, &length32, certifyInfo)) { - free_TPM_KEY_PARMS(certifyInfo->algorithmParms); - return TPM_FAIL; - } -diff -uprN orig/tpm_emulator-0.4/tpm/tpm_daa.c tpm_emulator/tpm/tpm_daa.c ---- orig/tpm_emulator-0.4/tpm/tpm_daa.c 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/tpm/tpm_daa.c 2006-07-24 14:35:35.000000000 -0700 -@@ -716,14 +716,14 @@ TPM_RESULT TPM_DAA_Join(TPM_HANDLE handl - sizeof(session->DAA_tpmSpecific.DAA_rekey)); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, - sizeof(session->DAA_tpmSpecific.DAA_count)); -- sha1_update(&sha1, "\x00", 1); -+ sha1_update(&sha1, (BYTE *) "\x00", 1); - sha1_final(&sha1, scratch); - sha1_init(&sha1); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_rekey, - sizeof(session->DAA_tpmSpecific.DAA_rekey)); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, - sizeof(session->DAA_tpmSpecific.DAA_count)); -- sha1_update(&sha1, "\x01", 1); -+ sha1_update(&sha1, (BYTE *) "\x01", 1); - sha1_final(&sha1, scratch + SHA1_DIGEST_LENGTH); - mpz_init(f), mpz_init(q); - mpz_import(f, 2 * SHA1_DIGEST_LENGTH, 1, 1, 0, 0, scratch); -@@ -805,14 +805,14 @@ TPM_RESULT TPM_DAA_Join(TPM_HANDLE handl - sizeof(session->DAA_tpmSpecific.DAA_rekey)); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, - sizeof(session->DAA_tpmSpecific.DAA_count)); -- sha1_update(&sha1, "\x00", 1); -+ sha1_update(&sha1, (BYTE *) "\x00", 1); - sha1_final(&sha1, scratch); - sha1_init(&sha1); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_rekey, - sizeof(session->DAA_tpmSpecific.DAA_rekey)); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, - sizeof(session->DAA_tpmSpecific.DAA_count)); -- sha1_update(&sha1, "\x01", 1); -+ sha1_update(&sha1, (BYTE *) "\x01", 1); - sha1_final(&sha1, scratch + SHA1_DIGEST_LENGTH); - mpz_init(f), mpz_init(q); - mpz_import(f, 2 * SHA1_DIGEST_LENGTH, 1, 1, 0, 0, scratch); -@@ -1489,14 +1489,14 @@ TPM_RESULT TPM_DAA_Join(TPM_HANDLE handl - sizeof(session->DAA_tpmSpecific.DAA_rekey)); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, - sizeof(session->DAA_tpmSpecific.DAA_count)); -- sha1_update(&sha1, "\x00", 1); -+ sha1_update(&sha1, (BYTE *) "\x00", 1); - sha1_final(&sha1, scratch); - sha1_init(&sha1); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_rekey, - sizeof(session->DAA_tpmSpecific.DAA_rekey)); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, - sizeof(session->DAA_tpmSpecific.DAA_count)); -- sha1_update(&sha1, "\x01", 1); -+ sha1_update(&sha1, (BYTE *) "\x01", 1); - sha1_final(&sha1, scratch + SHA1_DIGEST_LENGTH); - mpz_init(f), mpz_init(q); - mpz_import(f, 2 * SHA1_DIGEST_LENGTH, 1, 1, 0, 0, scratch); -@@ -1712,14 +1712,14 @@ TPM_RESULT TPM_DAA_Join(TPM_HANDLE handl - sizeof(session->DAA_tpmSpecific.DAA_rekey)); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, - sizeof(session->DAA_tpmSpecific.DAA_count)); -- sha1_update(&sha1, "\x00", 1); -+ sha1_update(&sha1, (BYTE *) "\x00", 1); - sha1_final(&sha1, scratch); - sha1_init(&sha1); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_rekey, - sizeof(session->DAA_tpmSpecific.DAA_rekey)); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, - sizeof(session->DAA_tpmSpecific.DAA_count)); -- sha1_update(&sha1, "\x01", 1); -+ sha1_update(&sha1, (BYTE *) "\x01", 1); - sha1_final(&sha1, scratch + SHA1_DIGEST_LENGTH); - mpz_init(f), mpz_init(q); - mpz_import(f, 2 * SHA1_DIGEST_LENGTH, 1, 1, 0, 0, scratch); -@@ -1793,14 +1793,14 @@ TPM_RESULT TPM_DAA_Join(TPM_HANDLE handl - sizeof(session->DAA_tpmSpecific.DAA_rekey)); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, - sizeof(session->DAA_tpmSpecific.DAA_count)); -- sha1_update(&sha1, "\x00", 1); -+ sha1_update(&sha1, (BYTE *) "\x00", 1); - sha1_final(&sha1, scratch); - sha1_init(&sha1); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_rekey, - sizeof(session->DAA_tpmSpecific.DAA_rekey)); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, - sizeof(session->DAA_tpmSpecific.DAA_count)); -- sha1_update(&sha1, "\x01", 1); -+ sha1_update(&sha1, (BYTE *) "\x01", 1); - sha1_final(&sha1, scratch + SHA1_DIGEST_LENGTH); - mpz_init(f), mpz_init(q); - mpz_import(f, 2 * SHA1_DIGEST_LENGTH, 1, 1, 0, 0, scratch); -@@ -2918,14 +2918,14 @@ TPM_RESULT TPM_DAA_Sign(TPM_HANDLE handl - sizeof(session->DAA_tpmSpecific.DAA_rekey)); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, - sizeof(session->DAA_tpmSpecific.DAA_count)); -- sha1_update(&sha1, "\x00", 1); -+ sha1_update(&sha1, (BYTE *) "\x00", 1); - sha1_final(&sha1, scratch); - sha1_init(&sha1); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_rekey, - sizeof(session->DAA_tpmSpecific.DAA_rekey)); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, - sizeof(session->DAA_tpmSpecific.DAA_count)); -- sha1_update(&sha1, "\x01", 1); -+ sha1_update(&sha1, (BYTE *) "\x01", 1); - sha1_final(&sha1, scratch + SHA1_DIGEST_LENGTH); - mpz_init(f), mpz_init(q); - mpz_import(f, 2 * SHA1_DIGEST_LENGTH, 1, 1, 0, 0, scratch); -@@ -3143,7 +3143,7 @@ TPM_RESULT TPM_DAA_Sign(TPM_HANDLE handl - sha1_init(&sha1); - sha1_update(&sha1, (BYTE*) &session->DAA_session.DAA_digest, - sizeof(session->DAA_session.DAA_digest)); -- sha1_update(&sha1, "\x01", 1); -+ sha1_update(&sha1, (BYTE *) "\x01", 1); - sha1_update(&sha1, inputData1, inputSize1); - sha1_final(&sha1, (BYTE*) &session->DAA_session.DAA_digest); - } -@@ -3172,7 +3172,7 @@ TPM_RESULT TPM_DAA_Sign(TPM_HANDLE handl - sha1_init(&sha1); - sha1_update(&sha1, (BYTE*) &session->DAA_session.DAA_digest, - sizeof(session->DAA_session.DAA_digest)); -- sha1_update(&sha1, "\x00", 1); -+ sha1_update(&sha1, (BYTE*) "\x00", 1); - rsa_export_modulus(&aikData->key, scratch, &size); - sha1_update(&sha1, scratch, size); - sha1_final(&sha1, (BYTE*) &session->DAA_session.DAA_digest); -@@ -3229,14 +3229,14 @@ TPM_RESULT TPM_DAA_Sign(TPM_HANDLE handl - sizeof(session->DAA_tpmSpecific.DAA_rekey)); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, - sizeof(session->DAA_tpmSpecific.DAA_count)); -- sha1_update(&sha1, "\x00", 1); -+ sha1_update(&sha1, (BYTE *) "\x00", 1); - sha1_final(&sha1, scratch); - sha1_init(&sha1); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_rekey, - sizeof(session->DAA_tpmSpecific.DAA_rekey)); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, - sizeof(session->DAA_tpmSpecific.DAA_count)); -- sha1_update(&sha1, "\x01", 1); -+ sha1_update(&sha1, (BYTE *) "\x01", 1); - sha1_final(&sha1, scratch + SHA1_DIGEST_LENGTH); - mpz_init(f), mpz_init(q); - mpz_import(f, 2 * SHA1_DIGEST_LENGTH, 1, 1, 0, 0, scratch); -@@ -3309,14 +3309,14 @@ TPM_RESULT TPM_DAA_Sign(TPM_HANDLE handl - sizeof(session->DAA_tpmSpecific.DAA_rekey)); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, - sizeof(session->DAA_tpmSpecific.DAA_count)); -- sha1_update(&sha1, "\x00", 1); -+ sha1_update(&sha1, (BYTE *) "\x00", 1); - sha1_final(&sha1, scratch); - sha1_init(&sha1); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_rekey, - sizeof(session->DAA_tpmSpecific.DAA_rekey)); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, - sizeof(session->DAA_tpmSpecific.DAA_count)); -- sha1_update(&sha1, "\x01", 1); -+ sha1_update(&sha1, (BYTE *) "\x01", 1); - sha1_final(&sha1, scratch + SHA1_DIGEST_LENGTH); - mpz_init(f), mpz_init(q); - mpz_import(f, 2 * SHA1_DIGEST_LENGTH, 1, 1, 0, 0, scratch); -diff -uprN orig/tpm_emulator-0.4/tpm/tpm_data.c tpm_emulator/tpm/tpm_data.c ---- orig/tpm_emulator-0.4/tpm/tpm_data.c 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/tpm/tpm_data.c 2006-07-24 14:35:35.000000000 -0700 -@@ -40,6 +40,7 @@ static inline void init_pcr_attr(int pcr - void tpm_init_data(void) - { - /* endorsement key */ -+#ifndef TPM_GENERATE_EK - uint8_t ek_n[] = "\xa8\xdb\xa9\x42\xa8\xf3\xb8\x06\x85\x90\x76\x93\xad\xf7" - "\x74\xec\x3f\xd3\x3d\x9d\xe8\x2e\xff\x15\xed\x0e\xce\x5f\x93" - "\x92\xeb\xd1\x96\x2b\x72\x18\x81\x79\x12\x9d\x9c\x40\xd7\x1a" -@@ -77,6 +78,8 @@ void tpm_init_data(void) - "\xd1\xc0\x8b\x5b\xa2\x2e\xa7\x15\xca\x50\x75\x10\x48\x9c\x2b" - "\x18\xb9\x67\x8f\x5d\x64\xc3\x28\x9f\x2f\x16\x2f\x08\xda\x47" - "\xec\x86\x43\x0c\x80\x99\x07\x34\x0f"; -+#endif -+ - int i; - /* reset all data to NULL, FALSE or 0 */ - memset(&tpmData, 0, sizeof(tpmData)); -@@ -152,44 +155,43 @@ void tpm_release_data(void) - - #ifdef TPM_STORE_TO_FILE - --#include <linux/fs.h> --#include <linux/unistd.h> --#include <asm/uaccess.h> -+#include <sys/types.h> -+#include <sys/stat.h> -+#include <fcntl.h> -+#include <unistd.h> - - #define TPM_STORAGE_FILE "/var/tpm/tpm_emulator-1.2." STR(VERSION_MAJOR) "." STR(VERSION_MINOR) - - static int write_to_file(uint8_t *data, size_t data_length) - { - int res; -- struct file *fp; -- mm_segment_t old_fs = get_fs(); -- fp = filp_open(TPM_STORAGE_FILE, O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR); -- if (IS_ERR(fp)) return -1; -- set_fs(get_ds()); -- res = fp->f_op->write(fp, data, data_length, &fp->f_pos); -- set_fs(old_fs); -- filp_close(fp, NULL); -+ int fp; -+ fp = open(TPM_STORAGE_FILE, O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR); -+ res = write(fp, data, data_length); -+ close(fp); - return (res == data_length) ? 0 : -1; - } - - static int read_from_file(uint8_t **data, size_t *data_length) - { - int res; -- struct file *fp; -- mm_segment_t old_fs = get_fs(); -- fp = filp_open(TPM_STORAGE_FILE, O_RDONLY, 0); -- if (IS_ERR(fp)) return -1; -- *data_length = (size_t)fp->f_dentry->d_inode->i_size; -- /* *data_length = i_size_read(fp->f_dentry->d_inode); */ -+ int fp, file_status; -+ struct stat file_info; -+ fp = open(TPM_STORAGE_FILE, O_RDONLY, 0); -+ file_status = fstat(fp, &file_info); -+ if (file_status < 0) { -+ close(fp); -+ return -1; -+ } -+ -+ *data_length = file_info.st_size; - *data = tpm_malloc(*data_length); - if (*data == NULL) { -- filp_close(fp, NULL); -+ close(fp); - return -1; - } -- set_fs(get_ds()); -- res = fp->f_op->read(fp, *data, *data_length, &fp->f_pos); -- set_fs(old_fs); -- filp_close(fp, NULL); -+ res = read(fp, *data, *data_length); -+ close(fp); - if (res != *data_length) { - tpm_free(*data); - return -1; -@@ -216,23 +218,30 @@ static int read_from_file(uint8_t **data - int tpm_store_permanent_data(void) - { - uint8_t *buf, *ptr; -- size_t buf_length, len; -+ UINT32 buf_length, len; - - /* marshal data */ -- buf_length = len = sizeof_TPM_STCLEAR_FLAGS(tpmData.stclear.flags) -- + sizeof_TPM_PERMANENT_FLAGS(tpmData.permanent.flags) + 2 -- + sizeof_TPM_PERMANENT_DATA(tpmData.permanent.data); -+ buf_length = len = 4 + sizeof_TPM_STCLEAR_FLAGS(tpmData.stclear.flags) -+ + sizeof_TPM_PERMANENT_FLAGS(tpmData.permanent.flags) -+ + sizeof_TPM_STANY_FLAGS(tpmData.stany.flags) + 2 -+ + sizeof_TPM_STCLEAR_DATA(tpmData.stclear.data) -+ + sizeof_TPM_PERMANENT_DATA(tpmData.permanent.data) -+ + sizeof_TPM_STANY_DATA(tpmData.stany.data); - buf = ptr = tpm_malloc(buf_length); - if (buf == NULL - || tpm_marshal_TPM_VERSION(&ptr, &len, &tpmData.permanent.data.version) - || tpm_marshal_TPM_STCLEAR_FLAGS(&ptr, &len, &tpmData.stclear.flags) - || tpm_marshal_TPM_PERMANENT_FLAGS(&ptr, &len, &tpmData.permanent.flags) -+ || tpm_marshal_TPM_STANY_FLAGS(&ptr, &len, &tpmData.stany.flags) - || tpm_marshal_BOOL(&ptr, &len, tpmData.permanent.flags.selfTestSucceeded) - || tpm_marshal_BOOL(&ptr, &len, tpmData.permanent.flags.owned) -- || tpm_marshal_TPM_PERMANENT_DATA(&ptr, &len, &tpmData.permanent.data)) { -+ || tpm_marshal_TPM_STCLEAR_DATA(&ptr, &len, &tpmData.stclear.data) -+ || tpm_marshal_TPM_PERMANENT_DATA(&ptr, &len, &tpmData.permanent.data) -+ || tpm_marshal_TPM_STANY_DATA(&ptr, &len, &tpmData.stany.data)) { - tpm_free(buf); - return -1; - } -+ - if (write_to_file(buf, buf_length - len)) { - tpm_free(buf); - return -1; -@@ -244,31 +253,36 @@ int tpm_store_permanent_data(void) - int tpm_restore_permanent_data(void) - { - uint8_t *buf, *ptr; -- size_t buf_length, len; -+ size_t buf_length; -+ UINT32 len; - TPM_VERSION ver; - - /* read data */ - if (read_from_file(&buf, &buf_length)) return -1; - ptr = buf; -- len = buf_length; -+ len = (uint32_t) buf_length; - /* unmarshal data */ - if (tpm_unmarshal_TPM_VERSION(&ptr, &len, &ver) - || memcmp(&ver, &tpmData.permanent.data.version, sizeof(TPM_VERSION)) - || tpm_unmarshal_TPM_STCLEAR_FLAGS(&ptr, &len, &tpmData.stclear.flags) - || tpm_unmarshal_TPM_PERMANENT_FLAGS(&ptr, &len, &tpmData.permanent.flags) -+ || tpm_unmarshal_TPM_STANY_FLAGS(&ptr, &len, &tpmData.stany.flags) - || tpm_unmarshal_BOOL(&ptr, &len, &tpmData.permanent.flags.selfTestSucceeded) - || tpm_unmarshal_BOOL(&ptr, &len, &tpmData.permanent.flags.owned) -- || tpm_unmarshal_TPM_PERMANENT_DATA(&ptr, &len, &tpmData.permanent.data)) { -+ || tpm_unmarshal_TPM_STCLEAR_DATA(&ptr, &len, &tpmData.stclear.data) -+ || tpm_unmarshal_TPM_PERMANENT_DATA(&ptr, &len, &tpmData.permanent.data) -+ || tpm_unmarshal_TPM_STANY_DATA(&ptr, &len, &tpmData.stany.data)) { - tpm_free(buf); - return -1; - } -+ - tpm_free(buf); - return 0; - } - - int tpm_erase_permanent_data(void) - { -- int res = write_to_file("", 0); -+ int res = write_to_file((uint8_t *) "", 0); - return res; - } - -diff -uprN orig/tpm_emulator-0.4/tpm/tpm_deprecated.c tpm_emulator/tpm/tpm_deprecated.c ---- orig/tpm_emulator-0.4/tpm/tpm_deprecated.c 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/tpm/tpm_deprecated.c 2006-07-24 14:35:35.000000000 -0700 -@@ -1,6 +1,7 @@ - /* Software-Based Trusted Platform Module (TPM) Emulator for Linux - * Copyright (C) 2004 Mario Strasser <mast@gmx.net>, - * Swiss Federal Institute of Technology (ETH) Zurich -+ * Copyright (C) 2005 INTEL Corp - * - * This module is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published -@@ -50,7 +51,7 @@ TPM_RESULT TPM_SaveKeyContext(TPM_KEY_HA - BYTE *ptr; - UINT32 len; - info("TPM_SaveKeyContext()"); -- res = TPM_SaveContext(keyHandle, TPM_RT_KEY, "SaveKeyContext..", -+ res = TPM_SaveContext(keyHandle, TPM_RT_KEY, (BYTE*)"SaveKeyContext..", - keyContextSize, &contextBlob); - if (res != TPM_SUCCESS) return res; - len = *keyContextSize; -@@ -82,7 +83,7 @@ TPM_RESULT TPM_SaveAuthContext(TPM_AUTHH - BYTE *ptr; - UINT32 len; - info("TPM_SaveAuthContext()"); -- res = TPM_SaveContext(authHandle, TPM_RT_KEY, "SaveAuthContext.", -+ res = TPM_SaveContext(authHandle, TPM_RT_KEY, (BYTE*)"SaveAuthContext.", - authContextSize, &contextBlob); - if (res != TPM_SUCCESS) return res; - len = *authContextSize; -diff -uprN orig/tpm_emulator-0.4/tpm/tpm_emulator.h tpm_emulator/tpm/tpm_emulator.h ---- orig/tpm_emulator-0.4/tpm/tpm_emulator.h 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/tpm/tpm_emulator.h 2006-07-24 14:35:35.000000000 -0700 -@@ -1,5 +1,6 @@ - /* Software-Based Trusted Platform Module (TPM) Emulator for Linux - * Copyright (C) 2004 Mario Strasser <mast@gmx.net>, -+ * Copyright (C) 2005 INTEL Corp - * - * This module is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published -@@ -22,7 +23,8 @@ - /* TPM configuration */ - #define TPM_STORE_TO_FILE 1 - #undef TPM_STRONG_PERSISTENCE --#undef TPM_GENERATE_EK -+//#undef TPM_GENERATE_EK -+#define TPM_GENERATE_EK - #undef TPM_GENERATE_SEED_DAA - - #define TPM_MANUFACTURER 0x4554485A /* 'ETHZ' */ -diff -uprN orig/tpm_emulator-0.4/tpm/tpm_marshalling.c tpm_emulator/tpm/tpm_marshalling.c ---- orig/tpm_emulator-0.4/tpm/tpm_marshalling.c 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/tpm/tpm_marshalling.c 2006-07-24 14:35:35.000000000 -0700 -@@ -1312,7 +1312,7 @@ int tpm_unmarshal_TPM_STANY_FLAGS(BYTE * - - int tpm_marshal_RSA(BYTE **ptr, UINT32 *length, rsa_private_key_t *v) - { -- UINT32 m_len, e_len, q_len; -+ size_t m_len, e_len, q_len; - if (*length < sizeof_RSA((*v))) return -1; - if (v->size > 0) { - rsa_export_modulus(v, &(*ptr)[6], &m_len); -@@ -1460,6 +1460,66 @@ int tpm_unmarshal_TPM_PERMANENT_DATA(BYT - return 0; - } - -+int tpm_marshal_TPM_STCLEAR_DATA(BYTE **ptr, UINT32 *length, TPM_STCLEAR_DATA *v) -+{ -+ if (tpm_marshal_TPM_STRUCTURE_TAG(ptr, length, v->tag) -+ || tpm_marshal_TPM_NONCE(ptr, length, &v->contextNonceKey) -+ || tpm_marshal_TPM_COUNT_ID(ptr, length, v->countID) ) return -1; -+ -+ return 0; -+} -+ -+int tpm_unmarshal_TPM_STCLEAR_DATA(BYTE **ptr, UINT32 *length, TPM_STCLEAR_DATA *v) -+{ -+ if (tpm_unmarshal_TPM_STRUCTURE_TAG(ptr, length, &v->tag) -+ || tpm_unmarshal_TPM_NONCE(ptr, length, &v->contextNonceKey) -+ || tpm_unmarshal_TPM_COUNT_ID(ptr, length, &v->countID) ) return -1; -+ -+ return 0; -+} -+ -+int tpm_marshal_TPM_STANY_DATA(BYTE **ptr, UINT32 *length, TPM_STANY_DATA *v) -+{ -+ UINT32 i; -+ if (tpm_marshal_TPM_STRUCTURE_TAG(ptr, length, v->tag) -+ || tpm_marshal_TPM_NONCE(ptr, length, &v->contextNonceSession) -+ || tpm_marshal_TPM_DIGEST(ptr, length, &v->auditDigest) -+ || tpm_marshal_BOOL(ptr, length, v->auditSession) -+ || tpm_marshal_TPM_CURRENT_TICKS(ptr, length, &v->currentTicks) -+ || tpm_marshal_UINT32(ptr, length, v->contextCount) -+ || tpm_marshal_UINT32_ARRAY(ptr, length, v->contextList, TPM_MAX_SESSION_LIST)) return -1; -+ for (i = 0; i < TPM_MAX_SESSIONS; i++) { -+ if (tpm_marshal_TPM_SESSION_DATA(ptr, length, &v->sessions[i])) return -1; -+ } -+ for (i = 0; i < TPM_MAX_SESSIONS_DAA; i++) { -+ if (tpm_marshal_TPM_DAA_SESSION_DATA(ptr, length, &v->sessionsDAA[i])) return -1; -+ } -+ if (tpm_marshal_TPM_TRANSHANDLE(ptr, length, v->transExclusive)) return -1; -+ -+ return 0; -+} -+ -+int tpm_unmarshal_TPM_STANY_DATA(BYTE **ptr, UINT32 *length, TPM_STANY_DATA *v) -+{ -+ UINT32 i; -+ if (tpm_unmarshal_TPM_STRUCTURE_TAG(ptr, length, &v->tag) -+ || tpm_unmarshal_TPM_NONCE(ptr, length, &v->contextNonceSession) -+ || tpm_unmarshal_TPM_DIGEST(ptr, length, &v->auditDigest) -+ || tpm_unmarshal_BOOL(ptr, length, &v->auditSession) -+ || tpm_unmarshal_TPM_CURRENT_TICKS(ptr, length, &v->currentTicks) -+ || tpm_unmarshal_UINT32(ptr, length, &v->contextCount) -+ || tpm_unmarshal_UINT32_ARRAY(ptr, length, v->contextList, TPM_MAX_SESSION_LIST)) return -1; -+ for (i = 0; i < TPM_MAX_SESSIONS; i++) { -+ if (tpm_unmarshal_TPM_SESSION_DATA(ptr, length, &v->sessions[i])) return -1; -+ } -+ for (i = 0; i < TPM_MAX_SESSIONS_DAA; i++) { -+ if (tpm_unmarshal_TPM_DAA_SESSION_DATA(ptr, length, &v->sessionsDAA[i])) return -1; -+ } -+ if (tpm_unmarshal_TPM_TRANSHANDLE(ptr, length, &v->transExclusive)) return -1; -+ -+ return 0; -+} -+ - int tpm_marshal_TPM_SESSION_DATA(BYTE **ptr, UINT32 *length, TPM_SESSION_DATA *v) - { - if (tpm_marshal_BYTE(ptr, length, v->type) -diff -uprN orig/tpm_emulator-0.4/tpm/tpm_marshalling.h tpm_emulator/tpm/tpm_marshalling.h ---- orig/tpm_emulator-0.4/tpm/tpm_marshalling.h 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/tpm/tpm_marshalling.h 2006-07-24 14:35:35.000000000 -0700 -@@ -432,6 +432,12 @@ int tpm_unmarshal_TPM_KEY_DATA(BYTE **pt - int tpm_marshal_TPM_PERMANENT_DATA(BYTE **ptr, UINT32 *length, TPM_PERMANENT_DATA *); - int tpm_unmarshal_TPM_PERMANENT_DATA(BYTE **ptr, UINT32 *length, TPM_PERMANENT_DATA *); - -+int tpm_marshal_TPM_STCLEAR_DATA(BYTE **ptr, UINT32 *length, TPM_STCLEAR_DATA *v); -+int tpm_unmarshal_TPM_STCLEAR_DATA(BYTE **ptr, UINT32 *length, TPM_STCLEAR_DATA *v); -+ -+int tpm_marshal_TPM_STANY_DATA(BYTE **ptr, UINT32 *length, TPM_STANY_DATA *v); -+int tpm_unmarshal_TPM_STANY_DATA(BYTE **ptr, UINT32 *length, TPM_STANY_DATA *v); -+ - int tpm_marshal_TPM_SESSION_DATA(BYTE **ptr, UINT32 *length, TPM_SESSION_DATA *v); - int tpm_unmarshal_TPM_SESSION_DATA(BYTE **ptr, UINT32 *length, TPM_SESSION_DATA *v); - -diff -uprN orig/tpm_emulator-0.4/tpm/tpm_owner.c tpm_emulator/tpm/tpm_owner.c ---- orig/tpm_emulator-0.4/tpm/tpm_owner.c 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/tpm/tpm_owner.c 2006-07-24 14:35:35.000000000 -0700 -@@ -108,7 +108,7 @@ TPM_RESULT TPM_TakeOwnership(TPM_PROTOCO - TPM_RESULT res; - rsa_private_key_t *ek = &tpmData.permanent.data.endorsementKey; - TPM_KEY_DATA *srk = &tpmData.permanent.data.srk; -- UINT32 buf_size = ek->size >> 3; -+ size_t buf_size = ek->size >> 3, key_length; - BYTE buf[buf_size]; - - info("TPM_TakeOwnership()"); -@@ -173,7 +173,8 @@ TPM_RESULT TPM_TakeOwnership(TPM_PROTOCO - return TPM_FAIL; - } - rsa_export_modulus(&srk->key, srkPub->pubKey.key, -- &srkPub->pubKey.keyLength); -+ &key_length); -+ srkPub->pubKey.keyLength = (UINT32) key_length; - /* setup tpmProof and set state to owned */ - tpm_get_random_bytes(tpmData.permanent.data.tpmProof.nonce, - sizeof(tpmData.permanent.data.tpmProof.nonce)); -diff -uprN orig/tpm_emulator-0.4/tpm/tpm_startup.c tpm_emulator/tpm/tpm_startup.c ---- orig/tpm_emulator-0.4/tpm/tpm_startup.c 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/tpm/tpm_startup.c 2006-07-24 14:35:35.000000000 -0700 -@@ -41,26 +41,29 @@ void TPM_Init(TPM_STARTUP_TYPE startupTy - TPM_RESULT TPM_Startup(TPM_STARTUP_TYPE startupType) - { - int i; -+ int restore_fail; - info("TPM_Startup(%d)", startupType); - if (tpmData.stany.flags.postInitialise == FALSE) return TPM_INVALID_POSTINIT; -- /* reset STANY_FLAGS */ -- SET_TO_ZERO(&tpmData.stany.flags); -- tpmData.stany.flags.tag = TPM_TAG_STANY_FLAGS; -- /* reset STANY_DATA (invalidates ALL sessions) */ -- SET_TO_ZERO(&tpmData.stany.data); -- tpmData.stany.data.tag = TPM_TAG_STANY_DATA; -- /* init session-context nonce */ -- SET_TO_RAND(&tpmData.stany.data.contextNonceSession); -+ -+ /* try and restore state to get EK, SRK, etc */ -+ restore_fail = tpm_restore_permanent_data(); -+ - /* set data and flags according to the given startup type */ - if (startupType == TPM_ST_CLEAR) { -- /* if available, restore permanent data */ -- tpm_restore_permanent_data(); -+ /* reset STANY_FLAGS */ -+ SET_TO_ZERO(&tpmData.stany.flags); -+ tpmData.stany.flags.tag = TPM_TAG_STANY_FLAGS; -+ /* reset STANY_DATA (invalidates ALL sessions) */ -+ SET_TO_ZERO(&tpmData.stany.data); -+ tpmData.stany.data.tag = TPM_TAG_STANY_DATA; -+ /* init session-context nonce */ -+ SET_TO_RAND(&tpmData.stany.data.contextNonceSession); - /* reset PCR values */ - for (i = 0; i < TPM_NUM_PCR; i++) { -- if (tpmData.permanent.data.pcrAttrib[i].pcrReset) -- SET_TO_ZERO(tpmData.permanent.data.pcrValue[i].digest); -+ if (!tpmData.permanent.data.pcrAttrib[i].pcrReset) -+ SET_TO_ZERO(&tpmData.permanent.data.pcrValue[i].digest); - else -- SET_TO_0xFF(tpmData.permanent.data.pcrValue[i].digest); -+ SET_TO_0xFF(&tpmData.permanent.data.pcrValue[i].digest); - } - /* reset STCLEAR_FLAGS */ - SET_TO_ZERO(&tpmData.stclear.flags); -@@ -79,7 +82,8 @@ TPM_RESULT TPM_Startup(TPM_STARTUP_TYPE - /* init key-context nonce */ - SET_TO_RAND(&tpmData.stclear.data.contextNonceKey); - } else if (startupType == TPM_ST_STATE) { -- if (tpm_restore_permanent_data()) { -+ /* restore must have been successful for TPM_ST_STATE */ -+ if (restore_fail) { - error("restoring permanent data failed"); - tpmData.permanent.data.testResult = "tpm_restore_permanent_data() failed"; - tpmData.permanent.flags.selfTestSucceeded = FALSE; -diff -uprN orig/tpm_emulator-0.4/tpm/tpm_storage.c tpm_emulator/tpm/tpm_storage.c ---- orig/tpm_emulator-0.4/tpm/tpm_storage.c 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/tpm/tpm_storage.c 2006-07-24 14:35:35.000000000 -0700 -@@ -58,6 +58,7 @@ int encrypt_sealed_data(TPM_KEY_DATA *ke - BYTE *enc, UINT32 *enc_size) - { - UINT32 len; -+ size_t enc_size32 = *enc_size; - BYTE *buf, *ptr; - rsa_public_key_t pub_key; - int scheme; -@@ -72,7 +73,7 @@ int encrypt_sealed_data(TPM_KEY_DATA *ke - if (buf == NULL - || tpm_marshal_TPM_SEALED_DATA(&ptr, &len, seal) - || rsa_encrypt(&pub_key, scheme, buf, sizeof_TPM_SEALED_DATA((*seal)), -- enc, enc_size)) { -+ enc, &enc_size32)) { - tpm_free(buf); - rsa_release_public_key(&pub_key); - return -1; -@@ -85,7 +86,8 @@ int encrypt_sealed_data(TPM_KEY_DATA *ke - int decrypt_sealed_data(TPM_KEY_DATA *key, BYTE *enc, UINT32 enc_size, - TPM_SEALED_DATA *seal, BYTE **buf) - { -- UINT32 len; -+ size_t len; -+ UINT32 len32; - BYTE *ptr; - int scheme; - switch (key->encScheme) { -@@ -96,8 +98,12 @@ int decrypt_sealed_data(TPM_KEY_DATA *ke - len = enc_size; - *buf = ptr = tpm_malloc(len); - if (*buf == NULL -- || rsa_decrypt(&key->key, scheme, enc, enc_size, *buf, &len) -- || tpm_unmarshal_TPM_SEALED_DATA(&ptr, &len, seal)) { -+ || rsa_decrypt(&key->key, scheme, enc, enc_size, *buf, &len) ){ -+ tpm_free(*buf); -+ return -1; -+ } -+ len32 = len; -+ if (tpm_unmarshal_TPM_SEALED_DATA(&ptr, &len32, seal)) { - tpm_free(*buf); - return -1; - } -@@ -240,11 +246,12 @@ TPM_RESULT TPM_Unseal(TPM_KEY_HANDLE par - - TPM_RESULT TPM_UnBind(TPM_KEY_HANDLE keyHandle, UINT32 inDataSize, - BYTE *inData, TPM_AUTH *auth1, -- UINT32 *outDataSize, BYTE **outData) -+ UINT32 *outDataSize32, BYTE **outData) - { - TPM_RESULT res; - TPM_KEY_DATA *key; - int scheme; -+ size_t outDataSize; - - info("TPM_UnBind()"); - /* get key */ -@@ -262,8 +269,8 @@ TPM_RESULT TPM_UnBind(TPM_KEY_HANDLE key - /* the size of the input data muss be greater than zero */ - if (inDataSize == 0) return TPM_BAD_PARAMETER; - /* decrypt data */ -- *outDataSize = inDataSize; -- *outData = tpm_malloc(*outDataSize); -+ outDataSize = inDataSize; -+ *outData = tpm_malloc(outDataSize); - if (*outData == NULL) return TPM_NOSPACE; - switch (key->encScheme) { - case TPM_ES_RSAESOAEP_SHA1_MGF1: scheme = RSA_ES_OAEP_SHA1; break; -@@ -271,20 +278,21 @@ TPM_RESULT TPM_UnBind(TPM_KEY_HANDLE key - default: tpm_free(*outData); return TPM_DECRYPT_ERROR; - } - if (rsa_decrypt(&key->key, scheme, inData, inDataSize, -- *outData, outDataSize)) { -+ *outData, &outDataSize)) { - tpm_free(*outData); - return TPM_DECRYPT_ERROR; - } - /* verify data if it is of type TPM_BOUND_DATA */ - if (key->encScheme == TPM_ES_RSAESOAEP_SHA1_MGF1 - || key->keyUsage != TPM_KEY_LEGACY) { -- if (*outDataSize < 5 || memcmp(*outData, "\x01\x01\00\x00\x02", 5) != 0) { -+ if (outDataSize < 5 || memcmp(*outData, "\x01\x01\00\x00\x02", 5) != 0) { - tpm_free(*outData); - return TPM_DECRYPT_ERROR; - } -- *outDataSize -= 5; -- memmove(*outData, &(*outData)[5], *outDataSize); -+ outDataSize -= 5; -+ memmove(*outData, &(*outData)[5], outDataSize); - } -+ *outDataSize32 = (UINT32) outDataSize; - return TPM_SUCCESS; - } - -@@ -334,12 +342,13 @@ int compute_pubkey_digest(TPM_PUBKEY *ke - } - - int encrypt_private_key(TPM_KEY_DATA *key, TPM_STORE_ASYMKEY *store, -- BYTE *enc, UINT32 *enc_size) -+ BYTE *enc, UINT32 *enc_size32) - { - UINT32 len; - BYTE *buf, *ptr; - rsa_public_key_t pub_key; - int scheme; -+ size_t enc_size; - switch (key->encScheme) { - case TPM_ES_RSAESOAEP_SHA1_MGF1: scheme = RSA_ES_OAEP_SHA1; break; - case TPM_ES_RSAESPKCSv15: scheme = RSA_ES_PKCSV15; break; -@@ -351,11 +360,12 @@ int encrypt_private_key(TPM_KEY_DATA *ke - if (buf == NULL - || tpm_marshal_TPM_STORE_ASYMKEY(&ptr, &len, store) - || rsa_encrypt(&pub_key, scheme, buf, sizeof_TPM_STORE_ASYMKEY((*store)), -- enc, enc_size)) { -+ enc, &enc_size)) { - tpm_free(buf); - rsa_release_public_key(&pub_key); - return -1; - } -+ *enc_size32 = (UINT32) enc_size; - tpm_free(buf); - rsa_release_public_key(&pub_key); - return 0; -@@ -364,7 +374,8 @@ int encrypt_private_key(TPM_KEY_DATA *ke - int decrypt_private_key(TPM_KEY_DATA *key, BYTE *enc, UINT32 enc_size, - TPM_STORE_ASYMKEY *store, BYTE **buf) - { -- UINT32 len; -+ UINT32 len32; -+ size_t len; - BYTE *ptr; - int scheme; - switch (key->encScheme) { -@@ -375,8 +386,12 @@ int decrypt_private_key(TPM_KEY_DATA *ke - len = enc_size; - *buf = ptr = tpm_malloc(len); - if (*buf == NULL -- || rsa_decrypt(&key->key, scheme, enc, enc_size, *buf, &len) -- || tpm_unmarshal_TPM_STORE_ASYMKEY(&ptr, &len, store)) { -+ || rsa_decrypt(&key->key, scheme, enc, enc_size, *buf, &len) ) { -+ tpm_free(*buf); -+ return -1; -+ } -+ len32 = (UINT32) len; -+ if (tpm_unmarshal_TPM_STORE_ASYMKEY(&ptr, &len32, store)) { - tpm_free(*buf); - return -1; - } -@@ -394,7 +409,7 @@ TPM_RESULT TPM_CreateWrapKey(TPM_KEY_HAN - TPM_SESSION_DATA *session; - TPM_STORE_ASYMKEY store; - rsa_private_key_t rsa; -- UINT32 key_length; -+ size_t key_length; - - info("TPM_CreateWrapKey()"); - /* get parent key */ -@@ -450,11 +465,11 @@ TPM_RESULT TPM_CreateWrapKey(TPM_KEY_HAN - } - } - /* generate key and store it */ -- key_length = keyInfo->algorithmParms.parms.rsa.keyLength; -- if (rsa_generate_key(&rsa, key_length)) return TPM_FAIL; -- wrappedKey->pubKey.keyLength = key_length >> 3; -+ if (rsa_generate_key(&rsa, keyInfo->algorithmParms.parms.rsa.keyLength)) -+ return TPM_FAIL; -+ wrappedKey->pubKey.keyLength = keyInfo->algorithmParms.parms.rsa.keyLength >> 3; - wrappedKey->pubKey.key = tpm_malloc(wrappedKey->pubKey.keyLength); -- store.privKey.keyLength = key_length >> 4; -+ store.privKey.keyLength = keyInfo->algorithmParms.parms.rsa.keyLength >> 4; - store.privKey.key = tpm_malloc(store.privKey.keyLength); - wrappedKey->encDataSize = parent->key.size >> 3; - wrappedKey->encData = tpm_malloc(wrappedKey->encDataSize); -@@ -466,9 +481,11 @@ TPM_RESULT TPM_CreateWrapKey(TPM_KEY_HAN - tpm_free(wrappedKey->encData); - return TPM_NOSPACE; - } -- rsa_export_modulus(&rsa, wrappedKey->pubKey.key, -- &wrappedKey->pubKey.keyLength); -- rsa_export_prime1(&rsa, store.privKey.key, &store.privKey.keyLength); -+ rsa_export_modulus(&rsa, wrappedKey->pubKey.key, -+ &key_length); -+ wrappedKey->pubKey.keyLength = (UINT32) key_length; -+ rsa_export_prime1(&rsa, store.privKey.key, &key_length); -+ store.privKey.keyLength = (UINT32) key_length; - rsa_release_private_key(&rsa); - /* compute the digest of the wrapped key (without encData) */ - if (compute_key_digest(wrappedKey, &store.pubDataDigest)) { -@@ -602,6 +619,7 @@ TPM_RESULT TPM_LoadKey2(TPM_KEY_HANDLE p - - int tpm_setup_key_parms(TPM_KEY_DATA *key, TPM_KEY_PARMS *parms) - { -+ size_t key_length; - parms->algorithmID = TPM_ALG_RSA; - parms->encScheme = key->encScheme; - parms->sigScheme = key->sigScheme; -@@ -611,7 +629,8 @@ int tpm_setup_key_parms(TPM_KEY_DATA *ke - parms->parms.rsa.exponent = tpm_malloc(parms->parms.rsa.exponentSize); - if (parms->parms.rsa.exponent == NULL) return -1; - rsa_export_exponent(&key->key, parms->parms.rsa.exponent, -- &parms->parms.rsa.exponentSize); -+ &key_length); -+ parms->parms.rsa.exponentSize = (UINT32) key_length; - parms->parmSize = 12 + parms->parms.rsa.exponentSize; - return 0; - } -@@ -622,6 +641,7 @@ TPM_RESULT TPM_GetPubKey(TPM_KEY_HANDLE - TPM_RESULT res; - TPM_KEY_DATA *key; - TPM_DIGEST digest; -+ size_t key_length; - info("TPM_GetPubKey()"); - /* get key */ - if (keyHandle == TPM_KH_SRK -@@ -650,8 +670,8 @@ TPM_RESULT TPM_GetPubKey(TPM_KEY_HANDLE - pubKey->pubKey.keyLength = key->key.size >> 3; - pubKey->pubKey.key = tpm_malloc(pubKey->pubKey.keyLength); - if (pubKey->pubKey.key == NULL) return TPM_NOSPACE; -- rsa_export_modulus(&key->key, pubKey->pubKey.key, -- &pubKey->pubKey.keyLength); -+ rsa_export_modulus(&key->key, pubKey->pubKey.key, &key_length); -+ pubKey->pubKey.keyLength = (UINT32) key_length; - if (tpm_setup_key_parms(key, &pubKey->algorithmParms) != 0) { - error("TPM_GetPubKey(): tpm_setup_key_parms() failed."); - tpm_free(pubKey->pubKey.key); -diff -uprN orig/tpm_emulator-0.4/tpm/tpm_structures.h tpm_emulator/tpm/tpm_structures.h ---- orig/tpm_emulator-0.4/tpm/tpm_structures.h 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/tpm/tpm_structures.h 2006-07-24 14:35:35.000000000 -0700 -@@ -1958,6 +1958,7 @@ typedef struct tdTPM_DAA_ISSUER { - TPM_DIGEST DAA_digest_gamma; - BYTE DAA_generic_q[26]; - } TPM_DAA_ISSUER; -+#define sizeof_TPM_DAA_ISSUER(s) (2 + (20 * 6) + 26 ) - - /* - * TPM_DAA_TPM ([TPM_Part2], Section 22.4) -@@ -1973,6 +1974,7 @@ typedef struct tdTPM_DAA_TPM { - TPM_DIGEST DAA_rekey; - UINT32 DAA_count; - } TPM_DAA_TPM; -+#define sizeof_TPM_DAA_TPM(s) (2 + (4 * 20) + 4) - - /* - * TPM_DAA_CONTEXT ([TPM_Part2], Section 22.5) -@@ -1987,6 +1989,7 @@ typedef struct tdTPM_DAA_CONTEXT { - BYTE DAA_scratch[256]; - BYTE DAA_stage; - } TPM_DAA_CONTEXT; -+#define sizeof_TPM_DAA_CONTEXT(s) (2 + (3 * 20) + 256 + 1) - - /* - * TPM_DAA_JOINDATA ([TPM_Part2], Section 22.6) -@@ -1998,6 +2001,7 @@ typedef struct tdTPM_DAA_JOINDATA { - BYTE DAA_join_u1[138]; - TPM_DIGEST DAA_digest_n0; - } TPM_DAA_JOINDATA; -+#define sizeof_TPM_DAA_JOINDATA(s) (1 + 1 + 20) - - /* - * TPM_DAA_BLOB ([TPM_Part2], Section 22.8) -@@ -2202,6 +2206,7 @@ typedef struct tdTPM_STCLEAR_DATA { - //UINT32 ownerReference; - //BOOL disableResetLock; - } TPM_STCLEAR_DATA; -+#define sizeof_TPM_STCLEAR_DATA(s) (2 + 20 + 4) - - /* - * TPM_SESSION_DATA -@@ -2238,6 +2243,11 @@ typedef struct tdTPM_DAA_SESSION_DATA { - TPM_DAA_JOINDATA DAA_joinSession; - TPM_HANDLE handle; - } TPM_DAA_SESSION_DATA; -+#define sizeof_TPM_DAA_SESSION_DATA(s) ( 1 \ -+ + sizeof_TPM_DAA_ISSUER(s.DAA_issuerSettings) \ -+ + sizeof_TPM_DAA_TPM(s.DAA_tpmSpecific) \ -+ + sizeof_TPM_DAA_CONTEXT(s.DAA_session) \ -+ + sizeof_TPM_DAA_JOINDATA(s.DAA_joinSession) + 4) - - /* - * TPM_STANY_DATA ([TPM_Part2], Section 7.6) -@@ -2262,6 +2272,11 @@ typedef struct tdTPM_STANY_DATA { - TPM_DAAHANDLE currentDAA; - TPM_TRANSHANDLE transExclusive; - } TPM_STANY_DATA; -+#define sizeof_TPM_STANY_DATA(s) (2 + 20 + 20 + 1 \ -+ + sizeof_TPM_CURRENT_TICKS(s.currentTicks) \ -+ + 4 + (4 * TPM_MAX_SESSION_LIST) \ -+ + (sizeof_TPM_SESSION_DATA(s.sessions[0]) * TPM_MAX_SESSION_LIST) \ -+ + (sizeof_TPM_DAA_SESSION_DATA(s.sessionsDAA[0]) * TPM_MAX_SESSIONS_DAA) + 4) - - /* - * TPM_DATA -diff -uprN orig/tpm_emulator-0.4/tpm/tpm_testing.c tpm_emulator/tpm/tpm_testing.c ---- orig/tpm_emulator-0.4/tpm/tpm_testing.c 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/tpm/tpm_testing.c 2006-07-24 14:35:35.000000000 -0700 -@@ -1,6 +1,7 @@ - /* Software-Based Trusted Platform Module (TPM) Emulator for Linux - * Copyright (C) 2004 Mario Strasser <mast@gmx.net>, - * Swiss Federal Institute of Technology (ETH) Zurich -+ * Copyright (C) 2005 INTEL Corp - * - * This module is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published -@@ -95,24 +96,24 @@ static int tpm_test_sha1(void) - struct { - uint8_t *data; uint32_t repetitions; uint8_t *digest; - } test_cases[] = {{ -- "abc", 1, -- "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D" -+ (uint8_t*)"abc", 1, -+ (uint8_t*)"\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D" - }, { -- "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1, -- "\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29\xE5\xE5\x46\x70\xF1" -+ (uint8_t*)"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1, -+ (uint8_t*)"\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29\xE5\xE5\x46\x70\xF1" - }, { -- "a", 1000000, -- "\x34\xAA\x97\x3C\xD4\xC4\xDA\xA4\xF6\x1E\xEB\x2B\xDB\xAD\x27\x31\x65\x34\x01\x6F" -+ (uint8_t*)"a", 1000000, -+ (uint8_t*)"\x34\xAA\x97\x3C\xD4\xC4\xDA\xA4\xF6\x1E\xEB\x2B\xDB\xAD\x27\x31\x65\x34\x01\x6F" - }, { -- "0123456701234567012345670123456701234567012345670123456701234567", 10, -- "\xDE\xA3\x56\xA2\xCD\xDD\x90\xC7\xA7\xEC\xED\xC5\xEB\xB5\x63\x93\x4F\x46\x04\x52" -+ (uint8_t*)"0123456701234567012345670123456701234567012345670123456701234567", 10, -+ (uint8_t*)"\xDE\xA3\x56\xA2\xCD\xDD\x90\xC7\xA7\xEC\xED\xC5\xEB\xB5\x63\x93\x4F\x46\x04\x52" - }}; - - debug("tpm_test_sha1()"); - for (i = 0; i < sizeof(test_cases) / sizeof(test_cases[0]); i++) { - sha1_init(&ctx); - for (j = 0; j < test_cases[i].repetitions; j++) -- sha1_update(&ctx, test_cases[i].data, strlen(test_cases[i].data)); -+ sha1_update(&ctx, test_cases[i].data, strlen((char*)test_cases[i].data)); - sha1_final(&ctx, digest); - if (memcmp(digest, test_cases[i].digest, SHA1_DIGEST_LENGTH) != 0) return -1; - } -@@ -128,41 +129,41 @@ static int tpm_test_hmac(void) - struct { - uint8_t *key, key_len, *data, data_len, *digest; - } test_cases[] = {{ -- "\x0b", 20, "Hi There", 8, -- "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c\x8e\xf1\x46\xbe\x00" -+ (uint8_t*)"\x0b", 20, (uint8_t*)"Hi There", 8, -+ (uint8_t*)"\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c\x8e\xf1\x46\xbe\x00" - }, { -- "Jefe", 4, "what do ya want for nothing?", 28, -- "\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74\x16\xd5\xf1\x84\xdf\x9c\x25\x9a\x7c\x79" -+ (uint8_t*)"Jefe", 4, (uint8_t*)"what do ya want for nothing?", 28, -+ (uint8_t*)"\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74\x16\xd5\xf1\x84\xdf\x9c\x25\x9a\x7c\x79" - }, { -- "\xaa", 20, "\xdd", 50, -- "\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3\x9a\xf4\x8a\xa1\x7b\x4f\x63\xf1\x75\xd3" -+ (uint8_t*)"\xaa", 20, (uint8_t*)"\xdd", 50, -+ (uint8_t*)"\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3\x9a\xf4\x8a\xa1\x7b\x4f\x63\xf1\x75\xd3" - }, { -- "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14" -- "\x15\x16\x17\x18\x19", 25, "\xcd", 50, -- "\x4c\x90\x07\xf4\x02\x62\x50\xc6\xbc\x84\x14\xf9\xbf\x50\xc8\x6c\x2d\x72\x35\xda" -+ (uint8_t*)"\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14" -+ "\x15\x16\x17\x18\x19", 25, (uint8_t*)"\xcd", 50, -+ (uint8_t*)"\x4c\x90\x07\xf4\x02\x62\x50\xc6\xbc\x84\x14\xf9\xbf\x50\xc8\x6c\x2d\x72\x35\xda" - }, { -- "\x0c", 20, "Test With Truncation", 20, -- "\x4c\x1a\x03\x42\x4b\x55\xe0\x7f\xe7\xf2\x7b\xe1\xd5\x8b\xb9\x32\x4a\x9a\x5a\x04" -+ (uint8_t*)"\x0c", 20, (uint8_t*)"Test With Truncation", 20, -+ (uint8_t*)"\x4c\x1a\x03\x42\x4b\x55\xe0\x7f\xe7\xf2\x7b\xe1\xd5\x8b\xb9\x32\x4a\x9a\x5a\x04" - }, { -- "\xaa", 80, "Test Using Larger Than Block-Size Key - Hash Key First", 54, -- "\xaa\x4a\xe5\xe1\x52\x72\xd0\x0e\x95\x70\x56\x37\xce\x8a\x3b\x55\xed\x40\x21\x12" -+ (uint8_t*)"\xaa", 80, (uint8_t*)"Test Using Larger Than Block-Size Key - Hash Key First", 54, -+ (uint8_t*)"\xaa\x4a\xe5\xe1\x52\x72\xd0\x0e\x95\x70\x56\x37\xce\x8a\x3b\x55\xed\x40\x21\x12" - }, { -- "\xaa", 80, -- "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data", 73, -- "\xe8\xe9\x9d\x0f\x45\x23\x7d\x78\x6d\x6b\xba\xa7\x96\x5c\x78\x08\xbb\xff\x1a\x91" -+ (uint8_t*)"\xaa", 80, -+ (uint8_t*)"Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data", 73, -+ (uint8_t*)"\xe8\xe9\x9d\x0f\x45\x23\x7d\x78\x6d\x6b\xba\xa7\x96\x5c\x78\x08\xbb\xff\x1a\x91" - }}; - - debug("tpm_test_hmac()"); - for (i = 0; i < sizeof(test_cases) / sizeof(test_cases[0]); i++) { -- if (strlen(test_cases[i].key) < test_cases[i].key_len) { -+ if (strlen((char*)test_cases[i].key) < test_cases[i].key_len) { - uint8_t key[test_cases[i].key_len]; - memset(key, test_cases[i].key[0], test_cases[i].key_len); - hmac_init(&ctx, key, test_cases[i].key_len); - } else { - hmac_init(&ctx, test_cases[i].key, test_cases[i].key_len); - } -- for (j = 0; j < test_cases[i].data_len; j += strlen(test_cases[i].data)) { -- hmac_update(&ctx, test_cases[i].data, strlen(test_cases[i].data)); -+ for (j = 0; j < test_cases[i].data_len; j += strlen((char*)test_cases[i].data)) { -+ hmac_update(&ctx, test_cases[i].data, strlen((char*)test_cases[i].data)); - } - hmac_final(&ctx, digest); - if (memcmp(digest, test_cases[i].digest, SHA1_DIGEST_LENGTH) != 0) return -1; -@@ -173,9 +174,9 @@ static int tpm_test_hmac(void) - static int tpm_test_rsa_EK(void) - { - int res = 0; -- char *data = "RSA PKCS #1 v1.5 Test-String"; -+ uint8_t *data = (uint8_t*)"RSA PKCS #1 v1.5 Test-String"; - uint8_t buf[256]; -- size_t buf_len, data_len = strlen(data); -+ size_t buf_len, data_len = strlen((char*)data); - rsa_private_key_t priv_key; - rsa_public_key_t pub_key; - -diff -uprN orig/tpm_emulator-0.4/tpm/tpm_ticks.c tpm_emulator/tpm/tpm_ticks.c ---- orig/tpm_emulator-0.4/tpm/tpm_ticks.c 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/tpm/tpm_ticks.c 2006-07-24 14:35:35.000000000 -0700 -@@ -1,6 +1,7 @@ - /* Software-Based Trusted Platform Module (TPM) Emulator for Linux - * Copyright (C) 2004 Mario Strasser <mast@gmx.net>, - * Swiss Federal Institute of Technology (ETH) Zurich -+ * Copyright (C) 2005 INTEL Corp - * - * This module is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published -@@ -39,9 +40,7 @@ TPM_RESULT TPM_SetTickType(TPM_TICKTYPE - TPM_RESULT TPM_GetTicks(TPM_CURRENT_TICKS *currentTime) - { - info("TPM_GetTicks()"); -- memcpy(currentTime, &tpmData.stany.data.currentTicks, -- sizeof(TPM_CURRENT_TICKS)); -- return TPM_SUCCESS; -+ return TPM_DISABLED_CMD; - } - - TPM_RESULT TPM_TickStampBlob(TPM_KEY_HANDLE keyHandle, TPM_NONCE *antiReplay, -@@ -49,64 +48,11 @@ TPM_RESULT TPM_TickStampBlob(TPM_KEY_HAN - TPM_CURRENT_TICKS *currentTicks, - UINT32 *sigSize, BYTE **sig) - { -- TPM_RESULT res; -- TPM_KEY_DATA *key; -- BYTE *info, *p; -- UINT32 info_length, length; - info("TPM_TickStampBlob()"); -- /* get key */ -- key = tpm_get_key(keyHandle); -- if (key == NULL) return TPM_INVALID_KEYHANDLE; -- /* verify authorization */ -- res = tpm_verify_auth(auth1, key->usageAuth, keyHandle); -- if (res != TPM_SUCCESS) return res; -- if (key->keyUsage != TPM_KEY_SIGNING && key->keyUsage != TPM_KEY_LEGACY -- && key->keyUsage != TPM_KEY_IDENTITY) return TPM_INVALID_KEYUSAGE; -- /* get current ticks */ -- TPM_GetTicks(currentTicks); -- /* sign data using signature scheme PKCS1_SHA1 and TPM_SIGN_INFO container */ -- *sigSize = key->key.size >> 3; -- *sig = tpm_malloc(*sigSize); -- if (*sig == NULL) return TPM_FAIL; -- /* setup TPM_SIGN_INFO structure */ -- info_length = 30 + sizeof(TPM_DIGEST) + sizeof_TPM_CURRENT_TICKS(currentTicks); -- info = tpm_malloc(info_length); -- if (info == NULL) { -- tpm_free(*sig); -- return TPM_FAIL; -- } -- memcpy(&info[0], "\x05\x00TSTP", 6); -- memcpy(&info[6], antiReplay->nonce, 20); -- *(UINT32*)&info[26] = CPU_TO_BE32(20 -- + sizeof_TPM_CURRENT_TICKS(currentTicks)); -- memcpy(&info[30], digestToStamp->digest, sizeof(TPM_DIGEST)); -- p = &info[30 + sizeof(TPM_DIGEST)]; -- length = sizeof_TPM_CURRENT_TICKS(currentTicks); -- if (tpm_marshal_TPM_CURRENT_TICKS(&p, &length, currentTicks) -- || rsa_sign(&key->key, RSA_SSA_PKCS1_SHA1, info, info_length, *sig)) { -- tpm_free(*sig); -- tpm_free(info); -- return TPM_FAIL; -- } -- return TPM_SUCCESS; -+ return TPM_DISABLED_CMD; - } - - void tpm_update_ticks(void) - { -- if (tpmData.stany.data.currentTicks.tag == 0) { -- tpmData.stany.data.currentTicks.tag = TPM_TAG_CURRENT_TICKS; -- tpmData.stany.data.currentTicks.currentTicks += tpm_get_ticks(); --/* removed since v1.2 rev 94 -- tpmData.stany.data.currentTicks.tickType = tpmData.permanent.data.tickType; --*/ -- tpm_get_random_bytes(tpmData.stany.data.currentTicks.tickNonce.nonce, -- sizeof(TPM_NONCE)); -- tpmData.stany.data.currentTicks.tickRate = 1; --/* removed since v1.2 rev 94 -- tpmData.stany.data.currentTicks.tickSecurity = TICK_SEC_NO_CHECK; --*/ -- } else { -- tpmData.stany.data.currentTicks.currentTicks += tpm_get_ticks(); -- } - } - -diff -uprN orig/tpm_emulator-0.4/tpm/tpm_transport.c tpm_emulator/tpm/tpm_transport.c ---- orig/tpm_emulator-0.4/tpm/tpm_transport.c 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/tpm/tpm_transport.c 2006-07-24 14:35:35.000000000 -0700 -@@ -189,7 +189,7 @@ static void decrypt_wrapped_command(BYTE - sha1_init(&sha1); - sha1_update(&sha1, auth->nonceEven.nonce, sizeof(auth->nonceEven.nonce)); - sha1_update(&sha1, auth->nonceOdd.nonce, sizeof(auth->nonceOdd.nonce)); -- sha1_update(&sha1, "in", 2); -+ sha1_update(&sha1, (BYTE*)"in", 2); - sha1_update(&sha1, secret, sizeof(TPM_SECRET)); - j = CPU_TO_BE32(i); - sha1_update(&sha1, (BYTE*)&j, 4); -@@ -211,7 +211,7 @@ static void encrypt_wrapped_command(BYTE - sha1_init(&sha1); - sha1_update(&sha1, auth->nonceEven.nonce, sizeof(auth->nonceEven.nonce)); - sha1_update(&sha1, auth->nonceOdd.nonce, sizeof(auth->nonceOdd.nonce)); -- sha1_update(&sha1, "out", 3); -+ sha1_update(&sha1, (BYTE*)"out", 3); - sha1_update(&sha1, secret, sizeof(TPM_SECRET)); - j = CPU_TO_BE32(i); - sha1_update(&sha1, (BYTE*)&j, 4); -diff -uprN orig/tpm_emulator-0.4/tpmd.c tpm_emulator/tpmd.c ---- orig/tpm_emulator-0.4/tpmd.c 1969-12-31 16:00:00.000000000 -0800 -+++ tpm_emulator/tpmd.c 2006-07-24 14:35:35.000000000 -0700 -@@ -0,0 +1,156 @@ -+/* Software-Based Trusted Platform Module (TPM) Emulator for Linux -+ * Copyright (C) 2005 INTEL Corp -+ * -+ * This module is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published -+ * by the Free Software Foundation; either version 2 of the License, -+ * or (at your option) any later version. -+ * -+ * This module is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ */ -+ -+#include <stdio.h> -+#include <stdlib.h> -+#include <unistd.h> -+#include <string.h> -+#include <sys/types.h> -+#include <sys/stat.h> -+#include <fcntl.h> -+#include <sys/time.h> -+ -+#include "tpm_emulator.h" -+ -+#define TPM_RX_FNAME "/var/tpm/tpm_in.fifo" -+#define TPM_TX_FNAME "/var/tpm/tpm_out.fifo" -+ -+#define BUFFER_SIZE 2048 -+ -+static int devurandom=0; -+ -+void get_random_bytes(void *buf, int nbytes) { -+ -+ if (devurandom == 0) { -+ devurandom = open("/dev/urandom", O_RDONLY); -+ } -+ -+ if (read(devurandom, buf, nbytes) != nbytes) { -+ printf("Can't get random number.\n"); -+ exit(-1); -+ } -+} -+ -+uint64_t tpm_get_ticks(void) -+{ -+ //struct timeval tv; -+ //int gettimeofday(&tv, struct timezone *tz); -+ return 0; -+} -+ -+int main(int argc, char **argv) -+{ -+ uint8_t in[BUFFER_SIZE], *out; -+ uint32_t out_size; -+ int in_size, written; -+ int i; -+ struct stat file_info; -+ -+ int tpm_tx_fh=-1, tpm_rx_fh=-1; -+ if (argc < 2) { -+ printf("Usage: tpmd clear|save|deactivated\n" ); -+ return -1; -+ } -+ -+ /* initialize TPM emulator */ -+ if (!strcmp(argv[1], "clear")) { -+ printf("Initializing tpm: %s\n", argv[1]); -+ tpm_emulator_init(1); -+ } else if (!strcmp(argv[1], "save")) { -+ printf("Initializing tpm: %s\n", argv[1]); -+ tpm_emulator_init(2); -+ } else if (!strcmp(argv[1], "deactivated")) { -+ printf("Initializing tpm: %s\n", argv[1]); -+ tpm_emulator_init(3); -+ } else { -+ printf("invalid startup mode '%s'; must be 'clear', " -+ "'save' (default) or 'deactivated", argv[1]); -+ return -1; -+ } -+ -+ if ( stat(TPM_RX_FNAME, &file_info) == -1) { -+ if ( mkfifo(TPM_RX_FNAME, S_IWUSR | S_IRUSR ) ) { -+ printf("Failed to create fifo %s.\n", TPM_RX_FNAME); -+ return -1; -+ } -+ } -+ -+ if ( stat(TPM_TX_FNAME, &file_info) == -1) { -+ if ( mkfifo(TPM_TX_FNAME, S_IWUSR | S_IRUSR ) ) { -+ printf("Failed to create fifo %s.\n", TPM_TX_FNAME); -+ return -1; -+ } -+ } -+ -+ while (1) { -+abort_command: -+ if (tpm_rx_fh < 0) { -+ tpm_rx_fh = open(TPM_RX_FNAME, O_RDONLY); -+ } -+ -+ if (tpm_rx_fh < 0) { -+ printf("ERROR: failed to open devices to listen to guest.\n"); -+ return -1; -+ } -+ -+ if (tpm_tx_fh < 0) { -+ tpm_tx_fh = open(TPM_TX_FNAME, O_WRONLY); -+ } -+ -+ if (tpm_tx_fh < 0) { -+ printf("ERROR: failed to open devices to respond to guest.\n"); -+ return -1; -+ } -+ -+ in_size = read(tpm_rx_fh, in, BUFFER_SIZE); -+ if (in_size < 6) { // Magic size of minium TPM command -+ printf("Recv[%d] to small: 0x", in_size); -+ if (in_size <= 0) { -+ close(tpm_rx_fh); -+ tpm_rx_fh = -1; -+ goto abort_command; -+ } -+ } else { -+ printf("Recv[%d]: 0x", in_size); -+ for (i=0; i< in_size; i++) -+ printf("%x ", in[i]); -+ printf("\n"); -+ } -+ -+ -+ if (tpm_handle_command(in, in_size, &out, &out_size) != 0) { -+ printf("ERROR: Handler Failed.\n"); -+ } -+ -+ written = write(tpm_tx_fh, out, out_size); -+ -+ if (written != out_size ) { -+ printf("ERROR: Part of response not written %d/%d.\nAttempt: ", written, out_size); -+ } else { -+ printf("Sent[%Zu]: ", out_size); -+ } -+ for (i=0; i< out_size; i++) -+ printf("%x ", out[i]); -+ printf("\n"); -+ tpm_free(out); -+ -+ } // loop -+ -+ tpm_emulator_shutdown(); -+ -+ close(tpm_tx_fh); -+ close(tpm_rx_fh); -+ -+} -Binary files orig/tpm_emulator-0.4/tpm_emulator and tpm_emulator/tpm_emulator differ -diff -uprN orig/tpm_emulator-0.4/tpm_version.h tpm_emulator/tpm_version.h ---- orig/tpm_emulator-0.4/tpm_version.h 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/tpm_version.h 2006-07-24 14:35:41.000000000 -0700 -@@ -2,5 +2,5 @@ - #define _TPM_VERSION_H_ - #define VERSION_MAJOR 0 - #define VERSION_MINOR 4 --#define VERSION_BUILD 1151058734 -+#define VERSION_BUILD 1153776940 - #endif /* _TPM_VERSION_H_ */ diff --git a/tools/vtpm/vtpm-0.5.1-LDLIBS.patch b/tools/vtpm/vtpm-0.5.1-LDLIBS.patch deleted file mode 100644 index 95586c1c5e..0000000000 --- a/tools/vtpm/vtpm-0.5.1-LDLIBS.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -Naurp tpm_emulator-0.5.1/tpmd/Makefile tpm_emulator-0.5.1/tpmd/Makefile ---- tpm_emulator-0.5.1/tpmd/Makefile -+++ tpm_emulator-0.5.1/tpmd/Makefile -@@ -8,7 +8,7 @@ WFLAGS := -Wall -Wno-unused -Wpointer-a - #WFLAGS += -Wextra -Wcast-qual -Wmissing-prototypes -Wmissing-declarations -Wstrict-aliasing - CFLAGS += $(WFLAGS) -g -I.. -I. -O2 -fno-strict-aliasing - CFLAGS += -I../../../../tools/vtpm_manager/manager --LDFLAGS += -lgmp -+LDLIBS += -lgmp - - BINDIR := /usr/bin/ - diff --git a/tools/vtpm/vtpm-0.5.1.patch b/tools/vtpm/vtpm-0.5.1.patch deleted file mode 100644 index 2aeb745e95..0000000000 --- a/tools/vtpm/vtpm-0.5.1.patch +++ /dev/null @@ -1,766 +0,0 @@ -diff -Naurp tpm_emulator-0.5.1/Makefile tpm5-test/Makefile ---- tpm_emulator-0.5.1/Makefile 2008-02-14 03:22:48.000000000 -0500 -+++ tpm5-test/Makefile 2009-07-15 09:45:28.000000000 -0400 -@@ -10,7 +10,7 @@ VERSION_MINOR := 5 - VERSION_BUILD := $(shell date +"%s") - VERSION_SUFFIX := .1 - --SUBDIRS := tpmd tpmd_dev tddl -+SUBDIRS := tpmd - - all: version all-recursive - -@@ -48,12 +48,12 @@ user_install: user - modules_install: modules - @$(MAKE) -C tpmd_dev install || exit -1 - --DIRS := . tpm crypto tpmd tpmd_dev tddl tpmd_dev_openbsd -+DIRS := . tpm crypto tpmd - DISTSRC := $(foreach dir, $(DIRS), $(wildcard $(dir)/*.c)) - DISTSRC += $(foreach dir, $(DIRS), $(wildcard $(dir)/*.h)) --DIRS := . tpmd tpmd_dev tddl tpmd_dev_openbsd -+DIRS := . tpmd - DISTSRC += $(foreach dir, $(DIRS), $(dir)/Makefile) --DISTSRC += ./README ./AUTHORS ./ChangeLog tpmd_dev/tpmd_dev.rules.in -+DISTSRC += ./README ./AUTHORS ./ChangeLog - DISTDIR := tpm_emulator-$(VERSION_MAJOR).$(VERSION_MINOR)$(VERSION_SUFFIX) - - dist: $(DISTSRC) -diff -Naurp tpm_emulator-0.5.1/tpm/tpm_capability.c tpm5-test/tpm/tpm_capability.c ---- tpm_emulator-0.5.1/tpm/tpm_capability.c 2008-02-14 03:22:48.000000000 -0500 -+++ tpm5-test/tpm/tpm_capability.c 2009-07-16 12:04:20.000000000 -0400 -@@ -136,8 +136,19 @@ static TPM_RESULT cap_property(UINT32 su - - case TPM_CAP_PROP_TIS_TIMEOUT: - debug("[TPM_CAP_PROP_TIS_TIMEOUT]"); -- /* TODO: TPM_CAP_PROP_TIS_TIMEOUT */ -- return TPM_FAIL; -+ /* TODO: TPM_CAP_PROP_TIS_TIMEOUT: Measure these values and determine correct ones */ -+ UINT32 len = *respSize = 16; -+ BYTE *ptr = *resp = tpm_malloc(*respSize); -+ if (ptr == NULL || -+ tpm_marshal_UINT32(&ptr, &len, 200000) || -+ tpm_marshal_UINT32(&ptr, &len, 200000) || -+ tpm_marshal_UINT32(&ptr, &len, 200000) || -+ tpm_marshal_UINT32(&ptr, &len, 200000)) { -+ tpm_free(*resp); -+ return TPM_FAIL; -+ } -+ return TPM_SUCCESS; -+ - - case TPM_CAP_PROP_STARTUP_EFFECT: - debug("[TPM_CAP_PROP_STARTUP_EFFECT]"); -@@ -189,8 +200,12 @@ static TPM_RESULT cap_property(UINT32 su - - case TPM_CAP_PROP_DURATION: - debug("[TPM_CAP_PROP_DURATION]"); -- /* TODO: TPM_CAP_PROP_DURATION */ -- return TPM_FAIL; -+ /* TODO: TPM_CAP_PROP_DURATION: Measure these values and return accurate ones */ -+ BYTE dur[]= {0x0,0x0,0x0,0xc,0x0,0x7,0xa1,0x20,0x0,0x1e,0x84,0x80,0x11,0xe1,0xa3,0x0}; -+ *respSize = 16; -+ *resp = tpm_malloc(*respSize); -+ memcpy(*resp,dur,16); -+ - - case TPM_CAP_PROP_ACTIVE_COUNTER: - debug("[TPM_CAP_PROP_ACTIVE_COUNTER]"); -diff -Naurp tpm_emulator-0.5.1/tpmd/Makefile tpm5-test/tpmd/Makefile ---- tpm_emulator-0.5.1/tpmd/Makefile 2008-02-14 03:22:48.000000000 -0500 -+++ tpm5-test/tpmd/Makefile 2009-07-16 12:08:26.000000000 -0400 -@@ -8,9 +8,10 @@ WFLAGS := -Wall -Wno-unused -Wpointer-a - -Wwrite-strings -Wsign-compare -Wno-multichar - #WFLAGS += -Wextra -Wcast-qual -Wmissing-prototypes -Wmissing-declarations -Wstrict-aliasing - CFLAGS += $(WFLAGS) -g -I.. -I. -O2 -fno-strict-aliasing -+CFLAGS += -I../../../../tools/vtpm_manager/manager - LDFLAGS += -lgmp - --BINDIR := /usr/sbin/ -+BINDIR := /usr/bin/ - - TPMD := tpmd - DIRS := ../tpm ../crypto -@@ -18,6 +19,8 @@ SRCS := $(foreach dir, $(DIRS), $(wil - OBJS := $(patsubst %.c, %.o, $(SRCS)) - OBJS := $(foreach dir, $(DIRS), $(patsubst $(dir)/%.o, %.o, $(filter $(dir)/%.o, $(OBJS)))) - -+VTPM_BIN := vtpmd -+ - vpath %.c $(strip $(DIRS)) - - all: $(TPMD) -@@ -32,10 +35,8 @@ TPMD_GROUP ?= tss - INSTALL ?= install - - install: $(TPMD) -- $(INSTALL) -m 755 -o $(TPMD_USER) -g $(TPMD_GROUP) -d $(DESTDIR)/var/lib/tpm -- $(INSTALL) -m 755 -o $(TPMD_USER) -g $(TPMD_GROUP) -d $(DESTDIR)/var/run/tpm - $(INSTALL) -D -d $(DESTDIR)/$(BINDIR) -- $(INSTALL) -m 755 $(TPMD) $(DESTDIR)/$(BINDIR) -+ $(INSTALL) -m 755 $(TPMD) $(DESTDIR)/$(BINDIR)/$(VTPM_BIN) - - .PHONY: all clean install - -diff -Naurp tpm_emulator-0.5.1/tpmd/tpmd.c tpm5-test/tpmd/tpmd.c ---- tpm_emulator-0.5.1/tpmd/tpmd.c 2008-02-14 03:22:48.000000000 -0500 -+++ tpm5-test/tpmd/tpmd.c 2009-07-16 11:19:05.000000000 -0400 -@@ -32,6 +32,9 @@ - #include <grp.h> - #include "tpm_emulator_config.h" - #include "tpm/tpm_emulator.h" -+#include "tpm/tpm_structures.h" -+#include "tpm/tpm_marshalling.h" -+#include "vtpm_manager.h" - - #define TPM_DAEMON_NAME "tpmd" - #define TPM_CMD_BUF_SIZE 4096 -@@ -39,6 +42,24 @@ - #define TPM_RANDOM_DEVICE "/dev/urandom" - #undef TPM_MKDIRS - -+#ifdef VTPM_MULTI_VM -+ #define DEV_BE "/dev/vtpm" -+ #define DEV_FE "/dev/tpm" -+#else -+ #define PVM_RX_FIFO_D "/var/vtpm/fifos/tpm_cmd_to_%d.fifo" -+ #define PVM_TX_FIFO "/var/vtpm/fifos/tpm_rsp_from_all.fifo" -+ #define HVM_RX_FIFO_D "/var/vtpm/socks/%d.socket" -+ -+ #define VTPM_RX_FIFO_D "/var/vtpm/fifos/vtpm_rsp_to_%d.fifo" -+ #define VTPM_TX_FIFO "/var/vtpm/fifos/vtpm_cmd_from_all.fifo" -+ -+ static char *vtpm_rx_name=NULL; -+#endif -+ -+ static int vtpm_tx_fh=-1, vtpm_rx_fh=-1; -+ -+#define BUFFER_SIZE 2048 -+ - static volatile int stopflag = 0; - static int is_daemon = 0; - static int opt_debug = 0; -@@ -49,6 +70,8 @@ static const char *opt_storage_file = "/ - static uid_t opt_uid = 0; - static gid_t opt_gid = 0; - static int tpm_startup = 2; -+static int vtpm_type = VTPM_TYPE_PVM; -+int dmi_id = 0; - static int rand_fh; - - void tpm_log(int priority, const char *fmt, ...) -@@ -90,56 +113,241 @@ uint64_t tpm_get_ticks(void) - - int tpm_write_to_file(uint8_t *data, size_t data_length) - { -- int fh; -- ssize_t res; -- fh = open(opt_storage_file, O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR); -- if (fh < 0) return -1; -- while (data_length > 0) { -- res = write(fh, data, data_length); -- if (res < 0) { -- close(fh); -- return -1; -- } -- data_length -= res; -- data += res; -+ int res, out_data_size, in_header_size; -+ BYTE *ptr, *out_data, *in_header; -+ UINT32 result, len, in_rsp_size; -+ UINT16 tag = VTPM_TAG_REQ; -+ -+ printf("Saving NVM\n"); -+ if (vtpm_tx_fh < 0) { -+#ifdef VTPM_MUTLI_VM -+ vtpm_tx_fh = open(DEV_FE, O_RDWR); -+#else -+ vtpm_tx_fh = open(VTPM_TX_FIFO, O_WRONLY); -+#endif -+ } -+ -+ if (vtpm_tx_fh < 0) { -+ return -1; -+ } -+ -+ // Send request to VTPM Manager to encrypt data -+#ifdef VTPM_MUTLI_VM -+ out_data_size = len = VTPM_COMMAND_HEADER_SIZE_CLT + data_length; -+#else -+ out_data_size = len = VTPM_COMMAND_HEADER_SIZE_SRV + data_length; -+#endif -+ -+ out_data = ptr = (BYTE *) malloc(len); -+ -+ if (ptr == NULL -+#ifndef VTPM_MUTLI_VM -+ || tpm_marshal_UINT32(&ptr, &len, dmi_id) -+#endif -+ || tpm_marshal_UINT16(&ptr, &len, tag) -+#ifdef VTPM_MUTLI_VM -+ || tpm_marshal_UINT32(&ptr, &len, out_data_size) -+#else -+ || tpm_marshal_UINT32(&ptr, &len, out_data_size - sizeof(uint32_t)) -+#endif -+ || tpm_marshal_UINT32(&ptr, &len, VTPM_ORD_SAVENVM) -+ || tpm_marshal_BYTE_ARRAY(&ptr, &len, data, data_length)) { -+ free(out_data); -+ return -1; -+ } -+ -+ printf("\tSending SaveNVM Command.\n"); -+ res = write(vtpm_tx_fh, out_data, out_data_size); -+ free(out_data); -+ if (res != out_data_size) return -1; -+ -+ if (vtpm_rx_fh < 0) { -+#ifdef VTPM_MUTLI_VM -+ vtpm_rx_fh = vtpm_tx_fh -+#else -+ if (vtpm_rx_name == NULL) { -+ vtpm_rx_name = malloc(10 + strlen(VTPM_RX_FIFO_D)); -+ sprintf(vtpm_rx_name, VTPM_RX_FIFO_D, (uint32_t) dmi_id); - } -- close(fh); -- return 0; -+ vtpm_rx_fh = open(vtpm_rx_name, O_RDONLY); -+#endif -+ } -+ -+ if (vtpm_rx_fh < 0) { -+ return -1; -+ } -+ -+ // Read Header of response so we can get the size & status -+#ifdef VTPM_MUTLI_VM -+ in_header_size = len = VTPM_COMMAND_HEADER_SIZE_CLT; -+#else -+ in_header_size = len = VTPM_COMMAND_HEADER_SIZE_SRV; -+#endif -+ in_header = ptr = malloc(in_header_size); -+ -+ printf("\tReading SaveNVM header.\n"); -+ res = read(vtpm_rx_fh, in_header, in_header_size); -+ -+ if ( (res != in_header_size) -+#ifndef VTPM_MUTLI_VM -+ || tpm_unmarshal_UINT32(&ptr, &len, (UINT32*)&dmi_id) -+#endif -+ || tpm_unmarshal_UINT16(&ptr, &len, &tag) -+ || tpm_unmarshal_UINT32(&ptr, &len, &in_rsp_size) -+ || tpm_unmarshal_UINT32(&ptr, &len, &result) ) { -+ free(in_header); -+ return -1; -+ } -+ free(in_header); -+ -+ if (result != VTPM_SUCCESS) { -+ return -1; -+ } -+ -+#ifdef VTPM_MUTLI_VM -+ close(vtpm_tx_fh); close(vtpm_rx_fh); -+#endif -+ -+ printf("\tFinishing up SaveNVM\n"); -+ return (0); - } - - int tpm_read_from_file(uint8_t **data, size_t *data_length) - { -- int fh; -- ssize_t res; -- size_t total_length; -- fh = open(opt_storage_file, O_RDONLY); -- if (fh < 0) return -1; -- total_length = lseek(fh, 0, SEEK_END); -- lseek(fh, 0, SEEK_SET); -- *data = tpm_malloc(total_length); -- if (*data == NULL) { -- close(fh); -- return -1; -- } -- *data_length = 0; -- while (total_length > 0) { -- res = read(fh, &(*data)[*data_length], total_length); -- if (res < 0) { -- close(fh); -- tpm_free(*data); -- return -1; -- } -- *data_length += res; -- total_length -= res; -+ int res, out_data_size, in_header_size; -+ uint8_t *ptr, *out_data, *in_header; -+ UINT16 tag = VTPM_TAG_REQ; -+ UINT32 len, in_rsp_size, result; -+#ifdef VTPM_MUTLI_VM -+ int vtpm_rx_fh, vtpm_tx_fh; -+#endif -+ -+ printf("Loading NVM.\n"); -+ if (vtpm_tx_fh < 0) { -+#ifdef VTPM_MUTLI_VM -+ vtpm_tx_fh = open(DEV_FE, O_RDWR); -+#else -+ vtpm_tx_fh = open(VTPM_TX_FIFO, O_WRONLY); -+#endif -+ } -+ -+ if (vtpm_tx_fh < 0) { -+ printf("Error in read_from_file:301\n"); -+ return -1; -+ } -+ -+ // Send request to VTPM Manager to encrypt data -+#ifdef VTPM_MUTLI_VM -+ out_data_size = len = VTPM_COMMAND_HEADER_SIZE_CLT; -+#else -+ out_data_size = len = VTPM_COMMAND_HEADER_SIZE_SRV; -+#endif -+ out_data = ptr = (BYTE *) malloc(len); -+ -+ if (ptr == NULL -+#ifndef VTPM_MUTLI_VM -+ || tpm_marshal_UINT32(&ptr, &len, dmi_id) -+#endif -+ || tpm_marshal_UINT16(&ptr, &len, tag) -+#ifdef VTPM_MUTLI_VM -+ || tpm_marshal_UINT32(&ptr, &len, out_data_size) -+#else -+ || tpm_marshal_UINT32(&ptr, &len, out_data_size - sizeof(uint32_t)) -+#endif -+ || tpm_marshal_UINT32(&ptr, &len, VTPM_ORD_LOADNVM)) { -+ free(out_data); -+ printf("Error in read_from_file:325\n"); -+ -+ return -1; -+ } -+ -+ printf("\tSending LoadNVM command\n"); -+ res = write(vtpm_tx_fh, out_data, out_data_size); -+ free(out_data); -+ if (res != out_data_size) -+ { -+ printf("Error in read_from_file:335\n"); -+ return -1; -+ } -+ -+ if (vtpm_rx_fh < 0) { -+#ifdef VTPM_MUTLI_VM -+ vtpm_rx_fh = vtpm_tx_fh; -+#else -+ if (vtpm_rx_name == NULL) { -+ vtpm_rx_name = malloc(10 + strlen(VTPM_RX_FIFO_D)); -+ sprintf(vtpm_rx_name, VTPM_RX_FIFO_D, (uint32_t) dmi_id); - } -- close(fh); -- return 0; -+ vtpm_rx_fh = open(vtpm_rx_name, O_RDONLY); -+#endif -+ } -+ -+ if (vtpm_rx_fh < 0) { -+ printf("Error in read_from_file:352\n"); -+ return -1; -+ } -+ -+ // Read Header of response so we can get the size & status -+#ifdef VTPM_MUTLI_VM -+ in_header_size = len = VTPM_COMMAND_HEADER_SIZE_CLT; -+#else -+ in_header_size = len = VTPM_COMMAND_HEADER_SIZE_SRV; -+#endif -+ in_header = ptr = malloc(in_header_size); -+ -+ printf("\tReading LoadNVM header\n"); -+ res = read(vtpm_rx_fh, in_header, in_header_size); -+ -+ if ( (res != in_header_size) -+#ifndef VTPM_MUTLI_VM -+ || tpm_unmarshal_UINT32(&ptr, &len, (UINT32*)&dmi_id) -+#endif -+ || tpm_unmarshal_UINT16(&ptr, &len, &tag) -+ || tpm_unmarshal_UINT32(&ptr, &len, &in_rsp_size) -+ || tpm_unmarshal_UINT32(&ptr, &len, &result) ) { -+ free(in_header); -+ printf("Error in read_from_file:375\n"); -+ return -1; -+ } -+ free(in_header); -+ -+ if (result != VTPM_SUCCESS) { -+ printf("Error in read_from_file:381\n"); -+ return -1; -+ } -+ -+ // Read Encrypted data from VTPM Manager -+ *data_length = in_rsp_size - VTPM_COMMAND_HEADER_SIZE_CLT; -+ *data = (uint8_t *) malloc(*data_length); -+ -+ printf("\tReading clear data from LoadNVM.\n"); -+ res = read(vtpm_rx_fh, *data, *data_length); -+#ifdef VTPM_MUTLI_VM -+ close(vtpm_rx_fh);close(vtpm_tx_fh); -+#endif -+ -+ printf("\tReturing from loading NVM\n"); -+ if (res != (int)*data_length) { -+ free(*data); -+ printf("Error in read_from_file:398\n"); -+ return -1; -+ } else { -+ return 0; -+ } -+ -+ -+ - } - - static void print_usage(char *name) - { - printf("usage: %s [-d] [-f] [-s storage file] [-u unix socket name] " -- "[-o user name] [-g group name] [-h] [startup mode]\n", name); -+ "[-o user name] [-g group name] [-h]" -+#ifdef VTPM_MULTI_VM -+ "clear|save|deactivated\n", name); -+#else -+ "clear|save|deactivated pvm|hvm vtpmid\n", name); -+#endif - printf(" d : enable debug mode\n"); - printf(" f : forces the application to run in the foreground\n"); - printf(" s : storage file to use (default: %s)\n", opt_storage_file); -@@ -205,7 +413,13 @@ static void parse_options(int argc, char - exit(EXIT_SUCCESS); - } - } -- if (optind < argc) { -+ /*Make sure we have all required options*/ -+#ifdef VTPM_MULTI_VM -+#define EXTRA_OPTS 0 -+#else -+#define EXTRA_OPTS 2 -+#endif -+ if (optind < argc - EXTRA_OPTS ) { - debug("startup mode = '%s'", argv[optind]); - if (!strcmp(argv[optind], "clear")) { - tpm_startup = 1; -@@ -219,6 +433,25 @@ static void parse_options(int argc, char - print_usage(argv[0]); - exit(EXIT_SUCCESS); - } -+#ifndef VTPM_MULTI_VM -+ ++optind; -+ if(!strcmp(argv[optind], "pvm")) { -+ vtpm_type = VTPM_TYPE_PVM; // Get commands from vTPM Manager through fifo -+ } else if (!strcmp(argv[optind], "hvm")) { -+ vtpm_type = VTPM_TYPE_HVM; // Get commands from qemu via socket -+ } else { -+ error("Invalid vm mode '%s'; must be 'pvm', " -+ "or 'hvm' ", argv[optind]); -+ print_usage(argv[0]); -+ exit(EXIT_SUCCESS); -+ } -+ ++optind; -+ dmi_id = atoi(argv[optind]); -+#endif -+ } else { -+ error("Invalid number of arguments"); -+ print_usage(argv[0]); -+ exit(EXIT_SUCCESS); - } - } - -@@ -348,93 +581,180 @@ static int init_socket(const char *name) - - static void main_loop(void) - { -- int sock, fh, res; -- int32_t in_len; -+ int32_t in_len, written; - uint32_t out_len; -- uint8_t in[TPM_CMD_BUF_SIZE], *out; -+ uint8_t in[TPM_CMD_BUF_SIZE], *out, *addressed_out; -+ int guest_id=-1; -+ int i; -+ char *vtpm_rx_file=NULL; -+ int res; -+ -+#ifndef VTPM_MULTI_VM -+ int sockfd = -1; - struct sockaddr_un addr; -- socklen_t addr_len; -- fd_set rfds; -- struct timeval tv; -+ struct sockaddr_un client_addr; -+ unsigned int client_length; -+#endif -+ -+ int vtpm_tx_fh=-1, vtpm_rx_fh=-1; -+ -+#ifndef VTPM_MULTI_VM -+ if (vtpm_type == VTPM_TYPE_PVM) { -+ vtpm_rx_file = malloc(10 + strlen(PVM_RX_FIFO_D)); -+ sprintf(vtpm_rx_file, PVM_RX_FIFO_D, (uint32_t) dmi_id); -+ } else { -+ vtpm_rx_file = malloc(10 + strlen(HVM_RX_FIFO_D)); -+ sprintf(vtpm_rx_file, HVM_RX_FIFO_D, (uint32_t) dmi_id); -+ -+ if ( (sockfd = socket(PF_UNIX,SOCK_STREAM,0)) < 0) { -+ error("Unable to create socket. errno = %d\n", errno); -+ exit (-1); -+ } -+ -+ memset(&addr, 0, sizeof(addr)); -+ addr.sun_family = AF_UNIX; -+ strcpy(addr.sun_path,vtpm_rx_file ); -+ unlink(addr.sun_path); -+ } -+#endif - - info("staring main loop"); -- /* open UNIX socket */ -- sock = init_socket(opt_socket_name); -- if (sock < 0) exit(EXIT_FAILURE); - /* init tpm emulator */ -- debug("initializing TPM emulator: %d", tpm_startup); -+#ifdef VTPM_MULTI_VM -+ debug("initializing TPM emulator: state=%d", tpm_startup); -+#else -+ debug("initializing TPM emulator: state=%d, type=%d, id=%d", tpm_startup, vtpm_type, dmi_id); -+#endif - tpm_emulator_init(tpm_startup); - /* start command processing */ - while (!stopflag) { - /* wait for incomming connections */ - debug("waiting for connections..."); -- FD_ZERO(&rfds); -- FD_SET(sock, &rfds); -- tv.tv_sec = 10; -- tv.tv_usec = 0; -- res = select(sock + 1, &rfds, NULL, NULL, &tv); -- if (res < 0) { -- error("select(sock) failed: %s", strerror(errno)); -- break; -- } else if (res == 0) { -- continue; -- } -- addr_len = sizeof(addr); -- fh = accept(sock, (struct sockaddr*)&addr, &addr_len); -- if (fh < 0) { -- error("accept() failed: %s", strerror(errno)); -- continue; -- } -+ if (vtpm_rx_fh < 0) { -+#ifdef VTPM_MUTLI_VM -+ vtpm_rx_fh = open(DEV_BE, O_RDWR); -+#else -+ if (vtpm_type == VTPM_TYPE_PVM) -+ { -+ vtpm_rx_fh = open(vtpm_rx_file, O_RDONLY); -+ } else { -+ if (bind(sockfd, (struct sockaddr *)&addr, sizeof(addr)) < 0) { -+ error("Unable to bind(). errno = %d\n", errno); -+ exit (-1); -+ } -+ -+ if (listen(sockfd, 10) <0) { -+ error("Unable to listen(). errno = %d\n", errno); -+ exit (-1); -+ } -+ -+ memset(&client_addr, 0, sizeof(client_addr)); -+ client_length = sizeof(client_addr); -+ -+ vtpm_rx_fh = vtpm_tx_fh = accept(sockfd, (struct sockaddr *)&client_addr, &client_length); -+ } -+#endif -+ } -+ -+ /*Error Checking*/ -+ if (vtpm_rx_fh < 0) { -+ error("Failed to open devices to listen to guest.\n"); -+ exit(-1); -+ } -+ - /* receive and handle commands */ - in_len = 0; - do { - debug("waiting for commands..."); -- FD_ZERO(&rfds); -- FD_SET(fh, &rfds); -- tv.tv_sec = TPM_COMMAND_TIMEOUT; -- tv.tv_usec = 0; -- res = select(fh + 1, &rfds, NULL, NULL, &tv); -- if (res < 0) { -- error("select(fh) failed: %s", strerror(errno)); -- close(fh); -- break; -- } else if (res == 0) { --#ifdef TPMD_DISCONNECT_IDLE_CLIENTS -- info("connection closed due to inactivity"); -- close(fh); -- break; --#else -- continue; --#endif -- } -- in_len = read(fh, in, sizeof(in)); -- if (in_len > 0) { -+ -+ in_len = read(vtpm_rx_fh, in, sizeof(in)); -+ /*Magic size of minimum TPM command is 6*/ -+ //FIXME Magic size check may not be required anymore -+ if (in_len < 6) { -+ info("Recv incomplete command of %d bytes.", in_len); -+ if (in_len <= 0) { -+ close(vtpm_rx_fh); -+ vtpm_rx_fh = -1; -+ continue; -+ } -+ } else { -+ /*Debug Printouts*/ - debug("received %d bytes", in_len); -+ debug_nostop("Recv[%d]: 0x", in_len); -+ for (i=0; i< in_len; i++) -+ debug_more("%x ", in[i]); -+ debug_more("\n"); -+ /*Multiple Guest check*/ -+ if (guest_id == -1) { -+ guest_id = *((int32_t *) in); -+ } else { -+ if (guest_id != *((int32_t *) in) ) { -+ error("WARNING: More than one guest attached\n"); -+ } -+ } -+ -+ /*Open tx handle now*/ -+ if (vtpm_tx_fh < 0) { -+#ifdef VTPM_MUTLI_VM -+ vtpm_tx_fh = open(DEV_BE, O_RDWR); -+ vtpm_rx_fh = vtpm_tx_fh; -+#else -+ if (vtpm_type == VTPM_TYPE_PVM) { -+ vtpm_tx_fh = open(PVM_TX_FIFO, O_WRONLY); -+ } // No need to open the other direction for HVM -+#endif -+ } -+ if (vtpm_tx_fh < 0) { -+ error("Failed to open devices to respond to guest.\n"); -+ exit(-1); -+ } -+ -+ /*Handle the TPM command now*/ - out = NULL; -- res = tpm_handle_command(in, in_len, &out, &out_len); -+ res = tpm_handle_command(in + sizeof(uint32_t), in_len - sizeof(uint32_t), &out, &out_len); - if (res < 0) { - error("tpm_handle_command() failed"); - } else { - debug("sending %d bytes", out_len); -+ //FIXME this prepending may or may not be needed -+ /*Prepend the first 4 bytes of the in buffer.. why?*/ -+ addressed_out = (uint8_t *) tpm_malloc(sizeof(uint32_t) + out_len); -+ *(uint32_t *) addressed_out = *(uint32_t *) in; -+ memcpy(addressed_out + sizeof(uint32_t), out, out_len); -+ out_len += sizeof(uint32_t); -+ /*End Prepend*/ -+ -+ /*Perform write operation now*/ - while (out_len > 0) { -- res = write(fh, out, out_len); -+ res = write(vtpm_tx_fh, addressed_out, out_len); -+ - if (res < 0) { - error("write(%d) failed: %s", out_len, strerror(errno)); - break; -- } -+ } else { -+ debug_nostop("Sent[%Zu]: ", out_len); -+ for (i=0; (unsigned int)i< out_len; i++) -+ debug_more("%x ", addressed_out[i]); -+ debug_more("\n"); -+ } - out_len -= res; - } - tpm_free(out); -+ tpm_free(addressed_out); - } - } - } while (in_len > 0); -- close(fh); -+ //close(fh); - } -+ - /* shutdown tpm emulator */ - tpm_emulator_shutdown(); -- /* close socket */ -- close(sock); -- unlink(opt_socket_name); -+ /* Close handles */ -+ close(vtpm_tx_fh); -+#ifndef VTPM_MULTI_VM -+ close(vtpm_rx_fh); -+ free(vtpm_rx_file); -+#endif - info("main loop stopped"); - } - -@@ -450,12 +770,13 @@ int main(int argc, char **argv) - /* open random device */ - init_random(); - /* init signal handlers */ -- init_signal_handler(); -+ //init_signal_handler(); - /* unless requested otherwiese, fork and daemonize process */ -- if (!opt_foreground) daemonize(); -+ //if (!opt_foreground) daemonize(); - /* start main processing loop */ - main_loop(); - info("stopping TPM Emulator daemon"); - closelog(); - return 0; - } -+ -diff -Naurp tpm_emulator-0.5.1/tpmd/tpm_emulator_config.h tpm5-test/tpmd/tpm_emulator_config.h ---- tpm_emulator-0.5.1/tpmd/tpm_emulator_config.h 2008-02-14 03:22:48.000000000 -0500 -+++ tpm5-test/tpmd/tpm_emulator_config.h 2009-07-16 11:25:26.000000000 -0400 -@@ -29,23 +29,28 @@ - - /* TPM emulator configuration */ - --#undef TPM_STRONG_PERSISTENCE --#undef TPM_GENERATE_EK -+#define TPM_STRONG_PERSISTENCE -+#define TPM_GENERATE_EK - #undef TPM_GENERATE_SEED_DAA - #undef TPM_MEMORY_ALIGNMENT_MANDATORY - -+extern int dmi_id; -+ - /* log macros */ - - void tpm_log(int priority, const char *fmt, ...); - --#define debug(fmt, ...) tpm_log(LOG_DEBUG, "%s:%d: Debug: " fmt "\n", \ -- __FILE__, __LINE__, ## __VA_ARGS__) --#define info(fmt, ...) tpm_log(LOG_INFO, "%s:%d: Info: " fmt "\n", \ -- __FILE__, __LINE__, ## __VA_ARGS__) --#define error(fmt, ...) tpm_log(LOG_ERR, "%s:%d: Error: " fmt "\n", \ -- __FILE__, __LINE__, ## __VA_ARGS__) --#define alert(fmt, ...) tpm_log(LOG_ALERT, "%s:%d: Alert: " fmt "\n", \ -- __FILE__, __LINE__, ## __VA_ARGS__) -+#define debug(fmt, ...) tpm_log(LOG_DEBUG, "VTPMD[%d]: %s:%d: Debug: " fmt "\n", \ -+ dmi_id, __FILE__, __LINE__, ## __VA_ARGS__) -+#define info(fmt, ...) tpm_log(LOG_INFO, "VTPMD[%d]: %s:%d: Info: " fmt "\n", \ -+ dmi_id, __FILE__, __LINE__, ## __VA_ARGS__) -+#define error(fmt, ...) tpm_log(LOG_ERR, "VTPMD[%d]: %s:%d: Error: " fmt "\n", \ -+ dmi_id, __FILE__, __LINE__, ## __VA_ARGS__) -+#define alert(fmt, ...) tpm_log(LOG_ALERT, "VTPMD[%d]: %s:%d: Alert: " fmt "\n", \ -+ dmi_id, __FILE__, __LINE__, ## __VA_ARGS__) -+#define debug_nostop(fmt, ...) tpm_log(LOG_DEBUG, "VTPMD[%d]: %s:%d: Debug: " fmt, \ -+ dmi_id, __FILE__, __LINE__, ## __VA_ARGS__) -+#define debug_more(fmt, ...) tpm_log(LOG_DEBUG, fmt, ## __VA_ARGS__) - - /* min/max macros that also do strict type-checking */ - diff --git a/tools/vtpm/vtpm.patch b/tools/vtpm/vtpm.patch deleted file mode 100644 index e896b258c7..0000000000 --- a/tools/vtpm/vtpm.patch +++ /dev/null @@ -1,716 +0,0 @@ -diff -uprN tpm_emulator/AUTHORS vtpm/AUTHORS ---- tpm_emulator/AUTHORS 2006-12-08 12:51:29.000000000 -0800 -+++ vtpm/AUTHORS 2006-12-13 16:38:52.000000000 -0800 -@@ -1,3 +1,3 @@ - Mario Strasser <mast@gmx.net> - Heiko Stamer <stamer@gaos.org> [DAA] --INTEL Corp <> [Dropped to Ring3] -+INTEL Corp <> [VTPM Extensions] -diff -uprN tpm_emulator/ChangeLog vtpm/ChangeLog ---- tpm_emulator/ChangeLog 2006-12-08 12:51:29.000000000 -0800 -+++ vtpm/ChangeLog 2006-12-13 16:38:52.000000000 -0800 -@@ -1,5 +1,6 @@ - ????-??-?? Intel Corp - * Moved module out of kernel to run as a ring 3 app -+ * Modified save_to_file and load_from_file to call xen VTPM manager - - 2006-06-23 Mario Strasser <mast@gmx.net> - * tpm_startup.c: behaviour of ST_CLEAR and storage of -diff -uprN tpm_emulator/linux_module.h vtpm/linux_module.h ---- tpm_emulator/linux_module.h 2006-12-08 12:51:29.000000000 -0800 -+++ vtpm/linux_module.h 2007-01-09 14:49:06.000000000 -0800 -@@ -44,18 +44,26 @@ - #define TPM_DEVICE_NAME "tpm" - #define TPM_MODULE_NAME "tpm_emulator" - -+/* debug and log output functions */ -+extern int dmi_id; -+ - #ifdef DEBUG --#define debug(fmt, ...) printf("TPMD: %s:%d: Debug: " fmt "\n", \ -- __FILE__, __LINE__, ## __VA_ARGS__) -+#define debug(fmt, ...) printf("TPMD[%d]: %s:%d: Debug: " fmt "\n", \ -+ dmi_id, __FILE__, __LINE__, ## __VA_ARGS__) -+#define debug_nostop(fmt, ...) printf("TPMD[%d]: %s:%d: Debug: " fmt, \ -+ dmi_id, __FILE__, __LINE__, ## __VA_ARGS__) -+#define debug_more(fmt, ...) printf( fmt, ## __VA_ARGS__ ) - #else - #define debug(fmt, ...) -+#define debug_nostop(fmt, ...) -+#define debug_more(fmt, ...) - #endif --#define info(fmt, ...) printf("TPMD: %s:%d: Info: " fmt "\n", \ -- __FILE__, __LINE__, ## __VA_ARGS__) --#define error(fmt, ...) printf("TPMD: %s:%d: Error: " fmt "\n", \ -- __FILE__, __LINE__, ## __VA_ARGS__) --#define alert(fmt, ...) printf("TPMD: %s:%d: Alert: " fmt "\n", \ -- __FILE__, __LINE__, ## __VA_ARGS__) -+#define info(fmt, ...) printf("TPMD[%d]: %s:%d: Info: " fmt "\n", \ -+ dmi_id, __FILE__, __LINE__, ## __VA_ARGS__) -+#define error(fmt, ...) printf("TPMD[%d]: %s:%d: Error: " fmt "\n", \ -+ dmi_id, __FILE__, __LINE__, ## __VA_ARGS__) -+#define alert(fmt, ...) printf("TPMD[%d]: %s:%d: Alert: " fmt "\n", \ -+ dmi_id, __FILE__, __LINE__, ## __VA_ARGS__) - - /* memory allocation */ - -diff -uprN tpm_emulator/Makefile vtpm/Makefile ---- tpm_emulator/Makefile 2006-12-08 12:51:29.000000000 -0800 -+++ vtpm/Makefile 2006-12-13 16:38:52.000000000 -0800 -@@ -7,7 +7,7 @@ - COMPILE_ARCH ?= $(shell uname -m | sed -e s/i.86/x86_32/) - - # module settings --BIN := tpm_emulator -+BIN := vtpmd - VERSION_MAJOR := 0 - VERSION_MINOR := 4 - VERSION_BUILD := $(shell date +"%s") -@@ -22,7 +22,7 @@ TOOLS_INSTALL_DIR = $(DESTDIR)/usr/bin - - CC := gcc - CFLAGS += -g -Wall $(INCLUDE) -DDEBUG --CFLAGS += -I. -Itpm -+CFLAGS += -I. -Itpm -I../../vtpm_manager/manager - - # Is the simulator running in it's own vm? - #CFLAGS += -DVTPM_MULTI_VM -@@ -62,7 +62,6 @@ $(BIN): $(src)/crypto/gmp.h $(src)/crypt - - install: $(BIN) - $(INSTALL_PROG) $(BIN) $(TOOLS_INSTALL_DIR) -- @if [ ! -d "/var/tpm" ]; then mkdir /var/tpm; fi - - clean: - rm -f $(src)/crypto/gmp.h $(src)/crypto/libgmp.a $(OBJS) -@@ -98,3 +97,4 @@ version: - @echo "#endif /* _TPM_VERSION_H_ */" >> $(src)/tpm_version.h - - .PHONY: all install clean dist gmp version -+ -diff -uprN tpm_emulator/tpm/tpm_capability.c vtpm/tpm/tpm_capability.c ---- tpm_emulator/tpm/tpm_capability.c 2006-06-23 03:37:07.000000000 -0700 -+++ vtpm/tpm/tpm_capability.c 2007-01-10 10:00:49.000000000 -0800 -@@ -136,8 +136,18 @@ static TPM_RESULT cap_property(UINT32 su - - case TPM_CAP_PROP_TIS_TIMEOUT: - debug("[TPM_CAP_PROP_TIS_TIMEOUT]"); -- /* TODO: TPM_CAP_PROP_TIS_TIMEOUT */ -- return TPM_FAIL; -+ /* TODO: TPM_CAP_PROP_TIS_TIMEOUT: Measure these values and determine correct ones */ -+ UINT32 len = *respSize = 16; -+ BYTE *ptr = *resp = tpm_malloc(*respSize); -+ if (ptr == NULL || -+ tpm_marshal_UINT32(&ptr, &len, 200000) || -+ tpm_marshal_UINT32(&ptr, &len, 200000) || -+ tpm_marshal_UINT32(&ptr, &len, 200000) || -+ tpm_marshal_UINT32(&ptr, &len, 200000)) { -+ tpm_free(*resp); -+ return TPM_FAIL; -+ } -+ return TPM_SUCCESS; - - case TPM_CAP_PROP_STARTUP_EFFECT: - debug("[TPM_CAP_PROP_STARTUP_EFFECT]"); -@@ -190,7 +200,11 @@ static TPM_RESULT cap_property(UINT32 su - - case TPM_CAP_PROP_DURATION: - debug("[TPM_CAP_PROP_DURATION]"); -- /* TODO: TPM_CAP_PROP_DURATION */ -+ /* TODO: TPM_CAP_PROP_DURATION: Measure these values and return accurate ones */ -+ BYTE dur[]= {0x0,0x0,0x0,0xc,0x0,0x7,0xa1,0x20,0x0,0x1e,0x84,0x80,0x11,0xe1,0xa3,0x0}; -+ *respSize = 16; -+ *resp = tpm_malloc(*respSize); -+ memcpy(*resp,dur,16); - return TPM_FAIL; - - case TPM_CAP_PROP_ACTIVE_COUNTER: -diff -uprN tpm_emulator/tpm/tpm_cmd_handler.c vtpm/tpm/tpm_cmd_handler.c ---- tpm_emulator/tpm/tpm_cmd_handler.c 2008-02-27 16:35:41.000000000 -0500 -+++ vtpm/tpm/tpm_cmd_handler.c 2008-02-28 14:43:28.000000000 -0500 -@@ -94,12 +94,18 @@ void tpm_compute_out_param_digest(TPM_CO - sha1_ctx_t sha1; - UINT32 res = CPU_TO_BE32(rsp->result); - UINT32 ord = CPU_TO_BE32(ordinal); -+ UINT32 offset = 0; - - /* compute SHA1 hash */ - sha1_init(&sha1); - sha1_update(&sha1, (BYTE*)&res, 4); - sha1_update(&sha1, (BYTE*)&ord, 4); -- sha1_update(&sha1, rsp->param, rsp->paramSize); -+ if (ordinal == TPM_ORD_LoadKey2) { -+ offset = 4; -+ } -+ if (rsp->paramSize - offset > 0) { -+ sha1_update(&sha1, rsp->param + offset, rsp->paramSize - offset); -+ } - sha1_final(&sha1, rsp->auth1->digest); - if (rsp->auth2 != NULL) memcpy(rsp->auth2->digest, - rsp->auth1->digest, sizeof(rsp->auth1->digest)); -diff -uprN tpm_emulator/tpm/tpm_data.c vtpm/tpm/tpm_data.c ---- tpm_emulator/tpm/tpm_data.c 2008-02-27 16:35:41.000000000 -0500 -+++ vtpm/tpm/tpm_data.c 2008-02-27 16:35:40.000000000 -0500 -@@ -1,6 +1,7 @@ - /* Software-Based Trusted Platform Module (TPM) Emulator for Linux - * Copyright (C) 2004 Mario Strasser <mast@gmx.net>, - * Swiss Federal Institute of Technology (ETH) Zurich -+ * Copyright (C) 2005 INTEL Corp - * - * This module is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published -@@ -15,10 +16,15 @@ - * $Id: tpm_data.c 98 2006-05-07 14:16:29Z hstamer $ - */ - -+#include <sys/types.h> -+#include <sys/stat.h> -+#include <fcntl.h> -+#include <unistd.h> -+ - #include "tpm_emulator.h" - #include "tpm_structures.h" - #include "tpm_marshalling.h" --#include "linux_module.h" -+#include "vtpm_manager.h" - - TPM_DATA tpmData; - -@@ -158,45 +164,232 @@ void tpm_release_data(void) - #include <sys/types.h> - #include <sys/stat.h> - #include <fcntl.h> --#include <unistd.h> - --#define TPM_STORAGE_FILE "/var/tpm/tpm_emulator-1.2." STR(VERSION_MAJOR) "." STR(VERSION_MINOR) -+ static int vtpm_tx_fh=-1, vtpm_rx_fh=-1; -+ -+#ifdef VTPM_MUTLI_VM -+ #define DEV_FE "/dev/tpm" -+#else -+ #define VTPM_RX_FIFO_D "/var/vtpm/fifos/vtpm_rsp_to_%d.fifo" -+ #define VTPM_TX_FIFO "/var/vtpm/fifos/vtpm_cmd_from_all.fifo" -+ -+ extern int dmi_id; -+ static char *vtpm_rx_name=NULL; -+#endif - - static int write_to_file(uint8_t *data, size_t data_length) - { -- int res; -- int fp; -- fp = open(TPM_STORAGE_FILE, O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR); -- res = write(fp, data, data_length); -- close(fp); -- return (res == data_length) ? 0 : -1; -+ int res, out_data_size, in_header_size; -+ BYTE *ptr, *out_data, *in_header; -+ UINT32 result, len, in_rsp_size; -+ UINT16 tag = VTPM_TAG_REQ; -+ -+ printf("Saving NVM\n"); -+ if (vtpm_tx_fh < 0) { -+#ifdef VTPM_MUTLI_VM -+ vtpm_tx_fh = open(DEV_FE, O_RDWR); -+#else -+ vtpm_tx_fh = open(VTPM_TX_FIFO, O_WRONLY); -+#endif -+ } -+ -+ if (vtpm_tx_fh < 0) { -+ return -1; -+ } -+ -+ // Send request to VTPM Manager to encrypt data -+#ifdef VTPM_MUTLI_VM -+ out_data_size = len = VTPM_COMMAND_HEADER_SIZE_CLT + data_length; -+#else -+ out_data_size = len = VTPM_COMMAND_HEADER_SIZE_SRV + data_length; -+#endif -+ -+ out_data = ptr = (BYTE *) malloc(len); -+ -+ if (ptr == NULL -+#ifndef VTPM_MUTLI_VM -+ || tpm_marshal_UINT32(&ptr, &len, dmi_id) -+#endif -+ || tpm_marshal_UINT16(&ptr, &len, tag) -+#ifdef VTPM_MUTLI_VM -+ || tpm_marshal_UINT32(&ptr, &len, out_data_size) -+#else -+ || tpm_marshal_UINT32(&ptr, &len, out_data_size - sizeof(uint32_t)) -+#endif -+ || tpm_marshal_UINT32(&ptr, &len, VTPM_ORD_SAVENVM) -+ || tpm_marshal_BYTE_ARRAY(&ptr, &len, data, data_length)) { -+ free(out_data); -+ return -1; -+ } -+ -+ printf("\tSending SaveNVM Command.\n"); -+ res = write(vtpm_tx_fh, out_data, out_data_size); -+ free(out_data); -+ if (res != out_data_size) return -1; -+ -+ if (vtpm_rx_fh < 0) { -+#ifdef VTPM_MUTLI_VM -+ vtpm_rx_fh = vtpm_tx_fh -+#else -+ if (vtpm_rx_name == NULL) { -+ vtpm_rx_name = malloc(10 + strlen(VTPM_RX_FIFO_D)); -+ sprintf(vtpm_rx_name, VTPM_RX_FIFO_D, (uint32_t) dmi_id); -+ } -+ vtpm_rx_fh = open(vtpm_rx_name, O_RDONLY); -+#endif -+ } -+ -+ if (vtpm_rx_fh < 0) { -+ return -1; -+ } -+ -+ // Read Header of response so we can get the size & status -+#ifdef VTPM_MUTLI_VM -+ in_header_size = len = VTPM_COMMAND_HEADER_SIZE_CLT; -+#else -+ in_header_size = len = VTPM_COMMAND_HEADER_SIZE_SRV; -+#endif -+ in_header = ptr = malloc(in_header_size); -+ -+ printf("\tReading SaveNVM header.\n"); -+ res = read(vtpm_rx_fh, in_header, in_header_size); -+ -+ if ( (res != in_header_size) -+#ifndef VTPM_MUTLI_VM -+ || tpm_unmarshal_UINT32(&ptr, &len, (UINT32*)&dmi_id) -+#endif -+ || tpm_unmarshal_UINT16(&ptr, &len, &tag) -+ || tpm_unmarshal_UINT32(&ptr, &len, &in_rsp_size) -+ || tpm_unmarshal_UINT32(&ptr, &len, &result) ) { -+ free(in_header); -+ return -1; -+ } -+ free(in_header); -+ -+ if (result != VTPM_SUCCESS) { -+ return -1; -+ } -+ -+#ifdef VTPM_MUTLI_VM -+ close(vtpm_tx_fh); close(vtpm_rx_fh); -+#endif -+ -+ printf("\tFinishing up SaveNVM\n"); -+ return (0); - } - - static int read_from_file(uint8_t **data, size_t *data_length) - { -- int res; -- int fp, file_status; -- struct stat file_info; -- fp = open(TPM_STORAGE_FILE, O_RDONLY, 0); -- file_status = fstat(fp, &file_info); -- if (file_status < 0) { -- close(fp); -- return -1; -- } -+ int res, out_data_size, in_header_size; -+ uint8_t *ptr, *out_data, *in_header; -+ UINT16 tag = VTPM_TAG_REQ; -+ UINT32 len, in_rsp_size, result; -+#ifdef VTPM_MUTLI_VM -+ int vtpm_rx_fh, vtpm_tx_fh; -+#endif -+ -+ printf("Loading NVM.\n"); -+ if (vtpm_tx_fh < 0) { -+#ifdef VTPM_MUTLI_VM -+ vtpm_tx_fh = open(DEV_FE, O_RDWR); -+#else -+ vtpm_tx_fh = open(VTPM_TX_FIFO, O_WRONLY); -+#endif -+ } - -- *data_length = file_info.st_size; -- *data = tpm_malloc(*data_length); -- if (*data == NULL) { -- close(fp); -+ if (vtpm_tx_fh < 0) { -+ return -1; -+ } -+ -+ // Send request to VTPM Manager to encrypt data -+#ifdef VTPM_MUTLI_VM -+ out_data_size = len = VTPM_COMMAND_HEADER_SIZE_CLT; -+#else -+ out_data_size = len = VTPM_COMMAND_HEADER_SIZE_SRV; -+#endif -+ out_data = ptr = (BYTE *) malloc(len); -+ -+ if (ptr == NULL -+#ifndef VTPM_MUTLI_VM -+ || tpm_marshal_UINT32(&ptr, &len, dmi_id) -+#endif -+ || tpm_marshal_UINT16(&ptr, &len, tag) -+#ifdef VTPM_MUTLI_VM -+ || tpm_marshal_UINT32(&ptr, &len, out_data_size) -+#else -+ || tpm_marshal_UINT32(&ptr, &len, out_data_size - sizeof(uint32_t)) -+#endif -+ || tpm_marshal_UINT32(&ptr, &len, VTPM_ORD_LOADNVM)) { -+ free(out_data); - return -1; - } -- res = read(fp, *data, *data_length); -- close(fp); -+ -+ printf("\tSending LoadNVM command\n"); -+ res = write(vtpm_tx_fh, out_data, out_data_size); -+ free(out_data); -+ if (res != out_data_size) return -1; -+ -+ if (vtpm_rx_fh < 0) { -+#ifdef VTPM_MUTLI_VM -+ vtpm_rx_fh = vtpm_tx_fh; -+#else -+ if (vtpm_rx_name == NULL) { -+ vtpm_rx_name = malloc(10 + strlen(VTPM_RX_FIFO_D)); -+ sprintf(vtpm_rx_name, VTPM_RX_FIFO_D, (uint32_t) dmi_id); -+ } -+ vtpm_rx_fh = open(vtpm_rx_name, O_RDONLY); -+#endif -+ } -+ -+ if (vtpm_rx_fh < 0) { -+ return -1; -+ } -+ -+ // Read Header of response so we can get the size & status -+#ifdef VTPM_MUTLI_VM -+ in_header_size = len = VTPM_COMMAND_HEADER_SIZE_CLT; -+#else -+ in_header_size = len = VTPM_COMMAND_HEADER_SIZE_SRV; -+#endif -+ in_header = ptr = malloc(in_header_size); -+ -+ printf("\tReading LoadNVM header\n"); -+ res = read(vtpm_rx_fh, in_header, in_header_size); -+ -+ if ( (res != in_header_size) -+#ifndef VTPM_MUTLI_VM -+ || tpm_unmarshal_UINT32(&ptr, &len, (UINT32*)&dmi_id) -+#endif -+ || tpm_unmarshal_UINT16(&ptr, &len, &tag) -+ || tpm_unmarshal_UINT32(&ptr, &len, &in_rsp_size) -+ || tpm_unmarshal_UINT32(&ptr, &len, &result) ) { -+ free(in_header); -+ return -1; -+ } -+ free(in_header); -+ -+ if (result != VTPM_SUCCESS) { -+ return -1; -+ } -+ -+ // Read Encrypted data from VTPM Manager -+ *data_length = in_rsp_size - VTPM_COMMAND_HEADER_SIZE_CLT; -+ *data = (uint8_t *) malloc(*data_length); -+ -+ printf("\tReading clear data from LoadNVM.\n"); -+ res = read(vtpm_rx_fh, *data, *data_length); -+#ifdef VTPM_MUTLI_VM -+ close(vtpm_rx_fh);close(vtpm_tx_fh); -+#endif -+ -+ printf("\tReturing from loading NVM\n"); - if (res != *data_length) { -- tpm_free(*data); -- return -1; -+ free(*data); -+ return -1; -+ } else { -+ return 0; - } -- return 0; -+ - } - - #else -diff -uprN tpm_emulator/tpmd.c vtpm/tpmd.c ---- tpm_emulator/tpmd.c 2006-12-08 12:51:29.000000000 -0800 -+++ vtpm/tpmd.c 2007-01-09 14:48:56.000000000 -0800 -@@ -21,12 +21,24 @@ - #include <sys/stat.h> - #include <fcntl.h> - #include <sys/time.h> -+#include <sys/socket.h> -+#include <sys/un.h> -+#include <errno.h> - - #include "tpm_emulator.h" -+#include "vtpm_manager.h" - --#define TPM_RX_FNAME "/var/tpm/tpm_in.fifo" --#define TPM_TX_FNAME "/var/tpm/tpm_out.fifo" -+#ifdef VTPM_MULTI_VM -+ #define DEV_BE "/dev/vtpm" -+#else -+ #define PVM_RX_FIFO_D "/var/vtpm/fifos/tpm_cmd_to_%d.fifo" -+ #define PVM_TX_FIFO "/var/vtpm/fifos/tpm_rsp_from_all.fifo" - -+ #define HVM_RX_FIFO_D "/var/vtpm/socks/%d.socket" -+#endif -+ -+ int dmi_id; -+ - #define BUFFER_SIZE 2048 - - static int devurandom=0; -@@ -38,7 +50,7 @@ void get_random_bytes(void *buf, int nby - } - - if (read(devurandom, buf, nbytes) != nbytes) { -- printf("Can't get random number.\n"); -+ error("Can't get random number.\n"); - exit(-1); - } - } -@@ -52,105 +64,182 @@ uint64_t tpm_get_ticks(void) - - int main(int argc, char **argv) - { -- uint8_t in[BUFFER_SIZE], *out; -+ uint8_t type, in[BUFFER_SIZE], *out, *addressed_out; -+ char *vtpm_rx_file=NULL; - uint32_t out_size; - int in_size, written; -- int i; -- struct stat file_info; -+ int i, guest_id=-1; - -- int tpm_tx_fh=-1, tpm_rx_fh=-1; -+#ifndef VTPM_MULTI_VM -+ int sockfd = -1; -+ struct sockaddr_un addr; -+ struct sockaddr_un client_addr; -+ unsigned int client_length; -+ -+#endif -+ -+ int vtpm_tx_fh=-1, vtpm_rx_fh=-1; -+#ifdef VTPM_MULTI_VM - if (argc < 2) { -- printf("Usage: tpmd clear|save|deactivated\n" ); -+ error("Usage: tpmd clear|save|deactivated\n" ); -+#else -+ if (argc < 4) { -+ error("Usage: tpmd clear|save|deactivated pvm|hvm vtpmid\n" ); -+#endif - return -1; - } - -+#ifndef VTPM_MULTI_VM -+ /* setup type of vm */ -+ if (!strcmp(argv[2], "pvm")) { -+ type = VTPM_TYPE_PVM; // Get commands from vTPM Manager through fifo -+ } else if (!strcmp(argv[2], "hvm")) { -+ type = VTPM_TYPE_HVM; // Get commands from qemu via socket -+ } else { -+ error("invalid vTPM type '%s'.\n", argv[2]); -+ } -+ -+ dmi_id = atoi(argv[3]); -+ -+ if (type == VTPM_TYPE_PVM) { -+ vtpm_rx_file = malloc(10 + strlen(PVM_RX_FIFO_D)); -+ sprintf(vtpm_rx_file, PVM_RX_FIFO_D, (uint32_t) dmi_id); -+ } else { -+ vtpm_rx_file = malloc(10 + strlen(HVM_RX_FIFO_D)); -+ sprintf(vtpm_rx_file, HVM_RX_FIFO_D, (uint32_t) dmi_id); -+ -+ if ( (sockfd = socket(PF_UNIX,SOCK_STREAM,0)) < 0) { -+ error("Unable to create socket. errno = %d\n", errno); -+ exit (-1); -+ } -+ -+ memset(&addr, 0, sizeof(addr)); -+ addr.sun_family = AF_UNIX; -+ strcpy(addr.sun_path,vtpm_rx_file ); -+ unlink(addr.sun_path); -+ } -+#endif -+ -+#ifdef VTPM_MULTI_VM -+ info("Initializing tpm state: %s\n", argv[1]); -+#else -+ info("Initializing tpm state: %s, type: %s, id: %d\n", argv[1], argv[2], dmi_id); -+#endif -+ - /* initialize TPM emulator */ - if (!strcmp(argv[1], "clear")) { -- printf("Initializing tpm: %s\n", argv[1]); - tpm_emulator_init(1); -- } else if (!strcmp(argv[1], "save")) { -- printf("Initializing tpm: %s\n", argv[1]); -+ } else if (!strcmp(argv[1], "save")) { - tpm_emulator_init(2); - } else if (!strcmp(argv[1], "deactivated")) { -- printf("Initializing tpm: %s\n", argv[1]); - tpm_emulator_init(3); - } else { -- printf("invalid startup mode '%s'; must be 'clear', " -+ error("invalid startup mode '%s'; must be 'clear', " - "'save' (default) or 'deactivated", argv[1]); - return -1; - } -- -- if ( stat(TPM_RX_FNAME, &file_info) == -1) { -- if ( mkfifo(TPM_RX_FNAME, S_IWUSR | S_IRUSR ) ) { -- printf("Failed to create fifo %s.\n", TPM_RX_FNAME); -- return -1; -- } -- } -- -- if ( stat(TPM_TX_FNAME, &file_info) == -1) { -- if ( mkfifo(TPM_TX_FNAME, S_IWUSR | S_IRUSR ) ) { -- printf("Failed to create fifo %s.\n", TPM_TX_FNAME); -- return -1; -- } -- } -- -+ - while (1) { - abort_command: -- if (tpm_rx_fh < 0) { -- tpm_rx_fh = open(TPM_RX_FNAME, O_RDONLY); -+ if (vtpm_rx_fh < 0) { -+#ifdef VTPM_MUTLI_VM -+ vtpm_rx_fh = open(DEV_BE, O_RDWR); -+#else -+ if (type == VTPM_TYPE_PVM) { -+ vtpm_rx_fh = open(vtpm_rx_file, O_RDONLY); -+ } else { -+ if (bind(sockfd, (struct sockaddr *)&addr, sizeof(addr)) < 0) { -+ error("Unable to bind(). errno = %d\n", errno); -+ exit (-1); -+ } -+ -+ if (listen(sockfd, 10) <0) { -+ error("Unable to listen(). errno = %d\n", errno); -+ exit (-1); -+ } -+ -+ memset(&client_addr, 0, sizeof(client_addr)); -+ client_length = sizeof(client_addr); -+ -+ vtpm_rx_fh = vtpm_tx_fh = accept(sockfd, (struct sockaddr *)&client_addr, &client_length); -+ } -+#endif - } - -- if (tpm_rx_fh < 0) { -- printf("ERROR: failed to open devices to listen to guest.\n"); -+ if (vtpm_rx_fh < 0) { -+ error("Failed to open devices to listen to guest.\n"); - return -1; - } - -- if (tpm_tx_fh < 0) { -- tpm_tx_fh = open(TPM_TX_FNAME, O_WRONLY); -- } -- -- if (tpm_tx_fh < 0) { -- printf("ERROR: failed to open devices to respond to guest.\n"); -- return -1; -- } -- -- in_size = read(tpm_rx_fh, in, BUFFER_SIZE); -+ in_size = read(vtpm_rx_fh, in, BUFFER_SIZE); - if (in_size < 6) { // Magic size of minium TPM command -- printf("Recv[%d] to small: 0x", in_size); -+ info("Recv incomplete command of %d bytes.", in_size); - if (in_size <= 0) { -- close(tpm_rx_fh); -- tpm_rx_fh = -1; -+ close(vtpm_rx_fh); -+ vtpm_rx_fh = -1; - goto abort_command; - } - } else { -- printf("Recv[%d]: 0x", in_size); -+ debug_nostop("Recv[%d]: 0x", in_size); - for (i=0; i< in_size; i++) -- printf("%x ", in[i]); -- printf("\n"); -+ debug_more("%x ", in[i]); -+ debug_more("\n"); - } - -- -- if (tpm_handle_command(in, in_size, &out, &out_size) != 0) { -- printf("ERROR: Handler Failed.\n"); -+ if (guest_id == -1) { -+ guest_id = *((uint32_t *) in); -+ } else { -+ if (guest_id != *((uint32_t *) in) ) { -+ error("WARNING: More than one guest attached\n"); -+ } -+ } -+ -+ if (vtpm_tx_fh < 0) { -+#ifdef VTPM_MUTLI_VM -+ vtpm_tx_fh = open(DEV_BE, O_RDWR); -+ vtpm_rx_fh = vtpm_tx_fh; -+#else -+ if (type == VTPM_TYPE_PVM) { -+ vtpm_tx_fh = open(PVM_TX_FIFO, O_WRONLY); -+ } // No need to open the other direction for HVM -+#endif -+ } -+ -+ if (vtpm_tx_fh < 0) { -+ error("Failed to open devices to respond to guest.\n"); -+ return -1; -+ } -+ -+ // Handle the command, but skip the domain id header -+ if (tpm_handle_command(in + sizeof(uint32_t), in_size - sizeof(uint32_t), &out, &out_size) != 0) { -+ error("Handler Failed.\n"); - } - -- written = write(tpm_tx_fh, out, out_size); -+ addressed_out = (uint8_t *) tpm_malloc(sizeof(uint32_t) + out_size); -+ *(uint32_t *) addressed_out = *(uint32_t *) in; -+ memcpy(addressed_out + sizeof(uint32_t), out, out_size); -+ -+ written = write(vtpm_tx_fh, addressed_out, out_size + sizeof(uint32_t)); - -- if (written != out_size ) { -- printf("ERROR: Part of response not written %d/%d.\nAttempt: ", written, out_size); -+ if (written != out_size + sizeof(uint32_t)) { -+ error("Part of response not written %d/%d.\n", written, out_size); - } else { -- printf("Sent[%Zu]: ", out_size); -+ debug_nostop("Sent[%Zu]: ", out_size + sizeof(uint32_t)); -+ for (i=0; i< out_size+ sizeof(uint32_t); i++) -+ debug_more("%x ", addressed_out[i]); -+ debug_more("\n"); - } -- for (i=0; i< out_size; i++) -- printf("%x ", out[i]); -- printf("\n"); - tpm_free(out); -+ tpm_free(addressed_out); - - } // loop - - tpm_emulator_shutdown(); - -- close(tpm_tx_fh); -- close(tpm_rx_fh); -+ close(vtpm_tx_fh); -+#ifndef VTPM_MUTLI_VM -+ close(vtpm_rx_fh); -+ free (vtpm_rx_file); -+#endif - - } diff --git a/tools/vtpm_manager/COPYING b/tools/vtpm_manager/COPYING deleted file mode 100644 index c4b86b79c9..0000000000 --- a/tools/vtpm_manager/COPYING +++ /dev/null @@ -1,32 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== diff --git a/tools/vtpm_manager/Makefile b/tools/vtpm_manager/Makefile deleted file mode 100644 index 632f41bce3..0000000000 --- a/tools/vtpm_manager/Makefile +++ /dev/null @@ -1,18 +0,0 @@ -XEN_ROOT = $(CURDIR)/../.. - -# Base definitions and rules -include $(XEN_ROOT)/tools/vtpm_manager/Rules.mk - -SUBDIRS = crypto tcs util manager migration -OPENSSL_HEADER = /usr/include/openssl/crypto.h - -.PHONY: all clean install -all clean install: %: subdirs-% - -.PHONY: mrproper -mrproper: - @set -e; for subdir in $(SUBDIRS); do \ - $(MAKE) -C $$subdir $@; \ - done - - diff --git a/tools/vtpm_manager/README b/tools/vtpm_manager/README deleted file mode 100644 index f0d1e98cfb..0000000000 --- a/tools/vtpm_manager/README +++ /dev/null @@ -1,94 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== - -Directory Structure -=================== -tools/vtpm_manager/crypto -> crypto files -tools/vtpm_manager/TCS -> TCS implementation -tools/vtpm_manager/util -> Utility Library. Include disk-io and buffers. -tools/vtpm_manager/manager -> VTPM Manager - -Compile Flags -=================== -LOGGING_MODULES -> How extensive logging happens - see util/log.h for more info - -VTPM_MULTI_VM -> Defined: VTPMs run in their own VMs - Not Defined (default): VTPMs are processes - -# Debugging flags that may disappear without notice in the future - -DUMMY_BACKEND -> vtpm_manager listens on /tmp/in.fifo and - /tmp/out.fifo rather than backend - -MANUAL_DM_LAUNCH -> Must manually launch & kill VTPMs - -WELL_KNOWN_OWNER_AUTH -> Rather than randomly generating the password for the owner, - use a well known value. This is useful for debugging and for - poor bios which do not support clearing TPM if OwnerAuth is - lost. However this has no protection from malicious app - issuing a TPM_OwnerClear to wipe the TPM - -Requirements -============ -- xen-unstable -- vtpm frontend/backend driver patch -- OpenSSL Library - -Single-VM Flow -============================ -- Launch the VTPM manager (vtpm_managerd) which which begins listening to the BE with one thread - and listens to a named fifo that is shared by the vtpms to commuincate with the manager. -- VTPM Manager listens to TPM BE. -- When xend launches a tpm frontend equipped VM it contacts the manager over the vtpm backend. -- When the manager receives the open message from the BE, it launches a vtpm -- Xend allows the VM to continue booting. -- When a TPM request is issued to the front end, the front end transmits the TPM request to the backend. -- The manager receives the TPM requests and uses a named fifo to forward the request to the vtpm. -- The fifo listener begins listening for the reply from vtpm for the request. -- Vtpm processes request and replies to manager over shared named fifo. -- If needed, the vtpm may send a request to the vtpm_manager at any time to save it's secrets to disk. -- Manager receives response from vtpm and passes it back to backend for forwarding to guest. - -NOTES: -* SaveService SHOULD seal it's table before saving it to disk. However, - the current Xen infrastructure does not provide a mechanism for this to be - unsealed later. Specifically, the auth and wrapped key must be available ONLY - to the service, or it's not even worth encrypting - - In the future the vtpm manager will be protected by an early boot mechanism - that will allow for better protection of it's data. - -TODO: -- Timeout on crashed vtpms -- create lock for shared fifo for talking to vtpms. diff --git a/tools/vtpm_manager/Rules.mk b/tools/vtpm_manager/Rules.mk deleted file mode 100644 index 651772ba61..0000000000 --- a/tools/vtpm_manager/Rules.mk +++ /dev/null @@ -1,59 +0,0 @@ -# Base definitions and rules (XEN_ROOT must be defined in including Makefile) -include $(XEN_ROOT)/tools/Rules.mk - -# -# Tool definitions -# - -# General compiler flags -CFLAGS = -Werror -g3 - -# Generic project files -HDRS = $(wildcard *.h) -SRCS = $(wildcard *.c) -OBJS = $(patsubst %.c,%.o,$(SRCS)) - -# Generic (non-header) dependencies -$(SRCS): Makefile $(XEN_ROOT)/tools/Rules.mk $(XEN_ROOT)/tools/vtpm_manager/Rules.mk - -$(OBJS): $(SRCS) - --include $(FILES) - -# Make sure these are just rules -.PHONY : all build install clean - -# -# Project-specific definitions -# - -# Need UNIX98 spec for pthread rwlocks -CFLAGS += -D_GNU_SOURCE - -# Logging Level. See utils/tools.h for usage -CFLAGS += -DLOGGING_MODULES="(BITMASK(VTPM_LOG_TCS)|BITMASK(VTPM_LOG_VTSP)|BITMASK(VTPM_LOG_VTPM))" - -# Silent Mode -#CFLAGS += -DLOGGING_MODULES=0x0 -#CFLAGS += -DLOGGING_MODULES=0xff - -# Use frontend/backend pairs between manager & DMs? -#CFLAGS += -DVTPM_MULTI_VM - -# vtpm_manager listens on fifo's rather than backend -#CFLAGS += -DDUMMY_BACKEND - -# TCS talks to fifo's rather than /dev/tpm. TPM Emulator assumed on fifos -#CFLAGS += -DDUMMY_TPM - -# Do not have manager launch DMs. -#CFLAGS += -DMANUAL_DM_LAUNCH - -# Fixed OwnerAuth -#CFLAGS += -DWELL_KNOWN_OWNER_AUTH - -# Include -CFLAGS += -I$(XEN_ROOT)/tools/vtpm_manager/crypto -CFLAGS += -I$(XEN_ROOT)/tools/vtpm_manager/util -CFLAGS += -I$(XEN_ROOT)/tools/vtpm_manager/tcs -CFLAGS += -I$(XEN_ROOT)/tools/vtpm_manager/manager diff --git a/tools/vtpm_manager/crypto/Makefile b/tools/vtpm_manager/crypto/Makefile deleted file mode 100644 index 13b61c984a..0000000000 --- a/tools/vtpm_manager/crypto/Makefile +++ /dev/null @@ -1,24 +0,0 @@ -XEN_ROOT = $(CURDIR)/../../.. -include $(XEN_ROOT)/tools/vtpm_manager/Rules.mk - -BIN = libtcpaCrypto.a - -.PHONY: all -all: build - -.PHONY: build -build: $(BIN) - -.PHONY: install -install: build - -.PHONY: clean -clean: - rm -f *.a *.so *.o *.rpm $(DEP_FILES) - -.PHONY: mrproper -mrproper: clean - rm -f *~ - -$(BIN): $(OBJS) - $(AR) rcs $(BIN) $(OBJS) diff --git a/tools/vtpm_manager/crypto/crypto.c b/tools/vtpm_manager/crypto/crypto.c deleted file mode 100644 index 7dae655d53..0000000000 --- a/tools/vtpm_manager/crypto/crypto.c +++ /dev/null @@ -1,88 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== -// -// crypto.c -// -// This file will handle all the TPM Crypto functionality -// -// ================================================================== - -#include <string.h> -#include <openssl/crypto.h> -#include <openssl/err.h> -#include <openssl/evp.h> -#include <openssl/rand.h> -#include "crypto.h" -#include "log.h" - -/** - * Initialize cryptography library - * @rand: random seed - * @size: size of @rand - */ -void Crypto_Init(const BYTE* rand, int size) { - ERR_load_crypto_strings(); - CRYPTO_malloc_init(); - OpenSSL_add_all_algorithms(); - SYM_CIPHER = EVP_aes_128_cbc(); - RAND_poll(); - if (rand == NULL) - return; - - RAND_add(rand, size, size); -} - -/** - * Shutdown cryptography library - */ -void Crypto_Exit() { - ERR_free_strings(); - ERR_remove_state(0); - EVP_cleanup(); -} - - -/** - * Get random data - * @data: (OUT) Random data - * @size: Size of @data - */ -void Crypto_GetRandom(void* data, int size) { - int result; - - result = RAND_pseudo_bytes((BYTE*) data, size); - - if (result <= 0) - vtpmlogerror (VTPM_LOG_CRYPTO, "RAND_pseudo_bytes failed: %s\n", - ERR_error_string (ERR_get_error(), NULL)); -} diff --git a/tools/vtpm_manager/crypto/crypto.h b/tools/vtpm_manager/crypto/crypto.h deleted file mode 100644 index 488d4d6364..0000000000 --- a/tools/vtpm_manager/crypto/crypto.h +++ /dev/null @@ -1,175 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== -// -// crypto.h -// -// This file defines the TPM Crypto API -// -// ================================================================== - -#ifndef __CRYPTO_H__ -#define __CRYPTO_H__ - -#include <stddef.h> -#include <stdint.h> -#include <stdbool.h> - -#include "tcg.h" -#include "sym_crypto.h" - -#define CRYPTO_MAX_SIG_SIZE (2048 / 8) -#define CRYPTO_MAX_RSA_KEY_SIZE (4096 / 8) //in bytes - -#define OAEP_P "TCPA" -#define OAEP_P_SIZE 4 - -// Algorithms supported by crypto. Stored in CRYPTO_INFO.algorithmID -#define CRYPTO_ALGORITH_RSA 0x01 - -// Supported Encryption Schemes CRYPTO_INFO.encScheme -#define CRYPTO_ES_NONE 0x0001 -#define CRYPTO_ES_RSAESPKCSv15 0x0002 -#define CRYPTO_ES_RSAESOAEP_SHA1_MGF1 0x0003 - -// Supported Signature schemes CRYPTO_INFO.sigScheme -#define CRYPTO_SS_NONE 0x0001 -#define CRYPTO_SS_RSASSAPKCS1v15_SHA1 0x0002 -#define CRYPTO_SS_RSASSAPKCS1v15_DER 0x0003 - -typedef struct CRYPTO_INFO { - void *keyInfo; - UINT32 algorithmID; - UINT32 encScheme; - UINT32 sigScheme; -} CRYPTO_INFO; - - -void Crypto_Init(const BYTE* rand, int size); - -void Crypto_Exit(); - -void Crypto_GetRandom(void* data, int size); - -void Crypto_HMAC( const BYTE* text, - int text_len, - const BYTE* key, - int key_len, - BYTE* digest); - -TPM_RESULT Crypto_HMAC_buf (const buffer_t * text, - const buffer_t * key, - BYTE * o_digest); /* presumably of 20 bytes */ - -void Crypto_SHA1Full( const BYTE* text, - UINT32 size, - BYTE* hash); //Complete 3part SHA1 - -// o_hash needs to be large enough to hold the digest, ie 20 bytes -TPM_RESULT Crypto_SHA1Full_buf (const buffer_t * buf, - BYTE * o_hash); - -void Crypto_SHA1Start(UINT32* maxNumBytes); -void Crypto_SHA1Update(int numBytes, const BYTE* hashData); -void Crypto_SHA1Complete( int hashDataSize, - const BYTE* hashData, - BYTE* hashValue); - -void Crypto_RSACreateKey( /*in*/ UINT32 keySize, - /*in*/ UINT32 pubExpSize, - /*in*/ BYTE *pubExp, - /*out*/ UINT32 *privExpSize, - /*out*/ BYTE *privExp, - /*out*/ UINT32 *modulusSize, - /*out*/ BYTE *modulus, - /*out*/ CRYPTO_INFO *keys); - -void Crypto_RSABuildCryptoInfo( /*[IN]*/ UINT32 pubExpSize, - /*[IN]*/ BYTE *pubExp, - /*[IN]*/ UINT32 privExpSize, - /*[IN]*/ BYTE *privExp, - /*[IN]*/ UINT32 modulusSize, - /*[IN]*/ BYTE *modulus, - /*[OUT]*/ CRYPTO_INFO* cryptoInfo); - -void Crypto_RSABuildCryptoInfoPublic( /*[IN]*/ UINT32 pubExpSize, - /*[IN]*/ BYTE *pubExp, - /*[IN]*/ UINT32 modulusSize, - /*[IN]*/ BYTE *modulus, - CRYPTO_INFO* cryptoInfo); - -// -// symmetric pack and unpack operations -// -TPM_RESULT Crypto_RSAPackCryptoInfo (const CRYPTO_INFO* cryptoInfo, - BYTE ** io_buf, UINT32 * io_buflen); - -TPM_RESULT Crypto_RSAUnpackCryptoInfo (CRYPTO_INFO * ci, - BYTE * in, UINT32 len, - UINT32 * o_lenread); - - -// return 0 on success, -1 on error -int Crypto_RSAEnc( CRYPTO_INFO *keys, - UINT32 inDataSize, - BYTE *inData, - /*out*/ UINT32 *outDataSize, - /*out*/ BYTE *outData); - -// return 0 on success, -1 on error -int Crypto_RSADec( CRYPTO_INFO *keys, - UINT32 inDataSize, - BYTE *inData, - /*out*/ UINT32 *outDataSize, - /*out*/ BYTE *outData); - -// return 0 on success, -1 on error -int Crypto_RSASign( CRYPTO_INFO *keys, - UINT32 inDataSize, - BYTE *inData, - /*out*/ UINT32 *sigSize, - /*out*/ BYTE *sig); - -bool Crypto_RSAVerify( CRYPTO_INFO *keys, - UINT32 inDataSize, - BYTE *inData, - UINT32 sigSize, - BYTE *sig); - -//private: -int RSA_verify_DER(int dtype, unsigned char *m, unsigned int m_len, - unsigned char *sigbuf, unsigned int siglen, CRYPTO_INFO *key); - -int RSA_sign_DER(int type, unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, CRYPTO_INFO *key); - -#endif // __CRYPTO_H__ diff --git a/tools/vtpm_manager/crypto/hash.c b/tools/vtpm_manager/crypto/hash.c deleted file mode 100644 index c73114ae17..0000000000 --- a/tools/vtpm_manager/crypto/hash.c +++ /dev/null @@ -1,153 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== -// -// hash.c -// -// This file will handle all the TPM Hash functionality -// -// ================================================================== - -#include <string.h> -#include <openssl/crypto.h> -#include <openssl/err.h> -#include <openssl/evp.h> -#include <openssl/rand.h> -#include <openssl/hmac.h> -#include <openssl/sha.h> -#include <openssl/bn.h> -#include <openssl/rsa.h> - -#include "tcg.h" // for TPM_SUCCESS -#include "crypto.h" - -static SHA_CTX g_shaContext; - -void Crypto_HMAC( const BYTE* text, - int text_len, - const BYTE* key, - int key_len, - BYTE* digest) { - if (text == NULL || key == NULL || text_len == 0 || key_len == 0) - return; - - HMAC(EVP_sha1(), key, key_len, text, text_len, digest, NULL); -} - -TPM_RESULT Crypto_HMAC_buf (const buffer_t * text, - const buffer_t * key, - BYTE * o_digest) { /* presumably of 20 bytes */ - - Crypto_HMAC (text->bytes, text->size, - key->bytes, key->size, - o_digest); - - return TPM_SUCCESS; -} - - -/* - * SHA1 - * (OUT) Create a SHA1 hash of text. Calls all three SHA1 steps internally - */ -void Crypto_SHA1Full( const BYTE* text, - uint32_t size, - BYTE* hash) { - - if (text == NULL || size == 0) - return; - - // Run SHA1Start + SHAUpdate (if necessary) + SHAComplete - uint32_t maxBytes; // Not used for anything - Crypto_SHA1Start(&maxBytes); - - while (size > 64){ - Crypto_SHA1Update(64, text); - size -= 64; - text += 64; - } - - Crypto_SHA1Complete(size, text, hash); -} - -// same thing using buffer_t -TPM_RESULT Crypto_SHA1Full_buf (const buffer_t * buf, - BYTE * o_digest) { - - if (buf->bytes == NULL || buf->size == 0) - return TPM_BAD_PARAMETER; - - Crypto_SHA1Full (buf->bytes, buf->size, o_digest); - - return TPM_SUCCESS; -} - - -/* - * Initialize SHA1 - * (OUT) Maximum number of bytes that can be sent to SHA1Update. - * Must be a multiple of 64 bytes. - */ -void Crypto_SHA1Start(uint32_t* maxNumBytes) { - int max = SHA_CBLOCK; - // Initialize the crypto library - SHA1_Init(&g_shaContext); - *maxNumBytes = max; -} - -/* - * Process SHA1 - * @numBytes: (IN) The number of bytes in hashData. - * Must be a multiple of 64 bytes. - * @hashData: (IN) Bytes to be hashed. - */ -void Crypto_SHA1Update(int numBytes, const BYTE* hashData) { - - if (hashData == NULL || numBytes == 0 || numBytes%64 != 0) - return; - - SHA1_Update(&g_shaContext, hashData, numBytes); -} - -/* - * Complete the SHA1 process - * @hashDataSize: (IN) Number of bytes in hashData. - * Must be a multiple of 64 bytes. - * @hashData: (IN) Final bytes to be hashed. - * @hashValue: (OUT) The output of the SHA-1 hash. - */ -void Crypto_SHA1Complete(int hashDataSize, - const BYTE* hashData, - BYTE* hashValue) { - SHA1_Update(&g_shaContext, hashData, hashDataSize); - SHA1_Final(hashValue, &g_shaContext); -} diff --git a/tools/vtpm_manager/crypto/rsa.c b/tools/vtpm_manager/crypto/rsa.c deleted file mode 100644 index 7737dc60ec..0000000000 --- a/tools/vtpm_manager/crypto/rsa.c +++ /dev/null @@ -1,434 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== -// -// rsa.c -// -// This file will handle all the TPM RSA crypto functionality -// -// ================================================================== - -#include <string.h> -#include <openssl/crypto.h> -#include <openssl/evp.h> -#include <openssl/bn.h> -#include <openssl/rsa.h> -#include <openssl/rand.h> -#include <openssl/x509.h> - -#include <openssl/err.h> -#include <stdio.h> - -#include "tcg.h" -#include "buffer.h" -#include "crypto.h" -#include "log.h" - -void Crypto_RSACreateKey( /*in*/ UINT32 keySize, - /*in*/ UINT32 pubExpSize, - /*in*/ BYTE *pubExp, - /*out*/ UINT32 *privExpSize, - /*out*/ BYTE *privExp, - /*out*/ UINT32 *modulusSize, - /*out*/ BYTE *modulus, - /*out*/ CRYPTO_INFO *keys) { - unsigned long e_value; - - if (pubExpSize == 0) // Default e = 2^16+1 - e_value = (0x01 << 16) + 1; - else { - // This is not supported, but the following line MIGHT work - // under then assumption that the format is BigNum compatable - // Though it's not in the spec, so who knows what it is. - // Forcing the default. - //BN_bin2bn(pubExp, pubExpSize, NULL); - e_value = (0x01 << 16) + 1; - } - - RSA *rsa = RSA_generate_key(keySize, e_value, NULL, NULL); - - if (keys) { - keys->keyInfo = rsa; - keys->algorithmID = CRYPTO_ALGORITH_RSA; - } - - if (modulus) *modulusSize = BN_bn2bin(rsa->n, modulus); - if (privExp) *privExpSize = BN_bn2bin(rsa->d, privExp); -} - -// Create a CRYPTO_INFO struct from the BYTE * key parts. -// If pubExp info is NULL, use TCG default. -// If there is a remainder while calculating the privExp, return FALSE. - -void Crypto_RSABuildCryptoInfo( /*[IN]*/ UINT32 pubExpSize, - /*[IN]*/ BYTE *pubExp, - /*[IN]*/ UINT32 privExpSize, - /*[IN]*/ BYTE *privExp, - /*[IN]*/ UINT32 modulusSize, - /*[IN]*/ BYTE *modulus, - CRYPTO_INFO* cryptoInfo) { - cryptoInfo->keyInfo = RSA_new(); - RSA *rsa = (RSA *) cryptoInfo->keyInfo; - - rsa->e = BN_new(); - - if (pubExpSize == 0) { // Default e = 2^16+1 - BN_set_bit(rsa->e, 16); - BN_set_bit(rsa->e, 0); - } else { - // This is not supported, but the following line MIGHT work - // under then assumption that the format is BigNum compatable - // Though it's not in the spec, so who knows what it is. - // Forcing the default. - //BN_bin2bn(pubExp, pubExpSize, NULL); - BN_set_bit(rsa->e, 16); - BN_set_bit(rsa->e, 0); - } - - rsa->n = BN_bin2bn(modulus, modulusSize, NULL); - rsa->d = BN_bin2bn(privExp, privExpSize, NULL); -} - -// Create a CRYPTO_INFO struct from the BYTE * key parts. -// If pubExp info is NULL, use TCG default. -// If there is a remainder while calculating the privExp, return FALSE. - -void Crypto_RSABuildCryptoInfoPublic( /*[IN]*/ UINT32 pubExpSize, - /*[IN]*/ BYTE *pubExp, - /*[IN]*/ UINT32 modulusSize, - /*[IN]*/ BYTE *modulus, - CRYPTO_INFO* cryptoInfo) { - cryptoInfo->keyInfo = RSA_new(); - RSA *rsa = (RSA *) cryptoInfo->keyInfo; - - rsa->e = BN_new(); - - if (pubExpSize == 0) { // Default e = 2^16+1 - BN_set_bit(rsa->e, 16); - BN_set_bit(rsa->e, 0); - } else { - // This is not supported, but the following line MIGHT work - // under then assumption that the format is BigNum compatable - // Though it's not in the spec, so who knows what it is. - // Forcing the default. - //BN_bin2bn(pubExp, pubExpSize, NULL); - BN_set_bit(rsa->e, 16); - BN_set_bit(rsa->e, 0); - } - - rsa->n = BN_bin2bn(modulus, modulusSize, NULL); - -} - -int Crypto_RSAEnc( CRYPTO_INFO *key, - UINT32 inDataSize, - BYTE *inData, - /*out*/ UINT32 *outDataSize, - /*out*/ BYTE *outData) { - RSA *rsa = (RSA *) key->keyInfo; - UINT32 paddedDataSize = RSA_size (rsa); - BYTE *paddedData = (BYTE *)malloc(sizeof(BYTE) * paddedDataSize); - int rc; - - if (paddedData == NULL) - return -1; - - *outDataSize = 0; - - switch (key->encScheme) { - case CRYPTO_ES_RSAESPKCSv15: - if (RSA_padding_add_PKCS1_type_2(paddedData, paddedDataSize, inData, inDataSize) <= 0) { - rc = -1; - goto abort_egress; - } - break; - case CRYPTO_ES_RSAESOAEP_SHA1_MGF1: - if (RSA_padding_add_PKCS1_OAEP(paddedData,paddedDataSize,inData,inDataSize, (BYTE *) OAEP_P,OAEP_P_SIZE) <= 0 ) { - rc = -1; - goto abort_egress; - } - break; - default: - rc = -1; - goto abort_egress; - } - - rc = RSA_public_encrypt(paddedDataSize, paddedData, outData, rsa, RSA_NO_PADDING); - if (rc == -1) - goto abort_egress; - - *outDataSize = rc; - - if (rc > 0) rc = 0; - - goto egress; - - abort_egress: - egress: - - if (paddedData) - free (paddedData); - return rc; - -} - -int Crypto_RSADec( CRYPTO_INFO *key, - UINT32 inDataSize, - BYTE *inData, - /*out*/ UINT32 *outDataSize, - /*out*/ BYTE *outData) { - - RSA *rsa = (RSA *) key->keyInfo; - UINT32 paddedDataSize = RSA_size (rsa); - BYTE *paddedData = (BYTE *)malloc(sizeof(BYTE) * paddedDataSize); - int rc; - - if (paddedData == NULL) - goto abort_egress; - - rc = RSA_private_decrypt(inDataSize, inData, paddedData, rsa, RSA_NO_PADDING); - if (rc == -1) { - vtpmlogerror(VTPM_LOG_CRYPTO, "RSA_private_decrypt: %s\n", ERR_error_string(ERR_get_error(), NULL)); - goto abort_egress; - } - - paddedDataSize = rc; - - switch (key->encScheme) { - case CRYPTO_ES_RSAESPKCSv15: - rc = RSA_padding_check_PKCS1_type_2 (outData, paddedDataSize, - paddedData + 1, paddedDataSize - 1, - RSA_size(rsa)); - if (rc == -1) { - vtpmlogerror(VTPM_LOG_CRYPTO, "RSA_padding_check_PKCS1_type_2: %s\n", - ERR_error_string(ERR_get_error(), NULL)); - goto abort_egress; - } - *outDataSize = rc; - break; - case CRYPTO_ES_RSAESOAEP_SHA1_MGF1: - rc = RSA_padding_check_PKCS1_OAEP(outData, paddedDataSize, - paddedData + 1, paddedDataSize - 1, - RSA_size(rsa), - (BYTE *) OAEP_P, OAEP_P_SIZE); - if (rc == -1) { - vtpmlogerror(VTPM_LOG_CRYPTO, "RSA_padding_check_PKCS1_OAEP: %s\n", - ERR_error_string(ERR_get_error(), NULL)); - goto abort_egress; - } - *outDataSize = rc; - break; - default: - *outDataSize = 0; - } - - free(paddedData); paddedData = NULL; - goto egress; - - abort_egress: - - if (paddedData) - free (paddedData); - return -1; - - egress: - return 0; -} - -// Signs either a SHA1 digest of a message or a DER encoding of a message -// Textual messages MUST be encoded or Hashed before sending into this function -// It will NOT SHA the message. -int Crypto_RSASign( CRYPTO_INFO *key, - UINT32 inDataSize, - BYTE *inData, - /*out*/ UINT32 *sigSize, - /*out*/ BYTE *sig) { - int status; - unsigned int intSigSize; - - switch(key->sigScheme) { - case CRYPTO_SS_RSASSAPKCS1v15_SHA1: - status = RSA_sign(NID_sha1, inData, inDataSize, sig, &intSigSize, (RSA *) key->keyInfo); - break; - case CRYPTO_SS_RSASSAPKCS1v15_DER: - // status = Crypto_RSA_sign_DER(NID_md5_sha1, inData, inDataSize, sig, &intSigSize, key); - vtpmlogerror(VTPM_LOG_CRYPTO, "Crypto: Unimplemented sign type (%d)\n", key->sigScheme); - status = 0; - break; - default: - status = 0; - } - - if (status == 0) { - *sigSize = 0; - vtpmlogerror(VTPM_LOG_CRYPTO, "%s\n", ERR_error_string(ERR_get_error(), NULL)); - return -1; - } - - *sigSize = (UINT32) intSigSize; - return 0; -} - -bool Crypto_RSAVerify( CRYPTO_INFO *key, - UINT32 inDataSize, - BYTE *inData, - UINT32 sigSize, - BYTE *sig) { - int status; - - switch(key->sigScheme){ - case CRYPTO_SS_RSASSAPKCS1v15_SHA1: - status = RSA_verify(NID_sha1, inData, inDataSize, sig, sigSize, (RSA *) key->keyInfo); - break; - case CRYPTO_SS_RSASSAPKCS1v15_DER: - //status = Crypto_RSA_verify_DER(NID_md5_sha1, inData, inDataSize, sig, sigSize, key); - vtpmlogerror(VTPM_LOG_CRYPTO, "Crypto: Unimplemented sign type (%d)\n", key->sigScheme); - status = 0; - break; - default: - status = 0; - } - - if (status) - return(1); - else { - vtpmlogerror(VTPM_LOG_CRYPTO, "RSA verify: %s\n", ERR_error_string(ERR_get_error(), NULL)); - return(0); - } - -} - -// helper which packs everything into a BIO! - -// packs the parameters first, then the private key, then the public key -// if *io_buf is NULL, allocate it here as needed. otherwise its size is in -// *io_buflen -TPM_RESULT Crypto_RSAPackCryptoInfo (const CRYPTO_INFO* cryptoInfo, - BYTE ** io_buf, UINT32 * io_buflen) { - TPM_RESULT status = TPM_SUCCESS; - BYTE * buf; - long len, outlen = *io_buflen; - - const long PARAMSLEN = 3*sizeof(UINT32); - - RSA *rsa = (RSA *) cryptoInfo->keyInfo; - - BIO *mem = BIO_new(BIO_s_mem()); - - - // write the openssl keys to the BIO - if ( i2d_RSAPrivateKey_bio (mem, rsa) == 0 ) { - ERR_print_errors_fp (stderr); - ERRORDIE (TPM_SIZE); - } - if ( i2d_RSAPublicKey_bio (mem, rsa) == 0 ) { - ERR_print_errors_fp (stderr); - ERRORDIE (TPM_SIZE); - } - - // get the buffer out - len = BIO_get_mem_data (mem, &buf); - - // see if we need to allocate a return buffer - if (*io_buf == NULL) { - *io_buf = (BYTE*) malloc (PARAMSLEN + len); - if (*io_buf == NULL) - ERRORDIE (TPM_SIZE); - } else { // *io_buf is already allocated - if (outlen < len + PARAMSLEN) - ERRORDIE (TPM_SIZE); // but not large enough! - } - - // copy over the parameters (three UINT32's starting at algorithmID) - memcpy (*io_buf, &cryptoInfo->algorithmID, PARAMSLEN); - - // copy over the DER keys - memcpy (*io_buf + PARAMSLEN, buf, len); - - *io_buflen = len + PARAMSLEN; - - goto egress; - - - abort_egress: - egress: - - BIO_free (mem); - - return status; -} - - - -// sets up ci, and returns the number of bytes read in o_lenread -TPM_RESULT Crypto_RSAUnpackCryptoInfo (CRYPTO_INFO * ci, - BYTE * in, UINT32 len, - UINT32 * o_lenread) { - - TPM_RESULT status = TPM_SUCCESS; - long l; - BIO *mem; - RSA *rsa; - - // first load up the params - l = 3 * sizeof(UINT32); - memcpy (&ci->algorithmID, in, l); - len -= l; - in += l; - - // and now the openssl keys, private first - mem = BIO_new_mem_buf (in, len); - - if ( (rsa = d2i_RSAPrivateKey_bio (mem, NULL)) == NULL ) { - ERR_print_errors_fp (stderr); - ERRORDIE (TPM_BAD_PARAMETER); - } - // now use the same RSA object and fill in the private key - if ( d2i_RSAPublicKey_bio (mem, &rsa) == NULL ) { - ERR_print_errors_fp (stderr); - ERRORDIE (TPM_BAD_PARAMETER); - } - - ci->keyInfo = rsa; // needs to be freed somehow later - - // FIXME: havent figured out yet how to tell how many bytes were read in the - // above oprations! so o_lenread is not set - - goto egress; - - abort_egress: - egress: - - BIO_free (mem); - - return status; -} diff --git a/tools/vtpm_manager/crypto/sym_crypto.c b/tools/vtpm_manager/crypto/sym_crypto.c deleted file mode 100644 index 3d86e19eb2..0000000000 --- a/tools/vtpm_manager/crypto/sym_crypto.c +++ /dev/null @@ -1,237 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== -// -// sym_crypto.c -// -// Symmetric crypto portion of crypto -// -// ================================================================== - -#include <openssl/evp.h> -#include <openssl/rand.h> - -#include "tcg.h" -#include "sym_crypto.h" - -typedef enum crypt_op_type_t { - CRYPT_ENCRYPT, - CRYPT_DECRYPT -} crypt_op_type_t; - -TPM_RESULT ossl_symcrypto_op (symkey_t* key, - const buffer_t* in, - const buffer_t* iv, - buffer_t * out, - crypt_op_type_t optype); - - -// this is initialized in Crypto_Init() -const EVP_CIPHER * SYM_CIPHER = NULL; - -const BYTE ZERO_IV[EVP_MAX_IV_LENGTH] = {0}; - - -TPM_RESULT Crypto_symcrypto_initkey (symkey_t * key, const buffer_t* keybits) { - TPM_RESULT status = TPM_SUCCESS; - - EVP_CIPHER_CTX_init (&key->context); - - key->cipher = SYM_CIPHER; - - TPMTRYRETURN( buffer_init_copy (&key->key, keybits)); - - goto egress; - - abort_egress: - EVP_CIPHER_CTX_cleanup (&key->context); - - egress: - - return status; -} - - - -TPM_RESULT Crypto_symcrypto_genkey (symkey_t * key) { - int res; - TPM_RESULT status = TPM_SUCCESS; - - // hmm, EVP_CIPHER_CTX_init does not return a value - EVP_CIPHER_CTX_init (&key->context); - - key->cipher = SYM_CIPHER; - - TPMTRYRETURN( buffer_init (&key->key, EVP_CIPHER_key_length(key->cipher), NULL)) ; - - // and generate the key material - res = RAND_pseudo_bytes (key->key.bytes, key->key.size); - if (res < 0) - ERRORDIE (TPM_SHORTRANDOM); - - - goto egress; - - abort_egress: - EVP_CIPHER_CTX_cleanup (&key->context); - buffer_free (&key->key); - - egress: - return status; -} - - -TPM_RESULT Crypto_symcrypto_encrypt (symkey_t* key, - const buffer_t* clear, - buffer_t* o_cipher) { - TPM_RESULT status = TPM_SUCCESS; - - buffer_t iv, cipher_alias; - - buffer_init_const (&iv, EVP_MAX_IV_LENGTH, ZERO_IV); - - buffer_init (o_cipher, - clear->size + - EVP_CIPHER_iv_length(key->cipher) + - EVP_CIPHER_block_size (key->cipher), - 0); - - // copy the IV into the front - buffer_copy (o_cipher, &iv); - - // make an alias into which we'll put the ciphertext - buffer_init_alias (&cipher_alias, o_cipher, EVP_CIPHER_iv_length(key->cipher), 0); - - TPMTRYRETURN( ossl_symcrypto_op (key, clear, &iv, &cipher_alias, CRYPT_ENCRYPT) ); - - // set the output size correctly - o_cipher->size += cipher_alias.size; - - goto egress; - - abort_egress: - - egress: - - return status; - -} - - - -TPM_RESULT Crypto_symcrypto_decrypt (symkey_t* key, - const buffer_t* cipher, - buffer_t* o_clear) { - TPM_RESULT status = TPM_SUCCESS; - - buffer_t iv, cipher_alias; - - // alias for the IV - buffer_init_alias (&iv, cipher, 0, EVP_CIPHER_iv_length(key->cipher)); - - // make an alias to where the ciphertext is, after the IV - buffer_init_alias (&cipher_alias, cipher, EVP_CIPHER_iv_length(key->cipher), 0); - - // prepare the output buffer - TPMTRYRETURN( buffer_init (o_clear, - cipher->size - - EVP_CIPHER_iv_length(key->cipher) - + EVP_CIPHER_block_size(key->cipher), - 0) ); - - // and decrypt - TPMTRYRETURN ( ossl_symcrypto_op (key, &cipher_alias, &iv, o_clear, CRYPT_DECRYPT) ); - - goto egress; - - abort_egress: - buffer_free (o_clear); - - egress: - - return status; -} - - - -TPM_RESULT Crypto_symcrypto_freekey (symkey_t * key) { - buffer_memset (&key->key, 0); - buffer_free (&key->key); - - EVP_CIPHER_CTX_cleanup (&key->context); - - return TPM_SUCCESS; -} - - -TPM_RESULT ossl_symcrypto_op (symkey_t* key, - const buffer_t* in, - const buffer_t* iv, - buffer_t * out, - crypt_op_type_t optype) { - TPM_RESULT status = TPM_SUCCESS; - - int inlen, outlen; - tpm_size_t running; - - if ( ! EVP_CipherInit_ex (&key->context, - key->cipher, NULL, key->key.bytes, iv->bytes, - optype == CRYPT_ENCRYPT ? 1 : 0) ) - ERRORDIE (TPM_FAIL); - - - - inlen = in->size; - - outlen = 0; - running = 0; - - - if ( ! EVP_CipherUpdate (&key->context, out->bytes, &outlen, in->bytes, inlen) ) - ERRORDIE (TPM_FAIL); - - running += outlen; - - if ( ! EVP_CipherFinal_ex (&key->context, out->bytes + running, &outlen) ) - ERRORDIE (TPM_FAIL); - - running += outlen; - - out->size = running; - - goto egress; - - abort_egress: - egress: - - return status; -} diff --git a/tools/vtpm_manager/crypto/sym_crypto.h b/tools/vtpm_manager/crypto/sym_crypto.h deleted file mode 100644 index 7fb59a88cb..0000000000 --- a/tools/vtpm_manager/crypto/sym_crypto.h +++ /dev/null @@ -1,72 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== -// -// sym_crypto.h -// -// Symmetric Crypto -// -// ================================================================== - -#ifndef _SYM_CRYPTO_H -#define _SYM_CRYPTO_H - -#include <openssl/evp.h> -#include "buffer.h" - -typedef struct symkey_t { - buffer_t key; - - EVP_CIPHER_CTX context; - const EVP_CIPHER * cipher; -} symkey_t; - -extern const EVP_CIPHER * SYM_CIPHER; - -TPM_RESULT Crypto_symcrypto_genkey (symkey_t * key); - -TPM_RESULT Crypto_symcrypto_initkey (symkey_t * key, const buffer_t* keybits); - - -// these functions will allocate their output buffers -TPM_RESULT Crypto_symcrypto_encrypt (symkey_t* key, - const buffer_t* clear, - buffer_t* o_cipher); - -TPM_RESULT Crypto_symcrypto_decrypt (symkey_t* key, - const buffer_t* cipher, - buffer_t* o_clear); - -// only free the internal parts, not the 'key' ptr -TPM_RESULT Crypto_symcrypto_freekey (symkey_t * key); - -#endif /* _SYM_CRYPTO_H */ diff --git a/tools/vtpm_manager/manager/Makefile b/tools/vtpm_manager/manager/Makefile deleted file mode 100644 index a33c18adbe..0000000000 --- a/tools/vtpm_manager/manager/Makefile +++ /dev/null @@ -1,38 +0,0 @@ -XEN_ROOT = $(CURDIR)/../../.. -include $(XEN_ROOT)/tools/vtpm_manager/Rules.mk - -BIN = vtpm_managerd - -.PHONY: all -all: build - -.PHONY: build -build: $(BIN) - -.PHONY: install -install: build - if [ ! -d "$(DESTDIR)/var/vtpm/fifos" ]; \ - then mkdir -p $(DESTDIR)/var/vtpm/fifos; \ - fi - if [ ! -d "$(DESTDIR)/var/vtpm/socks" ]; \ - then mkdir -p $(DESTDIR)/var/vtpm/socks; \ - fi - $(INSTALL_PROG) $(BIN) $(DESTDIR)$(BINDIR) - -.PHONY: clean -clean: - rm -f $(BIN) - rm -f *.a *.so *.o *.rpm $(DEP_FILES) - -.PHONY: mrproper -mrproper: clean - rm -f *~ - -$(BIN): $(OBJS) - $(CC) $(LDFLAGS) $^ $(LIBS) -o $@ - -# libraries -LIBS += ../tcs/libTCS.a ../util/libTCGUtils.a ../crypto/libtcpaCrypto.a -LIBS += -lcrypto $(PTHREAD_LIBS) -lm -CFLAGS += $(PTHREAD_CFLAGS) -LDFLAGS += $(PTHREAD_LDFLAGS) diff --git a/tools/vtpm_manager/manager/dmictl.c b/tools/vtpm_manager/manager/dmictl.c deleted file mode 100644 index 5c3cf7ec74..0000000000 --- a/tools/vtpm_manager/manager/dmictl.c +++ /dev/null @@ -1,266 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== -// -// dmictl.c -// -// Functions for creating and destroying DMIs -// -// ================================================================== - -#include <stdio.h> -#include <unistd.h> -#include <string.h> - -#include "vtpmpriv.h" -#include "bsg.h" -#include "buffer.h" -#include "log.h" -#include "hashtable.h" -#include "hashtable_itr.h" -#include "vtpm_ipc.h" - -#define TPM_EMULATOR_PATH "/usr/bin/vtpmd" - -// if dmi_res is non-null, then return a pointer to new object. -// Also, this does not fill in the measurements. They should be filled by -// design dependent code or saveNVM -TPM_RESULT init_dmi(UINT32 dmi_id, BYTE dmi_type, VTPM_DMI_RESOURCE **dmi_res) { - - TPM_RESULT status=TPM_SUCCESS; - VTPM_DMI_RESOURCE *new_dmi=NULL; - UINT32 *dmi_id_key=NULL; - - if ((new_dmi = (VTPM_DMI_RESOURCE *) malloc (sizeof(VTPM_DMI_RESOURCE))) == NULL) { - status = TPM_RESOURCES; - goto abort_egress; - } - memset(new_dmi, 0, sizeof(VTPM_DMI_RESOURCE)); - new_dmi->dmi_id = dmi_id; - new_dmi->dmi_type = dmi_type; - new_dmi->connected = FALSE; - new_dmi->TCSContext = 0; - - new_dmi->NVMLocation = (char *) malloc(11 + strlen(DMI_NVM_FILE)); - sprintf(new_dmi->NVMLocation, DMI_NVM_FILE, (uint32_t) new_dmi->dmi_id); - - if ((dmi_id_key = (UINT32 *) malloc (sizeof(UINT32))) == NULL) { - status = TPM_RESOURCES; - goto abort_egress; - } - *dmi_id_key = new_dmi->dmi_id; - - // install into map - if (!hashtable_insert(vtpm_globals->dmi_map, dmi_id_key, new_dmi)){ - vtpmlogerror(VTPM_LOG_VTPM, "Failed to insert instance into table. Aborting.\n", dmi_id); - status = TPM_FAIL; - goto abort_egress; - } - - if (dmi_res) - *dmi_res = new_dmi; - - goto egress; - - abort_egress: - if (new_dmi) { - free(new_dmi->NVMLocation); - free(new_dmi); - } - free(dmi_id_key); - - egress: - return status; -} - -TPM_RESULT close_dmi(VTPM_DMI_RESOURCE *dmi_res) { - if (dmi_res == NULL) - return TPM_SUCCESS; - - if (dmi_res->dmi_id == VTPM_CTL_DM) - return(TPM_BAD_PARAMETER); - - TCS_CloseContext(dmi_res->TCSContext); - dmi_res->connected = FALSE; - - vtpm_globals->connected_dmis--; - - return (VTPM_Close_DMI_Extra(dmi_res) ); -} - -TPM_RESULT VTPM_Handle_New_DMI(const buffer_t *param_buf) { - - VTPM_DMI_RESOURCE *new_dmi=NULL; - TPM_RESULT status=TPM_FAIL; - BYTE dmi_type, vm_type, startup_mode; - UINT32 dmi_id; - - if (param_buf == NULL) { // Assume creation of Dom 0 control - dmi_type = VTPM_TYPE_NON_MIGRATABLE; - dmi_id = VTPM_CTL_DM; - } else if (buffer_len(param_buf) != sizeof(BYTE) * 3 + sizeof(UINT32)) { - vtpmloginfo(VTPM_LOG_VTPM, "New DMI command wrong length: %d.\n", buffer_len(param_buf)); - status = TPM_BAD_PARAMETER; - goto abort_egress; - } else { - vtpm_globals->connected_dmis++; // Put this here so we don't count Dom0 - BSG_UnpackList( param_buf->bytes, 4, - BSG_TYPE_BYTE, &dmi_type, - BSG_TYPE_BYTE, &startup_mode, - BSG_TYPE_BYTE, &vm_type, - BSG_TYPE_UINT32, &dmi_id); - } - - if ((dmi_type != VTPM_TYPE_NON_MIGRATABLE) && (dmi_type != VTPM_TYPE_MIGRATABLE)) { - vtpmlogerror(VTPM_LOG_VTPM, "Creation of VTPM with illegal type.\n"); - status = TPM_BAD_PARAMETER; - goto abort_egress; - } - - new_dmi = (VTPM_DMI_RESOURCE *) hashtable_search(vtpm_globals->dmi_map, &dmi_id); - if (new_dmi == NULL) { - vtpmloginfo(VTPM_LOG_VTPM, "Creating new DMI instance %d attached.\n", dmi_id ); - // Brand New DMI. Initialize the persistent pieces - TPMTRYRETURN(init_dmi(dmi_id, dmi_type, &new_dmi) ); - } else - vtpmloginfo(VTPM_LOG_VTPM, "Re-attaching DMI instance %d.\n", dmi_id); - - if (new_dmi->connected) { - vtpmlogerror(VTPM_LOG_VTPM, "Attempt to re-attach, currently attached instance %d. Ignoring\n", dmi_id); - status = TPM_BAD_PARAMETER; - goto abort_egress; - } - - if (new_dmi->dmi_type == VTPM_TYPE_MIGRATED) { - vtpmlogerror(VTPM_LOG_VTPM, "Attempt to re-attach previously migrated instance %d without recovering first. Ignoring\n", dmi_id); - status = TPM_BAD_PARAMETER; - goto abort_egress; - } - - // Initialize the Non-persistent pieces - TPMTRYRETURN( TCS_OpenContext(&new_dmi->TCSContext) ); - - new_dmi->connected = TRUE; - - // Design specific new DMI code. - // Includes: create IPCs, Measuring DMI, and maybe launching DMI - TPMTRYRETURN(VTPM_New_DMI_Extra(new_dmi, vm_type, startup_mode) ); - goto egress; - - abort_egress: - vtpmlogerror(VTPM_LOG_VTPM, "Failed to create DMI id=%d due to status=%s. Cleaning.\n", dmi_id, tpm_get_error_name(status)); - close_dmi(new_dmi ); - - egress: - return status; -} - -TPM_RESULT VTPM_Handle_Close_DMI( const buffer_t *param_buf) { - - TPM_RESULT status=TPM_FAIL; - VTPM_DMI_RESOURCE *dmi_res=NULL; - UINT32 dmi_id; - - if ((param_buf == NULL) || (buffer_len(param_buf) != sizeof(UINT32)) ) { - vtpmlogerror(VTPM_LOG_VTPM, "Closing DMI has bad size."); - status = TPM_BAD_PARAMETER; - goto abort_egress; - } - - BSG_UnpackList( param_buf->bytes, 1, - BSG_TYPE_UINT32, &dmi_id); - - vtpmloginfo(VTPM_LOG_VTPM, "Closing DMI %d.\n", dmi_id); - - dmi_res = (VTPM_DMI_RESOURCE *) hashtable_search(vtpm_globals->dmi_map, &dmi_id); - if (dmi_res == NULL ) { - vtpmlogerror(VTPM_LOG_VTPM, "Trying to close nonexistent DMI.\n"); - status = TPM_BAD_PARAMETER; - goto abort_egress; - } - - if (!dmi_res->connected) { - vtpmlogerror(VTPM_LOG_VTPM, "Closing non-connected DMI.\n"); - status = TPM_BAD_PARAMETER; - goto abort_egress; - } - - // Close Dmi - TPMTRYRETURN(close_dmi( dmi_res )); - - status=TPM_SUCCESS; - goto egress; - - abort_egress: - egress: - - return status; -} - -TPM_RESULT VTPM_Handle_Delete_DMI( const buffer_t *param_buf) { - - TPM_RESULT status=TPM_FAIL; - VTPM_DMI_RESOURCE *dmi_res=NULL; - UINT32 dmi_id; - - if ((param_buf == NULL) || (buffer_len(param_buf) != sizeof(UINT32)) ) { - vtpmlogerror(VTPM_LOG_VTPM, "Closing DMI has bad size.\n"); - status = TPM_BAD_PARAMETER; - goto abort_egress; - } - - BSG_UnpackList( param_buf->bytes, 1, - BSG_TYPE_UINT32, &dmi_id); - - vtpmloginfo(VTPM_LOG_VTPM, "Deleting DMI %d.\n", dmi_id); - - dmi_res = (VTPM_DMI_RESOURCE *) hashtable_remove(vtpm_globals->dmi_map, &dmi_id); - if (dmi_res == NULL) { - vtpmlogerror(VTPM_LOG_VTPM, "Closing non-existent DMI.\n"); - status = TPM_BAD_PARAMETER; - goto abort_egress; - } - - //vtpm scripts delete file dmi_res->NVMLocation for us - - // Close DMI first - TPMTRYRETURN(close_dmi( dmi_res )); - free ( dmi_res ); - - status=TPM_SUCCESS; - goto egress; - - abort_egress: - egress: - - return status; -} diff --git a/tools/vtpm_manager/manager/migration.c b/tools/vtpm_manager/manager/migration.c deleted file mode 100644 index 54da708d87..0000000000 --- a/tools/vtpm_manager/manager/migration.c +++ /dev/null @@ -1,307 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== -// -// dmictl.c -// -// Functions for creating and destroying DMIs -// -// ================================================================== - -#include <stdio.h> -#include <unistd.h> -#include <string.h> - -#include "vtpmpriv.h" -#include "bsg.h" -#include "buffer.h" -#include "log.h" -#include "hashtable.h" - -TPM_RESULT VTPM_Handle_Migrate_In( const buffer_t *param_buf, - buffer_t *result_buf) { - - TPM_RESULT status=TPM_FAIL; - VTPM_DMI_RESOURCE *mig_dmi=NULL; - UINT32 dmi_id; - buffer_t dmi_state_abuf = NULL_BUF, enc_dmi_abuf = NULL_BUF, clear_dmi_blob = NULL_BUF; - - if (param_buf == NULL) { - vtpmlogerror(VTPM_LOG_VTPM, "Migration Out Failed due to bad parameter.\n"); - status = TPM_BAD_PARAMETER; - goto abort_egress; - } - - struct pack_buf_t enc_dmi_state_pack; - - BSG_UnpackList(param_buf->bytes, 2, - BSG_TYPE_UINT32, &dmi_id, - BSG_TPM_SIZE32_DATA, &enc_dmi_state_pack) ; - - vtpmloginfo(VTPM_LOG_VTPM, "Migrating VTPM in dmi %d.\n", dmi_id); - - mig_dmi = (VTPM_DMI_RESOURCE *) hashtable_search(vtpm_globals->dmi_map, &dmi_id); - if (mig_dmi) { - vtpmlogerror(VTPM_LOG_VTPM, "Incoming VTPM claims unavailable id: %d.\n", dmi_id); - status = TPM_BAD_PARAMETER; - goto abort_egress; - } - - /** UnBind Blob **/ - TPMTRYRETURN( buffer_init_alias_convert( &enc_dmi_abuf, - enc_dmi_state_pack.size, - enc_dmi_state_pack.data) ); - - TPMTRYRETURN( envelope_decrypt( &enc_dmi_abuf, - vtpm_globals->manager_tcs_handle, - vtpm_globals->storageKeyHandle, - (const TPM_AUTHDATA*)&vtpm_globals->storage_key_usage_auth, - &clear_dmi_blob) ); - - // Create new dmi - TPMTRYRETURN( init_dmi(dmi_id, VTPM_TYPE_MIGRATABLE, &mig_dmi ) ); - - /** Open Blob **/ - struct pack_buf_t dmi_state_pack; - - BSG_UnpackList(clear_dmi_blob.bytes, 2, - BSG_TPM_DIGEST, &mig_dmi->DMI_measurement, - BSG_TPM_SIZE32_DATA, &dmi_state_pack); - - TPMTRYRETURN( buffer_init_alias_convert(&dmi_state_abuf, - dmi_state_pack.size, - dmi_state_pack.data) ); - - TPMTRYRETURN( VTPM_Handle_Save_NVM(mig_dmi, &dmi_state_abuf, NULL ) ); - - status=TPM_SUCCESS; - goto egress; - - abort_egress: - vtpmlogerror(VTPM_LOG_VTPM, "VTPM Migration IN of instance %d failed because of %s.\n", dmi_id, tpm_get_error_name(status) ); - - egress: - buffer_free(&clear_dmi_blob); - buffer_free(&dmi_state_abuf); - - return status; -} - -TPM_RESULT VTPM_Handle_Migrate_Out( const buffer_t *param_buf, - buffer_t *result_buf) { - - TPM_RESULT status=TPM_FAIL; - VTPM_DMI_RESOURCE *mig_dmi; - UINT32 dmi_id; - VTPM_MIGKEY_LIST *last_mig, *mig_key; - buffer_t dmi_state=NULL_BUF, clear_dmi_blob=NULL_BUF; - - if (param_buf == NULL) { - vtpmlogerror(VTPM_LOG_VTPM, "Migration Out Failed due to bad parameter.\n"); - status = TPM_BAD_PARAMETER; - goto abort_egress; - } - - struct pack_buf_t name_pack; - - BSG_UnpackList( param_buf->bytes, 2, - BSG_TYPE_UINT32, &dmi_id, - BSG_TPM_SIZE32_DATA, &name_pack); - - vtpmloginfo(VTPM_LOG_VTPM, "Migrating out dmi %d.\n", dmi_id); - - mig_dmi = (VTPM_DMI_RESOURCE *) hashtable_search(vtpm_globals->dmi_map, &dmi_id); - if (mig_dmi == NULL) { - vtpmlogerror(VTPM_LOG_VTPM, "Non-existent VTPM instance (%d) in migration.\n", dmi_id ); - status = TPM_BAD_PARAMETER; - goto abort_egress; - } - - if (mig_dmi->dmi_type != VTPM_TYPE_MIGRATABLE) { - vtpmlogerror(VTPM_LOG_VTPM, "Bad VTPM type (%d) in migration of instance (%d).\n", mig_dmi->dmi_type, dmi_id ); - status = TPM_BAD_PARAMETER; - goto abort_egress; - } - - /** Find migration key for dest **/ - last_mig = NULL; - mig_key = vtpm_globals->mig_keys; - while (mig_key != NULL) { - if (mig_key->name_size == name_pack.size) - if (memcmp(mig_key->name, name_pack.data, name_pack.size) == 0) { - break; - } - - last_mig = mig_key; - mig_key = mig_key->next; - } - - if (!mig_key) { - vtpmlogerror(VTPM_LOG_VTPM, "Unknown Migration target host.\n"); - status = TPM_BAD_PARAMETER; - goto abort_egress; - } - - /** Mark vtpm as migrated **/ - mig_dmi->dmi_type = VTPM_TYPE_MIGRATED; - - /** Build Blob **/ - TPMTRYRETURN( VTPM_Handle_Load_NVM(mig_dmi, NULL, &dmi_state) ); - - TPMTRYRETURN( buffer_init(&clear_dmi_blob, sizeof(TPM_DIGEST) + sizeof(UINT32) + buffer_len(&dmi_state), NULL ) ); - - struct pack_constbuf_t dmi_state_pack; - - dmi_state_pack.size = buffer_len(&dmi_state); - dmi_state_pack.data = dmi_state.bytes; - - BSG_PackList(clear_dmi_blob.bytes, 2, - BSG_TPM_DIGEST, &mig_dmi->DMI_measurement, - BSG_TPM_SIZE32_DATA, &dmi_state_pack); - - /** Bind Blob **/ - TPMTRYRETURN( envelope_encrypt( &clear_dmi_blob, - &mig_key->key, - result_buf) ); - - if (last_mig) - last_mig->next = mig_key->next; - else - vtpm_globals->mig_keys = mig_key->next; - - free(mig_key->name); - free(mig_key); - - status=TPM_SUCCESS; - goto egress; - - abort_egress: - vtpmlogerror(VTPM_LOG_VTPM, "VTPM Migration OUT of instance %d failed because of %s. Migratoin recovery may be needed.\n", dmi_id, tpm_get_error_name(status) ); - - //TODO: Create and implement a policy for what happens to mig_key on failed migrations. - - egress: - - buffer_free(&clear_dmi_blob); - buffer_free(&dmi_state); - - return status; -} - - -TPM_RESULT VTPM_Handle_Get_Migration_key( const buffer_t *param_buf, - buffer_t *result_buf) { - - TPM_RESULT status=TPM_FAIL; - - vtpmloginfo(VTPM_LOG_VTPM, "Getting Migration Public Key.\n"); - - struct pack_buf_t pubkey_exp_pack, pubkey_mod_pack; - TPM_KEY mig_key; - - // Unpack/return key structure - BSG_Unpack(BSG_TPM_KEY, vtpm_globals->storageKeyWrap.bytes , &mig_key); - TPM_RSA_KEY_PARMS rsaKeyParms; - - BSG_Unpack(BSG_TPM_RSA_KEY_PARMS, - mig_key.algorithmParms.parms, - &rsaKeyParms); - - pubkey_exp_pack.size = rsaKeyParms.exponentSize; - pubkey_exp_pack.data = rsaKeyParms.exponent; - pubkey_mod_pack.size = mig_key.pubKey.keyLength; - pubkey_mod_pack.data = mig_key.pubKey.key; - - TPMTRYRETURN( buffer_init( result_buf, 2*sizeof(UINT32) + - pubkey_exp_pack.size + - pubkey_mod_pack.size, NULL ) ); - - BSG_PackList( result_buf->bytes, 2, - BSG_TPM_SIZE32_DATA, &pubkey_exp_pack, - BSG_TPM_SIZE32_DATA, &pubkey_mod_pack); - - - status=TPM_SUCCESS; - goto egress; - - abort_egress: - vtpmlogerror(VTPM_LOG_VTPM, "VTPM Get Migration Key failed because of %s.\n", tpm_get_error_name(status) ); - egress: - - return status; -} - -TPM_RESULT VTPM_Handle_Load_Migration_key( const buffer_t *param_buf, - buffer_t *result_buf) { - - TPM_RESULT status=TPM_FAIL; - VTPM_MIGKEY_LIST *mig_key; - - vtpmloginfo(VTPM_LOG_VTPM, "Loading Migration Public Key.\n"); - - //FIXME: Review all uses of unpacking pack_buf_t and ensure free. - //FIXME: Review all declarations/initializations of buffer_t that could have a goto that skips them and then tries to free them - - struct pack_buf_t name_pack, pubkey_exp_pack, pubkey_mod_pack; - - //FIXME: scan list and verify name is not already in the list - - BSG_UnpackList( param_buf->bytes, 3, - BSG_TPM_SIZE32_DATA, &name_pack, - BSG_TPM_SIZE32_DATA, &pubkey_exp_pack, - BSG_TPM_SIZE32_DATA, &pubkey_mod_pack); - - //TODO: Maintain a persistent list for pub_keys. - //TODO: Verify pub_key is trusted - - mig_key = (VTPM_MIGKEY_LIST *) malloc(sizeof(VTPM_MIGKEY_LIST)); - memset(mig_key, 0, sizeof(VTPM_MIGKEY_LIST) ); - mig_key->name_size = name_pack.size; - mig_key->name = name_pack.data; - - mig_key->key.encScheme = CRYPTO_ES_RSAESOAEP_SHA1_MGF1; - Crypto_RSABuildCryptoInfoPublic( pubkey_exp_pack.size, - pubkey_exp_pack.data, - pubkey_mod_pack.size, - pubkey_mod_pack.data, - &mig_key->key); - - - mig_key->next = vtpm_globals->mig_keys; - vtpm_globals->mig_keys = mig_key; - - // free(name_pack.data); Do not free. data is now part of mig_key. - free(pubkey_exp_pack.data); - free(pubkey_mod_pack.data); - - return TPM_SUCCESS; -} diff --git a/tools/vtpm_manager/manager/securestorage.c b/tools/vtpm_manager/manager/securestorage.c deleted file mode 100644 index d5e6ffda15..0000000000 --- a/tools/vtpm_manager/manager/securestorage.c +++ /dev/null @@ -1,512 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== -// -// securestorage.c -// -// Functions regarding securely storing DMI secrets. -// -// ================================================================== - -#include <sys/types.h> -#include <sys/stat.h> -#include <fcntl.h> -#include <unistd.h> -#include <string.h> - -#include "tcg.h" -#include "vtpm_manager.h" -#include "vtpmpriv.h" -#include "vtsp.h" -#include "bsg.h" -#include "crypto.h" -#include "hashtable.h" -#include "hashtable_itr.h" -#include "buffer.h" -#include "log.h" - -TPM_RESULT envelope_encrypt(const buffer_t *inbuf, - CRYPTO_INFO *asymkey, - buffer_t *sealed_data) { - TPM_RESULT status = TPM_SUCCESS; - symkey_t symkey; - buffer_t data_cipher = NULL_BUF, - symkey_cipher = NULL_BUF; - - UINT32 i; - struct pack_constbuf_t symkey_cipher32, data_cipher32; - - vtpmloginfo(VTPM_LOG_VTPM_DEEP, "Enveloping Input[%d]: 0x", buffer_len(inbuf)); - for (i=0; i< buffer_len(inbuf); i++) - vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", inbuf->bytes[i]); - vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "\n"); - - // Generate a sym key and encrypt state with it - TPMTRY(TPM_ENCRYPT_ERROR, Crypto_symcrypto_genkey (&symkey) ); - TPMTRY(TPM_ENCRYPT_ERROR, Crypto_symcrypto_encrypt (&symkey, inbuf, &data_cipher) ); - - // Encrypt symmetric key - TPMTRYRETURN( VTSP_Bind( asymkey, - &symkey.key, - &symkey_cipher) ); - - // Create output blob: symkey_size + symkey_cipher + state_cipher_size + state_cipher - - symkey_cipher32.size = buffer_len(&symkey_cipher); - symkey_cipher32.data = symkey_cipher.bytes; - - data_cipher32.size = buffer_len(&data_cipher); - data_cipher32.data = data_cipher.bytes; - - TPMTRYRETURN( buffer_init(sealed_data, 2 * sizeof(UINT32) + symkey_cipher32.size + data_cipher32.size, NULL)); - - BSG_PackList(sealed_data->bytes, 2, - BSG_TPM_SIZE32_DATA, &symkey_cipher32, - BSG_TPM_SIZE32_DATA, &data_cipher32); - - vtpmloginfo(VTPM_LOG_VTPM, "Saved %d bytes of E(symkey) + %d bytes of E(data)\n", buffer_len(&symkey_cipher), buffer_len(&data_cipher)); - - vtpmloginfo(VTPM_LOG_VTPM_DEEP, "Enveloping Output[%d]: 0x", buffer_len(sealed_data)); - for (i=0; i< buffer_len(sealed_data); i++) - vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", sealed_data->bytes[i]); - vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "\n"); - - goto egress; - - abort_egress: - vtpmlogerror(VTPM_LOG_VTPM, "Failed to envelope encrypt\n."); - - egress: - - buffer_free ( &data_cipher); - buffer_free ( &symkey_cipher); - Crypto_symcrypto_freekey (&symkey); - - return status; -} - -TPM_RESULT envelope_decrypt(const buffer_t *cipher, - TCS_CONTEXT_HANDLE TCSContext, - TPM_HANDLE keyHandle, - const TPM_AUTHDATA *key_usage_auth, - buffer_t *unsealed_data) { - - TPM_RESULT status = TPM_SUCCESS; - symkey_t symkey; - buffer_t data_cipher = NULL_BUF, - symkey_clear = NULL_BUF, - symkey_cipher = NULL_BUF; - struct pack_buf_t symkey_cipher32, data_cipher32; - int i; - - memset(&symkey, 0, sizeof(symkey_t)); - - vtpmloginfo(VTPM_LOG_VTPM_DEEP, "Envelope Decrypt Input[%d]: 0x", buffer_len(cipher) ); - for (i=0; i< buffer_len(cipher); i++) - vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", cipher->bytes[i]); - vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "\n"); - - BSG_UnpackList(cipher->bytes, 2, - BSG_TPM_SIZE32_DATA, &symkey_cipher32, - BSG_TPM_SIZE32_DATA, &data_cipher32); - - TPMTRYRETURN( buffer_init_alias_convert (&symkey_cipher, - symkey_cipher32.size, - symkey_cipher32.data) ); - - TPMTRYRETURN( buffer_init_alias_convert (&data_cipher, - data_cipher32.size, - data_cipher32.data) ); - - // Decrypt Symmetric Key - TPMTRYRETURN( VTSP_Unbind( TCSContext, - keyHandle, - &symkey_cipher, - key_usage_auth, - &symkey_clear, - &(vtpm_globals->keyAuth) ) ); - - // create symmetric key using saved bits - Crypto_symcrypto_initkey (&symkey, &symkey_clear); - - // Decrypt State - TPMTRY(TPM_DECRYPT_ERROR, Crypto_symcrypto_decrypt (&symkey, &data_cipher, unsealed_data) ); - - vtpmloginfo(VTPM_LOG_VTPM_DEEP, "Envelope Decrypte Output[%d]: 0x", buffer_len(unsealed_data)); - for (i=0; i< buffer_len(unsealed_data); i++) - vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", unsealed_data->bytes[i]); - vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "\n"); - - goto egress; - - abort_egress: - vtpmlogerror(VTPM_LOG_VTPM, "Failed to envelope decrypt data\n."); - - egress: - buffer_free ( &data_cipher); - buffer_free ( &symkey_clear); - buffer_free ( &symkey_cipher); - Crypto_symcrypto_freekey (&symkey); - - return status; -} - -TPM_RESULT VTPM_Handle_Save_NVM(VTPM_DMI_RESOURCE *myDMI, - const buffer_t *inbuf, - buffer_t *outbuf) { - - TPM_RESULT status = TPM_SUCCESS; - int fh; - long bytes_written; - buffer_t sealed_NVM = NULL_BUF; - - vtpmloginfo(VTPM_LOG_VTPM_DEEP, "Saving %d bytes of NVM.\n", buffer_len(inbuf)); - - TPMTRYRETURN( envelope_encrypt(inbuf, - &vtpm_globals->storageKey, - &sealed_NVM) ); - - // Write sealed blob off disk from NVMLocation - // TODO: How to properly return from these. Do we care if we return failure - // after writing the file? We can't get the old one back. - // TODO: Backup old file and try and recover that way. - fh = open(myDMI->NVMLocation, O_WRONLY | O_CREAT | O_TRUNC, S_IREAD | S_IWRITE); - if ( (bytes_written = write(fh, sealed_NVM.bytes, buffer_len(&sealed_NVM) ) != (long) buffer_len(&sealed_NVM))) { - vtpmlogerror(VTPM_LOG_VTPM, "We just overwrote a DMI_NVM and failed to finish. %ld/%ld bytes.\n", bytes_written, (long)buffer_len(&sealed_NVM)); - status = TPM_IOERROR; - goto abort_egress; - } - close(fh); - - Crypto_SHA1Full (sealed_NVM.bytes, buffer_len(&sealed_NVM), (BYTE *) &myDMI->NVM_measurement); - - goto egress; - - abort_egress: - vtpmlogerror(VTPM_LOG_VTPM, "Failed to save NVM\n."); - - egress: - buffer_free(&sealed_NVM); - return status; -} - - -/* Expected Params: inbuf = null, outbuf = sealed blob size, sealed blob.*/ -TPM_RESULT VTPM_Handle_Load_NVM(VTPM_DMI_RESOURCE *myDMI, - const buffer_t *inbuf, - buffer_t *outbuf) { - - TPM_RESULT status = TPM_SUCCESS; - - buffer_t sealed_NVM = NULL_BUF; - long fh_size; - int fh, stat_ret, i; - struct stat file_stat; - TPM_DIGEST sealedNVMHash; - - if (myDMI->NVMLocation == NULL) { - vtpmlogerror(VTPM_LOG_VTPM, "Unable to load NVM because the file name NULL.\n"); - status = TPM_AUTHFAIL; - goto abort_egress; - } - - //Read sealed blob off disk from NVMLocation - fh = open(myDMI->NVMLocation, O_RDONLY); - stat_ret = fstat(fh, &file_stat); - if (stat_ret == 0) - fh_size = file_stat.st_size; - else { - status = TPM_IOERROR; - goto abort_egress; - } - - TPMTRYRETURN( buffer_init( &sealed_NVM, fh_size, NULL) ); - if (read(fh, sealed_NVM.bytes, buffer_len(&sealed_NVM)) != fh_size) { - status = TPM_IOERROR; - goto abort_egress; - } - close(fh); - - vtpmloginfo(VTPM_LOG_VTPM_DEEP, "Load_NVMing[%d],\n", buffer_len(&sealed_NVM)); - - Crypto_SHA1Full(sealed_NVM.bytes, buffer_len(&sealed_NVM), (BYTE *) &sealedNVMHash); - - // Verify measurement of sealed blob. - if (memcmp(&sealedNVMHash, &myDMI->NVM_measurement, sizeof(TPM_DIGEST)) ) { - vtpmlogerror(VTPM_LOG_VTPM, "VTPM LoadNVM NVM measurement check failed.\n"); - vtpmloginfo(VTPM_LOG_VTPM_DEEP, "Correct hash: "); - for (i=0; i< sizeof(TPM_DIGEST); i++) - vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", ((BYTE*)&myDMI->NVM_measurement)[i]); - vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "\n"); - - vtpmloginfo(VTPM_LOG_VTPM_DEEP, "Measured hash: "); - for (i=0; i< sizeof(TPM_DIGEST); i++) - vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", ((BYTE*)&sealedNVMHash)[i]); - vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "\n"); - - status = TPM_AUTHFAIL; - goto abort_egress; - } - - TPMTRYRETURN( envelope_decrypt(&sealed_NVM, - myDMI->TCSContext, - vtpm_globals->storageKeyHandle, - (const TPM_AUTHDATA*)&vtpm_globals->storage_key_usage_auth, - outbuf) ); - goto egress; - - abort_egress: - vtpmlogerror(VTPM_LOG_VTPM, "Failed to load NVM\n."); - - egress: - buffer_free( &sealed_NVM ); - - return status; -} - - -TPM_RESULT VTPM_SaveManagerData(void) { - TPM_RESULT status=TPM_SUCCESS; - int fh, dmis=-1; - - BYTE *flat_boot_key=NULL, *flat_dmis=NULL, *flat_enc=NULL; - buffer_t clear_flat_global=NULL_BUF, enc_flat_global=NULL_BUF; - UINT32 storageKeySize = buffer_len(&vtpm_globals->storageKeyWrap); - UINT32 bootKeySize = buffer_len(&vtpm_globals->bootKeyWrap); - struct pack_buf_t storage_key_pack = {storageKeySize, vtpm_globals->storageKeyWrap.bytes}; - struct pack_buf_t boot_key_pack = {bootKeySize, vtpm_globals->bootKeyWrap.bytes}; - BYTE vtpm_manager_gen = VTPM_MANAGER_GEN; - - struct hashtable_itr *dmi_itr; - VTPM_DMI_RESOURCE *dmi_res; - - UINT32 boot_key_size = 0, flat_dmis_size = 0; - - // Initially fill these with buffer sizes for each data type. Later fill - // in actual size, once flattened. - boot_key_size = sizeof(UINT32) + // bootkeysize - bootKeySize; // boot key - - TPMTRYRETURN(buffer_init(&clear_flat_global,sizeof(BYTE) + // manager version - 3*sizeof(TPM_DIGEST) + // Auths - sizeof(UINT32) +// storagekeysize - storageKeySize, NULL) ); // storage key - - - flat_boot_key = (BYTE *) malloc( boot_key_size ); - flat_enc = (BYTE *) malloc( sizeof(UINT32) ); - - boot_key_size = BSG_PackList(flat_boot_key, 1, - BSG_TPM_SIZE32_DATA, &boot_key_pack); - - BSG_PackList(clear_flat_global.bytes, 4, - BSG_TYPE_BYTE, &vtpm_manager_gen, - BSG_TPM_AUTHDATA, &vtpm_globals->owner_usage_auth, - BSG_TPM_SECRET, &vtpm_globals->storage_key_usage_auth, - BSG_TPM_SIZE32_DATA, &storage_key_pack); - - TPMTRYRETURN(envelope_encrypt(&clear_flat_global, - &vtpm_globals->bootKey, - &enc_flat_global) ); - - BSG_PackConst(buffer_len(&enc_flat_global), 4, flat_enc); - - // Per DMI values to be saved (if any exit) - if (hashtable_count(vtpm_globals->dmi_map) > 1) { - - flat_dmis = (BYTE *) malloc( - (hashtable_count(vtpm_globals->dmi_map) - 1) * // num DMIS (-1 for Dom0) - (sizeof(UINT32) +sizeof(BYTE) + 2*sizeof(TPM_DIGEST)) ); // Per DMI info - - dmi_itr = hashtable_iterator(vtpm_globals->dmi_map); - do { - dmi_res = (VTPM_DMI_RESOURCE *) hashtable_iterator_value(dmi_itr); - dmis++; - - // No need to save dmi0. - if (dmi_res->dmi_id == 0) - continue; - - - flat_dmis_size += BSG_PackList( flat_dmis + flat_dmis_size, 4, - BSG_TYPE_UINT32, &dmi_res->dmi_id, - BSG_TYPE_BYTE, &dmi_res->dmi_type, - BSG_TPM_DIGEST, &dmi_res->NVM_measurement, - BSG_TPM_DIGEST, &dmi_res->DMI_measurement); - - } while (hashtable_iterator_advance(dmi_itr)); - } - - fh = open(STATE_FILE, O_WRONLY | O_CREAT, S_IREAD | S_IWRITE); - if (fh == -1) { - vtpmlogerror(VTPM_LOG_VTPM, "Unable to open %s file for write.\n", STATE_FILE); - status = TPM_IOERROR; - goto abort_egress; - } - - if ( ( write(fh, flat_boot_key, boot_key_size) != boot_key_size ) || - ( write(fh, flat_enc, sizeof(UINT32)) != sizeof(UINT32) ) || - ( write(fh, enc_flat_global.bytes, buffer_len(&enc_flat_global)) != buffer_len(&enc_flat_global) ) || - ( write(fh, flat_dmis, flat_dmis_size) != flat_dmis_size ) ) { - vtpmlogerror(VTPM_LOG_VTPM, "Failed to completely write service data.\n"); - status = TPM_IOERROR; - goto abort_egress; - } - - goto egress; - - abort_egress: - egress: - - free(flat_boot_key); - free(flat_enc); - buffer_free(&enc_flat_global); - free(flat_dmis); - close(fh); - - vtpmloginfo(VTPM_LOG_VTPM, "Saved VTPM Manager state (status = %d, dmis = %d)\n", (int) status, dmis); - return status; -} - -TPM_RESULT VTPM_LoadManagerData(void) { - - TPM_RESULT status=TPM_SUCCESS; - int fh, stat_ret, dmis=0; - long fh_size = 0, step_size; - BYTE *flat_table=NULL; - buffer_t unsealed_data, enc_table_abuf; - struct pack_buf_t storage_key_pack, boot_key_pack; - UINT32 *dmi_id_key, enc_size; - BYTE vtpm_manager_gen; - - VTPM_DMI_RESOURCE *dmi_res; - UINT32 dmi_id; - BYTE dmi_type; - struct stat file_stat; - - TPM_HANDLE boot_key_handle; - TPM_AUTHDATA boot_usage_auth; - memset(&boot_usage_auth, 0, sizeof(TPM_AUTHDATA)); - - fh = open(STATE_FILE, O_RDONLY ); - stat_ret = fstat(fh, &file_stat); - if (stat_ret == 0) - fh_size = file_stat.st_size; - else { - status = TPM_IOERROR; - goto abort_egress; - } - - flat_table = (BYTE *) malloc(fh_size); - - if ((long) read(fh, flat_table, fh_size) != fh_size ) { - status = TPM_IOERROR; - goto abort_egress; - } - - // Read Boot Key - step_size = BSG_UnpackList( flat_table, 2, - BSG_TPM_SIZE32_DATA, &boot_key_pack, - BSG_TYPE_UINT32, &enc_size); - - TPMTRYRETURN(buffer_init(&vtpm_globals->bootKeyWrap, 0, 0) ); - TPMTRYRETURN(buffer_init_alias_convert(&enc_table_abuf, enc_size, flat_table + step_size) ); - TPMTRYRETURN(buffer_append_raw(&vtpm_globals->bootKeyWrap, boot_key_pack.size, boot_key_pack.data) ); - - //Load Boot Key - TPMTRYRETURN( VTSP_LoadKey( vtpm_globals->manager_tcs_handle, - TPM_SRK_KEYHANDLE, - &vtpm_globals->bootKeyWrap, - &SRK_AUTH, - &boot_key_handle, - &vtpm_globals->keyAuth, - &vtpm_globals->bootKey, - FALSE) ); - - TPMTRYRETURN( envelope_decrypt(&enc_table_abuf, - vtpm_globals->manager_tcs_handle, - boot_key_handle, - (const TPM_AUTHDATA*) &boot_usage_auth, - &unsealed_data) ); - step_size += enc_size; - - if (*unsealed_data.bytes != VTPM_MANAGER_GEN) { - // Once there is more than one gen, this will include some compatability stuff - vtpmlogerror(VTPM_LOG_VTPM, "Warning: Manager Data file is gen %d, which this manager is gen %d.\n", vtpm_manager_gen, VTPM_MANAGER_GEN); - } - - // Global Values needing to be saved - BSG_UnpackList( unsealed_data.bytes, 4, - BSG_TYPE_BYTE, &vtpm_manager_gen, - BSG_TPM_AUTHDATA, &vtpm_globals->owner_usage_auth, - BSG_TPM_SECRET, &vtpm_globals->storage_key_usage_auth, - BSG_TPM_SIZE32_DATA, &storage_key_pack); - - TPMTRYRETURN(buffer_init(&vtpm_globals->storageKeyWrap, 0, 0) ); - TPMTRYRETURN(buffer_append_raw(&vtpm_globals->storageKeyWrap, storage_key_pack.size, storage_key_pack.data) ); - - // Per DMI values to be saved - while ( step_size < fh_size ){ - if (fh_size - step_size < (long) (sizeof(UINT32) + sizeof(BYTE) + 2*sizeof(TPM_DIGEST))) { - vtpmlogerror(VTPM_LOG_VTPM, "Encountered %ld extra bytes at end of manager state.\n", fh_size-step_size); - step_size = fh_size; - } else { - step_size += BSG_UnpackList(flat_table + step_size, 2, - BSG_TYPE_UINT32, &dmi_id, - BSG_TYPE_BYTE, &dmi_type); - - //TODO: Try and gracefully recover from problems. - TPMTRYRETURN(init_dmi(dmi_id, dmi_type, &dmi_res) ); - dmis++; - - step_size += BSG_UnpackList(flat_table + step_size, 2, - BSG_TPM_DIGEST, &dmi_res->NVM_measurement, - BSG_TPM_DIGEST, &dmi_res->DMI_measurement); - } - - } - - vtpmloginfo(VTPM_LOG_VTPM, "Loaded saved state (dmis = %d).\n", dmis); - goto egress; - - abort_egress: - vtpmlogerror(VTPM_LOG_VTPM, "Failed to load service data with error = %s\n", tpm_get_error_name(status)); - egress: - - free(flat_table); - close(fh); - - // TODO: Could be nice and evict BootKey. (Need to add EvictKey to VTSP. - - return status; -} - diff --git a/tools/vtpm_manager/manager/tpmpassthrough.c b/tools/vtpm_manager/manager/tpmpassthrough.c deleted file mode 100644 index 9b1e5f849f..0000000000 --- a/tools/vtpm_manager/manager/tpmpassthrough.c +++ /dev/null @@ -1,110 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== -// -// tpmpassthrough.c -// -// Functions regarding passing DMI requests to HWTPM -// -// ================================================================== - -#include "tcg.h" -#include "vtpm_manager.h" -#include "vtpmpriv.h" -#include "vtsp.h" -#include "log.h" - -TPM_RESULT VTPM_Handle_TPM_Command( VTPM_DMI_RESOURCE *dmi, - buffer_t *inbuf, - buffer_t *outbuf) { - - TPM_RESULT status = TPM_SUCCESS; - TPM_COMMAND_CODE *ord; - - ord = (TPM_COMMAND_CODE *) (inbuf->bytes + sizeof(TPM_TAG) + sizeof(UINT32)); - - switch (*ord) { - - // Forbidden for DMI use - case TPM_ORD_TakeOwnership: - case TPM_ORD_ChangeAuthOwner: - case TPM_ORD_DirWriteAuth: - case TPM_ORD_DirRead: - case TPM_ORD_AuthorizeMigrationKey: - case TPM_ORD_CreateMaintenanceArchive: - case TPM_ORD_LoadMaintenanceArchive: - case TPM_ORD_KillMaintenanceFeature: - case TPM_ORD_LoadManuMaintPub: - case TPM_ORD_ReadManuMaintPub: - case TPM_ORD_SelfTestFull: - case TPM_ORD_SelfTestStartup: - case TPM_ORD_CertifySelfTest: - case TPM_ORD_ContinueSelfTest: - case TPM_ORD_GetTestResult: - case TPM_ORD_Reset: - case TPM_ORD_OwnerClear: - case TPM_ORD_DisableOwnerClear: - case TPM_ORD_ForceClear: - case TPM_ORD_DisableForceClear: - case TPM_ORD_GetCapabilityOwner: - case TPM_ORD_OwnerSetDisable: - case TPM_ORD_PhysicalEnable: - case TPM_ORD_PhysicalDisable: - case TPM_ORD_SetOwnerInstall: - case TPM_ORD_PhysicalSetDeactivated: - case TPM_ORD_SetTempDeactivated: - case TPM_ORD_CreateEndorsementKeyPair: - case TPM_ORD_GetAuditEvent: - case TPM_ORD_GetAuditEventSigned: - case TPM_ORD_GetOrdinalAuditStatus: - case TPM_ORD_SetOrdinalAuditStatus: - case TPM_ORD_SetRedirection: - case TPM_ORD_FieldUpgrade: - case TSC_ORD_PhysicalPresence: - status = TPM_DISABLED_CMD; - goto abort_egress; - break; - - } // End ORD Switch - - // Call TCS with command - - TPMTRY(TPM_IOERROR, VTSP_RawTransmit( dmi->TCSContext,inbuf, outbuf) ); - - goto egress; - - abort_egress: - vtpmloginfo(VTPM_LOG_VTPM, "TPM Command Failed in tpmpassthrough.\n"); - egress: - - return status; -} diff --git a/tools/vtpm_manager/manager/vtpm_ipc.c b/tools/vtpm_manager/manager/vtpm_ipc.c deleted file mode 100644 index 319dc83002..0000000000 --- a/tools/vtpm_manager/manager/vtpm_ipc.c +++ /dev/null @@ -1,141 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== -// -// vtpm_ipc.c Implements ipc routines using file io. This file can -// be replaced with other ipc types. -// -// =================================================================== - -#include <sys/stat.h> -#include "vtpm_ipc.h" -#include "vtpmpriv.h" -#include "log.h" - -int vtpm_ipc_init(vtpm_ipc_handle_t *ipc_h, char* name, int flags, BOOL create) { - ipc_h->name = name; - ipc_h->flags = flags; - ipc_h->fh = VTPM_IPC_CLOSED; - - if (create) - return(vtpm_ipc_create(ipc_h)); - else - return 0; -} - -// Create the file that needs opening. Used only for FIFOs -// FYI: This may cause problems in other file IO schemes. We'll see. -int vtpm_ipc_create(vtpm_ipc_handle_t *ipc_h) { - int fh; - struct stat file_info; - - if ((!ipc_h) || (!ipc_h->name)) - return -1; - - if ( stat(ipc_h->name, &file_info) == -1) { - if ( mkfifo(ipc_h->name, S_IWUSR | S_IRUSR ) ) { - vtpmlogerror(VTPM_LOG_VTPM, "Failed to create fifo %s.\n", ipc_h->name); - return -1; - } - } - - ipc_h->fh = VTPM_IPC_CLOSED; - - return 0; -} - - -// Read size bytes. If FH isn't open, open it. -int vtpm_ipc_read(vtpm_ipc_handle_t *ipc_h, vtpm_ipc_handle_t *alt_ipc_h, BYTE *bytes, UINT32 size){ - vtpm_ipc_handle_t *my_ipc_h; - int result; - - if (ipc_h) { - my_ipc_h = ipc_h; - } else { - my_ipc_h = alt_ipc_h; - } - - if (my_ipc_h->fh == VTPM_IPC_CLOSED) { - my_ipc_h->fh = open(my_ipc_h->name, my_ipc_h->flags); - } - - if ( my_ipc_h->fh == VTPM_IPC_CLOSED ) { - vtpmlogerror(VTPM_LOG_VTPM, "VTPM ERROR: Can't open %s for reading.\n", my_ipc_h->name); - return -1; - } - - result = read(my_ipc_h->fh, bytes, size); - if (result < 0) { - my_ipc_h->fh = VTPM_IPC_CLOSED; - } - - return (result); -} - -// Write size bytes. If FH isn't open, open it. -int vtpm_ipc_write(vtpm_ipc_handle_t *ipc_h, vtpm_ipc_handle_t *alt_ipc_h, BYTE *bytes, UINT32 size) { - vtpm_ipc_handle_t *my_ipc_h; - int result; - - if (ipc_h) { - my_ipc_h = ipc_h; - } else { - my_ipc_h = alt_ipc_h; - } - - if (my_ipc_h->fh == VTPM_IPC_CLOSED) { - my_ipc_h->fh = open(my_ipc_h->name, my_ipc_h->flags); - } - - if ( my_ipc_h->fh == VTPM_IPC_CLOSED ) { - vtpmlogerror(VTPM_LOG_VTPM, "VTPM ERROR: Can't open %s for writing.\n", my_ipc_h->name); - return -1; - } - - result = write(my_ipc_h->fh, bytes, size); - if (result < 0) { - my_ipc_h->fh = VTPM_IPC_CLOSED; - } - - return (result); -} - -// Mark file as closed and try and close it. Errors not reported. -void vtpm_ipc_close(vtpm_ipc_handle_t *ipc_h) { - - if (ipc_h) { - close(ipc_h->fh); - ipc_h->fh = VTPM_IPC_CLOSED; - } - -} diff --git a/tools/vtpm_manager/manager/vtpm_ipc.h b/tools/vtpm_manager/manager/vtpm_ipc.h deleted file mode 100644 index 529c4a29ea..0000000000 --- a/tools/vtpm_manager/manager/vtpm_ipc.h +++ /dev/null @@ -1,71 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== -// -// vtpm_ipc.h Header for interprocess communication between VTPM manager -// and Guests or VTPMs -// -// =================================================================== - -#ifndef __VTPM_IO_H__ -#define __VTPM_IO_H__ - -#include "tcg.h" - -#define VTPM_IPC_CLOSED -1 - -// Represents an (somewhat) abstracted io handle. -typedef struct vtpm_ipc_handle_t { - int fh; // IO handle. - int flags; // Flags for opening. This may need to become - // a void *, but for now files use an int. - char *name; // Names for debugging as well as filenames - // for file-based io. -} vtpm_ipc_handle_t; - - -int vtpm_ipc_init(vtpm_ipc_handle_t *ioh, char* name, int flags, BOOL create); - -// Create the file that needs opening. Used only for FIFOs -// FYI: This may cause problems in other file IO schemes. We'll see. -int vtpm_ipc_create(vtpm_ipc_handle_t *ioh); - -// Read size bytes. If FH isn't open, open it. -int vtpm_ipc_read(vtpm_ipc_handle_t *ioh, vtpm_ipc_handle_t *alt_ioh, BYTE *bytes, UINT32 size); - -// Write size bytes. If FH isn't open, open it. -int vtpm_ipc_write(vtpm_ipc_handle_t *ioh, vtpm_ipc_handle_t *alt_ioh, BYTE *bytes, UINT32 size); - -// Mark file as closed and try and close it. Errors not reported. -void vtpm_ipc_close(vtpm_ipc_handle_t *ioh); - -#endif diff --git a/tools/vtpm_manager/manager/vtpm_lock.c b/tools/vtpm_manager/manager/vtpm_lock.c deleted file mode 100644 index e737d60d9c..0000000000 --- a/tools/vtpm_manager/manager/vtpm_lock.c +++ /dev/null @@ -1,63 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== -// -// vtpm_lock.c Provided controlled sync around access to vtpm structures -// -// =================================================================== - -#include <pthread.h> -#include "vtpm_lock.h" - -static pthread_rwlock_t vtpm_lock; - -void vtpm_lock_init() { - - pthread_rwlock_init( &vtpm_lock, NULL); -} - -void vtpm_lock_destroy(){ - pthread_rwlock_destroy(&vtpm_lock); -} - -void vtpm_lock_rdlock(){ - pthread_rwlock_rdlock(&vtpm_lock); -} - -void vtpm_lock_wrlock(){ - pthread_rwlock_wrlock(&vtpm_lock); -} - -void vtpm_lock_unlock(){ - pthread_rwlock_unlock(&vtpm_lock); -} - diff --git a/tools/vtpm_manager/manager/vtpm_lock.h b/tools/vtpm_manager/manager/vtpm_lock.h deleted file mode 100644 index 53a339d123..0000000000 --- a/tools/vtpm_manager/manager/vtpm_lock.h +++ /dev/null @@ -1,48 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== -// -// vtpm_lock.h Provided controlled sync around access to vtpm structures -// -// =================================================================== - -#ifndef __VTPM_LOCK_H__ -#define __VTPM_LOCK_H__ - -void vtpm_lock_init(); -void vtpm_lock_destroy(); - -void vtpm_lock_rdlock(); -void vtpm_lock_wrlock(); -void vtpm_lock_unlock(); - -#endif diff --git a/tools/vtpm_manager/manager/vtpm_manager.c b/tools/vtpm_manager/manager/vtpm_manager.c deleted file mode 100644 index e089f780d6..0000000000 --- a/tools/vtpm_manager/manager/vtpm_manager.c +++ /dev/null @@ -1,285 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== -// -// vtpm_manager.c -// -// This file will house the main logic of the VTPM Manager -// -// ================================================================== - -#include <stdio.h> -#include <unistd.h> -#include <string.h> - -#include "vtpm_manager.h" -#include "vtpmpriv.h" -#include "vtsp.h" -#include "bsg.h" -#include "hashtable.h" -#include "hashtable_itr.h" - -#include "log.h" -#include "buffer.h" - -VTPM_GLOBALS *vtpm_globals=NULL; - -// --------------------------- Well Known Auths -------------------------- -const TPM_AUTHDATA SRK_AUTH = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; - -#ifdef WELL_KNOWN_OWNER_AUTH -static BYTE FIXED_OWNER_AUTH[20] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; -#endif - - -// -------------------------- Hash table functions -------------------- - -static unsigned int hashfunc32(void *ky) { - return (* (UINT32 *) ky); -} - -static int equals32(void *k1, void *k2) { - return (*(UINT32 *) k1 == *(UINT32 *) k2); -} - -// --------------------------- Functions ------------------------------ - -TPM_RESULT VTPM_Create_Manager(){ - - TPM_RESULT status = TPM_SUCCESS; - - // Generate Auth for Owner -#ifdef WELL_KNOWN_OWNER_AUTH - memcpy(vtpm_globals->owner_usage_auth, FIXED_OWNER_AUTH, sizeof(TPM_AUTHDATA)); -#else - Crypto_GetRandom(vtpm_globals->owner_usage_auth, sizeof(TPM_AUTHDATA) ); -#endif - - // Take Owership of TPM - CRYPTO_INFO ek_cryptoInfo; - - status = VTSP_ReadPubek(vtpm_globals->manager_tcs_handle, &ek_cryptoInfo); - - // If we can read PubEK then there is no owner and we should take it. - // We use the abilty to read the pubEK to flag that the TPM is owned. - // FIXME: Change to just trying to take ownership and react to the status - if (status == TPM_SUCCESS) { - TPMTRYRETURN(VTSP_TakeOwnership(vtpm_globals->manager_tcs_handle, - (const TPM_AUTHDATA*)&vtpm_globals->owner_usage_auth, - &SRK_AUTH, - &ek_cryptoInfo, - &vtpm_globals->keyAuth)); - - TPMTRYRETURN(VTSP_DisablePubekRead(vtpm_globals->manager_tcs_handle, - (const TPM_AUTHDATA*)&vtpm_globals->owner_usage_auth, - &vtpm_globals->keyAuth)); - } else { - vtpmloginfo(VTPM_LOG_VTPM, "Failed to readEK meaning TPM has an owner. Creating Keys off existing SRK.\n"); - } - - // Generate storage key's auth - Crypto_GetRandom( &vtpm_globals->storage_key_usage_auth, - sizeof(TPM_AUTHDATA) ); - - TCS_AUTH osap; - TPM_AUTHDATA sharedsecret; - - TPMTRYRETURN( VTSP_OSAP(vtpm_globals->manager_tcs_handle, - TPM_ET_KEYHANDLE, - TPM_SRK_KEYHANDLE, - &SRK_AUTH, - &sharedsecret, - &osap) ); - - osap.fContinueAuthSession = FALSE; - - - TPMTRYRETURN( VTSP_CreateWrapKey( vtpm_globals->manager_tcs_handle, - TPM_KEY_BIND, - (const TPM_AUTHDATA*)&vtpm_globals->storage_key_usage_auth, - TPM_SRK_KEYHANDLE, - (const TPM_AUTHDATA*)&sharedsecret, - &vtpm_globals->storageKeyWrap, - &osap) ); - - // Generate boot key's auth - TPM_AUTHDATA bootKeyWrapAuth; - memset(&bootKeyWrapAuth, 0, sizeof(bootKeyWrapAuth)); - - TPMTRYRETURN( VTSP_OSAP(vtpm_globals->manager_tcs_handle, - TPM_ET_KEYHANDLE, - TPM_SRK_KEYHANDLE, - &SRK_AUTH, - &sharedsecret, - &osap) ); - - osap.fContinueAuthSession = FALSE; - - // FIXME: This key protects the global secrets on disk. It should use TPM - // PCR bindings to limit its use to legit configurations. - // Current binds are open, implying a Trusted VM contains this code. - // If this VM is not Trusted, use measurement and PCR bindings. - TPMTRYRETURN( VTSP_CreateWrapKey( vtpm_globals->manager_tcs_handle, - TPM_KEY_BIND, - (const TPM_AUTHDATA*)&bootKeyWrapAuth, - TPM_SRK_KEYHANDLE, - (const TPM_AUTHDATA*)&sharedsecret, - &vtpm_globals->bootKeyWrap, - &osap) ); - - // Populate CRYPTO_INFO vtpm_globals->bootKey. This does not load it into the TPM - TPMTRYRETURN( VTSP_LoadKey( vtpm_globals->manager_tcs_handle, - TPM_SRK_KEYHANDLE, - &vtpm_globals->bootKeyWrap, - NULL, - NULL, - NULL, - &vtpm_globals->bootKey, - TRUE ) ); - - TPMTRYRETURN( VTSP_SaveState(vtpm_globals->manager_tcs_handle) ); - goto egress; - - abort_egress: - exit(1); - - egress: - vtpmloginfo(VTPM_LOG_VTPM, "Finished initialized new VTPM manager (Status = %d).\n", status); - return status; - -} - -/////////////////////////////////////////////////////////////////////////////// -TPM_RESULT VTPM_Init_Manager() { - TPM_RESULT status = TPM_FAIL, serviceStatus; - BYTE *randomsead; - UINT32 randomsize=256; - - if ((vtpm_globals = (VTPM_GLOBALS *) malloc(sizeof(VTPM_GLOBALS))) == NULL){ - status = TPM_FAIL; - goto abort_egress; - } - memset(vtpm_globals, 0, sizeof(VTPM_GLOBALS)); - - vtpm_globals->connected_dmis = 0; - - if ((vtpm_globals->dmi_map = create_hashtable(10, hashfunc32, equals32)) == NULL){ - status = TPM_FAIL; - goto abort_egress; - } - - // Create new TCS Object - vtpm_globals->manager_tcs_handle = 0; - - TPMTRYRETURN(TCS_create()); - - // Create TCS Context for service - TPMTRYRETURN( TCS_OpenContext(&vtpm_globals->manager_tcs_handle ) ); - - TPMTRYRETURN( TCSP_GetRandom(vtpm_globals->manager_tcs_handle, - &randomsize, - &randomsead)); - - Crypto_Init(randomsead, randomsize); - TPMTRYRETURN( TCS_FreeMemory (vtpm_globals->manager_tcs_handle, randomsead)); - - // Create OIAP session for service's authorized commands - TPMTRYRETURN( VTSP_OIAP( vtpm_globals->manager_tcs_handle, - &vtpm_globals->keyAuth) ); - vtpm_globals->keyAuth.fContinueAuthSession = TRUE; - - vtpm_globals->mig_keys = NULL; - - // If fails, create new Manager. - serviceStatus = VTPM_LoadManagerData(); - if (serviceStatus == TPM_IOERROR) { - vtpmloginfo(VTPM_LOG_VTPM, "Failed to read manager file. Assuming first time initialization.\n"); - TPMTRYRETURN( VTPM_Create_Manager() ); - TPMTRYRETURN( VTPM_SaveManagerData() ); - } else if (serviceStatus != TPM_SUCCESS) { - vtpmlogerror(VTPM_LOG_VTPM, "Failed to read existing manager file"); - exit(1); - } - - //Load Storage Key - TPMTRYRETURN( VTSP_LoadKey( vtpm_globals->manager_tcs_handle, - TPM_SRK_KEYHANDLE, - &vtpm_globals->storageKeyWrap, - &SRK_AUTH, - &vtpm_globals->storageKeyHandle, - &vtpm_globals->keyAuth, - &vtpm_globals->storageKey, - FALSE ) ); - - // Create entry for Dom0 for control messages - TPMTRYRETURN( VTPM_Handle_New_DMI(NULL) ); - - goto egress; - - abort_egress: - egress: - - return(status); -} - -/////////////////////////////////////////////////////////////////////////////// -void VTPM_Stop_Manager() { - VTPM_DMI_RESOURCE *dmi_res; - struct hashtable_itr *dmi_itr; - - // Close all the TCS contexts. TCS should evict keys based on this - if (hashtable_count(vtpm_globals->dmi_map) > 0) { - dmi_itr = hashtable_iterator(vtpm_globals->dmi_map); - do { - dmi_res = (VTPM_DMI_RESOURCE *) hashtable_iterator_value(dmi_itr); - if (dmi_res->connected) - close_dmi( dmi_res ); // Not really interested in return code - - } while (hashtable_iterator_advance(dmi_itr)); - free (dmi_itr); - } - - if ( VTPM_SaveManagerData() != TPM_SUCCESS ) - vtpmlogerror(VTPM_LOG_VTPM, "Unable to save manager data.\n"); - - TCS_CloseContext(vtpm_globals->manager_tcs_handle); - TCS_destroy(); - - hashtable_destroy(vtpm_globals->dmi_map, 1); - free(vtpm_globals); - - Crypto_Exit(); - - vtpmloginfo(VTPM_LOG_VTPM, "VTPM Manager stopped.\n"); -} diff --git a/tools/vtpm_manager/manager/vtpm_manager.h b/tools/vtpm_manager/manager/vtpm_manager.h deleted file mode 100644 index a324a8f905..0000000000 --- a/tools/vtpm_manager/manager/vtpm_manager.h +++ /dev/null @@ -1,150 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== -// -// vtpm_manager.h -// -// Public Interface header for VTPM Manager -// -// ================================================================== - -#ifndef __VTPM_MANAGER_H__ -#define __VTPM_MANAGER_H__ - -#define VTPM_TAG_REQ 0x01c1 -#define VTPM_TAG_RSP 0x01c4 -#define COMMAND_BUFFER_SIZE 4096 - -// Header sizes. Note Header MAY include the DMI -#define VTPM_COMMAND_HEADER_SIZE_CLT ( 2 + 4 + 4) -// sizeof(TPM_TAG + UINT32 + TPM_COMMAND_CODE) -#define VTPM_COMMAND_HEADER_SIZE_SRV ( 4 + VTPM_COMMAND_HEADER_SIZE_CLT ) -// sizeof( UINT32 + VTPM_COMMAND_HEADER_SIZE_CLT) - -//************************ Command Codes **************************** -#define VTPM_ORD_BASE 0x0000 -#define VTPM_PRIV_MASK 0x01000000 // Priviledged VTPM Command -#define VTPM_PRIV_BASE (VTPM_ORD_BASE | VTPM_PRIV_MASK) - -// Non-priviledged VTPM Commands (From DMI's) -#define VTPM_ORD_SAVENVM (VTPM_ORD_BASE + 1) // DMI Saves Secrets -#define VTPM_ORD_LOADNVM (VTPM_ORD_BASE + 2) // DMI Loads Secrets -#define VTPM_ORD_TPMCOMMAND (VTPM_ORD_BASE + 3) // DMI issues HW TPM Command -#define VTPM_ORD_GET_MIG_KEY (VTPM_ORD_BASE + 4) // Get manager's migration key -#define VTPM_ORD_LOAD_MIG_KEY (VTPM_ORD_BASE + 5) // load dest migration key - -// Priviledged VTPM Commands (From management console) -#define VTPM_ORD_OPEN (VTPM_PRIV_BASE + 1) // Creates/reopens DMI -#define VTPM_ORD_CLOSE (VTPM_PRIV_BASE + 2) // Closes a DMI -#define VTPM_ORD_DELETE (VTPM_PRIV_BASE + 3) // Permemently Deletes DMI -#define VTPM_ORD_MIGRATE_IN (VTPM_PRIV_BASE + 4) // Load migrated VTPM -#define VTPM_ORD_MIGRATE_OUT (VTPM_PRIV_BASE + 5) // migrate VTPM to dest - -//************************ Return Codes **************************** -#define VTPM_TYPE_PVM 1 // Paravirtualized Domain -#define VTPM_TYPE_HVM 2 // HVM Domain - -//************************ Return Codes **************************** -#define VTPM_SUCCESS 0 -#define VTPM_FAIL 1 -#define VTPM_UNSUPPORTED 2 -#define VTPM_FORBIDDEN 3 -#define VTPM_RESTORE_CONTEXT_FAILED 4 -#define VTPM_INVALID_REQUEST 5 - -//*********************** Parameter Values ************************* -#define VTPM_TYPE_NON_MIGRATABLE 0x00 -#define VTPM_TYPE_MIGRATABLE 0x01 -#define VTPM_TYPE_MIGRATED 0xFF // VTPM has been migrated. - // VTPM can be recovered or deleted only - -/******************* Command Parameter API ************************* - -VTPM Command Format - dmi: 4 bytes // Source of message. - // WARNING: This is prepended by the channel. - // Thus it is received by VTPM Manager, - // but not sent by DMI - tpm tag: 2 bytes - command size: 4 bytes // Size of command including header but not DMI - ord: 4 bytes // Command ordinal above - parameters: size - 10 bytes // Command Parameter - -VTPM Response Format - tpm tag: 2 bytes - response_size: 4 bytes - status: 4 bytes - parameters: size - 10 bytes - - -VTPM_Open: - Input Parameters: - mig_type: 1 byte - startup_mode: 1 byte // Cold Boot = 1, resume = 2, deactive = 3 - domain type: 1 byte - instance_id: 4 bytes - Output Parameters: - None - -VTPM_Close - Input Parameters: - instance_id: 4 bytes - Output Parameters: - None - -VTPM_Delete - Input Parameters: - instance_id: 4 bytes - Output Parameters: - None - -VTPM_SaveNVM - Input Parameters: - data: n bytes (Header indicates size of data) - Output Parameters: - None - -VTPM_LoadNVM - Input Parameters: - None - Output Parameters: - data: n bytes (Header indicates size of data) - -VTPM_TPMCommand - Input Parameters: - TPM Command Byte Stream: n bytes - Output Parameters: - TPM Reponse Byte Stream: n bytes - -*********************************************************************/ - -#endif //_VTPM_MANAGER_H_ diff --git a/tools/vtpm_manager/manager/vtpm_manager_handler.c b/tools/vtpm_manager/manager/vtpm_manager_handler.c deleted file mode 100644 index 2001074384..0000000000 --- a/tools/vtpm_manager/manager/vtpm_manager_handler.c +++ /dev/null @@ -1,488 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== -// -// vtpm_manager_handler.c -// -// This file will house the main logic of the VTPM Manager -// -// ================================================================== - -#include <stdio.h> -#include <unistd.h> -#include <string.h> -#include <errno.h> - -#include "vtpm_manager.h" -#include "vtpmpriv.h" -#include "vtsp.h" -#include "bsg.h" -#include "hashtable.h" -#include "hashtable_itr.h" -#include "log.h" -#include "buffer.h" - -#define vtpmhandlerloginfo(module,fmt,args...) vtpmloginfo (module, "[%s]: " fmt, thread_name, ##args ); -#define vtpmhandlerloginfomore(module,fmt,args...) vtpmloginfomore (module, fmt, ##args ); -#define vtpmhandlerlogerror(module,fmt,args...) vtpmlogerror (module, "[%s]: " fmt, thread_name, ##args ); - -// ---------------------- Prototypes ------------------- -TPM_RESULT vtpm_manager_handle_vtpm_cmd(VTPM_DMI_RESOURCE *dmi_res, - TPM_COMMAND_CODE ord, - buffer_t *command_buf, - buffer_t *result_buf, - BOOL is_priv, - char *thread_name); - -TPM_RESULT vtpm_manager_handle_tpm_cmd(vtpm_ipc_handle_t *tx_ipc_h, - vtpm_ipc_handle_t *rx_ipc_h, - VTPM_DMI_RESOURCE *dmi_res, - BYTE *cmd_header, - buffer_t *param_buf, - buffer_t *result_buf, - char *thread_name); - -TPM_RESULT VTPM_Manager_Handler( vtpm_ipc_handle_t *tx_ipc_h, - vtpm_ipc_handle_t *rx_ipc_h, - BOOL fw_tpm, // Forward TPM cmds? - vtpm_ipc_handle_t *fw_tx_ipc_h, - vtpm_ipc_handle_t *fw_rx_ipc_h, - BOOL is_priv, - char *thread_name) { - TPM_RESULT status = TPM_FAIL; // Should never return - UINT32 dmi, in_param_size, cmd_size, out_param_size, out_message_size, reply_size; - BYTE *cmd_header=NULL, *in_param=NULL, *out_message=NULL, *reply; - buffer_t *command_buf=NULL, *result_buf=NULL; - TPM_TAG tag; - TPM_COMMAND_CODE ord; - VTPM_DMI_RESOURCE *dmi_res; - int size_read, size_write, i; - BOOL add_header=TRUE; // This indicates to prepend a header on result_buf before sending - - cmd_header = (BYTE *) malloc(VTPM_COMMAND_HEADER_SIZE_SRV); - command_buf = (buffer_t *) malloc(sizeof(buffer_t)); - result_buf = (buffer_t *) malloc(sizeof(buffer_t)); - - // ------------------------ Main Loop -------------------------------- - while(1) { - - vtpmhandlerloginfo(VTPM_LOG_VTPM, "%s waiting for messages.\n", thread_name); - - // --------------------- Read Cmd from Sender ---------------- - - // Read command header - size_read = vtpm_ipc_read(rx_ipc_h, NULL, cmd_header, VTPM_COMMAND_HEADER_SIZE_SRV); - if (size_read > 0) { - vtpmhandlerloginfo(VTPM_LOG_VTPM_DEEP, "RECV[%d]: 0x", size_read); - for (i=0; i<size_read; i++) - vtpmhandlerloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", cmd_header[i]); - } else { - vtpmhandlerlogerror(VTPM_LOG_VTPM, "%s can't read from ipc. Errono = %d. Aborting... \n", thread_name, errno); - goto abort_command; - } - - if (size_read < (int) VTPM_COMMAND_HEADER_SIZE_SRV) { - vtpmhandlerloginfo(VTPM_LOG_VTPM_DEEP, "\n"); - vtpmhandlerlogerror(VTPM_LOG_VTPM, "Command shorter than normal header (%d bytes). Aborting...\n", size_read); - goto abort_command; - } - - // Unpack header - BSG_UnpackList(cmd_header, 4, - BSG_TYPE_UINT32, &dmi, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, &in_param_size, - BSG_TPM_COMMAND_CODE, &ord ); - - // Using the header info, read the parameters of the command - // Note that in_param_size is in the client's context - cmd_size = in_param_size - VTPM_COMMAND_HEADER_SIZE_CLT; - if (cmd_size > 0) { - in_param = (BYTE *) malloc(cmd_size); - size_read = vtpm_ipc_read( rx_ipc_h, NULL, in_param, cmd_size); - if (size_read > 0) { - for (i=0; i<size_read; i++) - vtpmhandlerloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", in_param[i]); - - } else { - vtpmhandlerlogerror(VTPM_LOG_VTPM, "%s had error reading cmd from ipc. Aborting... \n", thread_name); - goto abort_command; - } - vtpmhandlerloginfomore(VTPM_LOG_VTPM_DEEP, "\n"); - - if (size_read < (int) cmd_size) { - vtpmhandlerloginfomore(VTPM_LOG_VTPM_DEEP, "\n"); - vtpmhandlerlogerror(VTPM_LOG_VTPM, "Command read(%d) is shorter than header indicates(%d). Aborting...\n", size_read, cmd_size); - goto abort_command; - } - } else { - in_param = NULL; - vtpmhandlerloginfomore(VTPM_LOG_VTPM_DEEP, "\n"); - } - - // Init the buffers used to handle the command and the response - if ( (buffer_init_convert(command_buf, cmd_size, in_param) != TPM_SUCCESS) || - (buffer_init(result_buf, 0, 0) != TPM_SUCCESS) ) { - vtpmhandlerlogerror(VTPM_LOG_VTPM, "Failed to setup buffers. Aborting...\n"); - goto abort_command; - } - - // -------------- Dispatch Commands to Handlers ----------- - if ((tag == VTPM_TAG_REQ) && (ord & VTPM_PRIV_MASK)) { - vtpm_lock_wrlock(); - } else { - vtpm_lock_rdlock(); - } - - if ( !(dmi_res = (VTPM_DMI_RESOURCE *) hashtable_search(vtpm_globals->dmi_map, &dmi)) || - (!dmi_res->connected) ) { - vtpmhandlerlogerror(VTPM_LOG_VTPM, "Attempted access to non-existent or disconnected DMI %d. Aborting...\n", dmi); - status = TPM_BAD_PARAMETER; - // We have no one to reply to, they don't exist. - goto abort_command; - } - - if (tag == VTPM_TAG_REQ) { - - status = vtpm_manager_handle_vtpm_cmd(dmi_res, ord, command_buf, result_buf, is_priv, thread_name); - - } else { // This is not a VTPM Command at all. - if (fw_tpm) { - status = vtpm_manager_handle_tpm_cmd(fw_tx_ipc_h, fw_rx_ipc_h, dmi_res, cmd_header, command_buf, result_buf, thread_name); - - // This means calling the DMI failed, not that the cmd failed in the DMI - // Since the return will be interpretted by a TPM app, all errors are IO_ERRORs to the app - if (status != TPM_SUCCESS) { - status = TPM_IOERROR; - goto abort_with_error; - } - // Unlike all other commands, forwarded commands yield a result_buf that includes the DMI's status. This - // should be forwarded to the caller VM - add_header = FALSE; - } else { - // We are not supposed to forward TPM commands at all. - int i; - vtpmhandlerlogerror(VTPM_LOG_VTPM, "Attempt to use unsupported direct access to TPM.\n"); - vtpmhandlerloginfo(VTPM_LOG_VTPM_DEEP, "Bad Command. dmi:%d, tag:%d, size:%d, ord:%d, Params: ", dmi, tag, in_param_size, ord); - for (i=0; i<cmd_size; i++) - vtpmhandlerloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", in_param[i]); - - vtpmhandlerloginfomore(VTPM_LOG_VTPM_DEEP, "\n"); - - status = TPM_FAIL; - goto abort_with_error; - } - - } // end else for is VTPM Command - - // ------------------- Respond to Sender ------------------ - - // Errors while handling responses jump here to reply with error messages - // NOTE: Currently there are no recoverable errors in multi-VM mode. If one - // is added to the code, this ifdef should be removed. - // Also note this is NOT referring to errors in commands, but rather - // this is about I/O errors and such. -#ifndef VTPM_MULTI_VM - abort_with_error: -#endif - - if (add_header) { - // Prepend VTPM header with destination DM stamped - out_param_size = buffer_len(result_buf); - out_message_size = VTPM_COMMAND_HEADER_SIZE_CLT + out_param_size; - reply_size = VTPM_COMMAND_HEADER_SIZE_SRV + out_param_size; - out_message = (BYTE *) malloc (reply_size); - reply = out_message; - - BSG_PackList(out_message, 4, - BSG_TYPE_UINT32, (BYTE *) &dmi, - BSG_TPM_TAG, (BYTE *) &tag, - BSG_TYPE_UINT32, (BYTE *) &out_message_size, - BSG_TPM_RESULT, (BYTE *) &status); - - if (buffer_len(result_buf) > 0) - memcpy(out_message + VTPM_COMMAND_HEADER_SIZE_SRV, result_buf->bytes, out_param_size); - //Note: Send message + dmi_id - } else { - reply = result_buf->bytes; - reply_size = buffer_len(result_buf); - } - size_write = vtpm_ipc_write(tx_ipc_h, (dmi_res ? dmi_res->tx_vtpm_ipc_h : NULL), reply, reply_size ); - if (size_write > 0) { - vtpmhandlerloginfo(VTPM_LOG_VTPM_DEEP, "SENT: 0x"); - for (i=0; i < reply_size; i++) - vtpmhandlerloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", reply[i]); - - vtpmhandlerloginfomore(VTPM_LOG_VTPM_DEEP, "\n"); - } else { - vtpmhandlerlogerror(VTPM_LOG_VTPM, "%s had error writing to ipc. Aborting... \n", thread_name); - goto abort_command; - } - free(out_message); out_message=NULL; - - if (size_write < (int)reply_size) { - vtpmhandlerlogerror(VTPM_LOG_VTPM, "%s unable to write full command to ipc (%d/%d)\n", thread_name, size_write, reply_size); - goto abort_command; - } - - // On certain failures an error message cannot be sent. - // This marks the beginning of cleanup in preperation for the next command. - abort_command: - //free buffers - bzero(cmd_header, VTPM_COMMAND_HEADER_SIZE_SRV); - //free(in_param); // This was converted to command_buf. No need to free - buffer_free(result_buf); - buffer_free(command_buf); - - // If we have a write lock, save the manager table - if ((tag == VTPM_TAG_REQ) && (ord & VTPM_PRIV_MASK) && - (VTPM_SaveManagerData() != TPM_SUCCESS) ) { - vtpmhandlerlogerror(VTPM_LOG_VTPM, "ERROR: Unable to save manager data.\n"); - } - - vtpm_lock_unlock(); - add_header = TRUE; // Reset to the default - } // End while(1) - -} - -///////////////////////////////////////////////////////////////////////// -TPM_RESULT vtpm_manager_handle_vtpm_cmd(VTPM_DMI_RESOURCE *dmi_res, - TPM_COMMAND_CODE ord, - buffer_t *command_buf, - buffer_t *result_buf, - BOOL is_priv, - char *thread_name) { - - TPM_RESULT status = TPM_FAIL; - - switch (ord) { - case VTPM_ORD_SAVENVM: - status= VTPM_Handle_Save_NVM(dmi_res, - command_buf, - result_buf); - break; - - case VTPM_ORD_LOADNVM: - status= VTPM_Handle_Load_NVM(dmi_res, - command_buf, - result_buf); - break; - - case VTPM_ORD_TPMCOMMAND: - status= VTPM_Handle_TPM_Command(dmi_res, - command_buf, - result_buf); - break; - - case VTPM_ORD_GET_MIG_KEY: - status = VTPM_Handle_Get_Migration_key(command_buf, - result_buf); - break; - - case VTPM_ORD_LOAD_MIG_KEY: - status = VTPM_Handle_Load_Migration_key(command_buf, - result_buf); - break; - - default: - // Privileged handlers can do maintanance - if (is_priv) { - switch (ord) { - case VTPM_ORD_OPEN: - status = VTPM_Handle_New_DMI(command_buf); - break; - - case VTPM_ORD_CLOSE: - status = VTPM_Handle_Close_DMI(command_buf); - break; - - case VTPM_ORD_DELETE: - status = VTPM_Handle_Delete_DMI(command_buf); - break; - - case VTPM_ORD_MIGRATE_IN: - status = VTPM_Handle_Migrate_In(command_buf, result_buf); - break; - - case VTPM_ORD_MIGRATE_OUT: - status = VTPM_Handle_Migrate_Out(command_buf, result_buf); - break; - - default: - status = TPM_BAD_ORDINAL; - } // switch - } else { // is priv command - - status = TPM_BAD_ORDINAL; - } // inner switch - } // outer switch - - return(status); -} - -///////////////////////////////////////////////////////////////////// -TPM_RESULT vtpm_manager_handle_tpm_cmd(vtpm_ipc_handle_t *tx_ipc_h, - vtpm_ipc_handle_t *rx_ipc_h, - VTPM_DMI_RESOURCE *dmi_res, - BYTE *cmd_header, - buffer_t *param_buf, - buffer_t *result_buf, - char *thread_name) { - - TPM_RESULT status = TPM_FAIL; - UINT32 dmi_dst; - TPM_COMMAND_CODE ord; - TPM_TAG tag_out; - UINT32 dmi_cmd_size, in_param_size, adj_param_size; - BYTE *dmi_cmd, *in_param; - int size_read, size_write, i; - - //// Dom0 can't talk to the BE, so this must be a broken FE/BE or badness - if (dmi_res->dmi_id == VTPM_CTL_DM) { - vtpmhandlerlogerror(VTPM_LOG_VTPM, "Illegal use of TPM command from dom0\n"); - status = TPM_FAIL; - goto abort_with_error; - } - - vtpmhandlerloginfo(VTPM_LOG_VTPM, "Forwarding command to DMI.\n"); - - //Forward TPM CMD stamped with dmi_id to DMI for handling - if (buffer_len(param_buf)) { - dmi_cmd = (BYTE *) malloc(VTPM_COMMAND_HEADER_SIZE_SRV + buffer_len(param_buf)); - dmi_cmd_size = VTPM_COMMAND_HEADER_SIZE_SRV + buffer_len(param_buf); - memcpy(dmi_cmd, cmd_header, VTPM_COMMAND_HEADER_SIZE_SRV); - memcpy(dmi_cmd + VTPM_COMMAND_HEADER_SIZE_SRV, param_buf->bytes, buffer_len(param_buf)); - size_write = vtpm_ipc_write(tx_ipc_h, dmi_res->tx_tpm_ipc_h, dmi_cmd, dmi_cmd_size); - - if (size_write > 0) { - vtpmhandlerloginfo(VTPM_LOG_VTPM_DEEP, "SENT (DMI): 0x"); - for (i=0; i<VTPM_COMMAND_HEADER_SIZE_SRV + buffer_len(param_buf); i++) { - vtpmhandlerloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", dmi_cmd[i]); - } - vtpmhandlerloginfomore(VTPM_LOG_VTPM_DEEP, "\n"); - } else { - vtpmhandlerlogerror(VTPM_LOG_VTPM, "Error writing to DMI. Aborting... \n"); - status = TPM_IOERROR; - goto abort_with_error; - } - free(dmi_cmd); - } else { - dmi_cmd_size = VTPM_COMMAND_HEADER_SIZE_SRV; - size_write = vtpm_ipc_write(tx_ipc_h, dmi_res->tx_tpm_ipc_h, cmd_header, VTPM_COMMAND_HEADER_SIZE_SRV ); - if (size_write > 0) { - vtpmhandlerloginfo(VTPM_LOG_VTPM_DEEP, "SENT (DMI): 0x"); - for (i=0; i<VTPM_COMMAND_HEADER_SIZE_SRV; i++) - vtpmhandlerloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", cmd_header[i]); - - vtpmhandlerloginfomore(VTPM_LOG_VTPM_DEEP, "\n"); - } else { - vtpmhandlerlogerror(VTPM_LOG_VTPM, "Error writing to DMI. Aborting... \n"); - status = TPM_IOERROR; - goto abort_with_error; - } - } - - if (size_write != (int) dmi_cmd_size) - vtpmhandlerlogerror(VTPM_LOG_VTPM, "Could not write entire command to DMI (%d/%d)\n", size_write, dmi_cmd_size); - - buffer_free(param_buf); - - // Read header for response to TPM command from DMI - size_read = vtpm_ipc_read( rx_ipc_h, dmi_res->rx_tpm_ipc_h, cmd_header, VTPM_COMMAND_HEADER_SIZE_SRV); - if (size_read > 0) { - vtpmhandlerloginfo(VTPM_LOG_VTPM_DEEP, "RECV (DMI): 0x"); - for (i=0; i<size_read; i++) - vtpmhandlerloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", cmd_header[i]); - - } else { - vtpmhandlerlogerror(VTPM_LOG_VTPM, "Error reading from DMI. Aborting... \n"); - status = TPM_IOERROR; - goto abort_with_error; - } - - if (size_read < (int) VTPM_COMMAND_HEADER_SIZE_SRV) { - vtpmhandlerlogerror(VTPM_LOG_VTPM, "Command from DMI shorter than normal header. Aborting...\n"); - status = TPM_IOERROR; - goto abort_with_error; - } - - // Unpack response from DMI for TPM command - BSG_UnpackList(cmd_header, 4, - BSG_TYPE_UINT32, &dmi_dst, - BSG_TPM_TAG, &tag_out, - BSG_TYPE_UINT32, &in_param_size, - BSG_TPM_COMMAND_CODE, &status ); - - // If response has parameters, read them. - // Note that in_param_size is in the client's context - adj_param_size = in_param_size - VTPM_COMMAND_HEADER_SIZE_CLT; - if (adj_param_size > 0) { - in_param = (BYTE *) malloc(adj_param_size); - size_read = vtpm_ipc_read(rx_ipc_h, dmi_res->rx_tpm_ipc_h, in_param, adj_param_size); - if (size_read > 0) { - for (i=0; i<size_read; i++) - vtpmhandlerloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", in_param[i]); - - } else { - vtpmhandlerlogerror(VTPM_LOG_VTPM, "Error reading from BE. Aborting... \n"); - goto abort_with_error; - } - vtpmhandlerloginfomore(VTPM_LOG_VTPM, "\n"); - - if (size_read < (int)adj_param_size) { - vtpmhandlerloginfomore(VTPM_LOG_VTPM, "\n"); - vtpmhandlerlogerror(VTPM_LOG_VTPM, "Command read(%d) from DMI is shorter than header indicates(%d). Aborting...\n", size_read, adj_param_size); - status = TPM_IOERROR; - goto abort_with_error; - } - } else { - in_param = NULL; - vtpmhandlerloginfomore(VTPM_LOG_VTPM, "\n"); - } - - if ( (buffer_init(result_buf, VTPM_COMMAND_HEADER_SIZE_SRV, cmd_header) != TPM_SUCCESS) || - (buffer_append_raw(result_buf, adj_param_size, in_param) != TPM_SUCCESS) ) { - vtpmhandlerlogerror(VTPM_LOG_VTPM, "Failed to setup buffers. Aborting...\n"); - status = TPM_FAIL; - goto abort_with_error; - } - - vtpmhandlerloginfo(VTPM_LOG_VTPM, "Sending DMI's response to guest.\n"); - - status = TPM_SUCCESS; - - abort_with_error: - - return status; -} - diff --git a/tools/vtpm_manager/manager/vtpmd.c b/tools/vtpm_manager/manager/vtpmd.c deleted file mode 100644 index cf58ba3fee..0000000000 --- a/tools/vtpm_manager/manager/vtpmd.c +++ /dev/null @@ -1,371 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== -// -// vtpmd.c -// -// Application -// -// =================================================================== - -#include <stdio.h> -#include <unistd.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <fcntl.h> -#include <signal.h> -#include <string.h> -#include <pthread.h> -#include "vtpm_manager.h" -#include "vtpmpriv.h" -#include "tcg.h" -#include "log.h" -#include "vtpm_ipc.h" - -#define TPM_EMULATOR_PATH "/usr/bin/vtpmd" - -#define VTPM_BE_FNAME "/dev/vtpm" -#define VTPM_DUMMY_TX_BE_FNAME "/var/vtpm/fifos/dummy_out.fifo" -#define VTPM_DUMMY_RX_BE_FNAME "/var/vtpm/fifos/dummy_in.fifo" -#define VTPM_TX_TPM_FNAME "/var/vtpm/fifos/tpm_cmd_to_%d.fifo" -#define VTPM_RX_TPM_FNAME "/var/vtpm/fifos/tpm_rsp_from_all.fifo" -#define VTPM_TX_VTPM_FNAME "/var/vtpm/fifos/vtpm_rsp_to_%d.fifo" -#define VTPM_RX_VTPM_FNAME "/var/vtpm/fifos/vtpm_cmd_from_all.fifo" -#define VTPM_TX_HP_FNAME "/var/vtpm/fifos/to_console.fifo" -#define VTPM_RX_HP_FNAME "/var/vtpm/fifos/from_console.fifo" - -#define VTPM_TYPE_PVM_STRING "pvm" -#define VTPM_TYPE_HVM_STRING "hvm" - -struct vtpm_thread_params_s { - vtpm_ipc_handle_t *tx_ipc_h; - vtpm_ipc_handle_t *rx_ipc_h; - BOOL fw_tpm; - vtpm_ipc_handle_t *fw_tx_ipc_h; - vtpm_ipc_handle_t *fw_rx_ipc_h; - BOOL is_priv; - char *thread_name; -}; - -// This is needed to all extra_close_dmi to close this to prevent a -// broken pipe when no DMIs are left. -static vtpm_ipc_handle_t *g_rx_tpm_ipc_h; - -void *vtpm_manager_thread(void *arg_void) { - TPM_RESULT *status = (TPM_RESULT *) malloc(sizeof(TPM_RESULT) ); - struct vtpm_thread_params_s *arg = (struct vtpm_thread_params_s *) arg_void; - - *status = VTPM_Manager_Handler(arg->tx_ipc_h, arg->rx_ipc_h, - arg->fw_tpm, arg->fw_tx_ipc_h, arg->fw_rx_ipc_h, - arg->is_priv, arg->thread_name); - - return (status); -} - - -void signal_handler(int reason) { - if (pthread_equal(pthread_self(), vtpm_globals->master_pid)) { - vtpmloginfo(VTPM_LOG_VTPM, "VTPM Manager shutting down for signal %d.\n", reason); - } else { - // For old Linux Thread machines, signals are delivered to each thread. Deal with them. - vtpmloginfo(VTPM_LOG_VTPM, "Child shutting down\n"); - pthread_exit(NULL); - } - - VTPM_Stop_Manager(); - exit(-1); -} - -struct sigaction ctl_c_handler; - -TPM_RESULT VTPM_New_DMI_Extra(VTPM_DMI_RESOURCE *dmi_res, BYTE vm_type, BYTE startup_mode) { - - TPM_RESULT status = TPM_SUCCESS; - int fh; - char dmi_id_str[11]; // UINT32s are up to 10 digits + NULL - char *tx_vtpm_name, *tx_tpm_name, *vm_type_string; - struct stat file_info; - - if (dmi_res->dmi_id == VTPM_CTL_DM) { - dmi_res->tx_tpm_ipc_h = NULL; - dmi_res->rx_tpm_ipc_h = NULL; - dmi_res->tx_vtpm_ipc_h = NULL; - dmi_res->rx_vtpm_ipc_h = NULL; - } else { - // Create a pair of fifo pipes - dmi_res->rx_tpm_ipc_h = NULL; - dmi_res->rx_vtpm_ipc_h = NULL; - - if ( ((dmi_res->tx_tpm_ipc_h = (vtpm_ipc_handle_t *) malloc (sizeof(vtpm_ipc_handle_t))) == NULL ) || - ((dmi_res->tx_vtpm_ipc_h =(vtpm_ipc_handle_t *) malloc (sizeof(vtpm_ipc_handle_t))) == NULL ) || - ((tx_tpm_name = (char *) malloc(11 + strlen(VTPM_TX_TPM_FNAME))) == NULL ) || - ((tx_vtpm_name =(char *) malloc(11 + strlen(VTPM_TX_VTPM_FNAME))) == NULL) ) { - status =TPM_RESOURCES; - goto abort_egress; - } - - sprintf(tx_tpm_name, VTPM_TX_TPM_FNAME, (uint32_t) dmi_res->dmi_id); - sprintf(tx_vtpm_name, VTPM_TX_VTPM_FNAME, (uint32_t) dmi_res->dmi_id); - - if ( (vtpm_ipc_init(dmi_res->tx_tpm_ipc_h, tx_tpm_name, O_WRONLY | O_NONBLOCK, TRUE) != 0) || - (vtpm_ipc_init(dmi_res->tx_vtpm_ipc_h, tx_vtpm_name, O_WRONLY, TRUE) != 0) ) { //FIXME: O_NONBLOCK? - status = TPM_IOERROR; - goto abort_egress; - } - - // Measure DMI - // FIXME: This will measure DMI. Until then use a fixed DMI_Measurement value - // Also, this mechanism is specific to 1 VM architecture. - /* - fh = open(TPM_EMULATOR_PATH, O_RDONLY); - stat_ret = fstat(fh, &file_stat); - if (stat_ret == 0) - dmi_size = file_stat.st_size; - else { - vtpmlogerror(VTPM_LOG_VTPM, "Could not open vtpmd!!\n"); - status = TPM_IOERROR; - goto abort_egress; - } - dmi_buffer - */ - memset(&dmi_res->DMI_measurement, 0xcc, sizeof(TPM_DIGEST)); - - if (vm_type == VTPM_TYPE_PVM) - vm_type_string = (BYTE *)&VTPM_TYPE_PVM_STRING; - else - vm_type_string = (BYTE *)&VTPM_TYPE_HVM_STRING; - - // Launch DMI - sprintf(dmi_id_str, "%d", (int) dmi_res->dmi_id); -#ifdef MANUAL_DM_LAUNCH - vtpmlogerror(VTPM_LOG_VTPM, "Manually start VTPM with dmi=%s now.\n", dmi_id_str); - dmi_res->dmi_pid = 0; -#else - pid_t pid = fork(); - - if (pid == -1) { - vtpmlogerror(VTPM_LOG_VTPM, "Could not fork to launch vtpm\n"); - status = TPM_RESOURCES; - goto abort_egress; - } else if (pid == 0) { - switch (startup_mode) { - case TPM_ST_CLEAR: - execl (TPM_EMULATOR_PATH, "vtpmd", "clear", vm_type_string, dmi_id_str, NULL); - break; - case TPM_ST_STATE: - execl (TPM_EMULATOR_PATH, "vtpmd", "save", vm_type_string, dmi_id_str, NULL); - break; - case TPM_ST_DEACTIVATED: - execl (TPM_EMULATOR_PATH, "vtpmd", "deactivated", vm_type_string, dmi_id_str, NULL); - break; - default: - status = TPM_BAD_PARAMETER; - goto abort_egress; - } - - // Returning from these at all is an error. - vtpmlogerror(VTPM_LOG_VTPM, "Could not exec to launch vtpm\n"); - } else { - dmi_res->dmi_pid = pid; - vtpmloginfo(VTPM_LOG_VTPM, "Launching DMI on PID = %d\n", pid); - } -#endif // MANUAL_DM_LAUNCH - - } // If DMI = VTPM_CTL_DM - status = TPM_SUCCESS; - -abort_egress: - return (status); -} - -TPM_RESULT VTPM_Close_DMI_Extra(VTPM_DMI_RESOURCE *dmi_res) { - TPM_RESULT status = TPM_SUCCESS; - - if (vtpm_globals->connected_dmis == 0) { - // No more DMI's connected. Close fifo to prevent a broken pipe. - // This is hackish. Need to think of another way. - vtpm_ipc_close(g_rx_tpm_ipc_h); - } - - - if (dmi_res->dmi_id != VTPM_CTL_DM) { - vtpm_ipc_close(dmi_res->tx_tpm_ipc_h); - vtpm_ipc_close(dmi_res->tx_vtpm_ipc_h); - - free(dmi_res->tx_tpm_ipc_h->name); - free(dmi_res->tx_vtpm_ipc_h->name); - -#ifndef MANUAL_DM_LAUNCH - if (dmi_res->dmi_id != VTPM_CTL_DM) { - if (dmi_res->dmi_pid != 0) { - vtpmloginfo(VTPM_LOG_VTPM, "Killing dmi on pid %d.\n", dmi_res->dmi_pid); - if (kill(dmi_res->dmi_pid, SIGKILL) !=0) { - vtpmloginfo(VTPM_LOG_VTPM, "DMI on pid %d is already dead.\n", dmi_res->dmi_pid); - } else if (waitpid(dmi_res->dmi_pid, NULL, 0) != dmi_res->dmi_pid) { - vtpmlogerror(VTPM_LOG_VTPM, "DMI on pid %d failed to stop.\n", dmi_res->dmi_pid); - status = TPM_FAIL; - } - } else { - vtpmlogerror(VTPM_LOG_VTPM, "Could not kill dmi because it's pid was 0.\n"); - status = TPM_FAIL; - } - } -#endif - - } //endif ! dom0 - return status; -} - - -int main(int argc, char **argv) { - vtpm_ipc_handle_t *tx_be_ipc_h, *rx_be_ipc_h, rx_tpm_ipc_h, rx_vtpm_ipc_h, tx_hp_ipc_h, rx_hp_ipc_h; - struct vtpm_thread_params_s be_thread_params, dmi_thread_params, hp_thread_params; - pthread_t be_thread, dmi_thread, hp_thread; - -#ifdef DUMMY_BACKEND - vtpm_ipc_handle_t tx_dummy_ipc_h, rx_dummy_ipc_h; -#else - vtpm_ipc_handle_t real_be_ipc_h; -#endif - - vtpmloginfo(VTPM_LOG_VTPM, "Starting VTPM.\n"); - - // -------------------- Initialize Manager ----------------- - if (VTPM_Init_Manager() != TPM_SUCCESS) { - vtpmlogerror(VTPM_LOG_VTPM, "Closing vtpmd due to error during startup.\n"); - return -1; - } - - // -------------------- Setup Ctrl+C Handlers -------------- - ctl_c_handler.sa_handler = signal_handler; - sigemptyset(&ctl_c_handler.sa_mask); - ctl_c_handler.sa_flags = 0; - - if (sigaction(SIGINT, &ctl_c_handler, NULL) == -1) - vtpmlogerror(VTPM_LOG_VTPM, "Could not install SIGINT handler. Ctl+break will not stop manager gently.\n"); - - // For easier debuggin with gdb - if (sigaction(SIGHUP, &ctl_c_handler, NULL) == -1) - vtpmlogerror(VTPM_LOG_VTPM, "Could not install SIGHUP handler. Ctl+break will not stop manager gently.\n"); - - sigset_t sig_mask; - sigemptyset(&sig_mask); - sigaddset(&sig_mask, SIGPIPE); - sigprocmask(SIG_BLOCK, &sig_mask, NULL); - - // ------------------- Set up file ipc structures ---------- -#ifdef DUMMY_BACKEND - if ( (vtpm_ipc_init(&tx_dummy_ipc_h, VTPM_DUMMY_TX_BE_FNAME, O_RDWR, TRUE) != 0) || - (vtpm_ipc_init(&rx_dummy_ipc_h, VTPM_DUMMY_RX_BE_FNAME, O_RDWR, TRUE) != 0) ) { - - vtpmlogerror(VTPM_LOG_VTPM, "Unable to create Dummy BE FIFOs.\n"); - exit(-1); - } - - tx_be_ipc_h = &tx_dummy_ipc_h; - rx_be_ipc_h = &rx_dummy_ipc_h; -#else - vtpm_ipc_init(&real_be_ipc_h, VTPM_BE_FNAME, O_RDWR, FALSE); - - tx_be_ipc_h = &real_be_ipc_h; - rx_be_ipc_h = &real_be_ipc_h; -#endif - - if ( (vtpm_ipc_init(&rx_tpm_ipc_h, VTPM_RX_TPM_FNAME, O_RDONLY, TRUE) != 0) || - (vtpm_ipc_init(&rx_vtpm_ipc_h, VTPM_RX_VTPM_FNAME, O_RDWR, TRUE) != 0) || //FIXME: O_RDONLY? - (vtpm_ipc_init(&tx_hp_ipc_h, VTPM_TX_HP_FNAME, O_RDWR, TRUE) != 0) || - (vtpm_ipc_init(&rx_hp_ipc_h, VTPM_RX_HP_FNAME, O_RDWR, TRUE) != 0) ) { - vtpmlogerror(VTPM_LOG_VTPM, "Unable to create initial FIFOs.\n"); - exit(-1); - } - - g_rx_tpm_ipc_h = &rx_tpm_ipc_h; - - // -------------------- Set up thread params ------------- - - be_thread_params.tx_ipc_h = tx_be_ipc_h; - be_thread_params.rx_ipc_h = rx_be_ipc_h; - be_thread_params.fw_tpm = TRUE; - be_thread_params.fw_tx_ipc_h = NULL; - be_thread_params.fw_rx_ipc_h = &rx_tpm_ipc_h; - be_thread_params.is_priv = FALSE; - be_thread_params.thread_name = "Backend Listener"; - - dmi_thread_params.tx_ipc_h = NULL; - dmi_thread_params.rx_ipc_h = &rx_vtpm_ipc_h; - dmi_thread_params.fw_tpm = FALSE; - dmi_thread_params.fw_tx_ipc_h = NULL; - dmi_thread_params.fw_rx_ipc_h = NULL; - dmi_thread_params.is_priv = FALSE; - dmi_thread_params.thread_name = "VTPM Listener"; - - hp_thread_params.tx_ipc_h = &tx_hp_ipc_h; - hp_thread_params.rx_ipc_h = &rx_hp_ipc_h; - hp_thread_params.fw_tpm = FALSE; - hp_thread_params.fw_tx_ipc_h = NULL; - hp_thread_params.fw_rx_ipc_h = NULL; - hp_thread_params.is_priv = TRUE; - hp_thread_params.thread_name = "Hotplug Listener"; - - // --------------------- Launch Threads ----------------- - - vtpm_lock_init(); - - vtpm_globals->master_pid = pthread_self(); - - if (pthread_create(&be_thread, NULL, vtpm_manager_thread, &be_thread_params) != 0) { - vtpmlogerror(VTPM_LOG_VTPM, "Failed to launch BE Thread.\n"); - exit(-1); - } - - if (pthread_create(&dmi_thread, NULL, vtpm_manager_thread, &dmi_thread_params) != 0) { - vtpmlogerror(VTPM_LOG_VTPM, "Failed to launch DMI Thread.\n"); - exit(-1); - } - - - if (pthread_create(&hp_thread, NULL, vtpm_manager_thread, &hp_thread_params) != 0) { - vtpmlogerror(VTPM_LOG_VTPM, "Failed to launch HP Thread.\n"); - exit(-1); - } - - //Join the other threads until exit time. - pthread_join(be_thread, NULL); - pthread_join(dmi_thread, NULL); - pthread_join(hp_thread, NULL); - - vtpmlogerror(VTPM_LOG_VTPM, "VTPM Manager shut down unexpectedly.\n"); - - VTPM_Stop_Manager(); - vtpm_lock_destroy(); - return 0; -} diff --git a/tools/vtpm_manager/manager/vtpmpriv.h b/tools/vtpm_manager/manager/vtpmpriv.h deleted file mode 100644 index 41e8d2d7db..0000000000 --- a/tools/vtpm_manager/manager/vtpmpriv.h +++ /dev/null @@ -1,186 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== -// -// vtpmpriv.h -// -// Structures and functions private to the manager -// -// ================================================================== - -#ifndef __VTPMPRIV_H__ -#define __VTPMPRIV_H__ - -#include "vtpm_manager.h" -#include "tcg.h" -#include "tcs.h" -#include "buffer.h" -#include "crypto.h" -#include "vtpm_ipc.h" - -#define VTPM_MANAGER_GEN 2 // This is incremented when the manager's table - // is changed. It's used for backwards compatability - -#define STATE_FILE "/var/vtpm/VTPM" -#define DMI_NVM_FILE "/var/vtpm/vtpm_dm_%d.data" -#define VTPM_CTL_DM 0 - -// ------------------------ Private Structures ----------------------- -typedef struct VTPM_DMI_RESOURCE_T { - // I/O info for Manager to talk to DMI's and controllers - vtpm_ipc_handle_t *tx_vtpm_ipc_h; // TX VTPM Results to DMI - vtpm_ipc_handle_t *rx_vtpm_ipc_h; // RX VTPM Commands from DMI - vtpm_ipc_handle_t *tx_tpm_ipc_h; // TX TPM Commands to DMI - vtpm_ipc_handle_t *rx_tpm_ipc_h; // RX TPM Results from DMI - -#ifndef VTPM_MULTI_VM - pid_t dmi_pid; -#endif - - // Non-persistent Information - bool connected; - UINT32 dmi_domain_id; - TCS_CONTEXT_HANDLE TCSContext; // TCS Handle - char *NVMLocation; // NULL term string indicating location - // of NVM. - // Persistent Information about DMI - UINT32 dmi_id; - BYTE dmi_type; - TPM_DIGEST NVM_measurement; // Equal to the SHA1 of the blob - TPM_DIGEST DMI_measurement; // Correct measurement of the owning DMI -} VTPM_DMI_RESOURCE; - -typedef struct tdVTPM_MIGKEY_LIST { - UINT32 name_size; - BYTE *name; // Name of destination (IP addr, domain name, etc) - CRYPTO_INFO key; - struct tdVTPM_MIGKEY_LIST *next; -} VTPM_MIGKEY_LIST; - - -typedef struct tdVTPM_GLOBALS { - // Non-persistent data -#ifndef VTPM_MULTI_VM - pid_t master_pid; -#endif - - int connected_dmis; // To close guest_rx when no dmis are connected - - struct hashtable *dmi_map; // Table of all DMI's known indexed by persistent instance # - VTPM_MIGKEY_LIST *mig_keys; // Table of migration keys - // Currently keys are loaded at migration time, - // TODO: Make VTPM man store a keys persistently - // and update script to check if key is needed - // before fetching it. - - TCS_CONTEXT_HANDLE manager_tcs_handle; // TCS Handle used by manager - TPM_HANDLE storageKeyHandle; // Key used by persistent store - CRYPTO_INFO storageKey; // For software encryption - CRYPTO_INFO bootKey; // For saving table - TCS_AUTH keyAuth; // OIAP session for storageKey - - // Persistent Data - TPM_AUTHDATA owner_usage_auth; // OwnerAuth of real TPM - buffer_t storageKeyWrap; // Wrapped copy of storageKey - TPM_AUTHDATA srk_usage_auth; - TPM_AUTHDATA storage_key_usage_auth; - - buffer_t bootKeyWrap; // Wrapped copy of boot key - -}VTPM_GLOBALS; - -// --------------------------- Global Values -------------------------- -extern VTPM_GLOBALS *vtpm_globals; // Key info and DMI states -extern const TPM_AUTHDATA SRK_AUTH; // SRK Well Known Auth Value - -// ********************** VTPM Functions ************************* -TPM_RESULT VTPM_Init_Manager(); // Start VTPM Service -void VTPM_Stop_Manager(); // Stop VTPM Service -TPM_RESULT VTPM_Manager_Handler(vtpm_ipc_handle_t *tx_ipc_h, - vtpm_ipc_handle_t *rx_ipc_h, - BOOL fw_tpm, // Should forward TPM cmds - vtpm_ipc_handle_t *fw_tx_ipc_h, - vtpm_ipc_handle_t *fw_rx_ipc_h, - BOOL is_priv, - char *client_name); - -// ********************** Command Handler Prototypes *********************** - -TPM_RESULT VTPM_Handle_Load_NVM( VTPM_DMI_RESOURCE *myDMI, - const buffer_t *inbuf, - buffer_t *outbuf); - -TPM_RESULT VTPM_Handle_Save_NVM( VTPM_DMI_RESOURCE *myDMI, - const buffer_t *inbuf, - buffer_t *outbuf); - -TPM_RESULT VTPM_Handle_TPM_Command( VTPM_DMI_RESOURCE *dmi, - buffer_t *inbuf, - buffer_t *outbuf); - -TPM_RESULT VTPM_Handle_New_DMI(const buffer_t *param_buf); - -TPM_RESULT VTPM_Handle_Close_DMI(const buffer_t *param_buf); - -TPM_RESULT VTPM_Handle_Delete_DMI(const buffer_t *param_buf); - -TPM_RESULT VTPM_Handle_Migrate_In( const buffer_t *param_buf, - buffer_t *result_buf); - -TPM_RESULT VTPM_Handle_Migrate_Out ( const buffer_t *param_buf, - buffer_t *result_buf); - -TPM_RESULT VTPM_Handle_Get_Migration_key( const buffer_t *param_buf, - buffer_t *result_buf); - -TPM_RESULT VTPM_SaveManagerData(void); -TPM_RESULT VTPM_LoadManagerData(void); - -TPM_RESULT VTPM_New_DMI_Extra(VTPM_DMI_RESOURCE *dmi_res, BYTE vm_type, BYTE startup_mode); - -TPM_RESULT VTPM_Close_DMI_Extra(VTPM_DMI_RESOURCE *dmi_res); - -// Helper functions -TPM_RESULT close_dmi(VTPM_DMI_RESOURCE *dmi_res); -TPM_RESULT init_dmi(UINT32 dmi_id, BYTE type, VTPM_DMI_RESOURCE **dmi_res); - -TPM_RESULT envelope_encrypt(const buffer_t *inbuf, - CRYPTO_INFO *asymkey, - buffer_t *sealed_data); - -TPM_RESULT envelope_decrypt(const buffer_t *cipher, - TCS_CONTEXT_HANDLE TCSContext, - TPM_HANDLE keyHandle, - const TPM_AUTHDATA *key_usage_auth, - buffer_t *unsealed_data); - -#endif // __VTPMPRIV_H__ diff --git a/tools/vtpm_manager/manager/vtsp.c b/tools/vtpm_manager/manager/vtsp.c deleted file mode 100644 index fc8a66ffc8..0000000000 --- a/tools/vtpm_manager/manager/vtsp.c +++ /dev/null @@ -1,1042 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== -// -// vtsp.c -// -// Higher level interface to TCS for use in service. -// -// ================================================================== - -#include <string.h> -#include "tcg.h" -#include "tcs.h" -#include "bsg.h" -#include "log.h" -#include "crypto.h" -#include "vtsp.h" -#include "buffer.h" - -#define RSA_KEY_SIZE 0x0800 - -/*********************************************************************************** - * GenerateAuth: Generate authorization info to be sent back to application - * - * Parameters: outParamDigestText The concatenation of output parameters to be SHA1ed - * outParamDigestTextSize Size of inParamDigestText - * HMACkey Key to be used for HMACing - * For OIAP use key.authUsage or PersistStore.ownerAuth - * For OSAP use shared secret - * pAuth Authorization information from the application - * - * Return: TPM_SUCCESS Authorization data created - * TPM_AUTHFAIL Invalid (NULL) HMACkey presented for OSAP - *************************************************************************************/ -TPM_RESULT GenerateAuth( /*[IN]*/ const BYTE *inParamDigestText, - /*[IN]*/ UINT32 inParamDigestTextSize, - /*[IN]*/ const TPM_SECRET *HMACkey, - /*[IN,OUT]*/ TCS_AUTH *auth) { - - if (inParamDigestText == NULL || auth == NULL) - return (TPM_AUTHFAIL); - else { - - //Generate new OddNonce - Crypto_GetRandom(auth->NonceOdd.nonce, sizeof(TPM_NONCE)); - - // Create SHA1 inParamDigest - TPM_DIGEST inParamDigest; - Crypto_SHA1Full(inParamDigestText, inParamDigestTextSize, (BYTE *) &inParamDigest); - - // Create HMAC text. (Concat inParamsDigest with inAuthSetupParams). - BYTE hmacText[sizeof(TPM_DIGEST) + (2 * sizeof(TPM_NONCE)) + sizeof(BOOL)]; - - BSG_PackList( hmacText, 4, - BSG_TPM_DIGEST, &inParamDigest, - BSG_TPM_NONCE, &(auth->NonceEven), - BSG_TPM_NONCE, &(auth->NonceOdd), - BSG_TYPE_BOOL, &(auth->fContinueAuthSession) ); - - Crypto_HMAC((BYTE *) hmacText, sizeof(hmacText), (BYTE *) HMACkey, sizeof(TPM_DIGEST), (BYTE *) &(auth->HMAC)); - - return(TPM_SUCCESS); - - } -} - -/*********************************************************************************** - * VerifyAuth: Verify the authdata for a command requiring authorization - * - * Parameters: inParamDigestText The concatenation of parameters to be SHA1ed - * inParamDigestTextSize Size of inParamDigestText - * authDataUsage AuthDataUsage for the Entity being used - * Key->authDataUsage or TPM_AUTH_OWNER - * HMACkey Key to be used for HMACing - * For OIAP use key.authUsage or PersistStore.ownerAuth - * For OSAP use NULL (It will be aquired from the Auth Session) - * If unknown (default), assume OIAP - * sessionAuth A TCS_AUTH info for the session - * pAuth Authorization information from the application - * hContext If specified, on failed Auth, VerifyAuth will - * generate a new OIAP session in place of themselves - * destroyed session. - * - * Return: TPM_SUCCESS Authorization Verified - * TPM_AUTHFAIL Authorization Failed - * TPM_FAIL Failure during SHA1 routines - *************************************************************************************/ -TPM_RESULT VerifyAuth( /*[IN]*/ const BYTE *outParamDigestText, - /*[IN]*/ UINT32 outParamDigestTextSize, - /*[IN]*/ const TPM_SECRET *HMACkey, - /*[IN,OUT]*/ TCS_AUTH *auth, - /*[IN]*/ TCS_CONTEXT_HANDLE hContext) { - if (outParamDigestText == NULL || auth == NULL) - return (TPM_AUTHFAIL); - - - // Create SHA1 inParamDigest - TPM_DIGEST outParamDigest; - Crypto_SHA1Full(outParamDigestText, outParamDigestTextSize, (BYTE *) &outParamDigest); - - // Create HMAC text. (Concat inParamsDigest with inAuthSetupParams). - TPM_DIGEST hm; - BYTE hmacText[sizeof(TPM_DIGEST) + (2 * sizeof(TPM_NONCE)) + sizeof(BOOL)]; - - BSG_PackList( hmacText, 4, - BSG_TPM_DIGEST, &outParamDigest, - BSG_TPM_NONCE, &(auth->NonceEven), - BSG_TPM_NONCE, &(auth->NonceOdd), - BSG_TYPE_BOOL, &(auth->fContinueAuthSession) ); - - Crypto_HMAC((BYTE *) hmacText, sizeof(hmacText), - (BYTE *) HMACkey, sizeof(TPM_DIGEST), (BYTE *) &hm); - - // Compare correct HMAC with provided one. - if (memcmp (&hm, &(auth->HMAC), sizeof(TPM_DIGEST)) == 0) { // 0 indicates equality - if (!auth->fContinueAuthSession) - vtpmloginfo(VTPM_LOG_VTSP_DEEP, "Auth Session: 0x%x closed by TPM by fContinue=0.\n", auth->AuthHandle); - - return (TPM_SUCCESS); - } else { - // If specified, reconnect the OIAP session. - // NOTE: This only works for TCS's that never have a 0 context. - if (hContext) { - vtpmloginfo(VTPM_LOG_VTSP_DEEP, "Auth Session: 0x%x closed by TPM due to failure.\n", auth->AuthHandle); - VTSP_OIAP( hContext, auth); - } - return (TPM_AUTHFAIL); - } -} - -TPM_RESULT VTSP_OIAP(const TCS_CONTEXT_HANDLE hContext, - TCS_AUTH *auth) { - - vtpmloginfo(VTPM_LOG_VTSP, "OIAP.\n"); - TPM_RESULT status = TPM_SUCCESS; - TPMTRYRETURN( TCSP_OIAP(hContext, - &auth->AuthHandle, - &auth->NonceEven) ); - - memset(&auth->HMAC, 0, sizeof(TPM_DIGEST)); - auth->fContinueAuthSession = FALSE; - - vtpmloginfo(VTPM_LOG_VTSP_DEEP, "Auth Session: 0x%x opened by TPM_OIAP.\n", auth->AuthHandle); - goto egress; - - abort_egress: - - egress: - - return status; -} - -TPM_RESULT VTSP_OSAP(const TCS_CONTEXT_HANDLE hContext, - const TPM_ENTITY_TYPE entityType, - const UINT32 entityValue, - const TPM_AUTHDATA *usageAuth, - TPM_SECRET *sharedSecret, - TCS_AUTH *auth) { - - vtpmloginfo(VTPM_LOG_VTSP, "OSAP.\n"); - TPM_RESULT status = TPM_SUCCESS; - TPM_NONCE nonceEvenOSAP, nonceOddOSAP; - - Crypto_GetRandom((BYTE *) &nonceOddOSAP, sizeof(TPM_NONCE) ); - - TPMTRYRETURN( TCSP_OSAP( hContext, - entityType, - entityValue, - nonceOddOSAP, - &auth->AuthHandle, - &auth->NonceEven, - &nonceEvenOSAP) ); - - // Calculating Session Secret - BYTE sharedSecretText[TPM_DIGEST_SIZE * 2]; - - BSG_PackList( sharedSecretText, 2, - BSG_TPM_NONCE, &nonceEvenOSAP, - BSG_TPM_NONCE, &nonceOddOSAP); - - Crypto_HMAC(sharedSecretText, sizeof(sharedSecretText), (BYTE *) usageAuth, TPM_DIGEST_SIZE, (BYTE *) sharedSecret); - - memset(&auth->HMAC, 0, sizeof(TPM_DIGEST)); - auth->fContinueAuthSession = FALSE; - - vtpmloginfo(VTPM_LOG_VTSP_DEEP, "Auth Session: 0x%x opened by TPM_OSAP.\n", auth->AuthHandle); - - goto egress; - - abort_egress: - - egress: - - return status; -} - - -TPM_RESULT VTSP_TerminateHandle(const TCS_CONTEXT_HANDLE hContext, - const TCS_AUTH *auth) { - - vtpmloginfo(VTPM_LOG_VTSP, "Terminate Handle.\n"); - TPM_RESULT status = TPM_SUCCESS; - TPMTRYRETURN( TCSP_TerminateHandle(hContext, auth->AuthHandle) ); - - vtpmloginfo(VTPM_LOG_VTSP_DEEP, "Auth Session: 0x%x closed by TPM_TerminateHandle.\n", auth->AuthHandle); - goto egress; - - abort_egress: - - egress: - - return status; -} - - -TPM_RESULT VTSP_ReadPubek( const TCS_CONTEXT_HANDLE hContext, - CRYPTO_INFO *crypto_info) { - - TPM_RESULT status; - TPM_NONCE antiReplay; - TPM_DIGEST checksum; - BYTE *pubEKtext; - UINT32 pubEKtextsize; - - vtpmloginfo(VTPM_LOG_VTSP, "Reading Public EK.\n"); - - // GenerateAuth new nonceOdd - Crypto_GetRandom(&antiReplay, sizeof(TPM_NONCE) ); - - - TPMTRYRETURN( TCSP_ReadPubek( hContext, - antiReplay, - &pubEKtextsize, - &pubEKtext, - &checksum) ); - - - // Extract the remaining output parameters - TPM_PUBKEY pubEK; - - BSG_Unpack(BSG_TPM_PUBKEY, pubEKtext, (BYTE *) &pubEK); - - // Build CryptoInfo for the bindingKey - TPM_RSA_KEY_PARMS rsaKeyParms; - - BSG_Unpack(BSG_TPM_RSA_KEY_PARMS, - pubEK.algorithmParms.parms, - &rsaKeyParms); - - Crypto_RSABuildCryptoInfoPublic(rsaKeyParms.exponentSize, - rsaKeyParms.exponent, - pubEK.pubKey.keyLength, - pubEK.pubKey.key, - crypto_info); - - // Destroy rsaKeyParms - BSG_Destroy(BSG_TPM_RSA_KEY_PARMS, &rsaKeyParms); - - // Set encryption scheme - crypto_info->encScheme = CRYPTO_ES_RSAESOAEP_SHA1_MGF1; - //crypto_info->encScheme = pubEK.algorithmParms.encScheme; - crypto_info->algorithmID = pubEK.algorithmParms.algorithmID; - - goto egress; - - abort_egress: - - egress: - - return status; -} - -TPM_RESULT VTSP_TakeOwnership( const TCS_CONTEXT_HANDLE hContext, - const TPM_AUTHDATA *ownerAuth, - const TPM_AUTHDATA *srkAuth, - CRYPTO_INFO *ek_cryptoInfo, - TCS_AUTH *auth) { - - vtpmloginfo(VTPM_LOG_VTSP, "Taking Ownership of TPM.\n"); - - TPM_RESULT status = TPM_SUCCESS; - TPM_COMMAND_CODE command = TPM_ORD_TakeOwnership; - TPM_PROTOCOL_ID proto_id = TPM_PID_OWNER; - BYTE *new_srk; - - BYTE *paramText; // Digest to make Auth. - UINT32 paramTextSize; - - // vars for srkpubkey parameter - TPM_KEY srkPub; - TPM_KEY_PARMS srkKeyInfo = {TPM_ALG_RSA, TPM_ES_RSAESOAEP_SHA1_MGF1, TPM_SS_NONE, 12, 0}; - BYTE srkRSAkeyInfo[12] = { 0x00, 0x00, (RSA_KEY_SIZE >> 8), 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00}; - srkKeyInfo.parms = (BYTE *) &srkRSAkeyInfo; - - struct pack_buf_t srkText; - - //These values are accurate for an enc(AuthData). - struct pack_buf_t encOwnerAuth, encSrkAuth; - - encOwnerAuth.data = (BYTE *)malloc(sizeof(BYTE) * 256); - encSrkAuth.data = (BYTE *)malloc(sizeof(BYTE) * 256); - - if (encOwnerAuth.data == NULL || encSrkAuth.data == NULL) { - vtpmloginfo(VTPM_LOG_VTSP, "Could not malloc encrypted auths.\n"); - status = TPM_RESOURCES; - goto abort_egress; - } - - Crypto_RSAEnc(ek_cryptoInfo, sizeof(TPM_SECRET), (BYTE *) ownerAuth, &encOwnerAuth.size, encOwnerAuth.data); - Crypto_RSAEnc(ek_cryptoInfo, sizeof(TPM_SECRET), (BYTE *) srkAuth, &encSrkAuth.size, encSrkAuth.data); - - - // Build srk public key struct - srkPub.ver = TPM_STRUCT_VER_1_1; - srkPub.keyUsage = TPM_KEY_STORAGE; - srkPub.keyFlags = 0x00; - srkPub.authDataUsage = TPM_AUTH_ALWAYS; - memcpy(&srkPub.algorithmParms, &srkKeyInfo, sizeof(TPM_KEY_PARMS)); - srkPub.PCRInfoSize = 0; - srkPub.PCRInfo = 0; - srkPub.pubKey.keyLength= 0; - srkPub.encDataSize = 0; - - srkText.data = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH); - srkText.size = BSG_Pack(BSG_TPM_KEY, (BYTE *) &srkPub, srkText.data); - - paramText = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH); - - paramTextSize = BSG_PackList(paramText, 5, - BSG_TPM_COMMAND_CODE,&command, - BSG_TPM_PROTOCOL_ID, &proto_id, - BSG_TPM_SIZE32_DATA, &encOwnerAuth, - BSG_TPM_SIZE32_DATA, &encSrkAuth, - BSG_TPM_KEY, &srkPub); - - TPMTRYRETURN( GenerateAuth( paramText, paramTextSize, ownerAuth, auth) ); - - new_srk = srkText.data; - TPMTRYRETURN( TCSP_TakeOwnership ( hContext, - proto_id, - encOwnerAuth.size, - encOwnerAuth.data, - encSrkAuth.size, - encSrkAuth.data, - &srkText.size, - &new_srk, - auth ) ); - - - paramTextSize = BSG_PackList(paramText, 2, - BSG_TPM_RESULT, &status, - BSG_TPM_COMMAND_CODE, &command); - memcpy(paramText + paramTextSize, new_srk, srkText.size); - paramTextSize += srkText.size; - - - TPMTRYRETURN( VerifyAuth( paramText, paramTextSize, - ownerAuth, auth, - hContext) ); - - goto egress; - - abort_egress: - - egress: - - free(srkText.data); - free(encSrkAuth.data); - free(encOwnerAuth.data); - free(paramText); - - TCS_FreeMemory(hContext, new_srk); - - return status; -} - -TPM_RESULT VTSP_DisablePubekRead( const TCS_CONTEXT_HANDLE hContext, - const TPM_AUTHDATA *ownerAuth, - TCS_AUTH *auth) { - - vtpmloginfo(VTPM_LOG_VTSP, "Disabling Pubek Read.\n"); - - TPM_RESULT status = TPM_SUCCESS; - TPM_COMMAND_CODE command = TPM_ORD_DisablePubekRead; - - BYTE *paramText; // Digest to make Auth. - UINT32 paramTextSize; - - paramText = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH); - - paramTextSize = BSG_PackList(paramText, 1, - BSG_TPM_COMMAND_CODE, &command); - - TPMTRYRETURN( GenerateAuth( paramText, paramTextSize, - ownerAuth, auth) ); - - // Call TCS - TPMTRYRETURN( TCSP_DisablePubekRead ( hContext, // in - auth) ); - - // Verify Auth - paramTextSize = BSG_PackList(paramText, 2, - BSG_TPM_RESULT, &status, - BSG_TPM_COMMAND_CODE, &command); - - TPMTRYRETURN( VerifyAuth( paramText, paramTextSize, - ownerAuth, auth, - hContext) ); - goto egress; - - abort_egress: - egress: - free(paramText); - return status; -} - -TPM_RESULT VTSP_CreateWrapKey( const TCS_CONTEXT_HANDLE hContext, - const TPM_KEY_USAGE usage, - const TPM_AUTHDATA *newKeyAuth, - const TCS_KEY_HANDLE parentHandle, - const TPM_AUTHDATA *osapSharedSecret, - buffer_t *pubKeyBuf, - TCS_AUTH *auth) { - - int i; - TPM_RESULT status = TPM_SUCCESS; - TPM_COMMAND_CODE command = TPM_ORD_CreateWrapKey; - - vtpmloginfo(VTPM_LOG_VTSP, "Creating new key of type %d.\n", usage); - - // vars for Calculate encUsageAuth - BYTE *paramText; - UINT32 paramTextSize; - - // vars for Calculate encUsageAuth - BYTE XORbuffer[sizeof(TPM_SECRET) + sizeof(TPM_NONCE)]; - TPM_DIGEST XORKey1; - UINT32 XORbufferSize; - TPM_SECRET encUsageAuth, encMigrationAuth; - - // vars for Flatten newKey prototype - BYTE *flatKey = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH); - UINT32 flatKeySize = TCPA_MAX_BUFFER_LENGTH; - struct pack_buf_t newKeyText; - - // Fill in newKey - TPM_KEY newKey; - - BYTE RSAkeyInfo[12] = { 0x00, 0x00, (RSA_KEY_SIZE >> 8), 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00}; - newKey.algorithmParms.algorithmID = TPM_ALG_RSA; - newKey.algorithmParms.parms = (BYTE *) &RSAkeyInfo; - newKey.algorithmParms.parmSize = 12; - - switch (usage) { - case TPM_KEY_SIGNING: - vtpmloginfo(VTPM_LOG_VTSP, "Creating Signing Key...\n"); - newKey.keyUsage = TPM_KEY_SIGNING; - newKey.algorithmParms.encScheme = TPM_ES_NONE; - newKey.algorithmParms.sigScheme = TPM_SS_RSASSAPKCS1v15_SHA1; - break; - case TPM_KEY_STORAGE: - vtpmloginfo(VTPM_LOG_VTSP, "Creating Storage Key...\n"); - newKey.keyUsage = TPM_KEY_STORAGE; - newKey.algorithmParms.encScheme = TPM_ES_RSAESOAEP_SHA1_MGF1; - newKey.algorithmParms.sigScheme = TPM_SS_NONE; - break; - case TPM_KEY_BIND: - vtpmloginfo(VTPM_LOG_VTSP, "Creating Binding Key...\n"); - newKey.keyUsage = TPM_KEY_BIND; - newKey.algorithmParms.encScheme = TPM_ES_RSAESOAEP_SHA1_MGF1; - newKey.algorithmParms.sigScheme = TPM_SS_NONE; - break; - default: - vtpmloginfo(VTPM_LOG_VTSP, "Cannot create key. Invalid Key Type.\n"); - status = TPM_BAD_PARAMETER; - goto abort_egress; - } - - - newKey.ver = TPM_STRUCT_VER_1_1; - - newKey.keyFlags = 0; - newKey.authDataUsage = TPM_AUTH_ALWAYS; - newKey.pubKey.keyLength= 0; - newKey.encDataSize = 0; - newKey.encData = NULL; - - // FIXME: Support PCR bindings - newKey.PCRInfoSize = 0; - newKey.PCRInfo = NULL; - - // Calculate encUsageAuth - XORbufferSize = BSG_PackList( XORbuffer, 2, - BSG_TPM_SECRET, osapSharedSecret, - BSG_TPM_NONCE, &auth->NonceEven); - Crypto_SHA1Full(XORbuffer, XORbufferSize, (BYTE *) &XORKey1); - - // FIXME: No support for migratable keys. - for (i=0; i < TPM_DIGEST_SIZE; i++) - ((BYTE *) &encUsageAuth)[i] = ((BYTE *) &XORKey1)[i] ^ ((BYTE *) newKeyAuth)[i]; - - // Flatten newKey prototype - flatKeySize = BSG_Pack(BSG_TPM_KEY, (BYTE *) &newKey, flatKey); - newKeyText.data = flatKey; - newKeyText.size = flatKeySize; - - // Generate HMAC - paramText = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH); - - paramTextSize = BSG_PackList(paramText, 3, - BSG_TPM_COMMAND_CODE, &command, - BSG_TPM_AUTHDATA, &encUsageAuth, - BSG_TPM_AUTHDATA, &encMigrationAuth); - memcpy(paramText + paramTextSize, newKeyText.data, newKeyText.size); - paramTextSize += newKeyText.size; - - - TPMTRYRETURN( GenerateAuth( paramText, paramTextSize, - osapSharedSecret, auth) ); - - // Call TCS - TPMTRYRETURN( TCSP_CreateWrapKey( hContext, - parentHandle, - encUsageAuth, - encMigrationAuth, - &newKeyText.size, - &newKeyText.data, - auth) ); - - // Verify Auth - paramTextSize = BSG_PackList(paramText, 2, - BSG_TPM_RESULT, &status, - BSG_TPM_COMMAND_CODE, &command); - memcpy(paramText + paramTextSize, newKeyText.data, newKeyText.size); - paramTextSize += newKeyText.size; - - TPMTRYRETURN( VerifyAuth( paramText, paramTextSize, - osapSharedSecret, auth, 0) ); - - // Unpack/return key structure - TPMTRYRETURN(buffer_init(pubKeyBuf, 0, 0) ); - TPMTRYRETURN(buffer_append_raw(pubKeyBuf, newKeyText.size, newKeyText.data) ); - - goto egress; - - abort_egress: - - egress: - - free(flatKey); - free(paramText); - TCS_FreeMemory(hContext, newKeyText.data); - - return status; -} - -TPM_RESULT VTSP_LoadKey(const TCS_CONTEXT_HANDLE hContext, - const TCS_KEY_HANDLE hUnwrappingKey, - const buffer_t *rgbWrappedKeyBlob, - const TPM_AUTHDATA *parentAuth, - TPM_HANDLE *newKeyHandle, - TCS_AUTH *auth, - CRYPTO_INFO *cryptoinfo, - const BOOL skipTPMLoad) { - - - vtpmloginfo(VTPM_LOG_VTSP, "Loading Key %s.\n", (!skipTPMLoad ? "into TPM" : "only into memory")); - - TPM_RESULT status = TPM_SUCCESS; - TPM_COMMAND_CODE command = TPM_ORD_LoadKey; - - BYTE *paramText=NULL; // Digest to make Auth. - UINT32 paramTextSize; - - // SkipTPMLoad stops key from being loaded into TPM, but still generates CRYPTO_INFO for it - if (! skipTPMLoad) { - - if ((rgbWrappedKeyBlob == NULL) || (parentAuth == NULL) || - (newKeyHandle==NULL) || (auth==NULL)) { - status = TPM_BAD_PARAMETER; - goto abort_egress; - } - - // Generate Extra TCS Parameters - TPM_HANDLE phKeyHMAC; - - paramText = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH); - - paramTextSize = BSG_PackList(paramText, 1, - BSG_TPM_COMMAND_CODE, &command); - - memcpy(paramText + paramTextSize, rgbWrappedKeyBlob->bytes, buffer_len(rgbWrappedKeyBlob)); - paramTextSize += buffer_len(rgbWrappedKeyBlob); - - TPMTRYRETURN( GenerateAuth( paramText, paramTextSize, - parentAuth, auth) ); - - // Call TCS - TPMTRYRETURN( TCSP_LoadKeyByBlob( hContext, - hUnwrappingKey, - buffer_len(rgbWrappedKeyBlob), - rgbWrappedKeyBlob->bytes, - auth, - newKeyHandle, - &phKeyHMAC) ); - - // Verify Auth - paramTextSize = BSG_PackList(paramText, 3, - BSG_TPM_RESULT, &status, - BSG_TPM_COMMAND_CODE, &command, - BSG_TPM_HANDLE, newKeyHandle); - - TPMTRYRETURN( VerifyAuth( paramText, paramTextSize, - parentAuth, auth, - hContext) ); - } - - // Build cryptoinfo structure for software crypto function. - if (cryptoinfo != NULL) { - TPM_KEY newKey; - - // Unpack/return key structure - BSG_Unpack(BSG_TPM_KEY, rgbWrappedKeyBlob->bytes , &newKey); - TPM_RSA_KEY_PARMS rsaKeyParms; - - BSG_Unpack(BSG_TPM_RSA_KEY_PARMS, - newKey.algorithmParms.parms, - &rsaKeyParms); - - Crypto_RSABuildCryptoInfoPublic(rsaKeyParms.exponentSize, - rsaKeyParms.exponent, - newKey.pubKey.keyLength, - newKey.pubKey.key, - cryptoinfo); - - // Destroy rsaKeyParms - BSG_Destroy(BSG_TPM_RSA_KEY_PARMS, &rsaKeyParms); - - // Set encryption scheme - cryptoinfo->encScheme = CRYPTO_ES_RSAESOAEP_SHA1_MGF1; - } - - goto egress; - - abort_egress: - - egress: - - free(paramText); - return status; -} - -TPM_RESULT VTSP_Unbind( const TCS_CONTEXT_HANDLE hContext, - const TPM_KEY_HANDLE key_handle, - const buffer_t *bound_data, - const TPM_AUTHDATA *usage_auth, - buffer_t *clear_data, - TCS_AUTH *auth) { - - vtpmloginfo(VTPM_LOG_VTSP, "Unbinding %d bytes of data.\n", buffer_len(bound_data)); - - TPM_RESULT status = TPM_SUCCESS; - TPM_COMMAND_CODE command = TPM_ORD_UnBind; - - BYTE *paramText; // Digest to make Auth. - UINT32 paramTextSize; - - // Generate Extra TCS Parameters - struct pack_buf_t clear_data32; - BYTE *clear_data_text; - UINT32 clear_data_size; - - struct pack_buf_t bound_data32 = {bound_data->size, bound_data->bytes}; - - paramText = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH); - - paramTextSize = BSG_PackList(paramText, 2, - BSG_TPM_COMMAND_CODE, &command, - BSG_TPM_SIZE32_DATA, &bound_data32); - - TPMTRYRETURN( GenerateAuth( paramText, paramTextSize, - usage_auth, auth) ); - - // Call TCS - TPMTRYRETURN( TCSP_UnBind( hContext, - key_handle, - buffer_len(bound_data), - bound_data->bytes, - auth, - &clear_data_size, - &clear_data_text) ); - - - // Verify Auth - clear_data32.size = clear_data_size; - clear_data32.data = clear_data_text; - paramTextSize = BSG_PackList(paramText, 3, - BSG_TPM_RESULT, &status, - BSG_TPM_COMMAND_CODE, &command, - BSG_TPM_SIZE32_DATA, &clear_data32); - - TPMTRYRETURN( VerifyAuth( paramText, paramTextSize, - usage_auth, auth, - hContext) ); - - // Unpack/return key structure - TPMTRYRETURN(buffer_init(clear_data, 0, 0)); - TPMTRYRETURN(buffer_append_raw (clear_data, clear_data_size, clear_data_text) ); - - goto egress; - - abort_egress: - - egress: - - free(paramText); - TCS_FreeMemory(hContext, clear_data_text); - - return status; -} - -TPM_RESULT VTSP_Bind( CRYPTO_INFO *cryptoInfo, - const buffer_t *inData, - buffer_t *outData) -{ - vtpmloginfo(VTPM_LOG_VTSP, "Binding %d bytes of data.\n", buffer_len(inData)); - TPM_RESULT status = TPM_SUCCESS; - TPM_BOUND_DATA boundData; - UINT32 i; - - // Fill boundData's accessory information - boundData.ver = TPM_STRUCT_VER_1_1; - boundData.payload = TPM_PT_BIND; - boundData.payloadData = inData->bytes; - - // Pack boundData before encryption - BYTE* flatBoundData = (BYTE *)malloc(sizeof(BYTE) * - (sizeof(TPM_VERSION) + - sizeof(TPM_PAYLOAD_TYPE) + - buffer_len(inData))); - if (flatBoundData == NULL) { - return TPM_NOSPACE; - } - UINT32 flatBoundDataSize = 0; - flatBoundDataSize = BSG_PackList( flatBoundData, 2, - BSG_TPM_VERSION, &boundData.ver, - BSG_TYPE_BYTE, &boundData.payload); - - memcpy(flatBoundData+flatBoundDataSize, inData->bytes, buffer_len(inData)); - flatBoundDataSize += buffer_len(inData); - - BYTE out_tmp[RSA_KEY_SIZE/8]; // RSAEnc does not do blocking, So this is what will come out. - UINT32 out_tmp_size; - - // Encrypt flatBoundData - TPMTRY(TPM_ENCRYPT_ERROR, Crypto_RSAEnc( cryptoInfo, - flatBoundDataSize, - flatBoundData, - &out_tmp_size, - out_tmp) ); - - if (out_tmp_size > RSA_KEY_SIZE/8) { - // The result of RSAEnc should be a fixed size based on key size. - vtpmlogerror(VTPM_LOG_VTSP, "Enc buffer just overflowed.\n"); - } - - buffer_init(outData, 0, NULL); - buffer_append_raw(outData, out_tmp_size, out_tmp); - - vtpmloginfo(VTPM_LOG_TXDATA, "Bind Generated[%d] = 0x", out_tmp_size); - for(i = 0 ; i < out_tmp_size ; i++) { - vtpmloginfomore(VTPM_LOG_TXDATA, "%2.2x ", out_tmp[i]); - } - vtpmloginfomore(VTPM_LOG_TXDATA, "\n"); - - goto egress; - abort_egress: - egress: - - // Free flatBoundData - free(flatBoundData); - - return TPM_SUCCESS; -} - -TPM_RESULT VTSP_Seal(const TCS_CONTEXT_HANDLE hContext, - const TPM_KEY_HANDLE keyHandle, - const TPM_AUTHDATA *sealDataAuth, - const TPM_PCR_COMPOSITE *pcrComp, - const buffer_t *inData, - TPM_STORED_DATA *sealedData, - const TPM_SECRET *osapSharedSecret, - TCS_AUTH *auth) { - - TPM_RESULT status = TPM_SUCCESS; - TPM_COMMAND_CODE command = TPM_ORD_Seal; - - BYTE *paramText; // Digest to make Auth. - UINT32 paramTextSize; - - // Generate PCR_Info Struct from Comp - TPM_PCR_INFO pcrInfo; - UINT32 pcrInfoSize, flatpcrSize; - BYTE flatpcr[3 + // PCR_Select = 3 1 byte banks - sizeof(UINT16) + // 2 byte UINT16 - sizeof(UINT32) + // PCR_Comp = 4 byte UINT32 - 24 * sizeof(TPM_PCRVALUE) ]; // up to 24 PCRs - - if (pcrComp != NULL) { - //printf("\n\tBinding to PCRs: "); - //for(int i = 0 ; i < pcrComp->select.sizeOfSelect ; i++) - //printf("%2.2x", pcrComp->select.pcrSelect[i]); - - memcpy(&pcrInfo.pcrSelection, &pcrComp->select, sizeof(TPM_PCR_SELECTION)); - - flatpcrSize = BSG_Pack(BSG_TPM_PCR_COMPOSITE, (BYTE *) pcrComp, flatpcr); - Crypto_SHA1Full((BYTE *) flatpcr, flatpcrSize, (BYTE *) &(pcrInfo.digestAtRelease)); - memset(&(pcrInfo.digestAtCreation), 0, sizeof(TPM_DIGEST)); - pcrInfoSize = BSG_Pack(BSG_TPM_PCR_INFO, (BYTE *) &pcrInfo, flatpcr); - } else { - //printf("\n\tBinding to no PCRS."); - pcrInfoSize = 0; - } - - // Calculate encUsageAuth - BYTE XORbuffer[sizeof(TPM_SECRET) + sizeof(TPM_NONCE)]; - UINT32 XORbufferSize = sizeof(XORbuffer); - TPM_DIGEST XORKey; - TPM_ENCAUTH encAuth; - - BSG_PackList( XORbuffer, 2, - BSG_TPM_SECRET, osapSharedSecret, - BSG_TPM_NONCE, &auth->NonceEven ); - - Crypto_SHA1Full(XORbuffer, XORbufferSize, (BYTE *) &XORKey); - - int i; - for (i=0; i < TPM_DIGEST_SIZE; i++) - ((BYTE *) &encAuth)[i] = ((BYTE *) &XORKey)[i] ^ ((BYTE *) sealDataAuth)[i]; - - // Generate Extra TCS Parameters - UINT32 inDataSize = buffer_len(inData); - struct pack_buf_t inData_pack = {inDataSize, inData->bytes}; - struct pack_buf_t pcrInfo_pack = {pcrInfoSize, flatpcr}; - - UINT32 sealedDataSize; - BYTE *flatSealedData=NULL; - - paramText = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH); - - paramTextSize = BSG_PackList(paramText, 4, - BSG_TPM_COMMAND_CODE, &command, - BSG_TPM_ENCAUTH, &encAuth, - BSG_TPM_SIZE32_DATA, &pcrInfo_pack, - BSG_TPM_SIZE32_DATA, &inData_pack); - - TPMTRYRETURN( GenerateAuth( paramText, paramTextSize, - osapSharedSecret, auth) ); - - // Call TCS - TPMTRYRETURN( TCSP_Seal( hContext, - keyHandle, - encAuth, - pcrInfoSize, - flatpcr, - inDataSize, - inData->bytes, - auth, - &sealedDataSize, - &flatSealedData) ); - - // Unpack/return key structure - BSG_Unpack( BSG_TPM_STORED_DATA, flatSealedData, sealedData ); - - paramTextSize = BSG_PackList(paramText, 3, - BSG_TPM_RESULT, &status, - BSG_TPM_COMMAND_CODE, &command, - BSG_TPM_STORED_DATA, sealedData); - - TPMTRYRETURN( VerifyAuth( paramText, paramTextSize, - osapSharedSecret, auth, - 0) ); - - - goto egress; - - abort_egress: - egress: - - if (flatSealedData) - TCS_FreeMemory( hContext, flatSealedData); - - free(paramText); - return status; -} - - -TPM_RESULT VTSP_Unseal(const TCS_CONTEXT_HANDLE hContext, - const TPM_KEY_HANDLE keyHandle, - const TPM_STORED_DATA *sealedData, - const TPM_AUTHDATA *key_usage_auth, - const TPM_AUTHDATA *data_usage_auth, - buffer_t *outData, - TCS_AUTH *auth, - TCS_AUTH *dataAuth) { - - TPM_RESULT status = TPM_SUCCESS; - TPM_COMMAND_CODE command = TPM_ORD_Unseal; - - BYTE *paramText; // Digest to make Auth. - UINT32 paramTextSize; - - // Generate Extra TCS Parameters - UINT32 sealDataSize, clearDataSize; - BYTE *flatSealedData= (BYTE *) malloc(sizeof(TPM_VERSION) + - 2 * sizeof(UINT32) + - sealedData->sealInfoSize + - sealedData->encDataSize), - *clearData=NULL; - - sealDataSize = BSG_Pack(BSG_TPM_STORED_DATA, sealedData, flatSealedData ); - - paramText = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH); - - paramTextSize = BSG_PackList(paramText, 2, - BSG_TPM_COMMAND_CODE, &command, - BSG_TPM_STORED_DATA, sealedData); - - TPMTRYRETURN( GenerateAuth( paramText, paramTextSize, - key_usage_auth, auth) ); - - TPMTRYRETURN( GenerateAuth( paramText, paramTextSize, - data_usage_auth, dataAuth) ); - // Call TCS - TPMTRYRETURN( TCSP_Unseal( hContext, - keyHandle, - sealDataSize, - flatSealedData, - auth, - dataAuth, - &clearDataSize, - &clearData) ); - - // Verify Auth - struct pack_buf_t clearData_pack = {clearDataSize, clearData}; - - paramTextSize = BSG_PackList(paramText, 3, - BSG_TPM_RESULT, &status, - BSG_TPM_COMMAND_CODE, &command, - BSG_TPM_SIZE32_DATA, &clearData_pack); - - TPMTRYRETURN( VerifyAuth( paramText, paramTextSize, - key_usage_auth, auth, - hContext) ); - - TPMTRYRETURN( VerifyAuth( paramText, paramTextSize, - data_usage_auth, dataAuth, - hContext) ); - - // Unpack/return key structure - TPMTRYRETURN( buffer_init(outData, clearDataSize, clearData) ); - - goto egress; - - abort_egress: - egress: - - if (flatSealedData) - TCS_FreeMemory( hContext, clearData); - - free(paramText); - return status; -} - -TPM_RESULT VTSP_SaveState( const TCS_CONTEXT_HANDLE hContext) { - - vtpmloginfo(VTPM_LOG_VTSP, "Calling TPM_SaveState.\n"); - - TPM_RESULT status = TPM_SUCCESS; - - // Call TCS - return ( TCSP_SaveState ( hContext ) ); - -} - - -// Function Reaches into unsupported TCS command, beware. -TPM_RESULT VTSP_RawTransmit(const TCS_CONTEXT_HANDLE hContext, - const buffer_t *inbuf, - buffer_t *outbuf ) { - - vtpmloginfo(VTPM_LOG_VTSP, "Passthrough in use.\n"); - TPM_RESULT status = TPM_SUCCESS; - - // Generate Extra TCS Parameters - BYTE *resultText = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH); - UINT32 resultTextSize = TCPA_MAX_BUFFER_LENGTH; - - // Call TCS - TPMTRYRETURN( TCSP_RawTransmitData(buffer_len(inbuf), inbuf->bytes, - &resultTextSize, resultText) ); - - // Unpack/return key structure - TPMTRYRETURN(buffer_init (outbuf, resultTextSize, resultText) ); - goto egress; - - abort_egress: - - egress: - TCS_FreeMemory(hContext, resultText); - free(resultText); - return status; -} diff --git a/tools/vtpm_manager/manager/vtsp.h b/tools/vtpm_manager/manager/vtsp.h deleted file mode 100644 index 2fb0440037..0000000000 --- a/tools/vtpm_manager/manager/vtsp.h +++ /dev/null @@ -1,126 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== -// -// vtsp.h -// -// Higher level interface to TCS. -// -// ================================================================== - -#ifndef __VTSP_H__ -#define __VTSP_H__ - -#include "tcg.h" -#include "tcs.h" - -#define KEY_BUFFER_SIZE 2048 - -TPM_RESULT VTSP_RawTransmit(const TCS_CONTEXT_HANDLE hContext, - const buffer_t *inbuf, - buffer_t *outbuf ); - -TPM_RESULT VTSP_OIAP( const TCS_CONTEXT_HANDLE hContext, - TCS_AUTH *auth); - -TPM_RESULT VTSP_OSAP( const TCS_CONTEXT_HANDLE hContext, - const TPM_ENTITY_TYPE entityType, - const UINT32 entityValue, - const TPM_AUTHDATA *usageAuth, - TPM_SECRET *sharedsecret, - TCS_AUTH *auth); - -TPM_RESULT VTSP_TerminateHandle(const TCS_CONTEXT_HANDLE hContext, - const TCS_AUTH *auth); - -TPM_RESULT VTSP_ReadPubek( const TCS_CONTEXT_HANDLE hContext, - CRYPTO_INFO *cypto_info); - -TPM_RESULT VTSP_TakeOwnership( const TCS_CONTEXT_HANDLE hContext, - const TPM_AUTHDATA *ownerAuth, - const TPM_AUTHDATA *srkAuth, - CRYPTO_INFO *ek_cryptoInfo, - TCS_AUTH *auth); - -TPM_RESULT VTSP_DisablePubekRead( const TCS_CONTEXT_HANDLE hContext, - const TPM_AUTHDATA *ownerAuth, - TCS_AUTH *auth); - -TPM_RESULT VTSP_CreateWrapKey( const TCS_CONTEXT_HANDLE hContext, - const TPM_KEY_USAGE usage, - const TPM_AUTHDATA *newKeyAuth, - const TCS_KEY_HANDLE parentHandle, - const TPM_AUTHDATA *osapSharedSecret, - buffer_t *pubKeyBuf, - TCS_AUTH *auth); - -TPM_RESULT VTSP_LoadKey(const TCS_CONTEXT_HANDLE hContext, - const TCS_KEY_HANDLE hUnwrappingKey, - const buffer_t *rgbWrappedKeyBlob, - const TPM_AUTHDATA *parentAuth, - TPM_HANDLE *newKeyHandle, - TCS_AUTH *pAuth, - CRYPTO_INFO *cryptoinfo, - const BOOL skipTPMLoad); - -TPM_RESULT VTSP_Unbind( const TCS_CONTEXT_HANDLE hContext, - const TPM_KEY_HANDLE key_handle, - const buffer_t *bound_data, - const TPM_AUTHDATA *usage_auth, - buffer_t *clear_data, - TCS_AUTH *auth); - -TPM_RESULT VTSP_Bind( CRYPTO_INFO *cryptoInfo, - const buffer_t *inData, - buffer_t *outData); - -TPM_RESULT VTSP_Seal(const TCS_CONTEXT_HANDLE hContext, - const TPM_KEY_HANDLE keyHandle, - const TPM_AUTHDATA *sealDataAuth, - const TPM_PCR_COMPOSITE *pcrComp, - const buffer_t *inData, - TPM_STORED_DATA *sealedData, - const TPM_SECRET *osapSharedSecret, - TCS_AUTH *auth); - -TPM_RESULT VTSP_Unseal(const TCS_CONTEXT_HANDLE hContext, - const TPM_KEY_HANDLE keyHandle, - const TPM_STORED_DATA *sealedData, - const TPM_AUTHDATA *key_usage_auth, - const TPM_AUTHDATA *data_usage_auth, - buffer_t *outData, - TCS_AUTH *auth, - TCS_AUTH *dataAuth); - -TPM_RESULT VTSP_SaveState( const TCS_CONTEXT_HANDLE hContext); - -#endif //_VTSP_H_ diff --git a/tools/vtpm_manager/migration/Makefile b/tools/vtpm_manager/migration/Makefile deleted file mode 100644 index e33ae955be..0000000000 --- a/tools/vtpm_manager/migration/Makefile +++ /dev/null @@ -1,42 +0,0 @@ -XEN_ROOT = $(CURDIR)/../../.. -include $(XEN_ROOT)/tools/vtpm_manager/Rules.mk - -VPATH = ../manager - -BIND = vtpm_migratord -BINC = vtpm_migrator - -SRCSD = vtpm_manager_if.c vtpm_migratord.c vtpm_migratord_handler.c vtpm_ipc.c -SRCSC = vtpm_manager_if.c vtpm_migrator_if.c vtpm_migratorc.c vtpm_ipc.c - -OBJSD = $(patsubst %.c,%.o,$(SRCSD)) -OBJSC = $(patsubst %.c,%.o,$(SRCSC)) - -.PHONY: all -all: build - -.PHONY: build -build: $(BIND) $(BINC) - -.PHONY: install -install: build - $(INSTALL_PROG) $(BIND) $(DESTDIR)$(BINDIR) - $(INSTALL_PROG) $(BINC) $(DESTDIR)$(BINDIR) - -.PHONY: clean -clean: - rm -f $(BINC) $(BIND) - rm -f *.a *.so *.o *.rpm $(DEP_FILES) - -.PHONY: mrproper -mrproper: clean - rm -f *~ - -$(BIND): $(OBJSD) - $(CC) $(LDFLAGS) $^ $(LIBS) -o $@ - -$(BINC): $(OBJSC) - $(CC) $(LDFLAGS) $^ $(LIBS) -o $@ - -# libraries -LIBS += ../util/libTCGUtils.a diff --git a/tools/vtpm_manager/migration/vtpm_manager_if.c b/tools/vtpm_manager/migration/vtpm_manager_if.c deleted file mode 100644 index 08986f4fed..0000000000 --- a/tools/vtpm_manager/migration/vtpm_manager_if.c +++ /dev/null @@ -1,186 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== -// -// vtpm_manager_if.c -// -// Provides functions to call local vtpm manager interface (Hotplug) -// -// ================================================================== - -#include <stdio.h> -#include <fcntl.h> -#include <malloc.h> -#include <string.h> - -#include "tcg.h" -#include "buffer.h" -#include "log.h" -#include "vtpm_ipc.h" -#include "bsg.h" -#include "vtpm_migrator.h" -#include "vtpm_manager.h" - -#define VTPM_TX_HP_FNAME "/var/vtpm/fifos/from_console.fifo" -#define VTPM_RX_HP_FNAME "/var/vtpm/fifos/to_console.fifo" - -static vtpm_ipc_handle_t tx_ipc_h, rx_ipc_h; - -TPM_RESULT vtpm_manager_open(){ - - if ( (vtpm_ipc_init(&tx_ipc_h, VTPM_TX_HP_FNAME, O_RDWR, TRUE) != 0) || //FIXME: wronly - (vtpm_ipc_init(&rx_ipc_h, VTPM_RX_HP_FNAME, O_RDWR, TRUE) != 0) ) { //FIXME: rdonly - vtpmlogerror(VTPM_LOG_VTPM, "Unable to connect to vtpm_manager.\n"); - return TPM_IOERROR; - } - - return TPM_SUCCESS; -} - -void vtpm_manager_close() { - - vtpm_ipc_close(&tx_ipc_h); - vtpm_ipc_close(&rx_ipc_h); -} - - -TPM_RESULT vtpm_manager_command(TPM_COMMAND_CODE ord, - buffer_t *command_param_buf, - TPM_RESULT *cmd_status, /* out */ - buffer_t *result_param_buf) { - - TPM_RESULT status = TPM_FAIL; - int size_read, size_write, i; - BYTE *adj_command, response_header[VTPM_COMMAND_HEADER_SIZE_SRV]; - UINT32 dmi_id=0, adj_command_size, out_param_size, adj_param_size; - TPM_TAG tag=VTPM_TAG_REQ; - - if ( (!command_param_buf) || (!result_param_buf) || (!cmd_status) ) { - status = TPM_BAD_PARAMETER; - goto abort_egress; - } - - adj_command_size = VTPM_COMMAND_HEADER_SIZE_SRV + buffer_len(command_param_buf); - adj_command = (BYTE *) malloc( adj_command_size ); - if (!adj_command) { - status = TPM_RESOURCES; - goto abort_egress; - } - - out_param_size = VTPM_COMMAND_HEADER_SIZE + buffer_len(command_param_buf); - BSG_PackList(adj_command, 4, - BSG_TYPE_UINT32, &dmi_id, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, &out_param_size, - BSG_TPM_COMMAND_CODE, &ord ); - - memcpy(adj_command + VTPM_COMMAND_HEADER_SIZE_SRV, command_param_buf->bytes, buffer_len(command_param_buf)); - - size_write = vtpm_ipc_write(&tx_ipc_h, NULL, adj_command, adj_command_size); - - if (size_write > 0) { - vtpmloginfo(VTPM_LOG_VTPM_DEEP, "SENT (MGR): 0x"); - for (i=0; i< adj_command_size; i++) { - vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", adj_command[i]); - } - vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "\n"); - } else { - vtpmlogerror(VTPM_LOG_VTPM, "Error writing VTPM Manager console.\n"); - status = TPM_IOERROR; - goto abort_egress; - } - - if (size_write != (int) adj_command_size ) - vtpmlogerror(VTPM_LOG_VTPM, "Could not write entire command to mgr (%d/%d)\n", size_write, adj_command_size); - - // Read header for response to manager command - size_read = vtpm_ipc_read(&rx_ipc_h, NULL, response_header, VTPM_COMMAND_HEADER_SIZE_SRV); - if (size_read > 0) { - vtpmloginfo(VTPM_LOG_VTPM_DEEP, "RECV (MGR): 0x"); - for (i=0; i<size_read; i++) - vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", response_header[i]); - - } else { - vtpmlogerror(VTPM_LOG_VTPM, "Error reading from vtpm manager.\n"); - status = TPM_IOERROR; - goto abort_egress; - } - - if (size_read < (int) VTPM_COMMAND_HEADER_SIZE_SRV) { - vtpmlogerror(VTPM_LOG_VTPM, "Command from vtpm_manager shorter than std header.\n"); - status = TPM_IOERROR; - goto abort_egress; - } - - // Unpack response from DMI for TPM command - BSG_UnpackList(response_header, 4, - BSG_TYPE_UINT32, &dmi_id, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, &out_param_size, - BSG_TPM_COMMAND_CODE, cmd_status ); - - // If response has parameters, read them. - // Note that out_param_size is in the client's context - adj_param_size = out_param_size - VTPM_COMMAND_HEADER_SIZE; - if (adj_param_size > 0) { - TPMTRYRETURN( buffer_init( result_param_buf, adj_param_size, NULL) ); - size_read = vtpm_ipc_read(&rx_ipc_h, NULL, result_param_buf->bytes, adj_param_size); - if (size_read > 0) { - for (i=0; i< size_read; i++) - vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", result_param_buf->bytes[i]); - - } else { - vtpmlogerror(VTPM_LOG_VTPM, "Error reading from vtpm manager.\n"); - goto abort_egress; - } - vtpmloginfomore(VTPM_LOG_VTPM, "\n"); - - if (size_read < (int)adj_param_size) { - vtpmloginfomore(VTPM_LOG_VTPM, "\n"); - vtpmlogerror(VTPM_LOG_VTPM, "Command read(%d) is shorter than header indicates(%d).\n", size_read, adj_param_size); - status = TPM_IOERROR; - goto abort_egress; - } - } else { - vtpmloginfomore(VTPM_LOG_VTPM, "\n"); - } - - status=TPM_SUCCESS; - goto egress; - - abort_egress: - egress: - - return status; -} - - diff --git a/tools/vtpm_manager/migration/vtpm_migrator.h b/tools/vtpm_manager/migration/vtpm_migrator.h deleted file mode 100644 index 8d52e668dd..0000000000 --- a/tools/vtpm_manager/migration/vtpm_migrator.h +++ /dev/null @@ -1,104 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== -// -// vtpm_migrator.h -// -// Public Interface header for VTPM Migrator -// -// ================================================================== - -#ifndef __VTPM_MIGRATOR_H__ -#define __VTPM_MIGRATOR_H__ - -#define VTPM_MTAG_REQ 0x02c1 -#define VTPM_MTAG_RSP 0x02c4 - -// Header sizes. -#define VTPM_COMMAND_HEADER_SIZE ( 2 + 4 + 4) -// sizeof(TPM_TAG + UINT32 + TPM_COMMAND_CODE) - -//*********************** Connection Info ************************** -#define VTPM_MIG_PORT 48879 - -//************************ Command Codes *************************** -#define VTPM_MORD_MIG_STEP1 0x00 -#define VTPM_MORD_MIG_STEP2 0x01 -#define VTPM_MORD_MIG_STEP3 0x02 -#define VTPM_MORD_MIG_STEP4 0x03 - -//************************ Return Codes **************************** -#define VTPM_SUCCESS 0 -#define VTPM_FAIL 1 - -/******************* Command Parameter API ************************* - -VTPM Command Format - tpm tag: 2 bytes - command size: 4 bytes // Size of command including header but not DMI - ord: 4 bytes // Command ordinal above - parameters: size - 10 bytes // Command Parameter - -VTPM Response Format - tpm tag: 2 bytes - response_size: 4 bytes - status: 4 bytes - parameters: size - 10 bytes - - -VTPM_Mig_Phase1: - Unsupported: (Handled by scripts) - -VTPM_Mig_Phase2 - Input Parameters: - domain_name_size: 4 bytes - domain_name : domain_name_size bytes - Output Parameters: - pub_exp_size: 4 bytes - pub_exp: pub_exp_size bytes - pub_mod_size: 4 bytes - pub_mod: pub_mod_size bytes - -VTPM_Mig_Phase3 - Input Parameters: - vtpm_state_size: 4 bytes - vtpm_state: vtpm_state_size bytes - Output Parameters: - none - -VTPM_Mig_Phase4 - Unsupported: (Handled by scripts) - - -*********************************************************************/ - -#endif //_VTPM_MANAGER_H_ diff --git a/tools/vtpm_manager/migration/vtpm_migrator_if.c b/tools/vtpm_manager/migration/vtpm_migrator_if.c deleted file mode 100644 index de48b2dd63..0000000000 --- a/tools/vtpm_manager/migration/vtpm_migrator_if.c +++ /dev/null @@ -1,219 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== -// -// vtpm_migrator_if.c -// -// Provides functions to call open network connection & call -// a function on the vtpm_migratord on the destination -// -// ================================================================== - -#include <stdio.h> -#include <sys/types.h> -#include <sys/socket.h> -#include <netinet/in.h> -#include <arpa/inet.h> -#include <netdb.h> -#include <string.h> -#include <malloc.h> - -#include "tcg.h" -#include "buffer.h" -#include "log.h" -#include "bsg.h" -#include "vtpm_migrator.h" - -static int sock_desc; - - -TPM_RESULT vtpm_migratord_open(char *server_address){ - - TPM_RESULT status = TPM_FAIL; - - /* network variables */ - struct in_addr ip_addr; - struct sockaddr_in server_addr; - int addr_len; - struct hostent *dns_info=NULL; - - /* set up connection to server*/ - dns_info = gethostbyname(server_address); - ip_addr.s_addr = *((unsigned long *) dns_info->h_addr_list[0]); - - if(ip_addr.s_addr < 0) { - status = TPM_BAD_PARAMETER; - goto abort_egress; - } - - /* set up server variable */ - memset((char *)&server_addr, 0, sizeof(server_addr)); - server_addr.sin_family = AF_INET; - server_addr.sin_port = htons(VTPM_MIG_PORT); - server_addr.sin_addr.s_addr = ip_addr.s_addr; - - /* open socket, make connection */ - sock_desc = socket(AF_INET, SOCK_STREAM, 0); - - if (sock_desc < 0 ) { - status = TPM_IOERROR; - goto abort_egress; - } - - if (connect(sock_desc, - (struct sockaddr *)&server_addr, - sizeof(server_addr)) < 0 ) { - status = TPM_BAD_PARAMETER; - goto abort_egress; - } - - status = TPM_SUCCESS; - goto egress; - - abort_egress: - egress: - - return status; -} - -void vtpm_migratord_close() { - close(sock_desc); -} - - -TPM_RESULT vtpm_migratord_command(TPM_COMMAND_CODE ord, - buffer_t *command_param_buf, - TPM_RESULT *cmd_status, /* out */ - buffer_t *result_param_buf) { - - TPM_RESULT status = TPM_FAIL; - int size_read, size_write, i; - BYTE *command, response_header[VTPM_COMMAND_HEADER_SIZE]; - UINT32 dmi_id=0, command_size, out_param_size, adj_param_size; - TPM_TAG tag=VTPM_MTAG_REQ; - - if ( (!command_param_buf) || (!result_param_buf) || (!cmd_status) ) { - status = TPM_BAD_PARAMETER; - goto abort_egress; - } - - command_size = VTPM_COMMAND_HEADER_SIZE + buffer_len(command_param_buf); - command = (BYTE *) malloc( command_size ); - if (!command) { - status = TPM_RESOURCES; - goto abort_egress; - } - - BSG_PackList(command, 3, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, &command_size, - BSG_TPM_COMMAND_CODE, &ord ); - - memcpy(command + VTPM_COMMAND_HEADER_SIZE, command_param_buf->bytes, buffer_len(command_param_buf)); - - size_write = write(sock_desc, command, command_size); - - if (size_write > 0) { - vtpmloginfo(VTPM_LOG_VTPM_DEEP, "SENT (MIGd): 0x"); - for (i=0; i< command_size; i++) { - vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", command[i]); - } - vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "\n"); - } else { - vtpmlogerror(VTPM_LOG_VTPM, "Error writing to migration server via network.\n"); - status = TPM_IOERROR; - goto abort_egress; - } - - if (size_write != (int) command_size ) - vtpmlogerror(VTPM_LOG_VTPM, "Could not write entire command to migration server (%d/%d)\n", size_write, command_size); - - // Read header for response - size_read = read(sock_desc, response_header, VTPM_COMMAND_HEADER_SIZE); - if (size_read > 0) { - vtpmloginfo(VTPM_LOG_VTPM_DEEP, "RECV (MIGd): 0x"); - for (i=0; i<size_read; i++) - vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", response_header[i]); - - } else { - vtpmlogerror(VTPM_LOG_VTPM, "Error reading from Migration Server.\n"); - status = TPM_IOERROR; - goto abort_egress; - } - - if (size_read < (int) VTPM_COMMAND_HEADER_SIZE) { - vtpmlogerror(VTPM_LOG_VTPM, "Command from migration server shorter than std header.\n"); - status = TPM_IOERROR; - goto abort_egress; - } - - // Unpack response from DMI for TPM command - BSG_UnpackList(response_header, 3, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, &out_param_size, - BSG_TPM_COMMAND_CODE, cmd_status ); - - // If response has parameters, read them. - adj_param_size = out_param_size - VTPM_COMMAND_HEADER_SIZE; - if (adj_param_size > 0) { - TPMTRYRETURN( buffer_init( result_param_buf, adj_param_size, NULL) ); - size_read = read(sock_desc, result_param_buf->bytes, adj_param_size); - if (size_read > 0) { - for (i=0; i< size_read; i++) - vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", result_param_buf->bytes[i]); - - } else { - vtpmlogerror(VTPM_LOG_VTPM, "Error reading from migration server.\n"); - goto abort_egress; - } - vtpmloginfomore(VTPM_LOG_VTPM, "\n"); - - if (size_read < (int)adj_param_size) { - vtpmloginfomore(VTPM_LOG_VTPM, "\n"); - vtpmlogerror(VTPM_LOG_VTPM, "Command read(%d) is shorter than header indicates(%d).\n", size_read, adj_param_size); - status = TPM_IOERROR; - goto abort_egress; - } - } else { - vtpmloginfomore(VTPM_LOG_VTPM, "\n"); - } - - status=TPM_SUCCESS; - goto egress; - - abort_egress: - egress: - - return status; -} - - diff --git a/tools/vtpm_manager/migration/vtpm_migratorc.c b/tools/vtpm_manager/migration/vtpm_migratorc.c deleted file mode 100644 index 18b3bdbe8c..0000000000 --- a/tools/vtpm_manager/migration/vtpm_migratorc.c +++ /dev/null @@ -1,211 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== - -#include <stdio.h> -#include <string.h> - -#include "tcg.h" -#include "log.h" -#include "bsg.h" -#include "buffer.h" -#include "vtpm_migrator.h" -#include "vtpm_manager.h" - -TPM_RESULT handle_vtpm_mig_step2(char *server_addr, - char *name, - UINT32 instance) { - TPM_RESULT status, cmd_status; - buffer_t out_param_buf=NULL_BUF, mig_key_buf=NULL_BUF, empty_buf=NULL_BUF; - UINT32 offset; - struct pack_buf_t addr_data32; - - //===== Get Destination's Public Migration Key ====== - TPMTRYRETURN( vtpm_migratord_open(server_addr) ); - - TPMTRYRETURN( vtpm_migratord_command(VTPM_MORD_MIG_STEP2, - &out_param_buf, - &cmd_status, - &mig_key_buf) ); - vtpm_migratord_close(); - - TPMTRYRETURN(cmd_status); - - //===== Load migration key into vtpm_manager ======== - - addr_data32.data = (BYTE *)server_addr; - addr_data32.size = strlen(server_addr) + 1; // Include the null - - TPMTRYRETURN ( buffer_init ( &out_param_buf, - sizeof(UINT32) + addr_data32.size +buffer_len(&mig_key_buf), - NULL ) ) ; - - offset = BSG_PackList(out_param_buf.bytes, 1, - BSG_TPM_SIZE32_DATA, &addr_data32); - - memcpy(out_param_buf.bytes + offset , mig_key_buf.bytes, buffer_len(&mig_key_buf) ); - - TPMTRYRETURN ( vtpm_manager_open() ); - - TPMTRYRETURN ( vtpm_manager_command(VTPM_ORD_LOAD_MIG_KEY, - &out_param_buf, - &cmd_status, - &empty_buf) ); - - vtpm_manager_close(); - - TPMTRYRETURN(cmd_status); - - goto egress; - - abort_egress: - egress: - - buffer_free(&mig_key_buf); - buffer_free(&out_param_buf); - - return status; -} - - -TPM_RESULT handle_vtpm_mig_step3(char *server_addr, - char *name, - UINT32 instance) { - TPM_RESULT status, cmd_status; - buffer_t out_param_buf=NULL_BUF, state_buf=NULL_BUF, empty_buf=NULL_BUF; - struct pack_buf_t addr_data32, name_data32, state_data32; - - //===== Get vtpm state from vtpm_manager ======== - addr_data32.data = (BYTE *)server_addr; - addr_data32.size = strlen(server_addr) + 1; // Include the null - - TPMTRYRETURN ( buffer_init ( &out_param_buf, - (2 * sizeof(UINT32)) + addr_data32.size, - NULL ) ) ; - - BSG_PackList(out_param_buf.bytes, 2, - BSG_TYPE_UINT32, &instance, - BSG_TPM_SIZE32_DATA, &addr_data32); - - TPMTRYRETURN ( vtpm_manager_open() ); - - TPMTRYRETURN ( vtpm_manager_command(VTPM_ORD_MIGRATE_OUT, - &out_param_buf, - &cmd_status, - &state_buf) ); - - vtpm_manager_close(); - - TPMTRYRETURN(cmd_status); - - TPMTRYRETURN( buffer_free( &out_param_buf ) ); - - //===== Send vtpm state to destination ====== - name_data32.data = (BYTE *)name; - name_data32.size = strlen(name) + 1; // Include the null - state_data32.data = state_buf.bytes; - state_data32.size = buffer_len(&state_buf); - - TPMTRYRETURN( buffer_init( &out_param_buf, - 2 * sizeof(UINT32) + name_data32.size + state_data32.size, - NULL ) ) ; - - BSG_PackList(out_param_buf.bytes, 2, - BSG_TPM_SIZE32_DATA, &name_data32, - BSG_TPM_SIZE32_DATA, &state_data32); - - TPMTRYRETURN( vtpm_migratord_open(server_addr) ); - - TPMTRYRETURN( vtpm_migratord_command(VTPM_MORD_MIG_STEP3, - &out_param_buf, - &cmd_status, - &empty_buf) ); - vtpm_migratord_close(); - - TPMTRYRETURN(cmd_status); - - goto egress; - - abort_egress: - egress: - - buffer_free( &out_param_buf); - buffer_free( &state_buf); - buffer_free( &empty_buf); - - return status; -} - - -// Usage vtpm_migrator addr domain_name instance step - -int main(int argc, char **argv) { - - /* variables for processing of command */ - TPM_RESULT status = TPM_FAIL; - char *server_addr, *name; - UINT32 instance, step; - - if (argc != 5) { - vtpmlogerror(VTPM_LOG_VTPM, "Usage: vtpm_migrator addr vm_name instance step\n"); - vtpmlogerror(VTPM_LOG_VTPM, " params given %d\n", argc); - status= TPM_BAD_PARAMETER; - goto abort_egress; - } - - server_addr = argv[1]; - name = argv[2]; - instance = atoi( argv[3] ); - step = atoi( argv[4] ); - - switch (step) { - case VTPM_MORD_MIG_STEP2: - status = handle_vtpm_mig_step2(server_addr, name, instance); - break; - - case VTPM_MORD_MIG_STEP3: - status = handle_vtpm_mig_step3(server_addr, name, instance); - break; - - default: - status = TPM_BAD_PARAMETER; - goto abort_egress; - break; - } - - goto egress; - abort_egress: - egress: - - return status; -} - diff --git a/tools/vtpm_manager/migration/vtpm_migratord.c b/tools/vtpm_manager/migration/vtpm_migratord.c deleted file mode 100644 index ea18c8c87c..0000000000 --- a/tools/vtpm_manager/migration/vtpm_migratord.c +++ /dev/null @@ -1,202 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== - -#include <stdio.h> -#include <sys/types.h> -#include <sys/socket.h> -#include <netinet/in.h> -#include <arpa/inet.h> -#include <string.h> - -#include "tcg.h" -#include "log.h" -#include "bsg.h" -#include "buffer.h" -#include "vtpm_migrator.h" - -void build_error_msg( buffer_t *buf, TPM_RESULT status) { - TPM_TAG tag = VTPM_MTAG_RSP; - UINT32 out_param_size = VTPM_COMMAND_HEADER_SIZE; - - buffer_init(buf, out_param_size, NULL); - - BSG_PackList(buf->bytes, 3, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, &out_param_size, - BSG_TPM_RESULT, &status ); -} - -int main() { - - /* network variables */ - int sock_descr, client_sock=-1, len; - struct sockaddr_in addr; - struct sockaddr_in client_addr; - unsigned int client_length; - int bytes; - - /* variables for processing of command */ - TPM_RESULT status = TPM_FAIL; - BYTE cmd_header[VTPM_COMMAND_HEADER_SIZE]; - TPM_TAG tag; - TPM_COMMAND_CODE ord; - UINT32 in_param_size, adj_param_size; - int i, size_read, size_write; - buffer_t in_param_buf=NULL_BUF, result_buf=NULL_BUF; - - - /* setup socket */ - sock_descr = socket(AF_INET, SOCK_STREAM, 0); - - memset(&addr, 0, sizeof(addr)); - addr.sin_family = AF_INET; - addr.sin_addr.s_addr = htonl(INADDR_ANY); - addr.sin_port = htons(VTPM_MIG_PORT); - - if (bind(sock_descr, (struct sockaddr *)&addr, sizeof(addr)) == -1 ) { - vtpmlogerror(VTPM_LOG_VTPM, "Failed to bind to port %d.\n", VTPM_MIG_PORT); - return 1; - } - - listen(sock_descr, 10); - - for(;;) { - // ============ clear client info and wait for connection ========== - memset(&client_addr, 0, sizeof(client_addr)); - client_length = sizeof(client_addr); - - vtpmloginfo(VTPM_LOG_VTPM, "Waiting for incoming migrations...\n"); - client_sock=accept(sock_descr, &client_addr, &client_length); - if (client_sock == -1) { - vtpmlogerror(VTPM_LOG_VTPM, "Incoming connectionn failed.\n"); - goto abort_command; - } else { - vtpmloginfo(VTPM_LOG_VTPM, "Incoming connection accepted.\n"); - } - - // =================== Read incoming command ====================== - size_read = read( client_sock, cmd_header, VTPM_COMMAND_HEADER_SIZE); - if (size_read > 0) { - vtpmloginfo(VTPM_LOG_VTPM_DEEP, "RECV: 0x"); - for (i=0; i<size_read; i++) - vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", cmd_header[i]); - - } else { - vtpmlogerror(VTPM_LOG_VTPM, "Error reading from socket.\n"); - build_error_msg(&result_buf, TPM_IOERROR); - goto abort_command_with_error; - } - - if (size_read < (int) VTPM_COMMAND_HEADER_SIZE) { - vtpmlogerror(VTPM_LOG_VTPM, "Command from socket shorter than std header.\n"); - build_error_msg(&result_buf, TPM_BAD_PARAMETER); - goto abort_command_with_error; - } - - // Unpack response from client - BSG_UnpackList(cmd_header, 3, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, &in_param_size, - BSG_TPM_COMMAND_CODE, &ord ); - - - // If response has parameters, read them. - // Note that out_param_size is in the client's context - adj_param_size = in_param_size - VTPM_COMMAND_HEADER_SIZE; - if (adj_param_size > 0) { - buffer_init( &in_param_buf, adj_param_size, NULL); - size_read = read(client_sock, in_param_buf.bytes, adj_param_size); - if (size_read > 0) { - for (i=0; i< size_read; i++) - vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", in_param_buf.bytes[i]); - - } else { - vtpmlogerror(VTPM_LOG_VTPM, "Error reading from socket.\n"); - build_error_msg(&result_buf, TPM_IOERROR); - goto abort_command_with_error; - } - vtpmloginfomore(VTPM_LOG_VTPM, "\n"); - - if (size_read < (int)adj_param_size) { - vtpmloginfomore(VTPM_LOG_VTPM, "\n"); - vtpmlogerror(VTPM_LOG_VTPM, "Command read(%d) is shorter than header indicates(%d).\n", size_read, adj_param_size); - build_error_msg(&result_buf, TPM_BAD_PARAMETER); - goto abort_command_with_error; - } - } else { - vtpmloginfomore(VTPM_LOG_VTPM, "\n"); - } - - /* Handle Command */ - switch (ord) { - case VTPM_MORD_MIG_STEP2: - handle_vtpm_mig_step2(&in_param_buf, &result_buf); - break; - - case VTPM_MORD_MIG_STEP3: - handle_vtpm_mig_step3(&in_param_buf, &result_buf); - break; - - default: - build_error_msg(&result_buf, TPM_BAD_PARAMETER); - goto abort_command_with_error; - } - - abort_command_with_error: - /* Write Response */ - size_write = write(client_sock, result_buf.bytes, buffer_len(&result_buf)); - - if (size_write > 0) { - vtpmloginfo(VTPM_LOG_VTPM_DEEP, "SENT: 0x"); - for (i=0; i< buffer_len(&result_buf); i++) { - vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", result_buf.bytes[i]); - } - vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "\n"); - } else { - vtpmlogerror(VTPM_LOG_VTPM, "Error writing response to client.\n"); - goto abort_command; - } - - if (size_write != (int) buffer_len(&result_buf) ) - vtpmlogerror(VTPM_LOG_VTPM, "Could not send entire response to client(%d/%d)\n", size_write, buffer_len(&result_buf)); - - abort_command: - close(client_sock); - buffer_free(&in_param_buf); - buffer_free(&result_buf); - - } // For (;;) - - return 0; -} - diff --git a/tools/vtpm_manager/migration/vtpm_migratord_handler.c b/tools/vtpm_manager/migration/vtpm_migratord_handler.c deleted file mode 100644 index 0a8a2d52c1..0000000000 --- a/tools/vtpm_manager/migration/vtpm_migratord_handler.c +++ /dev/null @@ -1,177 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== - -#include <stdlib.h> -#include <string.h> - -#include "tcg.h" -#include "bsg.h" -#include "log.h" -#include "vtpm_migrator.h" -#include "vtpm_manager.h" - -#define VTPM_SH_CMD_HDR "bash -c \"cd /etc/xen/scripts; source /etc/xen/scripts/vtpm-common.sh;" -#define VTPM_SH_CMD_FTR "\"" -#define VTPM_SH_GETINST "vtpmdb_get_free_instancenum" -#define VTPM_SH_ADD "vtpm_add_and_activate" -#define VTPM_SH_RESUME "vtpm_resume" - -// This must be updated to the longest command name. Currently GETINST -#define VTPM_SH_CMD_SIZE (strlen(VTPM_SH_CMD_HDR) + strlen(VTPM_SH_CMD_FTR) + 1 + strlen(VTPM_SH_GETINST) + 2) - -void handle_vtpm_mig_step2(buffer_t *in_param_buf, buffer_t *result_buf) -{ - TPM_TAG tag = VTPM_TAG_RSP; - buffer_t out_param_buf= NULL_BUF, mig_key_buf=NULL_BUF; - TPM_RESULT status=TPM_SUCCESS, cmd_status; - UINT32 out_param_size; - - if ( (!in_param_buf) || (!result_buf) ) { - status = TPM_BAD_PARAMETER; - goto abort_egress; - } - - // ================= Call manager and get mig key =============== - TPMTRYRETURN( vtpm_manager_open() ); - TPMTRYRETURN( vtpm_manager_command(VTPM_ORD_GET_MIG_KEY, - &out_param_buf, // Empty - &cmd_status, - &mig_key_buf) ); - - vtpm_manager_close(); - - TPMTRYRETURN(cmd_status); - - // ==================== return the mig key ===================== - out_param_size = VTPM_COMMAND_HEADER_SIZE + buffer_len(&mig_key_buf); - - TPMTRYRETURN( buffer_init(result_buf, - out_param_size, - NULL) ); - - BSG_PackList( result_buf->bytes, 3, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, &out_param_size, - BSG_TPM_RESULT, &status); - - memcpy(result_buf->bytes + VTPM_COMMAND_HEADER_SIZE, - mig_key_buf.bytes, buffer_len(&mig_key_buf)); - - goto egress; - - abort_egress: - buffer_free(result_buf); - build_error_msg(result_buf, status); - - egress: - return; -} - -void handle_vtpm_mig_step3(buffer_t *in_param_buf, buffer_t *result_buf) -{ - TPM_TAG tag = VTPM_TAG_RSP; - buffer_t out_param_buf= NULL_BUF, mig_key_buf=NULL_BUF, empty_buf=NULL_BUF; - TPM_RESULT status=TPM_SUCCESS, cmd_status; - UINT32 out_param_size, instance; - char *shell_cmd_str=NULL; - size_t shell_cmd_strlen; - FILE *shell_f=NULL; - - if ( (!in_param_buf) || (!result_buf) ) { - status = TPM_BAD_PARAMETER; - goto abort_egress; - } - - // ================= Read Parameters =============== - struct pack_buf_t name_data32, state_data32; - - BSG_UnpackList(in_param_buf->bytes, 2, - BSG_TPM_SIZE32_DATA, &name_data32, - BSG_TPM_SIZE32_DATA, &state_data32); - - // Before using this string, protect us from a non-null term array. - if (name_data32.data[name_data32.size -1] != 0x00) { - name_data32.data[name_data32.size -1] = 0x00; - } - - // ====== Call hotplug-script and get an instance ====== - shell_cmd_strlen = VTPM_SH_CMD_SIZE + name_data32.size + 10; - shell_cmd_str = (char *) malloc(shell_cmd_strlen); // 10 is just padding for the UINT32 - - snprintf(shell_cmd_str, shell_cmd_strlen, - VTPM_SH_CMD_HDR VTPM_SH_GETINST VTPM_SH_CMD_FTR); - - shell_f = popen(shell_cmd_str, "r"); - fscanf(shell_f, "%d", &instance); - pclose(shell_f); - - // ====== Call hotplug-script and add instance ====== - snprintf(shell_cmd_str, shell_cmd_strlen, - VTPM_SH_CMD_HDR VTPM_SH_ADD " %s %d" VTPM_SH_CMD_FTR, - name_data32.data, instance); - system(shell_cmd_str); - - // ========= Call vtpm_manager and load VTPM ======= - TPMTRYRETURN( buffer_init( &out_param_buf, - 2*sizeof(UINT32) + state_data32.size, - NULL) ); - - BSG_PackList(out_param_buf.bytes, 2, - BSG_TYPE_UINT32, &instance, - BSG_TPM_SIZE32_DATA, &state_data32); - - TPMTRYRETURN( vtpm_manager_open() ); - TPMTRYRETURN( vtpm_manager_command(VTPM_ORD_MIGRATE_IN, - &out_param_buf, - &cmd_status, - &empty_buf) ); - - vtpm_manager_close(); - - TPMTRYRETURN(cmd_status); - - // ====== Call hotplug-script and resume instance ====== - snprintf(shell_cmd_str, shell_cmd_strlen, - VTPM_SH_CMD_HDR VTPM_SH_RESUME " %d" VTPM_SH_CMD_FTR, instance); - system(shell_cmd_str); - - goto egress; - abort_egress: - egress: - free(shell_cmd_str); - - // In this case no params come back, so reuse build_error_msg even for succes. - build_error_msg(result_buf, status); - return; -} - diff --git a/tools/vtpm_manager/tcs/Makefile b/tools/vtpm_manager/tcs/Makefile deleted file mode 100644 index 11af91e9ad..0000000000 --- a/tools/vtpm_manager/tcs/Makefile +++ /dev/null @@ -1,24 +0,0 @@ -XEN_ROOT = $(CURDIR)/../../.. -include $(XEN_ROOT)/tools/vtpm_manager/Rules.mk - -BIN = libTCS.a - -.PHONY: all -all: build - -.PHONY: build -build: $(BIN) - -.PHONY: install -install: build - -.PHONY: clean -clean: - rm -f *.a *.so *.o *.rpm $(DEP_FILES) - -.PHONY: mrproper -mrproper: clean - rm -f *~ - -$(BIN): $(OBJS) - $(AR) rcs $(BIN) $(OBJS) diff --git a/tools/vtpm_manager/tcs/contextmgr.c b/tools/vtpm_manager/tcs/contextmgr.c deleted file mode 100644 index cf3803c6ba..0000000000 --- a/tools/vtpm_manager/tcs/contextmgr.c +++ /dev/null @@ -1,224 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== -// -// contextmgr.c -// -// This file contains the context management functions for TCS. -// -// ================================================================== - -#include <stdio.h> -#include <string.h> -#include <malloc.h> -#include "tcs.h" -#include "contextmgr.h" -#include "log.h" -#include "hashtable.h" - -BYTE* AddMemBlock(CONTEXT_HANDLE* pContextHandle, // in - int BlockSize) { // in - - BLOCK* pCurrentBlock = NULL; - BLOCK* pBlock = NULL; - - // check incoming params - if (pContextHandle == NULL || BlockSize == 0) - return NULL; - - // Create New Block - pBlock = (BLOCK *)malloc(sizeof(BLOCK)); - if (pBlock == NULL) - return (0); - - pBlock->aMemory = (BYTE *)malloc(sizeof(BYTE) * BlockSize); - if (pBlock->aMemory == NULL) - return (0); - - memset(pBlock->aMemory, 0, BlockSize); - pBlock->nBlockSize = BlockSize; - pBlock->pNextBlock = NULL; - - // search for the last block created where to add the - // newly created block - if(pContextHandle->pTopBlock != NULL) { - pCurrentBlock = pContextHandle->pTopBlock; - while(pCurrentBlock->pNextBlock != NULL) - pCurrentBlock = pCurrentBlock->pNextBlock; - - - pCurrentBlock->pNextBlock= pBlock; - } else - pContextHandle->pTopBlock = pBlock; - - - pContextHandle->nBlockCount++; - - return pBlock->aMemory; -} - - -BOOL DeleteMemBlock(CONTEXT_HANDLE* pContextHandle, // in - BYTE* pTCPA_BYTEs) { // in - BLOCK* pCurrentBlock = NULL; - BLOCK* pParentBlock = NULL; - BOOL bFound = FALSE; - - if (pContextHandle == NULL) - return FALSE; - - - // Search for the Block in the context by aMemory pointer - pParentBlock = NULL; - pCurrentBlock = pContextHandle->pTopBlock; - - while(pCurrentBlock != NULL) { - // If aMemory block is found, delete it - if(pCurrentBlock->aMemory == pTCPA_BYTEs || pTCPA_BYTEs == NULL) { - // if it is the top Block, remove it from the top, - // otherwise remove it from the ParentBlock and stitch - // the NextBlock to the ParentBlock - if(pParentBlock == NULL) - pContextHandle->pTopBlock = pContextHandle->pTopBlock->pNextBlock; - else - pParentBlock->pNextBlock = pCurrentBlock->pNextBlock; - - // delete memory Block associated with pointer pTCPA_BYTEs - free(pCurrentBlock->aMemory); - pCurrentBlock->aMemory = NULL; - - free(pCurrentBlock); - pCurrentBlock = pParentBlock; - - pContextHandle->nBlockCount--; - bFound = TRUE; - } - - if(pCurrentBlock != NULL) { - pParentBlock = pCurrentBlock; - pCurrentBlock = pCurrentBlock->pNextBlock; - } - } - - return bFound; -} - -BOOL AddHandleToList(TCS_CONTEXT_HANDLE hContext, // in - TPM_RESOURCE_TYPE type, // in - TPM_HANDLE handle) { // in - HANDLE_LIST* pNewHandle = NULL; - - vtpmloginfo(VTPM_LOG_TCS_DEEP, "Adding Handle to list\n"); - CONTEXT_HANDLE* pContextHandle = LookupContext(hContext); - - if (pContextHandle == NULL) - return 0; - - pNewHandle = (HANDLE_LIST *)malloc(sizeof(HANDLE_LIST)); - - if (pNewHandle == NULL) - return (0); - - pNewHandle->handle = handle; - pNewHandle->type = type; - pNewHandle->pNextHandle = pContextHandle->pHandleList; - - pContextHandle->pHandleList = pNewHandle; - - return 1; -} - -BOOL DeleteHandleFromList( TCS_CONTEXT_HANDLE hContext, // in - TPM_HANDLE handle) { // in - - CONTEXT_HANDLE* pContextHandle = LookupContext(hContext); - - HANDLE_LIST *pCurrentHandle = pContextHandle->pHandleList, - *pLastHandle = pCurrentHandle; - - vtpmloginfo(VTPM_LOG_TCS_DEEP, "Deleting Handle from list\n"); - - if (pContextHandle == NULL) - return 0; - - while (1) { - - if (pCurrentHandle->handle == handle) { // Found element - if (pCurrentHandle == pLastHandle) { // First element in list - pContextHandle->pHandleList = pCurrentHandle->pNextHandle; - free(pCurrentHandle); - } else { // Ordinary element - pLastHandle->pNextHandle = pCurrentHandle->pNextHandle; - free(pCurrentHandle); - } - - return 1; - - } else { // Not found yet; - pLastHandle = pCurrentHandle; - pCurrentHandle = pCurrentHandle->pNextHandle; - if (pCurrentHandle == NULL) // Found end of list - return 0; - } - - } -} - -BOOL FreeHandleList( CONTEXT_HANDLE* pContextHandle) { // in - HANDLE_LIST* pCurrentHandle; - BOOL returncode = TRUE; - - vtpmloginfo(VTPM_LOG_TCS_DEEP, "Freeing all handles for context\n"); - - if (pContextHandle == NULL) - return 1; - - pCurrentHandle = pContextHandle->pHandleList; - while (pCurrentHandle != NULL) { - - switch (pCurrentHandle->type) { - case TPM_RT_KEY: - returncode = returncode && !TCSP_EvictKey(pContextHandle->handle, pCurrentHandle->handle); - break; - case TPM_RT_AUTH: - returncode = returncode && !TCSP_TerminateHandle(pContextHandle->handle, pCurrentHandle->handle); - break; - default: - returncode = FALSE; - } - - pCurrentHandle = pCurrentHandle->pNextHandle; - - } - - return 1; -} diff --git a/tools/vtpm_manager/tcs/contextmgr.h b/tools/vtpm_manager/tcs/contextmgr.h deleted file mode 100644 index e3fdf0f322..0000000000 --- a/tools/vtpm_manager/tcs/contextmgr.h +++ /dev/null @@ -1,82 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== -// -// contextmgr.c -// -// This file contains the context management functions for TCS. -// -// ================================================================== - -#ifndef __CONTEXTMGR_H__ -#define __CONTEXTMGR_H__ - -#include "tcg.h" - -#define BLOCK_SIZE 300 - -typedef struct block { - int nBlockSize; - BYTE* aMemory; - struct block* pNextBlock; -} BLOCK; - -typedef struct handle_List { - TPM_HANDLE handle; - TPM_RESOURCE_TYPE type; - struct handle_List* pNextHandle; -} HANDLE_LIST; - -typedef struct context_handle { - TCS_CONTEXT_HANDLE handle; - int nBlockCount; - BLOCK* pTopBlock; - HANDLE_LIST* pHandleList; -} CONTEXT_HANDLE; - -BYTE* AddMemBlock( CONTEXT_HANDLE* pContextHandle, // in - int BlockSize); // in - -BOOL DeleteMemBlock(CONTEXT_HANDLE* pContextHandle, // in - BYTE* pTCPA_BYTEs); // in - - -BOOL AddHandleToList( TCS_CONTEXT_HANDLE hContext, // in - TPM_RESOURCE_TYPE type, // in - TPM_HANDLE handle); // in - -BOOL DeleteHandleFromList( TCS_CONTEXT_HANDLE hContext, // in - TPM_HANDLE handle); // in - -BOOL FreeHandleList( CONTEXT_HANDLE* pContextHandle); // in - -#endif //_CONTEXTMGR_H_ diff --git a/tools/vtpm_manager/tcs/tcs.c b/tools/vtpm_manager/tcs/tcs.c deleted file mode 100644 index 7c1378cdff..0000000000 --- a/tools/vtpm_manager/tcs/tcs.c +++ /dev/null @@ -1,1192 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== -// -// tcs.c -// -// This file contains the functions that implement a TCS. -// -// ================================================================== - -#include <stdio.h> -#include <string.h> -#include <malloc.h> - -#include "tcg.h" -#include "bsg.h" -#include "tcs.h" -#include "contextmgr.h" -#include "tpmddl.h" -#include "log.h" -#include "hashtable.h" -#include "hashtable_itr.h" - -// Static Global Vars for the TCS -static int TCS_m_nCount = 0; - -#define TCPA_MAX_BUFFER_LENGTH 0x2000 - -static BYTE InBuf [TCPA_MAX_BUFFER_LENGTH]; -static BYTE OutBuf[TCPA_MAX_BUFFER_LENGTH]; - -struct hashtable *context_ht; - -// -------------------------- Hash table functions -------------------- - -static unsigned int hashfunc32(void *ky) { - return (* (UINT32 *) ky); -} - -static int equals32(void *k1, void *k2) { - return (*(UINT32 *) k1 == *(UINT32 *) k2); -} - -CONTEXT_HANDLE *LookupContext( TCS_CONTEXT_HANDLE hContext) { - return( (CONTEXT_HANDLE *) hashtable_search(context_ht, &hContext) ); -} - -// --------------------------------------------------------------------------------- -// Initialization/Uninitialization SubComponent API -// --------------------------------------------------------------------------------- -TPM_RESULT TCS_create() { - TDDL_RESULT hRes = TDDL_E_FAIL; - TPM_RESULT result = TPM_FAIL; - - if (TCS_m_nCount == 0) { - vtpmloginfo(VTPM_LOG_TCS, "Constructing new TCS:\n"); - hRes = TDDL_Open(); - - context_ht = create_hashtable(10, hashfunc32, equals32); - - if ((hRes == TDDL_SUCCESS) && (context_ht != NULL)) { - result = TPM_SUCCESS; - TCS_m_nCount++; - } else { - result = TPM_IOERROR; - hashtable_destroy(context_ht, 1); - } - } else - TCS_m_nCount++; - - return(result); -} - - -void TCS_destroy() -{ - TCS_m_nCount--; - - if (TCS_m_nCount == 0) { - vtpmloginfo(VTPM_LOG_TCS, "Destructing TCS:\n"); - TDDL_Close(); - - struct hashtable_itr *context_itr; - TCS_CONTEXT_HANDLE *hContext; - - // Close all the TCS contexts. TCS should evict keys based on this - if (hashtable_count(context_ht) > 0) { - context_itr = hashtable_iterator(context_ht); - do { - hContext = (TCS_CONTEXT_HANDLE *) hashtable_iterator_key(context_itr); - if (TCS_CloseContext(*hContext) != TPM_SUCCESS) - vtpmlogerror(VTPM_LOG_TCS, "Failed to close context %d properly.\n", *hContext); - - } while (hashtable_iterator_advance(context_itr)); - free(context_itr); - } - hashtable_destroy(context_ht, 1); - } - -} - -TPM_RESULT TCS_Malloc( TCS_CONTEXT_HANDLE hContext, // in - UINT32 MemSize, // in - BYTE** ppMemPtr) {// out - - TPM_RESULT returnCode = TPM_FAIL; - CONTEXT_HANDLE* pContextHandle = LookupContext(hContext); - - if (pContextHandle != NULL && ppMemPtr != NULL) { - *ppMemPtr = (BYTE *)AddMemBlock(pContextHandle, MemSize); - returnCode = TPM_SUCCESS; - } - - return returnCode; -} - -TPM_RESULT TCS_FreeMemory( TCS_CONTEXT_HANDLE hContext, // in - BYTE* pMemory) { // in - TPM_RESULT returnCode = TPM_FAIL; - CONTEXT_HANDLE* pContextHandle = LookupContext(hContext); - - if ( (pContextHandle != NULL && pMemory != NULL) && - (DeleteMemBlock(pContextHandle, pMemory) == TRUE) ) - returnCode = TPM_SUCCESS; - - - return returnCode; -} - -TPM_RESULT TCS_OpenContext(TCS_CONTEXT_HANDLE* hContext) { // out - TPM_RESULT returnCode = TPM_FAIL; - TCS_CONTEXT_HANDLE *newContext; - - vtpmloginfo(VTPM_LOG_TCS, "Calling TCS_OpenContext:\n"); - - if (hContext) { - CONTEXT_HANDLE* pContextHandle = (CONTEXT_HANDLE *) malloc(sizeof(CONTEXT_HANDLE)); - if (pContextHandle == NULL) - return TPM_SIZE; - - // initialize to 0 - pContextHandle->nBlockCount = 0; - pContextHandle->pTopBlock = NULL; - pContextHandle->pHandleList = NULL; - - // Create New Block - AddMemBlock(pContextHandle, BLOCK_SIZE); - - newContext = (TCS_CONTEXT_HANDLE *) malloc(sizeof(TCS_CONTEXT_HANDLE)); - *newContext = (TCS_CONTEXT_HANDLE) (((uintptr_t) pContextHandle >> 2) & 0xffffffff); - - if (hashtable_search(context_ht, &newContext) !=NULL) - *newContext += 1; - - pContextHandle->handle = *newContext; - if (!hashtable_insert(context_ht, newContext, pContextHandle)) { - free(newContext); - free(pContextHandle); - returnCode = TPM_FAIL; - } else { - *hContext = *newContext; - returnCode = TPM_SUCCESS; - } - } - - return(returnCode); -} - -TPM_RESULT TCS_CloseContext(TCS_CONTEXT_HANDLE hContext) {// in - //FIXME: TCS SHOULD Track failed auths and make sure - //we don't try and re-free them here. - TPM_RESULT returnCode = TPM_FAIL; - - CONTEXT_HANDLE* pContextHandle = LookupContext(hContext); - - if(pContextHandle != NULL) { - // Print test info - vtpmloginfo(VTPM_LOG_TCS, "Calling TCS_CloseContext.\n"); - - // free memory for all the blocks - DeleteMemBlock(pContextHandle, NULL ); - pContextHandle->pTopBlock = NULL; - - FreeHandleList(pContextHandle); - if (pContextHandle->pHandleList != NULL) - vtpmlogerror(VTPM_LOG_TCS, "Not all handles evicted from TPM.\n"); - - // Release the TPM's resources - if (hashtable_remove(context_ht, &hContext) == NULL) - vtpmlogerror(VTPM_LOG_TCS, "Not all handles evicted from TPM.\n"); - - free(pContextHandle); - returnCode = TPM_SUCCESS; - } - - vtpmloginfo(VTPM_LOG_TCS_DEEP, "Finished closing context\n"); - return(returnCode); -} - -// ------------------------------------------------------------------ -// Internal Functions -// ------------------------------------------------------------------ -int packAuth(BYTE* dst, TCS_AUTH* auth) { - // CHECK: according to the command specs, the outgoing auth params are: - // nonceEven - // nonceOdd - // continueAuthSession - // auth digest for return params - // - // this is a bit different than this code... - - return BSG_PackList(dst, 4, - BSG_TYPE_UINT32, &(auth->AuthHandle), - BSG_TPM_NONCE, &(auth->NonceOdd), - BSG_TYPE_BOOL, &(auth->fContinueAuthSession), - BSG_TPM_AUTHDATA, &(auth->HMAC)); -} - -int unpackAuth(TCS_AUTH* auth, BYTE* src) { - return BSG_UnpackList(src, 3, - BSG_TPM_NONCE, &(auth->NonceEven), - BSG_TYPE_BOOL, &(auth->fContinueAuthSession), - BSG_TPM_AUTHDATA, &(auth->HMAC)); -} - -// ------------------------------------------------------------------ -// Authorization Commands -// ------------------------------------------------------------------ - -TPM_RESULT TCSP_OIAP(TCS_CONTEXT_HANDLE hContext, // in - TCS_AUTHHANDLE* authHandle, // out - TPM_NONCE* nonce0) // out -{ - // setup input/output parameters block - TPM_TAG tag = TPM_TAG_RQU_COMMAND; - TPM_COMMAND_CODE ordinal = TPM_ORD_OIAP; - UINT32 paramSize = 0; - TPM_RESULT returnCode = TPM_SUCCESS; - - // setup the TPM driver input and output buffers - TDDL_RESULT hRes = TDDL_E_FAIL; - TDDL_UINT32 InLength = TCPA_MAX_BUFFER_LENGTH; - TDDL_UINT32 OutLength = TCPA_MAX_BUFFER_LENGTH; - - // check input params - if (authHandle == NULL || nonce0 == NULL) - return TPM_BAD_PARAMETER; - - // Convert Byte Input parameter in the input byte stream InBuf - InLength = BSG_PackList(InBuf, 3, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, ¶mSize, - BSG_TPM_COMMAND_CODE, &ordinal); - - // fill paramSize again as we now have the correct size - BSG_Pack(BSG_TYPE_UINT32, &InLength, InBuf+2); - - vtpmloginfo(VTPM_LOG_TCS_DEEP, "Sending paramSize = %d\n", InLength); - - // call the TPM driver - if ((hRes = TDDL_TransmitData(InBuf, InLength, OutBuf, &OutLength)) - == TDDL_SUCCESS) { - - // unpack to get the tag, paramSize, & returnCode - int i = BSG_UnpackList( OutBuf, 3, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, ¶mSize, - BSG_TPM_COMMAND_CODE, &returnCode); - - if (returnCode == TPM_SUCCESS && tag == TPM_TAG_RSP_COMMAND) { - // Extract the remaining output parameters - BSG_UnpackList(OutBuf+i, 2, - BSG_TYPE_UINT32, authHandle, - BSG_TPM_NONCE, nonce0); - - if (!AddHandleToList(hContext, TPM_RT_AUTH, *authHandle)) - vtpmlogerror(VTPM_LOG_TCS, "New AuthHandle not recorded\n"); - - vtpmloginfo(VTPM_LOG_TCS_DEEP, "Received paramSize : %d\n", paramSize); - } else - vtpmlogerror(VTPM_LOG_TCS, "Failed with return code %s\n", tpm_get_error_name(returnCode)); - - } - - return(returnCode); -} - -TPM_RESULT TCSP_OSAP(TCS_CONTEXT_HANDLE hContext, // in - TPM_ENTITY_TYPE entityType, // in - UINT32 entityValue, // in - TPM_NONCE nonceOddOSAP, // in - TCS_AUTHHANDLE* authHandle, // out - TPM_NONCE* nonceEven, // out - TPM_NONCE* nonceEvenOSAP) // out -{ - // setup input/output parameters block - TPM_TAG tag = TPM_TAG_RQU_COMMAND; - UINT32 paramSize = 0; - TPM_COMMAND_CODE ordinal = TPM_ORD_OSAP; - TPM_RESULT returnCode = TPM_SUCCESS; - - // setup the TPM driver input and output buffers - TDDL_RESULT hRes = TDDL_E_FAIL; - TDDL_UINT32 InLength = TCPA_MAX_BUFFER_LENGTH; - TDDL_UINT32 OutLength = TCPA_MAX_BUFFER_LENGTH; - - // check input params - if (authHandle == NULL || nonceEven == NULL || nonceEvenOSAP == NULL) - return TPM_BAD_PARAMETER; - - // Convert Byte Input parameter in the input byte stream InBuf - InLength = BSG_PackList(InBuf, 6, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, ¶mSize, - BSG_TPM_COMMAND_CODE, &ordinal, - BSG_TYPE_UINT16, &entityType, - BSG_TYPE_UINT32, &entityValue, - BSG_TPM_NONCE, &nonceOddOSAP); - - // fill paramSize again as we now have the correct size - BSG_Pack(BSG_TYPE_UINT32, &InLength, InBuf+2); - - vtpmloginfo(VTPM_LOG_TCS_DEEP, "Sending paramSize = %d\n", InLength); - - // call the TPM driver - if ((hRes = TDDL_TransmitData(InBuf, InLength, OutBuf, &OutLength)) - == TDDL_SUCCESS) { - - // unpack to get the tag, paramSize, & returnCode - int i = BSG_UnpackList(OutBuf, 3, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, ¶mSize, - BSG_TPM_COMMAND_CODE, &returnCode); - - if (returnCode == TPM_SUCCESS && tag == TPM_TAG_RSP_COMMAND) { - // Extract the remaining output parameters - BSG_UnpackList(OutBuf+i, 3, - BSG_TYPE_UINT32, authHandle, - BSG_TPM_NONCE, nonceEven, - BSG_TPM_NONCE, nonceEvenOSAP); - - if (!AddHandleToList(hContext, TPM_RT_AUTH, *authHandle)) { - vtpmlogerror(VTPM_LOG_TCS, "New AuthHandle not recorded\n"); - } - - vtpmloginfo(VTPM_LOG_TCS_DEEP, "Received paramSize : %d\n", paramSize); - } else - vtpmlogerror(VTPM_LOG_TCS, "Failed with return code %s\n", tpm_get_error_name(returnCode)); - - } - - return(returnCode); -} - -TPM_RESULT TCSP_TakeOwnership(TCS_CONTEXT_HANDLE hContext, // in - UINT16 protocolID, // in - UINT32 encOwnerAuthSize, // in - BYTE* encOwnerAuth, // in - UINT32 encSrkAuthSize, // in - BYTE* encSrkAuth, // in - UINT32* SrkSize, // in, out - BYTE** Srk, // in, out - TCS_AUTH* ownerAuth) // in, out -{ - // setup input/output parameters block - TPM_TAG tag = TPM_TAG_RQU_AUTH1_COMMAND; - UINT32 paramSize = 0; - TPM_COMMAND_CODE ordinal = TPM_ORD_TakeOwnership; - TPM_RESULT returnCode = TPM_SUCCESS; - - // setup the TPM driver input and output buffers - TDDL_RESULT hRes = TDDL_E_FAIL; - TDDL_UINT32 InLength = TCPA_MAX_BUFFER_LENGTH; - TDDL_UINT32 OutLength = TCPA_MAX_BUFFER_LENGTH; - - // check input params - if (encOwnerAuth == NULL || encSrkAuth == NULL || SrkSize == NULL || *Srk == NULL) - return TPM_BAD_PARAMETER; - - // Convert Byte Input parameter in the input byte stream InBuf - InLength = BSG_PackList(InBuf, 5, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, ¶mSize, - BSG_TPM_COMMAND_CODE, &ordinal, - BSG_TYPE_UINT16, &protocolID, - BSG_TYPE_UINT32, &encOwnerAuthSize); - - memcpy(InBuf+InLength, encOwnerAuth, encOwnerAuthSize); - InLength += encOwnerAuthSize; - InLength += BSG_Pack( BSG_TYPE_UINT32, - &encSrkAuthSize, - InBuf+InLength); - memcpy(InBuf+InLength, encSrkAuth, encSrkAuthSize); - InLength += encSrkAuthSize; - memcpy(InBuf+InLength, *Srk, *SrkSize); - InLength += *SrkSize; - InLength += packAuth(InBuf+InLength, ownerAuth); - // fill paramSize again as we now have the correct size - BSG_Pack(BSG_TYPE_UINT32, - &InLength, - InBuf+2); - - vtpmloginfo(VTPM_LOG_TCS_DEEP, "Sending paramSize = %d\n", InLength); - - // call the TPM driver - if ((hRes = TDDL_TransmitData(InBuf, InLength, OutBuf, &OutLength)) - == TDDL_SUCCESS){ - - // unpack to get the tag, paramSize, & returnCode - int i = BSG_UnpackList( OutBuf, 3, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, ¶mSize, - BSG_TPM_COMMAND_CODE, &returnCode); - - if (returnCode == TPM_SUCCESS && tag == TPM_TAG_RSP_AUTH1_COMMAND) { - // Extract the remaining output parameters - TPM_KEY srkPub; - i += BSG_Unpack(BSG_TPM_KEY, OutBuf+i, &srkPub); - unpackAuth(ownerAuth, OutBuf+i); - - // fill output params - BYTE tempBuf[1024]; - *SrkSize = BSG_Pack(BSG_TPM_KEY, &srkPub, tempBuf); - if (TCS_Malloc(hContext, *SrkSize, Srk) == TPM_FAIL) { - return(TPM_SIZE); - } - memcpy(*Srk, tempBuf, *SrkSize); - - vtpmloginfo(VTPM_LOG_TCS_DEEP, "Received paramSize : %d", paramSize); - } else - vtpmlogerror(VTPM_LOG_TCS, "TCSP_TakeOwnership Failed with return code %s\n", tpm_get_error_name(returnCode)); - } - - return(returnCode); -} - - -TPM_RESULT TCSP_DisablePubekRead ( TCS_CONTEXT_HANDLE hContext, // in - TCS_AUTH* ownerAuth) { // in, out - - // setup input/output parameters block - TPM_TAG tag = TPM_TAG_RQU_AUTH1_COMMAND; - UINT32 paramSize = 0; - TPM_COMMAND_CODE ordinal = TPM_ORD_DisablePubekRead; - TPM_RESULT returnCode = TPM_SUCCESS; - - // setup the TPM driver input and output buffers - TDDL_RESULT hRes = TDDL_E_FAIL; - TDDL_UINT32 InLength = TCPA_MAX_BUFFER_LENGTH; - TDDL_UINT32 OutLength = TCPA_MAX_BUFFER_LENGTH; - - // Convert Byte Input parameter in the input byte stream InBuf - InLength = BSG_PackList(InBuf, 3, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, ¶mSize, - BSG_TPM_COMMAND_CODE, &ordinal); - - InLength += packAuth(InBuf+InLength, ownerAuth); - - // fill paramSize again as we now have the correct size - BSG_Pack(BSG_TYPE_UINT32, &InLength, InBuf+2); - - vtpmloginfo(VTPM_LOG_TCS_DEEP, "Sending paramSize = %d\n", InLength); - - // call the TPM driver - if ((hRes = TDDL_TransmitData(InBuf, InLength, OutBuf, &OutLength)) - == TDDL_SUCCESS){ - - // unpack to get the tag, paramSize, & returnCode - int i = BSG_UnpackList( OutBuf, 3, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, ¶mSize, - BSG_TPM_COMMAND_CODE, &returnCode); - - if (returnCode == TPM_SUCCESS && tag == TPM_TAG_RSP_AUTH1_COMMAND) { - // Extract the remaining output parameters - unpackAuth(ownerAuth, OutBuf+i); - } else - vtpmlogerror(VTPM_LOG_TCS, "TCSP_DisablePubekRead Failed with return code %s\n", tpm_get_error_name(returnCode)); - } - - return(returnCode); -} - - -TPM_RESULT TCSP_TerminateHandle(TCS_CONTEXT_HANDLE hContext, // in - TCS_AUTHHANDLE handle) // in -{ - // setup input/output parameters block - TPM_TAG tag = TPM_TAG_RQU_COMMAND; - UINT32 paramSize = 0; - TPM_COMMAND_CODE ordinal = TPM_ORD_Terminate_Handle; - TPM_RESULT returnCode = TPM_SUCCESS; - - // setup the TPM driver input and output buffers - TDDL_RESULT hRes = TDDL_E_FAIL; - TDDL_UINT32 InLength = TCPA_MAX_BUFFER_LENGTH; - TDDL_UINT32 OutLength = TCPA_MAX_BUFFER_LENGTH; - - // Convert Byte Input parameter in the input byte stream InBuf - InLength = BSG_PackList(InBuf, 4, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, ¶mSize, - BSG_TPM_COMMAND_CODE, &ordinal, - BSG_TYPE_UINT32, &handle); - // fill paramSize again as we now have the correct size - BSG_Pack(BSG_TYPE_UINT32, &InLength, InBuf+2); - - // call the TPM driver - if ((hRes = TDDL_TransmitData(InBuf, InLength, OutBuf, &OutLength)) - == TDDL_SUCCESS) { - - // unpack to get the tag, paramSize, & returnCode - BSG_UnpackList(OutBuf, 3, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, ¶mSize, - BSG_TPM_COMMAND_CODE, &returnCode); - - if (!DeleteHandleFromList(hContext, handle)) - vtpmlogerror(VTPM_LOG_TCS, "KeyHandle not removed from list\n"); - - - if (returnCode == TPM_SUCCESS && tag == TPM_TAG_RSP_COMMAND) { - // Print debug info - - vtpmloginfo(VTPM_LOG_TCS_DEEP, "Received paramSize : %d", paramSize); - } else - vtpmlogerror(VTPM_LOG_TCS, "TCSP_TerminateHandle Failed with return code %s\n", tpm_get_error_name(returnCode)); - - } - - return(returnCode); -} - -// TPM Mandatory -TPM_RESULT TCSP_Extend( TCS_CONTEXT_HANDLE hContext, // in - TPM_PCRINDEX pcrNum, // in - TPM_DIGEST inDigest, // in - TPM_PCRVALUE* outDigest) // out -{ - // setup input/output parameters block - TPM_TAG tag = TPM_TAG_RQU_COMMAND; - UINT32 paramSize = 0; - TPM_COMMAND_CODE ordinal = TPM_ORD_Extend; - TPM_RESULT returnCode = TPM_SUCCESS; - - // setup the TPM driver input and output buffers - TDDL_RESULT hRes = TDDL_E_FAIL; - TDDL_UINT32 InLength = TCPA_MAX_BUFFER_LENGTH; - TDDL_UINT32 OutLength = TCPA_MAX_BUFFER_LENGTH; - - // Convert Byte Input parameter in the input byte stream InBuf - InLength = BSG_PackList(InBuf, 5, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, ¶mSize, - BSG_TPM_COMMAND_CODE, &ordinal, - BSG_TYPE_UINT32, &pcrNum, - BSG_TPM_DIGEST, &inDigest); - // fill paramSize again as we now have the correct size - BSG_Pack(BSG_TYPE_UINT32, &InLength, InBuf+2); - - vtpmloginfo(VTPM_LOG_TCS_DEEP, "Sending paramSize = %d\n", InLength); - - // call the TPM driver - if ((hRes = TDDL_TransmitData(InBuf, InLength, OutBuf, &OutLength)) - == TDDL_SUCCESS) { - - // unpack to get the tag, paramSize, & returnCode - int i = BSG_UnpackList(OutBuf, 3, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, ¶mSize, - BSG_TPM_COMMAND_CODE, &returnCode); - - if (returnCode == TPM_SUCCESS && tag == TPM_TAG_RSP_COMMAND){ - // Extract the remaining output parameters - BSG_Unpack(BSG_TPM_PCRVALUE, OutBuf+i, outDigest); - - vtpmloginfo(VTPM_LOG_TCS_DEEP, "Received paramSize : %d\n", paramSize); - } else - vtpmlogerror(VTPM_LOG_TCS, "TCSP_Extend Failed with return code %s\n", tpm_get_error_name(returnCode)); - } - - return(returnCode); -} - -TPM_RESULT TCSP_Seal( TCS_CONTEXT_HANDLE hContext, // in - TCS_KEY_HANDLE keyHandle, // in - TPM_ENCAUTH encAuth, // in - UINT32 pcrInfoSize, // in - BYTE* PcrInfo, // in - UINT32 inDataSize, // in - BYTE* inData, // in - TCS_AUTH* pubAuth, // in, out - UINT32* SealedDataSize, // out - BYTE** SealedData) // out -{ - // setup input/output parameters block - TPM_TAG tag = TPM_TAG_RQU_AUTH1_COMMAND; - UINT32 paramSize = 0; - TPM_COMMAND_CODE ordinal = TPM_ORD_Seal; - TPM_RESULT returnCode = TPM_SUCCESS; - - // setup the TPM driver input and output buffers - TDDL_RESULT hRes = TDDL_E_FAIL; - TDDL_UINT32 InLength = TCPA_MAX_BUFFER_LENGTH; - TDDL_UINT32 OutLength = TCPA_MAX_BUFFER_LENGTH; - - // check input params - if (inData == NULL || pubAuth == NULL || SealedDataSize == NULL || SealedData == NULL) - return TPM_BAD_PARAMETER; - - // Convert Byte Input parameter in the input byte stream InBuf - InLength = BSG_PackList(InBuf, 6, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, ¶mSize, - BSG_TPM_COMMAND_CODE, &ordinal, - BSG_TYPE_UINT32, &keyHandle, - BSG_TPM_ENCAUTH, encAuth, - BSG_TYPE_UINT32, &pcrInfoSize); - memcpy(InBuf+InLength, PcrInfo, pcrInfoSize); - InLength += pcrInfoSize; - InLength += BSG_Pack(BSG_TYPE_UINT32, &inDataSize, InBuf+InLength); - memcpy(InBuf+InLength, inData, inDataSize); - InLength += inDataSize; - InLength += packAuth(InBuf+InLength, pubAuth); - // fill paramSize again as we now have the correct size - BSG_Pack(BSG_TYPE_UINT32, &InLength, InBuf+2); - - // call the TPM driver - if ((hRes = TDDL_TransmitData(InBuf, InLength, OutBuf, &OutLength)) - == TDDL_SUCCESS) { - // unpack OutBuf to get the tag, paramSize, & returnCode - int i = BSG_UnpackList(OutBuf, 3, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, ¶mSize, - BSG_TPM_COMMAND_CODE, &returnCode); - - if (returnCode == TPM_SUCCESS && tag == TPM_TAG_RSP_AUTH1_COMMAND) { - // Extract the remaining output parameters - TPM_STORED_DATA sealedData; - - i += BSG_Unpack(BSG_TPM_STORED_DATA, OutBuf+i, &sealedData); - unpackAuth(pubAuth, OutBuf+i); - - // fill SealedData - BYTE tempBuf[1024]; - *SealedDataSize = BSG_Pack(BSG_TPM_STORED_DATA, &sealedData, tempBuf); - if (TCS_Malloc(hContext, *SealedDataSize, SealedData) == TPM_FAIL) { - return TPM_SIZE; - } - memcpy(*SealedData, tempBuf, *SealedDataSize); - - vtpmloginfo(VTPM_LOG_TCS_DEEP, "Received paramSize : %d\n", paramSize); - } else - vtpmlogerror(VTPM_LOG_TCS, "TCSP_Seal Failed with return code %s\n", tpm_get_error_name(returnCode)); - } - - return(returnCode); -} - -TPM_RESULT TCSP_Unseal(TCS_CONTEXT_HANDLE hContext, // in - TCS_KEY_HANDLE parentHandle, // in - UINT32 SealedDataSize, // in - BYTE* SealedData, // in - TCS_AUTH* parentAuth, // in, out - TCS_AUTH* dataAuth, // in, out - UINT32* DataSize, // out - BYTE** Data) // out -{ - // setup input/output parameters block - TPM_TAG tag = TPM_TAG_RQU_AUTH2_COMMAND; - UINT32 paramSize = 0; - TPM_COMMAND_CODE ordinal = TPM_ORD_Unseal; - TPM_RESULT returnCode = TPM_SUCCESS; - - // setup the TPM driver input and output buffers - TDDL_RESULT hRes = TDDL_E_FAIL; - TDDL_UINT32 InLength = TCPA_MAX_BUFFER_LENGTH; - TDDL_UINT32 OutLength = TCPA_MAX_BUFFER_LENGTH; - - // check input params - if (SealedData == NULL || parentAuth == NULL || dataAuth == NULL || - DataSize == NULL || Data == NULL) - return TPM_BAD_PARAMETER; - - - // Convert Byte Input parameter in the input byte stream InBuf - InLength = BSG_PackList(InBuf, 4, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, ¶mSize, - BSG_TPM_COMMAND_CODE, &ordinal, - BSG_TYPE_UINT32, &parentHandle); - memcpy(InBuf+InLength, SealedData, SealedDataSize); - InLength += SealedDataSize; - InLength += packAuth(InBuf+InLength, parentAuth); - InLength += packAuth(InBuf+InLength, dataAuth); - // fill paramSize again as we now have the correct size - BSG_Pack(BSG_TYPE_UINT32, &InLength, InBuf+2); - - vtpmloginfo(VTPM_LOG_TCS_DEEP, "Sending paramSize = %d\n", InLength); - - // call the TPM driver - if ((hRes = TDDL_TransmitData(InBuf, InLength, OutBuf, &OutLength)) == TDDL_SUCCESS) { - // unpack OutBuf to get the tag, paramSize, & returnCode - int i = BSG_UnpackList( OutBuf, 3, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, ¶mSize, - BSG_TPM_COMMAND_CODE, &returnCode); - - if (returnCode == TPM_SUCCESS && tag == TPM_TAG_RSP_AUTH2_COMMAND) { - // Extract the remaining output parameters - i += BSG_Unpack(BSG_TYPE_UINT32, OutBuf+i, DataSize); - if (TCS_Malloc(hContext, *DataSize, Data) == TPM_FAIL) { - return TPM_SIZE; - } - memcpy(*Data, OutBuf+i, *DataSize); - i += *DataSize; - i += unpackAuth(parentAuth, OutBuf+i); - unpackAuth(dataAuth, OutBuf+i); - - vtpmloginfo(VTPM_LOG_TCS_DEEP, "Received paramSize : %d\n", paramSize); - } else - vtpmlogerror(VTPM_LOG_TCS, "TCSP_Unseal Failed with return code %s\n", tpm_get_error_name(returnCode)); - } - - return(returnCode); -} - -TPM_RESULT TCSP_UnBind(TCS_CONTEXT_HANDLE hContext, // in - TCS_KEY_HANDLE keyHandle, // in - UINT32 inDataSize, // in - BYTE* inData, // in - TCS_AUTH* privAuth, // in, out - UINT32* outDataSize, // out - BYTE** outData) // out -{ - // setup input/output parameters block - TPM_TAG tag = TPM_TAG_RQU_AUTH1_COMMAND; - UINT32 paramSize = 0; - TPM_COMMAND_CODE ordinal = TPM_ORD_UnBind; - TPM_RESULT returnCode = TPM_SUCCESS; - - // setup the TPM driver input and output buffers - TDDL_RESULT hRes = TDDL_E_FAIL; - TDDL_UINT32 InLength = TCPA_MAX_BUFFER_LENGTH; - TDDL_UINT32 OutLength = TCPA_MAX_BUFFER_LENGTH; - - // check input params - if (inData == NULL || privAuth == NULL || outDataSize == NULL || outData == NULL) - return TPM_BAD_PARAMETER; - - // Convert Byte Input parameter in the input byte stream InBuf - InLength = BSG_PackList(InBuf, 5, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, ¶mSize, - BSG_TPM_COMMAND_CODE, &ordinal, - BSG_TYPE_UINT32, &keyHandle, - BSG_TYPE_UINT32, &inDataSize); - memcpy(InBuf+InLength, inData, inDataSize); - InLength += inDataSize; - InLength += packAuth(InBuf+InLength, privAuth); - // fill paramSize again as we now have the correct size - BSG_Pack(BSG_TYPE_UINT32, &InLength, InBuf+2); - - vtpmloginfo(VTPM_LOG_TCS_DEEP, "\n\tSending paramSize = %d", InLength); - - // call the TPM driver - if ((hRes = TDDL_TransmitData(InBuf, InLength, OutBuf, &OutLength)) == TDDL_SUCCESS) { - // unpack OutBuf to get the tag, paramSize, & returnCode - int i = BSG_UnpackList(OutBuf, 3, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, ¶mSize, - BSG_TPM_COMMAND_CODE, &returnCode); - - if (returnCode == TPM_SUCCESS && tag == TPM_TAG_RSP_AUTH1_COMMAND) { - // Extract the remaining output parameters - i += BSG_Unpack(BSG_TYPE_UINT32, OutBuf+i, outDataSize); - if (TCS_Malloc(hContext, *outDataSize, outData) == TPM_FAIL) - return TPM_SIZE; - - memcpy(*outData, OutBuf+i, *outDataSize); - i += *outDataSize; - unpackAuth(privAuth, OutBuf+i); - - vtpmloginfo(VTPM_LOG_TCS_DEEP, "Received paramSize : %d\n", paramSize); - } else - vtpmlogerror(VTPM_LOG_TCS, "TCSP_UnBind Failed with return code %s\n", tpm_get_error_name(returnCode)); - } - - return(returnCode); -} - -TPM_RESULT TCSP_CreateWrapKey(TCS_CONTEXT_HANDLE hContext, // in - TCS_KEY_HANDLE hWrappingKey, // in - TPM_ENCAUTH KeyUsageAuth, // in - TPM_ENCAUTH KeyMigrationAuth, // in - UINT32* pcKeySize, // in, out - BYTE** prgbKey, // in, out - TCS_AUTH* pAuth) // in, out -{ - // setup input/output parameters block - TPM_TAG tag = TPM_TAG_RQU_AUTH1_COMMAND; - UINT32 paramSize = 0; - TPM_COMMAND_CODE ordinal = TPM_ORD_CreateWrapKey; - TPM_RESULT returnCode = TPM_SUCCESS; - - // setup the TPM driver input and output buffers - TDDL_RESULT hRes = TDDL_E_FAIL; - TDDL_UINT32 InLength = TCPA_MAX_BUFFER_LENGTH; - TDDL_UINT32 OutLength = TCPA_MAX_BUFFER_LENGTH; - - // check input params - if (pcKeySize == NULL || *prgbKey == NULL || pAuth == NULL) - return TPM_BAD_PARAMETER; - - - // Convert Byte Input parameter in the input byte stream InBuf - InLength = BSG_PackList(InBuf, 6, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, ¶mSize, - BSG_TPM_COMMAND_CODE, &ordinal, - BSG_TYPE_UINT32, &hWrappingKey, - BSG_TPM_ENCAUTH, KeyUsageAuth, - BSG_TPM_ENCAUTH, KeyMigrationAuth); - memcpy(InBuf+InLength, *prgbKey, *pcKeySize); - InLength += *pcKeySize; - InLength += packAuth(InBuf+InLength, pAuth); - // fill paramSize again as we now have the correct size - BSG_Pack(BSG_TYPE_UINT32, &InLength, InBuf+2); - - vtpmloginfo(VTPM_LOG_TCS_DEEP, "Sending paramSize = %d\n", InLength); - - // call the TPM driver - if ((hRes = TDDL_TransmitData(InBuf, InLength, OutBuf, &OutLength)) == TDDL_SUCCESS) { - // unpack OutBuf to get the tag, paramSize, & returnCode - int i = BSG_UnpackList(OutBuf, 3, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, ¶mSize, - BSG_TPM_RESULT, &returnCode); - - if (returnCode == TPM_SUCCESS && tag == TPM_TAG_RSP_AUTH1_COMMAND) { - // Extract the remaining output parameters - TPM_KEY wrappedKey; - - i += BSG_Unpack(BSG_TPM_KEY, OutBuf+i, &wrappedKey); - unpackAuth(pAuth, OutBuf+i); - - // Fill prgbKey - BYTE tempBuf[1024]; - *pcKeySize = BSG_Pack(BSG_TPM_KEY, &wrappedKey, tempBuf); - if (TCS_Malloc(hContext, *pcKeySize, prgbKey) == TPM_FAIL) - return TPM_SIZE; - - memcpy(*prgbKey, tempBuf, *pcKeySize); - - vtpmloginfo(VTPM_LOG_TCS_DEEP, "Received paramSize : %d\n", paramSize); - } else - vtpmlogerror(VTPM_LOG_TCS, "TCSP_CreateWrapKey Failed with return code %s\n", tpm_get_error_name(returnCode)); - } - - return(returnCode); -} - -TPM_RESULT TCSP_LoadKeyByBlob(TCS_CONTEXT_HANDLE hContext, // in - TCS_KEY_HANDLE hUnwrappingKey, // in - UINT32 cWrappedKeyBlobSize, // in - BYTE* rgbWrappedKeyBlob, // in - TCS_AUTH* pAuth, // in, out - TCS_KEY_HANDLE* phKeyTCSI, // out - TCS_KEY_HANDLE* phKeyHMAC) // out -{ - // setup input/output parameters block - TPM_TAG tag = TPM_TAG_RQU_AUTH1_COMMAND; - UINT32 paramSize = 0; - TPM_COMMAND_CODE ordinal = TPM_ORD_LoadKey; - TPM_RESULT returnCode = TPM_SUCCESS; - - // setup the TPM driver input and output buffers - TDDL_RESULT hRes = TDDL_E_FAIL; - TDDL_UINT32 InLength = TCPA_MAX_BUFFER_LENGTH; - TDDL_UINT32 OutLength = TCPA_MAX_BUFFER_LENGTH; - - // check input params - if (rgbWrappedKeyBlob == NULL || pAuth == NULL || phKeyTCSI == NULL || phKeyHMAC == NULL) - return TPM_BAD_PARAMETER; - - *phKeyHMAC = hUnwrappingKey; // the parent key is the one that the TPM use to make the HMAC calc - - // Convert Byte Input parameter in the input byte stream InBuf - InLength = BSG_PackList(InBuf, 4, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, ¶mSize, - BSG_TPM_COMMAND_CODE, &ordinal, - BSG_TYPE_UINT32, &hUnwrappingKey); - memcpy(InBuf+InLength, rgbWrappedKeyBlob, cWrappedKeyBlobSize); - InLength += cWrappedKeyBlobSize; - InLength += packAuth(InBuf+InLength, pAuth); - // fill paramSize again as we now have the correct size - BSG_Pack(BSG_TYPE_UINT32, &InLength, InBuf+2); - - vtpmloginfo(VTPM_LOG_TCS_DEEP, "Sending paramSize = %d\n", InLength); - - // call the TPM driver - if ((hRes = TDDL_TransmitData(InBuf, InLength, OutBuf, &OutLength)) == TDDL_SUCCESS) { - // unpack OutBuf to get the tag, paramSize, & returnCode - int i = BSG_UnpackList(OutBuf, 3, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, ¶mSize, - BSG_TPM_COMMAND_CODE, &returnCode); - - if (returnCode == TPM_SUCCESS && tag == TPM_TAG_RSP_AUTH1_COMMAND) { - // Extract the remaining output parameters - i += BSG_Unpack(BSG_TYPE_UINT32, - OutBuf+i, - phKeyTCSI); - unpackAuth(pAuth, OutBuf+i); - - if (!AddHandleToList(hContext, TPM_RT_KEY, *phKeyTCSI)) { - vtpmlogerror(VTPM_LOG_TCS, "New KeyHandle not recorded\n"); - } - - vtpmloginfo(VTPM_LOG_TCS_DEEP, "Received paramSize : %d\n", paramSize); - } else - vtpmlogerror(VTPM_LOG_TCS, "TCSP_LoadKeyByBlob Failed with return code %s\n", tpm_get_error_name(returnCode)); - } - - return(returnCode); -} - -TPM_RESULT TCSP_EvictKey(TCS_CONTEXT_HANDLE hContext, // in - TCS_KEY_HANDLE hKey) // in -{ - // setup input/output parameters block - TPM_TAG tag = TPM_TAG_RQU_COMMAND; - UINT32 paramSize = 0; - TPM_COMMAND_CODE ordinal = TPM_ORD_EvictKey; - TPM_RESULT returnCode = TPM_SUCCESS; - - // setup the TPM driver input and output buffers - TDDL_RESULT hRes = TDDL_E_FAIL; - TDDL_UINT32 InLength = TCPA_MAX_BUFFER_LENGTH; - TDDL_UINT32 OutLength = TCPA_MAX_BUFFER_LENGTH; - - // Convert Byte Input parameter in the input byte stream InBuf - InLength = BSG_PackList(InBuf, 4, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, ¶mSize, - BSG_TPM_COMMAND_CODE, &ordinal, - BSG_TYPE_UINT32, &hKey); - // fill paramSize again as we now have the correct size - BSG_Pack(BSG_TYPE_UINT32, &InLength, InBuf+2); - - vtpmloginfo(VTPM_LOG_TCS_DEEP, "Sending paramSize = %d\n", InLength); - - // call the TPM driver - if ((hRes = TDDL_TransmitData(InBuf, InLength, OutBuf, &OutLength)) == TDDL_SUCCESS) { - // unpack OutBuf to get the tag, paramSize, & returnCode - BSG_UnpackList(OutBuf, 3, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, ¶mSize, - BSG_TPM_COMMAND_CODE, &returnCode); - - if (!DeleteHandleFromList(hContext, hKey)) { - vtpmlogerror(VTPM_LOG_TCS, "KeyHandle not removed from list\n"); - } - - if (returnCode == TPM_SUCCESS && tag == TPM_TAG_RSP_COMMAND) { - vtpmloginfo(VTPM_LOG_TCS_DEEP, "Received paramSize : %d\n", paramSize); - } else { - vtpmlogerror(VTPM_LOG_TCS, "TCSP_EvictKey Failed with return code %s\n", tpm_get_error_name(returnCode)); - } - } - - return(returnCode); -} - -TPM_RESULT TCSP_GetRandom(TCS_CONTEXT_HANDLE hContext, // in - UINT32* bytesRequested, // in, out - BYTE** randomBytes) // out -{ - // setup input/output parameters block - TPM_TAG tag = TPM_TAG_RQU_COMMAND; - UINT32 paramSize = 0; - TPM_COMMAND_CODE ordinal = TPM_ORD_GetRandom; - TPM_RESULT returnCode = TPM_SUCCESS; - - // setup the TPM driver input and output buffers - TDDL_RESULT hRes = TDDL_E_FAIL; - TDDL_UINT32 InLength = TCPA_MAX_BUFFER_LENGTH; - TDDL_UINT32 OutLength = TCPA_MAX_BUFFER_LENGTH; - - // check input params - if (bytesRequested == NULL || *randomBytes == NULL){ - return TPM_BAD_PARAMETER; - } - - // Convert Byte Input parameter in the input byte stream InBuf - InLength = BSG_PackList(InBuf, 4, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, ¶mSize, - BSG_TPM_COMMAND_CODE, &ordinal, - BSG_TYPE_UINT32, bytesRequested); - // fill paramSize again as we now have the correct size - BSG_Pack(BSG_TYPE_UINT32, &InLength, InBuf+2); - - vtpmloginfo(VTPM_LOG_TCS_DEEP, "Sending paramSize = %d\n", InLength); - - // call the TPM driver - if ((hRes = TDDL_TransmitData(InBuf, InLength, OutBuf, &OutLength)) == TDDL_SUCCESS) { - // unpack OutBuf to get the tag, paramSize, & returnCode - int i = BSG_UnpackList(OutBuf, 3, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, ¶mSize, - BSG_TPM_COMMAND_CODE, &returnCode); - - if (returnCode == TPM_SUCCESS && tag == TPM_TAG_RSP_COMMAND) { - // Extract the remaining output parameters - BSG_Unpack(BSG_TYPE_UINT32, OutBuf+i, bytesRequested); - if (TCS_Malloc(hContext, *bytesRequested, randomBytes) == TPM_FAIL) { - return TPM_SIZE; - } - memcpy(*randomBytes, OutBuf+i+sizeof(UINT32), *bytesRequested); - - vtpmloginfo(VTPM_LOG_TCS_DEEP, "Received paramSize : %d\n", paramSize); - } else { - vtpmlogerror(VTPM_LOG_TCS, "TCSP_GetRandom Failed with return code %s\n", tpm_get_error_name(returnCode)); - } - } - - return(returnCode); -} - - -TPM_RESULT TCSP_ReadPubek(TCS_CONTEXT_HANDLE hContext, // in - TPM_NONCE antiReplay, // in - UINT32* pubEndorsementKeySize, // out - BYTE** pubEndorsementKey, // out - TPM_DIGEST* checksum) // out -{ - // setup input/output parameters block - TPM_TAG tag = TPM_TAG_RQU_COMMAND; - UINT32 paramSize = 0; - TPM_COMMAND_CODE ordinal = TPM_ORD_ReadPubek; - TPM_RESULT returnCode = TPM_SUCCESS; - - // setup the TPM driver input and output buffers - TDDL_RESULT hRes = TDDL_E_FAIL; - TDDL_UINT32 InLength = TCPA_MAX_BUFFER_LENGTH; - TDDL_UINT32 OutLength = TCPA_MAX_BUFFER_LENGTH; - - // check input params - if (pubEndorsementKeySize == NULL || pubEndorsementKey == NULL || checksum == NULL) { - return TPM_BAD_PARAMETER; - } - - // Convert Byte Input parameter in the input byte stream InBuf - InLength = BSG_PackList(InBuf, 4, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, ¶mSize, - BSG_TPM_COMMAND_CODE, &ordinal, - BSG_TPM_NONCE, &antiReplay); - // fill paramSize again as we now have the correct size - BSG_Pack(BSG_TYPE_UINT32, &InLength, InBuf+2); - - vtpmloginfo(VTPM_LOG_TCS_DEEP, "Sending paramSize = %d\n", InLength); - - // call the TPM driver - if ((hRes = TDDL_TransmitData(InBuf, InLength, OutBuf, &OutLength)) == TDDL_SUCCESS) { - // unpack OutBuf to get the tag, paramSize, & returnCode - int i = BSG_UnpackList(OutBuf, 3, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, ¶mSize, - BSG_TPM_COMMAND_CODE, &returnCode); - - if (returnCode == TPM_SUCCESS && tag == TPM_TAG_RSP_COMMAND) { - // Extract the remaining output parameters - TPM_PUBKEY pubEK; - i += BSG_UnpackList(OutBuf+i, 2, - BSG_TPM_PUBKEY, &pubEK, - BSG_TPM_DIGEST, checksum); - - // fill EndorsementKey - BYTE tempBuf[1024]; - *pubEndorsementKeySize = BSG_Pack(BSG_TPM_PUBKEY, &pubEK, tempBuf); - if (TCS_Malloc(hContext, *pubEndorsementKeySize, pubEndorsementKey) == TPM_FAIL) { - return TPM_SIZE; - } - memcpy(*pubEndorsementKey, tempBuf, *pubEndorsementKeySize); - - vtpmloginfo(VTPM_LOG_TCS_DEEP, "Received paramSize : %d\n", paramSize); - } else { - vtpmlogerror(VTPM_LOG_TCS, "TCSP_ReadPubek Failed with return code %s\n", tpm_get_error_name(returnCode)); - } - } - - return(returnCode); -} - - -TPM_RESULT TCSP_SaveState(TCS_CONTEXT_HANDLE hContext) // in -{ - // setup input/output parameters block - TPM_TAG tag = TPM_TAG_RQU_COMMAND; - UINT32 paramSize = 0; - TPM_COMMAND_CODE ordinal = TPM_ORD_SaveState; - TPM_RESULT returnCode = TPM_SUCCESS; - - // setup the TPM driver input and output buffers - TDDL_RESULT hRes = TDDL_E_FAIL; - TDDL_UINT32 InLength = TCPA_MAX_BUFFER_LENGTH; - TDDL_UINT32 OutLength = TCPA_MAX_BUFFER_LENGTH; - - // Convert Byte Input parameter in the input byte stream InBuf - InLength = BSG_PackList(InBuf, 3, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, ¶mSize, - BSG_TPM_COMMAND_CODE, &ordinal); - // fill paramSize again as we now have the correct size - BSG_Pack(BSG_TYPE_UINT32, &InLength, InBuf+2); - - vtpmloginfo(VTPM_LOG_TCS_DEEP, "Sending paramSize = %d\n", InLength); - - // call the TPM driver - if ((hRes = TDDL_TransmitData(InBuf, InLength, OutBuf, &OutLength)) == TDDL_SUCCESS) { - // unpack OutBuf to get the tag, paramSize, & returnCode - BSG_UnpackList(OutBuf, 3, - BSG_TPM_TAG, &tag, - BSG_TYPE_UINT32, ¶mSize, - BSG_TPM_COMMAND_CODE, &returnCode); - - if (returnCode == TPM_SUCCESS && tag == TPM_TAG_RSP_COMMAND) { - vtpmloginfo(VTPM_LOG_TCS_DEEP, "Received paramSize : %d\n", paramSize); - } else { - vtpmlogerror(VTPM_LOG_TCS, "TCSP_SaveState Failed with return code %s\n", tpm_get_error_name(returnCode)); - } - } - - return(returnCode); -} - - -TPM_RESULT TCSP_RawTransmitData( UINT32 inDataSize, // in - BYTE *inData, // in - UINT32 *outDataSize,// in/out - BYTE *outData) { // out - - TDDL_RESULT hRes; - - vtpmloginfo(VTPM_LOG_TCS, "Calling TransmitData directly.\n"); - //FIXME: Add Context Management - hRes = TDDL_TransmitData( inData, - inDataSize, - outData, - outDataSize); - - if (hRes == TDDL_SUCCESS) { - return TPM_SUCCESS; - } else { - vtpmlogerror(VTPM_LOG_TCS, "TCSP_RawTransmitData Failed with return code %s\n", tpm_get_error_name(TPM_IOERROR)); - return TPM_IOERROR; - } - -} diff --git a/tools/vtpm_manager/tcs/tcs.h b/tools/vtpm_manager/tcs/tcs.h deleted file mode 100644 index 83b9cd0709..0000000000 --- a/tools/vtpm_manager/tcs/tcs.h +++ /dev/null @@ -1,245 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== -// -// tcs.h -// -// This file declares the TCS API -// -// ================================================================== - -#ifndef __TCS_H__ -#define __TCS_H__ - -#include "tcg.h" -#include "contextmgr.h" -#include "buffer.h" - -#define HANDLE_NULL 0 - -// ------------------------------------------------------------------ -// Exposed API -// ------------------------------------------------------------------ - -TPM_RESULT TCS_create(); -void TCS_destroy(); - -TPM_RESULT TCS_OpenContext( /* OUT */ TCS_CONTEXT_HANDLE* hContext ); - -TPM_RESULT TCS_CloseContext ( /* IN */ TCS_CONTEXT_HANDLE hContext ); - -TPM_RESULT TCS_Malloc ( TCS_CONTEXT_HANDLE hContext, // in - UINT32 MemSize, // in - BYTE** ppMemPtr ); //out - -TPM_RESULT TCS_FreeMemory ( TCS_CONTEXT_HANDLE hContext, // in - BYTE* pMemory); // in - -// ------------------------------------------------------------------ -// Exposed API -// ------------------------------------------------------------------ - -// TPM v1.1B Command Set - -// Authorzation -TPM_RESULT TCSP_OIAP( TCS_CONTEXT_HANDLE hContext, // in - TCS_AUTHHANDLE* authHandle, // out - TPM_NONCE* nonce0 // out - ); - -TPM_RESULT TCSP_OSAP ( TCS_CONTEXT_HANDLE hContext, // in - TPM_ENTITY_TYPE entityType, // in - UINT32 entityValue, // in - TPM_NONCE nonceOddOSAP, // in - TCS_AUTHHANDLE* authHandle, // out - TPM_NONCE* nonceEven, // out - TPM_NONCE* nonceEvenOSAP // out - ); - -TPM_RESULT TCSP_TakeOwnership ( TCS_CONTEXT_HANDLE hContext, // in - UINT16 protocolID, // in - UINT32 encOwnerAuthSize, // in - BYTE* encOwnerAuth, // in - UINT32 encSrkAuthSize, // in - BYTE* encSrkAuth, // in - UINT32* SrkSize, // in, out - BYTE** Srk, // in, out - TCS_AUTH* ownerAuth // in, out - ); - -TPM_RESULT TCSP_DisablePubekRead ( TCS_CONTEXT_HANDLE hContext, // in - TCS_AUTH* ownerAuth // in, out - ); - -TPM_RESULT TCSP_TerminateHandle ( TCS_CONTEXT_HANDLE hContext, // in - TCS_AUTHHANDLE handle // in - ); - -TPM_RESULT TCSP_FlushSpecific ( TCS_CONTEXT_HANDLE hContext, // in - TCS_AUTHHANDLE handle, // in - TPM_RESOURCE_TYPE resourceType //in - ); - -// TPM Mandatory -TPM_RESULT TCSP_Extend ( TCS_CONTEXT_HANDLE hContext, // in - TPM_PCRINDEX pcrNum, // in - TPM_DIGEST inDigest, // in - TPM_PCRVALUE* outDigest // out - ); - -TPM_RESULT TCSP_PcrRead ( TCS_CONTEXT_HANDLE hContext, // in - TPM_PCRINDEX pcrNum, // in - TPM_PCRVALUE* outDigest // out - ); - -TPM_RESULT TCSP_Quote ( TCS_CONTEXT_HANDLE hContext, // in - TCS_KEY_HANDLE keyHandle, // in - TPM_NONCE antiReplay, // in - UINT32* PcrDataSize, // in, out - BYTE** PcrData, // in, out - TCS_AUTH* privAuth, // in, out - UINT32* sigSize, // out - BYTE** sig // out - ); - -TPM_RESULT TCSP_Seal ( TCS_CONTEXT_HANDLE hContext, // in - TCS_KEY_HANDLE keyHandle, // in - TPM_ENCAUTH encAuth, // in - UINT32 pcrInfoSize, // in - BYTE* PcrInfo, // in - UINT32 inDataSize, // in - BYTE* inData, // in - TCS_AUTH* pubAuth, // in, out - UINT32* SealedDataSize, // out - BYTE** SealedData // out - ); - -TPM_RESULT TCSP_Unseal ( TCS_CONTEXT_HANDLE hContext, // in - TCS_KEY_HANDLE parentHandle, // in - UINT32 SealedDataSize, // in - BYTE* SealedData, // in - TCS_AUTH* parentAuth, // in, out - TCS_AUTH* dataAuth, // in, out - UINT32* DataSize, // out - BYTE** Data // out - ); - -TPM_RESULT TCSP_DirWriteAuth ( TCS_CONTEXT_HANDLE hContext, // in - TPM_DIRINDEX dirIndex, // in - TPM_DIRVALUE newContents, // in - TCS_AUTH* ownerAuth // in, out - ); - -TPM_RESULT TCSP_DirRead ( TCS_CONTEXT_HANDLE hContext, // in - TPM_DIRINDEX dirIndex, // in - TPM_DIRVALUE* dirValue // out - ); - -TPM_RESULT TCSP_UnBind ( TCS_CONTEXT_HANDLE hContext, // in - TCS_KEY_HANDLE keyHandle, // in - UINT32 inDataSize, // in - BYTE* inData, // in - TCS_AUTH* privAuth, // in, out - UINT32* outDataSize, // out - BYTE** outData // out - ); - -TPM_RESULT TCSP_CreateWrapKey ( TCS_CONTEXT_HANDLE hContext, // in - TCS_KEY_HANDLE hWrappingKey, // in - TPM_ENCAUTH KeyUsageAuth, // in - TPM_ENCAUTH KeyMigrationAuth, // in - UINT32* pcKeySize, // in, out - BYTE** prgbKey, // in, out - TCS_AUTH* pAuth // in, out - ); - -TPM_RESULT TCSP_LoadKeyByBlob ( TCS_CONTEXT_HANDLE hContext, // in - TCS_KEY_HANDLE hUnwrappingKey, // in - UINT32 cWrappedKeyBlobSize, // in - BYTE* rgbWrappedKeyBlob, // in - TCS_AUTH* pAuth, // in, out - TCS_KEY_HANDLE* phKeyTCSI, // out - TCS_KEY_HANDLE* phKeyHMAC // out - ); - -TPM_RESULT TCSP_GetPubKey ( TCS_CONTEXT_HANDLE hContext, // in - TCS_KEY_HANDLE hKey, // in - TCS_AUTH* pAuth, // in, out - UINT32* pcPubKeySize, // out - BYTE** prgbPubKey // out - ); - -TPM_RESULT TCSP_EvictKey ( TCS_CONTEXT_HANDLE hContext, // in - TCS_KEY_HANDLE hKey // in - ); - -TPM_RESULT TCSP_Sign ( TCS_CONTEXT_HANDLE hContext, // in - TCS_KEY_HANDLE keyHandle, // in - UINT32 areaToSignSize, // in - BYTE* areaToSign, // in - TCS_AUTH* privAuth, // in, out - UINT32* sigSize, // out - BYTE** sig // out - ); - -TPM_RESULT TCSP_GetRandom ( TCS_CONTEXT_HANDLE hContext, // in - UINT32* bytesRequested, // in, out - BYTE** randomBytes // out - ); - -TPM_RESULT TCSP_StirRandom ( TCS_CONTEXT_HANDLE hContext, // in - UINT32 inDataSize, // in - BYTE* inData // in - ); - -TPM_RESULT TCSP_ReadPubek ( TCS_CONTEXT_HANDLE hContext, // in - TPM_NONCE antiReplay, // in - UINT32* pubEndorsementKeySize, // out - BYTE** pubEndorsementKey, // out - TPM_DIGEST* checksum // out - ); - - -// Non-Standard TCSP calls -TPM_RESULT TCSP_SaveState(TCS_CONTEXT_HANDLE hContext); // in - -//Give direct access to TransmitData. -// Key and Auth Management is done before transfering command to TDDL. -TPM_RESULT TCSP_RawTransmitData(UINT32 inDataSize, // in - BYTE *inData, // in - UINT32 *outDataSize,// in/out - BYTE *outData); // out - -///////////// Private Functions //////////////////// -CONTEXT_HANDLE* LookupContext( TCS_CONTEXT_HANDLE hContext); - -#endif //TCS_H diff --git a/tools/vtpm_manager/tcs/tpmddl.h b/tools/vtpm_manager/tcs/tpmddl.h deleted file mode 100644 index e7e54f18ad..0000000000 --- a/tools/vtpm_manager/tcs/tpmddl.h +++ /dev/null @@ -1,69 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== -// -// tpmddl.c -// -// This file defines the TDDLI API -// -// ================================================================== - -#ifndef __TPMDDL_H__ -#define __TPMDDL_H__ - -#define TDDL_CAP_PROP_MANUFACTURER 0x0001 - -#define TDDL_E_FAIL 1 -#define TDDL_E_SUCCESS 0 -#define TDDL_SUCCESS 0 - -typedef unsigned int TDDL_UINT32; -typedef TDDL_UINT32 TDDL_RESULT; -typedef unsigned char TDDL_BYTE; - -TDDL_RESULT TDDL_Open(); -void TDDL_Close(); -TDDL_RESULT TDDL_TransmitData( TDDL_BYTE* in, - TDDL_UINT32 insize, - TDDL_BYTE* out, - TDDL_UINT32* outsize); -TDDL_RESULT TDDL_GetStatus(); -TDDL_RESULT TDDL_GetCapability( TDDL_UINT32 cap, - TDDL_UINT32 sub, - TDDL_BYTE* buffer, - TDDL_UINT32* size); -TDDL_RESULT TDDL_SetCapability( TDDL_UINT32 cap, - TDDL_UINT32 sub, - TDDL_BYTE* buffer, - TDDL_UINT32* size); - -#endif // __TPMDDL_H__ diff --git a/tools/vtpm_manager/tcs/transmit.c b/tools/vtpm_manager/tcs/transmit.c deleted file mode 100644 index 74bbdca585..0000000000 --- a/tools/vtpm_manager/tcs/transmit.c +++ /dev/null @@ -1,147 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== - -#include <unistd.h> -#include <stdio.h> -#include <errno.h> -#include <fcntl.h> - -#include "tcg.h" -#include "buffer.h" -#include "log.h" -#include "tpmddl.h" - -// flag to track whether TDDL has been opened -static int g_TDDL_open = 0; -static int g_tx_fd = -1; // the fd to the TPM - -#ifndef DUMMY_TPM - #define TPM_TX_FNAME "/dev/tpm0" - static int *g_rx_fdp = &g_tx_fd; -#else - #define TPM_TX_FNAME "/var/tpm/tpm_in.fifo" - #define TPM_RX_FNAME "/var/tpm/tpm_out.fifo" - static int g_rx_fd = -1; - static int *g_rx_fdp = &g_rx_fd; // the fd to the TPM -#endif - -TPM_RESULT -TDDL_TransmitData( TDDL_BYTE* in, - TDDL_UINT32 insize, - TDDL_BYTE* out, - TDDL_UINT32* outsize) { - TPM_RESULT status = TPM_SUCCESS; - TDDL_UINT32 i; - - vtpmloginfo(VTPM_LOG_TXDATA, "Sending buffer = 0x"); - for(i = 0 ; i < insize ; i++) - vtpmloginfomore(VTPM_LOG_TXDATA, "%2.2x ", in[i]); - - vtpmloginfomore(VTPM_LOG_TXDATA, "\n"); - - ssize_t size = 0; - - // send the request - size = write (g_tx_fd, in, insize); - if (size < 0) { - vtpmlogerror(VTPM_LOG_TXDATA, "write() failed"); - ERRORDIE (TPM_IOERROR); - } - else if ((TDDL_UINT32) size < insize) { - vtpmlogerror(VTPM_LOG_TXDATA, "Wrote %d instead of %d bytes!\n", (int) size, insize); - // ... ? - } - - // read the response - size = read (*g_rx_fdp, out, TCPA_MAX_BUFFER_LENGTH); - if (size < 0) { - vtpmlogerror(VTPM_LOG_TXDATA, "read() failed"); - ERRORDIE (TPM_IOERROR); - } - - vtpmloginfo(VTPM_LOG_TXDATA, "Receiving buffer = 0x"); - for(i = 0 ; i < size ; i++) - vtpmloginfomore(VTPM_LOG_TXDATA, "%2.2x ", out[i]); - - vtpmloginfomore(VTPM_LOG_TXDATA, "\n"); - - *outsize = size; - // close connection - goto egress; - - abort_egress: - egress: - return status; -} - -TPM_RESULT TDDL_Open() { - - TDDL_RESULT status = TDDL_SUCCESS; - - if (g_TDDL_open) - return TPM_FAIL; - -#ifdef DUMMY_TPM - *g_rx_fdp = open (TPM_RX_FNAME, O_RDWR); -#endif - - g_tx_fd = open (TPM_TX_FNAME, O_RDWR); - if (g_tx_fd < 0) { - vtpmlogerror(VTPM_LOG_TXDATA, "TPM open failed"); - return TPM_IOERROR; - } - - g_TDDL_open = 1; - - return status; -} - -void TDDL_Close() { - if (! g_TDDL_open) - return; - - if (g_tx_fd>= 0) { - if (close(g_tx_fd) < 0) - vtpmlogerror(VTPM_LOG_TXDATA, "closeing tpm failed"); - g_tx_fd = -1; - } - - if (*g_rx_fdp>= 0) { - if (close(*g_rx_fdp) < 0) - vtpmlogerror(VTPM_LOG_TXDATA, "closeing tpm failed"); - *g_rx_fdp = -1; - } - - g_TDDL_open = 0; - -} diff --git a/tools/vtpm_manager/util/Makefile b/tools/vtpm_manager/util/Makefile deleted file mode 100644 index 36bc38f63f..0000000000 --- a/tools/vtpm_manager/util/Makefile +++ /dev/null @@ -1,24 +0,0 @@ -XEN_ROOT = $(CURDIR)/../../.. -include $(XEN_ROOT)/tools/vtpm_manager/Rules.mk - -BIN = libTCGUtils.a - -.PHONY: all -all: build - -.PHONY: build -build: $(BIN) - -.PHONY: install -install: build - -.PHONY: clean -clean: - rm -f *.a *.so *.o *.rpm $(DEP_FILES) - -.PHONY: mrproper -mrproper: clean - rm -f *~ - -$(BIN): $(OBJS) - $(AR) rcs $(BIN) $(OBJS) diff --git a/tools/vtpm_manager/util/bsg.c b/tools/vtpm_manager/util/bsg.c deleted file mode 100644 index fa36ce70c8..0000000000 --- a/tools/vtpm_manager/util/bsg.c +++ /dev/null @@ -1,829 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== -// -// bsg.cpp -// -// This file will handle all the TPM Byte Stream functions -// -// ================================================================== - -#include <stdio.h> -#include <string.h> -#include <stdarg.h> -#include <malloc.h> -#include "tcg.h" -#include "crypto.h" -#include "bsg.h" -#include "log.h" - -static int g_log_recursion_level = 0; - -// a largest buffer size. if we get a buf size bigger than this when unpacking, -// will complain! -#define BSG_MAX_BUF_SIZE (1<<18) - -#define bsglog(fmt, ...) do { \ - int __i; \ - for (__i=0; __i < g_log_recursion_level; __i++) { \ - vtpmloginfomore (VTPM_LOG_BSG, "%s", " "); \ - } \ - vtpmloginfomore (VTPM_LOG_BSG, fmt, __VA_ARGS__); \ - } while (0) - - -// FIXME: trigger the selfcheck--need to use glibc hook to do this -//BOOL dummy1 = BSG_static_selfcheck(); - - -// Interpretting Types -// ------------------- -// -// Incoming Types are composed of two parts {format, info} squished into a -// BSG_UINT32. The first 4 bits is a format spec indicating what type of -// data it is. If the first 4 bits are zero the info corresponds to a value in -// BSG_s_fmt[]. This is a structure whose composition is described in -// BSG_s_fmt[]. If the value is non-zero, info corresponds to the size of the -// data (in bytes) being passed in. For example a UINT32 being passed in would -// have a format of (__FMT_CONST | 4). If both, the format and info are zero, -// this is interpretted as the end of the structure, and the result is returned. - -// these flags are mutually exclusive, so I'll just make them -// format values which indicate the semantics of the 'info' part and the source -// data. The above description has been accordingly adjusted. - -// format values for determining what type of data the incoming type is -// it's a 4 bit value, occupying the high 4 bits -#define __FMT_CONST (1UL << 28) // Constant sized value -#define __FMT_DATA (2UL << 28) // Believed to be raw data NOT {size,data} -#define __FMT_SIZE (3UL << 28) // A size. Used in FMT_SIZE??_DATA. -#define __FMT_HSIZE (4UL << 28) // A number of handles -#define __FMT_PACKED (5UL << 28) // 'info' is unused; the source data consists - // of {size32, data} but we're to pack only the - // data as that is already packed, and so - // can/must be unpacked without - // explicitly reading it size - -#define __FMT_MASK 0x0FFFFFFFUL // this masks out the 4-bit format -#define __FMT_MASK_SIZE(type) ((type) & __FMT_MASK) -#define __FMT_MASK_FORMAT(type) ((type) & (~__FMT_MASK)) - -// constant (8/16/32-bits) -#define FMT_U8 (__FMT_CONST | 1UL) -#define FMT_U16 (__FMT_CONST | 2UL) -#define FMT_U32 (__FMT_CONST | 4UL) - -// const with a compiler-computed size -#define FMT_SIZEOF(type) (__FMT_CONST | sizeof(type)) - -// other data (size bytes) -// Used primarily for DIGESTS -> FMT_DATA(20) -#define FMT_DATA(size) (__FMT_DATA | ((BSG_UINT32) (size) & __FMT_MASK)) - -// 16/32-bit size followed by N bytes of data -#define FMT_SIZE16_DATA (__FMT_SIZE | 2UL) -#define FMT_SIZE32_DATA (__FMT_SIZE | 4UL) - -// 16-bit size followed by N key handles -#define FMT_SIZE16_HANDLES (__FMT_HSIZE | 2UL) - -#define DIGEST_SIZE 20 -typedef BSG_UINT32 BSG_HANDLE; - -// TCPA_AUTH has 11 fields! -#define MAX_FIELDS 11 -typedef struct BSG_Format -{ - BSG_Type type; - const char* name; - BSG_UINT32 fields[MAX_FIELDS + 1]; -} BSG_Format; - -/* - * TCPA structure data formats - */ -// this has to be manually kept in sync with the -// Type enum!! the static_selfcheck() function should be used regularly! -static BSG_Format s_fmt[] = -{ - {BSG_TYPE_UINT32, "BSG_TYPE_UINT32", {FMT_U32, 0}}, - {BSG_TYPE_UINT16, "BSG_TYPE_UINT16", {FMT_U16, 0}}, - {BSG_TYPE_BYTE, "BSG_TYPE_BYTE", {FMT_U8, 0}}, - {BSG_TYPE_BOOL, "BSG_TYPE_BOOL", {FMT_U8, 0}}, - {BSG_TPM_SIZE32_DATA, "BSG_TPM_SIZE32_DATA", {FMT_SIZE32_DATA, 0}}, - {BSG_TPM_TAG, "BSG_TPM_TAG", {FMT_SIZEOF(TPM_TAG), 0}}, - {BSG_TPM_HANDLE, "BSG_TPM_HANDLE", {FMT_SIZEOF(TPM_HANDLE), 0}}, - {BSG_TPM_RESULT, "BSG_TPM_RESULT", {FMT_SIZEOF(TPM_RESULT), 0}}, - {BSG_TPM_RESOURCE_TYPE, "BSG_TPM_RESOURCE_TYPE", {FMT_SIZEOF(TPM_RESOURCE_TYPE), 0}}, - {BSG_TPM_COMMAND_CODE, "BSG_TPM_COMMAND_CODE", {FMT_U32, 0}}, - {BSG_TPM_AUTH_DATA_USAGE, "BSG_TPM_AUTH_DATA_USAGE", {FMT_U8, 0}}, - {BSG_TPM_ALGORITHM_ID, "BSG_TPM_ALGORITHM_ID", {FMT_U32, 0}}, - {BSG_TPM_PROTOCOL_ID, "BSG_TPM_PROTOCOL_ID", {FMT_SIZEOF(TPM_PROTOCOL_ID), 0}}, - {BSG_TPM_KEY_USAGE, "BSG_TPM_KEY_USAGE", {FMT_U16, 0}}, - {BSG_TPM_ENC_SCHEME, "BSG_TPM_ENC_SCHEME", {FMT_U16, 0}}, - {BSG_TPM_SIG_SCHEME, "BSG_TPM_SIG_SCHEME", {FMT_U16, 0}}, - {BSG_TPM_MIGRATE_SCHEME, "BSG_TPM_MIGRATE_SCHEME", {FMT_U16, 0}}, - {BSG_TPM_KEY_FLAGS, "BSG_TPM_KEY_FLAGS", {FMT_U32, 0}}, - - {BSG_TPM_AUTHDATA, "BSG_TPM_AUTHDATA", {FMT_DATA(DIGEST_SIZE), 0}}, - {BSG_TPM_SECRET, "BSG_TPM_SECRET", {BSG_TPM_AUTHDATA, 0}}, - {BSG_TPM_ENCAUTH, "BSG_TPM_ENCAUTH", {BSG_TPM_AUTHDATA, 0}}, - {BSG_TPM_PAYLOAD_TYPE, "BSG_TPM_PAYLOAD_TYPE", {FMT_SIZEOF(TPM_PAYLOAD_TYPE), 0}}, - - {BSG_TPM_VERSION, "BSG_TPM_VERSION", {FMT_DATA(4), 0}}, // vers 1.2 - {BSG_TPM_DIGEST, "BSG_TPM_DIGEST", {FMT_DATA(DIGEST_SIZE), 0}}, - {BSG_TPM_COMPOSITE_HASH, "BSG_TPM_COMPOSITE_HASH", {BSG_TPM_DIGEST, 0}}, - {BSG_TPM_CHOSENID_HASH, "BSG_TPM_CHOSENID_HASH", {BSG_TPM_DIGEST, 0}}, - - {BSG_TPM_NONCE, "BSG_TPM_NONCE", {FMT_DATA(DIGEST_SIZE), 0}}, - {BSG_TPM_KEY_HANDLE, "BSG_TPM_KEY_HANDLE", {FMT_SIZEOF(TPM_KEY_HANDLE), 0}}, - {BSG_TPM_KEY_HANDLE_LIST, "BSG_TPM_KEY_HANDLE_LIST", - {FMT_SIZE16_HANDLES, 0}}, - - {BSG_TPM_KEY_PARMS, "BSG_TPM_KEY_PARMS", { - BSG_TPM_ALGORITHM_ID, - BSG_TPM_ENC_SCHEME, - BSG_TPM_SIG_SCHEME, - FMT_SIZE32_DATA, - 0}}, - {BSG_TPM_RSA_KEY_PARMS, "BSG_TPM_RSA_KEY_PARMS", { - FMT_U32, FMT_U32, FMT_SIZE32_DATA, 0}}, - {BSG_TPM_STORE_PUBKEY, "BSG_TPM_STORE_PUBKEY", {FMT_SIZE32_DATA, 0}}, - {BSG_TPM_PUBKEY, "BSG_TPM_PUBKEY", {BSG_TPM_KEY_PARMS, BSG_TPM_STORE_PUBKEY, 0}}, - {BSG_TPM_KEY, "BSG_TPM_KEY", { - BSG_TPM_VERSION, - BSG_TPM_KEY_USAGE, - BSG_TPM_KEY_FLAGS, - BSG_TPM_AUTH_DATA_USAGE, - BSG_TPM_KEY_PARMS, - FMT_SIZE32_DATA, // the PCR_INFO - BSG_TPM_STORE_PUBKEY, - FMT_SIZE32_DATA, // the encrypted part - 0}}, - - {BSG_TPM_MIGRATIONKEYAUTH, "BSG_TPM_MIGRATIONKEYAUTH", { - BSG_TPM_PUBKEY, - BSG_TPM_MIGRATE_SCHEME, - BSG_TPM_DIGEST, 0}}, - - {BSG_TCPA_AUDIT_EVENT, "TCPA_AUDIT_EVENT", { - BSG_TPM_COMMAND_CODE, - BSG_TPM_RESULT, 0 }}, - - {BSG_TCPA_EVENT_CERT, "TCPA_EVENT_CERT", { - BSG_TPM_DIGEST, - BSG_TPM_DIGEST, - FMT_DATA(2), - FMT_SIZE32_DATA, 0}}, - - {BSG_TPM_PCR_SELECTION, "BSG_TPM_PCR_SELECTION", {FMT_SIZE16_DATA, 0} }, - {BSG_TPM_PCR_COMPOSITE, "BSG_TPM_PCR_COMPOSITE", { BSG_TPM_PCR_SELECTION, - FMT_SIZE32_DATA, - 0} }, - - {BSG_TPM_PCR_INFO, "BSG_TPM_PCR_INFO", { BSG_TPM_PCR_SELECTION, - BSG_TPM_COMPOSITE_HASH, - BSG_TPM_COMPOSITE_HASH, - 0} }, - - - {BSG_TPM_STORED_DATA, "BSG_TPM_STORED_DATA", { - BSG_TPM_VERSION, - FMT_SIZE32_DATA, - FMT_SIZE32_DATA, - 0}}, - {BSG_TPM_SYMMETRIC_KEY, "BSG_TPM_SYMMETRIC_KEY", { - BSG_TPM_ALGORITHM_ID, - BSG_TPM_ENC_SCHEME, - FMT_SIZE16_DATA, - 0}}, - {BSG_TPM_STORE_PRIVKEY, "BSG_TPM_STORE_PRIVKEY", {FMT_SIZE32_DATA, 0}}, - {BSG_TPM_STORE_ASYMKEY, "BSG_TPM_STORE_ASYMKEY", { - BSG_TPM_PAYLOAD_TYPE, - BSG_TPM_SECRET, - BSG_TPM_SECRET, - BSG_TPM_DIGEST, - BSG_TPM_STORE_PRIVKEY, - 0}}, - {BSG_TPM_MIGRATE_ASYMKEY, "BSG_TPM_MIGRATE_ASYMKEY", { - BSG_TPM_PAYLOAD_TYPE, - BSG_TPM_SECRET, - BSG_TPM_DIGEST, - FMT_U32, - BSG_TPM_STORE_PRIVKEY, - 0}}, - - {BSG_TPM_QUOTE_INFO, "BSG_TPM_QUOTE_INFO", { - BSG_TPM_VERSION, - FMT_DATA(4), - BSG_TPM_COMPOSITE_HASH, - BSG_TPM_NONCE, - 0}}, - - {BSG_TPM_IDENTITY_CONTENTS, "BSG_TPM_IDENTITY_CONTENTS", { - BSG_TPM_VERSION, - FMT_U32, - BSG_TPM_CHOSENID_HASH, - BSG_TPM_PUBKEY, - 0}}, - - {BSG_TPM_PCRVALUE, "BSG_TPM_PCRVALUE", {FMT_DATA(DIGEST_SIZE), 0}}, - - {BSG_TCPA_PCR_FLAGS, "TCPA_PCR_FLAGS", { - FMT_U8, - FMT_U8, - 0}}, - - {BSG_TCS_AUTH, "TCS_AUTH", { - BSG_TYPE_UINT32, - BSG_TPM_NONCE, - BSG_TPM_NONCE, - BSG_TYPE_BOOL, - BSG_TPM_AUTHDATA, - 0}}, - - {BSG_TPM_KEY_NONSENSITIVE, "BSG_TPM_KEY_NONSENSITIVE", { - BSG_TPM_VERSION, - BSG_TPM_KEY_USAGE, - BSG_TPM_KEY_FLAGS, - BSG_TPM_AUTH_DATA_USAGE, - BSG_TPM_KEY_PARMS, - FMT_SIZE32_DATA, - BSG_TPM_STORE_PUBKEY, - 0}}, - - {BSG_PACKED, "BSG_PACKED", { - __FMT_PACKED, - 0 }}, - - {BSG_TYPE_MAX, "", {0}}, -}; - - -static const BSG_Format* find_format (BSG_Type t) { - BSG_Format * f = s_fmt; - - if (t >= BSG_TYPE_MAX) { - return NULL; - } - - // WARNING: this depends on the enum and s_fmt[] array being in sync! make - // sure to run the static_selfcheck() to make sure - f = s_fmt + (t - BSG_TYPE_FIRST); - - return f; -} - -// -// a consistency-checking routine which can be run at compile time -// (ie. immediately after compilation) -// -// tasks: -// - verify that s_fmt has one entry per Type t, and that entry is at s_fmt[t] -// -// conditions: -// - need that s_fmt[0] is the first type listed in the Type enum! ie the first -// Type has value 0, not 1 -// -// FIXME: should have a function be passed in here which is called if the test -// fails. Then the caller can decide what to do: abort, notify, whatever -// -BOOL BSG_static_selfcheck () -{ - int i; - - for (i=BSG_TYPE_FIRST; i <= BSG_TYPE_MAX; i++) { - if (s_fmt[i - BSG_TYPE_FIRST].type != i) { - bsglog ("%s\n", "BSG: static_selfcheck failed!\n"); - bsglog ("failure at %i, allegedly %s\n", - i, s_fmt[i - BSG_TYPE_FIRST].name); - abort(); - return FALSE; - } - } - - bsglog ("%s\n", "BSG: static_selfcheck success!"); - return TRUE; -} - - -/** - * Flatten a TCPA structure into a buffer in big-endian format - * @type: TCPA structure type - * @src: (IN) TCPA structure (OUT) end of TCPA structure - * @dst: (OUT) flattened data - * Returns: Flattened size or -1 for unknown types - */ -// make it so that it can just run through the whole process and return -// the packed size, without packing anything. this will be done if dst is NULL. -static int BSG_Pack_private(BSG_Type type, const BSG_BYTE** src, BSG_BYTE* dst) -{ - // check incoming parameters - if (*src == NULL) - return 0; - - const BSG_BYTE* s = *src; - BSG_BYTE* d = dst; - - BSG_UINT32 size = __FMT_MASK_SIZE(type); - BSG_UINT32 format = __FMT_MASK_FORMAT(type); - - if (format == __FMT_CONST) // We are dealing with a fixed length value eg. UINT32 - { - BSG_UINT32 val = 0; - switch (size) { - case 1: val = * (BYTE*) s; break; - case 2: val = * (unsigned short*) s; break; - case 4: val = * (BSG_UINT32*) s; break; - } - if (dst) - BSG_PackConst(val, size, d); - - s += size; - d += size; - } else if (format == __FMT_DATA) { // We are dealing with raw data. Not sure when - // this is used. - - if (dst) { - bsglog ("BSG: __FMT_DATA size %d, src %p, dst %p\n", size, s, d); - memcpy(d, s, size); - } - - s += size; - d += size; - } else if (format == __FMT_SIZE || format == __FMT_HSIZE) { // It's a size, followed by that much data or handles - - BSG_UINT32 psize = 0; - switch (size) { - case 1: psize = * (BYTE*) s; break; - case 2: psize = * (unsigned short*) s; break; - case 4: psize = * (BSG_UINT32*) s; break; - } - - if (dst) - BSG_PackConst(psize, size, d); - - s += size; - d += size; - - // now 's' points to an address, so cast it to BSG_BYTE** - const BSG_BYTE* pdata = * ((BSG_BYTE**) s); - s += sizeof(BSG_BYTE*); - - if (format == __FMT_HSIZE) {// This is a list of psize Handles - if (dst) { - BSG_HANDLE* d2 = (BSG_HANDLE*) d; - BSG_HANDLE* p2 = (BSG_HANDLE*) pdata; - BSG_UINT32 i; - for (i = 0; i < psize; i++) - d2[i] = BSG_UnpackConst((BSG_BYTE*)(p2 + i), 4); - - } - d += psize * sizeof(BSG_HANDLE); - } else {// If it's not psize handles, it's psize data. - if (psize > 0) { - if (dst) { - bsglog ("BSG: __FMT_SIZE, size=%d, src=%p, dst=%p\n", - psize, pdata, d); - memcpy(d, pdata, psize); - } - } - d += psize; - } - } else if (format == __FMT_PACKED) { - // the source buffer is a pack_constbuf_t, which has a size and a - // pointer. just copy the buffer value, the size is not included in the - // output stream. - pack_constbuf_t * buf = (pack_constbuf_t*) s; - - if (dst) { - bsglog ("BSG: __FMT_PACKED, size=%d, src=%p, dst=%p\n", - buf->size, buf->data, d); - memcpy(d, buf->data, buf->size); - } - - s += buf->size; - d += buf->size; - } else if (format == 0) {// No flags are set. This is a structure & it should - // be looked up in the bsg_s_fmt[] - - const BSG_Format* x = find_format (type); - if (x == NULL) { - vtpmloginfo(VTPM_LOG_BSG, "BSG_Pack: cannot find type %d\n", type); - return -1; - } - - if (dst) - bsglog ("BSG_Pack type %s\n", x->name); - - - // iterate through the fields - const BSG_UINT32* f = x->fields; - for (; *f; f++) { - int fsize; - - g_log_recursion_level++; - fsize = BSG_Pack_private((BSG_Type) *f, &s, dst ? d : NULL); - g_log_recursion_level--; - - if (fsize <= 0) - return fsize; - - d += fsize; - } - } else { - vtpmlogerror(VTPM_LOG_BSG, "BSG_Pack(): Unknown format %d\n", format); - return -1; - } - - *src = s; - return (d - dst); -} - -/** - * Unflatten a TCPA structure from a buffer in big-endian format - * @type: TCPA structure type - * @src: flattened data - * @dst: (IN) TCPA structure (OUT) end of TCPA structure - * Returns: Flattened size - * Note: Returns flattened size NOT the unpacked structure size - */ -static int BSG_Unpack_private(BSG_Type type, const BSG_BYTE* src, BSG_BYTE** dst) { - // check incoming parameters - if (src == NULL) - return 0; - - - const BSG_BYTE* s = src; - BSG_BYTE* d = dst ? *dst:NULL; - if (dst && !d) - dst = NULL; - - BSG_UINT32 size = __FMT_MASK_SIZE(type); - BSG_UINT32 format = __FMT_MASK_FORMAT(type); - - if (format == __FMT_CONST) {// We are dealing with a fixed length value ie. UINT32 - - BSG_UINT32 val = BSG_UnpackConst(s, size); - - if (dst) { - switch (size) { - case 1: *(BYTE *) d = (BSG_BYTE) val; break; - case 2: *(unsigned short*) d = (unsigned short) val; break; - case 4: *(BSG_UINT32*) d = (BSG_UINT32) val; break; - } - } - - s += size; - d += size; - } else if (format == __FMT_DATA) {// We are dealing with raw data. Not sure when this is used. - if (dst) - memcpy(d, s, size); - - d += size; - s += size; - } else if (format == __FMT_SIZE || format == __FMT_HSIZE) {// It's a size, followed by that much data or handles - - BSG_UINT32 psize = BSG_UnpackConst(s, size); - - if (psize > BSG_MAX_BUF_SIZE) { - vtpmlogerror(VTPM_LOG_BSG, "BSG_Unpack runs into var-sized data bigger than %u bytes!!\n", - BSG_MAX_BUF_SIZE); - return -1; - } - - if (dst) { - switch (size) { - case 1: *(BYTE *) d = (BSG_BYTE) psize; break; - case 2: *(unsigned short*) d = (unsigned short) psize; break; - case 4: *(BSG_UINT32*) d = (BSG_UINT32) psize; break; - } - } - - s += size; - d += size; - - BSG_BYTE* pdata = NULL; - - if (psize) { - if (format == __FMT_HSIZE) { // This is a list of psize Handles - if (dst) { - BSG_HANDLE* s2 = (BSG_HANDLE*) s; - pdata = (BSG_BYTE *)malloc(psize * sizeof(BSG_HANDLE)); - if (!pdata) - return -1; - - BSG_HANDLE* p2 = (BSG_HANDLE*) pdata; - BSG_UINT32 i; - for (i = 0; i < psize; i++) { - BSG_PackConst(s2[i], 4, (BSG_BYTE*)(p2 + i)); - } - } - s += psize * sizeof(BSG_HANDLE); - } else { // If it's not psize handles, it's psize data. - if (dst) { - pdata = (BSG_BYTE *)malloc(sizeof(BSG_BYTE) * psize); - if (!pdata) - return -1; - memcpy(pdata, s, psize); - } - s += psize; - } - } - if (dst) - *(void**) d = pdata; - - d += sizeof(void*); - } else if (format == __FMT_PACKED) { - - // this doesn't make sense for unpacking! - vtpmlogerror(VTPM_LOG_BSG, "BSG_Unpack() called with format __FMT_PACKED. " - "This does not make sense\n"); - - return -1; - } else if (format == 0) {// No flags are set. This is a structure & it should - // be looked up in the bsg_s_fmt[] - - const BSG_Format* x = find_format (type); - if (x == NULL) { - vtpmlogerror(VTPM_LOG_BSG, "BSG_Unpack: cannot find type %d\n", type); - return -1; - } - - const BSG_UINT32* f = x->fields; - for (; *f; f++) { - int fsize = BSG_Unpack_private((BSG_Type) *f, s, dst ? &d:NULL); - if (fsize <= 0) - return fsize; - s += fsize; - } - } - - if (dst) - *dst = d; - return (s - src); -} - -/** - * Free memory associated with unpacked TCPA structure - * @type: TCPA structure type - * @src: (IN) TCPA structure (OUT) end of TCPA structure - * Note: Destroy should be called on all structures created with Unpack - * to ensure that any allocated memory is freed - */ -static void BSG_Destroy_private(BSG_Type type, BSG_BYTE** src) { - BSG_BYTE* s = *src; - - BSG_UINT32 size = __FMT_MASK_SIZE(type); - BSG_UINT32 format = __FMT_MASK_FORMAT(type); - - if ((src == NULL) || (*src == NULL)) { - vtpmlogerror(VTPM_LOG_BSG, "BSG_Destroy() called with NULL src\n"); - return; - } - - if (format == __FMT_CONST || format == __FMT_DATA) - s += size; - else if (format == __FMT_SIZE || format == __FMT_HSIZE) { - s += size; - BSG_BYTE* ptr = *(BSG_BYTE**) s; - free(ptr); - s += sizeof(void*); - } else if (format == __FMT_PACKED) { - - // this doesn't make sense for unpacking, hence also for Destroy() - vtpmlogerror(VTPM_LOG_BSG, "BSG_Destroy() called with format __FMT_PACKED. " - "This does not make sense\n"); - - return; - } else if (format == 0) { - const BSG_Format* x = find_format (type); - if (x == NULL) { - vtpmlogerror(VTPM_LOG_BSG, "BSG_Destroy: cannot find type %d\n", type); - return; - } - - const BSG_UINT32* f = x->fields; - for (; *f; f++) - BSG_Destroy_private((BSG_Type) *f, &s); - } - - *src = s; -} - -int BSG_Pack(BSG_Type type, const void* src, BSG_BYTE* dst) -{ - const BSG_BYTE* src2 = (const BSG_BYTE*) src; - return BSG_Pack_private(type, &src2, dst); -} - -int BSG_Unpack(BSG_Type type, const BSG_BYTE* src, void* dst) -{ - BSG_BYTE* dst2 = (BSG_BYTE*) dst; - return BSG_Unpack_private(type, src, dst ? &dst2:NULL); -} - -void BSG_Destroy(BSG_Type type, void* src) -{ - BSG_BYTE* src2 = (BSG_BYTE*) src; - BSG_Destroy_private(type, &src2); -} - -/** - * Pack a 8/16/32-bit constant into a buffer in big-endian format - * @val: constant value - * @size: constant size in bytes (1, 2, or 4) - * @dst: (OUT) buffer - */ -void BSG_PackConst(BSG_UINT32 val, int size, BSG_BYTE* dst) { - bsglog ("BSG: PackConst on %d of size %i into address %p\n", val, size, dst); - - switch (size) { - case 4: - dst[0] = (BSG_BYTE)((val >> 24) & 0xff); - dst[1] = (BSG_BYTE)((val >> 16) & 0xff); - dst[2] = (BSG_BYTE)((val >> 8) & 0xff); - dst[3] = (BSG_BYTE)(val & 0xff); - break; - case 2: - dst[0] = (BSG_BYTE)((val >> 8) & 0xff); - dst[1] = (BSG_BYTE)(val & 0xff); - break; - case 1: - dst[0] = (BSG_BYTE)(val & 0xff); - break; - } -} - -/** - * Unpack a 8/16/32-bit constant from a buffer in big-endian format - * @src: buffer - * @size: constant size in bytes (1, 2, or 4) - */ -BSG_UINT32 BSG_UnpackConst(const BSG_BYTE* src, int size) { - BSG_UINT32 val = 0; - - if (src == NULL) - return 0; - - switch (size) { - case 4: - val = (((BSG_UINT32) src[0]) << 24 - | ((BSG_UINT32) src[1]) << 16 - | ((BSG_UINT32) src[2]) << 8 - | (BSG_UINT32) src[3]); - break; - case 2: - val = (((BSG_UINT32) src[0]) << 8 | (BSG_UINT32) src[1]); - break; - case 1: - val = (BSG_UINT32) src[0]; - break; - } - return val; -} - -// Pack a list of parameters. Beware not to send values, but rather you must -// send a pointer to your values Instead. This includes UINT32's. -int BSG_PackList( BSG_BYTE* dst, int ParamCount, ... ) { - int ParamNumber; - BSG_Type format; - BSG_BYTE* val = NULL; - int size=0; - - va_list paramList; - va_start( paramList, ParamCount ); - - for( ParamNumber = 1; ParamNumber <= ParamCount; ParamNumber++) { - //Strangeness with int is because gcc wanted an int rather than a enum of ints. - format = (BSG_Type) va_arg( paramList, int ); - val = va_arg( paramList, BSG_BYTE* ); - size += BSG_Pack(format, val, dst == NULL ? NULL : dst + size); - } - - va_end (paramList); - - return size; -} - -// Unpack a list of parameters. -int BSG_UnpackList( const BSG_BYTE* src, int ParamCount, ... ) { - int ParamNumber = 0; - BSG_Type format; - BSG_BYTE* val = NULL; - int size = 0; - - va_list paramList; - va_start( paramList, ParamCount ); - - for( ParamNumber = 1; ParamNumber <= ParamCount; ParamNumber++) { - format = (BSG_Type) va_arg( paramList, int ); - val = va_arg( paramList, BSG_BYTE* ); - - size += BSG_Unpack(format, src + size, val); - } - - va_end( paramList ); - - return size; -} - -// Destroy any memory allocated by calls to unpack -void BSG_DestroyList(int ParamCount, ... ) { - int ParamNumber = 0; - BSG_Type argType; - BSG_BYTE* paramValue = NULL; - - va_list paramList; - va_start( paramList, ParamCount ); - - for( ParamNumber = 1; ParamNumber <= ParamCount; ParamNumber++) { - argType = (BSG_Type) va_arg( paramList, int ); - paramValue = va_arg( paramList, BSG_BYTE* ); - - BSG_Destroy(argType, paramValue); - } - - va_end( paramList ); - - return; -} - - -// and a tuple version -TPM_RESULT BSG_DestroyTuple (int numParams, pack_tuple_t params[]) { - int i; - - for (i = 0; i < numParams; i++) - BSG_Destroy (params[i].type, params[i].addr); - - return TPM_SUCCESS; -} - - -// -// wrappers of Pack and PackList which malloc the ouput buffer. to be freed -// by the caller later -// - -int BSG_PackMalloc (BSG_Type type, const void* src, BSG_BYTE** o_dst) { - int size = BSG_Pack (type, src, NULL); - BSG_BYTE * dest = (BSG_BYTE*) malloc (size); - if (dest == NULL) - return -1; - - size = BSG_Pack(type, src, dest); - *o_dst = dest; - return size; -} - - - -int BSG_PackListMalloc(BSG_BYTE** outBuffer, int ParamCount, ... ) { - va_list args; - int size; - - va_start (args, ParamCount); - size = BSG_PackList (NULL, ParamCount, args); - va_end (args); - - BSG_BYTE * dest = (BSG_BYTE*) malloc (size); - if (dest == NULL) - return -1; - - va_start (args, ParamCount); - size = BSG_PackList (dest, ParamCount, args); - va_end (args); - - *outBuffer = dest; - return size; -} diff --git a/tools/vtpm_manager/util/bsg.h b/tools/vtpm_manager/util/bsg.h deleted file mode 100644 index 08968126fd..0000000000 --- a/tools/vtpm_manager/util/bsg.h +++ /dev/null @@ -1,166 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== -// -// bsg.h -// -// This file contains API's for the TPM Byte Stream functions -// -// ================================================================== - -#ifndef __BSG_H__ -#define __BSG_H__ - -#include <stdarg.h> -#include "buffer.h" - -typedef unsigned int BSG_UINT32; -typedef unsigned char BSG_BYTE; - -// forward decl -struct pack_const_tuple_t; - -struct pack_tuple_t; - - -/** - * Byte stream generator - */ -// this has to be manually kept in sync with the -// s_fmt array!! -// but now we have a self-check function which can make sure things are well -// (if used!) -typedef enum BSG_Type -{ - BSG_TYPE_FIRST = 1, - BSG_TYPE_UINT32 = 1, // start at 1 so that Type 0 only serves as an - // unused/special value - BSG_TYPE_UINT16, - BSG_TYPE_BYTE, - BSG_TYPE_BOOL, - BSG_TPM_SIZE32_DATA, // a 32 bit unsigned size, followed by - // a pointer to that much data. can pass a - // struct pack_buf_t as the param - BSG_TPM_TAG, - BSG_TPM_HANDLE, - BSG_TPM_RESULT, - BSG_TPM_RESOURCE_TYPE, - BSG_TPM_COMMAND_CODE, - BSG_TPM_AUTH_DATA_USAGE, - BSG_TPM_ALGORITHM_ID, - BSG_TPM_PROTOCOL_ID, - BSG_TPM_KEY_USAGE, - BSG_TPM_ENC_SCHEME, - BSG_TPM_SIG_SCHEME, - BSG_TPM_MIGRATE_SCHEME, - BSG_TPM_KEY_FLAGS, - BSG_TPM_AUTHDATA, - BSG_TPM_SECRET, - BSG_TPM_ENCAUTH, - BSG_TPM_PAYLOAD_TYPE, - - BSG_TPM_VERSION, - BSG_TPM_DIGEST, - BSG_TPM_COMPOSITE_HASH, - BSG_TPM_CHOSENID_HASH, - BSG_TPM_NONCE, - BSG_TPM_KEY_HANDLE, - BSG_TPM_KEY_HANDLE_LIST, - BSG_TPM_KEY_PARMS, - BSG_TPM_RSA_KEY_PARMS, - BSG_TPM_STORE_PUBKEY, - BSG_TPM_PUBKEY, - BSG_TPM_KEY, - - BSG_TPM_MIGRATIONKEYAUTH, - BSG_TCPA_AUDIT_EVENT, - BSG_TCPA_EVENT_CERT, - BSG_TPM_PCR_SELECTION, - BSG_TPM_PCR_COMPOSITE, - BSG_TPM_PCR_INFO, - BSG_TPM_STORED_DATA, - BSG_TPM_SYMMETRIC_KEY, - BSG_TPM_STORE_PRIVKEY, - BSG_TPM_STORE_ASYMKEY, - BSG_TPM_MIGRATE_ASYMKEY, - BSG_TPM_QUOTE_INFO, - BSG_TPM_IDENTITY_CONTENTS, - BSG_TPM_PCRVALUE, - BSG_TCPA_PCR_FLAGS, - BSG_TCS_AUTH, - - // this is the BSG_TPM_KEY struct without the encData field - BSG_TPM_KEY_NONSENSITIVE, - - BSG_PACKED, - - BSG_TYPE_MAX -} BSG_Type; - -struct pack_const_tuple_t { - BSG_Type type; - const void * addr; -}; - - -typedef struct pack_tuple_t { - BSG_Type type; - void * addr; -} pack_tuple_t; - -int BSG_Pack(BSG_Type type, const void* src, BSG_BYTE* dst); -int BSG_Unpack(BSG_Type type, const BSG_BYTE* src, void* dst); -void BSG_Destroy(BSG_Type type, void* src); - -// wrappers of Pack and PackList which malloc the ouput buffer. to be freed -// by the caller later. returns size of allocated buffer, or -1 in case -// allocation failed -int BSG_PackMalloc (BSG_Type type, const void* src, BSG_BYTE** o_dst); -int BSG_PackListMalloc (BSG_BYTE** outBuffer, int ParamCount, ... ); - -// a va_list version of PackList -int BSG_PackList(BSG_BYTE* outBuffer, int ParamCount, ... ); -int BSG_UnpackList(const BSG_BYTE* inBuffer, int ParamCount, ... ); -void BSG_DestroyList(int ParamCount, ... ); - -// wrapper of PackList which uses a buffer_t -TPM_RESULT BSG_PackListBuf (buffer_t * o_buf, int ParamCount, ...); - -// and a tuple version -TPM_RESULT BSG_DestroyTuple (int numParams, pack_tuple_t params[]); - -void BSG_PackConst(BSG_UINT32 val, int size, BSG_BYTE* dst); -BSG_UINT32 BSG_UnpackConst(const BSG_BYTE* src, int size); - -BOOL BSG_static_selfcheck (); - -#endif diff --git a/tools/vtpm_manager/util/buffer.c b/tools/vtpm_manager/util/buffer.c deleted file mode 100644 index df48bc2c40..0000000000 --- a/tools/vtpm_manager/util/buffer.c +++ /dev/null @@ -1,226 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== - - -#include <stdarg.h> -#include <string.h> -#include <stdlib.h> -#include <stdio.h> -#include <sys/param.h> - -#include "tcg.h" -#include "bsg.h" -#include "buffer.h" - -static TPM_RESULT buffer_priv_realloc (buffer_t * buf, tpm_size_t newsize); - -// -// buffer functions! -// - -TPM_RESULT buffer_init (buffer_t * buf, tpm_size_t initsize, const BYTE* initval) { - if (initsize == 0) { - memset(buf, 0, sizeof(*buf)); - return TPM_SUCCESS; - } - - - buf->bytes = (BYTE*) malloc (initsize); - if (buf->bytes == NULL) - return TPM_RESOURCES; - - buf->size = initsize; - buf->alloc_size = initsize; - - if (initval) - memcpy (buf->bytes, initval, initsize); - - buf->is_owner = TRUE; - - return TPM_SUCCESS; -} - -TPM_RESULT buffer_init_convert (buffer_t * buf, tpm_size_t initsize, BYTE* initval) { - - buf->size = initsize; - buf->alloc_size = initsize; - buf->bytes = initval; - - buf->is_owner = TRUE; - - return TPM_SUCCESS; -} - -TPM_RESULT buffer_init_copy (buffer_t * buf, const buffer_t * src) { - TPM_RESULT status = buffer_init (buf, src->size, src->bytes); - buf->is_owner = TRUE; - - return status; -} - - - -// make an alias to a constant array -TPM_RESULT buffer_init_const (buffer_t * buf, tpm_size_t size, const BYTE* val) { - // TODO: try to enforce the const things somehow! - buf->bytes = (BYTE*) val; - buf->size = size; - buf->alloc_size = 0; // this field is now unneeded - - buf->is_owner = FALSE; - - return TPM_SUCCESS; -} - -// make an alias into buf, with given offset and length -// if len = 0, make the alias go to the end of buf -TPM_RESULT buffer_init_alias (buffer_t * buf, const buffer_t * b, - tpm_size_t offset, tpm_size_t len) { - if (offset + len > b->size) { - return TPM_NOSPACE; - } - - buf->bytes = b->bytes + offset; - buf->size = len > 0 ? len : b->size - offset; - - //VS/ buf->alloc_size = 0; - if (len ==0) - buf->alloc_size = b->alloc_size - offset; - else - buf->alloc_size = MIN(b->alloc_size - offset, len); - - - buf->is_owner = FALSE; - - return TPM_SUCCESS; -} - -// make an alias buffer_t into bytestream, with given length -TPM_RESULT buffer_init_alias_convert (buffer_t * buf, tpm_size_t size, BYTE* val) { - - buf->size = size; - buf->alloc_size = size; - buf->bytes = val; - - buf->is_owner = FALSE; - - return TPM_SUCCESS; -} - - - -// copy into the start of dest -TPM_RESULT buffer_copy (buffer_t * dest, const buffer_t* src) -{ - TPM_RESULT status = TPM_SUCCESS; - - if (dest->alloc_size < src->size) { - TPMTRYRETURN( buffer_priv_realloc (dest, src->size) ); - } - - memcpy (dest->bytes, src->bytes, src->size); - dest->size = src->size; - - //VS/ dest->is_owner = TRUE; - - abort_egress: - - return status; -} - - - -BOOL buffer_eq (const buffer_t * a, const buffer_t * b) { - return (a->size == b->size && memcmp (a->bytes, b->bytes, a->size) == 0); -} - - -void buffer_memset (buffer_t * buf, BYTE b) { - memset (buf->bytes, b, buf->size); -} - - -TPM_RESULT buffer_append_raw (buffer_t * buf, tpm_size_t len, const BYTE* bytes) { - TPM_RESULT status = TPM_SUCCESS; - - if (buf->alloc_size < buf->size + len) { - TPMTRYRETURN( buffer_priv_realloc (buf, buf->size + len) ); - } - - memcpy (buf->bytes + buf->size, bytes, len); - - buf->size += len; - - goto egress; - - abort_egress: - - egress: - - return status; -} - -tpm_size_t buffer_len (const buffer_t* buf) { - return buf->size; -} - -TPM_RESULT buffer_free (buffer_t * buf) { - if (buf && buf->is_owner && buf->bytes != NULL) { - free (buf->bytes); - buf->bytes = NULL; - buf->size = buf->alloc_size = 0; - - } - - return TPM_SUCCESS; -} - -TPM_RESULT buffer_priv_realloc (buffer_t * buf, tpm_size_t newsize) { - - // we want to realloc to twice the size, or the new size, whichever - // bigger - - BYTE * tmpbuf = NULL; - - newsize = MAX (buf->alloc_size * 2, newsize); - - tmpbuf = (BYTE*) realloc (buf->bytes, newsize); - if (tmpbuf == NULL) - return TPM_SIZE; - - - buf->bytes = tmpbuf; - buf->alloc_size = newsize; - - return TPM_SUCCESS; -} diff --git a/tools/vtpm_manager/util/buffer.h b/tools/vtpm_manager/util/buffer.h deleted file mode 100644 index d8a9abcfb3..0000000000 --- a/tools/vtpm_manager/util/buffer.h +++ /dev/null @@ -1,95 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== - -#ifndef __VTPM_BUFFER_H__ -#define __VTPM_BUFFER_H__ - -#include <stddef.h> // for pointer NULL -#include "tcg.h" - -typedef UINT32 tpm_size_t; - -// first version, probably will be expanded... - -#define NULL_BUF {0,0,0,0} - -typedef struct { - // private!! - tpm_size_t size, alloc_size; - BYTE * bytes; - - BOOL is_owner; // do we own this buffer, and need to free it? -} buffer_t; - -// allocate the buffer if initsize > 0, copying over initval if provided -TPM_RESULT buffer_init (buffer_t * buf, - tpm_size_t initsize, - const BYTE* initval); - -// Create a new buffer from a BYTE *. Use buffer_free to destroy original BYTE * -TPM_RESULT buffer_init_convert (buffer_t * buf, - tpm_size_t initsize, - BYTE* initval); - -// make an alias to a constant array, no copying -TPM_RESULT buffer_init_const (buffer_t * buf, tpm_size_t size, const BYTE* val); - -// make an alias into buf, with given offset and length -// if len = 0, make the alias go to the end of buf -TPM_RESULT buffer_init_alias (buffer_t * buf, const buffer_t * b, - tpm_size_t offset, tpm_size_t); - -// make an alias buffer into a bytestream -TPM_RESULT buffer_init_alias_convert (buffer_t * buf, - tpm_size_t size, BYTE* val); - -// "copy constructor" -TPM_RESULT buffer_init_copy (buffer_t * buf, const buffer_t * src); - - -// copy into the start of a -TPM_RESULT buffer_copy (buffer_t * dest, const buffer_t* src); - -// are they equal? -BOOL buffer_eq (const buffer_t * a, const buffer_t * b); - -// set the buffer to a constant byte -void buffer_memset (buffer_t * buf, BYTE b); - -tpm_size_t buffer_len (const buffer_t* buf); - -TPM_RESULT buffer_free (buffer_t * buf); - -TPM_RESULT buffer_append_raw (buffer_t * buf, tpm_size_t len, const BYTE* bytes); - -#endif // _TOOLS_H_ diff --git a/tools/vtpm_manager/util/hashtable.c b/tools/vtpm_manager/util/hashtable.c deleted file mode 100644 index aff0e2bae6..0000000000 --- a/tools/vtpm_manager/util/hashtable.c +++ /dev/null @@ -1,316 +0,0 @@ -/* - * Copyright (c) 2005, Intel Corp - * Copyright (c) 2002, Christopher Clark <firstname.lastname@cl.cam.ac.uk> - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * * Neither the name of the original author; nor the names of any contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER - * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -/* - * There are duplicates of this code in: - * - tools/xenstore/hashtable.c - * - tools/blktap2/drivers/hashtable.c - */ - -#include "hashtable.h" -#include "hashtable_private.h" -#include <stdlib.h> -#include <stdio.h> -#include <string.h> -#include <math.h> - -/* -Credit for primes table: Aaron Krowne - http://br.endernet.org/~akrowne/ - http://planetmath.org/encyclopedia/GoodHashTablePrimes.html -*/ -static const unsigned int primes[] = { -53, 97, 193, 389, -769, 1543, 3079, 6151, -12289, 24593, 49157, 98317, -196613, 393241, 786433, 1572869, -3145739, 6291469, 12582917, 25165843, -50331653, 100663319, 201326611, 402653189, -805306457, 1610612741 -}; -const unsigned int prime_table_length = sizeof(primes)/sizeof(primes[0]); -const float max_load_factor = 0.65; - -/*****************************************************************************/ -struct hashtable * -create_hashtable(unsigned int minsize, - unsigned int (*hashf) (void*), - int (*eqf) (void*,void*)) -{ - struct hashtable *h; - unsigned int pindex, size = primes[0]; - /* Check requested hashtable isn't too large */ - if (minsize > (1u << 30)) return NULL; - /* Enforce size as prime */ - for (pindex=0; pindex < prime_table_length; pindex++) { - if (primes[pindex] > minsize) { size = primes[pindex]; break; } - } - h = (struct hashtable *)malloc(sizeof(struct hashtable)); - if (NULL == h) return NULL; /*oom*/ - h->table = (struct entry **)malloc(sizeof(struct entry*) * size); - if (NULL == h->table) { free(h); return NULL; } /*oom*/ - memset(h->table, 0, size * sizeof(struct entry *)); - h->tablelength = size; - h->primeindex = pindex; - h->entrycount = 0; - h->hashfn = hashf; - h->eqfn = eqf; - h->loadlimit = (unsigned int) ceil(size * max_load_factor); -#ifdef HASHTABLE_THREADED - pthread_mutex_init(&h->mutex, NULL); -#endif - return h; -} - -/*****************************************************************************/ -unsigned int -hash(struct hashtable *h, void *k) -{ - unsigned int i = h->hashfn(k); - i += ~(i << 9); - i ^= ((i >> 14) | (i << 18)); /* >>> */ - i += (i << 4); - i ^= ((i >> 10) | (i << 22)); /* >>> */ - return i; -} - -/*****************************************************************************/ -static int -hashtable_expand(struct hashtable *h) -{ - /* Double the size of the table to accomodate more entries */ - struct entry **newtable; - struct entry *e; - struct entry **pE; - unsigned int newsize, i, index; - /* Check we're not hitting max capacity */ - if (h->primeindex == (prime_table_length - 1)) return 0; - newsize = primes[++(h->primeindex)]; - - newtable = (struct entry **)malloc(sizeof(struct entry*) * newsize); - if (NULL != newtable) - { - memset(newtable, 0, newsize * sizeof(struct entry *)); - /* This algorithm is not 'stable'. ie. it reverses the list - * when it transfers entries between the tables */ - for (i = 0; i < h->tablelength; i++) { - while (NULL != (e = h->table[i])) { - h->table[i] = e->next; - index = indexFor(newsize,e->h); - e->next = newtable[index]; - newtable[index] = e; - } - } - free(h->table); - h->table = newtable; - } - /* Plan B: realloc instead */ - else - { - newtable = (struct entry **) - realloc(h->table, newsize * sizeof(struct entry *)); - if (NULL == newtable) { (h->primeindex)--; return 0; } - h->table = newtable; - memset(newtable[h->tablelength], 0, newsize - h->tablelength); - for (i = 0; i < h->tablelength; i++) { - for (pE = &(newtable[i]), e = *pE; e != NULL; e = *pE) { - index = indexFor(newsize,e->h); - if (index == i) - { - pE = &(e->next); - } - else - { - *pE = e->next; - e->next = newtable[index]; - newtable[index] = e; - } - } - } - } - h->tablelength = newsize; - h->loadlimit = (unsigned int) ceil(newsize * max_load_factor); - return -1; -} - -/*****************************************************************************/ -unsigned int -hashtable_count(struct hashtable *h) -{ - unsigned int count; -#ifdef HASHTABLE_THREADED - pthread_mutex_lock(&h->mutex); -#endif - count = h->entrycount; -#ifdef HASHTABLE_THREADED - pthread_mutex_unlock(&h->mutex); -#endif - return count; -} - -/*****************************************************************************/ -int -hashtable_insert(struct hashtable *h, void *k, void *v) -{ - /* This method allows duplicate keys - but they shouldn't be used */ - unsigned int index; - struct entry *e; -#ifdef HASHTABLE_THREADED - pthread_mutex_lock(&h->mutex); -#endif - if (++(h->entrycount) > h->loadlimit) - { - /* Ignore the return value. If expand fails, we should - * still try cramming just this value into the existing table - * -- we may not have memory for a larger table, but one more - * element may be ok. Next time we insert, we'll try expanding again.*/ - hashtable_expand(h); - } - e = (struct entry *)malloc(sizeof(struct entry)); - if (NULL == e) { --(h->entrycount); return 0; } /*oom*/ - e->h = hash(h,k); - index = indexFor(h->tablelength,e->h); - e->k = k; - e->v = v; - e->next = h->table[index]; - h->table[index] = e; -#ifdef HASHTABLE_THREADED - pthread_mutex_unlock(&h->mutex); -#endif - return -1; -} - -/*****************************************************************************/ -void * /* returns value associated with key */ -hashtable_search(struct hashtable *h, void *k) -{ -#ifdef HASHTABLE_THREADED - pthread_mutex_lock(&h->mutex); -#endif - struct entry *e; - unsigned int hashvalue, index; - hashvalue = hash(h,k); - index = indexFor(h->tablelength,hashvalue); - e = h->table[index]; - while (NULL != e) - { - /* Check hash value to short circuit heavier comparison */ - if ((hashvalue == e->h) && (h->eqfn(k, e->k))) { -#ifdef HASHTABLE_THREADED - pthread_mutex_unlock(&h->mutex); -#endif - return e->v; - } - e = e->next; - } -#ifdef HASHTABLE_THREADED - pthread_mutex_unlock(&h->mutex); -#endif - return NULL; -} - -/*****************************************************************************/ -void * /* returns value associated with key */ -hashtable_remove(struct hashtable *h, void *k) -{ - /* TODO: consider compacting the table when the load factor drops enough, - * or provide a 'compact' method. */ -#ifdef HASHTABLE_THREADED - pthread_mutex_lock(&h->mutex); -#endif - struct entry *e; - struct entry **pE; - void *v; - unsigned int hashvalue, index; - - hashvalue = hash(h,k); - index = indexFor(h->tablelength,hash(h,k)); - pE = &(h->table[index]); - e = *pE; - while (NULL != e) - { - /* Check hash value to short circuit heavier comparison */ - if ((hashvalue == e->h) && (h->eqfn(k, e->k))) - { - *pE = e->next; - h->entrycount--; - v = e->v; - freekey(e->k); - free(e); - return v; - } - pE = &(e->next); - e = e->next; - } -#ifdef HASHTABLE_THREADED - pthread_mutex_unlock(&h->mutex); -#endif - return NULL; -} - -/*****************************************************************************/ -/* destroy */ -void -hashtable_destroy(struct hashtable *h, int free_values) -{ -#ifdef HASHTABLE_THREADED - pthread_mutex_lock(&h->mutex); -#endif - unsigned int i; - struct entry *e, *f; - struct entry **table = h->table; - if (free_values) - { - for (i = 0; i < h->tablelength; i++) - { - e = table[i]; - while (NULL != e) - { f = e; e = e->next; freekey(f->k); free(f->v); free(f); } - } - } - else - { - for (i = 0; i < h->tablelength; i++) - { - e = table[i]; - while (NULL != e) - { f = e; e = e->next; freekey(f->k); free(f); } - } - } - free(h->table); -#ifdef HASHTABLE_THREADED - pthread_mutex_destroy(&h->mutex); -#endif - free(h); -} diff --git a/tools/vtpm_manager/util/hashtable.h b/tools/vtpm_manager/util/hashtable.h deleted file mode 100644 index dedc60a919..0000000000 --- a/tools/vtpm_manager/util/hashtable.h +++ /dev/null @@ -1,204 +0,0 @@ -/* - * Copyright (c) 2005, Intel Corp - * Copyright (c) 2002, Christopher Clark <firstname.lastname@cl.cam.ac.uk> - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * * Neither the name of the original author; nor the names of any contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER - * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -/* - * There are duplicates of this code in: - * - tools/xenstore/hashtable.h - * - tools/blktap2/drivers/hashtable.h - */ - -#ifndef __HASHTABLE_CWC22_H__ -#define __HASHTABLE_CWC22_H__ - -struct hashtable; - -/* Example of use: - * - * struct hashtable *h; - * struct some_key *k; - * struct some_value *v; - * - * static unsigned int hash_from_key_fn( void *k ); - * static int keys_equal_fn ( void *key1, void *key2 ); - * - * h = create_hashtable(16, hash_from_key_fn, keys_equal_fn); - * k = (struct some_key *) malloc(sizeof(struct some_key)); - * v = (struct some_value *) malloc(sizeof(struct some_value)); - * - * (initialise k and v to suitable values) - * - * if (! hashtable_insert(h,k,v) ) - * { exit(-1); } - * - * if (NULL == (found = hashtable_search(h,k) )) - * { printf("not found!"); } - * - * if (NULL == (found = hashtable_remove(h,k) )) - * { printf("Not found\n"); } - * - */ - -/* Macros may be used to define type-safe(r) hashtable access functions, with - * methods specialized to take known key and value types as parameters. - * - * Example: - * - * Insert this at the start of your file: - * - * DEFINE_HASHTABLE_INSERT(insert_some, struct some_key, struct some_value); - * DEFINE_HASHTABLE_SEARCH(search_some, struct some_key, struct some_value); - * DEFINE_HASHTABLE_REMOVE(remove_some, struct some_key, struct some_value); - * - * This defines the functions 'insert_some', 'search_some' and 'remove_some'. - * These operate just like hashtable_insert etc., with the same parameters, - * but their function signatures have 'struct some_key *' rather than - * 'void *', and hence can generate compile time errors if your program is - * supplying incorrect data as a key (and similarly for value). - * - * Note that the hash and key equality functions passed to create_hashtable - * still take 'void *' parameters instead of 'some key *'. This shouldn't be - * a difficult issue as they're only defined and passed once, and the other - * functions will ensure that only valid keys are supplied to them. - * - * The cost for this checking is increased code size and runtime overhead - * - if performance is important, it may be worth switching back to the - * unsafe methods once your program has been debugged with the safe methods. - * This just requires switching to some simple alternative defines - eg: - * #define insert_some hashtable_insert - * - */ - -/***************************************************************************** - * create_hashtable - - * @name create_hashtable - * @param minsize minimum initial size of hashtable - * @param hashfunction function for hashing keys - * @param key_eq_fn function for determining key equality - * @return newly created hashtable or NULL on failure - */ - -struct hashtable * -create_hashtable(unsigned int minsize, - unsigned int (*hashfunction) (void*), - int (*key_eq_fn) (void*,void*)); - -/***************************************************************************** - * hashtable_insert - - * @name hashtable_insert - * @param h the hashtable to insert into - * @param k the key - hashtable claims ownership and will free on removal - * @param v the value - does not claim ownership - * @return non-zero for successful insertion - * - * This function will cause the table to expand if the insertion would take - * the ratio of entries to table size over the maximum load factor. - * - * This function does not check for repeated insertions with a duplicate key. - * The value returned when using a duplicate key is undefined -- when - * the hashtable changes size, the order of retrieval of duplicate key - * entries is reversed. - * If in doubt, remove before insert. - */ - -int -hashtable_insert(struct hashtable *h, void *k, void *v); - -#define DEFINE_HASHTABLE_INSERT(fnname, keytype, valuetype) \ -int fnname (struct hashtable *h, keytype *k, valuetype *v) \ -{ \ - return hashtable_insert(h,k,v); \ -} - -/***************************************************************************** - * hashtable_search - - * @name hashtable_search - * @param h the hashtable to search - * @param k the key to search for - does not claim ownership - * @return the value associated with the key, or NULL if none found - */ - -void * -hashtable_search(struct hashtable *h, void *k); - -#define DEFINE_HASHTABLE_SEARCH(fnname, keytype, valuetype) \ -valuetype * fnname (struct hashtable *h, keytype *k) \ -{ \ - return (valuetype *) (hashtable_search(h,k)); \ -} - -/***************************************************************************** - * hashtable_remove - - * @name hashtable_remove - * @param h the hashtable to remove the item from - * @param k the key to search for - does not claim ownership - * @return the value associated with the key, or NULL if none found - */ - -void * /* returns value */ -hashtable_remove(struct hashtable *h, void *k); - -#define DEFINE_HASHTABLE_REMOVE(fnname, keytype, valuetype) \ -valuetype * fnname (struct hashtable *h, keytype *k) \ -{ \ - return (valuetype *) (hashtable_remove(h,k)); \ -} - - -/***************************************************************************** - * hashtable_count - - * @name hashtable_count - * @param h the hashtable - * @return the number of items stored in the hashtable - */ -unsigned int -hashtable_count(struct hashtable *h); - - -/***************************************************************************** - * hashtable_destroy - - * @name hashtable_destroy - * @param h the hashtable - * @param free_values whether to call 'free' on the remaining values - */ - -void -hashtable_destroy(struct hashtable *h, int free_values); - -#endif /* __HASHTABLE_CWC22_H__ */ diff --git a/tools/vtpm_manager/util/hashtable_itr.c b/tools/vtpm_manager/util/hashtable_itr.c deleted file mode 100644 index dcf42c87c5..0000000000 --- a/tools/vtpm_manager/util/hashtable_itr.c +++ /dev/null @@ -1,236 +0,0 @@ -/* - * Copyright (c) 2005, Intel Corp - * Copyright (c) 2002, Christopher Clark <firstname.lastname@cl.cam.ac.uk> - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * * Neither the name of the original author; nor the names of any contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER - * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -/* - * There are duplicates of this code in: - * - tools/blktap2/drivers/hashtable_itr.c - */ - -#include "hashtable.h" -#include "hashtable_private.h" -#include "hashtable_itr.h" -#include <stdlib.h> /* defines NULL */ - -/*****************************************************************************/ -/* hashtable_iterator - iterator constructor */ - -struct hashtable_itr * -hashtable_iterator(struct hashtable *h) -{ - unsigned int i, tablelength; - struct hashtable_itr *itr = (struct hashtable_itr *) - malloc(sizeof(struct hashtable_itr)); - if (NULL == itr) return NULL; -#ifdef HASHTABLE_THREADED - pthread_mutex_lock(&h->mutex); -#endif - itr->h = h; - itr->e = NULL; - itr->parent = NULL; - tablelength = h->tablelength; - itr->index = tablelength; - if (0 == h->entrycount) { -#ifdef HASHTABLE_THREADED - pthread_mutex_unlock(&h->mutex); -#endif - return itr; - } - - for (i = 0; i < tablelength; i++) - { - if (NULL != h->table[i]) - { - itr->e = h->table[i]; - itr->index = i; - break; - } - } -#ifdef HASHTABLE_THREADED - pthread_mutex_unlock(&h->mutex); -#endif - return itr; -} - -/*****************************************************************************/ -/* key - return the key of the (key,value) pair at the current position */ -/* value - return the value of the (key,value) pair at the current position */ - -void * -hashtable_iterator_key(struct hashtable_itr *i) -{ return i->e->k; } - -void * -hashtable_iterator_value(struct hashtable_itr *i) -{ return i->e->v; } - -/*****************************************************************************/ -/* advance - advance the iterator to the next element - * returns zero if advanced to end of table */ - -int -hashtable_iterator_advance(struct hashtable_itr *itr) -{ -#ifdef HASHTABLE_THREADED - pthread_mutex_lock(&itr->h->mutex); -#endif - unsigned int j,tablelength; - struct entry **table; - struct entry *next; - int ret; - if (NULL == itr->e) { /* stupidity check */ - ret = 0; - goto egress; - } - - next = itr->e->next; - if (NULL != next) - { - itr->parent = itr->e; - itr->e = next; - ret = -1; - goto egress; - } - - tablelength = itr->h->tablelength; - itr->parent = NULL; - if (tablelength <= (j = ++(itr->index))) - { - itr->e = NULL; - ret = 0; - goto egress; - } - table = itr->h->table; - while (NULL == (next = table[j])) - { - if (++j >= tablelength) - { - itr->index = tablelength; - itr->e = NULL; - ret = 0; - goto egress; - } - } - itr->index = j; - itr->e = next; - ret = -1; - - egress: -#ifdef HASHTABLE_THREADED - pthread_mutex_unlock(&itr->h->mutex); -#endif - return ret; -} - -/*****************************************************************************/ -/* remove - remove the entry at the current iterator position - * and advance the iterator, if there is a successive - * element. - * If you want the value, read it before you remove: - * beware memory leaks if you don't. - * Returns zero if end of iteration. */ - -int -hashtable_iterator_remove(struct hashtable_itr *itr) -{ -#ifdef HASHTABLE_THREADED - pthread_mutex_lock(&itr->h->mutex); -#endif - struct entry *remember_e, *remember_parent; - int ret; - - /* Do the removal */ - if (NULL == (itr->parent)) - { - /* element is head of a chain */ - itr->h->table[itr->index] = itr->e->next; - } else { - /* element is mid-chain */ - itr->parent->next = itr->e->next; - } - /* itr->e is now outside the hashtable */ - remember_e = itr->e; - itr->h->entrycount--; - freekey(remember_e->k); - - /* Advance the iterator, correcting the parent */ - remember_parent = itr->parent; - ret = hashtable_iterator_advance(itr); - if (itr->parent == remember_e) { itr->parent = remember_parent; } - free(remember_e); -#ifdef HASHTABLE_THREADED - pthread_mutex_unlock(&itr->h->mutex); -#endif - return ret; -} - -/*****************************************************************************/ -int /* returns zero if not found */ -hashtable_iterator_search(struct hashtable_itr *itr, - struct hashtable *h, void *k) -{ -#ifdef HASHTABLE_THREADED - pthread_mutex_lock(&h->mutex); -#endif - struct entry *e, *parent; - unsigned int hashvalue, index; - int ret; - - hashvalue = hash(h,k); - index = indexFor(h->tablelength,hashvalue); - - e = h->table[index]; - parent = NULL; - while (NULL != e) - { - /* Check hash value to short circuit heavier comparison */ - if ((hashvalue == e->h) && (h->eqfn(k, e->k))) - { - itr->index = index; - itr->e = e; - itr->parent = parent; - itr->h = h; - ret= -1; - goto egress; - } - parent = e; - e = e->next; - } - ret = 0; - -egress: -#ifdef HASHTABLE_THREADED - pthread_mutex_unlock(&h->mutex); -#endif - return ret; -} diff --git a/tools/vtpm_manager/util/hashtable_itr.h b/tools/vtpm_manager/util/hashtable_itr.h deleted file mode 100644 index 35654e0b01..0000000000 --- a/tools/vtpm_manager/util/hashtable_itr.h +++ /dev/null @@ -1,109 +0,0 @@ -/* - * Copyright (c) 2005, Intel Corp - * Copyright (c) 2002, Christopher Clark <firstname.lastname@cl.cam.ac.uk> - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * * Neither the name of the original author; nor the names of any contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER - * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -/* - * There are duplicates of this code in: - * - tools/blktap2/drivers/hashtable_itr.h - */ - - -#ifndef __HASHTABLE_ITR_CWC22__ -#define __HASHTABLE_ITR_CWC22__ -#include "hashtable.h" -#include "hashtable_private.h" /* needed to enable inlining */ - -/*****************************************************************************/ -/* This struct is only concrete here to allow the inlining of two of the - * accessor functions. */ -struct hashtable_itr -{ - struct hashtable *h; - struct entry *e; - struct entry *parent; - unsigned int index; -}; - - -/*****************************************************************************/ -/* hashtable_iterator - */ - -struct hashtable_itr * -hashtable_iterator(struct hashtable *h); - -/*****************************************************************************/ -/* hashtable_iterator_key - * - return the value of the (key,value) pair at the current position */ - -void *hashtable_iterator_key(struct hashtable_itr *i); - -/*****************************************************************************/ -/* value - return the value of the (key,value) pair at the current position */ - -void *hashtable_iterator_value(struct hashtable_itr *i); - -/*****************************************************************************/ -/* advance - advance the iterator to the next element - * returns zero if advanced to end of table */ - -int -hashtable_iterator_advance(struct hashtable_itr *itr); - -/*****************************************************************************/ -/* remove - remove current element and advance the iterator to the next element - * NB: if you need the value to free it, read it before - * removing. ie: beware memory leaks! - * returns zero if advanced to end of table */ - -int -hashtable_iterator_remove(struct hashtable_itr *itr); - -/*****************************************************************************/ -/* search - overwrite the supplied iterator, to point to the entry - * matching the supplied key. - h points to the hashtable to be searched. - * returns zero if not found. */ -int -hashtable_iterator_search(struct hashtable_itr *itr, - struct hashtable *h, void *k); - -#define DEFINE_HASHTABLE_ITERATOR_SEARCH(fnname, keytype) \ -int fnname (struct hashtable_itr *i, struct hashtable *h, keytype *k) \ -{ \ - return (hashtable_iterator_search(i,h,k)); \ -} - - - -#endif /* __HASHTABLE_ITR_CWC22__*/ diff --git a/tools/vtpm_manager/util/hashtable_private.h b/tools/vtpm_manager/util/hashtable_private.h deleted file mode 100644 index d87a7f9208..0000000000 --- a/tools/vtpm_manager/util/hashtable_private.h +++ /dev/null @@ -1,96 +0,0 @@ -/* - * Copyright (c) 2005, Intel Corp - * Copyright (c) 2002, Christopher Clark <firstname.lastname@cl.cam.ac.uk> - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * * Neither the name of the original author; nor the names of any contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER - * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -/* - * There are duplicates of this code in: - * - tools/xenstore/hashtable_private.h - * - tools/blktap2/drivers/hashtable_private.h - */ - -#ifndef __HASHTABLE_PRIVATE_CWC22_H__ -#define __HASHTABLE_PRIVATE_CWC22_H__ - -#include "hashtable.h" -#ifdef HASHTABLE_THREADED -#include <pthread.h> -#endif - -/*****************************************************************************/ -struct entry -{ - void *k, *v; - unsigned int h; - struct entry *next; -}; - -struct hashtable { - unsigned int tablelength; - struct entry **table; - unsigned int entrycount; - unsigned int loadlimit; - unsigned int primeindex; - unsigned int (*hashfn) (void *k); - int (*eqfn) (void *k1, void *k2); -#ifdef HASHTABLE_THREADED - pthread_mutex_t mutex; -#endif -}; - -/*****************************************************************************/ -unsigned int -hash(struct hashtable *h, void *k); - -/*****************************************************************************/ -/* indexFor */ -static inline unsigned int -indexFor(unsigned int tablelength, unsigned int hashvalue) { - return (hashvalue % tablelength); -}; - -/* Only works if tablelength == 2^N */ -/*static inline unsigned int -indexFor(unsigned int tablelength, unsigned int hashvalue) -{ - return (hashvalue & (tablelength - 1u)); -} -*/ - -/*****************************************************************************/ -#define freekey(X) free(X) -/*define freekey(X) ; */ - - -/*****************************************************************************/ - -#endif /* __HASHTABLE_PRIVATE_CWC22_H__*/ diff --git a/tools/vtpm_manager/util/log.c b/tools/vtpm_manager/util/log.c deleted file mode 100644 index 75fe91a12a..0000000000 --- a/tools/vtpm_manager/util/log.c +++ /dev/null @@ -1,142 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== - -#include <stdlib.h> -#include <string.h> -#include <stdio.h> - -#include "buffer.h" -#include "tcg.h" - -// Helper code for the consts, eg. to produce messages for error codes. - -typedef struct error_code_entry_t { - TPM_RESULT code; - char * code_name; - char * msg; -} error_code_entry_t; - -static const error_code_entry_t error_msgs [] = { - { TPM_SUCCESS, "TPM_SUCCESS", "Successful completion of the operation" }, - { TPM_AUTHFAIL, "TPM_AUTHFAIL", "Authentication failed" }, - { TPM_BADINDEX, "TPM_BADINDEX", "The index to a PCR, DIR or other register is incorrect" }, - { TPM_BAD_PARAMETER, "TPM_BAD_PARAMETER", "One or more parameter is bad" }, - { TPM_AUDITFAILURE, "TPM_AUDITFAILURE", "An operation completed successfully but the auditing of that operation failed." }, - { TPM_CLEAR_DISABLED, "TPM_CLEAR_DISABLED", "The clear disable flag is set and all clear operations now require physical access" }, - { TPM_DEACTIVATED, "TPM_DEACTIVATED", "The TPM is deactivated" }, - { TPM_DISABLED, "TPM_DISABLED", "The TPM is disabled" }, - { TPM_DISABLED_CMD, "TPM_DISABLED_CMD", "The target command has been disabled" }, - { TPM_FAIL, "TPM_FAIL", "The operation failed" }, - { TPM_BAD_ORDINAL, "TPM_BAD_ORDINAL", "The ordinal was unknown or inconsistent" }, - { TPM_INSTALL_DISABLED, "TPM_INSTALL_DISABLED", "The ability to install an owner is disabled" }, - { TPM_INVALID_KEYHANDLE, "TPM_INVALID_KEYHANDLE", "The key handle presented was invalid" }, - { TPM_KEYNOTFOUND, "TPM_KEYNOTFOUND", "The target key was not found" }, - { TPM_INAPPROPRIATE_ENC, "TPM_INAPPROPRIATE_ENC", "Unacceptable encryption scheme" }, - { TPM_MIGRATEFAIL, "TPM_MIGRATEFAIL", "Migration authorization failed" }, - { TPM_INVALID_PCR_INFO, "TPM_INVALID_PCR_INFO", "PCR information could not be interpreted" }, - { TPM_NOSPACE, "TPM_NOSPACE", "No room to load key." }, - { TPM_NOSRK, "TPM_NOSRK", "There is no SRK set" }, - { TPM_NOTSEALED_BLOB, "TPM_NOTSEALED_BLOB", "An encrypted blob is invalid or was not created by this TPM" }, - { TPM_OWNER_SET, "TPM_OWNER_SET", "There is already an Owner" }, - { TPM_RESOURCES, "TPM_RESOURCES", "The TPM has insufficient internal resources to perform the requested action." }, - { TPM_SHORTRANDOM, "TPM_SHORTRANDOM", "A random string was too short" }, - { TPM_SIZE, "TPM_SIZE", "The TPM does not have the space to perform the operation." }, - { TPM_WRONGPCRVAL, "TPM_WRONGPCRVAL", "The named PCR value does not match the current PCR value." }, - { TPM_BAD_PARAM_SIZE, "TPM_BAD_PARAM_SIZE", "The paramSize argument to the command has the incorrect value" }, - { TPM_SHA_THREAD, "TPM_SHA_THREAD", "There is no existing SHA-1 thread." }, - { TPM_SHA_ERROR, "TPM_SHA_ERROR", "The calculation is unable to proceed because the existing SHA-1 thread has already encountered an error." }, - { TPM_FAILEDSELFTEST, "TPM_FAILEDSELFTEST", "Self-test has failed and the TPM has shutdown." }, - { TPM_AUTH2FAIL, "TPM_AUTH2FAIL", "The authorization for the second key in a 2 key function failed authorization" }, - { TPM_BADTAG, "TPM_BADTAG", "The tag value sent to for a command is invalid" }, - { TPM_IOERROR, "TPM_IOERROR", "An IO error occurred transmitting information to the TPM" }, - { TPM_ENCRYPT_ERROR, "TPM_ENCRYPT_ERROR", "The encryption process had a problem." }, - { TPM_DECRYPT_ERROR, "TPM_DECRYPT_ERROR", "The decryption process did not complete." }, - { TPM_INVALID_AUTHHANDLE, "TPM_INVALID_AUTHHANDLE", "An invalid handle was used." }, - { TPM_NO_ENDORSEMENT, "TPM_NO_ENDORSEMENT", "The TPM does not a EK installed" }, - { TPM_INVALID_KEYUSAGE, "TPM_INVALID_KEYUSAGE", "The usage of a key is not allowed" }, - { TPM_WRONG_ENTITYTYPE, "TPM_WRONG_ENTITYTYPE", "The submitted entity type is not allowed" }, - { TPM_INVALID_POSTINIT, "TPM_INVALID_POSTINIT", "The command was received in the wrong sequence relative to TPM_Init and a subsequent TPM_Startup" }, - { TPM_INAPPROPRIATE_SIG, "TPM_INAPPROPRIATE_SIG", "Signed data cannot include additional DER information" }, - { TPM_BAD_KEY_PROPERTY, "TPM_BAD_KEY_PROPERTY", "The key properties in TPM_KEY_PARMs are not supported by this TPM" }, - - { TPM_BAD_MIGRATION, "TPM_BAD_MIGRATION", "The migration properties of this key are incorrect." }, - { TPM_BAD_SCHEME, "TPM_BAD_SCHEME", "The signature or encryption scheme for this key is incorrect or not permitted in this situation." }, - { TPM_BAD_DATASIZE, "TPM_BAD_DATASIZE", "The size of the data (or blob) parameter is bad or inconsistent with the referenced key" }, - { TPM_BAD_MODE, "TPM_BAD_MODE", "A mode parameter is bad, such as capArea or subCapArea for TPM_GetCapability, phsicalPresence parameter for TPM_PhysicalPresence, or migrationType for TPM_CreateMigrationBlob." }, - { TPM_BAD_PRESENCE, "TPM_BAD_PRESENCE", "Either the physicalPresence or physicalPresenceLock bits have the wrong value" }, - { TPM_BAD_VERSION, "TPM_BAD_VERSION", "The TPM cannot perform this version of the capability" }, - { TPM_NO_WRAP_TRANSPORT, "TPM_NO_WRAP_TRANSPORT", "The TPM does not allow for wrapped transport sessions" }, - { TPM_AUDITFAIL_UNSUCCESSFUL, "TPM_AUDITFAIL_UNSUCCESSFUL", "TPM audit construction failed and the underlying command was returning a failure code also" }, - { TPM_AUDITFAIL_SUCCESSFUL, "TPM_AUDITFAIL_SUCCESSFUL", "TPM audit construction failed and the underlying command was returning success" }, - { TPM_NOTRESETABLE, "TPM_NOTRESETABLE", "Attempt to reset a PCR register that does not have the resettable attribute" }, - { TPM_NOTLOCAL, "TPM_NOTLOCAL", "Attempt to reset a PCR register that requires locality and locality modifier not part of command transport" }, - { TPM_BAD_TYPE, "TPM_BAD_TYPE", "Make identity blob not properly typed" }, - { TPM_INVALID_RESOURCE, "TPM_INVALID_RESOURCE", "When saving context identified resource type does not match actual resource" }, - { TPM_NOTFIPS, "TPM_NOTFIPS", "The TPM is attempting to execute a command only available when in FIPS mode" }, - { TPM_INVALID_FAMILY, "TPM_INVALID_FAMILY", "The command is attempting to use an invalid family ID" }, - { TPM_NO_NV_PERMISSION, "TPM_NO_NV_PERMISSION", "The permission to manipulate the NV storage is not available" }, - { TPM_REQUIRES_SIGN, "TPM_REQUIRES_SIGN", "The operation requires a signed command" }, - { TPM_KEY_NOTSUPPORTED, "TPM_KEY_NOTSUPPORTED", "Wrong operation to load an NV key" }, - { TPM_AUTH_CONFLICT, "TPM_AUTH_CONFLICT", "NV_LoadKey blob requires both owner and blob authorization" }, - { TPM_AREA_LOCKED, "TPM_AREA_LOCKED", "The NV area is locked and not writtable" }, - { TPM_BAD_LOCALITY, "TPM_BAD_LOCALITY", "The locality is incorrect for the attempted operation" }, - { TPM_READ_ONLY, "TPM_READ_ONLY", "The NV area is read only and can't be written to" }, - { TPM_PER_NOWRITE, "TPM_PER_NOWRITE", "There is no protection on the write to the NV area" }, - { TPM_FAMILYCOUNT, "TPM_FAMILYCOUNT", "The family count value does not match" }, - { TPM_WRITE_LOCKED, "TPM_WRITE_LOCKED", "The NV area has already been written to" }, - { TPM_BAD_ATTRIBUTES, "TPM_BAD_ATTRIBUTES", "The NV area attributes conflict" }, - { TPM_INVALID_STRUCTURE, "TPM_INVALID_STRUCTURE", "The structure tag and version are invalid or inconsistent" }, - { TPM_KEY_OWNER_CONTROL, "TPM_KEY_OWNER_CONTROL", "The key is under control of the TPM Owner and can only be evicted by the TPM Owner." }, - { TPM_BAD_COUNTER, "TPM_BAD_COUNTER", "The counter handle is incorrect" }, - { TPM_NOT_FULLWRITE, "TPM_NOT_FULLWRITE", "The write is not a complete write of the area" }, - { TPM_CONTEXT_GAP, "TPM_CONTEXT_GAP", "The gap between saved context counts is too large" }, - { TPM_MAXNVWRITES, "TPM_MAXNVWRITES", "The maximum number of NV writes without an owner has been exceeded" }, - { TPM_NOOPERATOR, "TPM_NOOPERATOR", "No operator authorization value is set" }, - { TPM_RESOURCEMISSING, "TPM_RESOURCEMISSING", "The resource pointed to by context is not loaded" }, - { TPM_DELEGATE_LOCK, "TPM_DELEGATE_LOCK", "The delegate administration is locked" }, - { TPM_DELEGATE_FAMILY, "TPM_DELEGATE_FAMILY", "Attempt to manage a family other then the delegated family" }, - { TPM_DELEGATE_ADMIN, "TPM_DELEGATE_ADMIN", "Delegation table management not enabled" }, - { TPM_TRANSPORT_EXCLUSIVE, "TPM_TRANSPORT_EXCLUSIVE", "There was a command executed outside of an exclusive transport session" }, -}; - - -// helper function for the error codes: -const char* tpm_get_error_name (TPM_RESULT code) { - // just do a linear scan for now - unsigned i; - for (i = 0; i < sizeof(error_msgs)/sizeof(error_msgs[0]); i++) - if (code == error_msgs[i].code) - return error_msgs[i].code_name; - - return("Unknown Error Code"); -} diff --git a/tools/vtpm_manager/util/log.h b/tools/vtpm_manager/util/log.h deleted file mode 100644 index 1f15f5b876..0000000000 --- a/tools/vtpm_manager/util/log.h +++ /dev/null @@ -1,94 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== - -#ifndef __VTPM_LOG_H__ -#define __VTPM_LOG_H__ - -#include <stdint.h> // for uint32_t -#include <stddef.h> // for pointer NULL - -// =========================== LOGGING ============================== - -// the logging module numbers -#define VTPM_LOG_CRYPTO 1 -#define VTPM_LOG_BSG 2 -#define VTPM_LOG_TXDATA 3 -#define VTPM_LOG_TCS 4 -#define VTPM_LOG_TCS_DEEP 5 -#define VTPM_LOG_VTSP 6 -#define VTPM_LOG_VTPM 7 -#define VTPM_LOG_VTPM_DEEP 8 -#define VTPM_LOG_VTSP_DEEP 9 - -static char *module_names[] = { "", - "CRYPTO", - "BSG", - "TXDATA", - "TCS", - "TCS", - "VTSP", - "VTPM", - "VTPM", - "VTSP" - }; - -// Default to standard logging -#ifndef LOGGING_MODULES -#define LOGGING_MODULES (BITMASK(VTPM_LOG_VTPM)) -#endif - -// bit-access macros -#define BITMASK(idx) ( 1U << (idx) ) -#define GETBIT(num,idx) ( ((num) & BITMASK(idx)) >> idx ) -#define SETBIT(num,idx) (num) |= BITMASK(idx) -#define CLEARBIT(num,idx) (num) &= ( ~ BITMASK(idx) ) - -#define vtpmloginfo(module, fmt, args...) \ - if (GETBIT (LOGGING_MODULES, module) == 1) { \ - fprintf (stdout, "INFO[%s]: " fmt, module_names[module], ##args); \ - } - -#define vtpmloginfomore(module, fmt, args...) \ - if (GETBIT (LOGGING_MODULES, module) == 1) { \ - fprintf (stdout, fmt,##args); \ - } - -#define vtpmlogerror(module, fmt, args...) \ - fprintf (stderr, "ERROR[%s]: " fmt, module_names[module], ##args); - -//typedef UINT32 tpm_size_t; - -// helper function for the error codes: -const char* tpm_get_error_name (TPM_RESULT code); - -#endif // _VTPM_LOG_H_ diff --git a/tools/vtpm_manager/util/tcg.h b/tools/vtpm_manager/util/tcg.h deleted file mode 100644 index 5c4291362f..0000000000 --- a/tools/vtpm_manager/util/tcg.h +++ /dev/null @@ -1,503 +0,0 @@ -// =================================================================== -// -// Copyright (c) 2005, Intel Corp. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// * Neither the name of Intel Corporation nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. -// =================================================================== -// -// tcg.h -// -// This file contains all the structure and type definitions -// -// ================================================================== - -#ifndef __TCG_H__ -#define __TCG_H__ - -// This pragma is used to disallow structure padding -#pragma pack(push, 1) - -// *************************** TYPEDEFS ********************************* -typedef unsigned char BYTE; -typedef unsigned char BOOL; -typedef unsigned short UINT16; -typedef unsigned int UINT32; -typedef unsigned long long UINT64; - -typedef UINT32 TPM_RESULT; -typedef UINT32 TPM_PCRINDEX; -typedef UINT32 TPM_DIRINDEX; -typedef UINT32 TPM_HANDLE; -typedef TPM_HANDLE TPM_AUTHHANDLE; -typedef TPM_HANDLE TCPA_HASHHANDLE; -typedef TPM_HANDLE TCPA_HMACHANDLE; -typedef TPM_HANDLE TCPA_ENCHANDLE; -typedef TPM_HANDLE TPM_KEY_HANDLE; -typedef TPM_HANDLE TCPA_ENTITYHANDLE; -typedef UINT32 TPM_RESOURCE_TYPE; -typedef UINT32 TPM_COMMAND_CODE; -typedef UINT16 TPM_PROTOCOL_ID; -typedef BYTE TPM_AUTH_DATA_USAGE; -typedef UINT16 TPM_ENTITY_TYPE; -typedef UINT32 TPM_ALGORITHM_ID; -typedef UINT16 TPM_KEY_USAGE; -typedef UINT16 TPM_STARTUP_TYPE; -typedef UINT32 TPM_CAPABILITY_AREA; -typedef UINT16 TPM_ENC_SCHEME; -typedef UINT16 TPM_SIG_SCHEME; -typedef UINT16 TPM_MIGRATE_SCHEME; -typedef UINT16 TPM_PHYSICAL_PRESENCE; -typedef UINT32 TPM_KEY_FLAGS; - -#define TPM_DIGEST_SIZE 20 // Don't change this -typedef BYTE TPM_AUTHDATA[TPM_DIGEST_SIZE]; -typedef TPM_AUTHDATA TPM_SECRET; -typedef TPM_AUTHDATA TPM_ENCAUTH; -typedef BYTE TPM_PAYLOAD_TYPE; -typedef UINT16 TPM_TAG; - -// Data Types of the TCS -typedef UINT32 TCS_AUTHHANDLE; // Handle addressing a authorization session -typedef UINT32 TCS_CONTEXT_HANDLE; // Basic context handle -typedef UINT32 TCS_KEY_HANDLE; // Basic key handle - -// ************************* STRUCTURES ********************************** - -typedef struct TPM_VERSION { - BYTE major; - BYTE minor; - BYTE revMajor; - BYTE revMinor; -} TPM_VERSION; - -static const TPM_VERSION TPM_STRUCT_VER_1_1 = { 1,1,0,0 }; - -typedef struct TPM_DIGEST { - BYTE digest[TPM_DIGEST_SIZE]; -} TPM_DIGEST; - -typedef TPM_DIGEST TPM_PCRVALUE; -typedef TPM_DIGEST TPM_COMPOSITE_HASH; -typedef TPM_DIGEST TPM_DIRVALUE; -typedef TPM_DIGEST TPM_HMAC; -typedef TPM_DIGEST TPM_CHOSENID_HASH; - -typedef struct TPM_NONCE { - BYTE nonce[TPM_DIGEST_SIZE]; -} TPM_NONCE; - -typedef struct TPM_KEY_PARMS { - TPM_ALGORITHM_ID algorithmID; - TPM_ENC_SCHEME encScheme; - TPM_SIG_SCHEME sigScheme; - UINT32 parmSize; - BYTE* parms; -} TPM_KEY_PARMS; - -typedef struct TPM_RSA_KEY_PARMS { - UINT32 keyLength; - UINT32 numPrimes; - UINT32 exponentSize; - BYTE* exponent; -} TPM_RSA_KEY_PARMS; - -typedef struct TPM_STORE_PUBKEY { - UINT32 keyLength; - BYTE* key; -} TPM_STORE_PUBKEY; - -typedef struct TPM_PUBKEY { - TPM_KEY_PARMS algorithmParms; - TPM_STORE_PUBKEY pubKey; -} TPM_PUBKEY; - -typedef struct TPM_KEY { - TPM_VERSION ver; - TPM_KEY_USAGE keyUsage; - TPM_KEY_FLAGS keyFlags; - TPM_AUTH_DATA_USAGE authDataUsage; - TPM_KEY_PARMS algorithmParms; - UINT32 PCRInfoSize; - BYTE* PCRInfo; // this should be a TPM_PCR_INFO, or NULL - TPM_STORE_PUBKEY pubKey; - UINT32 encDataSize; - BYTE* encData; -} TPM_KEY; - -typedef struct TPM_PCR_SELECTION { - UINT16 sizeOfSelect; /// in bytes - BYTE* pcrSelect; -} TPM_PCR_SELECTION; - -typedef struct TPM_PCR_COMPOSITE { - TPM_PCR_SELECTION select; - UINT32 valueSize; - TPM_PCRVALUE* pcrValue; -} TPM_PCR_COMPOSITE; - - -typedef struct TPM_PCR_INFO { - TPM_PCR_SELECTION pcrSelection; - TPM_COMPOSITE_HASH digestAtRelease; - TPM_COMPOSITE_HASH digestAtCreation; -} TPM_PCR_INFO; - - -typedef struct TPM_BOUND_DATA { - TPM_VERSION ver; - TPM_PAYLOAD_TYPE payload; - BYTE* payloadData; -} TPM_BOUND_DATA; - -typedef struct TPM_STORED_DATA { - TPM_VERSION ver; - UINT32 sealInfoSize; - BYTE* sealInfo; - UINT32 encDataSize; - BYTE* encData; -} TPM_STORED_DATA; - -typedef struct TCS_AUTH { - TCS_AUTHHANDLE AuthHandle; - TPM_NONCE NonceOdd; // system - TPM_NONCE NonceEven; // TPM - BOOL fContinueAuthSession; - TPM_AUTHDATA HMAC; -} TCS_AUTH; - -// structures for dealing with sizes followed by buffers in all the -// TCG structure. -typedef struct pack_buf_t { - UINT32 size; - BYTE * data; -} pack_buf_t; - -typedef struct pack_constbuf_t { - UINT32 size; - const BYTE* data; -} pack_constbuf_t; - - - -// **************************** CONSTANTS ********************************* - -// BOOL values -#define TRUE 0x01 -#define FALSE 0x00 - -#define TCPA_MAX_BUFFER_LENGTH 0x2000 - -// -// TPM_COMMAND_CODE values -#define TPM_PROTECTED_ORDINAL 0x00000000UL -#define TPM_UNPROTECTED_ORDINAL 0x80000000UL -#define TPM_CONNECTION_ORDINAL 0x40000000UL -#define TPM_VENDOR_ORDINAL 0x20000000UL - -#define TPM_ORD_OIAP (10UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_OSAP (11UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_ChangeAuth (12UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_TakeOwnership (13UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_ChangeAuthAsymStart (14UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_ChangeAuthAsymFinish (15UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_ChangeAuthOwner (16UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_Extend (20UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_PcrRead (21UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_Quote (22UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_Seal (23UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_Unseal (24UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_DirWriteAuth (25UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_DirRead (26UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_UnBind (30UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_CreateWrapKey (31UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_LoadKey (32UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_GetPubKey (33UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_EvictKey (34UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_CreateMigrationBlob (40UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_ReWrapKey (41UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_ConvertMigrationBlob (42UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_AuthorizeMigrationKey (43UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_CreateMaintenanceArchive (44UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_LoadMaintenanceArchive (45UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_KillMaintenanceFeature (46UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_LoadManuMaintPub (47UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_ReadManuMaintPub (48UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_CertifyKey (50UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_Sign (60UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_GetRandom (70UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_StirRandom (71UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_SelfTestFull (80UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_SelfTestStartup (81UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_CertifySelfTest (82UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_ContinueSelfTest (83UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_GetTestResult (84UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_Reset (90UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_OwnerClear (91UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_DisableOwnerClear (92UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_ForceClear (93UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_DisableForceClear (94UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_GetCapabilitySigned (100UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_GetCapability (101UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_GetCapabilityOwner (102UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_OwnerSetDisable (110UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_PhysicalEnable (111UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_PhysicalDisable (112UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_SetOwnerInstall (113UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_PhysicalSetDeactivated (114UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_SetTempDeactivated (115UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_CreateEndorsementKeyPair (120UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_MakeIdentity (121UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_ActivateIdentity (122UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_ReadPubek (124UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_OwnerReadPubek (125UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_DisablePubekRead (126UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_GetAuditEvent (130UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_GetAuditEventSigned (131UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_GetOrdinalAuditStatus (140UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_SetOrdinalAuditStatus (141UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_Terminate_Handle (150UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_Init (151UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_SaveState (152UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_Startup (153UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_SetRedirection (154UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_SHA1Start (160UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_SHA1Update (161UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_SHA1Complete (162UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_SHA1CompleteExtend (163UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_FieldUpgrade (170UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_SaveKeyContext (180UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_LoadKeyContext (181UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_SaveAuthContext (182UL + TPM_PROTECTED_ORDINAL) -#define TPM_ORD_LoadAuthContext (183UL + TPM_PROTECTED_ORDINAL) -#define TSC_ORD_PhysicalPresence (10UL + TPM_CONNECTION_ORDINAL) - - - -// -// TPM_RESULT values -// -// just put in the whole table from spec 1.2 - -#define TPM_BASE 0x0 // The start of TPM return codes -#define TPM_VENDOR_ERROR 0x00000400 // Mask to indicate that the error code is vendor specific for vendor specific commands -#define TPM_NON_FATAL 0x00000800 // Mask to indicate that the error code is a non-fatal failure. - -#define TPM_SUCCESS TPM_BASE // Successful completion of the operation -#define TPM_AUTHFAIL TPM_BASE + 1 // Authentication failed -#define TPM_BADINDEX TPM_BASE + 2 // The index to a PCR, DIR or other register is incorrect -#define TPM_BAD_PARAMETER TPM_BASE + 3 // One or more parameter is bad -#define TPM_AUDITFAILURE TPM_BASE + 4 // An operation completed successfully but the auditing of that operation failed. -#define TPM_CLEAR_DISABLED TPM_BASE + 5 // The clear disable flag is set and all clear operations now require physical access -#define TPM_DEACTIVATED TPM_BASE + 6 // The TPM is deactivated -#define TPM_DISABLED TPM_BASE + 7 // The TPM is disabled -#define TPM_DISABLED_CMD TPM_BASE + 8 // The target command has been disabled -#define TPM_FAIL TPM_BASE + 9 // The operation failed -#define TPM_BAD_ORDINAL TPM_BASE + 10 // The ordinal was unknown or inconsistent -#define TPM_INSTALL_DISABLED TPM_BASE + 11 // The ability to install an owner is disabled -#define TPM_INVALID_KEYHANDLE TPM_BASE + 12 // The key handle presented was invalid -#define TPM_KEYNOTFOUND TPM_BASE + 13 // The target key was not found -#define TPM_INAPPROPRIATE_ENC TPM_BASE + 14 // Unacceptable encryption scheme -#define TPM_MIGRATEFAIL TPM_BASE + 15 // Migration authorization failed -#define TPM_INVALID_PCR_INFO TPM_BASE + 16 // PCR information could not be interpreted -#define TPM_NOSPACE TPM_BASE + 17 // No room to load key. -#define TPM_NOSRK TPM_BASE + 18 // There is no SRK set -#define TPM_NOTSEALED_BLOB TPM_BASE + 19 // An encrypted blob is invalid or was not created by this TPM -#define TPM_OWNER_SET TPM_BASE + 20 // There is already an Owner -#define TPM_RESOURCES TPM_BASE + 21 // The TPM has insufficient internal resources to perform the requested action. -#define TPM_SHORTRANDOM TPM_BASE + 22 // A random string was too short -#define TPM_SIZE TPM_BASE + 23 // The TPM does not have the space to perform the operation. -#define TPM_WRONGPCRVAL TPM_BASE + 24 // The named PCR value does not match the current PCR value. -#define TPM_BAD_PARAM_SIZE TPM_BASE + 25 // The paramSize argument to the command has the incorrect value -#define TPM_SHA_THREAD TPM_BASE + 26 // There is no existing SHA-1 thread. -#define TPM_SHA_ERROR TPM_BASE + 27 // The calculation is unable to proceed because the existing SHA-1 thread has already encountered an error. -#define TPM_FAILEDSELFTEST TPM_BASE + 28 // Self-test has failed and the TPM has shutdown. -#define TPM_AUTH2FAIL TPM_BASE + 29 // The authorization for the second key in a 2 key function failed authorization -#define TPM_BADTAG TPM_BASE + 30 // The tag value sent to for a command is invalid -#define TPM_IOERROR TPM_BASE + 31 // An IO error occurred transmitting information to the TPM -#define TPM_ENCRYPT_ERROR TPM_BASE + 32 // The encryption process had a problem. -#define TPM_DECRYPT_ERROR TPM_BASE + 33 // The decryption process did not complete. -#define TPM_INVALID_AUTHHANDLE TPM_BASE + 34 // An invalid handle was used. -#define TPM_NO_ENDORSEMENT TPM_BASE + 35 // The TPM does not a EK installed -#define TPM_INVALID_KEYUSAGE TPM_BASE + 36 // The usage of a key is not allowed -#define TPM_WRONG_ENTITYTYPE TPM_BASE + 37 // The submitted entity type is not allowed -#define TPM_INVALID_POSTINIT TPM_BASE + 38 // The command was received in the wrong sequence relative to TPM_Init and a subsequent TPM_Startup -#define TPM_INAPPROPRIATE_SIG TPM_BASE + 39 // Signed data cannot include additional DER information -#define TPM_BAD_KEY_PROPERTY TPM_BASE + 40 // The key properties in TPM_KEY_PARMs are not supported by this TPM - -#define TPM_BAD_MIGRATION TPM_BASE + 41 // The migration properties of this key are incorrect. -#define TPM_BAD_SCHEME TPM_BASE + 42 // The signature or encryption scheme for this key is incorrect or not permitted in this situation. -#define TPM_BAD_DATASIZE TPM_BASE + 43 // The size of the data (or blob) parameter is bad or inconsistent with the referenced key -#define TPM_BAD_MODE TPM_BASE + 44 // A mode parameter is bad, such as capArea or subCapArea for TPM_GetCapability, phsicalPresence parameter for TPM_PhysicalPresence, or migrationType for TPM_CreateMigrationBlob. -#define TPM_BAD_PRESENCE TPM_BASE + 45 // Either the physicalPresence or physicalPresenceLock bits have the wrong value -#define TPM_BAD_VERSION TPM_BASE + 46 // The TPM cannot perform this version of the capability -#define TPM_NO_WRAP_TRANSPORT TPM_BASE + 47 // The TPM does not allow for wrapped transport sessions -#define TPM_AUDITFAIL_UNSUCCESSFUL TPM_BASE + 48 // TPM audit construction failed and the underlying command was returning a failure code also -#define TPM_AUDITFAIL_SUCCESSFUL TPM_BASE + 49 // TPM audit construction failed and the underlying command was returning success -#define TPM_NOTRESETABLE TPM_BASE + 50 // Attempt to reset a PCR register that does not have the resettable attribute -#define TPM_NOTLOCAL TPM_BASE + 51 // Attempt to reset a PCR register that requires locality and locality modifier not part of command transport -#define TPM_BAD_TYPE TPM_BASE + 52 // Make identity blob not properly typed -#define TPM_INVALID_RESOURCE TPM_BASE + 53 // When saving context identified resource type does not match actual resource -#define TPM_NOTFIPS TPM_BASE + 54 // The TPM is attempting to execute a command only available when in FIPS mode -#define TPM_INVALID_FAMILY TPM_BASE + 55 // The command is attempting to use an invalid family ID -#define TPM_NO_NV_PERMISSION TPM_BASE + 56 // The permission to manipulate the NV storage is not available -#define TPM_REQUIRES_SIGN TPM_BASE + 57 // The operation requires a signed command -#define TPM_KEY_NOTSUPPORTED TPM_BASE + 58 // Wrong operation to load an NV key -#define TPM_AUTH_CONFLICT TPM_BASE + 59 // NV_LoadKey blob requires both owner and blob authorization -#define TPM_AREA_LOCKED TPM_BASE + 60 // The NV area is locked and not writtable -#define TPM_BAD_LOCALITY TPM_BASE + 61 // The locality is incorrect for the attempted operation -#define TPM_READ_ONLY TPM_BASE + 62 // The NV area is read only and can't be written to -#define TPM_PER_NOWRITE TPM_BASE + 63 // There is no protection on the write to the NV area -#define TPM_FAMILYCOUNT TPM_BASE + 64 // The family count value does not match -#define TPM_WRITE_LOCKED TPM_BASE + 65 // The NV area has already been written to -#define TPM_BAD_ATTRIBUTES TPM_BASE + 66 // The NV area attributes conflict -#define TPM_INVALID_STRUCTURE TPM_BASE + 67 // The structure tag and version are invalid or inconsistent -#define TPM_KEY_OWNER_CONTROL TPM_BASE + 68 // The key is under control of the TPM Owner and can only be evicted by the TPM Owner. -#define TPM_BAD_COUNTER TPM_BASE + 69 // The counter handle is incorrect -#define TPM_NOT_FULLWRITE TPM_BASE + 70 // The write is not a complete write of the area -#define TPM_CONTEXT_GAP TPM_BASE + 71 // The gap between saved context counts is too large -#define TPM_MAXNVWRITES TPM_BASE + 72 // The maximum number of NV writes without an owner has been exceeded -#define TPM_NOOPERATOR TPM_BASE + 73 // No operator authorization value is set -#define TPM_RESOURCEMISSING TPM_BASE + 74 // The resource pointed to by context is not loaded -#define TPM_DELEGATE_LOCK TPM_BASE + 75 // The delegate administration is locked -#define TPM_DELEGATE_FAMILY TPM_BASE + 76 // Attempt to manage a family other then the delegated family -#define TPM_DELEGATE_ADMIN TPM_BASE + 77 // Delegation table management not enabled -#define TPM_TRANSPORT_EXCLUSIVE TPM_BASE + 78 // There was a command executed outside of an exclusive transport session - -// TPM_STARTUP_TYPE values -#define TPM_ST_CLEAR 0x0001 -#define TPM_ST_STATE 0x0002 -#define TPM_ST_DEACTIVATED 0x003 - -// TPM_TAG values -#define TPM_TAG_RQU_COMMAND 0x00c1 -#define TPM_TAG_RQU_AUTH1_COMMAND 0x00c2 -#define TPM_TAG_RQU_AUTH2_COMMAND 0x00c3 -#define TPM_TAG_RSP_COMMAND 0x00c4 -#define TPM_TAG_RSP_AUTH1_COMMAND 0x00c5 -#define TPM_TAG_RSP_AUTH2_COMMAND 0x00c6 - -// TPM_PAYLOAD_TYPE values -#define TPM_PT_ASYM 0x01 -#define TPM_PT_BIND 0x02 -#define TPM_PT_MIGRATE 0x03 -#define TPM_PT_MAINT 0x04 -#define TPM_PT_SEAL 0x05 - -// TPM_ENTITY_TYPE values -#define TPM_ET_KEYHANDLE 0x0001 -#define TPM_ET_OWNER 0x0002 -#define TPM_ET_DATA 0x0003 -#define TPM_ET_SRK 0x0004 -#define TPM_ET_KEY 0x0005 - -/// TPM_ResourceTypes -#define TPM_RT_KEY 0x00000001 -#define TPM_RT_AUTH 0x00000002 -#define TPM_RT_TRANS 0x00000004 -#define TPM_RT_CONTEXT 0x00000005 - -// TPM_PROTOCOL_ID values -#define TPM_PID_OIAP 0x0001 -#define TPM_PID_OSAP 0x0002 -#define TPM_PID_ADIP 0x0003 -#define TPM_PID_ADCP 0x0004 -#define TPM_PID_OWNER 0x0005 - -// TPM_ALGORITHM_ID values -#define TPM_ALG_RSA 0x00000001 -#define TPM_ALG_DES 0x00000002 -#define TPM_ALG_3DES 0X00000003 -#define TPM_ALG_SHA 0x00000004 -#define TPM_ALG_HMAC 0x00000005 -#define TCPA_ALG_AES 0x00000006 - -// TPM_ENC_SCHEME values -#define TPM_ES_NONE 0x0001 -#define TPM_ES_RSAESPKCSv15 0x0002 -#define TPM_ES_RSAESOAEP_SHA1_MGF1 0x0003 - -// TPM_SIG_SCHEME values -#define TPM_SS_NONE 0x0001 -#define TPM_SS_RSASSAPKCS1v15_SHA1 0x0002 -#define TPM_SS_RSASSAPKCS1v15_DER 0x0003 - -// TPM_KEY_USAGE values -#define TPM_KEY_EK 0x0000 -#define TPM_KEY_SIGNING 0x0010 -#define TPM_KEY_STORAGE 0x0011 -#define TPM_KEY_IDENTITY 0x0012 -#define TPM_KEY_AUTHCHANGE 0X0013 -#define TPM_KEY_BIND 0x0014 -#define TPM_KEY_LEGACY 0x0015 - -// TPM_AUTH_DATA_USAGE values -#define TPM_AUTH_NEVER 0x00 -#define TPM_AUTH_ALWAYS 0x01 - -// Key Handle of owner and srk -#define TPM_OWNER_KEYHANDLE 0x40000001 -#define TPM_SRK_KEYHANDLE 0x40000000 - -// ---------------------- Functions for checking TPM_RESULTs ----------------- - -#include <stdio.h> - -// FIXME: Review use of these and delete unneeded ones. - -// these are really badly dependent on local structure: -// DEPENDS: local var 'status' of type TPM_RESULT -// DEPENDS: label 'abort_egress' which cleans up and returns the status -#define ERRORDIE(s) do { status = s; \ - fprintf (stderr, "*** ERRORDIE in %s at %s: %i\n", __func__, __FILE__, __LINE__); \ - goto abort_egress; } \ - while (0) - -// DEPENDS: local var 'status' of type TPM_RESULT -// DEPENDS: label 'abort_egress' which cleans up and returns the status -// Try command c. If it fails, set status to s and goto abort. -#define TPMTRY(s,c) if (c != TPM_SUCCESS) { \ - status = s; \ - printf("ERROR in %s at %s:%i code: %s.\n", __func__, __FILE__, __LINE__, tpm_get_error_name(status)); \ - goto abort_egress; \ - } else {\ - status = c; \ - } - -// Try command c. If it fails, print error message, set status to actual return code. Goto abort -#define TPMTRYRETURN(c) do { status = c; \ - if (status != TPM_SUCCESS) { \ - fprintf(stderr, "ERROR in %s at %s:%i code: %s.\n", __func__, __FILE__, __LINE__, tpm_get_error_name(status)); \ - goto abort_egress; \ - } \ - } while(0) - - -#pragma pack(pop) - -#endif //__TCPA_H__ diff --git a/tools/xenstore/hashtable.c b/tools/xenstore/hashtable.c index 3b89223085..0ba1d552f1 100644 --- a/tools/xenstore/hashtable.c +++ b/tools/xenstore/hashtable.c @@ -3,7 +3,6 @@ /* * There are duplicates of this code in: * - tools/blktap2/drivers/hashtable.c - * - tools/vtpm_manager/util/hashtable.c */ #include "hashtable.h" diff --git a/tools/xenstore/hashtable.h b/tools/xenstore/hashtable.h index 8e6bb5b85c..4d6822354e 100644 --- a/tools/xenstore/hashtable.h +++ b/tools/xenstore/hashtable.h @@ -3,7 +3,6 @@ /* * There are duplicates of this code in: * - tools/blktap2/drivers/hashtable.h - * - tools/vtpm_manager/util/hashtable.h */ #ifndef __HASHTABLE_CWC22_H__ diff --git a/tools/xenstore/hashtable_private.h b/tools/xenstore/hashtable_private.h index cabaffe72a..a08559d5df 100644 --- a/tools/xenstore/hashtable_private.h +++ b/tools/xenstore/hashtable_private.h @@ -3,7 +3,6 @@ /* * There are duplicates of this code in: * - tools/blktap2/drivers/hashtable_private.h - * - tools/vtpm_manager/util/hashtable_private.h */ #ifndef __HASHTABLE_PRIVATE_CWC22_H__ diff --git a/tools/xm-test/configure.ac b/tools/xm-test/configure.ac index ad1eb78391..c1421406cd 100644 --- a/tools/xm-test/configure.ac +++ b/tools/xm-test/configure.ac @@ -143,7 +143,6 @@ AC_CONFIG_FILES([ tests/unpause/Makefile tests/vcpu-pin/Makefile tests/vcpu-disable/Makefile - tests/vtpm/Makefile tests/xapi/Makefile tests/enforce_dom0_cpus/Makefile tests/cpupool/Makefile diff --git a/tools/xm-test/grouptest/default b/tools/xm-test/grouptest/default index f0516b2949..e04591b44e 100644 --- a/tools/xm-test/grouptest/default +++ b/tools/xm-test/grouptest/default @@ -27,5 +27,4 @@ sysrq unpause vcpu-disable vcpu-pin -vtpm xapi diff --git a/tools/xm-test/grouptest/medium b/tools/xm-test/grouptest/medium index bafc988903..5c3e1b16e3 100644 --- a/tools/xm-test/grouptest/medium +++ b/tools/xm-test/grouptest/medium @@ -22,4 +22,3 @@ sysrq 01_sysrq_basic_neg.test 02_sysrq_sync_pos.test unpause vcpu-disable vcpu-pin -vtpm diff --git a/tools/xm-test/grouptest/xapi b/tools/xm-test/grouptest/xapi index 3b049219dd..7a08b7786a 100644 --- a/tools/xm-test/grouptest/xapi +++ b/tools/xm-test/grouptest/xapi @@ -1,2 +1 @@ xapi -vtpm 09_vtpm-xapi.test diff --git a/tools/xm-test/lib/XmTestLib/XenDomain.py b/tools/xm-test/lib/XmTestLib/XenDomain.py index ae8c550c48..3ba7433e2b 100644 --- a/tools/xm-test/lib/XmTestLib/XenDomain.py +++ b/tools/xm-test/lib/XmTestLib/XenDomain.py @@ -59,7 +59,6 @@ class XenConfig: # These options need to be lists self.defaultOpts["disk"] = [] self.defaultOpts["vif"] = [] - self.defaultOpts["vtpm"] = [] self.opts = self.defaultOpts diff --git a/tools/xm-test/tests/Makefile.am b/tools/xm-test/tests/Makefile.am index 8d673ed525..455f50cf09 100644 --- a/tools/xm-test/tests/Makefile.am +++ b/tools/xm-test/tests/Makefile.am @@ -25,7 +25,6 @@ SUBDIRS = \ unpause \ vcpu-disable \ vcpu-pin \ - vtpm \ enforce_dom0_cpus \ save restore migrate \ cpupool diff --git a/tools/xm-test/tests/vtpm/01_vtpm-list_pos.py b/tools/xm-test/tests/vtpm/01_vtpm-list_pos.py deleted file mode 100644 index dfd1227a00..0000000000 --- a/tools/xm-test/tests/vtpm/01_vtpm-list_pos.py +++ /dev/null @@ -1,40 +0,0 @@ -#!/usr/bin/python - -# Copyright (C) International Business Machines Corp., 2006 -# Author: Stefan Berger <stefanb@us.ibm.com> - -# Positive Test: create domain with virtual TPM attached at build time, -# verify list - - -from XmTestLib import * -from vtpm_utils import * -import commands -import os -import atexit - -config = {"vtpm":"instance=1,backend=0"} -domain = XmTestDomain(extraConfig=config) - -try: - domain.start(noConsole=True) -except DomainError, e: - if verbose: - print e.extra - vtpm_cleanup(domain.getName()) - FAIL("Unable to create domain") - - -domName = domain.getName() - -atexit.register(vtpm_cleanup, vtpm_get_uuid(domid(domName))) - -status, output = traceCommand("xm vtpm-list %s" % domain.getId()) -eyecatcher = "/local/domain/0/backend/vtpm" -where = output.find(eyecatcher) -if status != 0: - FAIL("xm vtpm-list returned bad status, expected 0, status is %i" % status) -elif where < 0: - FAIL("Fail to list virtual TPM device") - -domain.stop() diff --git a/tools/xm-test/tests/vtpm/02_vtpm-cat_pcrs.py b/tools/xm-test/tests/vtpm/02_vtpm-cat_pcrs.py deleted file mode 100644 index a18cbab2f7..0000000000 --- a/tools/xm-test/tests/vtpm/02_vtpm-cat_pcrs.py +++ /dev/null @@ -1,49 +0,0 @@ -#!/usr/bin/python - -# Copyright (C) International Business Machines Corp., 2006 -# Author: Stefan Berger <stefanb@us.ibm.com> - -# Positive Test: create domain with virtual TPM attached at build time, -# check list of pcrs - -from XmTestLib import * -from vtpm_utils import * -import commands -import os -import os.path -import atexit - -config = {"vtpm":"instance=1,backend=0"} -domain = XmTestDomain(extraConfig=config) -domName = domain.getName() - -try: - console = domain.start() -except DomainError, e: - if verbose: - print e.extra - FAIL("Unable to create domain (%s)" % domName) - -atexit.register(vtpm_cleanup, vtpm_get_uuid(domid(domName))) - -try: - console.sendInput("input") -except ConsoleError, e: - saveLog(console.getHistory()) - FAIL(str(e)) - -try: - run = console.runCmd("cat /sys/devices/xen/vtpm-0/pcrs") -except ConsoleError, e: - saveLog(console.getHistory()) - FAIL("No result from dumping the PCRs") - -if re.search("No such file",run["output"]): - FAIL("TPM frontend support not compiled into (domU?) kernel") - -domain.closeConsole() - -domain.stop() - -if not re.search("PCR-00:",run["output"]): - FAIL("Virtual TPM is not working correctly on /dev/vtpm on backend side") diff --git a/tools/xm-test/tests/vtpm/03_vtpm-susp_res.py b/tools/xm-test/tests/vtpm/03_vtpm-susp_res.py deleted file mode 100644 index b863f27494..0000000000 --- a/tools/xm-test/tests/vtpm/03_vtpm-susp_res.py +++ /dev/null @@ -1,99 +0,0 @@ -#!/usr/bin/python - -# Copyright (C) International Business Machines Corp., 2006 -# Author: Stefan Berger <stefanb@us.ibm.com> - -# Positive Test: create domain with virtual TPM attached at build time, -# check list of pcrs; suspend and resume the domain and -# check list of pcrs again - -from XmTestLib import * -from vtpm_utils import * -import commands -import os -import os.path -import atexit - -config = {"vtpm":"instance=1,backend=0"} -domain = XmTestDomain(extraConfig=config) -domName = domain.getName() -consoleHistory = "" - -try: - console = domain.start() -except DomainError, e: - if verbose: - print e.extra - FAIL("Unable to create domain (%s)" % domName) - -atexit.register(vtpm_cleanup, vtpm_get_uuid(domid(domName))) - -try: - console.sendInput("input") -except ConsoleError, e: - saveLog(console.getHistory()) - FAIL(str(e)) - -try: - run = console.runCmd("cat /sys/devices/xen/vtpm-0/pcrs") -except ConsoleError, e: - saveLog(console.getHistory()) - FAIL("No result from dumping the PCRs") - -if re.search("No such file",run["output"]): - FAIL("TPM frontend support not compiled into (domU?) kernel") - -consoleHistory = console.getHistory() -domain.closeConsole() - -loop = 0 -while loop < 3: - try: - status, ouptut = traceCommand("xm save %s %s.save" % - (domName, domName), - timeout=30) - - except TimeoutError, e: - saveLog(consoleHistory) - FAIL(str(e)) - - if status != 0: - saveLog(consoleHistory) - FAIL("xm save did not succeed") - - try: - status, ouptut = traceCommand("xm restore %s.save" % - (domName), - timeout=30) - except TimeoutError, e: - os.remove("%s.save" % domName) - saveLog(consoleHistory) - FAIL(str(e)) - - os.remove("%s.save" % domName) - - if status != 0: - saveLog(consoleHistory) - FAIL("xm restore did not succeed") - - try: - console = domain.getConsole() - except ConsoleError, e: - FAIL(str(e)) - - try: - run = console.runCmd("cat /sys/devices/xen/vtpm-0/pcrs") - except ConsoleError, e: - saveLog(console.getHistory()) - FAIL(str(e)) - - if not re.search("PCR-00:",run["output"]): - saveLog(console.getHistory()) - FAIL("Virtual TPM is not working correctly on /dev/vtpm on backend side") - - loop += 1 - -domain.closeConsole() - -domain.stop() - diff --git a/tools/xm-test/tests/vtpm/04_vtpm-loc_migr.py b/tools/xm-test/tests/vtpm/04_vtpm-loc_migr.py deleted file mode 100644 index ccc8b73782..0000000000 --- a/tools/xm-test/tests/vtpm/04_vtpm-loc_migr.py +++ /dev/null @@ -1,93 +0,0 @@ -#!/usr/bin/python - -# Copyright (C) International Business Machines Corp., 2006 -# Author: Stefan Berger <stefanb@us.ibm.com> - -# Positive Test: create domain with virtual TPM attached at build time, -# check list of pcrs; locally migrate the domain and -# check list of pcrs again -# This test does local live migration. - -from XmTestLib import * -from vtpm_utils import * -import commands -import os -import os.path -import atexit - -config = {"vtpm":"instance=1,backend=0"} -domain = XmTestDomain(extraConfig=config) -domName = domain.getName() -consoleHistory = "" - -try: - console = domain.start() -except DomainError, e: - if verbose: - print e.extra - FAIL("Unable to create domain (%s)" % domName) - -atexit.register(vtpm_cleanup, vtpm_get_uuid(domid(domName))) - -try: - console.sendInput("input") -except ConsoleError, e: - saveLog(console.getHistory()) - FAIL(str(e)) - -try: - run = console.runCmd("cat /sys/devices/xen/vtpm-0/pcrs") -except ConsoleError, e: - saveLog(console.getHistory()) - FAIL("No result from dumping the PCRs") - -if re.search("No such file",run["output"]): - FAIL("TPM frontend support not compiled into (domU?) kernel") - -consoleHistory = console.getHistory() -domain.closeConsole() - -old_domid = domid(domName) - -loop = 0 -while loop < 3: - try: - status, ouptut = traceCommand("xm migrate -l %s localhost" % - domName, - timeout=90) - except TimeoutError, e: - saveLog(consoleHistory) - FAIL(str(e)) - - if status != 0: - saveLog(consoleHistory) - FAIL("xm migrate did not succeed. External device migration activated?") - - - domName = domain.getName() - new_domid = domid(domName) - - if (old_domid == new_domid): - FAIL("xm migrate failed, domain id is still %s (loop=%d)" % - (old_domid,loop)) - - try: - console = domain.getConsole() - except ConsoleError, e: - FAIL(str(e)) - - try: - run = console.runCmd("cat /sys/devices/xen/vtpm-0/pcrs") - except ConsoleError, e: - saveLog(console.getHistory()) - FAIL("No result from dumping the PCRs") - - if not re.search("PCR-00:",run["output"]): - saveLog(console.getHistory()) - FAIL("Virtual TPM is not working correctly on /dev/vtpm on backend side") - - loop += 1 - -domain.closeConsole() - -domain.stop() diff --git a/tools/xm-test/tests/vtpm/05_vtpm-loc_migr.py b/tools/xm-test/tests/vtpm/05_vtpm-loc_migr.py deleted file mode 100644 index 57b87dfda8..0000000000 --- a/tools/xm-test/tests/vtpm/05_vtpm-loc_migr.py +++ /dev/null @@ -1,93 +0,0 @@ -#!/usr/bin/python - -# Copyright (C) International Business Machines Corp., 2006 -# Author: Stefan Berger <stefanb@us.ibm.com> - -# Positive Test: create domain with virtual TPM attached at build time, -# check list of pcrs; locally migrate the domain and -# check list of pcrs again -# This test does local (non-live) migration. - -from XmTestLib import * -from vtpm_utils import * -import commands -import os -import os.path -import atexit - -config = {"vtpm":"instance=1,backend=0"} -domain = XmTestDomain(extraConfig=config) -domName = domain.getName() -consoleHistory = "" - -try: - console = domain.start() -except DomainError, e: - if verbose: - print e.extra - FAIL("Unable to create domain (%s)" % domName) - -atexit.register(vtpm_cleanup, vtpm_get_uuid(domid(domName))) - -try: - console.sendInput("input") -except ConsoleError, e: - saveLog(console.getHistory()) - FAIL(str(e)) - -try: - run = console.runCmd("cat /sys/devices/xen/vtpm-0/pcrs") -except ConsoleError, e: - saveLog(console.getHistory()) - FAIL("No result from dumping the PCRs") - -if re.search("No such file",run["output"]): - FAIL("TPM frontend support not compiled into (domU?) kernel") - -consoleHistory = console.getHistory() -domain.closeConsole() - -old_domid = domid(domName) - -loop = 0 -while loop < 3: - try: - status, ouptut = traceCommand("xm migrate %s localhost" % - domName, - timeout=90) - except TimeoutError, e: - saveLog(consoleHistory) - FAIL(str(e)) - - if status != 0: - saveLog(consoleHistory) - FAIL("xm migrate did not succeed. External device migration activated?") - - - domName = domain.getName() - new_domid = domid(domName) - - if (old_domid == new_domid): - FAIL("xm migrate failed, domain id is still %s (loop=%d)" % - (old_domid,loop)) - - try: - console = domain.getConsole() - except ConsoleError, e: - FAIL(str(e)) - - try: - run = console.runCmd("cat /sys/devices/xen/vtpm-0/pcrs") - except ConsoleError, e: - saveLog(console.getHistory()) - FAIL("No result from dumping the PCRs") - - if not re.search("PCR-00:",run["output"]): - saveLog(console.getHistory()) - FAIL("Virtual TPM is not working correctly on /dev/vtpm on backend side") - - loop += 1 - -domain.closeConsole() - -domain.stop() diff --git a/tools/xm-test/tests/vtpm/06_vtpm-susp_res_pcrs.py b/tools/xm-test/tests/vtpm/06_vtpm-susp_res_pcrs.py deleted file mode 100644 index c70691d8e7..0000000000 --- a/tools/xm-test/tests/vtpm/06_vtpm-susp_res_pcrs.py +++ /dev/null @@ -1,125 +0,0 @@ -#!/usr/bin/python - -# Copyright (C) International Business Machines Corp., 2006 -# Author: Stefan Berger <stefanb@us.ibm.com> - -# Positive Test: create domain with virtual TPM attached at build time, -# extend a pcr -# check list of pcrs; suspend and resume the domain and -# check list of pcrs again and validate extended pcr - -from XmTestLib import * -from vtpm_utils import * -import commands -import os -import os.path -import atexit - -config = {"vtpm":"instance=1,backend=0"} -domain = XmTestDomain(extraConfig=config) -domName = domain.getName() -consoleHistory = "" - -try: - console = domain.start() -except DomainError, e: - if verbose: - print e.extra - FAIL("Unable to create domain (%s)" % domName) - -atexit.register(vtpm_cleanup, vtpm_get_uuid(domid(domName))) - -try: - console.sendInput("input") -except ConsoleError, e: - saveLog(console.getHistory()) - FAIL(str(e)) - -try: - run = console.runCmd("mknod /dev/tpm0 c 10 224") -except ConsoleError, e: - saveLog(console.getHistory()) - FAIL("Error while creating /dev/tpm0") - -try: - run = console.runCmd("echo -ne \"\\x00\\xc1\\x00\\x00\\x00\\x22\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x01\\x02\\x03\\x04\\x05\\x06\\x07\\x08\\x09\\x0a\\x0b\\x0c\\x0d\\x0e\\0xf\\x10\\x11\\x12\\x13\\x14\" > seq; cat seq > /dev/tpm0") -except ConsoleError, e: - saveLog(console.getHistory()) - FAIL("Error while extending PCR 0") - -try: - run = console.runCmd("cat /sys/devices/xen/vtpm-0/pcrs") -except ConsoleError, e: - saveLog(console.getHistory()) - FAIL("No result from dumping the PCRs") - - -if re.search("No such file",run["output"]): - FAIL("TPM frontend support not compiled into (domU?) kernel") - -if not re.search("PCR-00:",run["output"]): - saveLog(console.getHistory()) - FAIL("Virtual TPM is not working correctly on /dev/vtpm on backend side: \n%s" % run["output"]) - -if not re.search("PCR-00: 1E A7 BD",run["output"]): - saveLog(console.getHistory()) - FAIL("Extend did not lead to expected result (1E A7 BD ...): \n%s" % run["output"]) - -consoleHistory = console.getHistory() -domain.closeConsole() - -loop = 0 -while loop < 3: - try: - status, ouptut = traceCommand("xm save %s %s.save" % - (domName, domName), - timeout=30) - - except TimeoutError, e: - saveLog(consoleHistory) - FAIL(str(e)) - - if status != 0: - saveLog(consoleHistory) - FAIL("xm save did not succeed") - - try: - status, ouptut = traceCommand("xm restore %s.save" % - (domName), - timeout=30) - except TimeoutError, e: - os.remove("%s.save" % domName) - saveLog(consoleHistory) - FAIL(str(e)) - - os.remove("%s.save" % domName) - - if status != 0: - saveLog(consoleHistory) - FAIL("xm restore did not succeed") - - try: - console = domain.getConsole() - except ConsoleError, e: - FAIL(str(e)) - - try: - run = console.runCmd("cat /sys/devices/xen/vtpm-0/pcrs") - except ConsoleError, e: - saveLog(console.getHistory()) - FAIL(str(e)) - - if not re.search("PCR-00:",run["output"]): - saveLog(console.getHistory()) - FAIL("Virtual TPM is not working correctly on /dev/vtpm on backend side") - - if not re.search("PCR-00: 1E A7 BD",run["output"]): - saveLog(console.getHistory()) - FAIL("Virtual TPM lost PCR 0 value: \n%s" % run["output"]) - - loop += 1 - -domain.closeConsole() - -domain.stop() - diff --git a/tools/xm-test/tests/vtpm/07_vtpm-mig_pcrs.py b/tools/xm-test/tests/vtpm/07_vtpm-mig_pcrs.py deleted file mode 100644 index 4ff33600a0..0000000000 --- a/tools/xm-test/tests/vtpm/07_vtpm-mig_pcrs.py +++ /dev/null @@ -1,119 +0,0 @@ -#!/usr/bin/python - -# Copyright (C) International Business Machines Corp., 2006 -# Author: Stefan Berger <stefanb@us.ibm.com> - -# Positive Test: create domain with virtual TPM attached at build time, -# extend a pcr -# check list of pcrs; locally migrate the domain and -# check list of pcrs again and validate extended pcr -# This test does local live migration. - -from XmTestLib import * -from vtpm_utils import * -import commands -import os -import os.path -import atexit - -config = {"vtpm":"instance=1,backend=0"} -domain = XmTestDomain(extraConfig=config) -domName = domain.getName() -consoleHistory = "" - -try: - console = domain.start() -except DomainError, e: - if verbose: - print e.extra - FAIL("Unable to create domain (%s)" % domName) - -atexit.register(vtpm_cleanup, vtpm_get_uuid(domid(domName))) - -try: - console.sendInput("input") -except ConsoleError, e: - saveLog(console.getHistory()) - FAIL(str(e)) - -try: - run = console.runCmd("mknod /dev/tpm0 c 10 224") -except ConsoleError, e: - saveLog(console.getHistory()) - FAIL("Error while creating /dev/tpm0") - -try: - run = console.runCmd("echo -ne \"\\x00\\xc1\\x00\\x00\\x00\\x22\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x01\\x02\\x03\\x04\\x05\\x06\\x07\\x08\\x09\\x0a\\x0b\\x0c\\x0d\\x0e\\0xf\\x10\\x11\\x12\\x13\\x14\" > seq; cat seq > /dev/tpm0") -except ConsoleError, e: - saveLog(console.getHistory()) - FAIL("Error while extending PCR 0") - -try: - run = console.runCmd("cat /sys/devices/xen/vtpm-0/pcrs") -except ConsoleError, e: - saveLog(console.getHistory()) - FAIL("No result from dumping the PCRs") - - -if re.search("No such file",run["output"]): - FAIL("TPM frontend support not compiled into (domU?) kernel") - -if not re.search("PCR-00:",run["output"]): - saveLog(console.getHistory()) - FAIL("Virtual TPM is not working correctly on /dev/vtpm on backend side: \n%s" % run["output"]) - -if not re.search("PCR-00: 1E A7 BD",run["output"]): - saveLog(console.getHistory()) - FAIL("Extend did not lead to expected result (1E A7 BD ...): \n%s" % run["output"]) - -consoleHistory = console.getHistory() -domain.closeConsole() - -old_domid = domid(domName) - -loop = 0 -while loop < 3: - try: - status, ouptut = traceCommand("xm migrate -l %s localhost" % - domName, - timeout=90) - except TimeoutError, e: - saveLog(consoleHistory) - FAIL(str(e)) - - if status != 0: - saveLog(consoleHistory) - FAIL("xm migrate did not succeed. External device migration activated?") - - - domName = domain.getName() - new_domid = domid(domName) - - if (old_domid == new_domid): - FAIL("xm migrate failed, domain id is still %s (loop=%d)" % - (old_domid,loop)) - - try: - console = domain.getConsole() - except ConsoleError, e: - FAIL(str(e)) - - try: - run = console.runCmd("cat /sys/devices/xen/vtpm-0/pcrs") - except ConsoleError, e: - saveLog(console.getHistory()) - FAIL("No result from dumping the PCRs") - - if not re.search("PCR-00:",run["output"]): - saveLog(console.getHistory()) - FAIL("Virtual TPM is not working correctly on /dev/vtpm on backend side") - - if not re.search("PCR-00: 1E A7 BD",run["output"]): - saveLog(console.getHistory()) - FAIL("Virtual TPM lost PCR 0 value: \n%s" % run["output"]) - - loop += 1 - -domain.closeConsole() - -domain.stop() diff --git a/tools/xm-test/tests/vtpm/08_vtpm-mig_pcrs.py b/tools/xm-test/tests/vtpm/08_vtpm-mig_pcrs.py deleted file mode 100644 index 27125fca44..0000000000 --- a/tools/xm-test/tests/vtpm/08_vtpm-mig_pcrs.py +++ /dev/null @@ -1,119 +0,0 @@ -#!/usr/bin/python - -# Copyright (C) International Business Machines Corp., 2006 -# Author: Stefan Berger <stefanb@us.ibm.com> - -# Positive Test: create domain with virtual TPM attached at build time, -# extend a pcr -# check list of pcrs; locally migrate the domain and -# check list of pcrs again and validate extended pcr -# This test does local (non-live) migration. - -from XmTestLib import * -from vtpm_utils import * -import commands -import os -import os.path -import atexit - -config = {"vtpm":"instance=1,backend=0"} -domain = XmTestDomain(extraConfig=config) -domName = domain.getName() -consoleHistory = "" - -try: - console = domain.start() -except DomainError, e: - if verbose: - print e.extra - FAIL("Unable to create domain (%s)" % domName) - -atexit.register(vtpm_cleanup, vtpm_get_uuid(domid(domName))) - -try: - console.sendInput("input") -except ConsoleError, e: - saveLog(console.getHistory()) - FAIL(str(e)) - -try: - run = console.runCmd("mknod /dev/tpm0 c 10 224") -except ConsoleError, e: - saveLog(console.getHistory()) - FAIL("Error while creating /dev/tpm0") - -try: - run = console.runCmd("echo -ne \"\\x00\\xc1\\x00\\x00\\x00\\x22\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x01\\x02\\x03\\x04\\x05\\x06\\x07\\x08\\x09\\x0a\\x0b\\x0c\\x0d\\x0e\\0xf\\x10\\x11\\x12\\x13\\x14\" > seq; cat seq > /dev/tpm0") -except ConsoleError, e: - saveLog(console.getHistory()) - FAIL("Error while extending PCR 0") - -try: - run = console.runCmd("cat /sys/devices/xen/vtpm-0/pcrs") -except ConsoleError, e: - saveLog(console.getHistory()) - FAIL("No result from dumping the PCRs") - - -if re.search("No such file",run["output"]): - FAIL("TPM frontend support not compiled into (domU?) kernel") - -if not re.search("PCR-00:",run["output"]): - saveLog(console.getHistory()) - FAIL("Virtual TPM is not working correctly on /dev/vtpm on backend side: \n%s" % run["output"]) - -if not re.search("PCR-00: 1E A7 BD",run["output"]): - saveLog(console.getHistory()) - FAIL("Extend did not lead to expected result (1E A7 BD ...): \n%s" % run["output"]) - -consoleHistory = console.getHistory() -domain.closeConsole() - -old_domid = domid(domName) - -loop = 0 -while loop < 3: - try: - status, ouptut = traceCommand("xm migrate %s localhost" % - domName, - timeout=90) - except TimeoutError, e: - saveLog(consoleHistory) - FAIL(str(e)) - - if status != 0: - saveLog(consoleHistory) - FAIL("xm migrate did not succeed. External device migration activated?") - - - domName = domain.getName() - new_domid = domid(domName) - - if (old_domid == new_domid): - FAIL("xm migrate failed, domain id is still %s (loop=%d)" % - (old_domid,loop)) - - try: - console = domain.getConsole() - except ConsoleError, e: - FAIL(str(e)) - - try: - run = console.runCmd("cat /sys/devices/xen/vtpm-0/pcrs") - except ConsoleError, e: - saveLog(console.getHistory()) - FAIL("No result from dumping the PCRs") - - if not re.search("PCR-00:",run["output"]): - saveLog(console.getHistory()) - FAIL("Virtual TPM is not working correctly on /dev/vtpm on backend side") - - if not re.search("PCR-00: 1E A7 BD",run["output"]): - saveLog(console.getHistory()) - FAIL("Virtual TPM lost PCR 0 value: \n%s" % run["output"]) - - loop += 1 - -domain.closeConsole() - -domain.stop() diff --git a/tools/xm-test/tests/vtpm/09_vtpm-xapi.py b/tools/xm-test/tests/vtpm/09_vtpm-xapi.py deleted file mode 100644 index a1aa8b3c70..0000000000 --- a/tools/xm-test/tests/vtpm/09_vtpm-xapi.py +++ /dev/null @@ -1,158 +0,0 @@ -#!/usr/bin/python - -# Copyright (C) International Business Machines Corp., 2006 -# Author: Stefan Berger <stefanb@us.ibm.com> - -# Test to test the vtpm class through the Xen-API -# -# Tested methods: -# VTPM: get_uuid, get_backend, get_by_uuid, get_record -# create, destroy, get_VM -# VM: get_VTPMS - -from XmTestLib import xapi -from XmTestLib.XenAPIDomain import XmTestAPIDomain -from XmTestLib import * -from vtpm_utils import * -import commands -import os - -VTPM_RECORD_KEYS = [ 'backend', 'VM', 'uuid', 'other_config' ] - -try: - # XmTestAPIDomain tries to establish a connection to XenD - domain = XmTestAPIDomain() -except Exception, e: - SKIP("Skipping test. Error: %s" % str(e)) -vm_uuid = domain.get_uuid() - -vtpmcfg = {} -vtpmcfg['backend'] = DOM0_UUID -vtpmcfg['VM'] = vm_uuid - -session = xapi.connect() - -vtpm_uuid = session.xenapi.VTPM.create(vtpmcfg) - -vtpm_be = session.xenapi.VTPM.get_backend(vtpm_uuid) -if vtpm_be != vtpmcfg['backend']: - FAIL("vTPM's backend is in '%s', expected: '%s'" % - (vtpm_be, vtpmcfg['backend'])) - -vtpm_rec = session.xenapi.VTPM.get_record(vtpm_uuid) - -miss_keys = [] -for k in VTPM_RECORD_KEYS: - if k not in vtpm_rec.keys(): - miss_keys.append(k) -if len(miss_keys) > 0: - FAIL("vTPM record is missing key(s): %s" % miss_keys) - -if vtpm_rec['uuid'] != vtpm_uuid: - FAIL("vTPM record shows vtpm uuid '%s', expected: '%s'" % - (vtpm_rec['uuid'], vtpm_uuid)) -if vtpm_rec['VM'] != vm_uuid: - FAIL("vTPM record shows VM uuid '%s', expected: '%s'" % - (vtpm_rec['VM'], vm_uuid)) -if vtpm_rec['backend'] != vtpmcfg['backend']: - FAIL("vTPM record shows VM bakcned '%s', expected: '%s'" % - (vtpm_rev['backend'], vtpmcfg['backend'])) - -badkeys = [] -keys = vtpm_rec.keys() -for k in keys: - if k not in VTPM_RECORD_KEYS: - badkeys.append(k) -if len(badkeys) > 0: - FAIL("Unexpected attributes in result: %s" % badkeys) - -if vm_uuid != session.xenapi.VTPM.get_VM(vtpm_uuid): - FAIL("VM uuid from VTPM.get_VM different (%s) than expected (%s)." % - (vm_ref, vm_uuid)) - -uuid = session.xenapi.VTPM.get_uuid(vtpm_uuid) -if uuid != vtpm_uuid: - FAIL("vTPM from VTPM.get_uuid different (%s) than expected (%s)." % - (uuid, vtpm_uuid)) - -vtpm_ref = session.xenapi.VTPM.get_by_uuid(vtpm_uuid) -if vtpm_ref != vtpm_uuid: - FAIL("vTPM from VTPM.get_by_uuid different (%s) than expected (%s)." % - (vtpm_ref, vtpm_uuid)) - -vm_vtpms = session.xenapi.VM.get_VTPMs(vm_uuid) -if len(vm_vtpms) != 1: - FAIL("Number of vTPMs from get_VTPMs is (%d) not what was expected (%d)" % - (len(vm_vtpms), 1)) -if vtpm_uuid not in vm_vtpms: - FAIL("Other vTPM uuid (%s) returned from VM.get_VTPMs than expected (%s)" % - (vm_vtpms[0], vtpm_uuid)) - -try: - console = domain.start() -except DomainError, e: - FAIL("Unable to create domain.") - -try: - console.sendInput("input") -except ConsoleError, e: - saveLog(console.getHistory()) - FAIL(str(e)) - -try: - run = console.runCmd("cat /sys/devices/xen/vtpm-0/pcrs") -except ConsoleError, e: - saveLog(console.getHistory()) - FAIL("1. No result from dumping the PCRs") - -if re.search("No such file",run["output"]): - FAIL("TPM frontend support not compiled into (domU?) kernel") - -if not re.search("PCR-00:",run["output"]): - saveLog(console.getHistory()) - FAIL("1. Virtual TPM is not working correctly on /dev/vtpm on backend side: \n%s" % run["output"]) - -try: - session.xenapi.VTPM.destroy(vtpm_uuid) - #Should never get here - FAIL("Could destroy vTPM while VM is running") -except: - pass - -rc = session.xenapi.VM.suspend(vm_uuid) -if rc: - FAIL("Could not suspend VM") - -try: - session.xenapi.VTPM.destroy(vtpm_uuid) - #May not throw an exception in 'suspend' state -except: - pass - -rc = session.xenapi.VM.resume(vm_uuid, False) -if rc: - FAIL("Could not resume VM") - -try: - console = domain.getConsole() -except ConsoleError, e: - FAIL(str(e)) - -try: - run = console.runCmd("cat /sys/devices/xen/vtpm-0/pcrs") -except ConsoleError, e: - saveLog(console.getHistory()) - FAIL("2. No result from dumping the PCRs. vTPM has been removed?") - -if not re.search("PCR-00:",run["output"]): - saveLog(console.getHistory()) - FAIL("2. Virtual TPM is not working correctly on /dev/vtpm on backend side: \n%s" % run["output"]) - -domain.stop() - -try: - session.xenapi.VTPM.destroy(vtpm_uuid) -except: - FAIL("Could NOT destroy vTPM while domain is halted.") - -domain.destroy() diff --git a/tools/xm-test/tests/vtpm/Makefile.am b/tools/xm-test/tests/vtpm/Makefile.am deleted file mode 100644 index dd67e459ec..0000000000 --- a/tools/xm-test/tests/vtpm/Makefile.am +++ /dev/null @@ -1,27 +0,0 @@ -SUBDIRS = - -TESTS = 01_vtpm-list_pos.test \ - 02_vtpm-cat_pcrs.test \ - 03_vtpm-susp_res.test \ - 04_vtpm-loc_migr.test \ - 05_vtpm-loc_migr.test \ - 06_vtpm-susp_res_pcrs.test \ - 07_vtpm-mig_pcrs.test \ - 08_vtpm-mig_pcrs.test \ - 09_vtpm-xapi.test - -XFAIL_TESTS = - -EXTRA_DIST = $(TESTS) $(XFAIL_TESTS) vtpm_utils.py -TESTS_ENVIRONMENT=@TENV@ - -%.test: %.py - cp $< $@ - chmod +x $@ - -clean-local: am_config_clean-local - -am_config_clean-local: - rm -f *test - rm -f *log - rm -f *~ diff --git a/tools/xm-test/tests/vtpm/vtpm_utils.py b/tools/xm-test/tests/vtpm/vtpm_utils.py deleted file mode 100644 index 4e5b281bb8..0000000000 --- a/tools/xm-test/tests/vtpm/vtpm_utils.py +++ /dev/null @@ -1,30 +0,0 @@ -#!/usr/bin/python - -# Copyright (C) International Business Machines Corp., 2006 -# Author: Stefan Berger <stefanb@us.ibm.com> - -from XmTestLib import * - -if ENABLE_HVM_SUPPORT: - SKIP("vtpm tests not supported for HVM domains") - -status, output = traceCommand("COLUMNS=200 ; " - "ps aux | grep vtpm_manager | grep -v grep") -if output == "": - SKIP("virtual TPM manager must be started to run this test; might " - "need /dev/tpm0") - -def vtpm_cleanup(domName): - traceCommand("/etc/xen/scripts/vtpm-delete " - "`xenstore-read /local/domain/0/backend/vtpm/%s/0/uuid`" % - str(domid(domName))) - -def vtpm_cleanup(uuid): - from xen.xm import main - if main.serverType != main.SERVER_XEN_API: - traceCommand("/etc/xen/scripts/vtpm-delete %s" % uuid) - -def vtpm_get_uuid(domainid): - s, o = traceCommand("xenstore-read " - "/local/domain/0/backend/vtpm/%s/0/uuid" % domainid) - return o |