ia64/xen-unstable
changeset 8130:3399f4b9396a
Removes the carriage returns from some of the vtpm
source files that were edited in windows at some point.
Signed-off-by: Vinnie Scarlata <vincent.r.scarlata@intel.com>
source files that were edited in windows at some point.
Signed-off-by: Vinnie Scarlata <vincent.r.scarlata@intel.com>
| author | kaf24@firebug.cl.cam.ac.uk |
|---|---|
| date | Wed Nov 30 12:07:28 2005 +0100 (2005-11-30) |
| parents | d963256dc3e0 |
| children | 72f79d68e86c |
| files | tools/vtpm_manager/crypto/Makefile tools/vtpm_manager/manager/Makefile tools/vtpm_manager/manager/tpmpassthrough.c tools/vtpm_manager/manager/vtpm_manager.h tools/vtpm_manager/manager/vtpmd.c tools/vtpm_manager/manager/vtpmpriv.h tools/vtpm_manager/manager/vtsp.c tools/vtpm_manager/manager/vtsp.h tools/vtpm_manager/util/Makefile |
line diff
1.1 --- a/tools/vtpm_manager/crypto/Makefile Wed Nov 30 11:36:57 2005 +0100 1.2 +++ b/tools/vtpm_manager/crypto/Makefile Wed Nov 30 12:07:28 2005 +0100 1.3 @@ -1,19 +1,19 @@ 1.4 -XEN_ROOT = ../../.. 1.5 -include $(XEN_ROOT)/tools/vtpm_manager/Rules.mk 1.6 - 1.7 -BIN = libtcpaCrypto.a 1.8 - 1.9 -all: build 1.10 - 1.11 -build: $(BIN) 1.12 - 1.13 -install: build 1.14 - 1.15 -clean: 1.16 - rm -f *.a *.so *.o *.rpm $(DEP_FILES) 1.17 - 1.18 -mrproper: clean 1.19 - rm -f *~ 1.20 - 1.21 -$(BIN): $(OBJS) 1.22 - $(AR) rcs $(BIN) $(OBJS) 1.23 +XEN_ROOT = ../../.. 1.24 +include $(XEN_ROOT)/tools/vtpm_manager/Rules.mk 1.25 + 1.26 +BIN = libtcpaCrypto.a 1.27 + 1.28 +all: build 1.29 + 1.30 +build: $(BIN) 1.31 + 1.32 +install: build 1.33 + 1.34 +clean: 1.35 + rm -f *.a *.so *.o *.rpm $(DEP_FILES) 1.36 + 1.37 +mrproper: clean 1.38 + rm -f *~ 1.39 + 1.40 +$(BIN): $(OBJS) 1.41 + $(AR) rcs $(BIN) $(OBJS)
2.1 --- a/tools/vtpm_manager/manager/Makefile Wed Nov 30 11:36:57 2005 +0100 2.2 +++ b/tools/vtpm_manager/manager/Makefile Wed Nov 30 12:07:28 2005 +0100 2.3 @@ -1,27 +1,27 @@ 2.4 -XEN_ROOT = ../../.. 2.5 -include $(XEN_ROOT)/tools/vtpm_manager/Rules.mk 2.6 - 2.7 -BIN = vtpm_managerd 2.8 - 2.9 -all: build 2.10 - 2.11 -build: $(BIN) 2.12 - 2.13 -install: build 2.14 - if [ ! -d "$(DESTDIR)/var/vtpm/fifos" ]; \ 2.15 - then mkdir -p $(DESTDIR)/var/vtpm/fifos; \ 2.16 - fi 2.17 - $(INSTALL_PROG) $(BIN) $(TOOLS_INSTALL_DIR) 2.18 - 2.19 -clean: 2.20 - rm -f *.a *.so *.o *.rpm $(DEP_FILES) 2.21 - 2.22 -mrproper: clean 2.23 - rm -f $(BIN) *~ 2.24 - 2.25 -$(BIN): $(OBJS) 2.26 - $(CC) $(LDFLAGS) $^ $(LIBS) -o $@ 2.27 - 2.28 -# libraries 2.29 -LIBS += ../tcs/libTCS.a ../util/libTCGUtils.a ../crypto/libtcpaCrypto.a 2.30 -LIBS += -lcrypto -lpthread -lrt -lm 2.31 +XEN_ROOT = ../../.. 2.32 +include $(XEN_ROOT)/tools/vtpm_manager/Rules.mk 2.33 + 2.34 +BIN = vtpm_managerd 2.35 + 2.36 +all: build 2.37 + 2.38 +build: $(BIN) 2.39 + 2.40 +install: build 2.41 + if [ ! -d "$(DESTDIR)/var/vtpm/fifos" ]; \ 2.42 + then mkdir -p $(DESTDIR)/var/vtpm/fifos; \ 2.43 + fi 2.44 + $(INSTALL_PROG) $(BIN) $(TOOLS_INSTALL_DIR) 2.45 + 2.46 +clean: 2.47 + rm -f *.a *.so *.o *.rpm $(DEP_FILES) 2.48 + 2.49 +mrproper: clean 2.50 + rm -f $(BIN) *~ 2.51 + 2.52 +$(BIN): $(OBJS) 2.53 + $(CC) $(LDFLAGS) $^ $(LIBS) -o $@ 2.54 + 2.55 +# libraries 2.56 +LIBS += ../tcs/libTCS.a ../util/libTCGUtils.a ../crypto/libtcpaCrypto.a 2.57 +LIBS += -lcrypto -lpthread -lrt -lm
3.1 --- a/tools/vtpm_manager/manager/tpmpassthrough.c Wed Nov 30 11:36:57 2005 +0100 3.2 +++ b/tools/vtpm_manager/manager/tpmpassthrough.c Wed Nov 30 12:07:28 2005 +0100 3.3 @@ -1,110 +1,110 @@ 3.4 -// =================================================================== 3.5 -// 3.6 -// Copyright (c) 2005, Intel Corp. 3.7 -// All rights reserved. 3.8 -// 3.9 -// Redistribution and use in source and binary forms, with or without 3.10 -// modification, are permitted provided that the following conditions 3.11 -// are met: 3.12 -// 3.13 -// * Redistributions of source code must retain the above copyright 3.14 -// notice, this list of conditions and the following disclaimer. 3.15 -// * Redistributions in binary form must reproduce the above 3.16 -// copyright notice, this list of conditions and the following 3.17 -// disclaimer in the documentation and/or other materials provided 3.18 -// with the distribution. 3.19 -// * Neither the name of Intel Corporation nor the names of its 3.20 -// contributors may be used to endorse or promote products derived 3.21 -// from this software without specific prior written permission. 3.22 -// 3.23 -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 3.24 -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 3.25 -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 3.26 -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 3.27 -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 3.28 -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 3.29 -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 3.30 -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 3.31 -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 3.32 -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 3.33 -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 3.34 -// OF THE POSSIBILITY OF SUCH DAMAGE. 3.35 -// =================================================================== 3.36 -// 3.37 -// tpmpassthrough.c 3.38 -// 3.39 -// Functions regarding passing DMI requests to HWTPM 3.40 -// 3.41 -// ================================================================== 3.42 - 3.43 -#include "tcg.h" 3.44 -#include "vtpm_manager.h" 3.45 -#include "vtpmpriv.h" 3.46 -#include "vtsp.h" 3.47 -#include "log.h" 3.48 - 3.49 -TPM_RESULT VTPM_Handle_TPM_Command( VTPM_DMI_RESOURCE *dmi, 3.50 - buffer_t *inbuf, 3.51 - buffer_t *outbuf) { 3.52 - 3.53 - TPM_RESULT status = TPM_SUCCESS; 3.54 - TPM_COMMAND_CODE *ord; 3.55 - 3.56 - ord = (TPM_COMMAND_CODE *) (inbuf->bytes + sizeof(TPM_TAG) + sizeof(UINT32)); 3.57 - 3.58 - switch (*ord) { 3.59 - 3.60 - // Forbidden for DMI use 3.61 - case TPM_ORD_TakeOwnership: 3.62 - case TPM_ORD_ChangeAuthOwner: 3.63 - case TPM_ORD_DirWriteAuth: 3.64 - case TPM_ORD_DirRead: 3.65 - case TPM_ORD_AuthorizeMigrationKey: 3.66 - case TPM_ORD_CreateMaintenanceArchive: 3.67 - case TPM_ORD_LoadMaintenanceArchive: 3.68 - case TPM_ORD_KillMaintenanceFeature: 3.69 - case TPM_ORD_LoadManuMaintPub: 3.70 - case TPM_ORD_ReadManuMaintPub: 3.71 - case TPM_ORD_SelfTestFull: 3.72 - case TPM_ORD_SelfTestStartup: 3.73 - case TPM_ORD_CertifySelfTest: 3.74 - case TPM_ORD_ContinueSelfTest: 3.75 - case TPM_ORD_GetTestResult: 3.76 - case TPM_ORD_Reset: 3.77 - case TPM_ORD_OwnerClear: 3.78 - case TPM_ORD_DisableOwnerClear: 3.79 - case TPM_ORD_ForceClear: 3.80 - case TPM_ORD_DisableForceClear: 3.81 - case TPM_ORD_GetCapabilityOwner: 3.82 - case TPM_ORD_OwnerSetDisable: 3.83 - case TPM_ORD_PhysicalEnable: 3.84 - case TPM_ORD_PhysicalDisable: 3.85 - case TPM_ORD_SetOwnerInstall: 3.86 - case TPM_ORD_PhysicalSetDeactivated: 3.87 - case TPM_ORD_SetTempDeactivated: 3.88 - case TPM_ORD_CreateEndorsementKeyPair: 3.89 - case TPM_ORD_GetAuditEvent: 3.90 - case TPM_ORD_GetAuditEventSigned: 3.91 - case TPM_ORD_GetOrdinalAuditStatus: 3.92 - case TPM_ORD_SetOrdinalAuditStatus: 3.93 - case TPM_ORD_SetRedirection: 3.94 - case TPM_ORD_FieldUpgrade: 3.95 - case TSC_ORD_PhysicalPresence: 3.96 - status = TPM_DISABLED_CMD; 3.97 - goto abort_egress; 3.98 - break; 3.99 - 3.100 - } // End ORD Switch 3.101 - 3.102 - // Call TCS with command 3.103 - 3.104 - TPMTRY(TPM_IOERROR, VTSP_RawTransmit( dmi->TCSContext,inbuf, outbuf) ); 3.105 - 3.106 - goto egress; 3.107 - 3.108 - abort_egress: 3.109 - vtpmloginfo(VTPM_LOG_VTPM, "TPM Command Failed in tpmpassthrough.\n"); 3.110 - egress: 3.111 - 3.112 - return status; 3.113 -} 3.114 +// =================================================================== 3.115 +// 3.116 +// Copyright (c) 2005, Intel Corp. 3.117 +// All rights reserved. 3.118 +// 3.119 +// Redistribution and use in source and binary forms, with or without 3.120 +// modification, are permitted provided that the following conditions 3.121 +// are met: 3.122 +// 3.123 +// * Redistributions of source code must retain the above copyright 3.124 +// notice, this list of conditions and the following disclaimer. 3.125 +// * Redistributions in binary form must reproduce the above 3.126 +// copyright notice, this list of conditions and the following 3.127 +// disclaimer in the documentation and/or other materials provided 3.128 +// with the distribution. 3.129 +// * Neither the name of Intel Corporation nor the names of its 3.130 +// contributors may be used to endorse or promote products derived 3.131 +// from this software without specific prior written permission. 3.132 +// 3.133 +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 3.134 +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 3.135 +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 3.136 +// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 3.137 +// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 3.138 +// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 3.139 +// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 3.140 +// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 3.141 +// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 3.142 +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 3.143 +// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 3.144 +// OF THE POSSIBILITY OF SUCH DAMAGE. 3.145 +// =================================================================== 3.146 +// 3.147 +// tpmpassthrough.c 3.148 +// 3.149 +// Functions regarding passing DMI requests to HWTPM 3.150 +// 3.151 +// ================================================================== 3.152 + 3.153 +#include "tcg.h" 3.154 +#include "vtpm_manager.h" 3.155 +#include "vtpmpriv.h" 3.156 +#include "vtsp.h" 3.157 +#include "log.h" 3.158 + 3.159 +TPM_RESULT VTPM_Handle_TPM_Command( VTPM_DMI_RESOURCE *dmi, 3.160 + buffer_t *inbuf, 3.161 + buffer_t *outbuf) { 3.162 + 3.163 + TPM_RESULT status = TPM_SUCCESS; 3.164 + TPM_COMMAND_CODE *ord; 3.165 + 3.166 + ord = (TPM_COMMAND_CODE *) (inbuf->bytes + sizeof(TPM_TAG) + sizeof(UINT32)); 3.167 + 3.168 + switch (*ord) { 3.169 + 3.170 + // Forbidden for DMI use 3.171 + case TPM_ORD_TakeOwnership: 3.172 + case TPM_ORD_ChangeAuthOwner: 3.173 + case TPM_ORD_DirWriteAuth: 3.174 + case TPM_ORD_DirRead: 3.175 + case TPM_ORD_AuthorizeMigrationKey: 3.176 + case TPM_ORD_CreateMaintenanceArchive: 3.177 + case TPM_ORD_LoadMaintenanceArchive: 3.178 + case TPM_ORD_KillMaintenanceFeature: 3.179 + case TPM_ORD_LoadManuMaintPub: 3.180 + case TPM_ORD_ReadManuMaintPub: 3.181 + case TPM_ORD_SelfTestFull: 3.182 + case TPM_ORD_SelfTestStartup: 3.183 + case TPM_ORD_CertifySelfTest: 3.184 + case TPM_ORD_ContinueSelfTest: 3.185 + case TPM_ORD_GetTestResult: 3.186 + case TPM_ORD_Reset: 3.187 + case TPM_ORD_OwnerClear: 3.188 + case TPM_ORD_DisableOwnerClear: 3.189 + case TPM_ORD_ForceClear: 3.190 + case TPM_ORD_DisableForceClear: 3.191 + case TPM_ORD_GetCapabilityOwner: 3.192 + case TPM_ORD_OwnerSetDisable: 3.193 + case TPM_ORD_PhysicalEnable: 3.194 + case TPM_ORD_PhysicalDisable: 3.195 + case TPM_ORD_SetOwnerInstall: 3.196 + case TPM_ORD_PhysicalSetDeactivated: 3.197 + case TPM_ORD_SetTempDeactivated: 3.198 + case TPM_ORD_CreateEndorsementKeyPair: 3.199 + case TPM_ORD_GetAuditEvent: 3.200 + case TPM_ORD_GetAuditEventSigned: 3.201 + case TPM_ORD_GetOrdinalAuditStatus: 3.202 + case TPM_ORD_SetOrdinalAuditStatus: 3.203 + case TPM_ORD_SetRedirection: 3.204 + case TPM_ORD_FieldUpgrade: 3.205 + case TSC_ORD_PhysicalPresence: 3.206 + status = TPM_DISABLED_CMD; 3.207 + goto abort_egress; 3.208 + break; 3.209 + 3.210 + } // End ORD Switch 3.211 + 3.212 + // Call TCS with command 3.213 + 3.214 + TPMTRY(TPM_IOERROR, VTSP_RawTransmit( dmi->TCSContext,inbuf, outbuf) ); 3.215 + 3.216 + goto egress; 3.217 + 3.218 + abort_egress: 3.219 + vtpmloginfo(VTPM_LOG_VTPM, "TPM Command Failed in tpmpassthrough.\n"); 3.220 + egress: 3.221 + 3.222 + return status; 3.223 +}
4.1 --- a/tools/vtpm_manager/manager/vtpm_manager.h Wed Nov 30 11:36:57 2005 +0100 4.2 +++ b/tools/vtpm_manager/manager/vtpm_manager.h Wed Nov 30 12:07:28 2005 +0100 4.3 @@ -1,137 +1,137 @@ 4.4 -// =================================================================== 4.5 -// 4.6 -// Copyright (c) 2005, Intel Corp. 4.7 -// All rights reserved. 4.8 -// 4.9 -// Redistribution and use in source and binary forms, with or without 4.10 -// modification, are permitted provided that the following conditions 4.11 -// are met: 4.12 -// 4.13 -// * Redistributions of source code must retain the above copyright 4.14 -// notice, this list of conditions and the following disclaimer. 4.15 -// * Redistributions in binary form must reproduce the above 4.16 -// copyright notice, this list of conditions and the following 4.17 -// disclaimer in the documentation and/or other materials provided 4.18 -// with the distribution. 4.19 -// * Neither the name of Intel Corporation nor the names of its 4.20 -// contributors may be used to endorse or promote products derived 4.21 -// from this software without specific prior written permission. 4.22 -// 4.23 -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 4.24 -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 4.25 -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 4.26 -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 4.27 -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 4.28 -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 4.29 -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 4.30 -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4.31 -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 4.32 -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 4.33 -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 4.34 -// OF THE POSSIBILITY OF SUCH DAMAGE. 4.35 -// =================================================================== 4.36 -// 4.37 -// vtpm_manager.h 4.38 -// 4.39 -// Public Interface header for VTPM Manager 4.40 -// 4.41 -// ================================================================== 4.42 - 4.43 -#ifndef __VTPM_MANAGER_H__ 4.44 -#define __VTPM_MANAGER_H__ 4.45 - 4.46 -#include "tcg.h" 4.47 - 4.48 -#define VTPM_TAG_REQ 0x01c1 4.49 -#define VTPM_TAG_RSP 0x01c4 4.50 -#define COMMAND_BUFFER_SIZE 4096 4.51 - 4.52 -// Header sizes. Note Header MAY include the DMI 4.53 -#define VTPM_COMMAND_HEADER_SIZE_SRV ( sizeof(UINT32) + sizeof(TPM_TAG) + sizeof(UINT32) + sizeof(TPM_COMMAND_CODE)) 4.54 -#define VTPM_COMMAND_HEADER_SIZE_CLT ( sizeof(TPM_TAG) + sizeof(UINT32) + sizeof(TPM_COMMAND_CODE)) 4.55 - 4.56 -// ********************** Public Functions ************************* 4.57 -TPM_RESULT VTPM_Init_Service(); // Start VTPM Service 4.58 -void VTPM_Stop_Service(); // Stop VTPM Service 4.59 -#ifdef VTPM_MULTI_VM 4.60 -int VTPM_Service_Handler(); 4.61 -#else 4.62 -void *VTPM_Service_Handler(void *threadTypePtr); 4.63 -#endif 4.64 - 4.65 -//************************ Command Codes **************************** 4.66 -#define VTPM_ORD_OPEN 1 // ULM Creates New DMI 4.67 -#define VTPM_ORD_CLOSE 2 // ULM Closes a DMI 4.68 -#define VTPM_ORD_DELETE 3 // ULM Permemently Deletes DMI 4.69 -#define VTPM_ORD_SAVENVM 4 // DMI requests Secrets Unseal 4.70 -#define VTPM_ORD_LOADNVM 5 // DMI requests Secrets Saved 4.71 -#define VTPM_ORD_TPMCOMMAND 6 // DMI issues HW TPM Command 4.72 - 4.73 -//************************ Return Codes **************************** 4.74 -#define VTPM_SUCCESS 0 4.75 -#define VTPM_FAIL 1 4.76 -#define VTPM_UNSUPPORTED 2 4.77 -#define VTPM_FORBIDDEN 3 4.78 -#define VTPM_RESTORE_CONTEXT_FAILED 4 4.79 -#define VTPM_INVALID_REQUEST 5 4.80 - 4.81 -/******************* Command Parameter API ************************* 4.82 - 4.83 -VTPM Command Format 4.84 - dmi: 4 bytes // Source of message. 4.85 - // WARNING: This is prepended by the channel. 4.86 - // Thus it is received by VTPM Manager, 4.87 - // but not sent by DMI 4.88 - tpm tag: 2 bytes 4.89 - command size: 4 bytes // Size of command including header but not DMI 4.90 - ord: 4 bytes // Command ordinal above 4.91 - parameters: size - 10 bytes // Command Parameter 4.92 - 4.93 -VTPM Response Format 4.94 - tpm tag: 2 bytes 4.95 - response_size: 4 bytes 4.96 - status: 4 bytes 4.97 - parameters: size - 10 bytes 4.98 - 4.99 - 4.100 -VTPM_Open: 4.101 - Input Parameters: 4.102 - Domain_type: 1 byte 4.103 - domain_id: 4 bytes 4.104 - instance_id: 4 bytes 4.105 - Output Parameters: 4.106 - None 4.107 - 4.108 -VTPM_Close 4.109 - Input Parameters: 4.110 - instance_id: 4 bytes 4.111 - Output Parameters: 4.112 - None 4.113 - 4.114 -VTPM_Delete 4.115 - Input Parameters: 4.116 - instance_id: 4 bytes 4.117 - Output Parameters: 4.118 - None 4.119 - 4.120 -VTPM_SaveNVM 4.121 - Input Parameters: 4.122 - data: n bytes (Header indicates size of data) 4.123 - Output Parameters: 4.124 - None 4.125 - 4.126 -VTPM_LoadNVM 4.127 - Input Parameters: 4.128 - None 4.129 - Output Parameters: 4.130 - data: n bytes (Header indicates size of data) 4.131 - 4.132 -VTPM_TPMCommand 4.133 - Input Parameters: 4.134 - TPM Command Byte Stream: n bytes 4.135 - Output Parameters: 4.136 - TPM Reponse Byte Stream: n bytes 4.137 - 4.138 -*********************************************************************/ 4.139 - 4.140 -#endif //_VTPM_MANAGER_H_ 4.141 +// =================================================================== 4.142 +// 4.143 +// Copyright (c) 2005, Intel Corp. 4.144 +// All rights reserved. 4.145 +// 4.146 +// Redistribution and use in source and binary forms, with or without 4.147 +// modification, are permitted provided that the following conditions 4.148 +// are met: 4.149 +// 4.150 +// * Redistributions of source code must retain the above copyright 4.151 +// notice, this list of conditions and the following disclaimer. 4.152 +// * Redistributions in binary form must reproduce the above 4.153 +// copyright notice, this list of conditions and the following 4.154 +// disclaimer in the documentation and/or other materials provided 4.155 +// with the distribution. 4.156 +// * Neither the name of Intel Corporation nor the names of its 4.157 +// contributors may be used to endorse or promote products derived 4.158 +// from this software without specific prior written permission. 4.159 +// 4.160 +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 4.161 +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 4.162 +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 4.163 +// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 4.164 +// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 4.165 +// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 4.166 +// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 4.167 +// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4.168 +// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 4.169 +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 4.170 +// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 4.171 +// OF THE POSSIBILITY OF SUCH DAMAGE. 4.172 +// =================================================================== 4.173 +// 4.174 +// vtpm_manager.h 4.175 +// 4.176 +// Public Interface header for VTPM Manager 4.177 +// 4.178 +// ================================================================== 4.179 + 4.180 +#ifndef __VTPM_MANAGER_H__ 4.181 +#define __VTPM_MANAGER_H__ 4.182 + 4.183 +#include "tcg.h" 4.184 + 4.185 +#define VTPM_TAG_REQ 0x01c1 4.186 +#define VTPM_TAG_RSP 0x01c4 4.187 +#define COMMAND_BUFFER_SIZE 4096 4.188 + 4.189 +// Header sizes. Note Header MAY include the DMI 4.190 +#define VTPM_COMMAND_HEADER_SIZE_SRV ( sizeof(UINT32) + sizeof(TPM_TAG) + sizeof(UINT32) + sizeof(TPM_COMMAND_CODE)) 4.191 +#define VTPM_COMMAND_HEADER_SIZE_CLT ( sizeof(TPM_TAG) + sizeof(UINT32) + sizeof(TPM_COMMAND_CODE)) 4.192 + 4.193 +// ********************** Public Functions ************************* 4.194 +TPM_RESULT VTPM_Init_Service(); // Start VTPM Service 4.195 +void VTPM_Stop_Service(); // Stop VTPM Service 4.196 +#ifdef VTPM_MULTI_VM 4.197 +int VTPM_Service_Handler(); 4.198 +#else 4.199 +void *VTPM_Service_Handler(void *threadTypePtr); 4.200 +#endif 4.201 + 4.202 +//************************ Command Codes **************************** 4.203 +#define VTPM_ORD_OPEN 1 // ULM Creates New DMI 4.204 +#define VTPM_ORD_CLOSE 2 // ULM Closes a DMI 4.205 +#define VTPM_ORD_DELETE 3 // ULM Permemently Deletes DMI 4.206 +#define VTPM_ORD_SAVENVM 4 // DMI requests Secrets Unseal 4.207 +#define VTPM_ORD_LOADNVM 5 // DMI requests Secrets Saved 4.208 +#define VTPM_ORD_TPMCOMMAND 6 // DMI issues HW TPM Command 4.209 + 4.210 +//************************ Return Codes **************************** 4.211 +#define VTPM_SUCCESS 0 4.212 +#define VTPM_FAIL 1 4.213 +#define VTPM_UNSUPPORTED 2 4.214 +#define VTPM_FORBIDDEN 3 4.215 +#define VTPM_RESTORE_CONTEXT_FAILED 4 4.216 +#define VTPM_INVALID_REQUEST 5 4.217 + 4.218 +/******************* Command Parameter API ************************* 4.219 + 4.220 +VTPM Command Format 4.221 + dmi: 4 bytes // Source of message. 4.222 + // WARNING: This is prepended by the channel. 4.223 + // Thus it is received by VTPM Manager, 4.224 + // but not sent by DMI 4.225 + tpm tag: 2 bytes 4.226 + command size: 4 bytes // Size of command including header but not DMI 4.227 + ord: 4 bytes // Command ordinal above 4.228 + parameters: size - 10 bytes // Command Parameter 4.229 + 4.230 +VTPM Response Format 4.231 + tpm tag: 2 bytes 4.232 + response_size: 4 bytes 4.233 + status: 4 bytes 4.234 + parameters: size - 10 bytes 4.235 + 4.236 + 4.237 +VTPM_Open: 4.238 + Input Parameters: 4.239 + Domain_type: 1 byte 4.240 + domain_id: 4 bytes 4.241 + instance_id: 4 bytes 4.242 + Output Parameters: 4.243 + None 4.244 + 4.245 +VTPM_Close 4.246 + Input Parameters: 4.247 + instance_id: 4 bytes 4.248 + Output Parameters: 4.249 + None 4.250 + 4.251 +VTPM_Delete 4.252 + Input Parameters: 4.253 + instance_id: 4 bytes 4.254 + Output Parameters: 4.255 + None 4.256 + 4.257 +VTPM_SaveNVM 4.258 + Input Parameters: 4.259 + data: n bytes (Header indicates size of data) 4.260 + Output Parameters: 4.261 + None 4.262 + 4.263 +VTPM_LoadNVM 4.264 + Input Parameters: 4.265 + None 4.266 + Output Parameters: 4.267 + data: n bytes (Header indicates size of data) 4.268 + 4.269 +VTPM_TPMCommand 4.270 + Input Parameters: 4.271 + TPM Command Byte Stream: n bytes 4.272 + Output Parameters: 4.273 + TPM Reponse Byte Stream: n bytes 4.274 + 4.275 +*********************************************************************/ 4.276 + 4.277 +#endif //_VTPM_MANAGER_H_
5.1 --- a/tools/vtpm_manager/manager/vtpmd.c Wed Nov 30 11:36:57 2005 +0100 5.2 +++ b/tools/vtpm_manager/manager/vtpmd.c Wed Nov 30 12:07:28 2005 +0100 5.3 @@ -1,134 +1,134 @@ 5.4 -// =================================================================== 5.5 -// 5.6 -// Copyright (c) 2005, Intel Corp. 5.7 -// All rights reserved. 5.8 -// 5.9 -// Redistribution and use in source and binary forms, with or without 5.10 -// modification, are permitted provided that the following conditions 5.11 -// are met: 5.12 -// 5.13 -// * Redistributions of source code must retain the above copyright 5.14 -// notice, this list of conditions and the following disclaimer. 5.15 -// * Redistributions in binary form must reproduce the above 5.16 -// copyright notice, this list of conditions and the following 5.17 -// disclaimer in the documentation and/or other materials provided 5.18 -// with the distribution. 5.19 -// * Neither the name of Intel Corporation nor the names of its 5.20 -// contributors may be used to endorse or promote products derived 5.21 -// from this software without specific prior written permission. 5.22 -// 5.23 -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 5.24 -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 5.25 -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 5.26 -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 5.27 -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 5.28 -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 5.29 -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 5.30 -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 5.31 -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 5.32 -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 5.33 -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 5.34 -// OF THE POSSIBILITY OF SUCH DAMAGE. 5.35 -// =================================================================== 5.36 -// 5.37 -// vtpmd.c 5.38 -// 5.39 -// Application 5.40 -// 5.41 -// =================================================================== 5.42 - 5.43 -#include <stdio.h> 5.44 -#include <signal.h> 5.45 -#include <sys/types.h> 5.46 -#include <unistd.h> 5.47 -#include "vtpm_manager.h" 5.48 -#include "vtpmpriv.h" 5.49 -#include "tcg.h" 5.50 -#include "log.h" 5.51 - 5.52 -#ifndef VTPM_MULTI_VM 5.53 - #include <pthread.h> 5.54 -#endif 5.55 - 5.56 -void signal_handler(int reason) { 5.57 -#ifndef VTPM_MULTI_VM 5.58 - 5.59 - if (pthread_equal(pthread_self(), vtpm_globals->master_pid)) { 5.60 - if (reason >= 0) { // Reason is a signal 5.61 - vtpmloginfo(VTPM_LOG_VTPM, "VTPM Manager shutting down for signal %d.\n", reason); 5.62 - } else {// Reason is a TPM_RESULT * -1 5.63 - vtpmloginfo(VTPM_LOG_VTPM,"VTPM Manager shuting down for: %s\n", tpm_get_error_name(-1 * reason) ); 5.64 - } 5.65 - 5.66 - return; 5.67 - } else { 5.68 - vtpmloginfo(VTPM_LOG_VTPM, "Child shutting down\n"); 5.69 - pthread_exit(NULL); 5.70 - } 5.71 -#else 5.72 - VTPM_Stop_Service(); 5.73 - exit(-1); 5.74 -#endif 5.75 -} 5.76 - 5.77 -struct sigaction ctl_c_handler; 5.78 - 5.79 -int main(int argc, char **argv) { 5.80 - 5.81 - vtpmloginfo(VTPM_LOG_VTPM, "Starting VTPM.\n"); 5.82 - 5.83 - if (VTPM_Init_Service() != TPM_SUCCESS) { 5.84 - vtpmlogerror(VTPM_LOG_VTPM, "Closing vtpmd due to error during startup.\n"); 5.85 - return -1; 5.86 - } 5.87 - 5.88 - ctl_c_handler.sa_handler = signal_handler; 5.89 - sigemptyset(&ctl_c_handler.sa_mask); 5.90 - ctl_c_handler.sa_flags = 0; 5.91 - 5.92 - if (sigaction(SIGINT, &ctl_c_handler, NULL) == -1) 5.93 - vtpmlogerror(VTPM_LOG_VTPM, "Could not install SIGINT handler. Ctl+break will not stop service gently.\n"); 5.94 - 5.95 - // For easier debuggin with gdb 5.96 - if (sigaction(SIGHUP, &ctl_c_handler, NULL) == -1) 5.97 - vtpmlogerror(VTPM_LOG_VTPM, "Could not install SIGHUP handler. Ctl+break will not stop service gently.\n"); 5.98 - 5.99 -#ifdef VTPM_MULTI_VM 5.100 - TPM_RESULT status = VTPM_Service_Handler(); 5.101 - 5.102 - if (status != TPM_SUCCESS) 5.103 - vtpmlogerror(VTPM_LOG_VTPM, "VTPM Manager exited with status %s. It never should exit.\n", tpm_get_error_name(status)); 5.104 - 5.105 - return -1; 5.106 -#else 5.107 - sigset_t sig_mask; 5.108 - 5.109 - sigemptyset(&sig_mask); 5.110 - sigaddset(&sig_mask, SIGPIPE); 5.111 - sigprocmask(SIG_BLOCK, &sig_mask, NULL); 5.112 - //pthread_mutex_init(&vtpm_globals->dmi_mutex, NULL); 5.113 - pthread_t be_thread, dmi_thread; 5.114 - int betype_be, dmitype_dmi; 5.115 - 5.116 - vtpm_globals->master_pid = pthread_self(); 5.117 - 5.118 - betype_be = BE_LISTENER_THREAD; 5.119 - if (pthread_create(&be_thread, NULL, VTPM_Service_Handler, &betype_be) != 0) { 5.120 - vtpmlogerror(VTPM_LOG_VTPM, "Failed to launch BE Thread.\n"); 5.121 - exit(-1); 5.122 - } 5.123 - 5.124 - dmitype_dmi = DMI_LISTENER_THREAD; 5.125 - if (pthread_create(&dmi_thread, NULL, VTPM_Service_Handler, &dmitype_dmi) != 0) { 5.126 - vtpmlogerror(VTPM_LOG_VTPM, "Failed to launch DMI Thread.\n"); 5.127 - exit(-1); 5.128 - } 5.129 - 5.130 - //Join the other threads until exit time. 5.131 - pthread_join(be_thread, NULL); 5.132 - pthread_join(dmi_thread, NULL); 5.133 - 5.134 - VTPM_Stop_Service(); 5.135 - return 0; 5.136 -#endif 5.137 -} 5.138 +// =================================================================== 5.139 +// 5.140 +// Copyright (c) 2005, Intel Corp. 5.141 +// All rights reserved. 5.142 +// 5.143 +// Redistribution and use in source and binary forms, with or without 5.144 +// modification, are permitted provided that the following conditions 5.145 +// are met: 5.146 +// 5.147 +// * Redistributions of source code must retain the above copyright 5.148 +// notice, this list of conditions and the following disclaimer. 5.149 +// * Redistributions in binary form must reproduce the above 5.150 +// copyright notice, this list of conditions and the following 5.151 +// disclaimer in the documentation and/or other materials provided 5.152 +// with the distribution. 5.153 +// * Neither the name of Intel Corporation nor the names of its 5.154 +// contributors may be used to endorse or promote products derived 5.155 +// from this software without specific prior written permission. 5.156 +// 5.157 +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 5.158 +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 5.159 +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 5.160 +// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 5.161 +// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 5.162 +// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 5.163 +// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 5.164 +// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 5.165 +// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 5.166 +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 5.167 +// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 5.168 +// OF THE POSSIBILITY OF SUCH DAMAGE. 5.169 +// =================================================================== 5.170 +// 5.171 +// vtpmd.c 5.172 +// 5.173 +// Application 5.174 +// 5.175 +// =================================================================== 5.176 + 5.177 +#include <stdio.h> 5.178 +#include <signal.h> 5.179 +#include <sys/types.h> 5.180 +#include <unistd.h> 5.181 +#include "vtpm_manager.h" 5.182 +#include "vtpmpriv.h" 5.183 +#include "tcg.h" 5.184 +#include "log.h" 5.185 + 5.186 +#ifndef VTPM_MULTI_VM 5.187 + #include <pthread.h> 5.188 +#endif 5.189 + 5.190 +void signal_handler(int reason) { 5.191 +#ifndef VTPM_MULTI_VM 5.192 + 5.193 + if (pthread_equal(pthread_self(), vtpm_globals->master_pid)) { 5.194 + if (reason >= 0) { // Reason is a signal 5.195 + vtpmloginfo(VTPM_LOG_VTPM, "VTPM Manager shutting down for signal %d.\n", reason); 5.196 + } else {// Reason is a TPM_RESULT * -1 5.197 + vtpmloginfo(VTPM_LOG_VTPM,"VTPM Manager shuting down for: %s\n", tpm_get_error_name(-1 * reason) ); 5.198 + } 5.199 + 5.200 + return; 5.201 + } else { 5.202 + vtpmloginfo(VTPM_LOG_VTPM, "Child shutting down\n"); 5.203 + pthread_exit(NULL); 5.204 + } 5.205 +#else 5.206 + VTPM_Stop_Service(); 5.207 + exit(-1); 5.208 +#endif 5.209 +} 5.210 + 5.211 +struct sigaction ctl_c_handler; 5.212 + 5.213 +int main(int argc, char **argv) { 5.214 + 5.215 + vtpmloginfo(VTPM_LOG_VTPM, "Starting VTPM.\n"); 5.216 + 5.217 + if (VTPM_Init_Service() != TPM_SUCCESS) { 5.218 + vtpmlogerror(VTPM_LOG_VTPM, "Closing vtpmd due to error during startup.\n"); 5.219 + return -1; 5.220 + } 5.221 + 5.222 + ctl_c_handler.sa_handler = signal_handler; 5.223 + sigemptyset(&ctl_c_handler.sa_mask); 5.224 + ctl_c_handler.sa_flags = 0; 5.225 + 5.226 + if (sigaction(SIGINT, &ctl_c_handler, NULL) == -1) 5.227 + vtpmlogerror(VTPM_LOG_VTPM, "Could not install SIGINT handler. Ctl+break will not stop service gently.\n"); 5.228 + 5.229 + // For easier debuggin with gdb 5.230 + if (sigaction(SIGHUP, &ctl_c_handler, NULL) == -1) 5.231 + vtpmlogerror(VTPM_LOG_VTPM, "Could not install SIGHUP handler. Ctl+break will not stop service gently.\n"); 5.232 + 5.233 +#ifdef VTPM_MULTI_VM 5.234 + TPM_RESULT status = VTPM_Service_Handler(); 5.235 + 5.236 + if (status != TPM_SUCCESS) 5.237 + vtpmlogerror(VTPM_LOG_VTPM, "VTPM Manager exited with status %s. It never should exit.\n", tpm_get_error_name(status)); 5.238 + 5.239 + return -1; 5.240 +#else 5.241 + sigset_t sig_mask; 5.242 + 5.243 + sigemptyset(&sig_mask); 5.244 + sigaddset(&sig_mask, SIGPIPE); 5.245 + sigprocmask(SIG_BLOCK, &sig_mask, NULL); 5.246 + //pthread_mutex_init(&vtpm_globals->dmi_mutex, NULL); 5.247 + pthread_t be_thread, dmi_thread; 5.248 + int betype_be, dmitype_dmi; 5.249 + 5.250 + vtpm_globals->master_pid = pthread_self(); 5.251 + 5.252 + betype_be = BE_LISTENER_THREAD; 5.253 + if (pthread_create(&be_thread, NULL, VTPM_Service_Handler, &betype_be) != 0) { 5.254 + vtpmlogerror(VTPM_LOG_VTPM, "Failed to launch BE Thread.\n"); 5.255 + exit(-1); 5.256 + } 5.257 + 5.258 + dmitype_dmi = DMI_LISTENER_THREAD; 5.259 + if (pthread_create(&dmi_thread, NULL, VTPM_Service_Handler, &dmitype_dmi) != 0) { 5.260 + vtpmlogerror(VTPM_LOG_VTPM, "Failed to launch DMI Thread.\n"); 5.261 + exit(-1); 5.262 + } 5.263 + 5.264 + //Join the other threads until exit time. 5.265 + pthread_join(be_thread, NULL); 5.266 + pthread_join(dmi_thread, NULL); 5.267 + 5.268 + VTPM_Stop_Service(); 5.269 + return 0; 5.270 +#endif 5.271 +}
6.1 --- a/tools/vtpm_manager/manager/vtpmpriv.h Wed Nov 30 11:36:57 2005 +0100 6.2 +++ b/tools/vtpm_manager/manager/vtpmpriv.h Wed Nov 30 12:07:28 2005 +0100 6.3 @@ -1,151 +1,151 @@ 6.4 -// =================================================================== 6.5 -// 6.6 -// Copyright (c) 2005, Intel Corp. 6.7 -// All rights reserved. 6.8 -// 6.9 -// Redistribution and use in source and binary forms, with or without 6.10 -// modification, are permitted provided that the following conditions 6.11 -// are met: 6.12 -// 6.13 -// * Redistributions of source code must retain the above copyright 6.14 -// notice, this list of conditions and the following disclaimer. 6.15 -// * Redistributions in binary form must reproduce the above 6.16 -// copyright notice, this list of conditions and the following 6.17 -// disclaimer in the documentation and/or other materials provided 6.18 -// with the distribution. 6.19 -// * Neither the name of Intel Corporation nor the names of its 6.20 -// contributors may be used to endorse or promote products derived 6.21 -// from this software without specific prior written permission. 6.22 -// 6.23 -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 6.24 -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 6.25 -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 6.26 -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 6.27 -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 6.28 -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 6.29 -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 6.30 -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 6.31 -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 6.32 -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 6.33 -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 6.34 -// OF THE POSSIBILITY OF SUCH DAMAGE. 6.35 -// =================================================================== 6.36 -// 6.37 -// vtpmpriv.h 6.38 -// 6.39 -// Structures and functions private to the manager 6.40 -// 6.41 -// ================================================================== 6.42 - 6.43 -#ifndef __VTPMPRIV_H__ 6.44 -#define __VTPMPRIV_H__ 6.45 - 6.46 -#include "tcg.h" 6.47 -#include "tcs.h" 6.48 -#include "buffer.h" 6.49 -#include "crypto.h" 6.50 - 6.51 -#define STATE_FILE "/var/vtpm/VTPM" 6.52 -#define DMI_NVM_FILE "/var/vtpm/vtpm_dm_%d.data" 6.53 -#define VTPM_BE_DEV "/dev/vtpm0" 6.54 -#define VTPM_CTL_DM 0 6.55 - 6.56 -#ifndef VTPM_MUTLI_VM 6.57 - #include <sys/types.h> 6.58 - #define GUEST_TX_FIFO "/var/vtpm/fifos/guest-to-%d.fifo" 6.59 - #define GUEST_RX_FIFO "/var/vtpm/fifos/guest-from-all.fifo" 6.60 - 6.61 - #define VTPM_TX_FIFO "/var/vtpm/fifos/vtpm-to-%d.fifo" 6.62 - #define VTPM_RX_FIFO "/var/vtpm/fifos/vtpm-from-all.fifo" 6.63 - 6.64 - #define BE_LISTENER_THREAD 1 6.65 - #define DMI_LISTENER_THREAD 2 6.66 - 6.67 - // Seconds until DMI timeout. Timeouts result in DMI being out 6.68 - // of sync, which may require a reboot of DMI and guest to recover 6.69 - // from. Don't set this to low. Also note that DMI may issue a TPM 6.70 - // call so we should expect time to process at DMI + TPM processing. 6.71 - #define DMI_TIMEOUT 90 6.72 -#endif 6.73 - 6.74 - 6.75 -// ------------------------ Private Structures ----------------------- 6.76 -typedef struct VTPM_DMI_RESOURCE_T { 6.77 - // I/O info for Manager to talk to DMI's over FIFOs 6.78 -#ifndef VTPM_MUTLI_VM 6.79 - int guest_tx_fh; // open GUEST_TX_FIFO 6.80 - int vtpm_tx_fh; // open VTPM_TX_FIFO 6.81 - char *guest_tx_fname; // open GUEST_TX_FIFO 6.82 - char *vtpm_tx_fname; // open VTPM_TX_FIFO 6.83 - 6.84 - pid_t dmi_pid; 6.85 -#endif 6.86 - // Non-persistent Information 6.87 - bool connected; 6.88 - UINT32 dmi_domain_id; 6.89 - TCS_CONTEXT_HANDLE TCSContext; // TCS Handle 6.90 - char *NVMLocation; // NULL term string indicating location 6.91 - // of NVM. 6.92 - // Persistent Information about DMI 6.93 - UINT32 dmi_id; 6.94 - TPM_DIGEST NVM_measurement; // Equal to the SHA1 of the blob 6.95 - TPM_DIGEST DMI_measurement; // Correct measurement of the owning DMI 6.96 -} VTPM_DMI_RESOURCE; 6.97 - 6.98 -typedef struct tdVTPM_GLOBALS { 6.99 - // Non-persistent data 6.100 - int be_fh; // File handle to ipc used to communicate with backend 6.101 -#ifndef VTPM_MULTI_VM 6.102 - int vtpm_rx_fh; 6.103 - int guest_rx_fh; 6.104 - 6.105 - pid_t master_pid; 6.106 -#endif 6.107 - struct hashtable *dmi_map; // Table of all DMI's known indexed by persistent instance # 6.108 -#ifndef VTPM_MULTI_VM 6.109 - pthread_mutex_t dmi_map_mutex; // 6.110 -#endif 6.111 - TCS_CONTEXT_HANDLE manager_tcs_handle; // TCS Handle used by manager 6.112 - TPM_HANDLE storageKeyHandle; // Key used by persistent store 6.113 - CRYPTO_INFO storageKey; // For software encryption 6.114 - TCS_AUTH keyAuth; // OIAP session for storageKey 6.115 - BOOL DMI_table_dirty; // Indicates that a command 6.116 - // has updated the DMI table 6.117 - 6.118 - 6.119 - // Persistent Data 6.120 - TPM_AUTHDATA owner_usage_auth; // OwnerAuth of real TPM 6.121 - TPM_AUTHDATA srk_usage_auth; // SRK Auth of real TPM 6.122 - buffer_t storageKeyWrap; // Wrapped copy of storageKey 6.123 - 6.124 - TPM_AUTHDATA storage_key_usage_auth; 6.125 - 6.126 -}VTPM_GLOBALS; 6.127 - 6.128 -//Global dmi map 6.129 -extern VTPM_GLOBALS *vtpm_globals; 6.130 - 6.131 -// ********************** Command Handler Prototypes *********************** 6.132 -TPM_RESULT VTPM_Handle_Load_NVM( VTPM_DMI_RESOURCE *myDMI, 6.133 - const buffer_t *inbuf, 6.134 - buffer_t *outbuf); 6.135 - 6.136 -TPM_RESULT VTPM_Handle_Save_NVM( VTPM_DMI_RESOURCE *myDMI, 6.137 - const buffer_t *inbuf, 6.138 - buffer_t *outbuf); 6.139 - 6.140 -TPM_RESULT VTPM_Handle_TPM_Command( VTPM_DMI_RESOURCE *dmi, 6.141 - buffer_t *inbuf, 6.142 - buffer_t *outbuf); 6.143 - 6.144 -TPM_RESULT VTPM_Handle_New_DMI(const buffer_t *param_buf); 6.145 - 6.146 -TPM_RESULT VTPM_Handle_Close_DMI(const buffer_t *param_buf); 6.147 - 6.148 -TPM_RESULT VTPM_Handle_Delete_DMI(const buffer_t *param_buf); 6.149 - 6.150 -TPM_RESULT VTPM_SaveService(void); 6.151 -TPM_RESULT VTPM_LoadService(void); 6.152 - 6.153 -TPM_RESULT close_dmi( VTPM_DMI_RESOURCE *dmi_res); 6.154 -#endif // __VTPMPRIV_H__ 6.155 +// =================================================================== 6.156 +// 6.157 +// Copyright (c) 2005, Intel Corp. 6.158 +// All rights reserved. 6.159 +// 6.160 +// Redistribution and use in source and binary forms, with or without 6.161 +// modification, are permitted provided that the following conditions 6.162 +// are met: 6.163 +// 6.164 +// * Redistributions of source code must retain the above copyright 6.165 +// notice, this list of conditions and the following disclaimer. 6.166 +// * Redistributions in binary form must reproduce the above 6.167 +// copyright notice, this list of conditions and the following 6.168 +// disclaimer in the documentation and/or other materials provided 6.169 +// with the distribution. 6.170 +// * Neither the name of Intel Corporation nor the names of its 6.171 +// contributors may be used to endorse or promote products derived 6.172 +// from this software without specific prior written permission. 6.173 +// 6.174 +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 6.175 +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 6.176 +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 6.177 +// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 6.178 +// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 6.179 +// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 6.180 +// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 6.181 +// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 6.182 +// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 6.183 +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 6.184 +// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 6.185 +// OF THE POSSIBILITY OF SUCH DAMAGE. 6.186 +// =================================================================== 6.187 +// 6.188 +// vtpmpriv.h 6.189 +// 6.190 +// Structures and functions private to the manager 6.191 +// 6.192 +// ================================================================== 6.193 + 6.194 +#ifndef __VTPMPRIV_H__ 6.195 +#define __VTPMPRIV_H__ 6.196 + 6.197 +#include "tcg.h" 6.198 +#include "tcs.h" 6.199 +#include "buffer.h" 6.200 +#include "crypto.h" 6.201 + 6.202 +#define STATE_FILE "/var/vtpm/VTPM" 6.203 +#define DMI_NVM_FILE "/var/vtpm/vtpm_dm_%d.data" 6.204 +#define VTPM_BE_DEV "/dev/vtpm0" 6.205 +#define VTPM_CTL_DM 0 6.206 + 6.207 +#ifndef VTPM_MUTLI_VM 6.208 + #include <sys/types.h> 6.209 + #define GUEST_TX_FIFO "/var/vtpm/fifos/guest-to-%d.fifo" 6.210 + #define GUEST_RX_FIFO "/var/vtpm/fifos/guest-from-all.fifo" 6.211 + 6.212 + #define VTPM_TX_FIFO "/var/vtpm/fifos/vtpm-to-%d.fifo" 6.213 + #define VTPM_RX_FIFO "/var/vtpm/fifos/vtpm-from-all.fifo" 6.214 + 6.215 + #define BE_LISTENER_THREAD 1 6.216 + #define DMI_LISTENER_THREAD 2 6.217 + 6.218 + // Seconds until DMI timeout. Timeouts result in DMI being out 6.219 + // of sync, which may require a reboot of DMI and guest to recover 6.220 + // from. Don't set this to low. Also note that DMI may issue a TPM 6.221 + // call so we should expect time to process at DMI + TPM processing. 6.222 + #define DMI_TIMEOUT 90 6.223 +#endif 6.224 + 6.225 + 6.226 +// ------------------------ Private Structures ----------------------- 6.227 +typedef struct VTPM_DMI_RESOURCE_T { 6.228 + // I/O info for Manager to talk to DMI's over FIFOs 6.229 +#ifndef VTPM_MUTLI_VM 6.230 + int guest_tx_fh; // open GUEST_TX_FIFO 6.231 + int vtpm_tx_fh; // open VTPM_TX_FIFO 6.232 + char *guest_tx_fname; // open GUEST_TX_FIFO 6.233 + char *vtpm_tx_fname; // open VTPM_TX_FIFO 6.234 + 6.235 + pid_t dmi_pid; 6.236 +#endif 6.237 + // Non-persistent Information 6.238 + bool connected; 6.239 + UINT32 dmi_domain_id; 6.240 + TCS_CONTEXT_HANDLE TCSContext; // TCS Handle 6.241 + char *NVMLocation; // NULL term string indicating location 6.242 + // of NVM. 6.243 + // Persistent Information about DMI 6.244 + UINT32 dmi_id; 6.245 + TPM_DIGEST NVM_measurement; // Equal to the SHA1 of the blob 6.246 + TPM_DIGEST DMI_measurement; // Correct measurement of the owning DMI 6.247 +} VTPM_DMI_RESOURCE; 6.248 + 6.249 +typedef struct tdVTPM_GLOBALS { 6.250 + // Non-persistent data 6.251 + int be_fh; // File handle to ipc used to communicate with backend 6.252 +#ifndef VTPM_MULTI_VM 6.253 + int vtpm_rx_fh; 6.254 + int guest_rx_fh; 6.255 + 6.256 + pid_t master_pid; 6.257 +#endif 6.258 + struct hashtable *dmi_map; // Table of all DMI's known indexed by persistent instance # 6.259 +#ifndef VTPM_MULTI_VM 6.260 + pthread_mutex_t dmi_map_mutex; // 6.261 +#endif 6.262 + TCS_CONTEXT_HANDLE manager_tcs_handle; // TCS Handle used by manager 6.263 + TPM_HANDLE storageKeyHandle; // Key used by persistent store 6.264 + CRYPTO_INFO storageKey; // For software encryption 6.265 + TCS_AUTH keyAuth; // OIAP session for storageKey 6.266 + BOOL DMI_table_dirty; // Indicates that a command 6.267 + // has updated the DMI table 6.268 + 6.269 + 6.270 + // Persistent Data 6.271 + TPM_AUTHDATA owner_usage_auth; // OwnerAuth of real TPM 6.272 + TPM_AUTHDATA srk_usage_auth; // SRK Auth of real TPM 6.273 + buffer_t storageKeyWrap; // Wrapped copy of storageKey 6.274 + 6.275 + TPM_AUTHDATA storage_key_usage_auth; 6.276 + 6.277 +}VTPM_GLOBALS; 6.278 + 6.279 +//Global dmi map 6.280 +extern VTPM_GLOBALS *vtpm_globals; 6.281 + 6.282 +// ********************** Command Handler Prototypes *********************** 6.283 +TPM_RESULT VTPM_Handle_Load_NVM( VTPM_DMI_RESOURCE *myDMI, 6.284 + const buffer_t *inbuf, 6.285 + buffer_t *outbuf); 6.286 + 6.287 +TPM_RESULT VTPM_Handle_Save_NVM( VTPM_DMI_RESOURCE *myDMI, 6.288 + const buffer_t *inbuf, 6.289 + buffer_t *outbuf); 6.290 + 6.291 +TPM_RESULT VTPM_Handle_TPM_Command( VTPM_DMI_RESOURCE *dmi, 6.292 + buffer_t *inbuf, 6.293 + buffer_t *outbuf); 6.294 + 6.295 +TPM_RESULT VTPM_Handle_New_DMI(const buffer_t *param_buf); 6.296 + 6.297 +TPM_RESULT VTPM_Handle_Close_DMI(const buffer_t *param_buf); 6.298 + 6.299 +TPM_RESULT VTPM_Handle_Delete_DMI(const buffer_t *param_buf); 6.300 + 6.301 +TPM_RESULT VTPM_SaveService(void); 6.302 +TPM_RESULT VTPM_LoadService(void); 6.303 + 6.304 +TPM_RESULT close_dmi( VTPM_DMI_RESOURCE *dmi_res); 6.305 +#endif // __VTPMPRIV_H__
7.1 --- a/tools/vtpm_manager/manager/vtsp.c Wed Nov 30 11:36:57 2005 +0100 7.2 +++ b/tools/vtpm_manager/manager/vtsp.c Wed Nov 30 12:07:28 2005 +0100 7.3 @@ -1,810 +1,810 @@ 7.4 -// =================================================================== 7.5 -// 7.6 -// Copyright (c) 2005, Intel Corp. 7.7 -// All rights reserved. 7.8 -// 7.9 -// Redistribution and use in source and binary forms, with or without 7.10 -// modification, are permitted provided that the following conditions 7.11 -// are met: 7.12 -// 7.13 -// * Redistributions of source code must retain the above copyright 7.14 -// notice, this list of conditions and the following disclaimer. 7.15 -// * Redistributions in binary form must reproduce the above 7.16 -// copyright notice, this list of conditions and the following 7.17 -// disclaimer in the documentation and/or other materials provided 7.18 -// with the distribution. 7.19 -// * Neither the name of Intel Corporation nor the names of its 7.20 -// contributors may be used to endorse or promote products derived 7.21 -// from this software without specific prior written permission. 7.22 -// 7.23 -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 7.24 -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 7.25 -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 7.26 -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 7.27 -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 7.28 -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 7.29 -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 7.30 -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 7.31 -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 7.32 -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 7.33 -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 7.34 -// OF THE POSSIBILITY OF SUCH DAMAGE. 7.35 -// =================================================================== 7.36 -// 7.37 -// vtsp.c 7.38 -// 7.39 -// Higher level interface to TCS for use in service. 7.40 -// 7.41 -// ================================================================== 7.42 - 7.43 -#include <string.h> 7.44 -#include "tcg.h" 7.45 -#include "tcs.h" 7.46 -#include "bsg.h" 7.47 -#include "log.h" 7.48 -#include "crypto.h" 7.49 -#include "vtsp.h" 7.50 -#include "buffer.h" 7.51 - 7.52 -#define RSA_KEY_SIZE 0x0800 7.53 - 7.54 -/*********************************************************************************** 7.55 - * GenerateAuth: Generate authorization info to be sent back to application 7.56 - * 7.57 - * Parameters: outParamDigestText The concatenation of output parameters to be SHA1ed 7.58 - * outParamDigestTextSize Size of inParamDigestText 7.59 - * HMACkey Key to be used for HMACing 7.60 - * For OIAP use key.authUsage or PersistStore.ownerAuth 7.61 - * For OSAP use shared secret 7.62 - * pAuth Authorization information from the application 7.63 - * 7.64 - * Return: TPM_SUCCESS Authorization data created 7.65 - * TPM_AUTHFAIL Invalid (NULL) HMACkey presented for OSAP 7.66 - *************************************************************************************/ 7.67 -TPM_RESULT GenerateAuth( /*[IN]*/ const BYTE *inParamDigestText, 7.68 - /*[IN]*/ UINT32 inParamDigestTextSize, 7.69 - /*[IN]*/ const TPM_SECRET *HMACkey, 7.70 - /*[IN,OUT]*/ TCS_AUTH *auth) { 7.71 - 7.72 - if (inParamDigestText == NULL || auth == NULL) 7.73 - return (TPM_AUTHFAIL); 7.74 - else { 7.75 - 7.76 - //Generate new OddNonce 7.77 - Crypto_GetRandom(auth->NonceOdd.nonce, sizeof(TPM_NONCE)); 7.78 - 7.79 - // Create SHA1 inParamDigest 7.80 - TPM_DIGEST inParamDigest; 7.81 - Crypto_SHA1Full(inParamDigestText, inParamDigestTextSize, (BYTE *) &inParamDigest); 7.82 - 7.83 - // Create HMAC text. (Concat inParamsDigest with inAuthSetupParams). 7.84 - BYTE hmacText[sizeof(TPM_DIGEST) + (2 * sizeof(TPM_NONCE)) + sizeof(BOOL)]; 7.85 - 7.86 - BSG_PackList( hmacText, 4, 7.87 - BSG_TPM_DIGEST, &inParamDigest, 7.88 - BSG_TPM_NONCE, &(auth->NonceEven), 7.89 - BSG_TPM_NONCE, &(auth->NonceOdd), 7.90 - BSG_TYPE_BOOL, &(auth->fContinueAuthSession) ); 7.91 - 7.92 - Crypto_HMAC((BYTE *) hmacText, sizeof(hmacText), (BYTE *) HMACkey, sizeof(TPM_DIGEST), (BYTE *) &(auth->HMAC)); 7.93 - 7.94 - return(TPM_SUCCESS); 7.95 - 7.96 - } 7.97 -} 7.98 - 7.99 -/*********************************************************************************** 7.100 - * VerifyAuth: Verify the authdata for a command requiring authorization 7.101 - * 7.102 - * Parameters: inParamDigestText The concatenation of parameters to be SHA1ed 7.103 - * inParamDigestTextSize Size of inParamDigestText 7.104 - * authDataUsage AuthDataUsage for the Entity being used 7.105 - * Key->authDataUsage or TPM_AUTH_OWNER 7.106 - * HMACkey Key to be used for HMACing 7.107 - * For OIAP use key.authUsage or PersistStore.ownerAuth 7.108 - * For OSAP use NULL (It will be aquired from the Auth Session) 7.109 - * If unknown (default), assume OIAP 7.110 - * sessionAuth A TCS_AUTH info for the session 7.111 - * pAuth Authorization information from the application 7.112 - * hContext If specified, on failed Auth, VerifyAuth will 7.113 - * generate a new OIAP session in place of themselves 7.114 - * destroyed session. 7.115 - * 7.116 - * Return: TPM_SUCCESS Authorization Verified 7.117 - * TPM_AUTHFAIL Authorization Failed 7.118 - * TPM_FAIL Failure during SHA1 routines 7.119 - *************************************************************************************/ 7.120 -TPM_RESULT VerifyAuth( /*[IN]*/ const BYTE *outParamDigestText, 7.121 - /*[IN]*/ UINT32 outParamDigestTextSize, 7.122 - /*[IN]*/ const TPM_SECRET *HMACkey, 7.123 - /*[IN,OUT]*/ TCS_AUTH *auth, 7.124 - /*[IN]*/ TCS_CONTEXT_HANDLE hContext) { 7.125 - if (outParamDigestText == NULL || auth == NULL) 7.126 - return (TPM_AUTHFAIL); 7.127 - 7.128 - 7.129 - // Create SHA1 inParamDigest 7.130 - TPM_DIGEST outParamDigest; 7.131 - Crypto_SHA1Full(outParamDigestText, outParamDigestTextSize, (BYTE *) &outParamDigest); 7.132 - 7.133 - // Create HMAC text. (Concat inParamsDigest with inAuthSetupParams). 7.134 - TPM_DIGEST hm; 7.135 - BYTE hmacText[sizeof(TPM_DIGEST) + (2 * sizeof(TPM_NONCE)) + sizeof(BOOL)]; 7.136 - 7.137 - BSG_PackList( hmacText, 4, 7.138 - BSG_TPM_DIGEST, &outParamDigest, 7.139 - BSG_TPM_NONCE, &(auth->NonceEven), 7.140 - BSG_TPM_NONCE, &(auth->NonceOdd), 7.141 - BSG_TYPE_BOOL, &(auth->fContinueAuthSession) ); 7.142 - 7.143 - Crypto_HMAC((BYTE *) hmacText, sizeof(hmacText), 7.144 - (BYTE *) HMACkey, sizeof(TPM_DIGEST), (BYTE *) &hm); 7.145 - 7.146 - // Compare correct HMAC with provided one. 7.147 - if (memcmp (&hm, &(auth->HMAC), sizeof(TPM_DIGEST)) == 0) // 0 indicates equality 7.148 - return (TPM_SUCCESS); 7.149 - else { 7.150 - VTSP_OIAP( hContext, auth); 7.151 - return (TPM_AUTHFAIL); 7.152 - } 7.153 -} 7.154 - 7.155 -TPM_RESULT VTSP_OIAP(const TCS_CONTEXT_HANDLE hContext, 7.156 - TCS_AUTH *auth) { 7.157 - 7.158 - vtpmloginfo(VTPM_LOG_VTSP, "OIAP.\n"); 7.159 - TPM_RESULT status = TPM_SUCCESS; 7.160 - TPMTRYRETURN( TCSP_OIAP(hContext, 7.161 - &auth->AuthHandle, 7.162 - &auth->NonceEven) ); 7.163 - goto egress; 7.164 - 7.165 - abort_egress: 7.166 - 7.167 - egress: 7.168 - 7.169 - return status; 7.170 -} 7.171 - 7.172 -TPM_RESULT VTSP_OSAP(const TCS_CONTEXT_HANDLE hContext, 7.173 - const TPM_ENTITY_TYPE entityType, 7.174 - const UINT32 entityValue, 7.175 - const TPM_AUTHDATA *usageAuth, 7.176 - TPM_SECRET *sharedSecret, 7.177 - TCS_AUTH *auth) { 7.178 - 7.179 - vtpmloginfo(VTPM_LOG_VTSP, "OSAP.\n"); 7.180 - TPM_RESULT status = TPM_SUCCESS; 7.181 - TPM_NONCE nonceEvenOSAP, nonceOddOSAP; 7.182 - 7.183 - Crypto_GetRandom((BYTE *) &nonceOddOSAP, sizeof(TPM_NONCE) ); 7.184 - 7.185 - TPMTRYRETURN( TCSP_OSAP( hContext, 7.186 - entityType, 7.187 - entityValue, 7.188 - nonceOddOSAP, 7.189 - &auth->AuthHandle, 7.190 - &auth->NonceEven, 7.191 - &nonceEvenOSAP) ); 7.192 - 7.193 - // Calculating Session Secret 7.194 - BYTE sharedSecretText[TPM_DIGEST_SIZE * 2]; 7.195 - 7.196 - BSG_PackList( sharedSecretText, 2, 7.197 - BSG_TPM_NONCE, &nonceEvenOSAP, 7.198 - BSG_TPM_NONCE, &nonceOddOSAP); 7.199 - 7.200 - Crypto_HMAC(sharedSecretText, sizeof(sharedSecretText), (BYTE *) usageAuth, TPM_DIGEST_SIZE, (BYTE *) sharedSecret); 7.201 - 7.202 - goto egress; 7.203 - 7.204 - abort_egress: 7.205 - 7.206 - egress: 7.207 - 7.208 - return status; 7.209 -} 7.210 - 7.211 - 7.212 - 7.213 -TPM_RESULT VTSP_ReadPubek( const TCS_CONTEXT_HANDLE hContext, 7.214 - CRYPTO_INFO *crypto_info) { 7.215 - 7.216 - TPM_RESULT status; 7.217 - TPM_NONCE antiReplay; 7.218 - TPM_DIGEST checksum; 7.219 - BYTE *pubEKtext; 7.220 - UINT32 pubEKtextsize; 7.221 - 7.222 - vtpmloginfo(VTPM_LOG_VTSP, "Reading Public EK.\n"); 7.223 - 7.224 - // GenerateAuth new nonceOdd 7.225 - Crypto_GetRandom(&antiReplay, sizeof(TPM_NONCE) ); 7.226 - 7.227 - 7.228 - TPMTRYRETURN( TCSP_ReadPubek( hContext, 7.229 - antiReplay, 7.230 - &pubEKtextsize, 7.231 - &pubEKtext, 7.232 - &checksum) ); 7.233 - 7.234 - 7.235 - // Extract the remaining output parameters 7.236 - TPM_PUBKEY pubEK; 7.237 - 7.238 - BSG_Unpack(BSG_TPM_PUBKEY, pubEKtext, (BYTE *) &pubEK); 7.239 - 7.240 - // Build CryptoInfo for the bindingKey 7.241 - TPM_RSA_KEY_PARMS rsaKeyParms; 7.242 - 7.243 - BSG_Unpack(BSG_TPM_RSA_KEY_PARMS, 7.244 - pubEK.algorithmParms.parms, 7.245 - &rsaKeyParms); 7.246 - 7.247 - Crypto_RSABuildCryptoInfoPublic(rsaKeyParms.exponentSize, 7.248 - rsaKeyParms.exponent, 7.249 - pubEK.pubKey.keyLength, 7.250 - pubEK.pubKey.key, 7.251 - crypto_info); 7.252 - 7.253 - // Destroy rsaKeyParms 7.254 - BSG_Destroy(BSG_TPM_RSA_KEY_PARMS, &rsaKeyParms); 7.255 - 7.256 - // Set encryption scheme 7.257 - crypto_info->encScheme = CRYPTO_ES_RSAESOAEP_SHA1_MGF1; 7.258 - //crypto_info->encScheme = pubEK.algorithmParms.encScheme; 7.259 - crypto_info->algorithmID = pubEK.algorithmParms.algorithmID; 7.260 - 7.261 - goto egress; 7.262 - 7.263 - abort_egress: 7.264 - 7.265 - egress: 7.266 - 7.267 - return status; 7.268 -} 7.269 - 7.270 -TPM_RESULT VTSP_TakeOwnership( const TCS_CONTEXT_HANDLE hContext, 7.271 - const TPM_AUTHDATA *ownerAuth, 7.272 - const TPM_AUTHDATA *srkAuth, 7.273 - CRYPTO_INFO *ek_cryptoInfo, 7.274 - TCS_AUTH *auth) { 7.275 - 7.276 - vtpmloginfo(VTPM_LOG_VTSP, "Taking Ownership of TPM.\n"); 7.277 - 7.278 - TPM_RESULT status = TPM_SUCCESS; 7.279 - TPM_COMMAND_CODE command = TPM_ORD_TakeOwnership; 7.280 - TPM_PROTOCOL_ID proto_id = TPM_PID_OWNER; 7.281 - BYTE *new_srk; 7.282 - 7.283 - BYTE *paramText; // Digest to make Auth. 7.284 - UINT32 paramTextSize; 7.285 - 7.286 - // vars for srkpubkey parameter 7.287 - TPM_KEY srkPub; 7.288 - TPM_KEY_PARMS srkKeyInfo = {TPM_ALG_RSA, TPM_ES_RSAESOAEP_SHA1_MGF1, TPM_SS_NONE, 12, 0}; 7.289 - BYTE srkRSAkeyInfo[12] = { 0x00, 0x00, (RSA_KEY_SIZE >> 8), 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00}; 7.290 - srkKeyInfo.parms = (BYTE *) &srkRSAkeyInfo; 7.291 - 7.292 - struct pack_buf_t srkText; 7.293 - 7.294 - // GenerateAuth new nonceOdd 7.295 - Crypto_GetRandom(&auth->NonceOdd, sizeof(TPM_NONCE) ); 7.296 - 7.297 - //These values are accurate for an enc(AuthData). 7.298 - struct pack_buf_t encOwnerAuth, encSrkAuth; 7.299 - 7.300 - encOwnerAuth.data = (BYTE *)malloc(sizeof(BYTE) * 256); 7.301 - encSrkAuth.data = (BYTE *)malloc(sizeof(BYTE) * 256); 7.302 - 7.303 - if (encOwnerAuth.data == NULL || encSrkAuth.data == NULL) { 7.304 - vtpmloginfo(VTPM_LOG_VTSP, "Could not malloc encrypted auths.\n"); 7.305 - status = TPM_RESOURCES; 7.306 - goto abort_egress; 7.307 - } 7.308 - 7.309 - Crypto_RSAEnc(ek_cryptoInfo, sizeof(TPM_SECRET), (BYTE *) ownerAuth, &encOwnerAuth.size, encOwnerAuth.data); 7.310 - Crypto_RSAEnc(ek_cryptoInfo, sizeof(TPM_SECRET), (BYTE *) srkAuth, &encSrkAuth.size, encSrkAuth.data); 7.311 - 7.312 - 7.313 - // Build srk public key struct 7.314 - srkPub.ver = TPM_STRUCT_VER_1_1; 7.315 - srkPub.keyUsage = TPM_KEY_STORAGE; 7.316 - srkPub.keyFlags = 0x00; 7.317 - srkPub.authDataUsage = TPM_AUTH_ALWAYS; 7.318 - memcpy(&srkPub.algorithmParms, &srkKeyInfo, sizeof(TPM_KEY_PARMS)); 7.319 - srkPub.PCRInfoSize = 0; 7.320 - srkPub.PCRInfo = 0; 7.321 - srkPub.pubKey.keyLength= 0; 7.322 - srkPub.encDataSize = 0; 7.323 - 7.324 - srkText.data = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH); 7.325 - srkText.size = BSG_Pack(BSG_TPM_KEY, (BYTE *) &srkPub, srkText.data); 7.326 - 7.327 - paramText = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH); 7.328 - 7.329 - paramTextSize = BSG_PackList(paramText, 5, 7.330 - BSG_TPM_COMMAND_CODE,&command, 7.331 - BSG_TPM_PROTOCOL_ID, &proto_id, 7.332 - BSG_TPM_SIZE32_DATA, &encOwnerAuth, 7.333 - BSG_TPM_SIZE32_DATA, &encSrkAuth, 7.334 - BSG_TPM_KEY, &srkPub); 7.335 - 7.336 - TPMTRYRETURN( GenerateAuth( paramText, paramTextSize, ownerAuth, auth) ); 7.337 - 7.338 - new_srk = srkText.data; 7.339 - TPMTRYRETURN( TCSP_TakeOwnership ( hContext, 7.340 - proto_id, 7.341 - encOwnerAuth.size, 7.342 - encOwnerAuth.data, 7.343 - encSrkAuth.size, 7.344 - encSrkAuth.data, 7.345 - &srkText.size, 7.346 - &new_srk, 7.347 - auth ) ); 7.348 - 7.349 - 7.350 - paramTextSize = BSG_PackList(paramText, 2, 7.351 - BSG_TPM_RESULT, &status, 7.352 - BSG_TPM_COMMAND_CODE, &command); 7.353 - memcpy(paramText + paramTextSize, new_srk, srkText.size); 7.354 - paramTextSize += srkText.size; 7.355 - 7.356 - 7.357 - TPMTRYRETURN( VerifyAuth( paramText, paramTextSize, 7.358 - ownerAuth, auth, 7.359 - hContext) ); 7.360 - 7.361 - goto egress; 7.362 - 7.363 - abort_egress: 7.364 - 7.365 - egress: 7.366 - 7.367 - free(srkText.data); 7.368 - free(encSrkAuth.data); 7.369 - free(encOwnerAuth.data); 7.370 - free(paramText); 7.371 - 7.372 - TCS_FreeMemory(hContext, new_srk); 7.373 - 7.374 - return status; 7.375 -} 7.376 - 7.377 -TPM_RESULT VTSP_DisablePubekRead( const TCS_CONTEXT_HANDLE hContext, 7.378 - const TPM_AUTHDATA *ownerAuth, 7.379 - TCS_AUTH *auth) { 7.380 - 7.381 - vtpmloginfo(VTPM_LOG_VTSP, "Disabling Pubek Read.\n"); 7.382 - 7.383 - TPM_RESULT status = TPM_SUCCESS; 7.384 - TPM_COMMAND_CODE command = TPM_ORD_DisablePubekRead; 7.385 - 7.386 - BYTE *paramText; // Digest to make Auth. 7.387 - UINT32 paramTextSize; 7.388 - 7.389 - // Generate HMAC 7.390 - Crypto_GetRandom(&auth->NonceOdd, sizeof(TPM_NONCE) ); 7.391 - 7.392 - paramText = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH); 7.393 - 7.394 - paramTextSize = BSG_PackList(paramText, 1, 7.395 - BSG_TPM_COMMAND_CODE, &command); 7.396 - 7.397 - TPMTRYRETURN( GenerateAuth( paramText, paramTextSize, 7.398 - ownerAuth, auth) ); 7.399 - 7.400 - // Call TCS 7.401 - TPMTRYRETURN( TCSP_DisablePubekRead ( hContext, // in 7.402 - auth) ); 7.403 - 7.404 - // Verify Auth 7.405 - paramTextSize = BSG_PackList(paramText, 2, 7.406 - BSG_TPM_RESULT, &status, 7.407 - BSG_TPM_COMMAND_CODE, &command); 7.408 - 7.409 - TPMTRYRETURN( VerifyAuth( paramText, paramTextSize, 7.410 - ownerAuth, auth, 7.411 - hContext) ); 7.412 - goto egress; 7.413 - 7.414 - abort_egress: 7.415 - egress: 7.416 - free(paramText); 7.417 - return status; 7.418 -} 7.419 - 7.420 -TPM_RESULT VTSP_CreateWrapKey( const TCS_CONTEXT_HANDLE hContext, 7.421 - const TPM_KEY_USAGE usage, 7.422 - const TPM_AUTHDATA *newKeyAuth, 7.423 - const TCS_KEY_HANDLE parentHandle, 7.424 - const TPM_AUTHDATA *osapSharedSecret, 7.425 - buffer_t *pubKeyBuf, 7.426 - TCS_AUTH *auth) { 7.427 - 7.428 - int i; 7.429 - TPM_RESULT status = TPM_SUCCESS; 7.430 - TPM_COMMAND_CODE command = TPM_ORD_CreateWrapKey; 7.431 - 7.432 - vtpmloginfo(VTPM_LOG_VTSP, "Creating new key of type %d.\n", usage); 7.433 - 7.434 - // vars for Calculate encUsageAuth 7.435 - BYTE *paramText; 7.436 - UINT32 paramTextSize; 7.437 - 7.438 - // vars for Calculate encUsageAuth 7.439 - BYTE XORbuffer[sizeof(TPM_SECRET) + sizeof(TPM_NONCE)]; 7.440 - TPM_DIGEST XORKey1; 7.441 - UINT32 XORbufferSize; 7.442 - TPM_SECRET encUsageAuth, encMigrationAuth; 7.443 - 7.444 - // vars for Flatten newKey prototype 7.445 - BYTE *flatKey = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH); 7.446 - UINT32 flatKeySize = TCPA_MAX_BUFFER_LENGTH; 7.447 - struct pack_buf_t newKeyText; 7.448 - 7.449 - // Fill in newKey 7.450 - TPM_KEY newKey; 7.451 - 7.452 - BYTE RSAkeyInfo[12] = { 0x00, 0x00, (RSA_KEY_SIZE >> 8), 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00}; 7.453 - newKey.algorithmParms.algorithmID = TPM_ALG_RSA; 7.454 - newKey.algorithmParms.parms = (BYTE *) &RSAkeyInfo; 7.455 - newKey.algorithmParms.parmSize = 12; 7.456 - 7.457 - switch (usage) { 7.458 - case TPM_KEY_SIGNING: 7.459 - vtpmloginfo(VTPM_LOG_VTSP, "Creating Signing Key...\n"); 7.460 - newKey.keyUsage = TPM_KEY_SIGNING; 7.461 - newKey.algorithmParms.encScheme = TPM_ES_NONE; 7.462 - newKey.algorithmParms.sigScheme = TPM_SS_RSASSAPKCS1v15_SHA1; 7.463 - break; 7.464 - case TPM_KEY_STORAGE: 7.465 - vtpmloginfo(VTPM_LOG_VTSP, "Creating Storage Key...\n"); 7.466 - newKey.keyUsage = TPM_KEY_STORAGE; 7.467 - newKey.algorithmParms.encScheme = TPM_ES_RSAESOAEP_SHA1_MGF1; 7.468 - newKey.algorithmParms.sigScheme = TPM_SS_NONE; 7.469 - break; 7.470 - case TPM_KEY_BIND: 7.471 - vtpmloginfo(VTPM_LOG_VTSP, "Creating Binding Key...\n"); 7.472 - newKey.keyUsage = TPM_KEY_BIND; 7.473 - newKey.algorithmParms.encScheme = TPM_ES_RSAESOAEP_SHA1_MGF1; 7.474 - newKey.algorithmParms.sigScheme = TPM_SS_NONE; 7.475 - break; 7.476 - default: 7.477 - vtpmloginfo(VTPM_LOG_VTSP, "Cannot create key. Invalid Key Type.\n"); 7.478 - status = TPM_BAD_PARAMETER; 7.479 - goto abort_egress; 7.480 - } 7.481 - 7.482 - 7.483 - newKey.ver = TPM_STRUCT_VER_1_1; 7.484 - 7.485 - newKey.keyFlags = 0; 7.486 - newKey.authDataUsage = TPM_AUTH_ALWAYS; 7.487 - newKey.pubKey.keyLength= 0; 7.488 - newKey.encDataSize = 0; 7.489 - newKey.encData = NULL; 7.490 - 7.491 - // FIXME: Support PCR bindings 7.492 - newKey.PCRInfoSize = 0; 7.493 - newKey.PCRInfo = NULL; 7.494 - 7.495 - // Calculate encUsageAuth 7.496 - XORbufferSize = BSG_PackList( XORbuffer, 2, 7.497 - BSG_TPM_SECRET, osapSharedSecret, 7.498 - BSG_TPM_NONCE, &auth->NonceEven); 7.499 - Crypto_SHA1Full(XORbuffer, XORbufferSize, (BYTE *) &XORKey1); 7.500 - 7.501 - // FIXME: No support for migratable keys. 7.502 - for (i=0; i < TPM_DIGEST_SIZE; i++) 7.503 - ((BYTE *) &encUsageAuth)[i] = ((BYTE *) &XORKey1)[i] ^ ((BYTE *) newKeyAuth)[i]; 7.504 - 7.505 - // Flatten newKey prototype 7.506 - flatKeySize = BSG_Pack(BSG_TPM_KEY, (BYTE *) &newKey, flatKey); 7.507 - newKeyText.data = flatKey; 7.508 - newKeyText.size = flatKeySize; 7.509 - 7.510 - // GenerateAuth new nonceOdd 7.511 - Crypto_GetRandom(&auth->NonceOdd, sizeof(TPM_NONCE) ); 7.512 - 7.513 - // Generate HMAC 7.514 - paramText = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH); 7.515 - 7.516 - paramTextSize = BSG_PackList(paramText, 3, 7.517 - BSG_TPM_COMMAND_CODE, &command, 7.518 - BSG_TPM_AUTHDATA, &encUsageAuth, 7.519 - BSG_TPM_AUTHDATA, &encMigrationAuth); 7.520 - memcpy(paramText + paramTextSize, newKeyText.data, newKeyText.size); 7.521 - paramTextSize += newKeyText.size; 7.522 - 7.523 - 7.524 - TPMTRYRETURN( GenerateAuth( paramText, paramTextSize, 7.525 - osapSharedSecret, auth) ); 7.526 - 7.527 - // Call TCS 7.528 - TPMTRYRETURN( TCSP_CreateWrapKey( hContext, 7.529 - parentHandle, 7.530 - encUsageAuth, 7.531 - encMigrationAuth, 7.532 - &newKeyText.size, 7.533 - &newKeyText.data, 7.534 - auth) ); 7.535 - 7.536 - // Verify Auth 7.537 - paramTextSize = BSG_PackList(paramText, 2, 7.538 - BSG_TPM_RESULT, &status, 7.539 - BSG_TPM_COMMAND_CODE, &command); 7.540 - memcpy(paramText + paramTextSize, newKeyText.data, newKeyText.size); 7.541 - paramTextSize += newKeyText.size; 7.542 - 7.543 - TPMTRYRETURN( VerifyAuth( paramText, paramTextSize, 7.544 - osapSharedSecret, auth, 0) ); 7.545 - 7.546 - // Unpack/return key structure 7.547 - TPMTRYRETURN(buffer_init(pubKeyBuf, 0, 0) ); 7.548 - TPMTRYRETURN(buffer_append_raw(pubKeyBuf, newKeyText.size, newKeyText.data) ); 7.549 - 7.550 - goto egress; 7.551 - 7.552 - abort_egress: 7.553 - 7.554 - egress: 7.555 - 7.556 - free(flatKey); 7.557 - free(paramText); 7.558 - TCS_FreeMemory(hContext, newKeyText.data); 7.559 - 7.560 - return status; 7.561 -} 7.562 - 7.563 -TPM_RESULT VTSP_LoadKey(const TCS_CONTEXT_HANDLE hContext, 7.564 - const TCS_KEY_HANDLE hUnwrappingKey, 7.565 - const buffer_t *rgbWrappedKeyBlob, 7.566 - const TPM_AUTHDATA *parentAuth, 7.567 - TPM_HANDLE *newKeyHandle, 7.568 - TCS_AUTH *auth, 7.569 - CRYPTO_INFO *cryptoinfo /*= NULL*/) { 7.570 - 7.571 - 7.572 - vtpmloginfo(VTPM_LOG_VTSP, "Loading Key.\n%s",""); 7.573 - 7.574 - TPM_RESULT status = TPM_SUCCESS; 7.575 - TPM_COMMAND_CODE command = TPM_ORD_LoadKey; 7.576 - 7.577 - BYTE *paramText; // Digest to make Auth. 7.578 - UINT32 paramTextSize; 7.579 - 7.580 - if ((rgbWrappedKeyBlob == NULL) || (parentAuth == NULL) || 7.581 - (newKeyHandle==NULL) || (auth==NULL)) { 7.582 - status = TPM_BAD_PARAMETER; 7.583 - goto abort_egress; 7.584 - } 7.585 - 7.586 - // Generate Extra TCS Parameters 7.587 - TPM_HANDLE phKeyHMAC; 7.588 - 7.589 - // Generate HMAC 7.590 - Crypto_GetRandom(&auth->NonceOdd, sizeof(TPM_NONCE) ); 7.591 - 7.592 - paramText = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH); 7.593 - 7.594 - paramTextSize = BSG_PackList(paramText, 1, 7.595 - BSG_TPM_COMMAND_CODE, &command); 7.596 - 7.597 - memcpy(paramText + paramTextSize, rgbWrappedKeyBlob->bytes, buffer_len(rgbWrappedKeyBlob)); 7.598 - paramTextSize += buffer_len(rgbWrappedKeyBlob); 7.599 - 7.600 - TPMTRYRETURN( GenerateAuth( paramText, paramTextSize, 7.601 - parentAuth, auth) ); 7.602 - 7.603 - // Call TCS 7.604 - TPMTRYRETURN( TCSP_LoadKeyByBlob( hContext, 7.605 - hUnwrappingKey, 7.606 - buffer_len(rgbWrappedKeyBlob), 7.607 - rgbWrappedKeyBlob->bytes, 7.608 - auth, 7.609 - newKeyHandle, 7.610 - &phKeyHMAC) ); 7.611 - 7.612 - // Verify Auth 7.613 - paramTextSize = BSG_PackList(paramText, 3, 7.614 - BSG_TPM_RESULT, &status, 7.615 - BSG_TPM_COMMAND_CODE, &command, 7.616 - BSG_TPM_HANDLE, newKeyHandle); 7.617 - 7.618 - TPMTRYRETURN( VerifyAuth( paramText, paramTextSize, 7.619 - parentAuth, auth, 7.620 - hContext) ); 7.621 - 7.622 - // Unpack/return key structure 7.623 - if (cryptoinfo != NULL) { 7.624 - TPM_KEY newKey; 7.625 - 7.626 - BSG_Unpack(BSG_TPM_KEY, rgbWrappedKeyBlob->bytes , &newKey); 7.627 - TPM_RSA_KEY_PARMS rsaKeyParms; 7.628 - 7.629 - BSG_Unpack(BSG_TPM_RSA_KEY_PARMS, 7.630 - newKey.algorithmParms.parms, 7.631 - &rsaKeyParms); 7.632 - 7.633 - Crypto_RSABuildCryptoInfoPublic(rsaKeyParms.exponentSize, 7.634 - rsaKeyParms.exponent, 7.635 - newKey.pubKey.keyLength, 7.636 - newKey.pubKey.key, 7.637 - cryptoinfo); 7.638 - 7.639 - // Destroy rsaKeyParms 7.640 - BSG_Destroy(BSG_TPM_RSA_KEY_PARMS, &rsaKeyParms); 7.641 - 7.642 - // Set encryption scheme 7.643 - cryptoinfo->encScheme = CRYPTO_ES_RSAESOAEP_SHA1_MGF1; 7.644 - } 7.645 - 7.646 - goto egress; 7.647 - 7.648 - abort_egress: 7.649 - 7.650 - egress: 7.651 - 7.652 - free(paramText); 7.653 - return status; 7.654 -} 7.655 - 7.656 -TPM_RESULT VTSP_Unbind( const TCS_CONTEXT_HANDLE hContext, 7.657 - const TPM_KEY_HANDLE key_handle, 7.658 - const buffer_t *bound_data, 7.659 - const TPM_AUTHDATA *usage_auth, 7.660 - buffer_t *clear_data, 7.661 - TCS_AUTH *auth) { 7.662 - 7.663 - vtpmloginfo(VTPM_LOG_VTSP, "Unbinding %d bytes of data.\n", buffer_len(bound_data)); 7.664 - 7.665 - TPM_RESULT status = TPM_SUCCESS; 7.666 - TPM_COMMAND_CODE command = TPM_ORD_UnBind; 7.667 - 7.668 - BYTE *paramText; // Digest to make Auth. 7.669 - UINT32 paramTextSize; 7.670 - 7.671 - // Generate Extra TCS Parameters 7.672 - struct pack_buf_t clear_data32; 7.673 - BYTE *clear_data_text; 7.674 - UINT32 clear_data_size; 7.675 - 7.676 - // Generate HMAC 7.677 - Crypto_GetRandom(&auth->NonceOdd, sizeof(TPM_NONCE) ); 7.678 - 7.679 - struct pack_buf_t bound_data32 = {bound_data->size, bound_data->bytes}; 7.680 - 7.681 - paramText = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH); 7.682 - 7.683 - paramTextSize = BSG_PackList(paramText, 2, 7.684 - BSG_TPM_COMMAND_CODE, &command, 7.685 - BSG_TPM_SIZE32_DATA, &bound_data32); 7.686 - 7.687 - TPMTRYRETURN( GenerateAuth( paramText, paramTextSize, 7.688 - usage_auth, auth) ); 7.689 - 7.690 - // Call TCS 7.691 - TPMTRYRETURN( TCSP_UnBind( hContext, 7.692 - key_handle, 7.693 - buffer_len(bound_data), 7.694 - bound_data->bytes, 7.695 - auth, 7.696 - &clear_data_size, 7.697 - &clear_data_text) ); 7.698 - 7.699 - 7.700 - // Verify Auth 7.701 - clear_data32.size = clear_data_size; 7.702 - clear_data32.data = clear_data_text; 7.703 - paramTextSize = BSG_PackList(paramText, 3, 7.704 - BSG_TPM_RESULT, &status, 7.705 - BSG_TPM_COMMAND_CODE, &command, 7.706 - BSG_TPM_SIZE32_DATA, &clear_data32); 7.707 - 7.708 - TPMTRYRETURN( VerifyAuth( paramText, paramTextSize, 7.709 - usage_auth, auth, 7.710 - hContext) ); 7.711 - 7.712 - // Unpack/return key structure 7.713 - TPMTRYRETURN(buffer_init(clear_data, 0, 0)); 7.714 - TPMTRYRETURN(buffer_append_raw (clear_data, clear_data_size, clear_data_text) ); 7.715 - 7.716 - goto egress; 7.717 - 7.718 - abort_egress: 7.719 - 7.720 - egress: 7.721 - 7.722 - free(paramText); 7.723 - TCS_FreeMemory(hContext, clear_data_text); 7.724 - 7.725 - return status; 7.726 -} 7.727 - 7.728 -TPM_RESULT VTSP_Bind( CRYPTO_INFO *cryptoInfo, 7.729 - const buffer_t *inData, 7.730 - buffer_t *outData) 7.731 -{ 7.732 - vtpmloginfo(VTPM_LOG_VTSP, "Binding %d bytes of data.\n", buffer_len(inData)); 7.733 - TPM_BOUND_DATA boundData; 7.734 - UINT32 i; 7.735 - 7.736 - // Fill boundData's accessory information 7.737 - boundData.ver = TPM_STRUCT_VER_1_1; 7.738 - boundData.payload = TPM_PT_BIND; 7.739 - boundData.payloadData = inData->bytes; 7.740 - 7.741 - // Pack boundData before encryption 7.742 - BYTE* flatBoundData = (BYTE *)malloc(sizeof(BYTE) * 7.743 - (sizeof(TPM_VERSION) + 7.744 - sizeof(TPM_PAYLOAD_TYPE) + 7.745 - buffer_len(inData))); 7.746 - if (flatBoundData == NULL) { 7.747 - return TPM_NOSPACE; 7.748 - } 7.749 - UINT32 flatBoundDataSize = 0; 7.750 - flatBoundDataSize = BSG_PackList( flatBoundData, 2, 7.751 - BSG_TPM_VERSION, &boundData.ver, 7.752 - BSG_TYPE_BYTE, &boundData.payload); 7.753 - 7.754 - memcpy(flatBoundData+flatBoundDataSize, inData->bytes, buffer_len(inData)); 7.755 - flatBoundDataSize += buffer_len(inData); 7.756 - 7.757 - BYTE out_tmp[RSA_KEY_SIZE/8]; // RSAEnc does not do blocking, So this is what will come out. 7.758 - UINT32 out_tmp_size; 7.759 - 7.760 - // Encrypt flatBoundData 7.761 - Crypto_RSAEnc( cryptoInfo, 7.762 - flatBoundDataSize, 7.763 - flatBoundData, 7.764 - &out_tmp_size, 7.765 - out_tmp); 7.766 - 7.767 - if (out_tmp_size > RSA_KEY_SIZE/8) { 7.768 - // The result of RSAEnc should be a fixed size based on key size. 7.769 - vtpmlogerror(VTPM_LOG_VTSP, "Enc buffer just overflowed.\n"); 7.770 - } 7.771 - 7.772 - buffer_init(outData, 0, NULL); 7.773 - buffer_append_raw(outData, out_tmp_size, out_tmp); 7.774 - 7.775 - vtpmloginfo(VTPM_LOG_TXDATA, "Bind Generated[%d] = 0x", out_tmp_size); 7.776 - for(i = 0 ; i < out_tmp_size ; i++) { 7.777 - vtpmloginfomore(VTPM_LOG_TXDATA, "%2.2x ", out_tmp[i]); 7.778 - } 7.779 - vtpmloginfomore(VTPM_LOG_TXDATA, "\n"); 7.780 - 7.781 - // Free flatBoundData 7.782 - free(flatBoundData); 7.783 - 7.784 - return TPM_SUCCESS; 7.785 -} 7.786 - 7.787 -// Function Reaches into unsupported TCS command, beware. 7.788 -TPM_RESULT VTSP_RawTransmit(const TCS_CONTEXT_HANDLE hContext, 7.789 - const buffer_t *inbuf, 7.790 - buffer_t *outbuf ) { 7.791 - 7.792 - vtpmloginfo(VTPM_LOG_VTSP, "Passthrough in use.\n"); 7.793 - TPM_RESULT status = TPM_SUCCESS; 7.794 - 7.795 - // Generate Extra TCS Parameters 7.796 - BYTE *resultText = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH); 7.797 - UINT32 resultTextSize = TCPA_MAX_BUFFER_LENGTH; 7.798 - 7.799 - // Call TCS 7.800 - TPMTRYRETURN( TCSP_RawTransmitData(buffer_len(inbuf), inbuf->bytes, 7.801 - &resultTextSize, resultText) ); 7.802 - 7.803 - // Unpack/return key structure 7.804 - TPMTRYRETURN(buffer_init (outbuf, resultTextSize, resultText) ); 7.805 - goto egress; 7.806 - 7.807 - abort_egress: 7.808 - 7.809 - egress: 7.810 - TCS_FreeMemory(hContext, resultText); 7.811 - free(resultText); 7.812 - return status; 7.813 -} 7.814 +// =================================================================== 7.815 +// 7.816 +// Copyright (c) 2005, Intel Corp. 7.817 +// All rights reserved. 7.818 +// 7.819 +// Redistribution and use in source and binary forms, with or without 7.820 +// modification, are permitted provided that the following conditions 7.821 +// are met: 7.822 +// 7.823 +// * Redistributions of source code must retain the above copyright 7.824 +// notice, this list of conditions and the following disclaimer. 7.825 +// * Redistributions in binary form must reproduce the above 7.826 +// copyright notice, this list of conditions and the following 7.827 +// disclaimer in the documentation and/or other materials provided 7.828 +// with the distribution. 7.829 +// * Neither the name of Intel Corporation nor the names of its 7.830 +// contributors may be used to endorse or promote products derived 7.831 +// from this software without specific prior written permission. 7.832 +// 7.833 +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 7.834 +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 7.835 +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 7.836 +// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 7.837 +// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 7.838 +// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 7.839 +// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 7.840 +// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 7.841 +// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 7.842 +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 7.843 +// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 7.844 +// OF THE POSSIBILITY OF SUCH DAMAGE. 7.845 +// =================================================================== 7.846 +// 7.847 +// vtsp.c 7.848 +// 7.849 +// Higher level interface to TCS for use in service. 7.850 +// 7.851 +// ================================================================== 7.852 + 7.853 +#include <string.h> 7.854 +#include "tcg.h" 7.855 +#include "tcs.h" 7.856 +#include "bsg.h" 7.857 +#include "log.h" 7.858 +#include "crypto.h" 7.859 +#include "vtsp.h" 7.860 +#include "buffer.h" 7.861 + 7.862 +#define RSA_KEY_SIZE 0x0800 7.863 + 7.864 +/*********************************************************************************** 7.865 + * GenerateAuth: Generate authorization info to be sent back to application 7.866 + * 7.867 + * Parameters: outParamDigestText The concatenation of output parameters to be SHA1ed 7.868 + * outParamDigestTextSize Size of inParamDigestText 7.869 + * HMACkey Key to be used for HMACing 7.870 + * For OIAP use key.authUsage or PersistStore.ownerAuth 7.871 + * For OSAP use shared secret 7.872 + * pAuth Authorization information from the application 7.873 + * 7.874 + * Return: TPM_SUCCESS Authorization data created 7.875 + * TPM_AUTHFAIL Invalid (NULL) HMACkey presented for OSAP 7.876 + *************************************************************************************/ 7.877 +TPM_RESULT GenerateAuth( /*[IN]*/ const BYTE *inParamDigestText, 7.878 + /*[IN]*/ UINT32 inParamDigestTextSize, 7.879 + /*[IN]*/ const TPM_SECRET *HMACkey, 7.880 + /*[IN,OUT]*/ TCS_AUTH *auth) { 7.881 + 7.882 + if (inParamDigestText == NULL || auth == NULL) 7.883 + return (TPM_AUTHFAIL); 7.884 + else { 7.885 + 7.886 + //Generate new OddNonce 7.887 + Crypto_GetRandom(auth->NonceOdd.nonce, sizeof(TPM_NONCE)); 7.888 + 7.889 + // Create SHA1 inParamDigest 7.890 + TPM_DIGEST inParamDigest; 7.891 + Crypto_SHA1Full(inParamDigestText, inParamDigestTextSize, (BYTE *) &inParamDigest); 7.892 + 7.893 + // Create HMAC text. (Concat inParamsDigest with inAuthSetupParams). 7.894 + BYTE hmacText[sizeof(TPM_DIGEST) + (2 * sizeof(TPM_NONCE)) + sizeof(BOOL)]; 7.895 + 7.896 + BSG_PackList( hmacText, 4, 7.897 + BSG_TPM_DIGEST, &inParamDigest, 7.898 + BSG_TPM_NONCE, &(auth->NonceEven), 7.899 + BSG_TPM_NONCE, &(auth->NonceOdd), 7.900 + BSG_TYPE_BOOL, &(auth->fContinueAuthSession) ); 7.901 + 7.902 + Crypto_HMAC((BYTE *) hmacText, sizeof(hmacText), (BYTE *) HMACkey, sizeof(TPM_DIGEST), (BYTE *) &(auth->HMAC)); 7.903 + 7.904 + return(TPM_SUCCESS); 7.905 + 7.906 + } 7.907 +} 7.908 + 7.909 +/*********************************************************************************** 7.910 + * VerifyAuth: Verify the authdata for a command requiring authorization 7.911 + * 7.912 + * Parameters: inParamDigestText The concatenation of parameters to be SHA1ed 7.913 + * inParamDigestTextSize Size of inParamDigestText 7.914 + * authDataUsage AuthDataUsage for the Entity being used 7.915 + * Key->authDataUsage or TPM_AUTH_OWNER 7.916 + * HMACkey Key to be used for HMACing 7.917 + * For OIAP use key.authUsage or PersistStore.ownerAuth 7.918 + * For OSAP use NULL (It will be aquired from the Auth Session) 7.919 + * If unknown (default), assume OIAP 7.920 + * sessionAuth A TCS_AUTH info for the session 7.921 + * pAuth Authorization information from the application 7.922 + * hContext If specified, on failed Auth, VerifyAuth will 7.923 + * generate a new OIAP session in place of themselves 7.924 + * destroyed session. 7.925 + * 7.926 + * Return: TPM_SUCCESS Authorization Verified 7.927 + * TPM_AUTHFAIL Authorization Failed 7.928 + * TPM_FAIL Failure during SHA1 routines 7.929 + *************************************************************************************/ 7.930 +TPM_RESULT VerifyAuth( /*[IN]*/ const BYTE *outParamDigestText, 7.931 + /*[IN]*/ UINT32 outParamDigestTextSize, 7.932 + /*[IN]*/ const TPM_SECRET *HMACkey, 7.933 + /*[IN,OUT]*/ TCS_AUTH *auth, 7.934 + /*[IN]*/ TCS_CONTEXT_HANDLE hContext) { 7.935 + if (outParamDigestText == NULL || auth == NULL) 7.936 + return (TPM_AUTHFAIL); 7.937 + 7.938 + 7.939 + // Create SHA1 inParamDigest 7.940 + TPM_DIGEST outParamDigest; 7.941 + Crypto_SHA1Full(outParamDigestText, outParamDigestTextSize, (BYTE *) &outParamDigest); 7.942 + 7.943 + // Create HMAC text. (Concat inParamsDigest with inAuthSetupParams). 7.944 + TPM_DIGEST hm; 7.945 + BYTE hmacText[sizeof(TPM_DIGEST) + (2 * sizeof(TPM_NONCE)) + sizeof(BOOL)]; 7.946 + 7.947 + BSG_PackList( hmacText, 4, 7.948 + BSG_TPM_DIGEST, &outParamDigest, 7.949 + BSG_TPM_NONCE, &(auth->NonceEven), 7.950 + BSG_TPM_NONCE, &(auth->NonceOdd), 7.951 + BSG_TYPE_BOOL, &(auth->fContinueAuthSession) ); 7.952 + 7.953 + Crypto_HMAC((BYTE *) hmacText, sizeof(hmacText), 7.954 + (BYTE *) HMACkey, sizeof(TPM_DIGEST), (BYTE *) &hm); 7.955 + 7.956 + // Compare correct HMAC with provided one. 7.957 + if (memcmp (&hm, &(auth->HMAC), sizeof(TPM_DIGEST)) == 0) // 0 indicates equality 7.958 + return (TPM_SUCCESS); 7.959 + else { 7.960 + VTSP_OIAP( hContext, auth); 7.961 + return (TPM_AUTHFAIL); 7.962 + } 7.963 +} 7.964 + 7.965 +TPM_RESULT VTSP_OIAP(const TCS_CONTEXT_HANDLE hContext, 7.966 + TCS_AUTH *auth) { 7.967 + 7.968 + vtpmloginfo(VTPM_LOG_VTSP, "OIAP.\n"); 7.969 + TPM_RESULT status = TPM_SUCCESS; 7.970 + TPMTRYRETURN( TCSP_OIAP(hContext, 7.971 + &auth->AuthHandle, 7.972 + &auth->NonceEven) ); 7.973 + goto egress; 7.974 + 7.975 + abort_egress: 7.976 + 7.977 + egress: 7.978 + 7.979 + return status; 7.980 +} 7.981 + 7.982 +TPM_RESULT VTSP_OSAP(const TCS_CONTEXT_HANDLE hContext, 7.983 + const TPM_ENTITY_TYPE entityType, 7.984 + const UINT32 entityValue, 7.985 + const TPM_AUTHDATA *usageAuth, 7.986 + TPM_SECRET *sharedSecret, 7.987 + TCS_AUTH *auth) { 7.988 + 7.989 + vtpmloginfo(VTPM_LOG_VTSP, "OSAP.\n"); 7.990 + TPM_RESULT status = TPM_SUCCESS; 7.991 + TPM_NONCE nonceEvenOSAP, nonceOddOSAP; 7.992 + 7.993 + Crypto_GetRandom((BYTE *) &nonceOddOSAP, sizeof(TPM_NONCE) ); 7.994 + 7.995 + TPMTRYRETURN( TCSP_OSAP( hContext, 7.996 + entityType, 7.997 + entityValue, 7.998 + nonceOddOSAP, 7.999 + &auth->AuthHandle, 7.1000 + &auth->NonceEven, 7.1001 + &nonceEvenOSAP) ); 7.1002 + 7.1003 + // Calculating Session Secret 7.1004 + BYTE sharedSecretText[TPM_DIGEST_SIZE * 2]; 7.1005 + 7.1006 + BSG_PackList( sharedSecretText, 2, 7.1007 + BSG_TPM_NONCE, &nonceEvenOSAP, 7.1008 + BSG_TPM_NONCE, &nonceOddOSAP); 7.1009 + 7.1010 + Crypto_HMAC(sharedSecretText, sizeof(sharedSecretText), (BYTE *) usageAuth, TPM_DIGEST_SIZE, (BYTE *) sharedSecret); 7.1011 + 7.1012 + goto egress; 7.1013 + 7.1014 + abort_egress: 7.1015 + 7.1016 + egress: 7.1017 + 7.1018 + return status; 7.1019 +} 7.1020 + 7.1021 + 7.1022 + 7.1023 +TPM_RESULT VTSP_ReadPubek( const TCS_CONTEXT_HANDLE hContext, 7.1024 + CRYPTO_INFO *crypto_info) { 7.1025 + 7.1026 + TPM_RESULT status; 7.1027 + TPM_NONCE antiReplay; 7.1028 + TPM_DIGEST checksum; 7.1029 + BYTE *pubEKtext; 7.1030 + UINT32 pubEKtextsize; 7.1031 + 7.1032 + vtpmloginfo(VTPM_LOG_VTSP, "Reading Public EK.\n"); 7.1033 + 7.1034 + // GenerateAuth new nonceOdd 7.1035 + Crypto_GetRandom(&antiReplay, sizeof(TPM_NONCE) ); 7.1036 + 7.1037 + 7.1038 + TPMTRYRETURN( TCSP_ReadPubek( hContext, 7.1039 + antiReplay, 7.1040 + &pubEKtextsize, 7.1041 + &pubEKtext, 7.1042 + &checksum) ); 7.1043 + 7.1044 + 7.1045 + // Extract the remaining output parameters 7.1046 + TPM_PUBKEY pubEK; 7.1047 + 7.1048 + BSG_Unpack(BSG_TPM_PUBKEY, pubEKtext, (BYTE *) &pubEK); 7.1049 + 7.1050 + // Build CryptoInfo for the bindingKey 7.1051 + TPM_RSA_KEY_PARMS rsaKeyParms; 7.1052 + 7.1053 + BSG_Unpack(BSG_TPM_RSA_KEY_PARMS, 7.1054 + pubEK.algorithmParms.parms, 7.1055 + &rsaKeyParms); 7.1056 + 7.1057 + Crypto_RSABuildCryptoInfoPublic(rsaKeyParms.exponentSize, 7.1058 + rsaKeyParms.exponent, 7.1059 + pubEK.pubKey.keyLength, 7.1060 + pubEK.pubKey.key, 7.1061 + crypto_info); 7.1062 + 7.1063 + // Destroy rsaKeyParms 7.1064 + BSG_Destroy(BSG_TPM_RSA_KEY_PARMS, &rsaKeyParms); 7.1065 + 7.1066 + // Set encryption scheme 7.1067 + crypto_info->encScheme = CRYPTO_ES_RSAESOAEP_SHA1_MGF1; 7.1068 + //crypto_info->encScheme = pubEK.algorithmParms.encScheme; 7.1069 + crypto_info->algorithmID = pubEK.algorithmParms.algorithmID; 7.1070 + 7.1071 + goto egress; 7.1072 + 7.1073 + abort_egress: 7.1074 + 7.1075 + egress: 7.1076 + 7.1077 + return status; 7.1078 +} 7.1079 + 7.1080 +TPM_RESULT VTSP_TakeOwnership( const TCS_CONTEXT_HANDLE hContext, 7.1081 + const TPM_AUTHDATA *ownerAuth, 7.1082 + const TPM_AUTHDATA *srkAuth, 7.1083 + CRYPTO_INFO *ek_cryptoInfo, 7.1084 + TCS_AUTH *auth) { 7.1085 + 7.1086 + vtpmloginfo(VTPM_LOG_VTSP, "Taking Ownership of TPM.\n"); 7.1087 + 7.1088 + TPM_RESULT status = TPM_SUCCESS; 7.1089 + TPM_COMMAND_CODE command = TPM_ORD_TakeOwnership; 7.1090 + TPM_PROTOCOL_ID proto_id = TPM_PID_OWNER; 7.1091 + BYTE *new_srk; 7.1092 + 7.1093 + BYTE *paramText; // Digest to make Auth. 7.1094 + UINT32 paramTextSize; 7.1095 + 7.1096 + // vars for srkpubkey parameter 7.1097 + TPM_KEY srkPub; 7.1098 + TPM_KEY_PARMS srkKeyInfo = {TPM_ALG_RSA, TPM_ES_RSAESOAEP_SHA1_MGF1, TPM_SS_NONE, 12, 0}; 7.1099 + BYTE srkRSAkeyInfo[12] = { 0x00, 0x00, (RSA_KEY_SIZE >> 8), 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00}; 7.1100 + srkKeyInfo.parms = (BYTE *) &srkRSAkeyInfo; 7.1101 + 7.1102 + struct pack_buf_t srkText; 7.1103 + 7.1104 + // GenerateAuth new nonceOdd 7.1105 + Crypto_GetRandom(&auth->NonceOdd, sizeof(TPM_NONCE) ); 7.1106 + 7.1107 + //These values are accurate for an enc(AuthData). 7.1108 + struct pack_buf_t encOwnerAuth, encSrkAuth; 7.1109 + 7.1110 + encOwnerAuth.data = (BYTE *)malloc(sizeof(BYTE) * 256); 7.1111 + encSrkAuth.data = (BYTE *)malloc(sizeof(BYTE) * 256); 7.1112 + 7.1113 + if (encOwnerAuth.data == NULL || encSrkAuth.data == NULL) { 7.1114 + vtpmloginfo(VTPM_LOG_VTSP, "Could not malloc encrypted auths.\n"); 7.1115 + status = TPM_RESOURCES; 7.1116 + goto abort_egress; 7.1117 + } 7.1118 + 7.1119 + Crypto_RSAEnc(ek_cryptoInfo, sizeof(TPM_SECRET), (BYTE *) ownerAuth, &encOwnerAuth.size, encOwnerAuth.data); 7.1120 + Crypto_RSAEnc(ek_cryptoInfo, sizeof(TPM_SECRET), (BYTE *) srkAuth, &encSrkAuth.size, encSrkAuth.data); 7.1121 + 7.1122 + 7.1123 + // Build srk public key struct 7.1124 + srkPub.ver = TPM_STRUCT_VER_1_1; 7.1125 + srkPub.keyUsage = TPM_KEY_STORAGE; 7.1126 + srkPub.keyFlags = 0x00; 7.1127 + srkPub.authDataUsage = TPM_AUTH_ALWAYS; 7.1128 + memcpy(&srkPub.algorithmParms, &srkKeyInfo, sizeof(TPM_KEY_PARMS)); 7.1129 + srkPub.PCRInfoSize = 0; 7.1130 + srkPub.PCRInfo = 0; 7.1131 + srkPub.pubKey.keyLength= 0; 7.1132 + srkPub.encDataSize = 0; 7.1133 + 7.1134 + srkText.data = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH); 7.1135 + srkText.size = BSG_Pack(BSG_TPM_KEY, (BYTE *) &srkPub, srkText.data); 7.1136 + 7.1137 + paramText = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH); 7.1138 + 7.1139 + paramTextSize = BSG_PackList(paramText, 5, 7.1140 + BSG_TPM_COMMAND_CODE,&command, 7.1141 + BSG_TPM_PROTOCOL_ID, &proto_id, 7.1142 + BSG_TPM_SIZE32_DATA, &encOwnerAuth, 7.1143 + BSG_TPM_SIZE32_DATA, &encSrkAuth, 7.1144 + BSG_TPM_KEY, &srkPub); 7.1145 + 7.1146 + TPMTRYRETURN( GenerateAuth( paramText, paramTextSize, ownerAuth, auth) ); 7.1147 + 7.1148 + new_srk = srkText.data; 7.1149 + TPMTRYRETURN( TCSP_TakeOwnership ( hContext, 7.1150 + proto_id, 7.1151 + encOwnerAuth.size, 7.1152 + encOwnerAuth.data, 7.1153 + encSrkAuth.size, 7.1154 + encSrkAuth.data, 7.1155 + &srkText.size, 7.1156 + &new_srk, 7.1157 + auth ) ); 7.1158 + 7.1159 + 7.1160 + paramTextSize = BSG_PackList(paramText, 2, 7.1161 + BSG_TPM_RESULT, &status, 7.1162 + BSG_TPM_COMMAND_CODE, &command); 7.1163 + memcpy(paramText + paramTextSize, new_srk, srkText.size); 7.1164 + paramTextSize += srkText.size; 7.1165 + 7.1166 + 7.1167 + TPMTRYRETURN( VerifyAuth( paramText, paramTextSize, 7.1168 + ownerAuth, auth, 7.1169 + hContext) ); 7.1170 + 7.1171 + goto egress; 7.1172 + 7.1173 + abort_egress: 7.1174 + 7.1175 + egress: 7.1176 + 7.1177 + free(srkText.data); 7.1178 + free(encSrkAuth.data); 7.1179 + free(encOwnerAuth.data); 7.1180 + free(paramText); 7.1181 + 7.1182 + TCS_FreeMemory(hContext, new_srk); 7.1183 + 7.1184 + return status; 7.1185 +} 7.1186 + 7.1187 +TPM_RESULT VTSP_DisablePubekRead( const TCS_CONTEXT_HANDLE hContext, 7.1188 + const TPM_AUTHDATA *ownerAuth, 7.1189 + TCS_AUTH *auth) { 7.1190 + 7.1191 + vtpmloginfo(VTPM_LOG_VTSP, "Disabling Pubek Read.\n"); 7.1192 + 7.1193 + TPM_RESULT status = TPM_SUCCESS; 7.1194 + TPM_COMMAND_CODE command = TPM_ORD_DisablePubekRead; 7.1195 + 7.1196 + BYTE *paramText; // Digest to make Auth. 7.1197 + UINT32 paramTextSize; 7.1198 + 7.1199 + // Generate HMAC 7.1200 + Crypto_GetRandom(&auth->NonceOdd, sizeof(TPM_NONCE) ); 7.1201 + 7.1202 + paramText = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH); 7.1203 + 7.1204 + paramTextSize = BSG_PackList(paramText, 1, 7.1205 + BSG_TPM_COMMAND_CODE, &command); 7.1206 + 7.1207 + TPMTRYRETURN( GenerateAuth( paramText, paramTextSize, 7.1208 + ownerAuth, auth) ); 7.1209 + 7.1210 + // Call TCS 7.1211 + TPMTRYRETURN( TCSP_DisablePubekRead ( hContext, // in 7.1212 + auth) ); 7.1213 + 7.1214 + // Verify Auth 7.1215 + paramTextSize = BSG_PackList(paramText, 2, 7.1216 + BSG_TPM_RESULT, &status, 7.1217 + BSG_TPM_COMMAND_CODE, &command); 7.1218 + 7.1219 + TPMTRYRETURN( VerifyAuth( paramText, paramTextSize, 7.1220 + ownerAuth, auth, 7.1221 + hContext) ); 7.1222 + goto egress; 7.1223 + 7.1224 + abort_egress: 7.1225 + egress: 7.1226 + free(paramText); 7.1227 + return status; 7.1228 +} 7.1229 + 7.1230 +TPM_RESULT VTSP_CreateWrapKey( const TCS_CONTEXT_HANDLE hContext, 7.1231 + const TPM_KEY_USAGE usage, 7.1232 + const TPM_AUTHDATA *newKeyAuth, 7.1233 + const TCS_KEY_HANDLE parentHandle, 7.1234 + const TPM_AUTHDATA *osapSharedSecret, 7.1235 + buffer_t *pubKeyBuf, 7.1236 + TCS_AUTH *auth) { 7.1237 + 7.1238 + int i; 7.1239 + TPM_RESULT status = TPM_SUCCESS; 7.1240 + TPM_COMMAND_CODE command = TPM_ORD_CreateWrapKey; 7.1241 + 7.1242 + vtpmloginfo(VTPM_LOG_VTSP, "Creating new key of type %d.\n", usage); 7.1243 + 7.1244 + // vars for Calculate encUsageAuth 7.1245 + BYTE *paramText; 7.1246 + UINT32 paramTextSize; 7.1247 + 7.1248 + // vars for Calculate encUsageAuth 7.1249 + BYTE XORbuffer[sizeof(TPM_SECRET) + sizeof(TPM_NONCE)]; 7.1250 + TPM_DIGEST XORKey1; 7.1251 + UINT32 XORbufferSize; 7.1252 + TPM_SECRET encUsageAuth, encMigrationAuth; 7.1253 + 7.1254 + // vars for Flatten newKey prototype 7.1255 + BYTE *flatKey = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH); 7.1256 + UINT32 flatKeySize = TCPA_MAX_BUFFER_LENGTH; 7.1257 + struct pack_buf_t newKeyText; 7.1258 + 7.1259 + // Fill in newKey 7.1260 + TPM_KEY newKey; 7.1261 + 7.1262 + BYTE RSAkeyInfo[12] = { 0x00, 0x00, (RSA_KEY_SIZE >> 8), 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00}; 7.1263 + newKey.algorithmParms.algorithmID = TPM_ALG_RSA; 7.1264 + newKey.algorithmParms.parms = (BYTE *) &RSAkeyInfo; 7.1265 + newKey.algorithmParms.parmSize = 12; 7.1266 + 7.1267 + switch (usage) { 7.1268 + case TPM_KEY_SIGNING: 7.1269 + vtpmloginfo(VTPM_LOG_VTSP, "Creating Signing Key...\n"); 7.1270 + newKey.keyUsage = TPM_KEY_SIGNING; 7.1271 + newKey.algorithmParms.encScheme = TPM_ES_NONE; 7.1272 + newKey.algorithmParms.sigScheme = TPM_SS_RSASSAPKCS1v15_SHA1; 7.1273 + break; 7.1274 + case TPM_KEY_STORAGE: 7.1275 + vtpmloginfo(VTPM_LOG_VTSP, "Creating Storage Key...\n"); 7.1276 + newKey.keyUsage = TPM_KEY_STORAGE; 7.1277 + newKey.algorithmParms.encScheme = TPM_ES_RSAESOAEP_SHA1_MGF1; 7.1278 + newKey.algorithmParms.sigScheme = TPM_SS_NONE; 7.1279 + break; 7.1280 + case TPM_KEY_BIND: 7.1281 + vtpmloginfo(VTPM_LOG_VTSP, "Creating Binding Key...\n"); 7.1282 + newKey.keyUsage = TPM_KEY_BIND; 7.1283 + newKey.algorithmParms.encScheme = TPM_ES_RSAESOAEP_SHA1_MGF1; 7.1284 + newKey.algorithmParms.sigScheme = TPM_SS_NONE; 7.1285 + break; 7.1286 + default: 7.1287 + vtpmloginfo(VTPM_LOG_VTSP, "Cannot create key. Invalid Key Type.\n"); 7.1288 + status = TPM_BAD_PARAMETER; 7.1289 + goto abort_egress; 7.1290 + } 7.1291 + 7.1292 + 7.1293 + newKey.ver = TPM_STRUCT_VER_1_1; 7.1294 + 7.1295 + newKey.keyFlags = 0; 7.1296 + newKey.authDataUsage = TPM_AUTH_ALWAYS; 7.1297 + newKey.pubKey.keyLength= 0; 7.1298 + newKey.encDataSize = 0; 7.1299 + newKey.encData = NULL; 7.1300 + 7.1301 + // FIXME: Support PCR bindings 7.1302 + newKey.PCRInfoSize = 0; 7.1303 + newKey.PCRInfo = NULL; 7.1304 + 7.1305 + // Calculate encUsageAuth 7.1306 + XORbufferSize = BSG_PackList( XORbuffer, 2, 7.1307 + BSG_TPM_SECRET, osapSharedSecret, 7.1308 + BSG_TPM_NONCE, &auth->NonceEven); 7.1309 + Crypto_SHA1Full(XORbuffer, XORbufferSize, (BYTE *) &XORKey1); 7.1310 + 7.1311 + // FIXME: No support for migratable keys. 7.1312 + for (i=0; i < TPM_DIGEST_SIZE; i++) 7.1313 + ((BYTE *) &encUsageAuth)[i] = ((BYTE *) &XORKey1)[i] ^ ((BYTE *) newKeyAuth)[i]; 7.1314 + 7.1315 + // Flatten newKey prototype 7.1316 + flatKeySize = BSG_Pack(BSG_TPM_KEY, (BYTE *) &newKey, flatKey); 7.1317 + newKeyText.data = flatKey; 7.1318 + newKeyText.size = flatKeySize; 7.1319 + 7.1320 + // GenerateAuth new nonceOdd 7.1321 + Crypto_GetRandom(&auth->NonceOdd, sizeof(TPM_NONCE) ); 7.1322 + 7.1323 + // Generate HMAC 7.1324 + paramText = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH); 7.1325 + 7.1326 + paramTextSize = BSG_PackList(paramText, 3, 7.1327 + BSG_TPM_COMMAND_CODE, &command, 7.1328 + BSG_TPM_AUTHDATA, &encUsageAuth, 7.1329 + BSG_TPM_AUTHDATA, &encMigrationAuth); 7.1330 + memcpy(paramText + paramTextSize, newKeyText.data, newKeyText.size); 7.1331 + paramTextSize += newKeyText.size; 7.1332 + 7.1333 + 7.1334 + TPMTRYRETURN( GenerateAuth( paramText, paramTextSize, 7.1335 + osapSharedSecret, auth) ); 7.1336 + 7.1337 + // Call TCS 7.1338 + TPMTRYRETURN( TCSP_CreateWrapKey( hContext, 7.1339 + parentHandle, 7.1340 + encUsageAuth, 7.1341 + encMigrationAuth, 7.1342 + &newKeyText.size, 7.1343 + &newKeyText.data, 7.1344 + auth) ); 7.1345 + 7.1346 + // Verify Auth 7.1347 + paramTextSize = BSG_PackList(paramText, 2, 7.1348 + BSG_TPM_RESULT, &status, 7.1349 + BSG_TPM_COMMAND_CODE, &command); 7.1350 + memcpy(paramText + paramTextSize, newKeyText.data, newKeyText.size); 7.1351 + paramTextSize += newKeyText.size; 7.1352 + 7.1353 + TPMTRYRETURN( VerifyAuth( paramText, paramTextSize, 7.1354 + osapSharedSecret, auth, 0) ); 7.1355 + 7.1356 + // Unpack/return key structure 7.1357 + TPMTRYRETURN(buffer_init(pubKeyBuf, 0, 0) ); 7.1358 + TPMTRYRETURN(buffer_append_raw(pubKeyBuf, newKeyText.size, newKeyText.data) ); 7.1359 + 7.1360 + goto egress; 7.1361 + 7.1362 + abort_egress: 7.1363 + 7.1364 + egress: 7.1365 + 7.1366 + free(flatKey); 7.1367 + free(paramText); 7.1368 + TCS_FreeMemory(hContext, newKeyText.data); 7.1369 + 7.1370 + return status; 7.1371 +} 7.1372 + 7.1373 +TPM_RESULT VTSP_LoadKey(const TCS_CONTEXT_HANDLE hContext, 7.1374 + const TCS_KEY_HANDLE hUnwrappingKey, 7.1375 + const buffer_t *rgbWrappedKeyBlob, 7.1376 + const TPM_AUTHDATA *parentAuth, 7.1377 + TPM_HANDLE *newKeyHandle, 7.1378 + TCS_AUTH *auth, 7.1379 + CRYPTO_INFO *cryptoinfo /*= NULL*/) { 7.1380 + 7.1381 + 7.1382 + vtpmloginfo(VTPM_LOG_VTSP, "Loading Key.\n%s",""); 7.1383 + 7.1384 + TPM_RESULT status = TPM_SUCCESS; 7.1385 + TPM_COMMAND_CODE command = TPM_ORD_LoadKey; 7.1386 + 7.1387 + BYTE *paramText; // Digest to make Auth. 7.1388 + UINT32 paramTextSize; 7.1389 + 7.1390 + if ((rgbWrappedKeyBlob == NULL) || (parentAuth == NULL) || 7.1391 + (newKeyHandle==NULL) || (auth==NULL)) { 7.1392 + status = TPM_BAD_PARAMETER; 7.1393 + goto abort_egress; 7.1394 + } 7.1395 + 7.1396 + // Generate Extra TCS Parameters 7.1397 + TPM_HANDLE phKeyHMAC; 7.1398 + 7.1399 + // Generate HMAC 7.1400 + Crypto_GetRandom(&auth->NonceOdd, sizeof(TPM_NONCE) ); 7.1401 + 7.1402 + paramText = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH); 7.1403 + 7.1404 + paramTextSize = BSG_PackList(paramText, 1, 7.1405 + BSG_TPM_COMMAND_CODE, &command); 7.1406 + 7.1407 + memcpy(paramText + paramTextSize, rgbWrappedKeyBlob->bytes, buffer_len(rgbWrappedKeyBlob)); 7.1408 + paramTextSize += buffer_len(rgbWrappedKeyBlob); 7.1409 + 7.1410 + TPMTRYRETURN( GenerateAuth( paramText, paramTextSize, 7.1411 + parentAuth, auth) ); 7.1412 + 7.1413 + // Call TCS 7.1414 + TPMTRYRETURN( TCSP_LoadKeyByBlob( hContext, 7.1415 + hUnwrappingKey, 7.1416 + buffer_len(rgbWrappedKeyBlob), 7.1417 + rgbWrappedKeyBlob->bytes, 7.1418 + auth, 7.1419 + newKeyHandle, 7.1420 + &phKeyHMAC) ); 7.1421 + 7.1422 + // Verify Auth 7.1423 + paramTextSize = BSG_PackList(paramText, 3, 7.1424 + BSG_TPM_RESULT, &status, 7.1425 + BSG_TPM_COMMAND_CODE, &command, 7.1426 + BSG_TPM_HANDLE, newKeyHandle); 7.1427 + 7.1428 + TPMTRYRETURN( VerifyAuth( paramText, paramTextSize, 7.1429 + parentAuth, auth, 7.1430 + hContext) ); 7.1431 + 7.1432 + // Unpack/return key structure 7.1433 + if (cryptoinfo != NULL) { 7.1434 + TPM_KEY newKey; 7.1435 + 7.1436 + BSG_Unpack(BSG_TPM_KEY, rgbWrappedKeyBlob->bytes , &newKey); 7.1437 + TPM_RSA_KEY_PARMS rsaKeyParms; 7.1438 + 7.1439 + BSG_Unpack(BSG_TPM_RSA_KEY_PARMS, 7.1440 + newKey.algorithmParms.parms, 7.1441 + &rsaKeyParms); 7.1442 + 7.1443 + Crypto_RSABuildCryptoInfoPublic(rsaKeyParms.exponentSize, 7.1444 + rsaKeyParms.exponent, 7.1445 + newKey.pubKey.keyLength, 7.1446 + newKey.pubKey.key, 7.1447 + cryptoinfo); 7.1448 + 7.1449 + // Destroy rsaKeyParms 7.1450 + BSG_Destroy(BSG_TPM_RSA_KEY_PARMS, &rsaKeyParms); 7.1451 + 7.1452 + // Set encryption scheme 7.1453 + cryptoinfo->encScheme = CRYPTO_ES_RSAESOAEP_SHA1_MGF1; 7.1454 + } 7.1455 + 7.1456 + goto egress; 7.1457 + 7.1458 + abort_egress: 7.1459 + 7.1460 + egress: 7.1461 + 7.1462 + free(paramText); 7.1463 + return status; 7.1464 +} 7.1465 + 7.1466 +TPM_RESULT VTSP_Unbind( const TCS_CONTEXT_HANDLE hContext, 7.1467 + const TPM_KEY_HANDLE key_handle, 7.1468 + const buffer_t *bound_data, 7.1469 + const TPM_AUTHDATA *usage_auth, 7.1470 + buffer_t *clear_data, 7.1471 + TCS_AUTH *auth) { 7.1472 + 7.1473 + vtpmloginfo(VTPM_LOG_VTSP, "Unbinding %d bytes of data.\n", buffer_len(bound_data)); 7.1474 + 7.1475 + TPM_RESULT status = TPM_SUCCESS; 7.1476 + TPM_COMMAND_CODE command = TPM_ORD_UnBind; 7.1477 + 7.1478 + BYTE *paramText; // Digest to make Auth. 7.1479 + UINT32 paramTextSize; 7.1480 + 7.1481 + // Generate Extra TCS Parameters 7.1482 + struct pack_buf_t clear_data32; 7.1483 + BYTE *clear_data_text; 7.1484 + UINT32 clear_data_size; 7.1485 + 7.1486 + // Generate HMAC 7.1487 + Crypto_GetRandom(&auth->NonceOdd, sizeof(TPM_NONCE) ); 7.1488 + 7.1489 + struct pack_buf_t bound_data32 = {bound_data->size, bound_data->bytes}; 7.1490 + 7.1491 + paramText = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH); 7.1492 + 7.1493 + paramTextSize = BSG_PackList(paramText, 2, 7.1494 + BSG_TPM_COMMAND_CODE, &command, 7.1495 + BSG_TPM_SIZE32_DATA, &bound_data32); 7.1496 + 7.1497 + TPMTRYRETURN( GenerateAuth( paramText, paramTextSize, 7.1498 + usage_auth, auth) ); 7.1499 + 7.1500 + // Call TCS 7.1501 + TPMTRYRETURN( TCSP_UnBind( hContext, 7.1502 + key_handle, 7.1503 + buffer_len(bound_data), 7.1504 + bound_data->bytes, 7.1505 + auth, 7.1506 + &clear_data_size, 7.1507 + &clear_data_text) ); 7.1508 + 7.1509 + 7.1510 + // Verify Auth 7.1511 + clear_data32.size = clear_data_size; 7.1512 + clear_data32.data = clear_data_text; 7.1513 + paramTextSize = BSG_PackList(paramText, 3, 7.1514 + BSG_TPM_RESULT, &status, 7.1515 + BSG_TPM_COMMAND_CODE, &command, 7.1516 + BSG_TPM_SIZE32_DATA, &clear_data32); 7.1517 + 7.1518 + TPMTRYRETURN( VerifyAuth( paramText, paramTextSize, 7.1519 + usage_auth, auth, 7.1520 + hContext) ); 7.1521 + 7.1522 + // Unpack/return key structure 7.1523 + TPMTRYRETURN(buffer_init(clear_data, 0, 0)); 7.1524 + TPMTRYRETURN(buffer_append_raw (clear_data, clear_data_size, clear_data_text) ); 7.1525 + 7.1526 + goto egress; 7.1527 + 7.1528 + abort_egress: 7.1529 + 7.1530 + egress: 7.1531 + 7.1532 + free(paramText); 7.1533 + TCS_FreeMemory(hContext, clear_data_text); 7.1534 + 7.1535 + return status; 7.1536 +} 7.1537 + 7.1538 +TPM_RESULT VTSP_Bind( CRYPTO_INFO *cryptoInfo, 7.1539 + const buffer_t *inData, 7.1540 + buffer_t *outData) 7.1541 +{ 7.1542 + vtpmloginfo(VTPM_LOG_VTSP, "Binding %d bytes of data.\n", buffer_len(inData)); 7.1543 + TPM_BOUND_DATA boundData; 7.1544 + UINT32 i; 7.1545 + 7.1546 + // Fill boundData's accessory information 7.1547 + boundData.ver = TPM_STRUCT_VER_1_1; 7.1548 + boundData.payload = TPM_PT_BIND; 7.1549 + boundData.payloadData = inData->bytes; 7.1550 + 7.1551 + // Pack boundData before encryption 7.1552 + BYTE* flatBoundData = (BYTE *)malloc(sizeof(BYTE) * 7.1553 + (sizeof(TPM_VERSION) + 7.1554 + sizeof(TPM_PAYLOAD_TYPE) + 7.1555 + buffer_len(inData))); 7.1556 + if (flatBoundData == NULL) { 7.1557 + return TPM_NOSPACE; 7.1558 + } 7.1559 + UINT32 flatBoundDataSize = 0; 7.1560 + flatBoundDataSize = BSG_PackList( flatBoundData, 2, 7.1561 + BSG_TPM_VERSION, &boundData.ver, 7.1562 + BSG_TYPE_BYTE, &boundData.payload); 7.1563 + 7.1564 + memcpy(flatBoundData+flatBoundDataSize, inData->bytes, buffer_len(inData)); 7.1565 + flatBoundDataSize += buffer_len(inData); 7.1566 + 7.1567 + BYTE out_tmp[RSA_KEY_SIZE/8]; // RSAEnc does not do blocking, So this is what will come out. 7.1568 + UINT32 out_tmp_size; 7.1569 + 7.1570 + // Encrypt flatBoundData 7.1571 + Crypto_RSAEnc( cryptoInfo, 7.1572 + flatBoundDataSize, 7.1573 + flatBoundData, 7.1574 + &out_tmp_size, 7.1575 + out_tmp); 7.1576 + 7.1577 + if (out_tmp_size > RSA_KEY_SIZE/8) { 7.1578 + // The result of RSAEnc should be a fixed size based on key size. 7.1579 + vtpmlogerror(VTPM_LOG_VTSP, "Enc buffer just overflowed.\n"); 7.1580 + } 7.1581 + 7.1582 + buffer_init(outData, 0, NULL); 7.1583 + buffer_append_raw(outData, out_tmp_size, out_tmp); 7.1584 + 7.1585 + vtpmloginfo(VTPM_LOG_TXDATA, "Bind Generated[%d] = 0x", out_tmp_size); 7.1586 + for(i = 0 ; i < out_tmp_size ; i++) { 7.1587 + vtpmloginfomore(VTPM_LOG_TXDATA, "%2.2x ", out_tmp[i]); 7.1588 + } 7.1589 + vtpmloginfomore(VTPM_LOG_TXDATA, "\n"); 7.1590 + 7.1591 + // Free flatBoundData 7.1592 + free(flatBoundData); 7.1593 + 7.1594 + return TPM_SUCCESS; 7.1595 +} 7.1596 + 7.1597 +// Function Reaches into unsupported TCS command, beware. 7.1598 +TPM_RESULT VTSP_RawTransmit(const TCS_CONTEXT_HANDLE hContext, 7.1599 + const buffer_t *inbuf, 7.1600 + buffer_t *outbuf ) { 7.1601 + 7.1602 + vtpmloginfo(VTPM_LOG_VTSP, "Passthrough in use.\n"); 7.1603 + TPM_RESULT status = TPM_SUCCESS; 7.1604 + 7.1605 + // Generate Extra TCS Parameters 7.1606 + BYTE *resultText = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH); 7.1607 + UINT32 resultTextSize = TCPA_MAX_BUFFER_LENGTH; 7.1608 + 7.1609 + // Call TCS 7.1610 + TPMTRYRETURN( TCSP_RawTransmitData(buffer_len(inbuf), inbuf->bytes, 7.1611 + &resultTextSize, resultText) ); 7.1612 + 7.1613 + // Unpack/return key structure 7.1614 + TPMTRYRETURN(buffer_init (outbuf, resultTextSize, resultText) ); 7.1615 + goto egress; 7.1616 + 7.1617 + abort_egress: 7.1618 + 7.1619 + egress: 7.1620 + TCS_FreeMemory(hContext, resultText); 7.1621 + free(resultText); 7.1622 + return status; 7.1623 +}
8.1 --- a/tools/vtpm_manager/manager/vtsp.h Wed Nov 30 11:36:57 2005 +0100 8.2 +++ b/tools/vtpm_manager/manager/vtsp.h Wed Nov 30 12:07:28 2005 +0100 8.3 @@ -1,102 +1,102 @@ 8.4 -// =================================================================== 8.5 -// 8.6 -// Copyright (c) 2005, Intel Corp. 8.7 -// All rights reserved. 8.8 -// 8.9 -// Redistribution and use in source and binary forms, with or without 8.10 -// modification, are permitted provided that the following conditions 8.11 -// are met: 8.12 -// 8.13 -// * Redistributions of source code must retain the above copyright 8.14 -// notice, this list of conditions and the following disclaimer. 8.15 -// * Redistributions in binary form must reproduce the above 8.16 -// copyright notice, this list of conditions and the following 8.17 -// disclaimer in the documentation and/or other materials provided 8.18 -// with the distribution. 8.19 -// * Neither the name of Intel Corporation nor the names of its 8.20 -// contributors may be used to endorse or promote products derived 8.21 -// from this software without specific prior written permission. 8.22 -// 8.23 -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 8.24 -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 8.25 -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 8.26 -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 8.27 -// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 8.28 -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 8.29 -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 8.30 -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 8.31 -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 8.32 -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 8.33 -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 8.34 -// OF THE POSSIBILITY OF SUCH DAMAGE. 8.35 -// =================================================================== 8.36 -// 8.37 -// vtsp.h 8.38 -// 8.39 -// Higher level interface to TCS. 8.40 -// 8.41 -// ================================================================== 8.42 - 8.43 -#ifndef __VTSP_H__ 8.44 -#define __VTSP_H__ 8.45 - 8.46 -#include "tcg.h" 8.47 -#include "tcs.h" 8.48 - 8.49 -#define KEY_BUFFER_SIZE 2048 8.50 - 8.51 -TPM_RESULT VTSP_RawTransmit(const TCS_CONTEXT_HANDLE hContext, 8.52 - const buffer_t *inbuf, 8.53 - buffer_t *outbuf ); 8.54 - 8.55 -TPM_RESULT VTSP_OIAP( const TCS_CONTEXT_HANDLE hContext, 8.56 - TCS_AUTH *auth); 8.57 - 8.58 -TPM_RESULT VTSP_OSAP( const TCS_CONTEXT_HANDLE hContext, 8.59 - const TPM_ENTITY_TYPE entityType, 8.60 - const UINT32 entityValue, 8.61 - const TPM_AUTHDATA *usageAuth, 8.62 - TPM_SECRET *sharedsecret, 8.63 - TCS_AUTH *auth); 8.64 - 8.65 -TPM_RESULT VTSP_ReadPubek( const TCS_CONTEXT_HANDLE hContext, 8.66 - CRYPTO_INFO *cypto_info); 8.67 - 8.68 -TPM_RESULT VTSP_TakeOwnership( const TCS_CONTEXT_HANDLE hContext, 8.69 - const TPM_AUTHDATA *ownerAuth, 8.70 - const TPM_AUTHDATA *srkAuth, 8.71 - CRYPTO_INFO *ek_cryptoInfo, 8.72 - TCS_AUTH *auth); 8.73 - 8.74 -TPM_RESULT VTSP_DisablePubekRead( const TCS_CONTEXT_HANDLE hContext, 8.75 - const TPM_AUTHDATA *ownerAuth, 8.76 - TCS_AUTH *auth); 8.77 - 8.78 -TPM_RESULT VTSP_CreateWrapKey( const TCS_CONTEXT_HANDLE hContext, 8.79 - const TPM_KEY_USAGE usage, 8.80 - const TPM_AUTHDATA *newKeyAuth, 8.81 - const TCS_KEY_HANDLE parentHandle, 8.82 - const TPM_AUTHDATA *osapSharedSecret, 8.83 - buffer_t *pubKeyBuf, 8.84 - TCS_AUTH *auth); 8.85 - 8.86 -TPM_RESULT VTSP_LoadKey(const TCS_CONTEXT_HANDLE hContext, 8.87 - const TCS_KEY_HANDLE hUnwrappingKey, 8.88 - const buffer_t *rgbWrappedKeyBlob, 8.89 - const TPM_AUTHDATA *parentAuth, 8.90 - TPM_HANDLE *newKeyHandle, 8.91 - TCS_AUTH *pAuth, 8.92 - CRYPTO_INFO *cryptoinfo); 8.93 - 8.94 -TPM_RESULT VTSP_Unbind( const TCS_CONTEXT_HANDLE hContext, 8.95 - const TPM_KEY_HANDLE key_handle, 8.96 - const buffer_t *bound_data, 8.97 - const TPM_AUTHDATA *usage_auth, 8.98 - buffer_t *clear_data, 8.99 - TCS_AUTH *auth); 8.100 - 8.101 -TPM_RESULT VTSP_Bind( CRYPTO_INFO *cryptoInfo, 8.102 - const buffer_t *inData, 8.103 - buffer_t *outData); 8.104 - 8.105 -#endif //_VTSP_H_ 8.106 +// =================================================================== 8.107 +// 8.108 +// Copyright (c) 2005, Intel Corp. 8.109 +// All rights reserved. 8.110 +// 8.111 +// Redistribution and use in source and binary forms, with or without 8.112 +// modification, are permitted provided that the following conditions 8.113 +// are met: 8.114 +// 8.115 +// * Redistributions of source code must retain the above copyright 8.116 +// notice, this list of conditions and the following disclaimer. 8.117 +// * Redistributions in binary form must reproduce the above 8.118 +// copyright notice, this list of conditions and the following 8.119 +// disclaimer in the documentation and/or other materials provided 8.120 +// with the distribution. 8.121 +// * Neither the name of Intel Corporation nor the names of its 8.122 +// contributors may be used to endorse or promote products derived 8.123 +// from this software without specific prior written permission. 8.124 +// 8.125 +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 8.126 +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 8.127 +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 8.128 +// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 8.129 +// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 8.130 +// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 8.131 +// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 8.132 +// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 8.133 +// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 8.134 +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 8.135 +// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 8.136 +// OF THE POSSIBILITY OF SUCH DAMAGE. 8.137 +// =================================================================== 8.138 +// 8.139 +// vtsp.h 8.140 +// 8.141 +// Higher level interface to TCS. 8.142 +// 8.143 +// ================================================================== 8.144 + 8.145 +#ifndef __VTSP_H__ 8.146 +#define __VTSP_H__ 8.147 + 8.148 +#include "tcg.h" 8.149 +#include "tcs.h" 8.150 + 8.151 +#define KEY_BUFFER_SIZE 2048 8.152 + 8.153 +TPM_RESULT VTSP_RawTransmit(const TCS_CONTEXT_HANDLE hContext, 8.154 + const buffer_t *inbuf, 8.155 + buffer_t *outbuf ); 8.156 + 8.157 +TPM_RESULT VTSP_OIAP( const TCS_CONTEXT_HANDLE hContext, 8.158 + TCS_AUTH *auth); 8.159 + 8.160 +TPM_RESULT VTSP_OSAP( const TCS_CONTEXT_HANDLE hContext, 8.161 + const TPM_ENTITY_TYPE entityType, 8.162 + const UINT32 entityValue, 8.163 + const TPM_AUTHDATA *usageAuth, 8.164 + TPM_SECRET *sharedsecret, 8.165 + TCS_AUTH *auth); 8.166 + 8.167 +TPM_RESULT VTSP_ReadPubek( const TCS_CONTEXT_HANDLE hContext, 8.168 + CRYPTO_INFO *cypto_info); 8.169 + 8.170 +TPM_RESULT VTSP_TakeOwnership( const TCS_CONTEXT_HANDLE hContext, 8.171 + const TPM_AUTHDATA *ownerAuth, 8.172 + const TPM_AUTHDATA *srkAuth, 8.173 + CRYPTO_INFO *ek_cryptoInfo, 8.174 + TCS_AUTH *auth); 8.175 + 8.176 +TPM_RESULT VTSP_DisablePubekRead( const TCS_CONTEXT_HANDLE hContext, 8.177 + const TPM_AUTHDATA *ownerAuth, 8.178 + TCS_AUTH *auth); 8.179 + 8.180 +TPM_RESULT VTSP_CreateWrapKey( const TCS_CONTEXT_HANDLE hContext, 8.181 + const TPM_KEY_USAGE usage, 8.182 + const TPM_AUTHDATA *newKeyAuth, 8.183 + const TCS_KEY_HANDLE parentHandle, 8.184 + const TPM_AUTHDATA *osapSharedSecret, 8.185 + buffer_t *pubKeyBuf, 8.186 + TCS_AUTH *auth); 8.187 + 8.188 +TPM_RESULT VTSP_LoadKey(const TCS_CONTEXT_HANDLE hContext, 8.189 + const TCS_KEY_HANDLE hUnwrappingKey, 8.190 + const buffer_t *rgbWrappedKeyBlob, 8.191 + const TPM_AUTHDATA *parentAuth, 8.192 + TPM_HANDLE *newKeyHandle, 8.193 + TCS_AUTH *pAuth, 8.194 + CRYPTO_INFO *cryptoinfo); 8.195 + 8.196 +TPM_RESULT VTSP_Unbind( const TCS_CONTEXT_HANDLE hContext, 8.197 + const TPM_KEY_HANDLE key_handle, 8.198 + const buffer_t *bound_data, 8.199 + const TPM_AUTHDATA *usage_auth, 8.200 + buffer_t *clear_data, 8.201 + TCS_AUTH *auth); 8.202 + 8.203 +TPM_RESULT VTSP_Bind( CRYPTO_INFO *cryptoInfo, 8.204 + const buffer_t *inData, 8.205 + buffer_t *outData); 8.206 + 8.207 +#endif //_VTSP_H_
9.1 --- a/tools/vtpm_manager/util/Makefile Wed Nov 30 11:36:57 2005 +0100 9.2 +++ b/tools/vtpm_manager/util/Makefile Wed Nov 30 12:07:28 2005 +0100 9.3 @@ -1,19 +1,19 @@ 9.4 -XEN_ROOT = ../../.. 9.5 -include $(XEN_ROOT)/tools/vtpm_manager/Rules.mk 9.6 - 9.7 -BIN = libTCGUtils.a 9.8 - 9.9 -all: build 9.10 - 9.11 -build: $(BIN) 9.12 - 9.13 -install: build 9.14 - 9.15 -clean: 9.16 - rm -f *.a *.so *.o *.rpm $(DEP_FILES) 9.17 - 9.18 -mrproper: clean 9.19 - rm -f *~ 9.20 - 9.21 -$(BIN): $(OBJS) 9.22 - $(AR) rcs $(BIN) $(OBJS) 9.23 +XEN_ROOT = ../../.. 9.24 +include $(XEN_ROOT)/tools/vtpm_manager/Rules.mk 9.25 + 9.26 +BIN = libTCGUtils.a 9.27 + 9.28 +all: build 9.29 + 9.30 +build: $(BIN) 9.31 + 9.32 +install: build 9.33 + 9.34 +clean: 9.35 + rm -f *.a *.so *.o *.rpm $(DEP_FILES) 9.36 + 9.37 +mrproper: clean 9.38 + rm -f *~ 9.39 + 9.40 +$(BIN): $(OBJS) 9.41 + $(AR) rcs $(BIN) $(OBJS)
10.1 --- a/tools/vtpm_manager/util/depend Wed Nov 30 11:36:57 2005 +0100 10.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 10.3 @@ -1,7 +0,0 @@ 10.4 -hashtable.o: hashtable.c hashtable.h hashtable_private.h 10.5 -hashtable_itr.o: hashtable_itr.c hashtable.h hashtable_private.h \ 10.6 - hashtable_itr.h 10.7 -bsg.o: bsg.c tcg.h ../crypto/crypto.h ../crypto/sym_crypto.h buffer.h \ 10.8 - bsg.h log.h 10.9 -log.o: log.c buffer.h tcg.h 10.10 -buffer.o: buffer.c tcg.h bsg.h buffer.h