ia64/xen-unstable

changeset 10715:5014fd2b5c5a

[VTPM_Tools] Support for (non-local) Migration added. Local migration
works provided that the hotplug scripts deliver the "suspend" before
the "resume," but this is not always true.
Signed-off-by: Vinnie Scarlata <vincent.r.scarlata@intel.com>
author kfraser@localhost.localdomain
date Mon Jul 10 15:38:49 2006 +0100 (2006-07-10)
parents a4041ac6f152
children 3c74df4f33f0
files tools/examples/vtpm-impl tools/vtpm_manager/Makefile tools/vtpm_manager/Rules.mk tools/vtpm_manager/crypto/sym_crypto.c tools/vtpm_manager/manager/dmictl.c tools/vtpm_manager/manager/migration.c tools/vtpm_manager/manager/securestorage.c tools/vtpm_manager/manager/vtpm_ipc.c tools/vtpm_manager/manager/vtpm_manager.c tools/vtpm_manager/manager/vtpm_manager.h tools/vtpm_manager/manager/vtpm_manager_handler.c tools/vtpm_manager/manager/vtpmd.c tools/vtpm_manager/manager/vtpmpriv.h tools/vtpm_manager/manager/vtsp.c tools/vtpm_manager/manager/vtsp.h tools/vtpm_manager/migration/Makefile tools/vtpm_manager/migration/vtpm_manager_if.c tools/vtpm_manager/migration/vtpm_migrator.h tools/vtpm_manager/migration/vtpm_migrator_if.c tools/vtpm_manager/migration/vtpm_migratorc.c tools/vtpm_manager/migration/vtpm_migratord.c tools/vtpm_manager/migration/vtpm_migratord_handler.c tools/vtpm_manager/util/buffer.c tools/vtpm_manager/util/buffer.h tools/vtpm_manager/util/log.h tools/vtpm_manager/util/tcg.h
line diff
     1.1 --- a/tools/examples/vtpm-impl	Mon Jul 10 15:36:04 2006 +0100
     1.2 +++ b/tools/examples/vtpm-impl	Mon Jul 10 15:38:49 2006 +0100
     1.3 @@ -45,6 +45,8 @@ TPM_SUCCESS=00000000
     1.4  TX_VTPM_MANAGER=/var/vtpm/fifos/from_console.fifo
     1.5  RX_VTPM_MANAGER=/var/vtpm/fifos/to_console.fifo
     1.6  
     1.7 +VTPM_MIG=/usr/bin/vtpm_migrator
     1.8 +
     1.9  # -------------------- Helpers for binary streams -----------
    1.10  
    1.11  function str_to_hex32() {
    1.12 @@ -67,11 +69,17 @@ function vtpm_manager_cmd() {
    1.13   local inst=$2;
    1.14   local inst_bin=$(hex32_to_bin $inst);
    1.15  
    1.16 + claim_lock vtpm_mgr
    1.17 +
    1.18   #send cmd to vtpm_manager
    1.19   printf "$cmd$inst_bin" > $TX_VTPM_MANAGER
    1.20  
    1.21   #recv response
    1.22 + set +e
    1.23   local resp_hex=`dd skip=10 bs=1 count=4 if=$RX_VTPM_MANAGER 2> /dev/null | xxd -ps`
    1.24 + set -e
    1.25 +
    1.26 + release_lock vtpm_mgr
    1.27  
    1.28   #return whether the command was successful
    1.29   if [ $resp_hex != $TPM_SUCCESS ]; then
    1.30 @@ -126,11 +134,55 @@ function vtpm_delete() {
    1.31   fi
    1.32  }
    1.33  
    1.34 +# Perform a migration step. This function differentiates between migration
    1.35 +# to the local host or to a remote machine.
    1.36 +# Parameters:
    1.37 +# 1st: destination host to migrate to
    1.38 +# 2nd: name of the domain to migrate
    1.39 +# 3rd: the migration step to perform
    1.40  function vtpm_migrate() {
    1.41 - echo "Error: vTPM migration accross machines not implemented."
    1.42 + local instance res
    1.43 +
    1.44 + instance=$(vtpmdb_find_instance $2)
    1.45 + if [ "$instance" == "" ]; then
    1.46 +  log err "VTPM Migratoin failed. Unable to translation of domain name"
    1.47 +  echo "Error: VTPM Migration failed while looking up instance number"
    1.48 + fi
    1.49 +
    1.50 + case "$3" in
    1.51 +  0)
    1.52 +   #Incicate migration supported
    1.53 +   echo "0" 
    1.54 +  ;;
    1.55 +
    1.56 +  1)
    1.57 +   # Get Public Key from Destination
    1.58 +   # Call vtpm_manager's migration part 1
    1.59 +   claim_lock vtpm_mgr
    1.60 +   $VTPM_MIG $1 $2 $instance $3
    1.61 +   release_lock vtpm_mgr
    1.62 +  ;;
    1.63 +
    1.64 +  2)
    1.65 +   # Call manager's migration step 2 and send result to destination
    1.66 +   # If successful remove from db
    1.67 +   claim_lock vtpm_mgr
    1.68 +   $VTPM_MIG $1 $2 $instance $3
    1.69 +   release_lock vtpm_mgr
    1.70 +  ;;
    1.71 +
    1.72 +  3)
    1.73 +   if `ps x | grep "$VTPM_MIG $1"`; then
    1.74 +    log err "VTPM Migration failed to complete."
    1.75 +    echo "Error: VTPM Migration failed to complete."
    1.76 +   fi
    1.77 +  ;;
    1.78 + esac
    1.79 + 
    1.80  }
    1.81  
    1.82 +
    1.83  function vtpm_migrate_recover() {
    1.84 - true
    1.85 + echo "Error: Recovery not supported yet" 
    1.86  }
    1.87  
     2.1 --- a/tools/vtpm_manager/Makefile	Mon Jul 10 15:36:04 2006 +0100
     2.2 +++ b/tools/vtpm_manager/Makefile	Mon Jul 10 15:38:49 2006 +0100
     2.3 @@ -3,7 +3,7 @@ XEN_ROOT = ../..
     2.4  # Base definitions and rules
     2.5  include $(XEN_ROOT)/tools/vtpm_manager/Rules.mk
     2.6  
     2.7 -SUBDIRS		= crypto tcs util manager
     2.8 +SUBDIRS		= crypto tcs util manager migration
     2.9  OPENSSL_HEADER	= /usr/include/openssl/crypto.h
    2.10  
    2.11  .PHONY: all
    2.12 @@ -11,10 +11,13 @@ all: build
    2.13  
    2.14  .PHONY: build
    2.15  build:
    2.16 -	@if [ -e $(OPENSSL_HEADER) ]; then \
    2.17 -		@set -e; for subdir in $(SUBDIRS); do \
    2.18 -			$(MAKE) -C $$subdir $@; \
    2.19 -		done; \
    2.20 +	@set -e; if [ -e $(OPENSSL_HEADER) ]; then            \
    2.21 +		if [ ! -e "migration/vtpm_ipc.c" ]; then        \
    2.22 +        		ln -s ../manager/vtpm_ipc.c migration;  \
    2.23 +		fi;                                    \
    2.24 +		for subdir in $(SUBDIRS); do          \
    2.25 +			$(MAKE) -C $$subdir $@;       \
    2.26 +		done;                                 \
    2.27  	else \
    2.28  		echo "*** Cannot build vtpm_manager: OpenSSL developement files missing."; \
    2.29  	fi
    2.30 @@ -34,6 +37,7 @@ clean:
    2.31  
    2.32  .PHONY: mrproper
    2.33  mrproper:
    2.34 +	rm -f migration/vtpm_ipc.c
    2.35  	@set -e; for subdir in $(SUBDIRS); do \
    2.36  		$(MAKE) -C $$subdir $@; \
    2.37  	done
     3.1 --- a/tools/vtpm_manager/Rules.mk	Mon Jul 10 15:36:04 2006 +0100
     3.2 +++ b/tools/vtpm_manager/Rules.mk	Mon Jul 10 15:38:49 2006 +0100
     3.3 @@ -69,3 +69,4 @@ CFLAGS += -DLOGGING_MODULES="(BITMASK(VT
     3.4  CFLAGS += -I$(XEN_ROOT)/tools/vtpm_manager/crypto
     3.5  CFLAGS += -I$(XEN_ROOT)/tools/vtpm_manager/util
     3.6  CFLAGS += -I$(XEN_ROOT)/tools/vtpm_manager/tcs
     3.7 +CFLAGS += -I$(XEN_ROOT)/tools/vtpm_manager/manager
     4.1 --- a/tools/vtpm_manager/crypto/sym_crypto.c	Mon Jul 10 15:36:04 2006 +0100
     4.2 +++ b/tools/vtpm_manager/crypto/sym_crypto.c	Mon Jul 10 15:38:49 2006 +0100
     4.3 @@ -68,8 +68,7 @@ TPM_RESULT Crypto_symcrypto_initkey (sym
     4.4    
     4.5    key->cipher = SYM_CIPHER;
     4.6    
     4.7 -  status = buffer_init_copy (&key->key, keybits);
     4.8 -  STATUSCHECK(status);
     4.9 +  TPMTRYRETURN( buffer_init_copy (&key->key, keybits));
    4.10      
    4.11    goto egress;
    4.12    
    4.13 @@ -92,8 +91,7 @@ TPM_RESULT Crypto_symcrypto_genkey (symk
    4.14    
    4.15    key->cipher = SYM_CIPHER;
    4.16    
    4.17 -  status = buffer_init (&key->key, EVP_CIPHER_key_length(key->cipher), NULL);
    4.18 -  STATUSCHECK (status);
    4.19 +  TPMTRYRETURN( buffer_init (&key->key, EVP_CIPHER_key_length(key->cipher), NULL)) ;
    4.20    
    4.21    // and generate the key material
    4.22    res = RAND_pseudo_bytes (key->key.bytes, key->key.size);
    4.23 @@ -133,8 +131,7 @@ TPM_RESULT Crypto_symcrypto_encrypt (sym
    4.24    // make an alias into which we'll put the ciphertext
    4.25    buffer_init_alias (&cipher_alias, o_cipher, EVP_CIPHER_iv_length(key->cipher), 0);
    4.26    
    4.27 -  status = ossl_symcrypto_op (key, clear, &iv, &cipher_alias, CRYPT_ENCRYPT);
    4.28 -  STATUSCHECK (status);
    4.29 +  TPMTRYRETURN( ossl_symcrypto_op (key, clear, &iv, &cipher_alias, CRYPT_ENCRYPT) );
    4.30  
    4.31    // set the output size correctly
    4.32    o_cipher->size += cipher_alias.size;
    4.33 @@ -165,16 +162,14 @@ TPM_RESULT Crypto_symcrypto_decrypt (sym
    4.34    buffer_init_alias (&cipher_alias, cipher, EVP_CIPHER_iv_length(key->cipher), 0);
    4.35    
    4.36    // prepare the output buffer
    4.37 -  status = buffer_init (o_clear,
    4.38 +  TPMTRYRETURN( buffer_init (o_clear,
    4.39  			cipher->size
    4.40  			- EVP_CIPHER_iv_length(key->cipher)
    4.41  			+ EVP_CIPHER_block_size(key->cipher), 
    4.42 -			0);
    4.43 -  STATUSCHECK(status);
    4.44 +			0) );
    4.45    
    4.46    // and decrypt
    4.47 -  status = ossl_symcrypto_op (key, &cipher_alias, &iv, o_clear, CRYPT_DECRYPT);
    4.48 -  STATUSCHECK (status);
    4.49 +  TPMTRYRETURN ( ossl_symcrypto_op (key, &cipher_alias, &iv, o_clear, CRYPT_DECRYPT) );
    4.50    
    4.51    goto egress;
    4.52    
     5.1 --- a/tools/vtpm_manager/manager/dmictl.c	Mon Jul 10 15:36:04 2006 +0100
     5.2 +++ b/tools/vtpm_manager/manager/dmictl.c	Mon Jul 10 15:38:49 2006 +0100
     5.3 @@ -41,14 +41,6 @@
     5.4  #include <unistd.h>
     5.5  #include <string.h>
     5.6  
     5.7 -#ifndef VTPM_MUTLI_VM
     5.8 - #include <sys/types.h>
     5.9 - #include <sys/stat.h>
    5.10 - #include <fcntl.h>
    5.11 - #include <signal.h>
    5.12 - #include <wait.h>
    5.13 -#endif
    5.14 -
    5.15  #include "vtpmpriv.h"
    5.16  #include "bsg.h"
    5.17  #include "buffer.h"
    5.18 @@ -59,12 +51,61 @@
    5.19  
    5.20  #define TPM_EMULATOR_PATH "/usr/bin/vtpmd"
    5.21  
    5.22 +// if dmi_res is non-null, then return a pointer to new object.
    5.23 +// Also, this does not fill in the measurements. They should be filled by
    5.24 +// design dependent code or saveNVM
    5.25 +TPM_RESULT init_dmi(UINT32 dmi_id, BYTE type,  VTPM_DMI_RESOURCE **dmi_res) {
    5.26 +
    5.27 +  TPM_RESULT status=TPM_SUCCESS;
    5.28 +  VTPM_DMI_RESOURCE *new_dmi=NULL;
    5.29 +  UINT32 *dmi_id_key=NULL;
    5.30 +
    5.31 +  if ((new_dmi = (VTPM_DMI_RESOURCE *) malloc (sizeof(VTPM_DMI_RESOURCE))) == NULL) {
    5.32 +      status = TPM_RESOURCES;
    5.33 +      goto abort_egress;
    5.34 +  }
    5.35 +  memset(new_dmi, 0, sizeof(VTPM_DMI_RESOURCE));
    5.36 +  new_dmi->dmi_id = dmi_id;
    5.37 +  new_dmi->connected = FALSE;
    5.38 +  new_dmi->TCSContext = 0;
    5.39 +
    5.40 +  new_dmi->NVMLocation = (char *) malloc(11 + strlen(DMI_NVM_FILE));
    5.41 +  sprintf(new_dmi->NVMLocation, DMI_NVM_FILE, (uint32_t) new_dmi->dmi_id);
    5.42 +
    5.43 +  if ((dmi_id_key = (UINT32 *) malloc (sizeof(UINT32))) == NULL) {
    5.44 +    status = TPM_RESOURCES;
    5.45 +    goto abort_egress;
    5.46 +  }
    5.47 +  *dmi_id_key = new_dmi->dmi_id;
    5.48 +
    5.49 +  // install into map
    5.50 +  if (!hashtable_insert(vtpm_globals->dmi_map, dmi_id_key, new_dmi)){
    5.51 +    vtpmlogerror(VTPM_LOG_VTPM, "Failed to insert instance into table. Aborting.\n", dmi_id);
    5.52 +    status = TPM_FAIL;
    5.53 +    goto abort_egress;
    5.54 +  }
    5.55 +
    5.56 +  if (dmi_res)
    5.57 +    *dmi_res = new_dmi;
    5.58 +
    5.59 +  goto egress;
    5.60 +
    5.61 + abort_egress:
    5.62 +  if (new_dmi) {
    5.63 +    free(new_dmi->NVMLocation);
    5.64 +    free(new_dmi);
    5.65 +  }
    5.66 +  free(dmi_id_key);
    5.67 +
    5.68 + egress:
    5.69 +  return status;
    5.70 +}
    5.71 +
    5.72  TPM_RESULT close_dmi(VTPM_DMI_RESOURCE *dmi_res) {
    5.73    if (dmi_res == NULL) 
    5.74      return TPM_SUCCESS;
    5.75  
    5.76    TCS_CloseContext(dmi_res->TCSContext);
    5.77 -  free ( dmi_res->NVMLocation );
    5.78    dmi_res->connected = FALSE;
    5.79  
    5.80    vtpm_globals->connected_dmis--;
    5.81 @@ -77,7 +118,7 @@ TPM_RESULT VTPM_Handle_New_DMI(const buf
    5.82    VTPM_DMI_RESOURCE *new_dmi=NULL;
    5.83    TPM_RESULT status=TPM_FAIL;
    5.84    BYTE type, startup_mode;
    5.85 -  UINT32 dmi_id, *dmi_id_key=NULL; 
    5.86 +  UINT32 dmi_id; 
    5.87  
    5.88    if (param_buf == NULL) { // Assume creation of Dom 0 control
    5.89      type = VTPM_TYPE_NON_MIGRATABLE;
    5.90 @@ -98,37 +139,17 @@ TPM_RESULT VTPM_Handle_New_DMI(const buf
    5.91    if (new_dmi == NULL) { 
    5.92      vtpmloginfo(VTPM_LOG_VTPM, "Creating new DMI instance %d attached.\n", dmi_id );
    5.93      // Brand New DMI. Initialize the persistent pieces
    5.94 -    if ((new_dmi = (VTPM_DMI_RESOURCE *) malloc (sizeof(VTPM_DMI_RESOURCE))) == NULL) {
    5.95 -      status = TPM_RESOURCES;
    5.96 -      goto abort_egress;
    5.97 -    }
    5.98 -    memset(new_dmi, 0, sizeof(VTPM_DMI_RESOURCE));
    5.99 -    new_dmi->dmi_id = dmi_id;
   5.100 -    new_dmi->connected = FALSE;
   5.101 -
   5.102 -    if (type != VTPM_TYPE_MIGRATED) {
   5.103 -      new_dmi->dmi_type = type;
   5.104 -    } else {
   5.105 -      vtpmlogerror(VTPM_LOG_VTPM, "Creation of VTPM with illegal type.\n");
   5.106 -      status = TPM_BAD_PARAMETER;
   5.107 -      goto free_egress;
   5.108 -    }
   5.109 -    
   5.110 -    if ((dmi_id_key = (UINT32 *) malloc (sizeof(UINT32))) == NULL) {
   5.111 -      status = TPM_RESOURCES;
   5.112 -      goto free_egress;
   5.113 -    }      
   5.114 -    *dmi_id_key = new_dmi->dmi_id;
   5.115 -    
   5.116 -    // install into map
   5.117 -    if (!hashtable_insert(vtpm_globals->dmi_map, dmi_id_key, new_dmi)){
   5.118 -      vtpmlogerror(VTPM_LOG_VTPM, "Failed to insert instance into table. Aborting.\n", dmi_id);
   5.119 -      status = TPM_FAIL;
   5.120 -      goto free_egress;
   5.121 -    }
   5.122 -   
   5.123 +    TPMTRYRETURN(init_dmi(dmi_id, type, &new_dmi) );  
   5.124    } else 
   5.125      vtpmloginfo(VTPM_LOG_VTPM, "Re-attaching DMI instance %d.\n", dmi_id);
   5.126 +
   5.127 +  if (type != VTPM_TYPE_MIGRATED) {
   5.128 +    new_dmi->dmi_type = type;
   5.129 +  } else {
   5.130 +    vtpmlogerror(VTPM_LOG_VTPM, "Creation of VTPM with illegal type.\n");
   5.131 +    status = TPM_BAD_PARAMETER;
   5.132 +    goto abort_egress;
   5.133 +  }
   5.134    
   5.135    if (new_dmi->connected) {
   5.136      vtpmlogerror(VTPM_LOG_VTPM, "Attempt to re-attach, currently attached instance %d. Ignoring\n", dmi_id);
   5.137 @@ -143,14 +164,8 @@ TPM_RESULT VTPM_Handle_New_DMI(const buf
   5.138    }
   5.139  
   5.140    // Initialize the Non-persistent pieces
   5.141 -  new_dmi->NVMLocation = NULL;
   5.142 -  
   5.143 -  new_dmi->TCSContext = 0;
   5.144    TPMTRYRETURN( TCS_OpenContext(&new_dmi->TCSContext) );
   5.145    
   5.146 -  new_dmi->NVMLocation = (char *) malloc(11 + strlen(DMI_NVM_FILE));
   5.147 -  sprintf(new_dmi->NVMLocation, DMI_NVM_FILE, (uint32_t) new_dmi->dmi_id);
   5.148 -  
   5.149    new_dmi->connected = TRUE;  
   5.150  
   5.151    // Design specific new DMI code. 
   5.152 @@ -158,10 +173,6 @@ TPM_RESULT VTPM_Handle_New_DMI(const buf
   5.153    status = VTPM_New_DMI_Extra(new_dmi, startup_mode);
   5.154    goto egress;
   5.155    
   5.156 - free_egress:   // Error that requires freeing of newly allocated dmi 
   5.157 -  free(new_dmi);
   5.158 -  free(dmi_id_key);
   5.159 -
   5.160   abort_egress:
   5.161    vtpmlogerror(VTPM_LOG_VTPM, "Failed to create DMI id=%d due to status=%s. Cleaning.\n", dmi_id, tpm_get_error_name(status));
   5.162    close_dmi(new_dmi );
   5.163 @@ -240,7 +251,7 @@ TPM_RESULT VTPM_Handle_Delete_DMI( const
   5.164    
   5.165    // Close DMI first
   5.166    TPMTRYRETURN(close_dmi( dmi_res ));
   5.167 -	free ( dmi_res );
   5.168 +  free ( dmi_res );
   5.169  	
   5.170    status=TPM_SUCCESS;    
   5.171    goto egress;
     6.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     6.2 +++ b/tools/vtpm_manager/manager/migration.c	Mon Jul 10 15:38:49 2006 +0100
     6.3 @@ -0,0 +1,307 @@
     6.4 +// ===================================================================
     6.5 +// 
     6.6 +// Copyright (c) 2005, Intel Corp.
     6.7 +// All rights reserved.
     6.8 +//
     6.9 +// Redistribution and use in source and binary forms, with or without 
    6.10 +// modification, are permitted provided that the following conditions 
    6.11 +// are met:
    6.12 +//
    6.13 +//   * Redistributions of source code must retain the above copyright 
    6.14 +//     notice, this list of conditions and the following disclaimer.
    6.15 +//   * Redistributions in binary form must reproduce the above 
    6.16 +//     copyright notice, this list of conditions and the following 
    6.17 +//     disclaimer in the documentation and/or other materials provided 
    6.18 +//     with the distribution.
    6.19 +//   * Neither the name of Intel Corporation nor the names of its 
    6.20 +//     contributors may be used to endorse or promote products derived
    6.21 +//     from this software without specific prior written permission.
    6.22 +//
    6.23 +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
    6.24 +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
    6.25 +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
    6.26 +// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 
    6.27 +// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
    6.28 +// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
    6.29 +// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
    6.30 +// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
    6.31 +// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
    6.32 +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
    6.33 +// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
    6.34 +// OF THE POSSIBILITY OF SUCH DAMAGE.
    6.35 +// ===================================================================
    6.36 +// 
    6.37 +//   dmictl.c
    6.38 +// 
    6.39 +//     Functions for creating and destroying DMIs
    6.40 +//
    6.41 +// ==================================================================
    6.42 +
    6.43 +#include <stdio.h>
    6.44 +#include <unistd.h>
    6.45 +#include <string.h>
    6.46 +
    6.47 +#include "vtpmpriv.h"
    6.48 +#include "bsg.h"
    6.49 +#include "buffer.h"
    6.50 +#include "log.h"
    6.51 +#include "hashtable.h"
    6.52 +
    6.53 +TPM_RESULT VTPM_Handle_Migrate_In( const buffer_t *param_buf,
    6.54 +                                   buffer_t *result_buf) {
    6.55 +
    6.56 +  TPM_RESULT status=TPM_FAIL;
    6.57 +  VTPM_DMI_RESOURCE *mig_dmi=NULL;
    6.58 +  UINT32 dmi_id;
    6.59 +  buffer_t dmi_state_abuf = NULL_BUF, enc_dmi_abuf = NULL_BUF, clear_dmi_blob = NULL_BUF;
    6.60 +
    6.61 +  if (param_buf == NULL) {
    6.62 +    vtpmlogerror(VTPM_LOG_VTPM, "Migration Out Failed due to bad parameter.\n");
    6.63 +    status = TPM_BAD_PARAMETER;
    6.64 +    goto abort_egress;
    6.65 +  }
    6.66 +
    6.67 +  struct pack_buf_t enc_dmi_state_pack;
    6.68 +
    6.69 +  BSG_UnpackList(param_buf->bytes, 2, 
    6.70 +                 BSG_TYPE_UINT32, &dmi_id,
    6.71 +                 BSG_TPM_SIZE32_DATA, &enc_dmi_state_pack) ;
    6.72 +
    6.73 +  vtpmloginfo(VTPM_LOG_VTPM, "Migrating VTPM in dmi %d.\n", dmi_id);
    6.74 +
    6.75 +  mig_dmi = (VTPM_DMI_RESOURCE *) hashtable_search(vtpm_globals->dmi_map, &dmi_id);
    6.76 +  if (mig_dmi) {
    6.77 +    vtpmlogerror(VTPM_LOG_VTPM, "Incoming VTPM claims unavailable id: %d.\n", dmi_id);
    6.78 +    status = TPM_BAD_PARAMETER;
    6.79 +    goto abort_egress;
    6.80 +  }    
    6.81 +
    6.82 +  /** UnBind Blob **/
    6.83 +  TPMTRYRETURN( buffer_init_alias_convert( &enc_dmi_abuf, 
    6.84 +                                           enc_dmi_state_pack.size, 
    6.85 +                                           enc_dmi_state_pack.data) );
    6.86 +
    6.87 +  TPMTRYRETURN( envelope_decrypt( &enc_dmi_abuf,
    6.88 +                                   vtpm_globals->manager_tcs_handle,
    6.89 +                                   vtpm_globals->storageKeyHandle,
    6.90 +                                   (const TPM_AUTHDATA*)&vtpm_globals->storage_key_usage_auth,
    6.91 +                                   &clear_dmi_blob) );
    6.92 +
    6.93 +  // Create new dmi
    6.94 +  TPMTRYRETURN( init_dmi(dmi_id, VTPM_TYPE_MIGRATABLE, &mig_dmi ) ); 
    6.95 +
    6.96 +  /** Open Blob **/
    6.97 +  struct pack_buf_t dmi_state_pack;
    6.98 +
    6.99 +  BSG_UnpackList(clear_dmi_blob.bytes, 2, 
   6.100 +                 BSG_TPM_DIGEST, &mig_dmi->DMI_measurement,
   6.101 +                 BSG_TPM_SIZE32_DATA, &dmi_state_pack);
   6.102 +
   6.103 +  TPMTRYRETURN( buffer_init_alias_convert(&dmi_state_abuf, 
   6.104 +                                          dmi_state_pack.size, 
   6.105 +                                          dmi_state_pack.data) ); 
   6.106 +
   6.107 +  TPMTRYRETURN( VTPM_Handle_Save_NVM(mig_dmi, &dmi_state_abuf, NULL ) );
   6.108 +
   6.109 +  status=TPM_SUCCESS;
   6.110 +  goto egress;
   6.111 +
   6.112 + abort_egress:
   6.113 +    vtpmlogerror(VTPM_LOG_VTPM, "VTPM Migration IN of instance %d failed because of %s.\n", dmi_id, tpm_get_error_name(status) );
   6.114 +
   6.115 + egress:
   6.116 +  buffer_free(&clear_dmi_blob);
   6.117 +  buffer_free(&dmi_state_abuf);
   6.118 + 
   6.119 +  return status;
   6.120 +}
   6.121 +
   6.122 +TPM_RESULT VTPM_Handle_Migrate_Out( const buffer_t *param_buf,
   6.123 +                                    buffer_t *result_buf) {
   6.124 +
   6.125 +  TPM_RESULT status=TPM_FAIL;
   6.126 +  VTPM_DMI_RESOURCE *mig_dmi;
   6.127 +  UINT32 dmi_id;
   6.128 +  VTPM_MIGKEY_LIST *last_mig, *mig_key;
   6.129 +  buffer_t dmi_state=NULL_BUF, clear_dmi_blob=NULL_BUF;
   6.130 +
   6.131 +  if (param_buf == NULL) {
   6.132 +    vtpmlogerror(VTPM_LOG_VTPM, "Migration Out Failed due to bad parameter.\n");
   6.133 +    status = TPM_BAD_PARAMETER;
   6.134 +    goto abort_egress;
   6.135 +  }
   6.136 +
   6.137 +  struct pack_buf_t name_pack;
   6.138 +
   6.139 +  BSG_UnpackList( param_buf->bytes, 2,
   6.140 +                  BSG_TYPE_UINT32, &dmi_id,
   6.141 +                  BSG_TPM_SIZE32_DATA, &name_pack);
   6.142 +
   6.143 +  vtpmloginfo(VTPM_LOG_VTPM, "Migrating out dmi %d.\n", dmi_id);
   6.144 +
   6.145 +  mig_dmi = (VTPM_DMI_RESOURCE *) hashtable_search(vtpm_globals->dmi_map, &dmi_id);
   6.146 +  if (mig_dmi == NULL) {
   6.147 +    vtpmlogerror(VTPM_LOG_VTPM, "Non-existent VTPM instance (%d) in migration.\n", dmi_id );
   6.148 +    status = TPM_BAD_PARAMETER;
   6.149 +    goto abort_egress;
   6.150 +  }
   6.151 +
   6.152 +  if (mig_dmi->dmi_type != VTPM_TYPE_MIGRATABLE) {
   6.153 +    vtpmlogerror(VTPM_LOG_VTPM, "Bad VTPM type (%d) in migration of instance (%d).\n", mig_dmi->dmi_type, dmi_id );
   6.154 +    status = TPM_BAD_PARAMETER;
   6.155 +    goto abort_egress;
   6.156 +  }
   6.157 +
   6.158 +  /** Find migration key for dest **/
   6.159 +  last_mig = NULL;
   6.160 +  mig_key = vtpm_globals->mig_keys;
   6.161 +  while (mig_key != NULL) {
   6.162 +    if (mig_key->name_size == name_pack.size)
   6.163 +      if (memcmp(mig_key->name, name_pack.data, name_pack.size) == 0) {
   6.164 +        break;
   6.165 +      }
   6.166 +    
   6.167 +    last_mig = mig_key;
   6.168 +    mig_key = mig_key->next;
   6.169 +  }
   6.170 +     
   6.171 +  if (!mig_key) {
   6.172 +    vtpmlogerror(VTPM_LOG_VTPM, "Unknown Migration target host.\n");
   6.173 +    status = TPM_BAD_PARAMETER;
   6.174 +    goto abort_egress;
   6.175 +  }
   6.176 +
   6.177 +  /** Mark vtpm as migrated **/
   6.178 +  mig_dmi->dmi_type = VTPM_TYPE_MIGRATED;
   6.179 +
   6.180 +  /** Build Blob **/
   6.181 +  TPMTRYRETURN( VTPM_Handle_Load_NVM(mig_dmi, NULL, &dmi_state) );
   6.182 +
   6.183 +  TPMTRYRETURN( buffer_init(&clear_dmi_blob, sizeof(TPM_DIGEST) + sizeof(UINT32) + buffer_len(&dmi_state), NULL ) ); 
   6.184 +
   6.185 +  struct pack_constbuf_t dmi_state_pack;
   6.186 +
   6.187 +  dmi_state_pack.size = buffer_len(&dmi_state);
   6.188 +  dmi_state_pack.data = dmi_state.bytes;
   6.189 +
   6.190 +  BSG_PackList(clear_dmi_blob.bytes, 2, 
   6.191 +               BSG_TPM_DIGEST, &mig_dmi->DMI_measurement,
   6.192 +               BSG_TPM_SIZE32_DATA, &dmi_state_pack);
   6.193 +
   6.194 +  /** Bind Blob **/
   6.195 +  TPMTRYRETURN( envelope_encrypt( &clear_dmi_blob,
   6.196 +                                  &mig_key->key,
   6.197 +                                  result_buf) );
   6.198 +
   6.199 +  if (last_mig)
   6.200 +    last_mig->next = mig_key->next;
   6.201 +  else 
   6.202 +    vtpm_globals->mig_keys = mig_key->next;
   6.203 +  
   6.204 +  free(mig_key->name);
   6.205 +  free(mig_key);
   6.206 +
   6.207 +  status=TPM_SUCCESS;
   6.208 +  goto egress;
   6.209 +
   6.210 + abort_egress:
   6.211 +    vtpmlogerror(VTPM_LOG_VTPM, "VTPM Migration OUT of instance %d failed because of %s. Migratoin recovery may be needed.\n", dmi_id, tpm_get_error_name(status) );
   6.212 +
   6.213 +    //TODO: Create and implement a policy for what happens to mig_key on failed migrations.
   6.214 +
   6.215 + egress:
   6.216 +
   6.217 +  buffer_free(&clear_dmi_blob);
   6.218 +  buffer_free(&dmi_state);
   6.219 +
   6.220 +  return status;
   6.221 +}
   6.222 +
   6.223 +
   6.224 +TPM_RESULT VTPM_Handle_Get_Migration_key( const buffer_t *param_buf,
   6.225 +                                          buffer_t *result_buf) {
   6.226 +
   6.227 +  TPM_RESULT status=TPM_FAIL;
   6.228 +
   6.229 +  vtpmloginfo(VTPM_LOG_VTPM, "Getting Migration Public Key.\n");
   6.230 +
   6.231 +  struct pack_buf_t pubkey_exp_pack, pubkey_mod_pack;
   6.232 +  TPM_KEY mig_key;
   6.233 +
   6.234 +  // Unpack/return key structure
   6.235 +  BSG_Unpack(BSG_TPM_KEY, vtpm_globals->storageKeyWrap.bytes , &mig_key);
   6.236 +  TPM_RSA_KEY_PARMS rsaKeyParms;
   6.237 +
   6.238 +  BSG_Unpack(BSG_TPM_RSA_KEY_PARMS,
   6.239 +               mig_key.algorithmParms.parms,
   6.240 +               &rsaKeyParms);
   6.241 +
   6.242 +  pubkey_exp_pack.size = rsaKeyParms.exponentSize;
   6.243 +  pubkey_exp_pack.data = rsaKeyParms.exponent;
   6.244 +  pubkey_mod_pack.size = mig_key.pubKey.keyLength;
   6.245 +  pubkey_mod_pack.data = mig_key.pubKey.key;
   6.246 +
   6.247 +  TPMTRYRETURN( buffer_init( result_buf, 2*sizeof(UINT32) + 
   6.248 +                                         pubkey_exp_pack.size + 
   6.249 +                                         pubkey_mod_pack.size, NULL ) );
   6.250 +
   6.251 +  BSG_PackList( result_buf->bytes, 2,
   6.252 +                  BSG_TPM_SIZE32_DATA, &pubkey_exp_pack,
   6.253 +                  BSG_TPM_SIZE32_DATA, &pubkey_mod_pack);
   6.254 +
   6.255 +
   6.256 +  status=TPM_SUCCESS;
   6.257 +  goto egress;
   6.258 +
   6.259 + abort_egress:
   6.260 +    vtpmlogerror(VTPM_LOG_VTPM, "VTPM Get Migration Key failed because of %s.\n", tpm_get_error_name(status) );
   6.261 + egress:
   6.262 +
   6.263 +  return status;
   6.264 +}
   6.265 +
   6.266 +TPM_RESULT VTPM_Handle_Load_Migration_key( const buffer_t *param_buf,
   6.267 +                                           buffer_t *result_buf) {
   6.268 +
   6.269 +  TPM_RESULT status=TPM_FAIL;
   6.270 +  VTPM_MIGKEY_LIST *mig_key;
   6.271 +
   6.272 +  vtpmloginfo(VTPM_LOG_VTPM, "Loading Migration Public Key.\n");
   6.273 +
   6.274 +  //FIXME: Review all uses of unpacking pack_buf_t and ensure free.
   6.275 +  //FIXME: Review all declarations/initializations of buffer_t that could have a goto that skips them and then tries to free them
   6.276 +
   6.277 +  struct pack_buf_t name_pack, pubkey_exp_pack, pubkey_mod_pack;
   6.278 +
   6.279 +  //FIXME: scan list and verify name is not already in the list
   6.280 +
   6.281 +  BSG_UnpackList( param_buf->bytes, 3,
   6.282 +                  BSG_TPM_SIZE32_DATA, &name_pack,
   6.283 +                  BSG_TPM_SIZE32_DATA, &pubkey_exp_pack,
   6.284 +                  BSG_TPM_SIZE32_DATA, &pubkey_mod_pack);
   6.285 +
   6.286 +  //TODO: Maintain a persistent list for pub_keys.
   6.287 +  //TODO: Verify pub_key is trusted
   6.288 +
   6.289 +  mig_key = (VTPM_MIGKEY_LIST *) malloc(sizeof(VTPM_MIGKEY_LIST));
   6.290 +  memset(mig_key, 0, sizeof(VTPM_MIGKEY_LIST) );
   6.291 +  mig_key->name_size = name_pack.size;
   6.292 +  mig_key->name = name_pack.data;
   6.293 +
   6.294 +  mig_key->key.encScheme = CRYPTO_ES_RSAESOAEP_SHA1_MGF1;
   6.295 +  Crypto_RSABuildCryptoInfoPublic( pubkey_exp_pack.size,
   6.296 +                                   pubkey_exp_pack.data,
   6.297 +                                   pubkey_mod_pack.size,
   6.298 +                                   pubkey_mod_pack.data,
   6.299 +                                   &mig_key->key);
   6.300 +
   6.301 +
   6.302 +  mig_key->next = vtpm_globals->mig_keys;
   6.303 +  vtpm_globals->mig_keys = mig_key;
   6.304 +
   6.305 +  // free(name_pack.data); Do not free. data is now part of mig_key.
   6.306 +  free(pubkey_exp_pack.data);
   6.307 +  free(pubkey_mod_pack.data);
   6.308 +
   6.309 +  return TPM_SUCCESS;
   6.310 +}
     7.1 --- a/tools/vtpm_manager/manager/securestorage.c	Mon Jul 10 15:36:04 2006 +0100
     7.2 +++ b/tools/vtpm_manager/manager/securestorage.c	Mon Jul 10 15:38:49 2006 +0100
     7.3 @@ -55,7 +55,7 @@
     7.4  #include "log.h"
     7.5  
     7.6  TPM_RESULT envelope_encrypt(const buffer_t     *inbuf,
     7.7 -                            CRYPTO_INFO  *asymkey,
     7.8 +                            CRYPTO_INFO        *asymkey,
     7.9                              buffer_t           *sealed_data) {
    7.10    TPM_RESULT status = TPM_SUCCESS;
    7.11    symkey_t    symkey;
    7.12 @@ -114,8 +114,7 @@ TPM_RESULT envelope_encrypt(const buffer
    7.13    return status;
    7.14  }
    7.15  
    7.16 -TPM_RESULT envelope_decrypt(const long         cipher_size,
    7.17 -                            const BYTE         *cipher,
    7.18 +TPM_RESULT envelope_decrypt(const buffer_t     *cipher,
    7.19                              TCS_CONTEXT_HANDLE TCSContext,
    7.20  			    TPM_HANDLE         keyHandle,
    7.21  			    const TPM_AUTHDATA *key_usage_auth,
    7.22 @@ -131,22 +130,22 @@ TPM_RESULT envelope_decrypt(const long  
    7.23  
    7.24    memset(&symkey, 0, sizeof(symkey_t));
    7.25  
    7.26 -  vtpmloginfo(VTPM_LOG_VTPM_DEEP, "Envelope Decrypt Input[%ld]: 0x", cipher_size);
    7.27 -  for (i=0; i< cipher_size; i++)
    7.28 -    vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", cipher[i]);
    7.29 +  vtpmloginfo(VTPM_LOG_VTPM_DEEP, "Envelope Decrypt Input[%d]: 0x", buffer_len(cipher) );
    7.30 +  for (i=0; i< buffer_len(cipher); i++)
    7.31 +    vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", cipher->bytes[i]);
    7.32    vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "\n");
    7.33    
    7.34 -  BSG_UnpackList(cipher, 2,
    7.35 +  BSG_UnpackList(cipher->bytes, 2,
    7.36  		 BSG_TPM_SIZE32_DATA, &symkey_cipher32,
    7.37  		 BSG_TPM_SIZE32_DATA, &data_cipher32);
    7.38    
    7.39 -  TPMTRYRETURN( buffer_init_convert (&symkey_cipher, 
    7.40 -				     symkey_cipher32.size, 
    7.41 -				     symkey_cipher32.data) );
    7.42 +  TPMTRYRETURN( buffer_init_alias_convert (&symkey_cipher, 
    7.43 +				           symkey_cipher32.size, 
    7.44 +				           symkey_cipher32.data) );
    7.45    
    7.46 -  TPMTRYRETURN( buffer_init_convert (&data_cipher, 
    7.47 -				     data_cipher32.size, 
    7.48 -				     data_cipher32.data) );
    7.49 +  TPMTRYRETURN( buffer_init_alias_convert (&data_cipher, 
    7.50 +				           data_cipher32.size, 
    7.51 +				           data_cipher32.data) );
    7.52  
    7.53    // Decrypt Symmetric Key
    7.54    TPMTRYRETURN( VTSP_Unbind(  TCSContext,
    7.55 @@ -188,7 +187,7 @@ TPM_RESULT VTPM_Handle_Save_NVM(VTPM_DMI
    7.56    TPM_RESULT status = TPM_SUCCESS;
    7.57    int fh;
    7.58    long bytes_written;
    7.59 -  buffer_t sealed_NVM;
    7.60 +  buffer_t sealed_NVM = NULL_BUF;
    7.61    
    7.62    vtpmloginfo(VTPM_LOG_VTPM_DEEP, "Saving %d bytes of NVM.\n", buffer_len(inbuf));
    7.63  
    7.64 @@ -221,16 +220,14 @@ TPM_RESULT VTPM_Handle_Save_NVM(VTPM_DMI
    7.65  }
    7.66  
    7.67  
    7.68 -/* inbuf = null outbuf = sealed blob size, sealed blob.*/
    7.69 +/* Expected Params: inbuf = null, outbuf = sealed blob size, sealed blob.*/
    7.70  TPM_RESULT VTPM_Handle_Load_NVM(VTPM_DMI_RESOURCE *myDMI, 
    7.71 -				const buffer_t *inbuf, 
    7.72 -				buffer_t *outbuf) {
    7.73 +				const buffer_t    *inbuf, 
    7.74 +				buffer_t          *outbuf) {
    7.75    
    7.76    TPM_RESULT status = TPM_SUCCESS;
    7.77  
    7.78 -  
    7.79 -  UINT32 sealed_NVM_size;
    7.80 -  BYTE *sealed_NVM = NULL;
    7.81 +  buffer_t sealed_NVM = NULL_BUF;
    7.82    long fh_size;
    7.83    int fh, stat_ret, i;
    7.84    struct stat file_stat;
    7.85 @@ -252,17 +249,16 @@ TPM_RESULT VTPM_Handle_Load_NVM(VTPM_DMI
    7.86      goto abort_egress;
    7.87    }
    7.88    
    7.89 -  sealed_NVM = (BYTE *) malloc(fh_size);
    7.90 -  sealed_NVM_size = (UINT32) fh_size;
    7.91 -  if (read(fh, sealed_NVM, fh_size) != fh_size) {
    7.92 +  TPMTRYRETURN( buffer_init( &sealed_NVM, fh_size, NULL) );
    7.93 +  if (read(fh, sealed_NVM.bytes, buffer_len(&sealed_NVM)) != fh_size) {
    7.94      status = TPM_IOERROR;
    7.95      goto abort_egress;
    7.96    }
    7.97    close(fh);
    7.98    
    7.99 -  vtpmloginfo(VTPM_LOG_VTPM_DEEP, "Load_NVMing[%ld],\n", fh_size);
   7.100 +  vtpmloginfo(VTPM_LOG_VTPM_DEEP, "Load_NVMing[%d],\n", buffer_len(&sealed_NVM));
   7.101    
   7.102 -  Crypto_SHA1Full(sealed_NVM, sealed_NVM_size, (BYTE *) &sealedNVMHash);    
   7.103 +  Crypto_SHA1Full(sealed_NVM.bytes, buffer_len(&sealed_NVM), (BYTE *) &sealedNVMHash);    
   7.104    
   7.105    // Verify measurement of sealed blob.
   7.106    if (memcmp(&sealedNVMHash, &myDMI->NVM_measurement, sizeof(TPM_DIGEST)) ) {
   7.107 @@ -281,8 +277,7 @@ TPM_RESULT VTPM_Handle_Load_NVM(VTPM_DMI
   7.108      goto abort_egress;
   7.109    }
   7.110    
   7.111 -    TPMTRYRETURN( envelope_decrypt(fh_size,
   7.112 -                                 sealed_NVM,
   7.113 +  TPMTRYRETURN( envelope_decrypt(&sealed_NVM,
   7.114                                   myDMI->TCSContext,
   7.115  		        	 vtpm_globals->storageKeyHandle,
   7.116  			         (const TPM_AUTHDATA*)&vtpm_globals->storage_key_usage_auth,
   7.117 @@ -293,7 +288,7 @@ TPM_RESULT VTPM_Handle_Load_NVM(VTPM_DMI
   7.118    vtpmlogerror(VTPM_LOG_VTPM, "Failed to load NVM\n.");
   7.119    
   7.120   egress:
   7.121 -  free( sealed_NVM );
   7.122 +  buffer_free( &sealed_NVM );
   7.123    
   7.124    return status;
   7.125  }
   7.126 @@ -408,12 +403,14 @@ TPM_RESULT VTPM_LoadManagerData(void) {
   7.127    int fh, stat_ret, dmis=0;
   7.128    long fh_size = 0, step_size;
   7.129    BYTE *flat_table=NULL;
   7.130 -  buffer_t  unsealed_data;
   7.131 +  buffer_t  unsealed_data, enc_table_abuf;
   7.132    struct pack_buf_t storage_key_pack, boot_key_pack;
   7.133    UINT32 *dmi_id_key, enc_size;
   7.134    BYTE vtpm_manager_gen;
   7.135  
   7.136    VTPM_DMI_RESOURCE *dmi_res;
   7.137 +  UINT32 dmi_id;
   7.138 +  BYTE dmi_type;
   7.139    struct stat file_stat;
   7.140  
   7.141    TPM_HANDLE boot_key_handle;
   7.142 @@ -442,6 +439,7 @@ TPM_RESULT VTPM_LoadManagerData(void) {
   7.143                                BSG_TYPE_UINT32, &enc_size);
   7.144  
   7.145    TPMTRYRETURN(buffer_init(&vtpm_globals->bootKeyWrap, 0, 0) );
   7.146 +  TPMTRYRETURN(buffer_init_alias_convert(&enc_table_abuf, enc_size, flat_table + step_size) );
   7.147    TPMTRYRETURN(buffer_append_raw(&vtpm_globals->bootKeyWrap, boot_key_pack.size, boot_key_pack.data) );
   7.148  
   7.149    //Load Boot Key
   7.150 @@ -454,8 +452,7 @@ TPM_RESULT VTPM_LoadManagerData(void) {
   7.151                                &vtpm_globals->bootKey,
   7.152                                FALSE) );
   7.153  
   7.154 -  TPMTRYRETURN( envelope_decrypt(enc_size,
   7.155 -                                 flat_table + step_size,
   7.156 +  TPMTRYRETURN( envelope_decrypt(&enc_table_abuf,
   7.157                                   vtpm_globals->manager_tcs_handle,
   7.158                                   boot_key_handle,
   7.159                                   (const TPM_AUTHDATA*) &boot_usage_auth,
   7.160 @@ -483,25 +480,17 @@ TPM_RESULT VTPM_LoadManagerData(void) {
   7.161        vtpmlogerror(VTPM_LOG_VTPM, "Encountered %ld extra bytes at end of manager state.\n", fh_size-step_size);
   7.162        step_size = fh_size;
   7.163      } else {
   7.164 -      dmi_res = (VTPM_DMI_RESOURCE *) malloc(sizeof(VTPM_DMI_RESOURCE));
   7.165 +      step_size += BSG_UnpackList(flat_table + step_size, 2,
   7.166 +                                 BSG_TYPE_UINT32, &dmi_id,
   7.167 +                                 BSG_TYPE_BYTE, &dmi_type);
   7.168 +
   7.169 +      //TODO: Try and gracefully recover from problems.
   7.170 +      TPMTRYRETURN(init_dmi(dmi_id, dmi_type, &dmi_res) );
   7.171        dmis++;
   7.172  
   7.173 -      dmi_res->connected = FALSE;
   7.174 -
   7.175 -      step_size += BSG_UnpackList(flat_table + step_size, 4,
   7.176 -                                 BSG_TYPE_UINT32, &dmi_res->dmi_id,
   7.177 -                                 BSG_TYPE_BYTE, &dmi_res->dmi_type,
   7.178 +      step_size += BSG_UnpackList(flat_table + step_size, 2,
   7.179                                   BSG_TPM_DIGEST, &dmi_res->NVM_measurement,
   7.180                                   BSG_TPM_DIGEST, &dmi_res->DMI_measurement);
   7.181 -
   7.182 -      // install into map
   7.183 -      dmi_id_key = (UINT32 *) malloc (sizeof(UINT32));
   7.184 -      *dmi_id_key = dmi_res->dmi_id;
   7.185 -      if (!hashtable_insert(vtpm_globals->dmi_map, dmi_id_key, dmi_res)) {
   7.186 -        status = TPM_FAIL;
   7.187 -        goto abort_egress;
   7.188 -      }
   7.189 -
   7.190      }
   7.191  
   7.192    }
     8.1 --- a/tools/vtpm_manager/manager/vtpm_ipc.c	Mon Jul 10 15:36:04 2006 +0100
     8.2 +++ b/tools/vtpm_manager/manager/vtpm_ipc.c	Mon Jul 10 15:38:49 2006 +0100
     8.3 @@ -135,7 +135,7 @@ void vtpm_ipc_close(vtpm_ipc_handle_t *i
     8.4  
     8.5    if (ipc_h) {
     8.6      close(ipc_h->fh);
     8.7 +    ipc_h->fh = VTPM_IPC_CLOSED;
     8.8    }
     8.9 -  ipc_h->fh = VTPM_IPC_CLOSED;
    8.10  
    8.11  }
     9.1 --- a/tools/vtpm_manager/manager/vtpm_manager.c	Mon Jul 10 15:36:04 2006 +0100
     9.2 +++ b/tools/vtpm_manager/manager/vtpm_manager.c	Mon Jul 10 15:38:49 2006 +0100
     9.3 @@ -219,7 +219,9 @@ TPM_RESULT VTPM_Init_Manager() {
     9.4  			   &vtpm_globals->keyAuth) );
     9.5    vtpm_globals->keyAuth.fContinueAuthSession = TRUE;
     9.6  
     9.7 -  // If failed, create new Manager.
     9.8 +  vtpm_globals->mig_keys = NULL;
     9.9 +
    9.10 +  // If fails, create new Manager.
    9.11    serviceStatus = VTPM_LoadManagerData();
    9.12    if (serviceStatus == TPM_IOERROR) {
    9.13      vtpmloginfo(VTPM_LOG_VTPM, "Failed to read manager file. Assuming first time initialization.\n");
    10.1 --- a/tools/vtpm_manager/manager/vtpm_manager.h	Mon Jul 10 15:36:04 2006 +0100
    10.2 +++ b/tools/vtpm_manager/manager/vtpm_manager.h	Mon Jul 10 15:38:49 2006 +0100
    10.3 @@ -56,14 +56,18 @@
    10.4  #define VTPM_PRIV_BASE      (VTPM_ORD_BASE | VTPM_PRIV_MASK)
    10.5  
    10.6  // Non-priviledged VTPM Commands (From DMI's)
    10.7 -#define VTPM_ORD_SAVENVM    (VTPM_ORD_BASE + 1) // DMI Saves Secrets
    10.8 -#define VTPM_ORD_LOADNVM    (VTPM_ORD_BASE + 2) // DMI Loads Secrets
    10.9 -#define VTPM_ORD_TPMCOMMAND (VTPM_ORD_BASE + 3) // DMI issues HW TPM Command
   10.10 +#define VTPM_ORD_SAVENVM      (VTPM_ORD_BASE + 1) // DMI Saves Secrets
   10.11 +#define VTPM_ORD_LOADNVM      (VTPM_ORD_BASE + 2) // DMI Loads Secrets
   10.12 +#define VTPM_ORD_TPMCOMMAND   (VTPM_ORD_BASE + 3) // DMI issues HW TPM Command
   10.13 +#define VTPM_ORD_GET_MIG_KEY  (VTPM_ORD_BASE + 4) // Get manager's migration key
   10.14 +#define VTPM_ORD_LOAD_MIG_KEY (VTPM_ORD_BASE + 5) // load dest migration key 
   10.15  
   10.16  // Priviledged VTPM Commands (From management console)
   10.17 -#define VTPM_ORD_OPEN     (VTPM_PRIV_BASE + 1) // Creates/reopens DMI
   10.18 -#define VTPM_ORD_CLOSE    (VTPM_PRIV_BASE + 2) // Closes a DMI
   10.19 -#define VTPM_ORD_DELETE   (VTPM_PRIV_BASE + 3) // Permemently Deletes DMI
   10.20 +#define VTPM_ORD_OPEN         (VTPM_PRIV_BASE + 1) // Creates/reopens DMI
   10.21 +#define VTPM_ORD_CLOSE        (VTPM_PRIV_BASE + 2) // Closes a DMI
   10.22 +#define VTPM_ORD_DELETE       (VTPM_PRIV_BASE + 3) // Permemently Deletes DMI
   10.23 +#define VTPM_ORD_MIGRATE_IN   (VTPM_PRIV_BASE + 4) // Load migrated VTPM
   10.24 +#define VTPM_ORD_MIGRATE_OUT  (VTPM_PRIV_BASE + 5) // migrate VTPM to dest 
   10.25  
   10.26  //************************ Return Codes ****************************
   10.27  #define VTPM_SUCCESS               0
    11.1 --- a/tools/vtpm_manager/manager/vtpm_manager_handler.c	Mon Jul 10 15:36:04 2006 +0100
    11.2 +++ b/tools/vtpm_manager/manager/vtpm_manager_handler.c	Mon Jul 10 15:38:49 2006 +0100
    11.3 @@ -301,6 +301,16 @@ TPM_RESULT vtpm_manager_handle_vtpm_cmd(
    11.4                                      command_buf, 
    11.5                                      result_buf);
    11.6      break;
    11.7 +
    11.8 +  case VTPM_ORD_GET_MIG_KEY:
    11.9 +    status = VTPM_Handle_Get_Migration_key(command_buf, 
   11.10 +                                           result_buf);
   11.11 +    break;
   11.12 +
   11.13 +  case VTPM_ORD_LOAD_MIG_KEY:
   11.14 +    status = VTPM_Handle_Load_Migration_key(command_buf, 
   11.15 +                                           result_buf);
   11.16 +    break;
   11.17     
   11.18    default:
   11.19      // Privileged handlers can do maintanance
   11.20 @@ -318,6 +328,14 @@ TPM_RESULT vtpm_manager_handle_vtpm_cmd(
   11.21          status = VTPM_Handle_Delete_DMI(command_buf);
   11.22          break;
   11.23  
   11.24 +      case VTPM_ORD_MIGRATE_IN:
   11.25 +        status = VTPM_Handle_Migrate_In(command_buf, result_buf);
   11.26 +        break;
   11.27 +
   11.28 +      case VTPM_ORD_MIGRATE_OUT:
   11.29 +        status = VTPM_Handle_Migrate_Out(command_buf, result_buf);
   11.30 +        break;
   11.31 +
   11.32        default:
   11.33          status = TPM_BAD_ORDINAL;
   11.34        } // switch
    12.1 --- a/tools/vtpm_manager/manager/vtpmd.c	Mon Jul 10 15:36:04 2006 +0100
    12.2 +++ b/tools/vtpm_manager/manager/vtpmd.c	Mon Jul 10 15:38:49 2006 +0100
    12.3 @@ -51,7 +51,6 @@
    12.4  #include "log.h"
    12.5  #include "vtpm_ipc.h"
    12.6  
    12.7 -
    12.8  #define TPM_EMULATOR_PATH "/usr/bin/vtpmd"
    12.9  
   12.10  #define VTPM_BE_FNAME          "/dev/vtpm"
    13.1 --- a/tools/vtpm_manager/manager/vtpmpriv.h	Mon Jul 10 15:36:04 2006 +0100
    13.2 +++ b/tools/vtpm_manager/manager/vtpmpriv.h	Mon Jul 10 15:38:49 2006 +0100
    13.3 @@ -79,6 +79,14 @@ typedef struct VTPM_DMI_RESOURCE_T {
    13.4    TPM_DIGEST            DMI_measurement;  // Correct measurement of the owning DMI
    13.5  } VTPM_DMI_RESOURCE;
    13.6  
    13.7 +typedef struct tdVTPM_MIGKEY_LIST {
    13.8 +  UINT32                name_size;
    13.9 +  BYTE                  *name; // Name of destination (IP addr, domain name, etc)
   13.10 +  CRYPTO_INFO           key;
   13.11 +  struct tdVTPM_MIGKEY_LIST *next;
   13.12 +} VTPM_MIGKEY_LIST;
   13.13 +
   13.14 +
   13.15  typedef struct tdVTPM_GLOBALS {
   13.16    // Non-persistent data
   13.17  #ifndef VTPM_MULTI_VM
   13.18 @@ -88,6 +96,11 @@ typedef struct tdVTPM_GLOBALS {
   13.19    int                 connected_dmis;     // To close guest_rx when no dmis are connected
   13.20  
   13.21    struct hashtable    *dmi_map;               // Table of all DMI's known indexed by persistent instance #
   13.22 +  VTPM_MIGKEY_LIST    *mig_keys;              // Table of migration keys
   13.23 +                      // Currently keys are loaded at migration time,
   13.24 +                      // TODO: Make VTPM man store a keys persistently
   13.25 +                      //       and update script to check if key is needed
   13.26 +                      //       before fetching it.
   13.27  
   13.28    TCS_CONTEXT_HANDLE  manager_tcs_handle;     // TCS Handle used by manager
   13.29    TPM_HANDLE          storageKeyHandle;       // Key used by persistent store
   13.30 @@ -109,8 +122,6 @@ typedef struct tdVTPM_GLOBALS {
   13.31  extern VTPM_GLOBALS *vtpm_globals;   // Key info and DMI states
   13.32  extern const TPM_AUTHDATA SRK_AUTH;  // SRK Well Known Auth Value
   13.33  
   13.34 -// ********************** Command Handler Prototypes ***********************
   13.35 -
   13.36  // ********************** VTPM Functions *************************
   13.37  TPM_RESULT VTPM_Init_Manager(); // Start VTPM Service
   13.38  void VTPM_Stop_Manager();  // Stop VTPM Service
   13.39 @@ -122,6 +133,8 @@ TPM_RESULT VTPM_Manager_Handler(vtpm_ipc
   13.40                                  BOOL is_priv,
   13.41                                  char *client_name);
   13.42  
   13.43 +// ********************** Command Handler Prototypes ***********************
   13.44 +
   13.45  TPM_RESULT VTPM_Handle_Load_NVM(       VTPM_DMI_RESOURCE *myDMI, 
   13.46                                          const buffer_t *inbuf, 
   13.47                                          buffer_t *outbuf);
   13.48 @@ -140,6 +153,15 @@ TPM_RESULT VTPM_Handle_Close_DMI(const b
   13.49                                     
   13.50  TPM_RESULT VTPM_Handle_Delete_DMI(const buffer_t *param_buf);
   13.51  
   13.52 +TPM_RESULT VTPM_Handle_Migrate_In( const buffer_t *param_buf,
   13.53 +                                   buffer_t *result_buf);
   13.54 +
   13.55 +TPM_RESULT VTPM_Handle_Migrate_Out ( const buffer_t *param_buf,
   13.56 +                                     buffer_t *result_buf);
   13.57 +
   13.58 +TPM_RESULT VTPM_Handle_Get_Migration_key( const buffer_t *param_buf,
   13.59 +                                          buffer_t *result_buf);
   13.60 +
   13.61  TPM_RESULT VTPM_SaveManagerData(void);
   13.62  TPM_RESULT VTPM_LoadManagerData(void);
   13.63  
   13.64 @@ -147,5 +169,18 @@ TPM_RESULT VTPM_New_DMI_Extra(VTPM_DMI_R
   13.65  
   13.66  TPM_RESULT VTPM_Close_DMI_Extra(VTPM_DMI_RESOURCE *dmi_res);
   13.67  
   13.68 +// Helper functions
   13.69  TPM_RESULT close_dmi(VTPM_DMI_RESOURCE *dmi_res);
   13.70 +TPM_RESULT init_dmi(UINT32 dmi_id, BYTE type,  VTPM_DMI_RESOURCE **dmi_res);
   13.71 +
   13.72 +TPM_RESULT envelope_encrypt(const buffer_t     *inbuf,
   13.73 +                             CRYPTO_INFO        *asymkey,
   13.74 +                             buffer_t           *sealed_data);
   13.75 +
   13.76 +TPM_RESULT envelope_decrypt(const buffer_t     *cipher,
   13.77 +                            TCS_CONTEXT_HANDLE TCSContext,
   13.78 +                            TPM_HANDLE         keyHandle,
   13.79 +                            const TPM_AUTHDATA *key_usage_auth,
   13.80 +                            buffer_t           *unsealed_data);
   13.81 +
   13.82  #endif // __VTPMPRIV_H__
    14.1 --- a/tools/vtpm_manager/manager/vtsp.c	Mon Jul 10 15:36:04 2006 +0100
    14.2 +++ b/tools/vtpm_manager/manager/vtsp.c	Mon Jul 10 15:38:49 2006 +0100
    14.3 @@ -141,13 +141,18 @@ TPM_RESULT VerifyAuth( /*[IN]*/ const BY
    14.4  	      (BYTE *) HMACkey, sizeof(TPM_DIGEST), (BYTE *) &hm);
    14.5      
    14.6    // Compare correct HMAC with provided one.
    14.7 -  if (memcmp (&hm, &(auth->HMAC), sizeof(TPM_DIGEST)) == 0)  // 0 indicates equality
    14.8 +  if (memcmp (&hm, &(auth->HMAC), sizeof(TPM_DIGEST)) == 0) { // 0 indicates equality
    14.9 +    if (!auth->fContinueAuthSession) 
   14.10 +      vtpmloginfo(VTPM_LOG_VTSP_DEEP, "Auth Session: 0x%x closed by TPM by fContinue=0.\n", auth->AuthHandle);
   14.11 +    
   14.12      return (TPM_SUCCESS);
   14.13 -  else {
   14.14 +  } else {
   14.15      // If specified, reconnect the OIAP session.
   14.16      // NOTE: This only works for TCS's that never have a 0 context. 
   14.17 -    if (hContext) 
   14.18 +    if (hContext) {
   14.19 +      vtpmloginfo(VTPM_LOG_VTSP_DEEP, "Auth Session: 0x%x closed by TPM due to failure.\n", auth->AuthHandle);
   14.20        VTSP_OIAP( hContext, auth);
   14.21 +    }
   14.22      return (TPM_AUTHFAIL);
   14.23    }
   14.24  }
   14.25 @@ -164,6 +169,7 @@ TPM_RESULT VTSP_OIAP(const TCS_CONTEXT_H
   14.26    memset(&auth->HMAC, 0, sizeof(TPM_DIGEST));
   14.27    auth->fContinueAuthSession = FALSE;
   14.28  
   14.29 +  vtpmloginfo(VTPM_LOG_VTSP_DEEP, "Auth Session: 0x%x opened by TPM_OIAP.\n", auth->AuthHandle);
   14.30    goto egress;
   14.31    
   14.32   abort_egress:
   14.33 @@ -205,7 +211,9 @@ TPM_RESULT VTSP_OSAP(const TCS_CONTEXT_H
   14.34  
   14.35    memset(&auth->HMAC, 0, sizeof(TPM_DIGEST));
   14.36    auth->fContinueAuthSession = FALSE;
   14.37 -    
   14.38 +   
   14.39 +  vtpmloginfo(VTPM_LOG_VTSP_DEEP, "Auth Session: 0x%x opened by TPM_OSAP.\n", auth->AuthHandle);
   14.40 +
   14.41    goto egress;
   14.42    
   14.43   abort_egress:
   14.44 @@ -216,6 +224,23 @@ TPM_RESULT VTSP_OSAP(const TCS_CONTEXT_H
   14.45  }
   14.46  
   14.47  
   14.48 +TPM_RESULT VTSP_TerminateHandle(const TCS_CONTEXT_HANDLE hContext,
   14.49 +                                const TCS_AUTH *auth) {
   14.50 +
   14.51 +  vtpmloginfo(VTPM_LOG_VTSP, "Terminate Handle.\n");
   14.52 +  TPM_RESULT status = TPM_SUCCESS;
   14.53 +  TPMTRYRETURN( TCSP_TerminateHandle(hContext, auth->AuthHandle) );
   14.54 +
   14.55 +  vtpmloginfo(VTPM_LOG_VTSP_DEEP, "Auth Session: 0x%x closed by TPM_TerminateHandle.\n", auth->AuthHandle);
   14.56 +  goto egress;
   14.57 +
   14.58 + abort_egress:
   14.59 +
   14.60 + egress:
   14.61 +
   14.62 +  return status;
   14.63 +}
   14.64 +
   14.65  
   14.66  TPM_RESULT VTSP_ReadPubek(   const TCS_CONTEXT_HANDLE hContext,
   14.67                               CRYPTO_INFO *crypto_info) {
   14.68 @@ -728,6 +753,7 @@ TPM_RESULT VTSP_Bind(   CRYPTO_INFO *cry
   14.69  			buffer_t *outData)               
   14.70  {
   14.71    vtpmloginfo(VTPM_LOG_VTSP, "Binding %d bytes of data.\n", buffer_len(inData));
   14.72 +  TPM_RESULT status = TPM_SUCCESS;
   14.73    TPM_BOUND_DATA boundData;
   14.74    UINT32 i;
   14.75    
   14.76 @@ -756,11 +782,11 @@ TPM_RESULT VTSP_Bind(   CRYPTO_INFO *cry
   14.77    UINT32 out_tmp_size;
   14.78    
   14.79    // Encrypt flatBoundData
   14.80 -  Crypto_RSAEnc( cryptoInfo, 
   14.81 -		 flatBoundDataSize, 
   14.82 -		 flatBoundData, 
   14.83 -		 &out_tmp_size, 
   14.84 -		 out_tmp);
   14.85 +  TPMTRY(TPM_ENCRYPT_ERROR, Crypto_RSAEnc( cryptoInfo, 
   14.86 +                                           flatBoundDataSize, 
   14.87 +                                           flatBoundData, 
   14.88 +                                           &out_tmp_size, 
   14.89 +                                           out_tmp) );
   14.90    
   14.91    if (out_tmp_size > RSA_KEY_SIZE/8) {
   14.92      // The result of RSAEnc should be a fixed size based on key size.
   14.93 @@ -775,7 +801,11 @@ TPM_RESULT VTSP_Bind(   CRYPTO_INFO *cry
   14.94      vtpmloginfomore(VTPM_LOG_TXDATA, "%2.2x ", out_tmp[i]);
   14.95    }
   14.96    vtpmloginfomore(VTPM_LOG_TXDATA, "\n");
   14.97 -  
   14.98 +
   14.99 +  goto egress;
  14.100 +  abort_egress: 
  14.101 +  egress:
  14.102 + 
  14.103    // Free flatBoundData
  14.104    free(flatBoundData);
  14.105    
    15.1 --- a/tools/vtpm_manager/manager/vtsp.h	Mon Jul 10 15:36:04 2006 +0100
    15.2 +++ b/tools/vtpm_manager/manager/vtsp.h	Mon Jul 10 15:38:49 2006 +0100
    15.3 @@ -59,6 +59,9 @@ TPM_RESULT VTSP_OSAP(  const TCS_CONTEXT
    15.4                         TPM_SECRET *sharedsecret, 
    15.5                         TCS_AUTH *auth);
    15.6  
    15.7 +TPM_RESULT VTSP_TerminateHandle(const TCS_CONTEXT_HANDLE hContext,
    15.8 +                                const TCS_AUTH *auth);
    15.9 +
   15.10  TPM_RESULT VTSP_ReadPubek(   const TCS_CONTEXT_HANDLE hContext,
   15.11                               CRYPTO_INFO *cypto_info);
   15.12  
    16.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    16.2 +++ b/tools/vtpm_manager/migration/Makefile	Mon Jul 10 15:38:49 2006 +0100
    16.3 @@ -0,0 +1,39 @@
    16.4 +XEN_ROOT = ../../..
    16.5 +include $(XEN_ROOT)/tools/vtpm_manager/Rules.mk
    16.6 +
    16.7 +BIND		= vtpm_migratord
    16.8 +BINC		= vtpm_migrator
    16.9 +
   16.10 +SRCSD    = vtpm_manager_if.c vtpm_migratord.c vtpm_migratord_handler.c vtpm_ipc.c
   16.11 +SRCSC    = vtpm_manager_if.c vtpm_migrator_if.c vtpm_migratorc.c vtpm_ipc.c
   16.12 +
   16.13 +OBJSD    = $(patsubst %.c,%.o,$(SRCSD))
   16.14 +OBJSC    = $(patsubst %.c,%.o,$(SRCSC))
   16.15 +
   16.16 +.PHONY: all
   16.17 +all: build
   16.18 +
   16.19 +.PHONY: build
   16.20 +build: $(BIND) $(BINC)
   16.21 +
   16.22 +.PHONY: install
   16.23 +install: build
   16.24 +	$(INSTALL_PROG) $(BIND) $(TOOLS_INSTALL_DIR)
   16.25 +	$(INSTALL_PROG) $(BINC) $(TOOLS_INSTALL_DIR)
   16.26 +
   16.27 +.PHONY: clean
   16.28 +clean:
   16.29 +	rm -f *.a *.so *.o *.rpm $(DEP_FILES)
   16.30 +
   16.31 +.PHONY: mrproper
   16.32 +mrproper: clean
   16.33 +	rm -f $(BINC) $(BIND) *~
   16.34 +
   16.35 +$(BIND): $(OBJSD)
   16.36 +	$(CC) $(CFLAGS) $(LDFLAGS) $^ $(LIBS) -o $@
   16.37 +
   16.38 +$(BINC): $(OBJSC)
   16.39 +	$(CC) $(CFLAGS) $(LDFLAGS) $^ $(LIBS) -o $@
   16.40 +
   16.41 +# libraries
   16.42 +LIBS += ../util/libTCGUtils.a
    17.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    17.2 +++ b/tools/vtpm_manager/migration/vtpm_manager_if.c	Mon Jul 10 15:38:49 2006 +0100
    17.3 @@ -0,0 +1,186 @@
    17.4 +// ===================================================================
    17.5 +// 
    17.6 +// Copyright (c) 2005, Intel Corp.
    17.7 +// All rights reserved.
    17.8 +//
    17.9 +// Redistribution and use in source and binary forms, with or without 
   17.10 +// modification, are permitted provided that the following conditions 
   17.11 +// are met:
   17.12 +//
   17.13 +//   * Redistributions of source code must retain the above copyright 
   17.14 +//     notice, this list of conditions and the following disclaimer.
   17.15 +//   * Redistributions in binary form must reproduce the above 
   17.16 +//     copyright notice, this list of conditions and the following 
   17.17 +//     disclaimer in the documentation and/or other materials provided 
   17.18 +//     with the distribution.
   17.19 +//   * Neither the name of Intel Corporation nor the names of its 
   17.20 +//     contributors may be used to endorse or promote products derived
   17.21 +//     from this software without specific prior written permission.
   17.22 +//
   17.23 +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
   17.24 +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
   17.25 +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
   17.26 +// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 
   17.27 +// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
   17.28 +// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
   17.29 +// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
   17.30 +// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   17.31 +// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
   17.32 +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
   17.33 +// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
   17.34 +// OF THE POSSIBILITY OF SUCH DAMAGE.
   17.35 +// ===================================================================
   17.36 +// 
   17.37 +// vtpm_manager_if.c
   17.38 +// 
   17.39 +//  Provides functions to call local vtpm manager interface (Hotplug)
   17.40 +//
   17.41 +// ==================================================================
   17.42 +
   17.43 +#include <stdio.h>
   17.44 +#include <fcntl.h>
   17.45 +#include <malloc.h>
   17.46 +#include <string.h>
   17.47 +
   17.48 +#include "tcg.h"
   17.49 +#include "buffer.h"
   17.50 +#include "log.h"
   17.51 +#include "vtpm_ipc.h"
   17.52 +#include "bsg.h"
   17.53 +#include "vtpm_migrator.h"
   17.54 +#include "vtpm_manager.h"
   17.55 +
   17.56 +#define VTPM_TX_HP_FNAME       "/var/vtpm/fifos/from_console.fifo"
   17.57 +#define VTPM_RX_HP_FNAME       "/var/vtpm/fifos/to_console.fifo"
   17.58 +
   17.59 +static vtpm_ipc_handle_t tx_ipc_h, rx_ipc_h;
   17.60 +
   17.61 +TPM_RESULT vtpm_manager_open(){
   17.62 +
   17.63 +  if ( (vtpm_ipc_init(&tx_ipc_h,  VTPM_TX_HP_FNAME, O_RDWR, TRUE) != 0) ||  //FIXME: wronly
   17.64 +       (vtpm_ipc_init(&rx_ipc_h,  VTPM_RX_HP_FNAME, O_RDWR, TRUE) != 0) ) { //FIXME: rdonly
   17.65 +    vtpmlogerror(VTPM_LOG_VTPM, "Unable to connect to vtpm_manager.\n");
   17.66 +    return TPM_IOERROR;
   17.67 +  } 
   17.68 +
   17.69 +  return TPM_SUCCESS;
   17.70 +}
   17.71 +
   17.72 +void vtpm_manager_close() {
   17.73 +
   17.74 +  vtpm_ipc_close(&tx_ipc_h);
   17.75 +  vtpm_ipc_close(&rx_ipc_h);
   17.76 +}
   17.77 +
   17.78 +
   17.79 +TPM_RESULT vtpm_manager_command(TPM_COMMAND_CODE ord,
   17.80 +                                buffer_t *command_param_buf,
   17.81 +                                TPM_RESULT *cmd_status, /* out */
   17.82 +                                buffer_t *result_param_buf) {
   17.83 +
   17.84 +  TPM_RESULT status = TPM_FAIL;
   17.85 +  int  size_read, size_write, i;
   17.86 +  BYTE *adj_command, response_header[VTPM_COMMAND_HEADER_SIZE_SRV];
   17.87 +  UINT32 dmi_id=0, adj_command_size, out_param_size, adj_param_size;
   17.88 +  TPM_TAG tag=VTPM_TAG_REQ;
   17.89 +
   17.90 +  if ( (!command_param_buf) || (!result_param_buf) || (!cmd_status) ) {
   17.91 +    status = TPM_BAD_PARAMETER;
   17.92 +    goto abort_egress;
   17.93 +  }   
   17.94 +  
   17.95 +  adj_command_size = VTPM_COMMAND_HEADER_SIZE_SRV + buffer_len(command_param_buf);
   17.96 +  adj_command = (BYTE *) malloc( adj_command_size );
   17.97 +  if (!adj_command) {
   17.98 +    status = TPM_RESOURCES;
   17.99 +    goto abort_egress;
  17.100 +  }
  17.101 +
  17.102 +  out_param_size = VTPM_COMMAND_HEADER_SIZE + buffer_len(command_param_buf);
  17.103 +  BSG_PackList(adj_command, 4,
  17.104 +                 BSG_TYPE_UINT32, &dmi_id,
  17.105 +                 BSG_TPM_TAG, &tag,
  17.106 +                 BSG_TYPE_UINT32, &out_param_size,
  17.107 +                 BSG_TPM_COMMAND_CODE, &ord );
  17.108 +
  17.109 +  memcpy(adj_command + VTPM_COMMAND_HEADER_SIZE_SRV, command_param_buf->bytes, buffer_len(command_param_buf));
  17.110 +
  17.111 +  size_write = vtpm_ipc_write(&tx_ipc_h, NULL, adj_command, adj_command_size);
  17.112 +
  17.113 +  if (size_write > 0) {
  17.114 +    vtpmloginfo(VTPM_LOG_VTPM_DEEP, "SENT (MGR): 0x");
  17.115 +    for (i=0; i< adj_command_size; i++) {
  17.116 +      vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", adj_command[i]);
  17.117 +    }
  17.118 +    vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "\n");
  17.119 +  } else {
  17.120 +    vtpmlogerror(VTPM_LOG_VTPM, "Error writing VTPM Manager console.\n");
  17.121 +    status = TPM_IOERROR;
  17.122 +    goto abort_egress;
  17.123 +  }
  17.124 +
  17.125 +  if (size_write != (int) adj_command_size )
  17.126 +    vtpmlogerror(VTPM_LOG_VTPM, "Could not write entire command to mgr (%d/%d)\n", size_write, adj_command_size);
  17.127 +
  17.128 +  // Read header for response to manager command
  17.129 +  size_read = vtpm_ipc_read(&rx_ipc_h, NULL, response_header, VTPM_COMMAND_HEADER_SIZE_SRV);
  17.130 +  if (size_read > 0) {
  17.131 +    vtpmloginfo(VTPM_LOG_VTPM_DEEP, "RECV (MGR): 0x");
  17.132 +    for (i=0; i<size_read; i++)
  17.133 +      vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", response_header[i]);
  17.134 +
  17.135 +  } else {
  17.136 +    vtpmlogerror(VTPM_LOG_VTPM, "Error reading from vtpm manager.\n");
  17.137 +    status = TPM_IOERROR;
  17.138 +    goto abort_egress;
  17.139 +  }
  17.140 +
  17.141 +  if (size_read < (int) VTPM_COMMAND_HEADER_SIZE_SRV) {
  17.142 +    vtpmlogerror(VTPM_LOG_VTPM, "Command from vtpm_manager shorter than std header.\n");
  17.143 +    status = TPM_IOERROR;
  17.144 +    goto abort_egress;
  17.145 +  }
  17.146 +
  17.147 +  // Unpack response from DMI for TPM command
  17.148 +  BSG_UnpackList(response_header, 4,
  17.149 +                 BSG_TYPE_UINT32, &dmi_id,
  17.150 +                 BSG_TPM_TAG, &tag,
  17.151 +                 BSG_TYPE_UINT32, &out_param_size,
  17.152 +                 BSG_TPM_COMMAND_CODE, cmd_status );
  17.153 +
  17.154 +  // If response has parameters, read them.
  17.155 +  // Note that out_param_size is in the client's context
  17.156 +  adj_param_size = out_param_size - VTPM_COMMAND_HEADER_SIZE;
  17.157 +  if (adj_param_size > 0) {
  17.158 +    TPMTRYRETURN( buffer_init( result_param_buf, adj_param_size, NULL) );
  17.159 +    size_read = vtpm_ipc_read(&rx_ipc_h, NULL, result_param_buf->bytes, adj_param_size);
  17.160 +    if (size_read > 0) {
  17.161 +      for (i=0; i< size_read; i++)
  17.162 +        vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", result_param_buf->bytes[i]);
  17.163 +
  17.164 +    } else {
  17.165 +      vtpmlogerror(VTPM_LOG_VTPM, "Error reading from vtpm manager.\n");
  17.166 +      goto abort_egress;
  17.167 +    }
  17.168 +    vtpmloginfomore(VTPM_LOG_VTPM, "\n");
  17.169 +
  17.170 +    if (size_read < (int)adj_param_size) {
  17.171 +      vtpmloginfomore(VTPM_LOG_VTPM, "\n");
  17.172 +      vtpmlogerror(VTPM_LOG_VTPM, "Command read(%d) is shorter than header indicates(%d).\n", size_read, adj_param_size);
  17.173 +      status = TPM_IOERROR;
  17.174 +      goto abort_egress;
  17.175 +    }
  17.176 +  } else {
  17.177 +    vtpmloginfomore(VTPM_LOG_VTPM, "\n");
  17.178 +  }
  17.179 +
  17.180 +  status=TPM_SUCCESS;
  17.181 +  goto egress;
  17.182 +
  17.183 + abort_egress:
  17.184 + egress:
  17.185 +
  17.186 +  return status;
  17.187 +}
  17.188 +
  17.189 +
    18.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    18.2 +++ b/tools/vtpm_manager/migration/vtpm_migrator.h	Mon Jul 10 15:38:49 2006 +0100
    18.3 @@ -0,0 +1,104 @@
    18.4 +// ===================================================================
    18.5 +// 
    18.6 +// Copyright (c) 2005, Intel Corp.
    18.7 +// All rights reserved.
    18.8 +//
    18.9 +// Redistribution and use in source and binary forms, with or without 
   18.10 +// modification, are permitted provided that the following conditions 
   18.11 +// are met:
   18.12 +//
   18.13 +//   * Redistributions of source code must retain the above copyright 
   18.14 +//     notice, this list of conditions and the following disclaimer.
   18.15 +//   * Redistributions in binary form must reproduce the above 
   18.16 +//     copyright notice, this list of conditions and the following 
   18.17 +//     disclaimer in the documentation and/or other materials provided 
   18.18 +//     with the distribution.
   18.19 +//   * Neither the name of Intel Corporation nor the names of its 
   18.20 +//     contributors may be used to endorse or promote products derived
   18.21 +//     from this software without specific prior written permission.
   18.22 +//
   18.23 +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
   18.24 +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
   18.25 +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
   18.26 +// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 
   18.27 +// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
   18.28 +// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
   18.29 +// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
   18.30 +// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   18.31 +// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
   18.32 +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
   18.33 +// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
   18.34 +// OF THE POSSIBILITY OF SUCH DAMAGE.
   18.35 +// ===================================================================
   18.36 +// 
   18.37 +// vtpm_migrator.h
   18.38 +// 
   18.39 +//  Public Interface header for VTPM Migrator 
   18.40 +//
   18.41 +// ==================================================================
   18.42 +
   18.43 +#ifndef __VTPM_MIGRATOR_H__
   18.44 +#define __VTPM_MIGRATOR_H__
   18.45 +
   18.46 +#define VTPM_MTAG_REQ 0x02c1
   18.47 +#define VTPM_MTAG_RSP 0x02c4
   18.48 +
   18.49 +// Header sizes. 
   18.50 +#define VTPM_COMMAND_HEADER_SIZE ( 2 + 4 + 4)
   18.51 +//               sizeof(TPM_TAG + UINT32 + TPM_COMMAND_CODE)
   18.52 +
   18.53 +//*********************** Connection Info **************************
   18.54 +#define VTPM_MIG_PORT 48879 
   18.55 +
   18.56 +//************************ Command Codes ***************************
   18.57 +#define VTPM_MORD_MIG_STEP1     0x00
   18.58 +#define VTPM_MORD_MIG_STEP2     0x01
   18.59 +#define VTPM_MORD_MIG_STEP3     0x02
   18.60 +#define VTPM_MORD_MIG_STEP4     0x03
   18.61 +
   18.62 +//************************ Return Codes ****************************
   18.63 +#define VTPM_SUCCESS               0
   18.64 +#define VTPM_FAIL                  1
   18.65 +
   18.66 +/******************* Command Parameter API *************************
   18.67 +
   18.68 +VTPM Command Format
   18.69 +  tpm tag: 2 bytes
   18.70 +  command size: 4 bytes         // Size of command including header but not DMI
   18.71 +  ord: 4 bytes                  // Command ordinal above
   18.72 +  parameters: size - 10 bytes   // Command Parameter
   18.73 +
   18.74 +VTPM Response Format
   18.75 +  tpm tag: 2 bytes
   18.76 +  response_size: 4 bytes
   18.77 +  status: 4 bytes         
   18.78 +  parameters: size - 10 bytes
   18.79 +
   18.80 +
   18.81 +VTPM_Mig_Phase1:
   18.82 +    Unsupported: (Handled by scripts)
   18.83 +    
   18.84 +VTPM_Mig_Phase2
   18.85 +  Input Parameters:
   18.86 +    domain_name_size: 4 bytes
   18.87 +    domain_name : domain_name_size bytes
   18.88 +  Output Parameters:
   18.89 +    pub_exp_size: 4 bytes
   18.90 +    pub_exp: pub_exp_size bytes
   18.91 +    pub_mod_size: 4 bytes
   18.92 +    pub_mod: pub_mod_size bytes
   18.93 +
   18.94 +VTPM_Mig_Phase3
   18.95 +  Input Parameters:
   18.96 +    vtpm_state_size: 4 bytes
   18.97 +    vtpm_state: vtpm_state_size bytes
   18.98 +  Output Parameters:
   18.99 +    none
  18.100 +
  18.101 +VTPM_Mig_Phase4
  18.102 +    Unsupported: (Handled by scripts)
  18.103 +
  18.104 +
  18.105 +*********************************************************************/
  18.106 +
  18.107 +#endif //_VTPM_MANAGER_H_
    19.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    19.2 +++ b/tools/vtpm_manager/migration/vtpm_migrator_if.c	Mon Jul 10 15:38:49 2006 +0100
    19.3 @@ -0,0 +1,219 @@
    19.4 +// ===================================================================
    19.5 +// 
    19.6 +// Copyright (c) 2005, Intel Corp.
    19.7 +// All rights reserved.
    19.8 +//
    19.9 +// Redistribution and use in source and binary forms, with or without 
   19.10 +// modification, are permitted provided that the following conditions 
   19.11 +// are met:
   19.12 +//
   19.13 +//   * Redistributions of source code must retain the above copyright 
   19.14 +//     notice, this list of conditions and the following disclaimer.
   19.15 +//   * Redistributions in binary form must reproduce the above 
   19.16 +//     copyright notice, this list of conditions and the following 
   19.17 +//     disclaimer in the documentation and/or other materials provided 
   19.18 +//     with the distribution.
   19.19 +//   * Neither the name of Intel Corporation nor the names of its 
   19.20 +//     contributors may be used to endorse or promote products derived
   19.21 +//     from this software without specific prior written permission.
   19.22 +//
   19.23 +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
   19.24 +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
   19.25 +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
   19.26 +// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 
   19.27 +// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
   19.28 +// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
   19.29 +// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
   19.30 +// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   19.31 +// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
   19.32 +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
   19.33 +// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
   19.34 +// OF THE POSSIBILITY OF SUCH DAMAGE.
   19.35 +// ===================================================================
   19.36 +// 
   19.37 +// vtpm_migrator_if.c
   19.38 +// 
   19.39 +//  Provides functions to call open network connection & call
   19.40 +//  a function on the vtpm_migratord on the destination
   19.41 +//
   19.42 +// ==================================================================
   19.43 +
   19.44 +#include <stdio.h>
   19.45 +#include <sys/types.h>
   19.46 +#include <sys/socket.h>
   19.47 +#include <netinet/in.h>
   19.48 +#include <arpa/inet.h>
   19.49 +#include <netdb.h>
   19.50 +#include <string.h>
   19.51 +#include <malloc.h>
   19.52 +
   19.53 +#include "tcg.h"
   19.54 +#include "buffer.h"
   19.55 +#include "log.h"
   19.56 +#include "bsg.h"
   19.57 +#include "vtpm_migrator.h"
   19.58 +
   19.59 +static int sock_desc;
   19.60 +
   19.61 +
   19.62 +TPM_RESULT vtpm_migratord_open(char *server_address){
   19.63 +
   19.64 +  TPM_RESULT status = TPM_FAIL;
   19.65 +
   19.66 +  /* network variables */
   19.67 +  struct in_addr ip_addr;
   19.68 +  struct sockaddr_in server_addr;
   19.69 +  int addr_len;
   19.70 +  struct hostent *dns_info=NULL;
   19.71 +
   19.72 +  /* set up connection to server*/
   19.73 +  dns_info = gethostbyname(server_address);
   19.74 +  ip_addr.s_addr = *((unsigned long *) dns_info->h_addr_list[0]);
   19.75 +
   19.76 +  if(ip_addr.s_addr < 0) {
   19.77 +    status = TPM_BAD_PARAMETER;
   19.78 +    goto abort_egress;
   19.79 +  }
   19.80 +
   19.81 +  /* set up server variable */
   19.82 +  memset((char *)&server_addr, 0, sizeof(server_addr));
   19.83 +  server_addr.sin_family = AF_INET;
   19.84 +  server_addr.sin_port = htons(VTPM_MIG_PORT);
   19.85 +  server_addr.sin_addr.s_addr = ip_addr.s_addr;
   19.86 +
   19.87 +  /* open socket, make connection */
   19.88 +  sock_desc = socket(AF_INET, SOCK_STREAM, 0);
   19.89 +
   19.90 +  if (sock_desc < 0 ) {
   19.91 +    status = TPM_IOERROR;
   19.92 +    goto abort_egress;
   19.93 +  }
   19.94 +
   19.95 +  if (connect(sock_desc,
   19.96 +              (struct sockaddr *)&server_addr,
   19.97 +              sizeof(server_addr)) < 0 ) {
   19.98 +    status = TPM_BAD_PARAMETER;
   19.99 +    goto abort_egress;
  19.100 +  }
  19.101 +
  19.102 +  status = TPM_SUCCESS;
  19.103 +  goto egress;
  19.104 +
  19.105 + abort_egress:
  19.106 + egress:
  19.107 +
  19.108 +  return status;
  19.109 +}
  19.110 +
  19.111 +void vtpm_migratord_close() {
  19.112 +  close(sock_desc);
  19.113 +}
  19.114 +
  19.115 +
  19.116 +TPM_RESULT vtpm_migratord_command(TPM_COMMAND_CODE ord,
  19.117 +                                buffer_t *command_param_buf,
  19.118 +                                TPM_RESULT *cmd_status, /* out */
  19.119 +                                buffer_t *result_param_buf) {
  19.120 +
  19.121 +  TPM_RESULT status = TPM_FAIL;
  19.122 +  int  size_read, size_write, i;
  19.123 +  BYTE *command, response_header[VTPM_COMMAND_HEADER_SIZE];
  19.124 +  UINT32 dmi_id=0, command_size, out_param_size, adj_param_size;
  19.125 +  TPM_TAG tag=VTPM_MTAG_REQ;
  19.126 +
  19.127 +  if ( (!command_param_buf) || (!result_param_buf) || (!cmd_status) ) {
  19.128 +    status = TPM_BAD_PARAMETER;
  19.129 +    goto abort_egress;
  19.130 +  }   
  19.131 +  
  19.132 +  command_size = VTPM_COMMAND_HEADER_SIZE + buffer_len(command_param_buf);
  19.133 +  command = (BYTE *) malloc( command_size );
  19.134 +  if (!command) {
  19.135 +    status = TPM_RESOURCES;
  19.136 +    goto abort_egress;
  19.137 +  }
  19.138 +
  19.139 +  BSG_PackList(command, 3,
  19.140 +                 BSG_TPM_TAG, &tag,
  19.141 +                 BSG_TYPE_UINT32, &command_size,
  19.142 +                 BSG_TPM_COMMAND_CODE, &ord );
  19.143 +
  19.144 +  memcpy(command + VTPM_COMMAND_HEADER_SIZE, command_param_buf->bytes, buffer_len(command_param_buf));
  19.145 +
  19.146 +  size_write = write(sock_desc, command, command_size);
  19.147 +
  19.148 +  if (size_write > 0) {
  19.149 +    vtpmloginfo(VTPM_LOG_VTPM_DEEP, "SENT (MIGd): 0x");
  19.150 +    for (i=0; i< command_size; i++) {
  19.151 +      vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", command[i]);
  19.152 +    }
  19.153 +    vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "\n");
  19.154 +  } else {
  19.155 +    vtpmlogerror(VTPM_LOG_VTPM, "Error writing to migration server via network.\n");
  19.156 +    status = TPM_IOERROR;
  19.157 +    goto abort_egress;
  19.158 +  }
  19.159 +
  19.160 +  if (size_write != (int) command_size )
  19.161 +    vtpmlogerror(VTPM_LOG_VTPM, "Could not write entire command to migration server (%d/%d)\n", size_write, command_size);
  19.162 +
  19.163 +  // Read header for response 
  19.164 +  size_read = read(sock_desc, response_header, VTPM_COMMAND_HEADER_SIZE);
  19.165 +  if (size_read > 0) {
  19.166 +    vtpmloginfo(VTPM_LOG_VTPM_DEEP, "RECV (MIGd): 0x");
  19.167 +    for (i=0; i<size_read; i++)
  19.168 +      vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", response_header[i]);
  19.169 +
  19.170 +  } else {
  19.171 +    vtpmlogerror(VTPM_LOG_VTPM, "Error reading from Migration Server.\n");
  19.172 +    status = TPM_IOERROR;
  19.173 +    goto abort_egress;
  19.174 +  }
  19.175 +
  19.176 +  if (size_read < (int) VTPM_COMMAND_HEADER_SIZE) {
  19.177 +    vtpmlogerror(VTPM_LOG_VTPM, "Command from migration server shorter than std header.\n");
  19.178 +    status = TPM_IOERROR;
  19.179 +    goto abort_egress;
  19.180 +  }
  19.181 +
  19.182 +  // Unpack response from DMI for TPM command
  19.183 +  BSG_UnpackList(response_header, 3,
  19.184 +                 BSG_TPM_TAG, &tag,
  19.185 +                 BSG_TYPE_UINT32, &out_param_size,
  19.186 +                 BSG_TPM_COMMAND_CODE, cmd_status );
  19.187 +
  19.188 +  // If response has parameters, read them.
  19.189 +  adj_param_size = out_param_size - VTPM_COMMAND_HEADER_SIZE;
  19.190 +  if (adj_param_size > 0) {
  19.191 +    TPMTRYRETURN( buffer_init( result_param_buf, adj_param_size, NULL) );
  19.192 +    size_read = read(sock_desc, result_param_buf->bytes, adj_param_size);
  19.193 +    if (size_read > 0) {
  19.194 +      for (i=0; i< size_read; i++)
  19.195 +        vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", result_param_buf->bytes[i]);
  19.196 +
  19.197 +    } else {
  19.198 +      vtpmlogerror(VTPM_LOG_VTPM, "Error reading from migration server.\n");
  19.199 +      goto abort_egress;
  19.200 +    }
  19.201 +    vtpmloginfomore(VTPM_LOG_VTPM, "\n");
  19.202 +
  19.203 +    if (size_read < (int)adj_param_size) {
  19.204 +      vtpmloginfomore(VTPM_LOG_VTPM, "\n");
  19.205 +      vtpmlogerror(VTPM_LOG_VTPM, "Command read(%d) is shorter than header indicates(%d).\n", size_read, adj_param_size);
  19.206 +      status = TPM_IOERROR;
  19.207 +      goto abort_egress;
  19.208 +    }
  19.209 +  } else {
  19.210 +    vtpmloginfomore(VTPM_LOG_VTPM, "\n");
  19.211 +  }
  19.212 +
  19.213 +  status=TPM_SUCCESS;
  19.214 +  goto egress;
  19.215 +
  19.216 + abort_egress:
  19.217 + egress:
  19.218 +
  19.219 +  return status;
  19.220 +}
  19.221 +
  19.222 +
    20.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    20.2 +++ b/tools/vtpm_manager/migration/vtpm_migratorc.c	Mon Jul 10 15:38:49 2006 +0100
    20.3 @@ -0,0 +1,211 @@
    20.4 +// ===================================================================
    20.5 +//
    20.6 +// Copyright (c) 2005, Intel Corp.
    20.7 +// All rights reserved.
    20.8 +//
    20.9 +// Redistribution and use in source and binary forms, with or without
   20.10 +// modification, are permitted provided that the following conditions
   20.11 +// are met:
   20.12 +//
   20.13 +//   * Redistributions of source code must retain the above copyright
   20.14 +//     notice, this list of conditions and the following disclaimer.
   20.15 +//   * Redistributions in binary form must reproduce the above
   20.16 +//     copyright notice, this list of conditions and the following
   20.17 +//     disclaimer in the documentation and/or other materials provided
   20.18 +//     with the distribution.
   20.19 +//   * Neither the name of Intel Corporation nor the names of its
   20.20 +//     contributors may be used to endorse or promote products derived
   20.21 +//     from this software without specific prior written permission.
   20.22 +//
   20.23 +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
   20.24 +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
   20.25 +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
   20.26 +// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
   20.27 +// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
   20.28 +// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
   20.29 +// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
   20.30 +// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   20.31 +// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
   20.32 +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
   20.33 +// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
   20.34 +// OF THE POSSIBILITY OF SUCH DAMAGE.
   20.35 +// ===================================================================
   20.36 +
   20.37 +#include <stdio.h>
   20.38 +#include <string.h>
   20.39 +
   20.40 +#include "tcg.h"
   20.41 +#include "log.h"
   20.42 +#include "bsg.h"
   20.43 +#include "buffer.h"
   20.44 +#include "vtpm_migrator.h"
   20.45 +#include "vtpm_manager.h"
   20.46 +
   20.47 +TPM_RESULT handle_vtpm_mig_step2(char *server_addr, 
   20.48 +                                 char *name, 
   20.49 +                                 UINT32 instance) {
   20.50 +  TPM_RESULT status, cmd_status;
   20.51 +  buffer_t out_param_buf=NULL_BUF, mig_key_buf=NULL_BUF, empty_buf=NULL_BUF;
   20.52 +  UINT32 offset; 
   20.53 +  struct pack_buf_t addr_data32;
   20.54 +
   20.55 +  //===== Get Destination's Public Migration Key ======
   20.56 +  TPMTRYRETURN( vtpm_migratord_open(server_addr) );
   20.57 +
   20.58 +  TPMTRYRETURN( vtpm_migratord_command(VTPM_MORD_MIG_STEP2,
   20.59 +                                     &out_param_buf,
   20.60 +                                     &cmd_status, 
   20.61 +                                     &mig_key_buf) ); 
   20.62 +  vtpm_migratord_close();
   20.63 +
   20.64 +  TPMTRYRETURN(cmd_status);
   20.65 +
   20.66 +  //===== Load migration key into vtpm_manager ========
   20.67 +
   20.68 +  addr_data32.data = (BYTE *)server_addr;
   20.69 +  addr_data32.size = strlen(server_addr) + 1; // Include the null
   20.70 +
   20.71 +  TPMTRYRETURN ( buffer_init ( &out_param_buf, 
   20.72 +                               sizeof(UINT32) + addr_data32.size +buffer_len(&mig_key_buf),
   20.73 +                               NULL ) ) ;
   20.74 +
   20.75 +  offset =  BSG_PackList(out_param_buf.bytes, 1,
   20.76 +               BSG_TPM_SIZE32_DATA, &addr_data32);
   20.77 +
   20.78 +  memcpy(out_param_buf.bytes + offset , mig_key_buf.bytes, buffer_len(&mig_key_buf) );
   20.79 +
   20.80 +  TPMTRYRETURN ( vtpm_manager_open() );
   20.81 +
   20.82 +  TPMTRYRETURN ( vtpm_manager_command(VTPM_ORD_LOAD_MIG_KEY,
   20.83 +                                      &out_param_buf,
   20.84 +                                      &cmd_status,
   20.85 +                                      &empty_buf) );
   20.86 +
   20.87 +  vtpm_manager_close();
   20.88 +
   20.89 +  TPMTRYRETURN(cmd_status);
   20.90 +
   20.91 +  goto egress;
   20.92 +
   20.93 + abort_egress:
   20.94 + egress:
   20.95 +
   20.96 +  buffer_free(&mig_key_buf);
   20.97 +  buffer_free(&out_param_buf);
   20.98 +
   20.99 +  return status;
  20.100 +}
  20.101 +
  20.102 +
  20.103 +TPM_RESULT handle_vtpm_mig_step3(char *server_addr, 
  20.104 +                                 char *name, 
  20.105 +                                 UINT32 instance) {
  20.106 +  TPM_RESULT status, cmd_status;
  20.107 +  buffer_t out_param_buf=NULL_BUF, state_buf=NULL_BUF, empty_buf=NULL_BUF;
  20.108 +  struct pack_buf_t addr_data32, name_data32, state_data32;
  20.109 +
  20.110 +  //===== Get vtpm state from vtpm_manager ========
  20.111 +  addr_data32.data = (BYTE *)server_addr;
  20.112 +  addr_data32.size = strlen(server_addr) + 1; // Include the null
  20.113 +
  20.114 +  TPMTRYRETURN ( buffer_init ( &out_param_buf,
  20.115 +                               (2 * sizeof(UINT32)) + addr_data32.size,
  20.116 +                               NULL ) ) ;
  20.117 +
  20.118 +  BSG_PackList(out_param_buf.bytes, 2,
  20.119 +                 BSG_TYPE_UINT32, &instance, 
  20.120 +                 BSG_TPM_SIZE32_DATA, &addr_data32);
  20.121 +
  20.122 +  TPMTRYRETURN ( vtpm_manager_open() );
  20.123 +
  20.124 +  TPMTRYRETURN ( vtpm_manager_command(VTPM_ORD_MIGRATE_OUT,
  20.125 +                                      &out_param_buf,
  20.126 +                                      &cmd_status,
  20.127 +                                      &state_buf) );
  20.128 +
  20.129 +  vtpm_manager_close();
  20.130 +
  20.131 +  TPMTRYRETURN(cmd_status);
  20.132 +
  20.133 +  TPMTRYRETURN( buffer_free( &out_param_buf ) );
  20.134 +
  20.135 +  //===== Send vtpm state to destination ======
  20.136 +  name_data32.data = (BYTE *)name;
  20.137 +  name_data32.size = strlen(name) + 1; // Include the null
  20.138 +  state_data32.data = state_buf.bytes;
  20.139 +  state_data32.size = buffer_len(&state_buf);
  20.140 +
  20.141 +  TPMTRYRETURN( buffer_init( &out_param_buf,
  20.142 +                             2 * sizeof(UINT32) + name_data32.size + state_data32.size,
  20.143 +                             NULL ) ) ;
  20.144 +                             
  20.145 +  BSG_PackList(out_param_buf.bytes, 2,
  20.146 +                 BSG_TPM_SIZE32_DATA, &name_data32,
  20.147 +                 BSG_TPM_SIZE32_DATA, &state_data32);
  20.148 +
  20.149 +  TPMTRYRETURN( vtpm_migratord_open(server_addr) );
  20.150 +
  20.151 +  TPMTRYRETURN( vtpm_migratord_command(VTPM_MORD_MIG_STEP3,
  20.152 +                                     &out_param_buf,
  20.153 +                                     &cmd_status, 
  20.154 +                                     &empty_buf) ); 
  20.155 +  vtpm_migratord_close();
  20.156 +
  20.157 +  TPMTRYRETURN(cmd_status);
  20.158 +
  20.159 +  goto egress;
  20.160 +
  20.161 + abort_egress:
  20.162 + egress:
  20.163 +
  20.164 +  buffer_free( &out_param_buf);
  20.165 +  buffer_free( &state_buf);
  20.166 +  buffer_free( &empty_buf);
  20.167 +
  20.168 +  return status;
  20.169 +}
  20.170 +
  20.171 +
  20.172 +// Usage vtpm_migrator addr domain_name instance step
  20.173 +
  20.174 +int main(int argc, char **argv) {
  20.175 +
  20.176 +    /* variables for processing of command */
  20.177 +    TPM_RESULT status = TPM_FAIL;
  20.178 +    char *server_addr, *name;
  20.179 +    UINT32 instance, step;
  20.180 +
  20.181 +    if (argc != 5) {
  20.182 +      vtpmlogerror(VTPM_LOG_VTPM, "Usage: vtpm_migrator addr vm_name instance step\n");
  20.183 +      vtpmlogerror(VTPM_LOG_VTPM, "       params given %d\n", argc);
  20.184 +      status= TPM_BAD_PARAMETER;
  20.185 +      goto abort_egress;
  20.186 +    }
  20.187 +
  20.188 +    server_addr = argv[1];
  20.189 +    name = argv[2];
  20.190 +    instance = atoi( argv[3] );
  20.191 +    step = atoi( argv[4] );    
  20.192 +
  20.193 +    switch (step) {
  20.194 +    case VTPM_MORD_MIG_STEP2:
  20.195 +      status = handle_vtpm_mig_step2(server_addr, name, instance);
  20.196 +      break;
  20.197 + 
  20.198 +    case VTPM_MORD_MIG_STEP3:
  20.199 +      status = handle_vtpm_mig_step3(server_addr, name, instance);
  20.200 +      break;
  20.201 +
  20.202 +    default:
  20.203 +      status = TPM_BAD_PARAMETER;
  20.204 +      goto abort_egress;
  20.205 +      break;
  20.206 +    }
  20.207 + 
  20.208 +    goto egress;
  20.209 + abort_egress:
  20.210 + egress:
  20.211 +
  20.212 +    return status;
  20.213 +}
  20.214 +
    21.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    21.2 +++ b/tools/vtpm_manager/migration/vtpm_migratord.c	Mon Jul 10 15:38:49 2006 +0100
    21.3 @@ -0,0 +1,202 @@
    21.4 +// ===================================================================
    21.5 +//
    21.6 +// Copyright (c) 2005, Intel Corp.
    21.7 +// All rights reserved.
    21.8 +//
    21.9 +// Redistribution and use in source and binary forms, with or without
   21.10 +// modification, are permitted provided that the following conditions
   21.11 +// are met:
   21.12 +//
   21.13 +//   * Redistributions of source code must retain the above copyright
   21.14 +//     notice, this list of conditions and the following disclaimer.
   21.15 +//   * Redistributions in binary form must reproduce the above
   21.16 +//     copyright notice, this list of conditions and the following
   21.17 +//     disclaimer in the documentation and/or other materials provided
   21.18 +//     with the distribution.
   21.19 +//   * Neither the name of Intel Corporation nor the names of its
   21.20 +//     contributors may be used to endorse or promote products derived
   21.21 +//     from this software without specific prior written permission.
   21.22 +//
   21.23 +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
   21.24 +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
   21.25 +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
   21.26 +// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
   21.27 +// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
   21.28 +// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
   21.29 +// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
   21.30 +// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   21.31 +// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
   21.32 +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
   21.33 +// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
   21.34 +// OF THE POSSIBILITY OF SUCH DAMAGE.
   21.35 +// ===================================================================
   21.36 +
   21.37 +#include <stdio.h>
   21.38 +#include <sys/types.h>
   21.39 +#include <sys/socket.h>
   21.40 +#include <netinet/in.h>
   21.41 +#include <arpa/inet.h>
   21.42 +#include <string.h>
   21.43 +
   21.44 +#include "tcg.h"
   21.45 +#include "log.h"
   21.46 +#include "bsg.h"
   21.47 +#include "buffer.h"
   21.48 +#include "vtpm_migrator.h"
   21.49 +
   21.50 +void build_error_msg( buffer_t *buf, TPM_RESULT status) {
   21.51 +  TPM_TAG tag = VTPM_MTAG_RSP;
   21.52 +  UINT32 out_param_size = VTPM_COMMAND_HEADER_SIZE;
   21.53 +
   21.54 +  buffer_init(buf, out_param_size, NULL);
   21.55 + 
   21.56 +  BSG_PackList(buf->bytes, 3,
   21.57 +                 BSG_TPM_TAG, &tag,
   21.58 +                 BSG_TYPE_UINT32, &out_param_size,
   21.59 +                 BSG_TPM_RESULT, &status );
   21.60 +}
   21.61 +
   21.62 +int main() {
   21.63 +
   21.64 +    /* network variables */
   21.65 +    int sock_descr, client_sock=-1, len;
   21.66 +    struct sockaddr_in addr;
   21.67 +    struct sockaddr_in client_addr;
   21.68 +    unsigned int client_length;
   21.69 +    int bytes;
   21.70 +
   21.71 +    /* variables for processing of command */
   21.72 +    TPM_RESULT status = TPM_FAIL;
   21.73 +    BYTE cmd_header[VTPM_COMMAND_HEADER_SIZE];
   21.74 +    TPM_TAG tag;
   21.75 +    TPM_COMMAND_CODE ord;
   21.76 +    UINT32 in_param_size, adj_param_size;
   21.77 +    int i, size_read, size_write;
   21.78 +    buffer_t in_param_buf=NULL_BUF, result_buf=NULL_BUF;
   21.79 +
   21.80 +
   21.81 +    /* setup socket */
   21.82 +    sock_descr = socket(AF_INET, SOCK_STREAM, 0);
   21.83 +
   21.84 +    memset(&addr, 0, sizeof(addr));
   21.85 +    addr.sin_family = AF_INET;
   21.86 +    addr.sin_addr.s_addr = htonl(INADDR_ANY);
   21.87 +    addr.sin_port = htons(VTPM_MIG_PORT);
   21.88 +
   21.89 +    if (bind(sock_descr, (struct sockaddr *)&addr, sizeof(addr)) == -1 ) {
   21.90 +        vtpmlogerror(VTPM_LOG_VTPM, "Failed to bind to port %d.\n", VTPM_MIG_PORT);
   21.91 +        return 1;
   21.92 +    }
   21.93 +        
   21.94 +    listen(sock_descr, 10);
   21.95 +
   21.96 +    for(;;) {
   21.97 +        // ============ clear client info and wait for connection ==========
   21.98 +        memset(&client_addr, 0, sizeof(client_addr));
   21.99 +        client_length = sizeof(client_addr);
  21.100 +
  21.101 +        vtpmloginfo(VTPM_LOG_VTPM, "Waiting for incoming migrations...\n");
  21.102 +        client_sock=accept(sock_descr, &client_addr, &client_length);
  21.103 +        if (client_sock == -1) {
  21.104 +            vtpmlogerror(VTPM_LOG_VTPM, "Incoming connectionn failed.\n");
  21.105 +            goto abort_command;
  21.106 +        } else {
  21.107 +            vtpmloginfo(VTPM_LOG_VTPM, "Incoming connection accepted.\n");
  21.108 +        }
  21.109 +
  21.110 +        // =================== Read incoming command ======================
  21.111 +        size_read = read( client_sock, cmd_header, VTPM_COMMAND_HEADER_SIZE);
  21.112 +        if (size_read > 0) {
  21.113 +            vtpmloginfo(VTPM_LOG_VTPM_DEEP, "RECV: 0x");
  21.114 +            for (i=0; i<size_read; i++)
  21.115 +                vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", cmd_header[i]);
  21.116 +
  21.117 +        } else {
  21.118 +            vtpmlogerror(VTPM_LOG_VTPM, "Error reading from socket.\n");
  21.119 +            build_error_msg(&result_buf, TPM_IOERROR);
  21.120 +            goto abort_command_with_error;
  21.121 +        }
  21.122 +
  21.123 +        if (size_read < (int) VTPM_COMMAND_HEADER_SIZE) {
  21.124 +            vtpmlogerror(VTPM_LOG_VTPM, "Command from socket shorter than std header.\n");
  21.125 +            build_error_msg(&result_buf, TPM_BAD_PARAMETER);
  21.126 +            goto abort_command_with_error;
  21.127 +        }
  21.128 +
  21.129 +        // Unpack response from client
  21.130 +        BSG_UnpackList(cmd_header, 3,
  21.131 +                       BSG_TPM_TAG, &tag,
  21.132 +                       BSG_TYPE_UINT32, &in_param_size,
  21.133 +                       BSG_TPM_COMMAND_CODE, &ord );
  21.134 +
  21.135 +
  21.136 +        // If response has parameters, read them.
  21.137 +        // Note that out_param_size is in the client's context
  21.138 +        adj_param_size = in_param_size - VTPM_COMMAND_HEADER_SIZE;
  21.139 +        if (adj_param_size > 0) {
  21.140 +            buffer_init( &in_param_buf, adj_param_size, NULL);
  21.141 +            size_read = read(client_sock, in_param_buf.bytes, adj_param_size);
  21.142 +            if (size_read > 0) {
  21.143 +                for (i=0; i< size_read; i++)
  21.144 +                vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", in_param_buf.bytes[i]);
  21.145 +
  21.146 +            } else {
  21.147 +                vtpmlogerror(VTPM_LOG_VTPM, "Error reading from socket.\n");
  21.148 +                build_error_msg(&result_buf, TPM_IOERROR);
  21.149 +                goto abort_command_with_error;
  21.150 +            }
  21.151 +            vtpmloginfomore(VTPM_LOG_VTPM, "\n");
  21.152 +
  21.153 +            if (size_read < (int)adj_param_size) {
  21.154 +                vtpmloginfomore(VTPM_LOG_VTPM, "\n");
  21.155 +                vtpmlogerror(VTPM_LOG_VTPM, "Command read(%d) is shorter than header indicates(%d).\n", size_read, adj_param_size);
  21.156 +                build_error_msg(&result_buf, TPM_BAD_PARAMETER);
  21.157 +                goto abort_command_with_error;
  21.158 +            }
  21.159 +        } else {
  21.160 +            vtpmloginfomore(VTPM_LOG_VTPM, "\n");
  21.161 +        }
  21.162 +
  21.163 +        /* Handle Command */
  21.164 +        switch (ord) {
  21.165 +        case VTPM_MORD_MIG_STEP2:
  21.166 +          handle_vtpm_mig_step2(&in_param_buf, &result_buf);
  21.167 +          break;
  21.168 + 
  21.169 +        case VTPM_MORD_MIG_STEP3:
  21.170 +          handle_vtpm_mig_step3(&in_param_buf, &result_buf);
  21.171 +          break;
  21.172 +
  21.173 +        default:
  21.174 +            build_error_msg(&result_buf, TPM_BAD_PARAMETER);
  21.175 +            goto abort_command_with_error;
  21.176 +        }
  21.177 +
  21.178 +  abort_command_with_error:
  21.179 +        /* Write Response */
  21.180 +        size_write = write(client_sock, result_buf.bytes, buffer_len(&result_buf));
  21.181 +
  21.182 +        if (size_write > 0) {
  21.183 +            vtpmloginfo(VTPM_LOG_VTPM_DEEP, "SENT: 0x");
  21.184 +            for (i=0; i< buffer_len(&result_buf); i++) {
  21.185 +                vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", result_buf.bytes[i]);
  21.186 +            }
  21.187 +            vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "\n");
  21.188 +        } else {
  21.189 +            vtpmlogerror(VTPM_LOG_VTPM, "Error writing response to client.\n");
  21.190 +            goto abort_command;
  21.191 +        }
  21.192 +
  21.193 +        if (size_write != (int) buffer_len(&result_buf) )
  21.194 +           vtpmlogerror(VTPM_LOG_VTPM, "Could not send entire response to client(%d/%d)\n", size_write, buffer_len(&result_buf));
  21.195 +
  21.196 +  abort_command:
  21.197 +        close(client_sock);
  21.198 +        buffer_free(&in_param_buf);
  21.199 +        buffer_free(&result_buf);
  21.200 +
  21.201 +    } // For (;;)
  21.202 +
  21.203 +    return 0;
  21.204 +}
  21.205 +
    22.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    22.2 +++ b/tools/vtpm_manager/migration/vtpm_migratord_handler.c	Mon Jul 10 15:38:49 2006 +0100
    22.3 @@ -0,0 +1,171 @@
    22.4 +// ===================================================================
    22.5 +// 
    22.6 +// Copyright (c) 2005, Intel Corp.
    22.7 +// All rights reserved.
    22.8 +//
    22.9 +// Redistribution and use in source and binary forms, with or without 
   22.10 +// modification, are permitted provided that the following conditions 
   22.11 +// are met:
   22.12 +//
   22.13 +//   * Redistributions of source code must retain the above copyright 
   22.14 +//     notice, this list of conditions and the following disclaimer.
   22.15 +//   * Redistributions in binary form must reproduce the above 
   22.16 +//     copyright notice, this list of conditions and the following 
   22.17 +//     disclaimer in the documentation and/or other materials provided 
   22.18 +//     with the distribution.
   22.19 +//   * Neither the name of Intel Corporation nor the names of its 
   22.20 +//     contributors may be used to endorse or promote products derived
   22.21 +//     from this software without specific prior written permission.
   22.22 +//
   22.23 +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
   22.24 +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
   22.25 +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
   22.26 +// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 
   22.27 +// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
   22.28 +// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
   22.29 +// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
   22.30 +// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   22.31 +// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
   22.32 +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
   22.33 +// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
   22.34 +// OF THE POSSIBILITY OF SUCH DAMAGE.
   22.35 +// ===================================================================
   22.36 +
   22.37 +#include <stdlib.h>
   22.38 +#include <string.h>
   22.39 +
   22.40 +#include "tcg.h"
   22.41 +#include "bsg.h"
   22.42 +#include "log.h"
   22.43 +#include "vtpm_migrator.h"
   22.44 +#include "vtpm_manager.h"
   22.45 +
   22.46 +#define VTPM_SH_CMD_HDR  "bash -c \"cd /etc/xen/scripts; source /etc/xen/scripts/vtpm-common.sh;"
   22.47 +#define VTPM_SH_CMD_FTR  "\""
   22.48 +#define VTPM_SH_GETINST  "vtpmdb_get_free_instancenum"
   22.49 +#define VTPM_SH_ADD      "vtpm_add_and_activate"
   22.50 +#define VTPM_SH_RESUME   "vtpm_resume"
   22.51 +
   22.52 +// This must be updated to the longest command name. Currently GETINST
   22.53 +#define VTPM_SH_CMD_SIZE (strlen(VTPM_SH_CMD_HDR) + strlen(VTPM_SH_CMD_FTR) + 1 + strlen(VTPM_SH_GETINST) + 2)
   22.54 +
   22.55 +void handle_vtpm_mig_step2(buffer_t *in_param_buf, buffer_t *result_buf){
   22.56 +
   22.57 +  TPM_TAG tag = VTPM_TAG_RSP;
   22.58 +  buffer_t out_param_buf= NULL_BUF, mig_key_buf=NULL_BUF; 
   22.59 +  TPM_RESULT status=TPM_SUCCESS, cmd_status;
   22.60 +  UINT32 out_param_size;
   22.61 +  
   22.62 +  if ( (!in_param_buf) || (!result_buf) ) {
   22.63 +    status = TPM_BAD_PARAMETER;
   22.64 +    goto abort_egress;
   22.65 +  }
   22.66 +
   22.67 +  // ================= Call manager and get mig key ===============
   22.68 +  TPMTRYRETURN( vtpm_manager_open() ); 
   22.69 +  TPMTRYRETURN( vtpm_manager_command(VTPM_ORD_GET_MIG_KEY,
   22.70 +                                     &out_param_buf, // Empty
   22.71 +                                     &cmd_status,
   22.72 +                                     &mig_key_buf) );
   22.73 +  
   22.74 +  vtpm_manager_close();
   22.75 +
   22.76 +  TPMTRYRETURN(cmd_status);
   22.77 +
   22.78 +  // ==================== return the  mig key =====================
   22.79 +  out_param_size =  VTPM_COMMAND_HEADER_SIZE + buffer_len(&mig_key_buf);
   22.80 +
   22.81 +  TPMTRYRETURN( buffer_init(result_buf, 
   22.82 +                            out_param_size,
   22.83 +                            NULL) );
   22.84 +
   22.85 +  BSG_PackList( result_buf->bytes, 3,
   22.86 +                  BSG_TPM_TAG, &tag,
   22.87 +                  BSG_TYPE_UINT32, &out_param_size,
   22.88 +                  BSG_TPM_RESULT, &status);
   22.89 +
   22.90 +  memcpy(result_buf->bytes + VTPM_COMMAND_HEADER_SIZE, 
   22.91 +         mig_key_buf.bytes, buffer_len(&mig_key_buf));
   22.92 +
   22.93 +  goto egress;
   22.94 +
   22.95 + abort_egress:
   22.96 +  buffer_free(result_buf);
   22.97 +  build_error_msg(result_buf, status);
   22.98 +
   22.99 + egress:
  22.100 +  return;
  22.101 +}
  22.102 +
  22.103 +void handle_vtpm_mig_step3(buffer_t *in_param_buf, buffer_t *result_buf){
  22.104 +  
  22.105 +  TPM_TAG tag = VTPM_TAG_RSP;
  22.106 +  buffer_t out_param_buf= NULL_BUF, mig_key_buf=NULL_BUF, empty_buf=NULL_BUF;
  22.107 +  TPM_RESULT status=TPM_SUCCESS, cmd_status;
  22.108 +  UINT32 out_param_size, instance;
  22.109 +  char *shell_cmd_str=NULL;
  22.110 +  FILE *shell_f=NULL;
  22.111 +
  22.112 +  if ( (!in_param_buf) || (!result_buf) ) {
  22.113 +    status = TPM_BAD_PARAMETER;
  22.114 +    goto abort_egress;
  22.115 +  }
  22.116 +
  22.117 +  // ================= Read Parameters ===============
  22.118 +  struct pack_buf_t name_data32, state_data32;
  22.119 +
  22.120 +  BSG_UnpackList(in_param_buf->bytes, 2,
  22.121 +                 BSG_TPM_SIZE32_DATA, &name_data32,
  22.122 +                 BSG_TPM_SIZE32_DATA, &state_data32);
  22.123 +
  22.124 +  // Before using this string, protect us from a non-null term array.
  22.125 +  if (name_data32.data[name_data32.size -1] != 0x00) {
  22.126 +    name_data32.data[name_data32.size -1] = 0x00;
  22.127 +  }
  22.128 +
  22.129 +  // ====== Call hotplug-script and get an instance ======
  22.130 +  shell_cmd_str = (char *) malloc(VTPM_SH_CMD_SIZE + name_data32.size + 10); // 10 is just padding for the UINT32
  22.131 +
  22.132 +  sprintf(shell_cmd_str, VTPM_SH_CMD_HDR VTPM_SH_GETINST VTPM_SH_CMD_FTR);
  22.133 +
  22.134 +  shell_f = popen(shell_cmd_str, "r");
  22.135 +  fscanf(shell_f, "%d", &instance);
  22.136 +  pclose(shell_f);
  22.137 +  
  22.138 +  // ====== Call hotplug-script and add instance ======
  22.139 +  sprintf(shell_cmd_str, VTPM_SH_CMD_HDR VTPM_SH_ADD " %s %d" VTPM_SH_CMD_FTR, name_data32.data, instance);
  22.140 +  system(shell_cmd_str);
  22.141 +
  22.142 +  // ========= Call vtpm_manager and load VTPM =======
  22.143 +  TPMTRYRETURN( buffer_init( &out_param_buf, 
  22.144 +                             2*sizeof(UINT32) + state_data32.size,
  22.145 +                             NULL) );
  22.146 +
  22.147 +  BSG_PackList(out_param_buf.bytes, 2,
  22.148 +                 BSG_TYPE_UINT32, &instance,
  22.149 +                 BSG_TPM_SIZE32_DATA, &state_data32);
  22.150 +
  22.151 +  TPMTRYRETURN( vtpm_manager_open() ); 
  22.152 +  TPMTRYRETURN( vtpm_manager_command(VTPM_ORD_MIGRATE_IN,
  22.153 +                                     &out_param_buf,
  22.154 +                                     &cmd_status,
  22.155 +                                     &empty_buf) );
  22.156 +
  22.157 +  vtpm_manager_close();
  22.158 +
  22.159 +  TPMTRYRETURN(cmd_status);
  22.160 +
  22.161 +  // ====== Call hotplug-script and resume instance ======
  22.162 +  sprintf(shell_cmd_str, VTPM_SH_CMD_HDR VTPM_SH_RESUME " %d" VTPM_SH_CMD_FTR, instance);
  22.163 +  system(shell_cmd_str);
  22.164 +
  22.165 +  goto egress;
  22.166 + abort_egress:
  22.167 + egress:
  22.168 +  free(shell_cmd_str);
  22.169 +
  22.170 +  // In this case no params come back, so reuse build_error_msg even for succes.
  22.171 +  build_error_msg(result_buf, status);
  22.172 +  return;
  22.173 +}
  22.174 +
    23.1 --- a/tools/vtpm_manager/util/buffer.c	Mon Jul 10 15:36:04 2006 +0100
    23.2 +++ b/tools/vtpm_manager/util/buffer.c	Mon Jul 10 15:38:49 2006 +0100
    23.3 @@ -124,7 +124,20 @@ TPM_RESULT buffer_init_alias (buffer_t *
    23.4    
    23.5    return TPM_SUCCESS;
    23.6  }
    23.7 -    
    23.8 +
    23.9 +// make an alias buffer_t into bytestream, with given length
   23.10 +TPM_RESULT buffer_init_alias_convert (buffer_t * buf, tpm_size_t size, BYTE* val) {
   23.11 +
   23.12 +  buf->size = size;
   23.13 +  buf->alloc_size = size;
   23.14 +  buf->bytes = val;
   23.15 +
   23.16 +  buf->is_owner = FALSE;
   23.17 +
   23.18 +  return TPM_SUCCESS;
   23.19 +}
   23.20 +
   23.21 + 
   23.22  
   23.23  // copy into the start of dest
   23.24  TPM_RESULT buffer_copy (buffer_t * dest, const buffer_t* src)
   23.25 @@ -132,8 +145,7 @@ TPM_RESULT buffer_copy (buffer_t * dest,
   23.26    TPM_RESULT status = TPM_SUCCESS;
   23.27      
   23.28    if (dest->alloc_size < src->size) {  
   23.29 -    status = buffer_priv_realloc (dest, src->size);
   23.30 -    STATUSCHECK (status);
   23.31 +    TPMTRYRETURN( buffer_priv_realloc (dest, src->size) );
   23.32    }
   23.33    
   23.34    memcpy (dest->bytes, src->bytes, src->size);
   23.35 @@ -162,8 +174,7 @@ TPM_RESULT buffer_append_raw (buffer_t *
   23.36    TPM_RESULT status = TPM_SUCCESS;
   23.37    
   23.38    if (buf->alloc_size < buf->size + len) {
   23.39 -    status = buffer_priv_realloc (buf, buf->size + len);
   23.40 -    STATUSCHECK (status);
   23.41 +    TPMTRYRETURN( buffer_priv_realloc (buf, buf->size + len) );
   23.42    }
   23.43    
   23.44    memcpy (buf->bytes + buf->size, bytes, len);
   23.45 @@ -187,6 +198,8 @@ TPM_RESULT buffer_free (buffer_t * buf) 
   23.46    if (buf && buf->is_owner && buf->bytes != NULL) {
   23.47      free (buf->bytes);
   23.48      buf->bytes = NULL;
   23.49 +    buf->size = buf->alloc_size = 0;
   23.50 +   
   23.51    }
   23.52    
   23.53    return TPM_SUCCESS;
    24.1 --- a/tools/vtpm_manager/util/buffer.h	Mon Jul 10 15:36:04 2006 +0100
    24.2 +++ b/tools/vtpm_manager/util/buffer.h	Mon Jul 10 15:38:49 2006 +0100
    24.3 @@ -69,6 +69,10 @@ TPM_RESULT buffer_init_const (buffer_t *
    24.4  TPM_RESULT buffer_init_alias (buffer_t * buf, const buffer_t * b,
    24.5                                tpm_size_t offset, tpm_size_t);
    24.6  
    24.7 +// make an alias buffer into a bytestream
    24.8 +TPM_RESULT buffer_init_alias_convert (buffer_t * buf, 
    24.9 +                                      tpm_size_t size, BYTE* val);
   24.10 +
   24.11  // "copy constructor"
   24.12  TPM_RESULT buffer_init_copy (buffer_t * buf, const buffer_t * src);
   24.13  
    25.1 --- a/tools/vtpm_manager/util/log.h	Mon Jul 10 15:36:04 2006 +0100
    25.2 +++ b/tools/vtpm_manager/util/log.h	Mon Jul 10 15:38:49 2006 +0100
    25.3 @@ -48,6 +48,7 @@
    25.4  #define VTPM_LOG_VTSP        6
    25.5  #define VTPM_LOG_VTPM        7
    25.6  #define VTPM_LOG_VTPM_DEEP   8
    25.7 +#define VTPM_LOG_VTSP_DEEP   9
    25.8  
    25.9  static char *module_names[] = { "",
   25.10                                  "CRYPTO",
   25.11 @@ -57,7 +58,8 @@ static char *module_names[] = { "",
   25.12                                  "TCS",
   25.13                                  "VTSP",
   25.14                                  "VTPM",
   25.15 -                                "VTPM"
   25.16 +                                "VTPM",
   25.17 +                                "VTSP"
   25.18                                };
   25.19  
   25.20  // Default to standard logging
    26.1 --- a/tools/vtpm_manager/util/tcg.h	Mon Jul 10 15:36:04 2006 +0100
    26.2 +++ b/tools/vtpm_manager/util/tcg.h	Mon Jul 10 15:38:49 2006 +0100
    26.3 @@ -466,6 +466,8 @@ typedef struct pack_constbuf_t {
    26.4  
    26.5  // ---------------------- Functions for checking TPM_RESULTs -----------------
    26.6  
    26.7 +#include <stdio.h>
    26.8 +
    26.9  // FIXME: Review use of these and delete unneeded ones.
   26.10  
   26.11  // these are really badly dependent on local structure:
   26.12 @@ -476,25 +478,21 @@ typedef struct pack_constbuf_t {
   26.13                           goto abort_egress; } \
   26.14                      while (0)
   26.15  
   26.16 -// ASSUME: the return value used after the abort_egress label has been set
   26.17 -// already (eg. the 'status' local var)
   26.18 -#define STATUSCHECK(s) if (s != TPM_SUCCESS) { \
   26.19 -                            fprintf (stderr, "*** ERR in %s at %s:%i\n", __func__, __FILE__, __LINE__); \
   26.20 -                            goto abort_egress; \
   26.21 -                        }
   26.22 -
   26.23  // DEPENDS: local var 'status' of type TPM_RESULT
   26.24  // DEPENDS: label 'abort_egress' which cleans up and returns the status
   26.25 -// Try command c. If it fails, set status to s and goto shame.
   26.26 +// Try command c. If it fails, set status to s and goto abort.
   26.27  #define TPMTRY(s,c) if (c != TPM_SUCCESS) { \
   26.28                         status = s; \
   26.29 +                       printf("ERROR in %s at %s:%i code: %s.\n", __func__, __FILE__, __LINE__, tpm_get_error_name(status)); \
   26.30                         goto abort_egress; \
   26.31 +                    } else {\
   26.32 +                       status = c; \
   26.33                      }
   26.34  
   26.35 -// Try command c. If it fails, print error message, set status to actual return code. Goto shame
   26.36 +// Try command c. If it fails, print error message, set status to actual return code. Goto abort
   26.37  #define TPMTRYRETURN(c) do { status = c; \
   26.38                               if (status != TPM_SUCCESS) { \
   26.39 -                               printf("ERROR in %s at %s:%i code: %s.\n", __func__, __FILE__, __LINE__, tpm_get_error_name(status)); \
   26.40 +                               fprintf(stderr, "ERROR in %s at %s:%i code: %s.\n", __func__, __FILE__, __LINE__, tpm_get_error_name(status)); \
   26.41                                 goto abort_egress; \
   26.42                               } \
   26.43                          } while(0)