1 
2 /*
3  * Licensed Materials - Property of IBM
4  *
5  * trousers - An open source TCG Software Stack
6  *
7  * (C) Copyright International Business Machines Corp. 2004-2006
8  *
9  */
10 
11 
12 #include <stdlib.h>
13 #include <stdio.h>
14 #include <string.h>
15 #include <unistd.h>
16 #include <sys/types.h>
17 #include <sys/mman.h>
18 #include <errno.h>
19 
20 #include "trousers/tss.h"
21 #include "trousers/trousers.h"
22 #include "trousers_types.h"
23 #include "trousers_types.h"
24 #include "spi_utils.h"
25 #include "capabilities.h"
26 #include "tsplog.h"
27 #include "obj.h"
28 
29 
30 TSS_UUID NULL_UUID = { 0, 0, 0, 0, 0, { 0, 0, 0, 0, 0, 0 } };
31 
32 TSS_VERSION VERSION_1_1 = { 1, 1, 0, 0 };
33 
34 struct tcs_api_table tcs_normal_api = {
35 #ifdef TSS_BUILD_KEY
36           .LoadKeyByBlob = RPC_LoadKeyByBlob,
37           .EvictKey = RPC_EvictKey,
38           .CreateWrapKey = RPC_CreateWrapKey,
39           .GetPubKey = RPC_GetPubKey,
40 #ifdef TSS_BUILD_TSS12
41           .OwnerReadInternalPub = RPC_OwnerReadInternalPub,
42 #endif
43 #ifdef TSS_BUILD_CERTIFY
44           .CertifyKey = RPC_CertifyKey,
45 #endif
46 #endif
47 #ifdef TSS_BUILD_OWN
48           .OwnerClear = RPC_OwnerClear,
49           .ForceClear = RPC_ForceClear,
50 #endif
51 #ifdef TSS_BUILD_AUTH
52           .TerminateHandle = RPC_TerminateHandle,
53           .OIAP = RPC_OIAP,
54           .OSAP = RPC_OSAP,
55 #endif
56 #ifdef TSS_BUILD_CHANGEAUTH
57           .ChangeAuth = RPC_ChangeAuth,
58           .ChangeAuthOwner = RPC_ChangeAuthOwner,
59           .ChangeAuthAsymStart = RPC_ChangeAuthAsymStart,
60           .ChangeAuthAsymFinish = RPC_ChangeAuthAsymFinish,
61 #endif
62 #ifdef TSS_BUILD_AIK
63           .ActivateTPMIdentity = RPC_ActivateTPMIdentity,
64 #endif
65 #ifdef TSS_BUILD_PCR_EXTEND
66           .Extend = RPC_Extend,
67           .PcrRead = RPC_PcrRead,
68           .PcrReset = RPC_PcrReset,
69 #endif
70 #ifdef TSS_BUILD_QUOTE
71           .Quote = RPC_Quote,
72 #endif
73 #ifdef TSS_BUILD_QUOTE2
74           .Quote2 = RPC_Quote2,
75 #endif
76 #ifdef TSS_BUILD_DIR
77           .DirWriteAuth = RPC_DirWriteAuth,
78           .DirRead = RPC_DirRead,
79 #endif
80 #ifdef TSS_BUILD_SEAL
81           .Seal = RPC_Seal,
82           .Unseal = RPC_Unseal,
83 #ifdef TSS_BUILD_SEALX
84           .Sealx = RPC_Sealx,
85 #endif
86 #endif
87 #ifdef TSS_BUILD_BIND
88           .UnBind = RPC_UnBind,
89 #endif
90 #ifdef TSS_BUILD_MIGRATION
91           .CreateMigrationBlob = RPC_CreateMigrationBlob,
92           .ConvertMigrationBlob = RPC_ConvertMigrationBlob,
93           .AuthorizeMigrationKey = RPC_AuthorizeMigrationKey,
94 #endif
95 #ifdef TSS_BUILD_SIGN
96           .Sign = RPC_Sign,
97 #endif
98 #ifdef TSS_BUILD_RANDOM
99           .GetRandom = RPC_GetRandom,
100           .StirRandom = RPC_StirRandom,
101 #endif
102 #ifdef TSS_BUILD_CAPS_TPM
103           .GetTPMCapability = RPC_GetTPMCapability,
104           .SetCapability = RPC_SetCapability,
105           .GetCapabilityOwner = RPC_GetCapabilityOwner,
106 #endif
107 #ifdef TSS_BUILD_EK
108           .CreateEndorsementKeyPair = RPC_CreateEndorsementKeyPair,
109           .ReadPubek = RPC_ReadPubek,
110           .OwnerReadPubek = RPC_OwnerReadPubek,
111 #endif
112 #ifdef TSS_BUILD_SELFTEST
113           .SelfTestFull = RPC_SelfTestFull,
114           .CertifySelfTest = RPC_CertifySelfTest,
115           .GetTestResult = RPC_GetTestResult,
116 #endif
117 #ifdef TSS_BUILD_ADMIN
118           .SetOwnerInstall = RPC_SetOwnerInstall,
119           .DisablePubekRead = RPC_DisablePubekRead,
120           .OwnerSetDisable = RPC_OwnerSetDisable,
121           .DisableOwnerClear = RPC_DisableOwnerClear,
122           .DisableForceClear = RPC_DisableForceClear,
123           .PhysicalDisable = RPC_PhysicalDisable,
124           .PhysicalEnable = RPC_PhysicalEnable,
125           .PhysicalSetDeactivated = RPC_PhysicalSetDeactivated,
126           .PhysicalPresence = RPC_PhysicalPresence,
127           .SetTempDeactivated = RPC_SetTempDeactivated,
128 #ifdef TSS_BUILD_TSS12
129           .SetTempDeactivated2 = RPC_SetTempDeactivated2,
130           .ResetLockValue = RPC_ResetLockValue,
131 #endif
132 #endif
133 #ifdef TSS_BUILD_MAINT
134           .CreateMaintenanceArchive = RPC_CreateMaintenanceArchive,
135           .LoadMaintenanceArchive = RPC_LoadMaintenanceArchive,
136           .KillMaintenanceFeature = RPC_KillMaintenanceFeature,
137           .LoadManuMaintPub = RPC_LoadManuMaintPub,
138           .ReadManuMaintPub = RPC_ReadManuMaintPub,
139 #endif
140 #ifdef TSS_BUILD_DAA
141           .DaaJoin = RPC_DaaJoin,
142           .DaaSign = RPC_DaaSign,
143 #endif
144 #ifdef TSS_BUILD_COUNTER
145           .ReadCounter = RPC_ReadCounter,
146           .CreateCounter = RPC_CreateCounter,
147           .IncrementCounter = RPC_IncrementCounter,
148           .ReleaseCounter = RPC_ReleaseCounter,
149           .ReleaseCounterOwner = RPC_ReleaseCounterOwner,
150 #endif
151 #ifdef TSS_BUILD_TICK
152           .ReadCurrentTicks = RPC_ReadCurrentTicks,
153           .TickStampBlob = RPC_TickStampBlob,
154 #endif
155 #ifdef TSS_BUILD_NV
156           .NV_DefineOrReleaseSpace = RPC_NV_DefineOrReleaseSpace,
157           .NV_WriteValue = RPC_NV_WriteValue,
158           .NV_WriteValueAuth = RPC_NV_WriteValueAuth,
159           .NV_ReadValue = RPC_NV_ReadValue,
160           .NV_ReadValueAuth = RPC_NV_ReadValueAuth,
161 #endif
162 #ifdef TSS_BUILD_AUDIT
163           .SetOrdinalAuditStatus = RPC_SetOrdinalAuditStatus,
164           .GetAuditDigest = RPC_GetAuditDigest,
165           .GetAuditDigestSigned = RPC_GetAuditDigestSigned,
166 #endif
167 #ifdef TSS_BUILD_TSS12
168           .SetOperatorAuth = RPC_SetOperatorAuth,
169           .FlushSpecific = RPC_FlushSpecific,
170 #endif
171 #ifdef TSS_BUILD_DELEGATION
172           .Delegate_Manage = RPC_Delegate_Manage,
173           .Delegate_CreateKeyDelegation = RPC_Delegate_CreateKeyDelegation,
174           .Delegate_CreateOwnerDelegation = RPC_Delegate_CreateOwnerDelegation,
175           .Delegate_LoadOwnerDelegation = RPC_Delegate_LoadOwnerDelegation,
176           .Delegate_ReadTable = RPC_Delegate_ReadTable,
177           .Delegate_UpdateVerificationCount = RPC_Delegate_UpdateVerificationCount,
178           .Delegate_VerifyDelegation = RPC_Delegate_VerifyDelegation,
179           .DSAP = RPC_DSAP,
180 #endif
181           .FieldUpgrade = RPC_FieldUpgrade,
182           .SetRedirection = RPC_SetRedirection,
183 };
184 
185 #ifdef TSS_BUILD_TRANSPORT
186 struct tcs_api_table tcs_transport_api = {
187 #ifdef TSS_BUILD_KEY
188           .LoadKeyByBlob = Transport_LoadKeyByBlob,
189           .EvictKey = Transport_EvictKey,
190           .CreateWrapKey = Transport_CreateWrapKey,
191           .GetPubKey = Transport_GetPubKey,
192 #ifdef TSS_BUILD_TSS12
193           .OwnerReadInternalPub = Transport_OwnerReadInternalPub,
194 #endif
195 #ifdef TSS_BUILD_CERTIFY
196           .CertifyKey = Transport_CertifyKey,
197 #endif
198 #endif
199 #ifdef TSS_BUILD_OWN
200           .OwnerClear = Transport_OwnerClear,
201           .ForceClear = Transport_ForceClear,
202 #endif
203 #ifdef TSS_BUILD_AUTH
204           .OIAP = Transport_OIAP,
205           .OSAP = Transport_OSAP,
206           .TerminateHandle = Transport_TerminateHandle,
207 #endif
208 #ifdef TSS_BUILD_CHANGEAUTH
209           .ChangeAuth = Transport_ChangeAuth,
210           .ChangeAuthOwner = Transport_ChangeAuthOwner,
211           .ChangeAuthAsymStart = RPC_ChangeAuthAsymStart,
212           .ChangeAuthAsymFinish = RPC_ChangeAuthAsymFinish,
213 #endif
214 #ifdef TSS_BUILD_AIK
215           .ActivateTPMIdentity = Transport_ActivateTPMIdentity,
216 #endif
217 #ifdef TSS_BUILD_PCR_EXTEND
218           .Extend = Transport_Extend,
219           .PcrRead = Transport_PcrRead,
220           .PcrReset = Transport_PcrReset,
221 #endif
222 #ifdef TSS_BUILD_QUOTE
223           .Quote = Transport_Quote,
224 #endif
225 #ifdef TSS_BUILD_QUOTE2
226           .Quote2 = Transport_Quote2,
227 #endif
228 #ifdef TSS_BUILD_DIR
229           .DirWriteAuth = Transport_DirWriteAuth,
230           .DirRead = Transport_DirRead,
231 #endif
232 #ifdef TSS_BUILD_SEAL
233           .Seal = Transport_Seal,
234           .Sealx = Transport_Sealx,
235           .Unseal = Transport_Unseal,
236 #endif
237 #ifdef TSS_BUILD_BIND
238           .UnBind = Transport_UnBind,
239 #endif
240 #ifdef TSS_BUILD_MIGRATION
241           .CreateMigrationBlob = Transport_CreateMigrationBlob,
242           .ConvertMigrationBlob = Transport_ConvertMigrationBlob,
243           .AuthorizeMigrationKey = Transport_AuthorizeMigrationKey,
244 #endif
245 #ifdef TSS_BUILD_SIGN
246           .Sign = Transport_Sign,
247 #endif
248 #ifdef TSS_BUILD_RANDOM
249           .GetRandom = Transport_GetRandom,
250           .StirRandom = Transport_StirRandom,
251 #endif
252 #ifdef TSS_BUILD_CAPS_TPM
253           .GetTPMCapability = Transport_GetTPMCapability,
254           .SetCapability = Transport_SetCapability,
255           .GetCapabilityOwner = Transport_GetCapabilityOwner,
256 #endif
257 #ifdef TSS_BUILD_EK
258           .ReadPubek = RPC_ReadPubek,
259           .OwnerReadPubek = RPC_OwnerReadPubek,
260 #endif
261 #ifdef TSS_BUILD_SELFTEST
262           .SelfTestFull = Transport_SelfTestFull,
263           .CertifySelfTest = Transport_CertifySelfTest,
264           .GetTestResult = Transport_GetTestResult,
265 #endif
266 #ifdef TSS_BUILD_ADMIN
267           .SetOwnerInstall = Transport_SetOwnerInstall,
268           .DisablePubekRead = Transport_DisablePubekRead,
269           .OwnerSetDisable = Transport_OwnerSetDisable,
270           .ResetLockValue = Transport_ResetLockValue,
271           .DisableOwnerClear = Transport_DisableOwnerClear,
272           .DisableForceClear = Transport_DisableForceClear,
273           .PhysicalDisable = Transport_PhysicalDisable,
274           .PhysicalEnable = Transport_PhysicalEnable,
275           .PhysicalSetDeactivated = Transport_PhysicalSetDeactivated,
276           .PhysicalPresence = Transport_PhysicalPresence,
277           .SetTempDeactivated = Transport_SetTempDeactivated,
278           .SetTempDeactivated2 = Transport_SetTempDeactivated2,
279 #endif
280 #ifdef TSS_BUILD_MAINT
281           .CreateMaintenanceArchive = Transport_CreateMaintenanceArchive,
282           .LoadMaintenanceArchive = Transport_LoadMaintenanceArchive,
283           .KillMaintenanceFeature = Transport_KillMaintenanceFeature,
284           .LoadManuMaintPub = Transport_LoadManuMaintPub,
285           .ReadManuMaintPub = Transport_ReadManuMaintPub,
286 #endif
287 #ifdef TSS_BUILD_DAA
288           .DaaJoin = RPC_DaaJoin,
289           .DaaSign = RPC_DaaSign,
290 #endif
291 #ifdef TSS_BUILD_COUNTER
292           .ReadCounter = Transport_ReadCounter,
293           .CreateCounter = RPC_CreateCounter,
294           .IncrementCounter = RPC_IncrementCounter,
295           .ReleaseCounter = RPC_ReleaseCounter,
296           .ReleaseCounterOwner = RPC_ReleaseCounterOwner,
297 #endif
298 #ifdef TSS_BUILD_TICK
299           .ReadCurrentTicks = Transport_ReadCurrentTicks,
300           .TickStampBlob = Transport_TickStampBlob,
301 #endif
302 #ifdef TSS_BUILD_NV
303           .NV_DefineOrReleaseSpace = Transport_NV_DefineOrReleaseSpace,
304           .NV_WriteValue = Transport_NV_WriteValue,
305           .NV_WriteValueAuth = Transport_NV_WriteValueAuth,
306           .NV_ReadValue = Transport_NV_ReadValue,
307           .NV_ReadValueAuth = Transport_NV_ReadValueAuth,
308 #endif
309 #ifdef TSS_BUILD_AUDIT
310           .SetOrdinalAuditStatus = Transport_SetOrdinalAuditStatus,
311           .GetAuditDigest = Transport_GetAuditDigest,
312           .GetAuditDigestSigned = Transport_GetAuditDigestSigned,
313 #endif
314 #ifdef TSS_BUILD_TSS12
315           .SetOperatorAuth = Transport_SetOperatorAuth,
316           .FlushSpecific = Transport_FlushSpecific,
317 #endif
318 #ifdef TSS_BUILD_DELEGATION
319           .Delegate_Manage = Transport_Delegate_Manage,
320           .Delegate_CreateKeyDelegation = Transport_Delegate_CreateKeyDelegation,
321           .Delegate_CreateOwnerDelegation = Transport_Delegate_CreateOwnerDelegation,
322           .Delegate_LoadOwnerDelegation = Transport_Delegate_LoadOwnerDelegation,
323           .Delegate_ReadTable = Transport_Delegate_ReadTable,
324           .Delegate_UpdateVerificationCount = Transport_Delegate_UpdateVerificationCount,
325           .Delegate_VerifyDelegation = Transport_Delegate_VerifyDelegation,
326           .DSAP = Transport_DSAP,
327 #endif
328           .FieldUpgrade = RPC_FieldUpgrade,
329           .SetRedirection = RPC_SetRedirection,
330 };
331 #endif
332 
333 UINT16
Decode_UINT16(BYTE * in)334 Decode_UINT16(BYTE * in)
335 {
336           UINT16 temp = 0;
337           temp = (in[1] & 0xFF);
338           temp |= (in[0] << 8);
339           return temp;
340 }
341 
342 void
UINT32ToArray(UINT32 i,BYTE * out)343 UINT32ToArray(UINT32 i, BYTE * out)
344 {
345           out[0] = (BYTE) ((i >> 24) & 0xFF);
346           out[1] = (BYTE) ((i >> 16) & 0xFF);
347           out[2] = (BYTE) ((i >> 8) & 0xFF);
348           out[3] = (BYTE) i & 0xFF;
349 }
350 
351 void
UINT64ToArray(UINT64 i,BYTE * out)352 UINT64ToArray(UINT64 i, BYTE *out)
353 {
354           out[0] = (BYTE) ((i >> 56) & 0xFF);
355           out[1] = (BYTE) ((i >> 48) & 0xFF);
356           out[2] = (BYTE) ((i >> 40) & 0xFF);
357           out[3] = (BYTE) ((i >> 32) & 0xFF);
358           out[4] = (BYTE) ((i >> 24) & 0xFF);
359           out[5] = (BYTE) ((i >> 16) & 0xFF);
360           out[6] = (BYTE) ((i >> 8) & 0xFF);
361           out[7] = (BYTE) i & 0xFF;
362 }
363 
364 void
UINT16ToArray(UINT16 i,BYTE * out)365 UINT16ToArray(UINT16 i, BYTE * out)
366 {
367           out[0] = ((i >> 8) & 0xFF);
368           out[1] = i & 0xFF;
369 }
370 
371 UINT64
Decode_UINT64(BYTE * y)372 Decode_UINT64(BYTE *y)
373 {
374           UINT64 x = 0;
375 
376           x = y[0];
377           x = ((x << 8) | (y[1] & 0xFF));
378           x = ((x << 8) | (y[2] & 0xFF));
379           x = ((x << 8) | (y[3] & 0xFF));
380           x = ((x << 8) | (y[4] & 0xFF));
381           x = ((x << 8) | (y[5] & 0xFF));
382           x = ((x << 8) | (y[6] & 0xFF));
383           x = ((x << 8) | (y[7] & 0xFF));
384 
385           return x;
386 }
387 
388 UINT32
Decode_UINT32(BYTE * y)389 Decode_UINT32(BYTE * y)
390 {
391           UINT32 x = 0;
392 
393           x = y[0];
394           x = ((x << 8) | (y[1] & 0xFF));
395           x = ((x << 8) | (y[2] & 0xFF));
396           x = ((x << 8) | (y[3] & 0xFF));
397 
398           return x;
399 }
400 
401 UINT32
get_pcr_event_size(TSS_PCR_EVENT * e)402 get_pcr_event_size(TSS_PCR_EVENT *e)
403 {
404           return (sizeof(TSS_PCR_EVENT) + e->ulEventLength + e->ulPcrValueLength);
405 }
406 
407 void
LoadBlob_AUTH(UINT64 * offset,BYTE * blob,TPM_AUTH * auth)408 LoadBlob_AUTH(UINT64 *offset, BYTE *blob, TPM_AUTH *auth)
409 {
410           Trspi_LoadBlob_UINT32(offset, auth->AuthHandle, blob);
411           Trspi_LoadBlob(offset, 20, blob, auth->NonceOdd.nonce);
412           Trspi_LoadBlob_BOOL(offset, auth->fContinueAuthSession, blob);
413           Trspi_LoadBlob(offset, 20, blob, (BYTE *)&auth->HMAC);
414 }
415 
416 void
UnloadBlob_AUTH(UINT64 * offset,BYTE * blob,TPM_AUTH * auth)417 UnloadBlob_AUTH(UINT64 *offset, BYTE *blob, TPM_AUTH *auth)
418 {
419           Trspi_UnloadBlob(offset, 20, blob, auth->NonceEven.nonce);
420           Trspi_UnloadBlob_BOOL(offset, &auth->fContinueAuthSession, blob);
421           Trspi_UnloadBlob(offset, 20, blob, (BYTE *)&auth->HMAC);
422 }
423 
424 /* If alloc is true, we allocate a new buffer for the bytes and set *data to that.
425  * If alloc is false, data is really a BYTE*, so write the bytes directly to that buffer */
426 TSS_RESULT
get_local_random(TSS_HCONTEXT tspContext,TSS_BOOL alloc,UINT32 size,BYTE ** data)427 get_local_random(TSS_HCONTEXT tspContext, TSS_BOOL alloc, UINT32 size, BYTE **data)
428 {
429           FILE *f = NULL;
430           BYTE *buf = NULL;
431 
432           f = fopen(TSS_LOCAL_RANDOM_DEVICE, "r");
433           if (f == NULL) {
434                     LogError("open of %s failed: %s", TSS_LOCAL_RANDOM_DEVICE, strerror(errno));
435                     return TSPERR(TSS_E_INTERNAL_ERROR);
436           }
437 
438           if (alloc) {
439                     buf = calloc_tspi(tspContext, size);
440                     if (buf == NULL) {
441                               LogError("malloc of %u bytes failed", size);
442                               fclose(f);
443                               return TSPERR(TSS_E_OUTOFMEMORY);
444                     }
445           } else
446                     buf = (BYTE *)data;
447 
448           if (fread(buf, size, 1, f) == 0) {
449                     LogError("fread of %s failed: %s", TSS_LOCAL_RANDOM_DEVICE, strerror(errno));
450                     fclose(f);
451                     return TSPERR(TSS_E_INTERNAL_ERROR);
452           }
453 
454           if (alloc)
455                     *data = buf;
456           fclose(f);
457 
458           return TSS_SUCCESS;
459 }
460