1 
2 /*
3  * Licensed Materials - Property of IBM
4  *
5  * trousers - An open source TCG Software Stack
6  *
7  * (C) Copyright International Business Machines Corp. 2004-2007
8  *
9  */
10 
11 #include <stdlib.h>
12 #include <stdio.h>
13 #include <string.h>
14 #include <inttypes.h>
15 
16 #include "trousers/tss.h"
17 #include "trousers/trousers.h"
18 #include "trousers_types.h"
19 #include "spi_utils.h"
20 #include "capabilities.h"
21 #include "tsplog.h"
22 #include "obj.h"
23 
24 
25 TSS_RESULT
owner_get_pubek(TSS_HCONTEXT tspContext,TSS_HTPM hTPM,TSS_HKEY * hPubEk)26 owner_get_pubek(TSS_HCONTEXT tspContext, TSS_HTPM hTPM, TSS_HKEY *hPubEk)
27 {
28           TSS_RESULT result;
29           UINT32 tpmVersion, pubEKSize;
30           TSS_HPOLICY hPolicy;
31           Trspi_HashCtx hashCtx;
32           BYTE *pubEK = NULL;
33           TSS_HKEY hRetKey;
34           TPM_AUTH ownerAuth;
35           TPM_DIGEST digest;
36 
37 
38           if ((result = obj_context_get_tpm_version(tspContext, &tpmVersion)))
39                     return result;
40 
41           if ((result = obj_tpm_get_policy(hTPM, TSS_POLICY_USAGE, &hPolicy)))
42                     return result;
43 
44           switch (tpmVersion) {
45           case 2:
46                     result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
47                     result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_OwnerReadInternalPub);
48                     result |= Trspi_Hash_UINT32(&hashCtx, TPM_KH_EK);
49                     if ((result |= Trspi_HashFinal(&hashCtx, digest.digest)))
50                               goto done;
51 
52                     if ((result = secret_PerformAuth_OIAP(hTPM, TPM_ORD_OwnerReadInternalPub,
53                                                                   hPolicy, FALSE, &digest, &ownerAuth)))
54                               goto done;
55 
56                     if ((result = TCS_API(tspContext)->OwnerReadInternalPub(tspContext, TPM_KH_EK,
57                                                                                           &ownerAuth, &pubEKSize,
58                                                                                           &pubEK)))
59                               goto done;
60 
61                     result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
62                     result |= Trspi_Hash_UINT32(&hashCtx, TPM_SUCCESS);
63                     result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_OwnerReadInternalPub);
64                     result |= Trspi_HashUpdate(&hashCtx, pubEKSize, pubEK);
65                     if ((result |= Trspi_HashFinal(&hashCtx, digest.digest)))
66                               goto done;
67 
68                     if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, &ownerAuth)))
69                               goto done;
70                     break;
71           default:
72                     result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
73                     result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_OwnerReadPubek);
74                     if ((result |= Trspi_HashFinal(&hashCtx, digest.digest)))
75                               goto done;
76 
77                     if ((result = secret_PerformAuth_OIAP(hTPM, TPM_ORD_OwnerReadPubek, hPolicy, FALSE,
78                                                                   &digest, &ownerAuth)))
79                               goto done;
80 
81                     if ((result = TCS_API(tspContext)->OwnerReadPubek(tspContext, &ownerAuth,
82                                                                                   &pubEKSize, &pubEK)))
83                               goto done;
84 
85                     result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
86                     result |= Trspi_Hash_UINT32(&hashCtx, TPM_SUCCESS);
87                     result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_OwnerReadPubek);
88                     result |= Trspi_HashUpdate(&hashCtx, pubEKSize, pubEK);
89                     if ((result |= Trspi_HashFinal(&hashCtx, digest.digest)))
90                               goto done;
91 
92                     if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, &ownerAuth)))
93                               goto done;
94 
95                     break;
96           }
97 
98           if ((result = obj_rsakey_add(tspContext, TSS_KEY_SIZE_2048|TSS_KEY_TYPE_LEGACY, &hRetKey)))
99                     goto done;
100 
101           if ((result = obj_rsakey_set_pubkey(hRetKey, TRUE, pubEK)))
102                     goto done;
103 
104           *hPubEk = hRetKey;
105 done:
106           free(pubEK);
107           return result;
108 }
109