1 
2 /*
3  * Licensed Materials - Property of IBM
4  *
5  * trousers - An open source TCG Software Stack
6  *
7  * (C) Copyright International Business Machines Corp. 2004-2006
8  *
9  */
10 
11 
12 #include <stdlib.h>
13 #include <stdio.h>
14 #include <string.h>
15 
16 #include "trousers/tss.h"
17 #include "trousers/trousers.h"
18 #include "trousers_types.h"
19 #include "spi_utils.h"
20 #include "capabilities.h"
21 #include "tsplog.h"
22 #include "obj.h"
23 
24 TSS_RESULT
Tspi_Hash_Sign(TSS_HHASH hHash,TSS_HKEY hKey,UINT32 * pulSignatureLength,BYTE ** prgbSignature)25 Tspi_Hash_Sign(TSS_HHASH hHash,                             /* in */
26                  TSS_HKEY hKey,                             /* in */
27                  UINT32 * pulSignatureLength,     /* out */
28                  BYTE ** prgbSignature)           /* out */
29 {
30           TPM_AUTH privAuth;
31           TPM_AUTH *pPrivAuth = &privAuth;
32           TCPA_DIGEST digest;
33           TCPA_RESULT result;
34           TSS_HPOLICY hPolicy;
35           TCS_KEY_HANDLE tcsKeyHandle;
36           TSS_BOOL usesAuth;
37           TSS_HCONTEXT tspContext;
38           UINT32 ulDataLen;
39           BYTE *data;
40           Trspi_HashCtx hashCtx;
41 
42           if (pulSignatureLength == NULL || prgbSignature == NULL)
43                     return TSPERR(TSS_E_BAD_PARAMETER);
44 
45           if ((result = obj_hash_get_tsp_context(hHash, &tspContext)))
46                     return result;
47 
48           if ((result = obj_rsakey_get_policy(hKey, TSS_POLICY_USAGE, &hPolicy, &usesAuth)))
49                     return result;
50 
51           if ((result = obj_hash_get_value(hHash, &ulDataLen, &data)))
52                     return result;
53 
54           if ((result = obj_rsakey_get_tcs_handle(hKey, &tcsKeyHandle)))
55                     goto done;
56 
57           if (usesAuth) {
58                     result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
59                     result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_Sign);
60                     result |= Trspi_Hash_UINT32(&hashCtx, ulDataLen);
61                     result |= Trspi_HashUpdate(&hashCtx, ulDataLen, data);
62                     if ((result |= Trspi_HashFinal(&hashCtx, digest.digest)))
63                               goto done;
64 
65                     pPrivAuth = &privAuth;
66 
67                     if ((result = secret_PerformAuth_OIAP(hKey, TPM_ORD_Sign, hPolicy, FALSE, &digest,
68                                                                   &privAuth)))
69                               goto done;
70           } else {
71                     pPrivAuth = NULL;
72           }
73 
74           if ((result = TCS_API(tspContext)->Sign(tspContext, tcsKeyHandle, ulDataLen, data,
75                                                             pPrivAuth, pulSignatureLength, prgbSignature)))
76                     goto done;
77 
78           if (usesAuth) {
79                     result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
80                     result |= Trspi_Hash_UINT32(&hashCtx, result);
81                     result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_Sign);
82                     result |= Trspi_Hash_UINT32(&hashCtx, *pulSignatureLength);
83                     result |= Trspi_HashUpdate(&hashCtx, *pulSignatureLength, *prgbSignature);
84                     if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) {
85                               free(*prgbSignature);
86                               goto done;
87                     }
88 
89                     if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, &privAuth))) {
90                               free(*prgbSignature);
91                               goto done;
92                     }
93           }
94 
95           if ((result = __tspi_add_mem_entry(tspContext, *prgbSignature)))
96                     free(*prgbSignature);
97 
98 done:
99           free_tspi(tspContext, data);
100           return result;
101 }
102 
103 TSS_RESULT
Tspi_Hash_VerifySignature(TSS_HHASH hHash,TSS_HKEY hKey,UINT32 ulSignatureLength,BYTE * rgbSignature)104 Tspi_Hash_VerifySignature(TSS_HHASH hHash,                  /* in */
105                                 TSS_HKEY hKey,              /* in */
106                                 UINT32 ulSignatureLength,   /* in */
107                                 BYTE * rgbSignature)                  /* in */
108 {
109           TCPA_RESULT result;
110           BYTE *pubKey = NULL;
111           UINT32 pubKeySize;
112           BYTE *hashData = NULL;
113           UINT32 hashDataSize;
114           UINT32 sigScheme;
115           TSS_HCONTEXT tspContext;
116 
117           if (ulSignatureLength > 0 && rgbSignature == NULL)
118                     return TSPERR(TSS_E_BAD_PARAMETER);
119 
120           if ((result = obj_rsakey_get_tsp_context(hKey, &tspContext)))
121                     return result;
122 
123           if ((result = obj_rsakey_get_modulus(hKey, &pubKeySize, &pubKey)))
124                     return result;
125 
126           if ((result = obj_rsakey_get_ss(hKey, &sigScheme))) {
127                     free_tspi(tspContext, pubKey);
128                     return result;
129           }
130 
131           if ((result = obj_hash_get_value(hHash, &hashDataSize, &hashData))) {
132                     free_tspi(tspContext, pubKey);
133                     return result;
134           }
135 
136           if (sigScheme == TSS_SS_RSASSAPKCS1V15_SHA1) {
137                     result = Trspi_Verify(TSS_HASH_SHA1, hashData, hashDataSize, pubKey, pubKeySize,
138                                               rgbSignature, ulSignatureLength);
139           } else if (sigScheme == TSS_SS_RSASSAPKCS1V15_DER) {
140                     result = Trspi_Verify(TSS_HASH_OTHER, hashData, hashDataSize, pubKey, pubKeySize,
141                                               rgbSignature, ulSignatureLength);
142           } else {
143                     result = TSPERR(TSS_E_INVALID_SIGSCHEME);
144           }
145 
146           free_tspi(tspContext, pubKey);
147           free_tspi(tspContext, hashData);
148 
149           return result;
150 }
151