| |
| /* |
| * Licensed Materials - Property of IBM |
| * |
| * trousers - An open source TCG Software Stack |
| * |
| * (C) Copyright International Business Machines Corp. 2004 |
| * |
| */ |
| |
| |
| #include <stdlib.h> |
| #include <stdio.h> |
| #include <string.h> |
| #include <inttypes.h> |
| |
| #include "trousers/tss.h" |
| #include "trousers_types.h" |
| #include "tcs_tsp.h" |
| #include "tcsps.h" |
| #include "tcs_utils.h" |
| #include "tcs_int_literals.h" |
| #include "capabilities.h" |
| #include "tcslog.h" |
| #include "req_mgr.h" |
| #include "tcsd_wrap.h" |
| #include "tcsd.h" |
| |
| TSS_RESULT |
| TCSP_Seal_Internal(UINT32 sealOrdinal, /* in */ |
| TCS_CONTEXT_HANDLE hContext, /* in */ |
| TCS_KEY_HANDLE keyHandle, /* in */ |
| TCPA_ENCAUTH encAuth, /* in */ |
| UINT32 pcrInfoSize, /* in */ |
| BYTE * PcrInfo, /* in */ |
| UINT32 inDataSize, /* in */ |
| BYTE * inData, /* in */ |
| TPM_AUTH * pubAuth, /* in, out */ |
| UINT32 * SealedDataSize, /* out */ |
| BYTE ** SealedData) /* out */ |
| { |
| UINT64 offset = 0; |
| TSS_RESULT result; |
| UINT32 paramSize; |
| TCPA_KEY_HANDLE keySlot; |
| BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; |
| |
| LogDebug("Entering Seal"); |
| if (!pubAuth) |
| return TCSERR(TSS_E_BAD_PARAMETER); |
| |
| if ((result = ctx_verify_context(hContext))) |
| goto done; |
| |
| if ((result = auth_mgr_check(hContext, &pubAuth->AuthHandle))) |
| goto done; |
| |
| if ((result = ensureKeyIsLoaded(hContext, keyHandle, &keySlot))) |
| goto done; |
| |
| /* XXX What's this check for? */ |
| if (keySlot == 0) { |
| result = TCSERR(TSS_E_FAIL); |
| goto done; |
| } |
| |
| if ((result = tpm_rqu_build(sealOrdinal, &offset, txBlob, keySlot, encAuth.authdata, |
| pcrInfoSize, PcrInfo, inDataSize, inData, pubAuth))) |
| return result; |
| |
| if ((result = req_mgr_submit_req(txBlob))) |
| goto done; |
| |
| offset = 10; |
| result = UnloadBlob_Header(txBlob, ¶mSize); |
| |
| if (!result) { |
| result = tpm_rsp_parse(sealOrdinal, txBlob, paramSize, SealedDataSize, |
| SealedData, pubAuth); |
| } |
| LogResult("Seal", result); |
| done: |
| auth_mgr_release_auth(pubAuth, NULL, hContext); |
| return result; |
| } |
| |
| TSS_RESULT |
| TCSP_Unseal_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ |
| TCS_KEY_HANDLE parentHandle, /* in */ |
| UINT32 SealedDataSize, /* in */ |
| BYTE * SealedData, /* in */ |
| TPM_AUTH * parentAuth, /* in, out */ |
| TPM_AUTH * dataAuth, /* in, out */ |
| UINT32 * DataSize, /* out */ |
| BYTE ** Data) /* out */ |
| { |
| UINT64 offset = 0; |
| UINT32 paramSize; |
| TSS_RESULT result; |
| TCPA_KEY_HANDLE keySlot; |
| BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; |
| |
| LogDebug("Entering Unseal"); |
| |
| if (dataAuth == NULL) |
| return TCSERR(TSS_E_BAD_PARAMETER); |
| |
| if ((result = ctx_verify_context(hContext))) |
| goto done; |
| |
| if (parentAuth != NULL) { |
| LogDebug("Auth used"); |
| if ((result = auth_mgr_check(hContext, &parentAuth->AuthHandle))) |
| goto done; |
| } else { |
| LogDebug("No Auth"); |
| } |
| |
| if ((result = auth_mgr_check(hContext, &dataAuth->AuthHandle))) |
| goto done; |
| |
| if ((result = ensureKeyIsLoaded(hContext, parentHandle, &keySlot))) |
| goto done; |
| |
| /* XXX What's this check for? */ |
| if (keySlot == 0) { |
| result = TCSERR(TSS_E_FAIL); |
| goto done; |
| } |
| |
| if ((result = tpm_rqu_build_checked(TPM_ORD_Unseal, &offset, TSS_TPM_TXBLOB_SIZE, txBlob, keySlot, SealedDataSize, |
| SealedData, parentAuth, dataAuth))) |
| return result; |
| |
| if ((result = req_mgr_submit_req(txBlob))) |
| goto done; |
| |
| offset = 10; |
| result = UnloadBlob_Header(txBlob, ¶mSize); |
| |
| if (!result) { |
| result = tpm_rsp_parse(TPM_ORD_Unseal, txBlob, paramSize, DataSize, Data, |
| parentAuth, dataAuth); |
| } |
| LogResult("Unseal", result); |
| done: |
| auth_mgr_release_auth(parentAuth, dataAuth, hContext); |
| return result; |
| } |