migrate.c

IBM开发的TPM的驱动, 有少量的例子可以供参考

				    keyhndl,
				    migscheme,
				    migblen, migblob,
				    k.privkeylen, k.encprivkey,
				    authhandle1,
				    TPM_NONCE_SIZE, nonceodd,
				    c,
				    TPM_HASH_SIZE, authdata1,
				    authhandle2,
				    TPM_NONCE_SIZE, nonceodd,
				    c, TPM_HASH_SIZE, authdata2);

		if ((ret & ERR_MASK) != 0) {
			TSS_OIAPclose(authhandle1);
			TSS_OIAPclose(authhandle2);
			return ret;
		}
		/* transmit the request buffer to the TPM device and read the reply */
		ret = TPM_Transmit(tpmdata, "CreateMigrationBlob");
		if (ret != 0) {
			TSS_OIAPclose(authhandle1);
			TSS_OIAPclose(authhandle2);
			return ret;
		}
		/* validate HMAC in response */
		size1 = LOAD32(tpmdata, TPM_DATA_OFFSET);
		size2 =
		    LOAD32(tpmdata,
			   TPM_DATA_OFFSET + TPM_U32_SIZE + size1);
		if (size1 != 0) {
			ret = TSS_checkhmac2(tpmdata, ordinal, nonceodd,
					     keyauth, TPM_HASH_SIZE,
					     migauth, TPM_HASH_SIZE,
					     TPM_U32_SIZE, TPM_DATA_OFFSET,
					     size1,
					     TPM_DATA_OFFSET +
					     TPM_U32_SIZE, TPM_U32_SIZE,
					     TPM_DATA_OFFSET +
					     TPM_U32_SIZE + size1, size2,
					     TPM_DATA_OFFSET +
					     TPM_U32_SIZE + size1 +
					     TPM_U32_SIZE, 0, 0);
		} else {
			ret = TSS_checkhmac2(tpmdata, ordinal, nonceodd,
					     keyauth, TPM_HASH_SIZE,
					     migauth, TPM_HASH_SIZE,
					     TPM_U32_SIZE, TPM_DATA_OFFSET,
					     TPM_U32_SIZE,
					     TPM_DATA_OFFSET +
					     TPM_U32_SIZE, size2,
					     TPM_DATA_OFFSET +
					     TPM_U32_SIZE + TPM_U32_SIZE,
					     0, 0);
		}
		TSS_OIAPclose(authhandle1);
		TSS_OIAPclose(authhandle2);
		if (ret != 0)
			return ret;
	} else {		/* no parent key password required */

		/* open OIAP session for the Migrating Key */
		ret = TSS_OIAPopen(&authhandle1, enonce1);
		if (ret != 0)
			return ret;
		/* calculate Migration authorization HMAC value */
		ret =
		    TSS_authhmac(authdata1, migauth, TPM_HASH_SIZE,
				 enonce1, nonceodd, c, TPM_U32_SIZE,
				 &ordinal, TPM_U16_SIZE, &migscheme,
				 migblen, migblob, TPM_U32_SIZE, &datsize,
				 k.privkeylen, k.encprivkey, 0, 0);
		if (ret != 0) {
			TSS_OIAPclose(authhandle1);
			return ret;
		}
		/* build the request buffer */
		ret = TSS_buildbuff(create_mig_fmt_noauth, tpmdata,
				    ordinal,
				    keyhndl,
				    migscheme,
				    migblen, migblob,
				    k.privkeylen, k.encprivkey,
				    authhandle1,
				    TPM_NONCE_SIZE, nonceodd,
				    c, TPM_HASH_SIZE, authdata1);

		if ((ret & ERR_MASK) != 0) {
			TSS_OIAPclose(authhandle1);
			return ret;
		}
		/* transmit the request buffer to the TPM device and read the reply */
		ret = TPM_Transmit(tpmdata, "CreateMigrationBlob");
		if (ret != 0) {
			TSS_OIAPclose(authhandle1);
			return ret;
		}
		/* check HMAC in response */
		size1 = LOAD32(tpmdata, TPM_DATA_OFFSET);
		size2 =
		    LOAD32(tpmdata,
			   TPM_DATA_OFFSET + TPM_U32_SIZE + size1);
		if (size1 != 0) {
			ret =
			    TSS_checkhmac1(tpmdata, ordinal, nonceodd,
					   migauth, TPM_HASH_SIZE,
					   TPM_U32_SIZE, TPM_DATA_OFFSET,
					   size1,
					   TPM_DATA_OFFSET + TPM_U32_SIZE,
					   TPM_U32_SIZE,
					   TPM_DATA_OFFSET + TPM_U32_SIZE +
					   size1, size2,
					   TPM_DATA_OFFSET + TPM_U32_SIZE +
					   size1 + TPM_U32_SIZE, 0, 0);
		} else {
			ret =
			    TSS_checkhmac1(tpmdata, ordinal, nonceodd,
					   migauth, TPM_HASH_SIZE,
					   TPM_U32_SIZE, TPM_DATA_OFFSET,
					   TPM_U32_SIZE,
					   TPM_DATA_OFFSET + TPM_U32_SIZE,
					   size2,
					   TPM_DATA_OFFSET + TPM_U32_SIZE +
					   TPM_U32_SIZE, 0, 0);
		}
		TSS_OIAPclose(authhandle1);
		if (ret != 0)
			return ret;
	}
	memcpy(rndblob, tpmdata + TPM_DATA_OFFSET + TPM_U32_SIZE, size1);
	memcpy(outblob,
	       tpmdata + TPM_DATA_OFFSET + TPM_U32_SIZE + size1 +
	       TPM_U32_SIZE, size2);
	*rndblen = size1;
	*outblen = size2;
	return 0;
}

/****************************************************************************/
/*                                                                          */
/* Convert a Migration Blob                                                 */
/*                                                                          */
/* The arguments are...                                                     */
/*                                                                          */
/* keyhandle is the handle of the new parent key of the key                 */
/*           being migrated                                                 */
/* keyauth   is the authorization data (password) for the parent key        */
/* rndblob   is a pointer to an area contining the random XOR data          */
/* rndblen   is an integer containing the length of the random XOR data     */
/* keyblob   is a pointer to an area contining the migration public         */
/*           encrypted key blob                                             */
/* keyblen   is an integer containing the length of the migration           */
/*           public key blob                                                */
/* encblob   is a pointer to an area which will receive the migrated        */
/*           key re-encrypted private key blob                              */
/* endblen   is a pointer to an integer which will receive size of          */
/*           the migrated key re-encrypted private key blob                 */
/*                                                                          */
/****************************************************************************/
uint32_t TPM_ConvertMigrationBlob(unsigned int keyhandle,
				  unsigned char *keyauth,
				  unsigned char *rndblob,
				  unsigned int rndblen,
				  unsigned char *keyblob,
				  unsigned int keyblen,
				  unsigned char *encblob,
				  unsigned int *encblen)
{
	unsigned char convert_mig_fmt[] = "00 c2 T l l @ @ l % o %";
	uint32_t ret;
	unsigned char tpmdata[TPM_MAX_BUFF_SIZE];
	unsigned char nonceodd[TPM_NONCE_SIZE];
	unsigned char evennonce[TPM_NONCE_SIZE];
	unsigned char pubauth[TPM_HASH_SIZE];
	unsigned char c;
	uint32_t ordinal;
	uint32_t authhandle;
	uint32_t keyhndl;
	uint32_t rndsize;
	uint32_t datsize;
	int size;

	/* check input arguments */
	if (keyauth == NULL || rndblob == NULL || keyblob == NULL
	    || encblob == NULL || encblen == NULL)
		return ERR_NULL_ARG;
	/* generate odd nonce */
	TSS_gennonce(nonceodd);
	/* Open OIAP Session */
	ret = TSS_OIAPopen(&authhandle, evennonce);
	if (ret != 0)
		return ret;
	/* move Network byte order data to variables for hmac calculation */
	ordinal = htonl(0x2A);
	keyhndl = htonl(keyhandle);
	rndsize = htonl(rndblen);
	datsize = htonl(keyblen);
	c = 0;
	/* calculate authorization HMAC value */
	ret =
	    TSS_authhmac(pubauth, keyauth, TPM_HASH_SIZE, evennonce,
			 nonceodd, c, TPM_U32_SIZE, &ordinal, TPM_U32_SIZE,
			 &datsize, keyblen, keyblob, TPM_U32_SIZE,
			 &rndsize, rndblen, rndblob, 0, 0);
	if (ret != 0) {
		TSS_OIAPclose(authhandle);
		return ret;
	}
	/* build the request buffer */
	ret = TSS_buildbuff(convert_mig_fmt, tpmdata,
			    ordinal,
			    keyhndl,
			    keyblen, keyblob,
			    rndblen, rndblob,
			    authhandle,
			    TPM_NONCE_SIZE, nonceodd,
			    c, TPM_HASH_SIZE, pubauth);
	if ((ret & ERR_MASK) != 0) {
		TSS_OIAPclose(authhandle);
		return ret;
	}
	/* transmit the request buffer to the TPM device and read the reply */
	ret = TPM_Transmit(tpmdata, "ConvertMigrationBlob");
	if (ret != 0) {
		TSS_OIAPclose(authhandle);
		return ret;
	}
	TSS_OIAPclose(authhandle);
	size = LOAD32(tpmdata, TPM_DATA_OFFSET);
	ret =
	    TSS_checkhmac1(tpmdata, ordinal, nonceodd, keyauth,
			   TPM_HASH_SIZE, TPM_U32_SIZE, TPM_DATA_OFFSET,
			   size, TPM_DATA_OFFSET + TPM_U32_SIZE, 0, 0);
	if (ret != 0)
		return ret;
	memcpy(encblob, tpmdata + TPM_DATA_OFFSET + TPM_U32_SIZE, size);
	*encblen = size;
	return 0;
}