vtsp.c

xen虚拟机源代码安装包

  // Generate Extra TCS Parameters
  struct pack_buf_t clear_data32;
  BYTE *clear_data_text;
  UINT32 clear_data_size;
  
  struct pack_buf_t bound_data32 = {bound_data->size, bound_data->bytes};
  
  paramText = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH);
  
  paramTextSize = BSG_PackList(paramText, 2,
			       BSG_TPM_COMMAND_CODE, &command,
			       BSG_TPM_SIZE32_DATA, &bound_data32);
  
  TPMTRYRETURN( GenerateAuth( paramText, paramTextSize,
			      usage_auth, auth) );
  
  // Call TCS
  TPMTRYRETURN( TCSP_UnBind( hContext,
			     key_handle,
			     buffer_len(bound_data),
			     bound_data->bytes,
			     auth,
			     &clear_data_size,
			     &clear_data_text) );
  
  
  // Verify Auth
  clear_data32.size = clear_data_size;
  clear_data32.data = clear_data_text;
  paramTextSize = BSG_PackList(paramText, 3,
			       BSG_TPM_RESULT, &status,
			       BSG_TPM_COMMAND_CODE, &command,
			       BSG_TPM_SIZE32_DATA, &clear_data32);
  
  TPMTRYRETURN( VerifyAuth( paramText, paramTextSize,
			    usage_auth, auth, 
			    hContext) );
  
  // Unpack/return key structure
  TPMTRYRETURN(buffer_init(clear_data, 0, 0));
  TPMTRYRETURN(buffer_append_raw (clear_data, clear_data_size, clear_data_text) );
  
  goto egress;
  
 abort_egress:
  
 egress:
  
  free(paramText);
  TCS_FreeMemory(hContext, clear_data_text);
  
  return status;
}

TPM_RESULT VTSP_Bind(   CRYPTO_INFO *cryptoInfo, 
			const buffer_t *inData, 
			buffer_t *outData)               
{
  vtpmloginfo(VTPM_LOG_VTSP, "Binding %d bytes of data.\n", buffer_len(inData));
  TPM_RESULT status = TPM_SUCCESS;
  TPM_BOUND_DATA boundData;
  UINT32 i;
  
  // Fill boundData's accessory information
  boundData.ver = TPM_STRUCT_VER_1_1;
  boundData.payload = TPM_PT_BIND;
  boundData.payloadData = inData->bytes;
  
  // Pack boundData before encryption
  BYTE* flatBoundData = (BYTE *)malloc(sizeof(BYTE) * 
				       (sizeof(TPM_VERSION) +
					sizeof(TPM_PAYLOAD_TYPE) +
					buffer_len(inData)));
  if (flatBoundData == NULL) {
    return TPM_NOSPACE;
  }
  UINT32 flatBoundDataSize = 0;
  flatBoundDataSize = BSG_PackList(  flatBoundData, 2, 
				     BSG_TPM_VERSION, &boundData.ver, 
				     BSG_TYPE_BYTE, &boundData.payload);
  
  memcpy(flatBoundData+flatBoundDataSize, inData->bytes, buffer_len(inData));
  flatBoundDataSize += buffer_len(inData);
  
  BYTE out_tmp[RSA_KEY_SIZE/8]; // RSAEnc does not do blocking, So this is what will come out.
  UINT32 out_tmp_size;
  
  // Encrypt flatBoundData
  TPMTRY(TPM_ENCRYPT_ERROR, Crypto_RSAEnc( cryptoInfo, 
                                           flatBoundDataSize, 
                                           flatBoundData, 
                                           &out_tmp_size, 
                                           out_tmp) );
  
  if (out_tmp_size > RSA_KEY_SIZE/8) {
    // The result of RSAEnc should be a fixed size based on key size.
    vtpmlogerror(VTPM_LOG_VTSP, "Enc buffer just overflowed.\n");
  }
  
  buffer_init(outData, 0, NULL);
  buffer_append_raw(outData, out_tmp_size, out_tmp);
  
  vtpmloginfo(VTPM_LOG_TXDATA, "Bind Generated[%d] = 0x", out_tmp_size);
  for(i = 0 ; i < out_tmp_size ; i++) {
    vtpmloginfomore(VTPM_LOG_TXDATA, "%2.2x ", out_tmp[i]);
  }
  vtpmloginfomore(VTPM_LOG_TXDATA, "\n");

  goto egress;
  abort_egress: 
  egress:
 
  // Free flatBoundData
  free(flatBoundData);
  
  return TPM_SUCCESS;
}

TPM_RESULT VTSP_Seal(const TCS_CONTEXT_HANDLE    hContext,
                     const TPM_KEY_HANDLE        keyHandle,
                     const TPM_AUTHDATA          *sealDataAuth,
                     const TPM_PCR_COMPOSITE     *pcrComp,
                     const buffer_t              *inData,
                     TPM_STORED_DATA             *sealedData,                                   
                     const TPM_SECRET            *osapSharedSecret,
                     TCS_AUTH                    *auth) {

  TPM_RESULT status = TPM_SUCCESS;
  TPM_COMMAND_CODE command = TPM_ORD_Seal;

  BYTE *paramText;        // Digest to make Auth.
  UINT32 paramTextSize;

  // Generate PCR_Info Struct from Comp
  TPM_PCR_INFO pcrInfo;
  UINT32 pcrInfoSize, flatpcrSize;
  BYTE flatpcr[3 +                          // PCR_Select = 3 1 byte banks
               sizeof(UINT16) +             //              2 byte UINT16
               sizeof(UINT32) +             // PCR_Comp   = 4 byte UINT32
               24 * sizeof(TPM_PCRVALUE) ]; //              up to 24 PCRs

  if (pcrComp != NULL) {
      //printf("\n\tBinding to PCRs: ");
      //for(int i = 0 ; i < pcrComp->select.sizeOfSelect ; i++)
      //printf("%2.2x", pcrComp->select.pcrSelect[i]);

      memcpy(&pcrInfo.pcrSelection, &pcrComp->select, sizeof(TPM_PCR_SELECTION));

      flatpcrSize = BSG_Pack(BSG_TPM_PCR_COMPOSITE, (BYTE *) pcrComp, flatpcr);
      Crypto_SHA1Full((BYTE *) flatpcr, flatpcrSize, (BYTE *) &(pcrInfo.digestAtRelease));
      memset(&(pcrInfo.digestAtCreation), 0, sizeof(TPM_DIGEST));
      pcrInfoSize = BSG_Pack(BSG_TPM_PCR_INFO, (BYTE *) &pcrInfo, flatpcr);
  } else {
      //printf("\n\tBinding to no PCRS.");
      pcrInfoSize = 0;
  }

  // Calculate encUsageAuth
  BYTE XORbuffer[sizeof(TPM_SECRET) + sizeof(TPM_NONCE)];
  UINT32 XORbufferSize = sizeof(XORbuffer);
  TPM_DIGEST XORKey;
  TPM_ENCAUTH encAuth;

  BSG_PackList( XORbuffer, 2,
                BSG_TPM_SECRET, osapSharedSecret,
                BSG_TPM_NONCE, &auth->NonceEven );

  Crypto_SHA1Full(XORbuffer, XORbufferSize, (BYTE *) &XORKey);

  int i;
  for (i=0; i < TPM_DIGEST_SIZE; i++)
    ((BYTE *) &encAuth)[i] = ((BYTE *) &XORKey)[i] ^ ((BYTE *) sealDataAuth)[i];

  // Generate Extra TCS Parameters
  UINT32 inDataSize = buffer_len(inData);
  struct pack_buf_t inData_pack = {inDataSize, inData->bytes};
  struct pack_buf_t pcrInfo_pack = {pcrInfoSize, flatpcr};

  UINT32 sealedDataSize;
  BYTE *flatSealedData=NULL;

  paramText = (BYTE *) malloc(sizeof(BYTE) *  TCPA_MAX_BUFFER_LENGTH);

  paramTextSize = BSG_PackList(paramText, 4,
                               BSG_TPM_COMMAND_CODE, &command,
                               BSG_TPM_ENCAUTH, &encAuth,
                               BSG_TPM_SIZE32_DATA, &pcrInfo_pack,
                               BSG_TPM_SIZE32_DATA, &inData_pack);

  TPMTRYRETURN( GenerateAuth( paramText, paramTextSize,
                              osapSharedSecret, auth) );

  // Call TCS
  TPMTRYRETURN( TCSP_Seal( hContext,
                           keyHandle,
                           encAuth,
                           pcrInfoSize,
                           flatpcr,
                           inDataSize,
                           inData->bytes,
                           auth,
                           &sealedDataSize,
                           &flatSealedData) );

  // Unpack/return key structure
  BSG_Unpack( BSG_TPM_STORED_DATA, flatSealedData, sealedData );

  paramTextSize = BSG_PackList(paramText, 3,
                               BSG_TPM_RESULT, &status,
                               BSG_TPM_COMMAND_CODE, &command,
                               BSG_TPM_STORED_DATA, sealedData);

  TPMTRYRETURN( VerifyAuth( paramText, paramTextSize,
                            osapSharedSecret, auth,
                            0) );


  goto egress;

 abort_egress:
 egress:

  if (flatSealedData)
    TCS_FreeMemory( hContext, flatSealedData);

  free(paramText);
  return status;
}


TPM_RESULT VTSP_Unseal(const TCS_CONTEXT_HANDLE    hContext,
                       const TPM_KEY_HANDLE        keyHandle,
                       const TPM_STORED_DATA       *sealedData,
                       const TPM_AUTHDATA          *key_usage_auth,
                       const TPM_AUTHDATA          *data_usage_auth,
                       buffer_t                    *outData,
                       TCS_AUTH                    *auth,
                       TCS_AUTH                    *dataAuth) {

  TPM_RESULT status = TPM_SUCCESS;
  TPM_COMMAND_CODE command = TPM_ORD_Unseal;

  BYTE *paramText;        // Digest to make Auth.
  UINT32 paramTextSize;

  // Generate Extra TCS Parameters
  UINT32 sealDataSize, clearDataSize;
  BYTE *flatSealedData= (BYTE *) malloc(sizeof(TPM_VERSION) +
                                        2 * sizeof(UINT32) +
                                        sealedData->sealInfoSize +
                                        sealedData->encDataSize),
       *clearData=NULL;

  sealDataSize = BSG_Pack(BSG_TPM_STORED_DATA, sealedData, flatSealedData );

  paramText = (BYTE *) malloc(sizeof(BYTE) *  TCPA_MAX_BUFFER_LENGTH);

  paramTextSize = BSG_PackList(paramText, 2,
                               BSG_TPM_COMMAND_CODE, &command,
                               BSG_TPM_STORED_DATA, sealedData);

  TPMTRYRETURN( GenerateAuth( paramText, paramTextSize,
                              key_usage_auth, auth) );

  TPMTRYRETURN( GenerateAuth( paramText, paramTextSize,
                              data_usage_auth, dataAuth) );
  // Call TCS
  TPMTRYRETURN( TCSP_Unseal(  hContext,
                              keyHandle,
                              sealDataSize,
                              flatSealedData,
                              auth,
                              dataAuth,
                              &clearDataSize,
                              &clearData) );

  // Verify Auth
  struct pack_buf_t clearData_pack = {clearDataSize, clearData};

  paramTextSize = BSG_PackList(paramText, 3,
                               BSG_TPM_RESULT, &status,
                               BSG_TPM_COMMAND_CODE, &command,
                               BSG_TPM_SIZE32_DATA, &clearData_pack);

  TPMTRYRETURN( VerifyAuth( paramText, paramTextSize,
                            key_usage_auth, auth,
                            hContext) );

  TPMTRYRETURN( VerifyAuth( paramText, paramTextSize,
                            data_usage_auth, dataAuth,
                            hContext) );

  // Unpack/return key structure
  TPMTRYRETURN( buffer_init(outData, clearDataSize, clearData) );

  goto egress;

 abort_egress:
 egress:

  if (flatSealedData)
    TCS_FreeMemory( hContext, clearData);

  free(paramText);
  return status;
}

TPM_RESULT VTSP_SaveState( const TCS_CONTEXT_HANDLE    hContext) {

  vtpmloginfo(VTPM_LOG_VTSP, "Calling TPM_SaveState.\n");

  TPM_RESULT status = TPM_SUCCESS;

  // Call TCS
  return ( TCSP_SaveState ( hContext ) );

}


// Function Reaches into unsupported TCS command, beware.
TPM_RESULT VTSP_RawTransmit(const TCS_CONTEXT_HANDLE    hContext,
                            const buffer_t *inbuf,
                            buffer_t *outbuf ) {
  
  vtpmloginfo(VTPM_LOG_VTSP, "Passthrough in use.\n");
  TPM_RESULT status = TPM_SUCCESS;
  
  // Generate Extra TCS Parameters
  BYTE *resultText = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH);
  UINT32 resultTextSize =  TCPA_MAX_BUFFER_LENGTH;
  
  // Call TCS                          
  TPMTRYRETURN( TCSP_RawTransmitData(buffer_len(inbuf), inbuf->bytes, 
				     &resultTextSize, resultText) );
  
  // Unpack/return key structure
  TPMTRYRETURN(buffer_init (outbuf, resultTextSize, resultText) );                                
  goto egress;
  
 abort_egress:
  
 egress:
  TCS_FreeMemory(hContext, resultText);
  free(resultText);
  return status;
}