tspps.c

TCG软件栈 linux系统上使用 为可信应用软件提供和 TPM通信的 接口 其网站上有很多关于使用此软件的测试用例

/*
 * Licensed Materials - Property of IBM
 *
 * trousers - An open source TCG Software Stack
 *
 * (C) Copyright International Business Machines Corp. 2004-2006
 *
 */


#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
#include <pwd.h>
#include <sys/types.h>
#include <sys/file.h>
#include <sys/stat.h>
#include <assert.h>

#include "trousers/tss.h"
#include "trousers/trousers.h"
#include "trousers_types.h"
#include "tcs_tsp.h"
#include "spi_utils.h"
#include "tspps.h"
#include "tsplog.h"

static int user_ps_fd = -1;
static MUTEX_DECLARE_INIT(user_ps_lock);

/*
 * Determine the default path to the persistent storage file and create it if it doesn't exist.
 */
TSS_RESULT
get_user_ps_path(char **file)
{
	TSS_RESULT result = TSPERR(TSS_E_INTERNAL_ERROR);
	char *file_name = NULL, *home_dir = NULL;
	struct passwd pw, *pwp;
	struct stat stat_buf;
	char buf[PASSWD_BUFSIZE];
	uid_t euid;
	int rc;

	if ((file_name = getenv("TSS_USER_PS_FILE"))) {
		*file = strdup(file_name);
		return (*file) ? TSS_SUCCESS : TSPERR(TSS_E_OUTOFMEMORY);
	}

	euid = geteuid();

	setpwent();
	while (1) {
		rc = getpwent_r(&pw, buf, PASSWD_BUFSIZE, &pwp);
		if (rc) {
			LogDebugFn("USER PS: Error getting path to home directory: getpwent_r: %s",
				   strerror(rc));
			endpwent();
			return TSPERR(TSS_E_INTERNAL_ERROR);
		}

		if (euid == pwp->pw_uid) {
			home_dir = strdup(pwp->pw_dir);
			break;
		}
	}
	endpwent();

	if (!home_dir)
		return TSPERR(TSS_E_OUTOFMEMORY);

	/* Tack on TSS_USER_PS_DIR and see if it exists */
	rc = snprintf(buf, PASSWD_BUFSIZE, "%s/%s", home_dir, TSS_USER_PS_DIR);
	if (rc == PASSWD_BUFSIZE) {
		LogDebugFn("USER PS: Path to file too long! (> %d bytes)", PASSWD_BUFSIZE);
		goto done;
	}

	errno = 0;
	if ((rc = stat(buf, &stat_buf)) == -1) {
		if (errno == ENOENT) {
			errno = 0;
			/* Create the base directory, $HOME/.trousers */
			if ((rc = mkdir(buf, 0700)) == -1) {
				LogDebugFn("USER PS: Error creating dir: %s: %s", buf,
					   strerror(errno));
				goto done;
			}
		} else {
			LogDebugFn("USER PS: Error stating dir: %s: %s", buf, strerror(errno));
			goto done;
		}
	}

	/* Directory exists or has been created, return the path to the file */
	rc = snprintf(buf, PASSWD_BUFSIZE, "%s/%s/%s", home_dir, TSS_USER_PS_DIR,
		      TSS_USER_PS_FILE);
	if (rc == PASSWD_BUFSIZE) {
		LogDebugFn("USER PS: Path to file too long! (> %d bytes)", PASSWD_BUFSIZE);
	} else
		*file = strdup(buf);

	result = (*file) ? TSS_SUCCESS : TSPERR(TSS_E_OUTOFMEMORY);
done:
	free(home_dir);
	return result;
}

TSS_RESULT
get_file(int *fd)
{
	TSS_RESULT result;
	int rc = 0;
	char *file_name = NULL;

	MUTEX_LOCK(user_ps_lock);

	/* check the global file handle first.  If it exists, lock it and return */
	if (user_ps_fd != -1) {
		if ((rc = flock(user_ps_fd, LOCK_EX))) {
			LogDebug("USER PS: failed to lock file: %s", strerror(errno));
			MUTEX_UNLOCK(user_ps_lock);
			return TSPERR(TSS_E_INTERNAL_ERROR);
		}

		*fd = user_ps_fd;
		return TSS_SUCCESS;
	}

	/* open and lock the file */
	if ((result = get_user_ps_path(&file_name))) {
		LogDebugFn("USER PS: error getting file path");
		MUTEX_UNLOCK(user_ps_lock);
		return result;
	}

	user_ps_fd = open(file_name, O_CREAT|O_RDWR, 0600);
	if (user_ps_fd < 0) {
		LogDebug("USER PS: open of %s failed: %s", file_name, strerror(errno));
		free(file_name);
		MUTEX_UNLOCK(user_ps_lock);
		return TSPERR(TSS_E_INTERNAL_ERROR);
	}

	if ((rc = flock(user_ps_fd, LOCK_EX))) {
		LogDebug("USER PS: failed to get lock of %s: %s", file_name, strerror(errno));
		free(file_name);
		close(user_ps_fd);
		user_ps_fd = -1;
		MUTEX_UNLOCK(user_ps_lock);
		return TSPERR(TSS_E_INTERNAL_ERROR);
	}

	*fd = user_ps_fd;
	free(file_name);
	return TSS_SUCCESS;
}

int
put_file(int fd)
{
	int rc = 0;

	fsync(fd);

	/* release the file lock */
	if ((rc = flock(fd, LOCK_UN))) {
		LogDebug("USER PS: failed to unlock file: %s", strerror(errno));
		rc = -1;
	}

	MUTEX_UNLOCK(user_ps_lock);
	return rc;
}

void
psfile_close(int fd)
{
	close(fd);
	user_ps_fd = -1;
	MUTEX_UNLOCK(user_ps_lock);
}

TSS_RESULT
psfile_is_key_registered(int fd, TSS_UUID *uuid, TSS_BOOL *answer)
{
        TSS_RESULT result;
        struct key_disk_cache tmp;

	if ((result = psfile_get_cache_entry_by_uuid(fd, uuid, &tmp)) == TSS_SUCCESS)
		*answer = TRUE;
	else if (result == TSPERR(TSS_E_PS_KEY_NOTFOUND))
		*answer = FALSE;
        else
                return result;

        return TSS_SUCCESS;
}

TSS_RESULT
psfile_get_parent_uuid_by_uuid(int fd, TSS_UUID *uuid, TSS_UUID *ret_uuid)
{
	TSS_RESULT result;
        struct key_disk_cache tmp;

	if ((result = psfile_get_cache_entry_by_uuid(fd, uuid, &tmp)))
		return result;

	memcpy(ret_uuid, &tmp.parent_uuid, sizeof(TSS_UUID));

        return TSS_SUCCESS;
}

TSS_RESULT
psfile_get_parent_ps_type(int fd, TSS_UUID *uuid, UINT32 *type)
{
	TSS_RESULT result;
        struct key_disk_cache tmp;

	if ((result = psfile_get_cache_entry_by_uuid(fd, uuid, &tmp)))
		return result;

	if (tmp.flags & CACHE_FLAG_PARENT_PS_SYSTEM)
		*type = TSS_PS_TYPE_SYSTEM;
	else
		*type = TSS_PS_TYPE_USER;

        return TSS_SUCCESS;
}

/*
 * return a key struct from PS given a uuid
 */
TSS_RESULT
psfile_get_key_by_uuid(int fd, TSS_UUID *uuid, BYTE *key)
{
        int rc;
	TSS_RESULT result;
        off_t file_offset;
        struct key_disk_cache tmp;
	BYTE buf[4096];

	if ((result = psfile_get_cache_entry_by_uuid(fd, uuid, &tmp)))
		return result;

	/* jump to the location of the key blob */
	file_offset = TSSPS_BLOB_DATA_OFFSET(&tmp);

	rc = lseek(fd, file_offset, SEEK_SET);
	if (rc == ((off_t)-1)) {
		LogDebugFn("lseek: %s", strerror(errno));
		return TSPERR(TSS_E_INTERNAL_ERROR);
	}

	if ((rc = read_data(fd, buf, tmp.blob_size))) {
		LogDebugFn("Blob read from disk failed.");
		return rc;
	}

	memcpy(key, buf, tmp.blob_size);
	return TSS_SUCCESS;
}

/*
 * return a key struct from PS given a public key
 */
TSS_RESULT
psfile_get_key_by_pub(int fd, TSS_UUID *uuid, UINT32 pub_size, BYTE *pub, BYTE *key)
{
        int rc;
	TSS_RESULT result;
        off_t file_offset;
        struct key_disk_cache tmp;
	BYTE buf[4096];

	if ((result = psfile_get_cache_entry_by_pub(fd, pub_size, pub, &tmp)))
		return result;

	/* jump to the location of the key blob */
	file_offset = TSSPS_BLOB_DATA_OFFSET(&tmp);

	rc = lseek(fd, file_offset, SEEK_SET);
	if (rc == ((off_t)-1)) {
		LogDebugFn("lseek: %s", strerror(errno));
		return TSPERR(TSS_E_INTERNAL_ERROR);
	}

	if ((result = read_data(fd, buf, tmp.blob_size))) {
		LogDebugFn("Blob read from disk failed.");
		return result;
	}

	memcpy(key, buf, tmp.blob_size);
	memcpy(uuid, &tmp.uuid, sizeof(TSS_UUID));

	return TSS_SUCCESS;
}

TSS_RESULT
psfile_get_uuid_by_pub(int fd, UINT32 pub_size, BYTE *pub, TSS_UUID *uuid)
{
	TSS_RESULT result;
        struct key_disk_cache tmp;

	if ((result = psfile_get_cache_entry_by_pub(fd, pub_size, pub, &tmp)))
		return result;

	memcpy(uuid, &tmp.uuid, sizeof(TSS_UUID));

        return TSS_SUCCESS;
}

TSS_RESULT
psfile_change_num_keys(int fd, BYTE increment)
{
	int rc;
	TSS_RESULT result;
	UINT32 num_keys;

	rc = lseek(fd, TSSPS_NUM_KEYS_OFFSET, SEEK_SET);
	if (rc == ((off_t)-1)) {
		LogDebug("lseek: %s", strerror(errno));
		return TSPERR(TSS_E_INTERNAL_ERROR);
	}

	rc = read(fd, &num_keys, sizeof(UINT32));
	if (rc != sizeof(UINT32)) {
		LogDebug("read of %zd bytes: %s", sizeof(UINT32), strerror(errno));
		return TSPERR(TSS_E_INTERNAL_ERROR);
	}

	if (increment)
		num_keys++;
	else
		num_keys--;

	rc = lseek(fd, TSSPS_NUM_KEYS_OFFSET, SEEK_SET);
	if (rc == ((off_t)-1)) {
		LogDebug("lseek: %s", strerror(errno));
		return TSPERR(TSS_E_INTERNAL_ERROR);
	}

	if ((result = write_data(fd, (void *)&num_keys, sizeof(UINT32)))) {
		LogDebug("%s", __FUNCTION__);
		return result;
	}

	return TSS_SUCCESS;
}

/* Write the initial header (number of keys and PS version) to initialize a new file */
TSS_RESULT
psfile_write_key_header(int fd)
{
	int rc;
	TSS_RESULT result;
	UINT32 i;

	rc = lseek(fd, TSSPS_VERSION_OFFSET, SEEK_SET);
	if (rc == ((off_t)-1)) {
		LogDebug("lseek: %s", strerror(errno));
		return TSPERR(TSS_E_INTERNAL_ERROR);
	}

	i = TSSPS_VERSION;
        if ((result = write_data(fd, &i, sizeof(BYTE)))) {
		LogDebug("%s", __FUNCTION__);
		return result;
	}

	rc = lseek(fd, TSSPS_NUM_KEYS_OFFSET, SEEK_SET);
	if (rc == ((off_t)-1)) {
		LogDebug("lseek: %s", strerror(errno));
		return TSPERR(TSS_E_INTERNAL_ERROR);
	}

	i = 0;
        if ((result = write_data(fd, &i, sizeof(UINT32)))) {
		LogDebug("%s", __FUNCTION__);
		return result;
	}

	return TSS_SUCCESS;
}

/*
 * disk store format:
 *
 * TrouSerS 0.2.1+
 * Version 1:                  cached?
 * [BYTE     PS version = '\1']
 * [UINT32   num_keys_on_disk ]
 * [TSS_UUID uuid0            ] yes
 * [TSS_UUID uuid_parent0     ] yes
 * [UINT16   pub_data_size0   ] yes
 * [UINT16   blob_size0       ] yes
 * [UINT32   vendor_data_size0] yes
 * [UINT16   cache_flags0     ] yes
 * [BYTE[]   pub_data0        ]
 * [BYTE[]   blob0            ]
 * [BYTE[]   vendor_data0     ]
 * [...]
 *
 */
TSS_RESULT
psfile_write_key(int fd,
		 TSS_UUID *uuid,
		 TSS_UUID *parent_uuid,
		 UINT32 parent_ps,
		 BYTE *key_blob,
		 UINT16 key_blob_size)
{
	TSS_RESULT result;
	TSS_KEY key;
	UINT32 zero = 0;
	UINT64 offset;
	UINT16 pub_key_size, cache_flags = 0;
	struct stat stat_buf;
	int rc, file_offset;

	/* leaving the cache flag for parent ps type as 0 implies TSS_PS_TYPE_USER */
	if (parent_ps == TSS_PS_TYPE_SYSTEM)
		cache_flags |= CACHE_FLAG_PARENT_PS_SYSTEM;

	if ((rc = fstat(fd, &stat_buf)) == -1) {
		LogDebugFn("stat failed: %s", strerror(errno));
		return TSPERR(TSS_E_INTERNAL_ERROR);
	}

	file_offset = stat_buf.st_size;

	if (file_offset < (int)TSSPS_KEYS_OFFSET) {
		if ((result = psfile_write_key_header(fd)))
			return result;
		file_offset = TSSPS_KEYS_OFFSET;
	}

	rc = lseek(fd, file_offset, SEEK_SET);
	if (rc == ((off_t)-1)) {
		LogDebug("lseek: %s", strerror(errno));
		return TSPERR(TSS_E_INTERNAL_ERROR);
	}

	/* Unload the blob to get the public key */
	offset = 0;
	if ((result = UnloadBlob_TSS_KEY(&offset, key_blob, &key)))
		return result;

	pub_key_size = key.pubKey.keyLength;

	/* [TSS_UUID uuid0           ] yes */
        if ((result = write_data(fd, (void *)uuid, sizeof(TSS_UUID)))) {
		LogDebug("%s", __FUNCTION__);
		goto done;
	}

	/* [TSS_UUID uuid_parent0    ] yes */
        if ((result = write_data(fd, (void *)parent_uuid, sizeof(TSS_UUID)))) {
		LogDebug("%s", __FUNCTION__);
		goto done;
	}

	/* [UINT16   pub_data_size0  ] yes */
        if ((result = write_data(fd, &pub_key_size, sizeof(UINT16)))) {
		LogDebug("%s", __FUNCTION__);
		goto done;
	}

	/* [UINT16   blob_size0      ] yes */
        if ((result = write_data(fd, &key_blob_size, sizeof(UINT16)))) {
		LogDebug("%s", __FUNCTION__);
		goto done;
	}

	/* [UINT32   vendor_data_size0 ] yes */
        if ((result = write_data(fd, &zero, sizeof(UINT32)))) {
		LogDebug("%s", __FUNCTION__);
		goto done;
	}

	/* [UINT16   cache_flags0    ] yes */
        if ((result = write_data(fd, &cache_flags, sizeof(UINT16)))) {
		LogDebug("%s", __FUNCTION__);
		goto done;
	}

	/* [BYTE[]   pub_data0       ] no */
        if ((result = write_data(fd, (void *)key.pubKey.key, pub_key_size))) {
		LogDebug("%s", __FUNCTION__);
		goto done;
	}

	/* [BYTE[]   blob0           ] no */
        if ((result = write_data(fd, (void *)key_blob, key_blob_size))) {
		LogDebug("%s", __FUNCTION__);
		goto done;
	}

	if ((result = psfile_change_num_keys(fd, TSS_PSFILE_INCREMENT_NUM_KEYS))) {
		LogDebug("%s", __FUNCTION__);
		goto done;
	}

done:
	free_key_refs(&key);
        return result;
}

TSS_RESULT
psfile_remove_key(int fd, TSS_UUID *uuid)
{
        TSS_RESULT result;
        UINT32 head_offset = 0, tail_offset;
	int rc, size = 0;
	struct key_disk_cache c;
	BYTE buf[4096];

	if ((result = psfile_get_cache_entry_by_uuid(fd, uuid, &c)))
		return result;

	/* head_offset is the offset the beginning of the key */
	head_offset = TSSPS_UUID_OFFSET(&c);

	/* tail_offset is the offset the beginning of the next key */
	tail_offset = TSSPS_VENDOR_DATA_OFFSET(&c) + c.vendor_data_size;

	rc = lseek(fd, tail_offset, SEEK_SET);
	if (rc == ((off_t)-1)) {
		LogDebug("lseek: %s", strerror(errno));
		return TSPERR(TSS_E_INTERNAL_ERROR);
	}

	/* read in from tail, write out to head to fill the gap */
	while ((rc = read(fd, buf, sizeof(buf))) > 0) {
		size = rc;
		tail_offset += size;

		/* set the file pointer to where we want to write */
		rc = lseek(fd, head_offset, SEEK_SET);
		if (rc == ((off_t)-1)) {
			LogDebug("lseek: %s", strerror(errno));
			return TSPERR(TSS_E_INTERNAL_ERROR);
		}

		/* write the data */
		if ((result = write_data(fd, (void *)buf, size))) {
			LogDebug("%s", __FUNCTION__);
			return result;
		}
		head_offset += size;

		/* set the file pointer to where we want to read in the next
		 * loop */
		rc = lseek(fd, tail_offset, SEEK_SET);
		if (rc == ((off_t)-1)) {
			LogDebug("lseek: %s", strerror(errno));
			return TSPERR(TSS_E_INTERNAL_ERROR);
		}
	}

	if (rc < 0) {
		LogDebug("read: %s", strerror(errno));
		return TSPERR(TSS_E_INTERNAL_ERROR);
	}

	/* set the file pointer to where we want to write */
	rc = lseek(fd, head_offset, SEEK_SET);
	if (rc == ((off_t)-1)) {
		LogDebug("lseek: %s", strerror(errno));
		return TSPERR(TSS_E_INTERNAL_ERROR);
	}

	/* head_offset now contains a pointer to where we want to truncate the
	 * file. Zero out the old tail end of the file and truncate it. */

	memset(buf, 0, sizeof(buf));

	/* Zero out the old tail end of the file */
	if ((result = write_data(fd, (void *)buf, tail_offset - head_offset))) {
		LogDebug("%s", __FUNCTION__);
		return result;
	}

	if ((rc = ftruncate(fd, head_offset)) < 0) {
		LogDebug("ftruncate: %s", strerror(errno));
		return TSPERR(TSS_E_INTERNAL_ERROR);
	}

	/* we succeeded in removing a key from the disk. Decrement the number
	 * of keys in the file */
	if ((result = psfile_change_num_keys(fd, TSS_PSFILE_DECREMENT_NUM_KEYS)))
		return result;

	return TSS_SUCCESS;
}

TSS_RESULT
psfile_get_all_cache_entries(int fd, UINT32 *size, struct key_disk_cache **c)
{
	UINT32 i, num_keys = psfile_get_num_keys(fd);
	int offset;
	TSS_RESULT result;
	struct key_disk_cache *tmp = NULL;