diff -Naur trousers-0.2.9.1/INSTALL trousers-0.2.9.1-mtm/INSTALL --- trousers-0.2.9.1/INSTALL 1970-01-01 00:00:00.000000000 +0000 +++ trousers-0.2.9.1-mtm/INSTALL 2007-12-11 17:23:01.000000000 +0000 @@ -0,0 +1,12 @@ +TrouSerS with MTM modifications. + +(C) Copyright Nokia Corporation 2007 - All Rights Reserved +This file is made available under the terms of the IBM Common Public License v1.0 + +Compilation and installation: + + $ sh < bootstrap.sh + $ ./configure --with-gui=none + $ make + $ make install + diff -Naur trousers-0.2.9.1/Makefile.am trousers-0.2.9.1-mtm/Makefile.am --- trousers-0.2.9.1/Makefile.am 2005-07-07 18:45:28.000000000 +0000 +++ trousers-0.2.9.1-mtm/Makefile.am 2007-12-11 16:26:23.000000000 +0000 @@ -1 +1,4 @@ SUBDIRS = src man dist tools + +EXTRA_DIST = bootstrap.sh LICENSE + diff -Naur trousers-0.2.9.1/configure.in trousers-0.2.9.1-mtm/configure.in --- trousers-0.2.9.1/configure.in 2007-04-12 21:39:17.000000000 +0000 +++ trousers-0.2.9.1-mtm/configure.in 2007-12-12 08:29:28.000000000 +0000 @@ -131,11 +131,18 @@ AC_DISABLE_STATIC AC_PROG_CC AC_PROG_LIBTOOL +# It would be nice to use these checks to enable Cygwin compilation +# However these are not part of standard autotools macro packages +# AC_CHECK_MLOCK +# AC_CHECK_UTMP +AC_CHECK_FUNC(getpwent, AC_DEFINE(HAVE_GETPWENT),) +AC_CHECK_FUNC(getpwent_r, AC_DEFINE(HAVE_GETPWENT_R),) +AC_CHECK_HEADER(linux/ioctl.h,[AC_DEFINE(HAVE_LINUX_IOCTL_H)]) AC_SUBST(TCSD_DEFAULT_PORT, 30003) - -CFLAGS="$CFLAGS -I../include -W -Wall -Werror -Wno-unused-parameter -DTCSD_DEFAULT_PORT=${TCSD_DEFAULT_PORT} -DTSS_VER_MAJOR=${TSS_VER_MAJOR} -DTSS_VER_MINOR=${TSS_VER_MINOR}" +CFLAGS="$CFLAGS -I../include -W -Wall -Wno-unused-parameter -DTCSD_DEFAULT_PORT=${TCSD_DEFAULT_PORT} -DTSS_VER_MAJOR=${TSS_VER_MAJOR} -DTSS_VER_MINOR=${TSS_VER_MINOR}" +#CFLAGS="$CFLAGS -I../include -W -Wall -Werror -Wno-unused-parameter -DTCSD_DEFAULT_PORT=${TCSD_DEFAULT_PORT} -DTSS_VER_MAJOR=${TSS_VER_MAJOR} -DTSS_VER_MINOR=${TSS_VER_MINOR}" #CFLAGS="$CFLAGS -I../include -std=c99 -pedantic -W -Wall" KERNEL_VERSION=`uname -r` AC_SUBST(CFLAGS) diff -Naur trousers-0.2.9.1/src/include/Makefile.am trousers-0.2.9.1-mtm/src/include/Makefile.am --- trousers-0.2.9.1/src/include/Makefile.am 2005-06-27 18:28:42.000000000 +0000 +++ trousers-0.2.9.1-mtm/src/include/Makefile.am 2007-09-12 12:57:09.000000000 +0000 @@ -4,3 +4,31 @@ tssinclude_HEADERS = tss/tcpa_error.h tss/tcs_error.h tss/tddlapi_error.h tss/tspi.h tss/tss_error.h tss/platform.h tss/tcpa_struct.h tss/tcs_structs.h tss/tddl_error.h tss/tss_defines.h tss/tss_structs.h tss/tcpa_defines.h tss/tcpa_typedef.h tss/tcs_typedef.h tss/tddli.h tss/tss_error_basics.h tss/tss_typedef.h trousersinclude_HEADERS = trousers/tss.h trousers/trousers.h +EXTRA_DIST = \ + auth_mgr.h \ + biosem.h \ + capabilities.h \ + hosttable.h \ + imaem.h \ + memmgr.h \ + obj.h \ + req_mgr.h \ + spi_internal_types.h \ + spi_utils.h \ + tcsd.h \ + tcsd_ops.h \ + tcsd_wrap.h \ + tcsem.h \ + tcs_internal_types.h \ + tcs_int_literals.h \ + tcslog.h \ + tcsps.h \ + tcs_tsp.h \ + tcs_utils.h \ + tddl.h \ + trousers_types.h \ + trpctp.h \ + tsplog.h \ + tspps.h \ + linux/tpm.h + diff -Naur trousers-0.2.9.1/src/include/linux/tpm.h trousers-0.2.9.1-mtm/src/include/linux/tpm.h --- trousers-0.2.9.1/src/include/linux/tpm.h 2004-12-10 15:37:07.000000000 +0000 +++ trousers-0.2.9.1-mtm/src/include/linux/tpm.h 2007-11-13 13:28:21.000000000 +0000 @@ -4,6 +4,9 @@ * * trousers - An open source TCG Software Stack * + * Portions Copyright (c) 2007 Nokia Corporation + * All Rights Reserved. + * * (C) Copyright International Business Machines Corp. 2004 * */ @@ -16,7 +19,11 @@ #ifndef _TPM_H_ #define _TPM_H_ +#ifdef HAVE_LINUX_IOCTL_H #include +#else +#include +#endif /* ioctl commands */ #define TPMIOC_CANCEL _IO('T', 0x00) diff -Naur trousers-0.2.9.1/src/include/spi_utils.h trousers-0.2.9.1-mtm/src/include/spi_utils.h --- trousers-0.2.9.1/src/include/spi_utils.h 2007-01-12 19:51:20.000000000 +0000 +++ trousers-0.2.9.1-mtm/src/include/spi_utils.h 2007-11-13 13:24:52.000000000 +0000 @@ -4,6 +4,9 @@ * * trousers - An open source TCG Software Stack * + * Portions Copyright (c) 2007 Nokia Corporation + * All Rights Reserved. + * * (C) Copyright International Business Machines Corp. 2004, 2005 * */ @@ -256,4 +259,12 @@ TSS_RESULT TCSP_LoadManuMaintPub(TCS_CONTEXT_HANDLE, TCPA_NONCE, UINT32, BYTE *, TCPA_DIGEST *); TSS_RESULT TCSP_ReadManuMaintPub(TCS_CONTEXT_HANDLE, TCPA_NONCE, TCPA_DIGEST *); +TSS_RESULT TCSP_InstallRIM(TSS_HCONTEXT, UINT32, BYTE *, TPM_AUTH *, UINT32 *, BYTE **); +TSS_RESULT TCSP_LoadVerificationKey(TSS_HCONTEXT, UINT32, UINT32, BYTE *, TPM_AUTH *, UINT32 *, BYTE *); +TSS_RESULT TCSP_LoadVerificationRootKeyDisable(TSS_HCONTEXT); +TSS_RESULT TCSP_VerifyRIMCert(TSS_HCONTEXT, UINT32, BYTE *, UINT32); +TSS_RESULT TCSP_VerifyRIMCertAndExtend(TSS_HCONTEXT, UINT32, BYTE *, UINT32, TCPA_PCRVALUE *); +TSS_RESULT TCSP_IncrementBootstrapCounter(TSS_HCONTEXT, UINT32, BYTE *, UINT32); +TSS_RESULT TCSP_SetVerifiedPCRSelection(TSS_HCONTEXT, TCPA_PCR_SELECTION *, TPM_AUTH *); + #endif diff -Naur trousers-0.2.9.1/src/include/tcs_utils.h trousers-0.2.9.1-mtm/src/include/tcs_utils.h --- trousers-0.2.9.1/src/include/tcs_utils.h 2006-12-08 16:47:57.000000000 +0000 +++ trousers-0.2.9.1-mtm/src/include/tcs_utils.h 2007-11-13 13:25:49.000000000 +0000 @@ -4,6 +4,9 @@ * * trousers - An open source TCG Software Stack * + * Portions Copyright (c) 2007 Nokia Corporation + * All Rights Reserved. + * * (C) Copyright International Business Machines Corp. 2004-2006 * */ @@ -712,4 +715,43 @@ ); TSS_RESULT TCSP_Reset_Internal(TCS_CONTEXT_HANDLE hContext ); + TSS_RESULT TCSP_InstallRIM_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 rimCertSize, /* in */ + BYTE * rimCertIn, /* in */ + TPM_AUTH * authData, /* in, out */ + UINT32 * outDataSize, /* out */ + BYTE ** outData /* out */ + ); + TSS_RESULT TCSP_LoadVerificationKey_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 parentKeyHandle, /* in */ + UINT32 verificationKeySize, /* in */ + BYTE * verificationKeyData, /* in */ + TPM_AUTH * authData, /* in, out */ + UINT32 * verificationKeyHandle,/* out */ + BYTE * loadMethod /* out */ + ); + TSS_RESULT TCSP_LoadVerificationRootKeyDisable_Internal(TCS_CONTEXT_HANDLE hContext /* in */ + ); + TSS_RESULT TCSP_VerifyRIMCert_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 rimCertSize, /* in */ + BYTE * rimCert, /* in */ + UINT32 rimKeyHandle /* in */ + ); + TSS_RESULT TCSP_VerifyRIMCertAndExtend_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 rimCertSize, /* in */ + BYTE * rimCert, /* in */ + UINT32 rimKeyHandle, /* in */ + TCPA_PCRVALUE * outDigest /* out */ + ); + TSS_RESULT TCSP_IncrementBootstrapCounter_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 rimCertSize, /* in */ + BYTE * rimCert, /* in */ + UINT32 rimKeyHandle /* in */ + ); + TSS_RESULT TCSP_SetVerifiedPCRSelection_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT16 sizeOfSelect, /* in */ + BYTE * selection, /* in */ + TPM_AUTH * authData /* in, out */ + ); + #endif /*_TCS_UTILS_H_ */ diff -Naur trousers-0.2.9.1/src/include/tcsd_wrap.h trousers-0.2.9.1-mtm/src/include/tcsd_wrap.h --- trousers-0.2.9.1/src/include/tcsd_wrap.h 2006-12-08 16:46:53.000000000 +0000 +++ trousers-0.2.9.1-mtm/src/include/tcsd_wrap.h 2007-11-13 13:25:23.000000000 +0000 @@ -4,6 +4,9 @@ * * trousers - An open source TCG Software Stack * + * Portions Copyright (c) 2007 Nokia Corporation + * All Rights Reserved. + * * (C) Copyright International Business Machines Corp. 2004 * */ @@ -141,8 +144,18 @@ TCSD_ORD_KILLMAINTENANCEFEATURE = 71, TCSD_ORD_LOADMANUFACTURERMAINTENANCEPUB = 72, TCSD_ORD_READMANUFACTURERMAINTENANCEPUB = 73, + + /* Add MTM specific ORDs */ + TCSD_ORD_INSTALLRIM = 74, + TCSD_ORD_LOADVERIFICATIONKEY = 75, + TCSD_ORD_LOADVERIFICATIONROOTKEYDISABLE = 76, + TCSD_ORD_VERIFYRIMCERT = 77, + TCSD_ORD_VERIFYRIMCERTANDEXTEND = 78, + TCSD_ORD_INCREMENTBOOTSTRAPCOUNTER = 79, + TCSD_ORD_SETVERIFIEDPCRSELECTION = 80, + /* Last */ - TCSD_LAST_ORD = 74 + TCSD_LAST_ORD = 81 }; #define TCSD_MAX_NUM_ORDS TCSD_LAST_ORD diff -Naur trousers-0.2.9.1/src/include/trousers_types.h trousers-0.2.9.1-mtm/src/include/trousers_types.h --- trousers-0.2.9.1/src/include/trousers_types.h 2006-01-04 17:23:52.000000000 +0000 +++ trousers-0.2.9.1-mtm/src/include/trousers_types.h 2007-11-13 13:26:17.000000000 +0000 @@ -4,6 +4,9 @@ * * trousers - An open source TCG Software Stack * + * Portions Copyright (c) 2007 Nokia Corporation + * All Rights Reserved. + * * (C) Copyright International Business Machines Corp. 2004, 2005 * */ @@ -146,8 +149,19 @@ #define TPM_ORD_PhysicalPresence (TCPA_CONNECTION_ORDINAL + 10) +/* MTM ordinals, page 54 section 7.9 in TCG MTM specification */ +#define MTM_ORD_InstallRIM (TCPA_PROTECTED_ORDINAL + 66) +#define MTM_ORD_LoadVerificationKey (TCPA_PROTECTED_ORDINAL + 67) +#define MTM_ORD_LoadVerificationRootKeyDisable (TCPA_PROTECTED_ORDINAL + 68) +#define MTM_ORD_VerifyRIMCert (TCPA_PROTECTED_ORDINAL + 69) +#define MTM_ORD_VerifyRIMCertAndExtend (TCPA_PROTECTED_ORDINAL + 72) +#define MTM_ORD_IncrementBootstrapCounter (TCPA_PROTECTED_ORDINAL + 73) +#define MTM_ORD_SetVerifiedPCRSelection (TCPA_PROTECTED_ORDINAL + 74) + + /* TSS 1.2 stuff needed for backporting its functionality */ + #define TPM_VERSION_BYTE BYTE typedef struct tdTPM_VERSION { TPM_VERSION_BYTE major; diff -Naur trousers-0.2.9.1/src/include/trpctp.h trousers-0.2.9.1-mtm/src/include/trpctp.h --- trousers-0.2.9.1/src/include/trpctp.h 2007-01-12 19:51:20.000000000 +0000 +++ trousers-0.2.9.1-mtm/src/include/trpctp.h 2007-11-13 13:26:44.000000000 +0000 @@ -4,6 +4,9 @@ * * trousers - An open source TCG Software Stack * + * Portions Copyright (c) 2007 Nokia Corporation + * All Rights Reserved. + * * (C) Copyright International Business Machines Corp. 2004 * */ @@ -520,4 +523,48 @@ TCPA_DIGEST * checksum /* out */ ); + TCPA_RESULT TCSP_InstallRIM_TP(struct host_table_entry *hte, /* in */ + UINT32 rimCertificateSize, /* in */ + BYTE * rimCertificate, /* in */ /* FIXME: should be TPM_RIM_CERTIFICATE? */ + TPM_AUTH * auth, /* in, out */ + UINT32 * rimOutSize, /* out */ + BYTE ** rimOutData /* out */ + ); + + TCPA_RESULT TCSP_LoadVerificationKey_TP(struct host_table_entry *hte, /* in */ + UINT32 parentKeyHandle, /* in */ + UINT32 verificationKeySize, /* in */ + BYTE * verificationKey, /* in FIXME: TPM_VERIFICATION_KEY? */ + TPM_AUTH * auth, /* in, out */ + UINT32 * keyHandle, /* out */ + BYTE * loadMethod + ); + + TCPA_RESULT TCSP_LoadVerificationRootKeyDisable_TP(struct host_table_entry *hte /* in */ + ); + + TCPA_RESULT TCSP_VerifyRIMCert_TP(struct host_table_entry *hte, /* in */ + UINT32 rimCertSize, /* in */ + BYTE * rimCert, /* in */ + UINT32 rimKeyHandle /* in */ + ); + + TCPA_RESULT TCSP_VerifyRIMCertAndExtend_TP(struct host_table_entry *hte, /* in */ + UINT32 rimCertSize, /* in */ + BYTE * rimCert, /* in */ + UINT32 rimKeyHandle, /* in */ + TCPA_PCRVALUE * outDigest /* out */ + ); + + TCPA_RESULT TCSP_IncrementBootstrapCounter_TP(struct host_table_entry *hte, /* in */ + UINT32 rimCertSize, /* in */ + BYTE * rimCert, /* in */ + UINT32 rimKeyHandle /* in */ + ); + + TCPA_RESULT TCSP_SetVerifiedPCRSelection_TP(struct host_table_entry *hte, /* in */ + TCPA_PCR_SELECTION * verifiedSelection, /* in */ + TPM_AUTH * auth /* in, out */ + ); + #endif diff -Naur trousers-0.2.9.1/src/include/tss/tspi.h trousers-0.2.9.1-mtm/src/include/tss/tspi.h --- trousers-0.2.9.1/src/include/tss/tspi.h 2005-06-27 18:17:19.000000000 +0000 +++ trousers-0.2.9.1-mtm/src/include/tss/tspi.h 2007-11-13 13:33:11.000000000 +0000 @@ -1,3 +1,7 @@ +/* + * Portions Copyright (c) 2007 Nokia Corporation + * All Rights Reserved. + */ #if !defined( _TSPI_H_ ) #define _TSPI_H_ @@ -608,6 +612,64 @@ BYTE** prgbPcrValue // out ); +/*** MTM functions ***/ + +TSPICALL Tspi_MTM_InstallRIM +( + TSS_HTPM hTPM, // in + UINT32 ulRimCertSize, // in + BYTE * rimCertData, // in + UINT32 * outCertSize, // out + BYTE ** outCertData // out + ); + +TSPICALL Tspi_MTM_VerifyRIMCert +( + TSS_HTPM hTPM, // in + UINT32 ulRimCertSize, // in + BYTE * rimCertData, // in + UINT32 hVerificationKey // in +); + +TSPICALL Tspi_MTM_VerifyRIMCertAndExtend +( + TSS_HTPM hTPM, // in + UINT32 ulRimCertSize, // in + BYTE * rimCertData, // in + UINT32 hVerificationKey, // in + TCPA_PCRVALUE * pPcrValue // out +); + +TSPICALL Tspi_MTM_LoadVerificationKey +( + TSS_HTPM hTPM, // in + UINT32 hParentKey, // in + UINT32 verificationKeySize,// in + BYTE * verificationKeyData,// in + UINT32 * hVerificationKey, // out + BYTE * loadMethod // out +); + +TSPICALL Tspi_MTM_LoadVerificationRootKeyDisable +( + TSS_HTPM hTPM // in +); + +TSPICALL Tspi_MTM_SetVerifiedPCRSelection +( + TSS_HTPM hTPM, // in + TCPA_PCR_SELECTION * selection // in +); + +TSPICALL Tspi_MTM_IncrementBootstrapCounter +( + TSS_HTPM hTPM, // in + UINT32 ulRimCertSize, // in + BYTE * rimCertData, // in + UINT32 hKey // in +); + + /******/ TSPICALL Tspicb_CallbackHMACAuth ( diff -Naur trousers-0.2.9.1/src/tcs/tcspbg.c trousers-0.2.9.1-mtm/src/tcs/tcspbg.c --- trousers-0.2.9.1/src/tcs/tcspbg.c 2007-04-02 18:17:52.000000000 +0000 +++ trousers-0.2.9.1-mtm/src/tcs/tcspbg.c 2007-11-13 13:04:35.000000000 +0000 @@ -4,6 +4,9 @@ * * trousers - An open source TCG Software Stack * + * Portions Copyright (c) 2007 Nokia Corporation + * All Rights Reserved. + * * (C) Copyright International Business Machines Corp. 2004 * */ @@ -2996,3 +2999,270 @@ LogResult("Read Manu Maint Pub", result); return result; } + +TSS_RESULT +TCSP_InstallRIM_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 rimCertSize, /* in */ + BYTE * rimCertIn, /* in */ + TPM_AUTH * authData, /* in, out */ + UINT32 * outDataSize, /* out */ + BYTE ** outData /* out */ + ) +{ + TSS_RESULT result; + UINT32 paramSize; + UINT64 offset; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering TCSP_InstallRIM_Internal"); + offset = 10; + + if ((result = ctx_verify_context(hContext))) + goto done; + + if ((result = auth_mgr_check(hContext, authData->AuthHandle))) + goto done; + + LoadBlob_UINT32(&offset, rimCertSize, txBlob, "rimCertSize"); + LoadBlob(&offset, rimCertSize, txBlob, rimCertIn, "rimCert"); + LoadBlob_Auth(&offset, txBlob, authData); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, offset, + MTM_ORD_InstallRIM, txBlob); + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + offset = 10; + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + UnloadBlob_UINT32(&offset, outDataSize, txBlob, + "out data size"); + *outData = calloc(1, *outDataSize); + LogDebug("TCSP_InstallRIM_internal out size=%d", *outDataSize); + if (*outData == NULL) { + LogError("malloc of %d bytes failed.", *outDataSize); + result = TCSERR(TSS_E_OUTOFMEMORY); + } else { + UnloadBlob(&offset, *outDataSize, txBlob, *outData, "outdata"); + } + UnloadBlob_Auth(&offset, txBlob, authData); + + /* if the malloc above failed, terminate the 2 new auth handles and exit */ + if (result) + goto done; + + } + LogDebug("Out data size=%d", *outDataSize); + LogResult("InstallRIM", result); +done: + auth_mgr_release_auth(authData, NULL, hContext); + return result; +} + +TSS_RESULT +TCSP_LoadVerificationKey_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 parentKeyHandle, /* in */ + UINT32 verificationKeySize, /* in */ + BYTE * verificationKeyData, /* in */ + TPM_AUTH * authData, /* in, out */ + UINT32 * verificationKeyHandle,/* out */ + BYTE * loadMethod /* out */ + ) +{ + TSS_RESULT result; + UINT32 paramSize; + UINT64 offset; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering TCSP_LoadVerificationKey_Internal"); + offset = 10; + + if ((result = ctx_verify_context(hContext))) + goto done; + + if ((result = auth_mgr_check(hContext, authData->AuthHandle))) + goto done; + + LoadBlob_UINT32(&offset, parentKeyHandle, txBlob, "parentKeyHandle"); + LoadBlob_UINT32(&offset, verificationKeySize, txBlob, "verificationKeySize"); + LoadBlob(&offset, verificationKeySize, txBlob, verificationKeyData, "verificationKeyData"); + LoadBlob_Auth(&offset, txBlob, authData); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, offset, + MTM_ORD_LoadVerificationKey, txBlob); + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + offset = 10; + result = UnloadBlob_Header(txBlob, ¶mSize); + + if (!result) { + UnloadBlob_UINT32(&offset, verificationKeyHandle, txBlob, "verificationKeyHandle"); + UnloadBlob_BYTE(&offset, loadMethod, txBlob, "loadMethod"); + UnloadBlob_Auth(&offset, txBlob, authData); + } + LogResult("Load verification key", result); +done: + auth_mgr_release_auth(authData, NULL, hContext); + return result; +} + +TSS_RESULT +TCSP_LoadVerificationRootKeyDisable_Internal(TCS_CONTEXT_HANDLE hContext /* in */) +{ + UINT64 offset; + TSS_RESULT result; + UINT32 paramSize; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering TCSP_LoadVerificationRootKeyDisable_Internal"); + + offset = 10; + LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset, MTM_ORD_LoadVerificationRootKeyDisable, txBlob); + + if ((result = req_mgr_submit_req(txBlob))) + return result; + + offset = 10; + result = UnloadBlob_Header(txBlob, ¶mSize); + LogResult("Load Verification Root Key Disable", result); + return result; +} + +TSS_RESULT +TCSP_VerifyRIMCert_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 rimCertSize, /* in */ + BYTE * rimCert, /* in */ + UINT32 rimKeyHandle /* in */) +{ + UINT64 offset; + TSS_RESULT result; + UINT32 paramSize; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering TCSP_VerifyRIMCert_Internal"); + if ((result = ctx_verify_context(hContext))) + return result; + + offset = 10; + LoadBlob_UINT32(&offset, rimCertSize, txBlob, "rimCertSize"); + LoadBlob(&offset, rimCertSize, txBlob, rimCert, "rimCert"); + LoadBlob_UINT32(&offset, rimKeyHandle, txBlob, "rimKeyHandle"); + LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset, MTM_ORD_VerifyRIMCert, txBlob); + + if ((result = req_mgr_submit_req(txBlob))) + return result; + + offset = 10; + result = UnloadBlob_Header(txBlob, ¶mSize); + LogResult("VerifyRIMCert", result); + return result; +} + +TSS_RESULT +TCSP_VerifyRIMCertAndExtend_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 rimCertSize, /* in */ + BYTE * rimCert, /* in */ + UINT32 rimKeyHandle, /* in */ + TCPA_PCRVALUE * outDigest /* out */) +{ + UINT64 offset; + TSS_RESULT result; + UINT32 paramSize; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering TCSP_VerifyRIMCertAndExtend_Internal"); + if ((result = ctx_verify_context(hContext))) + return result; + + offset = 10; + LoadBlob_UINT32(&offset, rimCertSize, txBlob, "rimCertSize"); + LoadBlob(&offset, rimCertSize, txBlob, rimCert, "rimCert"); + LoadBlob_UINT32(&offset, rimKeyHandle, txBlob, "rimKeyHandle"); + LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset, MTM_ORD_VerifyRIMCertAndExtend, txBlob); + + if ((result = req_mgr_submit_req(txBlob))) + return result; + + offset = 10; + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + UnloadBlob(&offset, TCPA_DIGEST_SIZE, txBlob, + outDigest->digest, "digest"); + } + LogResult("VerifyRIMCertAndExtend", result); + return result; +} + +TSS_RESULT +TCSP_IncrementBootstrapCounter_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 rimCertSize, /* in */ + BYTE * rimCert, /* in */ + UINT32 rimKeyHandle /* in */) +{ + UINT64 offset; + TSS_RESULT result; + UINT32 paramSize; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering TCSP_IncrementBootstrapCounter_Internal"); + if ((result = ctx_verify_context(hContext))) + return result; + + offset = 10; + LoadBlob_UINT32(&offset, rimCertSize, txBlob, "rimCertSize"); + LoadBlob(&offset, rimCertSize, txBlob, rimCert, "rimCert"); + LoadBlob_UINT32(&offset, rimKeyHandle, txBlob, "rimKeyHandle"); + LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset, MTM_ORD_IncrementBootstrapCounter, txBlob); + + if ((result = req_mgr_submit_req(txBlob))) + return result; + + offset = 10; + result = UnloadBlob_Header(txBlob, ¶mSize); + LogResult("IncrementBootstrapCounter", result); + return result; +} + + +TSS_RESULT +TCSP_SetVerifiedPCRSelection_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT16 sizeOfSelect, /* in */ + BYTE * selection, /* in */ + TPM_AUTH * authData) /* in, out */ +{ + TSS_RESULT result; + UINT32 paramSize; + UINT64 offset; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("Entering TCSP_SetVerifiedPCRSelection_Internal"); + offset = 10; + + if ((result = ctx_verify_context(hContext))) + goto done; + + if ((result = auth_mgr_check(hContext, authData->AuthHandle))) + goto done; + + LoadBlob_UINT16(&offset, sizeOfSelect, txBlob, "sizeOfSelect"); + LoadBlob(&offset, sizeOfSelect, txBlob, selection, "selection"); + LoadBlob_Auth(&offset, txBlob, authData); + LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, offset, + MTM_ORD_SetVerifiedPCRSelection, txBlob); + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + offset = 10; + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + + UnloadBlob_Auth(&offset, txBlob, authData); + + } + LogResult("SetVerifiedPCRSelection", result); +done: + auth_mgr_release_auth(authData, NULL, hContext); + return result; +} diff -Naur trousers-0.2.9.1/src/tcsd/platform.c trousers-0.2.9.1-mtm/src/tcsd/platform.c --- trousers-0.2.9.1/src/tcsd/platform.c 2005-06-27 18:26:02.000000000 +0000 +++ trousers-0.2.9.1-mtm/src/tcsd/platform.c 2007-12-12 08:34:58.000000000 +0000 @@ -4,6 +4,9 @@ * * trousers - An open source TCG Software Stack * + * Portions Copyright (c) 2007 Nokia Corporation + * All Rights Reserved. + * * (C) Copyright International Business Machines Corp. 2004, 2005 * */ @@ -13,7 +16,11 @@ #include #include #include +#ifdef __linux #include +#else +#include +#endif #include #include "trousers/tss.h" @@ -27,18 +34,30 @@ pthread_mutex_t utmp_lock = PTHREAD_MUTEX_INITIALIZER; +/* Cygwin compilation: Comment out HAVE_UTMP_UT_TV - or add autotools macro to check this. */ +#define HAVE_UTMP_UT_TV 1 + char platform_get_runlevel() { char runlevel; +#ifdef HAVE_UTMP_UT_TV struct utmp ut, save, *next = NULL; +#else + struct utmpx ut, save, *next = NULL; +#endif /* HAVE_UTMP_UT_TV */ struct timeval tv; int flag = 0, counter = 0; pthread_mutex_lock(&utmp_lock); +#ifdef HAVE_UTMP_UT_TV memset(&ut, 0, sizeof(struct utmp)); memset(&save, 0, sizeof(struct utmp)); +#else + memset(&ut, 0, sizeof(struct utmpx)); + memset(&save, 0, sizeof(struct utmpx)); +#endif /* HAVE_UTMP_UT_TV */ memset(&tv, 0, sizeof(struct timeval)); ut.ut_type = RUN_LVL; diff -Naur trousers-0.2.9.1/src/tcsd/svrside.c trousers-0.2.9.1-mtm/src/tcsd/svrside.c --- trousers-0.2.9.1/src/tcsd/svrside.c 2007-04-10 20:42:10.000000000 +0000 +++ trousers-0.2.9.1-mtm/src/tcsd/svrside.c 2007-11-13 13:07:39.000000000 +0000 @@ -4,6 +4,9 @@ * * trousers - An open source TCG Software Stack * + * Portions Copyright (c) 2007 Nokia Corporation + * All Rights Reserved. + * * (C) Copyright International Business Machines Corp. 2004 * */ @@ -40,6 +43,11 @@ struct tcsd_config tcsd_options; struct tpm_properties tpm_metrics; +char* opt_mtmd_hostname = NULL; +int opt_mtmd_portno = -1; +char* opt_mtmd_socketname = NULL; +int opt_connect_method = 1; + void tcsd_shutdown() { @@ -212,17 +220,32 @@ struct option long_options[] = { {"help", 0, NULL, 'h'}, {"foreground", 0, NULL, 'f'}, + {"hostname", 1, NULL, 'm'}, + {"port", 1, NULL, 'p'}, + {"socket", 1, NULL, 'u'}, {0, 0, 0, 0} }; - while ((c = getopt_long(argc, argv, "fh", long_options, &option_index)) != -1) { + while ((c = getopt_long(argc, argv, "fhm:p:u:", long_options, &option_index)) != -1) { switch (c) { case 'f': foreground = 1; break; case 'h': - /* fall through */ + usage(); + return -1; + break; + case 'm': + opt_mtmd_hostname = strdup(optarg); + opt_connect_method = 2; + break; + case 'p': + sscanf(optarg, "%d", &opt_mtmd_portno); + break; + case 'u': + opt_mtmd_socketname = strdup(optarg); + break; default: usage(); return -1; diff -Naur trousers-0.2.9.1/src/tcsd/tcsd_conf.c trousers-0.2.9.1-mtm/src/tcsd/tcsd_conf.c --- trousers-0.2.9.1/src/tcsd/tcsd_conf.c 2006-09-27 22:12:16.000000000 +0000 +++ trousers-0.2.9.1-mtm/src/tcsd/tcsd_conf.c 2007-11-13 13:08:27.000000000 +0000 @@ -4,6 +4,9 @@ * * trousers - An open source TCG Software Stack * + * Portions Copyright (c) 2007 Nokia Corporation + * All Rights Reserved. + * * (C) Copyright International Business Machines Corp. 2004 * */ @@ -531,14 +534,17 @@ { FILE *f = NULL; struct stat stat_buf; + /* struct group *grp; struct passwd *pw; mode_t mode = (S_IRUSR|S_IWUSR); + */ TSS_RESULT result; init_tcsd_config(conf); /* look for a config file, create if it doesn't exist */ + fprintf(stderr, "Configuration: %s\n", TCSD_CONFIG_FILE); if (stat(TCSD_CONFIG_FILE, &stat_buf) == -1) { if (errno == ENOENT) { /* no config file? use defaults */ @@ -553,6 +559,7 @@ /* find the gid that owns the conf file */ errno = 0; + /* grp = getgrnam(TSS_GROUP_NAME); if (grp == NULL) { if (errno == 0) { @@ -563,8 +570,9 @@ } return TCSERR(TSS_E_INTERNAL_ERROR); } - + */ errno = 0; + /* pw = getpwnam(TSS_USER_NAME); if (pw == NULL) { if (errno == 0) { @@ -575,19 +583,24 @@ } return TCSERR(TSS_E_INTERNAL_ERROR); } + */ /* make sure user/group TSS owns the conf file */ + /* if (pw->pw_uid != stat_buf.st_uid || grp->gr_gid != stat_buf.st_gid) { LogError("TCSD config file (%s) must be user/group %s/%s", TCSD_CONFIG_FILE, TSS_USER_NAME, TSS_GROUP_NAME); return TCSERR(TSS_E_INTERNAL_ERROR); } + */ /* make sure only the tss user can manipulate the config file */ + /* if (((stat_buf.st_mode & 0777) ^ mode) != 0) { LogError("TCSD config file (%s) must be mode 0600", TCSD_CONFIG_FILE); return TCSERR(TSS_E_INTERNAL_ERROR); } + */ if ((f = fopen(TCSD_CONFIG_FILE, "r")) == NULL) { LogError("fopen(%s): %s", TCSD_CONFIG_FILE, strerror(errno)); diff -Naur trousers-0.2.9.1/src/tcsd/tcsd_wrap.c trousers-0.2.9.1-mtm/src/tcsd/tcsd_wrap.c --- trousers-0.2.9.1/src/tcsd/tcsd_wrap.c 2006-12-14 23:00:56.000000000 +0000 +++ trousers-0.2.9.1-mtm/src/tcsd/tcsd_wrap.c 2007-11-13 13:09:33.000000000 +0000 @@ -1,9 +1,11 @@ - /* * Licensed Materials - Property of IBM * * trousers - An open source TCG Software Stack * + * Portions Copyright (c) 2007 Nokia Corporation + * All Rights Reserved. + * * (C) Copyright International Business Machines Corp. 2004-2006 * */ @@ -284,7 +286,7 @@ index; if ((UINT32)index >= comm->hdr.num_parms || dataType != *type) { - LogDebug("Data type of TCS packet element %d doesn't match.", index); + LogDebug("Data type of TCS packet element %d doesn't match.(%u != %u)", index, dataType, *type); return TSS_TCP_RPC_BAD_PACKET_TYPE; } old_offset = offset = comm->hdr.parm_offset; @@ -3931,6 +3933,347 @@ } #endif +TSS_RESULT +tcs_wrap_InstallRIM(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_RESULT result; + UINT32 rimCertSize; + BYTE * rimCertIn; + TPM_AUTH authData; + UINT32 outDataSize; + BYTE * outData; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebug("thread %x context %x: %s", (UINT32)pthread_self(), hContext, __FUNCTION__); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &rimCertSize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if ((rimCertIn = malloc(rimCertSize)) == NULL) + return TCSERR(TSS_E_OUTOFMEMORY); + + if (getData(TCSD_PACKET_TYPE_PBYTE, 2, rimCertIn, rimCertSize, &data->comm)) { + free(rimCertIn); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_AUTH, 3, &authData, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + pthread_mutex_lock(&tcsp_lock); + + result = TCSP_InstallRIM_Internal(hContext, rimCertSize, rimCertIn, &authData, &outDataSize, &outData); + + pthread_mutex_unlock(&tcsp_lock); + + if (result == TSS_SUCCESS) { + int i = 0; + initData(&data->comm, 3); + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &outDataSize, 0, &data->comm)) { + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, outData, outDataSize, &data->comm)) { + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_AUTH, i++, &authData, 0, &data->comm)) { + free(outData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + free(outData); + } else + initData(&data->comm, 0); + + LogDebug("tcs_wrap_InstallRIM out size=%d", outDataSize); + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_LoadVerificationKey(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_RESULT result; + UINT32 parentKeyHandle; + UINT32 verificationKeySize; + BYTE * verificationKeyData; + TPM_AUTH authData; + UINT32 verificationKeyHandle; + BYTE loadMethod; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebug("thread %x context %x: %s", (UINT32)pthread_self(), hContext, __FUNCTION__); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &parentKeyHandle, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if (getData(TCSD_PACKET_TYPE_UINT32, 2, &verificationKeySize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if ((verificationKeyData = malloc(verificationKeySize)) == NULL) + return TCSERR(TSS_E_OUTOFMEMORY); + + if (getData(TCSD_PACKET_TYPE_PBYTE, 3, verificationKeyData, verificationKeySize, &data->comm)) { + free(verificationKeyData); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_AUTH, 4, &authData, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + pthread_mutex_lock(&tcsp_lock); + + result = TCSP_LoadVerificationKey_Internal(hContext, + parentKeyHandle, + verificationKeySize, + verificationKeyData, + &authData, + &verificationKeyHandle, + &loadMethod); + + pthread_mutex_unlock(&tcsp_lock); + + if (result == TSS_SUCCESS) { + int i = 0; + initData(&data->comm, 3); + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &verificationKeyHandle, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_BYTE, i++, &loadMethod, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_AUTH, i++, &authData, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_LoadVerificationKeyRootDisable(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_RESULT result; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebugFn("thread %x context %x", (UINT32)pthread_self(), hContext); + + pthread_mutex_lock(&tcsp_lock); + + result = TCSP_LoadVerificationRootKeyDisable_Internal(hContext); + + pthread_mutex_unlock(&tcsp_lock); + + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_VerifyRIMCert(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_RESULT result; + UINT32 rimCertSize; + BYTE * rimCert; + UINT32 rimKeyHandle; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebug("thread %x context %x: %s", (UINT32)pthread_self(), hContext, __FUNCTION__); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &rimCertSize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if ((rimCert = malloc(rimCertSize)) == NULL) + return TCSERR(TSS_E_OUTOFMEMORY); + + if (getData(TCSD_PACKET_TYPE_PBYTE, 2, rimCert, rimCertSize, &data->comm)) { + free(rimCert); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_UINT32, 3, &rimKeyHandle, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + pthread_mutex_lock(&tcsp_lock); + + result = TCSP_VerifyRIMCert_Internal(hContext, + rimCertSize, + rimCert, + rimKeyHandle); + + pthread_mutex_unlock(&tcsp_lock); + + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_VerifyRIMCertAndExtend(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_RESULT result; + UINT32 rimCertSize; + BYTE * rimCert; + UINT32 rimKeyHandle; + TCPA_PCRVALUE outDigest; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebug("thread %x context %x: %s", (UINT32)pthread_self(), hContext, __FUNCTION__); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &rimCertSize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if ((rimCert = malloc(rimCertSize)) == NULL) + return TCSERR(TSS_E_OUTOFMEMORY); + + if (getData(TCSD_PACKET_TYPE_PBYTE, 2, rimCert, rimCertSize, &data->comm)) { + free(rimCert); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_UINT32, 3, &rimKeyHandle, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + pthread_mutex_lock(&tcsp_lock); + + result = TCSP_VerifyRIMCertAndExtend_Internal(hContext, + rimCertSize, + rimCert, + rimKeyHandle, + &outDigest); + + pthread_mutex_unlock(&tcsp_lock); + + if (result == TSS_SUCCESS) { + initData(&data->comm, 1); + if (setData(TCSD_PACKET_TYPE_DIGEST, 0, &outDigest, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + +TSS_RESULT +tcs_wrap_IncrementBootstrapCounter(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_RESULT result; + UINT32 rimCertSize; + BYTE * rimCert; + UINT32 rimKeyHandle; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebug("thread %x context %x: %s", (UINT32)pthread_self(), hContext, __FUNCTION__); + + if (getData(TCSD_PACKET_TYPE_UINT32, 1, &rimCertSize, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if ((rimCert = malloc(rimCertSize)) == NULL) + return TCSERR(TSS_E_OUTOFMEMORY); + + if (getData(TCSD_PACKET_TYPE_PBYTE, 2, rimCert, rimCertSize, &data->comm)) { + free(rimCert); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_UINT32, 3, &rimKeyHandle, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + pthread_mutex_lock(&tcsp_lock); + + result = TCSP_IncrementBootstrapCounter_Internal(hContext, + rimCertSize, + rimCert, + rimKeyHandle); + + pthread_mutex_unlock(&tcsp_lock); + + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; + +} + + +TSS_RESULT +tcs_wrap_SetVerifiedPCRSelection(struct tcsd_thread_data *data) +{ + TCS_CONTEXT_HANDLE hContext; + TSS_RESULT result; + UINT16 sizeOfSelect; + BYTE * selection; + TPM_AUTH authData; + + if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + LogDebug("thread %x context %x: %s", (UINT32)pthread_self(), hContext, __FUNCTION__); + + if (getData(TCSD_PACKET_TYPE_UINT16, 1, &sizeOfSelect, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + if ((selection = malloc(sizeOfSelect)) == NULL) + return TCSERR(TSS_E_OUTOFMEMORY); + + if (getData(TCSD_PACKET_TYPE_PBYTE, 2, selection, sizeOfSelect, &data->comm)) { + free(selection); + return TCSERR(TSS_E_INTERNAL_ERROR); + } + + if (getData(TCSD_PACKET_TYPE_AUTH, 3, &authData, 0, &data->comm)) + return TCSERR(TSS_E_INTERNAL_ERROR); + + pthread_mutex_lock(&tcsp_lock); + + result = TCSP_SetVerifiedPCRSelection_Internal(hContext, sizeOfSelect, selection, &authData); + + pthread_mutex_unlock(&tcsp_lock); + + if (result == TSS_SUCCESS) { + int i = 0; + initData(&data->comm, 1); + if (setData(TCSD_PACKET_TYPE_AUTH, i++, &authData, 0, &data->comm)) { + return TCSERR(TSS_E_INTERNAL_ERROR); + } + } else + initData(&data->comm, 0); + + data->comm.hdr.u.result = result; + + return TSS_SUCCESS; +} + + /* Dispatch */ typedef struct tdDispatchTable { TSS_RESULT (*Func) (struct tcsd_thread_data *); @@ -4011,7 +4354,15 @@ {tcs_wrap_LoadMaintenanceArchive,"LoadMaintenanceArchive"}, /* 70 */ {tcs_wrap_KillMaintenanceFeature,"KillMaintenanceFeature"}, {tcs_wrap_LoadManuMaintPub,"LoadManuMaintPub"}, - {tcs_wrap_ReadManuMaintPub,"ReadManuMaintPub"} + {tcs_wrap_ReadManuMaintPub,"ReadManuMaintPub"}, + {tcs_wrap_InstallRIM, "InstallRIM"}, + {tcs_wrap_LoadVerificationKey, "LoadVerificationKey"}, + {tcs_wrap_LoadVerificationKeyRootDisable, "LoadVerificationKeyRootDisable"}, + {tcs_wrap_VerifyRIMCert, "VerifyRIMCert"}, + {tcs_wrap_VerifyRIMCertAndExtend, "VerifyRIMCertAndExtend"}, + {tcs_wrap_IncrementBootstrapCounter, "IncrementBootstrapCounter"}, + {tcs_wrap_SetVerifiedPCRSelection, "SetVerifiedPCRSelection"} /* 80 */ + }; int @@ -4027,6 +4378,11 @@ /* if the request comes from localhost, or is in the accepted ops list, * approve it */ + LogDebug("Thread hostname %s", thread_data->hostname); + LogDebug("Local hostname %s", local_hostent->h_name); + /* FIXME: hostname match does not work in Cygwin */ + return 0; + if (!strncmp(thread_data->hostname, local_hostent->h_name, MIN((size_t)local_hostent->h_length, strlen(thread_data->hostname)))) { return 0; @@ -4040,6 +4396,7 @@ } i++; } + LogDebug("Remote ops table scanned without match"); } return 1; diff -Naur trousers-0.2.9.1/src/tcsd_api/calltcsapi.c trousers-0.2.9.1-mtm/src/tcsd_api/calltcsapi.c --- trousers-0.2.9.1/src/tcsd_api/calltcsapi.c 2007-01-23 16:10:08.000000000 +0000 +++ trousers-0.2.9.1-mtm/src/tcsd_api/calltcsapi.c 2007-11-13 13:11:35.000000000 +0000 @@ -4,6 +4,9 @@ * * trousers - An open source TCG Software Stack * + * Portions Copyright (c) 2007 Nokia Corporation + * All Rights Reserved. + * * (C) Copyright International Business Machines Corp. 2004-2006 * */ @@ -1923,3 +1926,184 @@ return result; } + +TSS_RESULT +TCSP_InstallRIM(TSS_HCONTEXT hContext, /* in */ + UINT32 rimCertificateSize, /* in */ + BYTE * rimCertificate, /* in */ /* FIXME: should be TPM_RIM_CERTIFICATE? */ + TPM_AUTH * auth, /* in, out */ + UINT32 * rimOutSize, /* out */ + BYTE ** rimOutData /* out */) +{ + TSS_RESULT result = TSPERR(TSS_E_INTERNAL_ERROR); + struct host_table_entry *entry = get_table_entry(hContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = TCSP_InstallRIM_TP(entry, rimCertificateSize, rimCertificate, auth, + rimOutSize, rimOutData); + LogDebug("TCSP_InstallRIM: out size=%d", *rimOutSize); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT +TCSP_LoadVerificationKey(TSS_HCONTEXT hContext, /* in */ + UINT32 parentKeyHandle, /* in */ + UINT32 verificationKeySize, /* in */ + BYTE * verificationKey, /* in */ + TPM_AUTH * auth, /* in, out */ + UINT32 * keyHandle, /* out */ + BYTE * loadMethod /* out */) +{ + TSS_RESULT result = TSPERR(TSS_E_INTERNAL_ERROR); + struct host_table_entry *entry = get_table_entry(hContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = TCSP_LoadVerificationKey_TP(entry, parentKeyHandle, verificationKeySize, + verificationKey, auth, keyHandle, loadMethod); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT +TCSP_LoadVerificationRootKeyDisable(TSS_HCONTEXT hContext /* in */) +{ + TSS_RESULT result = TSPERR(TSS_E_INTERNAL_ERROR); + struct host_table_entry *entry = get_table_entry(hContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = TCSP_LoadVerificationRootKeyDisable_TP(entry); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT +TCSP_VerifyRIMCert(TSS_HCONTEXT hContext, /* in */ + UINT32 rimCertSize, /* in */ + BYTE * rimCert, /* in */ + UINT32 rimKeyHandle /* in */) +{ + TSS_RESULT result = TSPERR(TSS_E_INTERNAL_ERROR); + struct host_table_entry *entry = get_table_entry(hContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = TCSP_VerifyRIMCert_TP(entry, rimCertSize, rimCert, rimKeyHandle); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT +TCSP_VerifyRIMCertAndExtend(TSS_HCONTEXT hContext, /* in */ + UINT32 rimCertSize, /* in */ + BYTE * rimCert, /* in */ + UINT32 rimKeyHandle, /* in */ + TCPA_PCRVALUE * outDigest /* out */) +{ + TSS_RESULT result = TSPERR(TSS_E_INTERNAL_ERROR); + struct host_table_entry *entry = get_table_entry(hContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = TCSP_VerifyRIMCertAndExtend_TP(entry, rimCertSize, rimCert, rimKeyHandle, outDigest); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT +TCSP_IncrementBootstrapCounter(TSS_HCONTEXT hContext, /* in */ + UINT32 rimCertSize, /* in */ + BYTE * rimCert, /* in */ + UINT32 rimKeyHandle /* in */) +{ + TSS_RESULT result = TSPERR(TSS_E_INTERNAL_ERROR); + struct host_table_entry *entry = get_table_entry(hContext); + + if (entry == NULL) + return TSPERR(TSS_E_NO_CONNECTION); + + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = TCSP_IncrementBootstrapCounter_TP(entry, rimCertSize, rimCert, rimKeyHandle); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} + +TSS_RESULT +TCSP_SetVerifiedPCRSelection(TSS_HCONTEXT hContext, /* in */ + TCPA_PCR_SELECTION * verifiedSelection, /* in */ + TPM_AUTH * auth /* in, out */) +{ + TSS_RESULT result = TSPERR(TSS_E_INTERNAL_ERROR); + struct host_table_entry *entry = get_table_entry(hContext); + + if (entry == NULL) { + fprintf(stderr, "%s:%d ERROR - NO CONNECTION\n", __FILE__, __LINE__); + return TSPERR(TSS_E_NO_CONNECTION); + } + switch (entry->type) { + case CONNECTION_TYPE_TCP_PERSISTANT: + result = TCSP_SetVerifiedPCRSelection_TP(entry, verifiedSelection, auth); + break; + default: + break; + } + + put_table_entry(entry); + + return result; +} diff -Naur trousers-0.2.9.1/src/tcsd_api/tcstp.c trousers-0.2.9.1-mtm/src/tcsd_api/tcstp.c --- trousers-0.2.9.1/src/tcsd_api/tcstp.c 2007-04-09 20:44:50.000000000 +0000 +++ trousers-0.2.9.1-mtm/src/tcsd_api/tcstp.c 2007-11-13 13:12:38.000000000 +0000 @@ -1,9 +1,11 @@ - /* * Licensed Materials - Property of IBM * * trousers - An open source TCG Software Stack * + * Portions Copyright (c) 2007 Nokia Corporation + * All Rights Reserved. + * * (C) Copyright International Business Machines Corp. 2004-2006 * */ @@ -147,7 +149,7 @@ if ((UINT32)index >= comm->hdr.num_parms || dataType != *type) { - LogDebug("Data type of TCS packet element %d doesn't match.", index); + LogDebug("Data type of TCS packet element %d doesn't match. num_parms=%d, dataType=%d, type=%d", index, comm->hdr.num_parms, dataType, *type); return TSS_TCP_RPC_BAD_PACKET_TYPE; } old_offset = offset = comm->hdr.parm_offset; @@ -204,21 +206,6 @@ return TSS_SUCCESS; } -#if 0 -void -printBuffer(BYTE * b, int size) -{ - int i; - return; - for (i = 0; i < size; i++) { - if ((i % 16) == 0) - printf("\n"); - printf("%.2X ", b[i]); - } - printf("\n"); - return; -} -#endif TSS_RESULT sendTCSDPacket(struct host_table_entry *hte) @@ -234,11 +221,10 @@ Trspi_LoadBlob_UINT32(&offset, hte->comm.hdr.parm_size, hte->comm.buf); Trspi_LoadBlob_UINT32(&offset, hte->comm.hdr.parm_offset, hte->comm.buf); -#if 0 + /* --- Send it */ - printBuffer(hte->comm.buf, hte->comm.hdr.packet_size); LogInfo("Sending Packet with TCSD ordinal 0x%X", hte->comm.hdr.u.ordinal); -#endif + /* if the ordinal is open context, there are some host table entry * manipulations that must be done, so call _init */ @@ -3287,3 +3273,311 @@ return result; } + + +/* + * The following functions implement TCSP layer interface to MTM functionality + */ + + +TSS_RESULT +TCSP_InstallRIM_TP(struct host_table_entry *hte, /* in */ + UINT32 rimCertificateSize, /* in */ + BYTE * rimCertificate, /* in */ + TPM_AUTH * auth, /* in, out */ + UINT32 * rimOutSize, /* out */ + BYTE ** rimOutData /* out */) +{ + TSS_RESULT result; + int i = 0; + + initData(&hte->comm, 4); + + hte->comm.hdr.u.ordinal = TCSD_ORD_INSTALLRIM; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &rimCertificateSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (rimCertificateSize > 0) { + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, rimCertificate, rimCertificateSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + if (setData(TCSD_PACKET_TYPE_AUTH, i, auth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + i = 0; + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_UINT32, i++, rimOutSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + LogDebug("Allocating %d bytes", *rimOutSize); + *rimOutData = (BYTE *) calloc_tspi(hte->tspContext, *rimOutSize); + if (*rimOutData == NULL) { + LogError("malloc of %u bytes failed.", *rimOutSize); + return TSPERR(TSS_E_OUTOFMEMORY); + } + if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *rimOutData, *rimOutSize, &hte->comm)) { + free_tspi(hte->tspContext, *rimOutData); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + if (auth != NULL) { + if (getData(TCSD_PACKET_TYPE_AUTH, i++, auth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + } + + return result; +} + +TSS_RESULT +TCSP_LoadVerificationKey_TP(struct host_table_entry *hte, /* in */ + UINT32 parentKeyHandle, /* in */ + UINT32 verificationKeySize, /* in */ + BYTE * verificationKey, /* in */ + TPM_AUTH * auth, /* in, out */ + UINT32 * keyHandle, /* out */ + BYTE * loadMethod /* out */) +{ + TSS_RESULT result; + int i = 0; + + initData(&hte->comm, 5); + + hte->comm.hdr.u.ordinal = TCSD_ORD_LOADVERIFICATIONKEY; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 1, &parentKeyHandle, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, 2, &verificationKeySize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (verificationKeySize > 0) { + if (setData(TCSD_PACKET_TYPE_PBYTE, 3, verificationKey, verificationKeySize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_AUTH, 4, auth, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + + LogInfo("Sending %d bytes", hte->comm.hdr.packet_size); + LogInfo("NUM PARAMETERS: %d\n",hte->comm.hdr.num_parms); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) { + LogInfo("sendTCSDPacket success\n"); + result = hte->comm.hdr.u.result; + } else { + LogInfo("sendTCSDPacket failed %x\n", result); + } + if (result == TSS_SUCCESS) { + i = 0; + if (getData(TCSD_PACKET_TYPE_UINT32, i++, keyHandle, 0, &hte->comm)) { + LogInfo("Extraction of key handle failed"); + return TSPERR(TSS_E_INTERNAL_ERROR); + } else { + LogInfo("KeyHandle 0x%x", *keyHandle); + } + if (getData(TCSD_PACKET_TYPE_BYTE, i++, loadMethod, 0, &hte->comm)) { + LogInfo("Extraction of load method failed"); + return TSPERR(TSS_E_INTERNAL_ERROR); + } else { + LogInfo("Load method 0x%x", *loadMethod); + } + + if (auth != NULL) { + if (getData(TCSD_PACKET_TYPE_AUTH, i++, auth, 0, &hte->comm)) { + LogInfo("Extraction of AUTH failed!"); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + } + result = hte->comm.hdr.u.result; + + } + LogInfo("leaving TCSP_LoadVerificationKey_TP"); + return result; +} + +/* FIXME: Really no setData/getData? */ +TSS_RESULT +TCSP_LoadVerificationRootKeyDisable_TP(struct host_table_entry *hte /* in */) +{ + TSS_RESULT result; + int i = 0; + + initData(&hte->comm, 1); + hte->comm.hdr.u.ordinal = TCSD_ORD_LOADVERIFICATIONROOTKEYDISABLE; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + return result; +} + +/* FIXME: What about output parameters? */ +TSS_RESULT +TCSP_VerifyRIMCert_TP(struct host_table_entry *hte, /* in */ + UINT32 rimCertSize, /* in */ + BYTE * rimCert, /* in */ + UINT32 rimKeyHandle /* in */) +{ + TSS_RESULT result; + int i = 0; + + initData(&hte->comm, 4); + + hte->comm.hdr.u.ordinal = TCSD_ORD_VERIFYRIMCERT; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &rimCertSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (rimCertSize > 0) { + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, rimCert, rimCertSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &rimKeyHandle, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + return result; +} + +TSS_RESULT +TCSP_VerifyRIMCertAndExtend_TP(struct host_table_entry *hte, /* in */ + UINT32 rimCertSize, /* in */ + BYTE * rimCert, /* in */ + UINT32 rimKeyHandle, /* in */ + TCPA_PCRVALUE * outDigest /* out */) +{ + TSS_RESULT result; + int i = 0; + + initData(&hte->comm, 4); + + hte->comm.hdr.u.ordinal = TCSD_ORD_VERIFYRIMCERTANDEXTEND; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &rimCertSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (rimCertSize > 0) { + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, rimCert, rimCertSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &rimKeyHandle, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_DIGEST, 0, outDigest, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + return result; +} + +TSS_RESULT +TCSP_IncrementBootstrapCounter_TP(struct host_table_entry *hte, /* in */ + UINT32 rimCertSize, /* in */ + BYTE * rimCert, /* in */ + UINT32 rimKeyHandle /* in */) +{ + TSS_RESULT result; + int i = 0; + + initData(&hte->comm, 4); + + hte->comm.hdr.u.ordinal = TCSD_ORD_INCREMENTBOOTSTRAPCOUNTER; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &hte->tcsContext, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &rimCertSize, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + if (rimCertSize > 0) { + if (setData(TCSD_PACKET_TYPE_PBYTE, i++, rimCert, rimCertSize, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &rimKeyHandle, 0, &hte->comm)) + return TSPERR(TSS_E_INTERNAL_ERROR); + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) + result = hte->comm.hdr.u.result; + + return result; +} + + +TSS_RESULT +TCSP_SetVerifiedPCRSelection_TP(struct host_table_entry *hte, /* in */ + TCPA_PCR_SELECTION * verifiedSelection, /* in */ + TPM_AUTH * auth /* in, out */) +{ + TSS_RESULT result; + int i = 0; + + initData(&hte->comm, 4); + + hte->comm.hdr.u.ordinal = TCSD_ORD_SETVERIFIEDPCRSELECTION; + LogDebugFn("TCS Context: 0x%x", hte->tcsContext); + + if (setData(TCSD_PACKET_TYPE_UINT32, i++, &hte->tcsContext, 0, &hte->comm)) { + return TSPERR(TSS_E_INTERNAL_ERROR); + } + if (setData(TCSD_PACKET_TYPE_UINT16, i++, &(verifiedSelection->sizeOfSelect), 0, &hte->comm)) { + return TSPERR(TSS_E_INTERNAL_ERROR); + } + if (verifiedSelection->sizeOfSelect > 0) { + if (setData(TCSD_PACKET_TYPE_PBYTE, + i++, + verifiedSelection->pcrSelect, + (UINT32)(verifiedSelection->sizeOfSelect), + &hte->comm)) { + return TSPERR(TSS_E_INTERNAL_ERROR); + } + } + if (setData(TCSD_PACKET_TYPE_AUTH, i++, auth, 0, &hte->comm)) { + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + result = sendTCSDPacket(hte); + + if (result == TSS_SUCCESS) { + result = hte->comm.hdr.u.result; + } + if (result == TSS_SUCCESS) { + if (getData(TCSD_PACKET_TYPE_AUTH, 0, auth, 0, &hte->comm)) { + return TSPERR(TSS_E_INTERNAL_ERROR); + } + } + + return result; +} + diff -Naur trousers-0.2.9.1/src/tddl/tddl.c trousers-0.2.9.1-mtm/src/tddl/tddl.c --- trousers-0.2.9.1/src/tddl/tddl.c 2006-06-08 19:23:34.000000000 +0000 +++ trousers-0.2.9.1-mtm/src/tddl/tddl.c 2007-11-13 13:13:27.000000000 +0000 @@ -4,6 +4,9 @@ * * trousers - An open source TCG Software Stack * + * Portions Copyright (c) 2007 Nokia Corporation + * All Rights Reserved. + * * (C) Copyright International Business Machines Corp. 2004, 2005 * */ @@ -15,6 +18,10 @@ #include #include #include +#include +#include +#include +#include #include "trousers/tss.h" #include "trousers_types.h" @@ -31,10 +38,86 @@ struct tpm_device_node *opened_device = NULL; +struct tpm_device_node tpm_emulator; +char* emuname = "Strasser TPM emulator"; + +/* FIXME: Quick and dirty way to pass cmd-line parameters to this module */ +extern char* opt_mtmd_hostname; +extern int opt_mtmd_portno; +extern char* opt_mtmd_socketname; +extern int opt_connect_method; + BYTE txBuffer[TDDL_TXBUF_SIZE]; -int -open_device(void) +static int +open_device_unix(const char* socketname) +{ + int res; + int fh; + struct sockaddr_un addr; + + fh = socket(PF_UNIX, SOCK_STREAM, 0); + if (fh < 0) { + LogError("Cannot create socket"); + return -1; + } else { + LogDebug("Socket for TPM emulator created"); + } + addr.sun_family = AF_UNIX; + strncpy(addr.sun_path, socketname, sizeof(addr.sun_path)); + res = connect(fh, (struct sockaddr*)&addr, sizeof(struct sockaddr_un)); + if (res < 0) { + LogError("Connect failed"); + return -1; + } else { + LogDebug("Connection to TPM emulator created"); + } + opened_device = &tpm_emulator; + opened_device->fd = fh; + opened_device->transmit = TDDL_TRANSMIT_RW; + opened_device->path = emuname; + return opened_device->fd; +} + +static int +open_device_internet(const char* hostname, int portno) +{ + int res; + int fh; + struct sockaddr_in addr; + struct hostent *server; + + fh = socket(AF_INET, SOCK_STREAM, 0); + if (fh < 0) { + LogError("Cannot create socket"); + return -1; + } else { + LogDebug("Socket for TPM emulator created"); + } + server = gethostbyname(hostname); + if (server == NULL) { + LogError("ERROR, no such hosts"); + exit(0); + } + memset((char *) &addr, 0, sizeof(addr)); + addr.sin_family = AF_INET; + memcpy((char *)&addr.sin_addr.s_addr, (char *)server->h_addr, server->h_length); + addr.sin_port = htons(portno); + res = connect(fh, (struct sockaddr*)&addr, sizeof(addr)); + if (res < 0) { + LogError("ERROR connecting"); + } else { + LogDebug("Connection to TPM emulator created"); + } + opened_device = &tpm_emulator; + opened_device->fd = fh; + opened_device->transmit = TDDL_TRANSMIT_RW; + opened_device->path = emuname; + return opened_device->fd; +} + +static int +open_device_file(void) { int i; @@ -61,7 +144,21 @@ return TDDLERR(TDDL_E_ALREADY_OPENED); } - rc = open_device(); + switch (opt_connect_method) { + case 1: + rc = open_device_unix(opt_mtmd_socketname); + break; + case 2: + rc = open_device_internet(opt_mtmd_hostname, opt_mtmd_portno); + break; + case 3: + rc = open_device_file(); + break; + default: + rc = -1; + break; + } + if (rc < 0) { LogError("Could not find a device to open!"); if (errno == ENOENT) { diff -Naur trousers-0.2.9.1/src/trspi/crypto/Makefile.am trousers-0.2.9.1-mtm/src/trspi/crypto/Makefile.am --- trousers-0.2.9.1/src/trspi/crypto/Makefile.am 2005-03-14 21:19:14.000000000 +0000 +++ trousers-0.2.9.1-mtm/src/trspi/crypto/Makefile.am 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -SUBDIRS = openssl diff -Naur trousers-0.2.9.1/src/trspi/crypto/openssl/crypto.c trousers-0.2.9.1-mtm/src/trspi/crypto/openssl/crypto.c --- trousers-0.2.9.1/src/trspi/crypto/openssl/crypto.c 2006-12-08 16:41:41.000000000 +0000 +++ trousers-0.2.9.1-mtm/src/trspi/crypto/openssl/crypto.c 2007-09-26 10:06:48.000000000 +0000 @@ -16,6 +16,7 @@ */ #include +#include #include #include diff -Naur trousers-0.2.9.1/src/tspi/Makefile.am trousers-0.2.9.1-mtm/src/tspi/Makefile.am --- trousers-0.2.9.1/src/tspi/Makefile.am 2007-04-12 21:45:19.000000000 +0000 +++ trousers-0.2.9.1-mtm/src/tspi/Makefile.am 2007-08-08 07:06:53.000000000 +0000 @@ -20,7 +20,7 @@ libtspi_la_LDFLAGS=-version-info 1:2:0 -lcrypto -lpthread libtspi_la_CFLAGS=-I../include -DAPPID=\"TSPI\" -DVAR_PREFIX=\"@localstatedir@\" -DETC_PREFIX=\"@sysconfdir@\" -libtspi_la_SOURCES=obj.c spi_context.c spi_getset.c spi_key.c spi_policy.c spi_utils.c memmgr.c secrets.c spi_data.c spi_hash.c spi_pcr.c spi_tpm.c ../tcsd_api/calltcsapi.c ../tcsd_api/tcstp.c ../tcsd_api/hosttable.c ../tcsd_api/clntside.c log.c obj_rsakey.c obj_policy.c obj_tpm.c obj_hash.c obj_pcrs.c obj_encdata.c obj_context.c keyreg.c ps/tspps.c ps/ps_utils.c +libtspi_la_SOURCES=obj.c spi_context.c spi_getset.c spi_key.c spi_policy.c spi_utils.c memmgr.c secrets.c spi_data.c spi_hash.c spi_mtm.c spi_pcr.c spi_tpm.c ../tcsd_api/calltcsapi.c ../tcsd_api/tcstp.c ../tcsd_api/hosttable.c ../tcsd_api/clntside.c log.c obj_rsakey.c obj_policy.c obj_tpm.c obj_hash.c obj_pcrs.c obj_encdata.c obj_context.c keyreg.c ps/tspps.c ps/ps_utils.c if HAVE_GTK diff -Naur trousers-0.2.9.1/src/tspi/gtk/callbacks.h trousers-0.2.9.1-mtm/src/tspi/gtk/callbacks.h --- trousers-0.2.9.1/src/tspi/gtk/callbacks.h 2004-12-10 15:37:07.000000000 +0000 +++ trousers-0.2.9.1-mtm/src/tspi/gtk/callbacks.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,58 +0,0 @@ - -/* - * Licensed Materials - Property of IBM - * - * trousers - An open source TCG Software Stack - * - * (C) Copyright International Business Machines Corp. 2004 - * - */ - -#ifndef _CALLBACKS_H_ -#define _CALLBACKS_H_ - -#include - -#include "interface.h" - -/* Callbacks for the simple text imput dialog */ - -void -on_dialog1_close (GtkDialog *dialog, - struct userdata *user_data); - -void -on_cancelbutton1_clicked (GtkButton *button, - struct userdata *user_data); - -void -on_okbutton1_clicked (GtkButton *button, - struct userdata *user_data); - -gboolean -enter_event (GtkWidget *widget, - struct userdata *user_data); - -void -on_inputdialog1_destroy (GtkObject *object, - struct userdata *user_data); - -/* Callbacks for the new password dialog */ - -void -on_entryPassword_activate (GtkEntry *entry, - struct userdata *user_data); - -void -on_entryConfirm_activate (GtkEntry *entry, - struct userdata *user_data); - -void -on_cancelbutton2_clicked (GtkButton *button, - struct userdata *user_data); - -void -on_okbutton2_clicked (GtkButton *button, - struct userdata *user_data); - -#endif diff -Naur trousers-0.2.9.1/src/tspi/gtk/interface.h trousers-0.2.9.1-mtm/src/tspi/gtk/interface.h --- trousers-0.2.9.1/src/tspi/gtk/interface.h 2005-12-02 16:23:33.000000000 +0000 +++ trousers-0.2.9.1-mtm/src/tspi/gtk/interface.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,30 +0,0 @@ - -/* - * Licensed Materials - Property of IBM - * - * trousers - An open source TCG Software Stack - * - * (C) Copyright International Business Machines Corp. 2004 - * - */ - -/* - * DO NOT EDIT THIS FILE - it is generated by Glade. - */ - -#ifndef _INTERFACE_H_ -#define _INTERFACE_H_ - -struct userdata { - char *string; - unsigned string_len; - GtkWidget *window; - GtkWidget *entry; - GtkWidget *entryPass; - GtkWidget *entryConf; -}; - -GtkWidget* create_password_dialog (struct userdata *, char *); -GtkWidget* create_new_password_dialog (struct userdata *, char *); - -#endif diff -Naur trousers-0.2.9.1/src/tspi/gtk/support.h trousers-0.2.9.1-mtm/src/tspi/gtk/support.h --- trousers-0.2.9.1/src/tspi/gtk/support.h 2004-12-10 15:37:07.000000000 +0000 +++ trousers-0.2.9.1-mtm/src/tspi/gtk/support.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,81 +0,0 @@ - -/* - * Licensed Materials - Property of IBM - * - * trousers - An open source TCG Software Stack - * - * (C) Copyright International Business Machines Corp. 2004 - * - */ - -#ifndef _SUPPORT_H_ -#define _SUPPOR_H_ - -/* - * DO NOT EDIT THIS FILE - it is generated by Glade. - */ - -#ifdef HAVE_CONFIG_H -# include -#endif - -#include - -/* - * Standard gettext macros. - */ -#ifdef ENABLE_NLS -# include -# undef _ -# define _(String) dgettext (PACKAGE, String) -# ifdef gettext_noop -# define N_(String) gettext_noop (String) -# else -# define N_(String) (String) -# endif -#else -# define textdomain(String) (String) -# define gettext(String) (String) -# define dgettext(Domain,Message) (Message) -# define dcgettext(Domain,Message,Type) (Message) -# define bindtextdomain(Domain,Directory) (Domain) -# define _(String) (String) -# define N_(String) (String) -#endif - - -/* - * Public Functions. - */ - -/* - * This function returns a widget in a component created by Glade. - * Call it with the toplevel widget in the component (i.e. a window/dialog), - * or alternatively any widget in the component, and the name of the widget - * you want returned. - */ -GtkWidget* lookup_widget (GtkWidget *widget, - const gchar *widget_name); - - -/* Use this function to set the directory containing installed pixmaps. */ -void add_pixmap_directory (const gchar *directory); - - -/* - * Private Functions. - */ - -/* This is used to create the pixmaps used in the interface. */ -GtkWidget* create_pixmap (GtkWidget *widget, - const gchar *filename); - -/* This is used to create the pixbufs used in the interface. */ -GdkPixbuf* create_pixbuf (const gchar *filename); - -/* This is used to set ATK action descriptions. */ -void glade_set_atk_action_description (AtkAction *action, - const gchar *action_name, - const gchar *description); - -#endif diff -Naur trousers-0.2.9.1/src/tspi/keyreg.c trousers-0.2.9.1-mtm/src/tspi/keyreg.c --- trousers-0.2.9.1/src/tspi/keyreg.c 2006-12-18 21:26:17.000000000 +0000 +++ trousers-0.2.9.1-mtm/src/tspi/keyreg.c 2007-11-13 13:16:08.000000000 +0000 @@ -4,6 +4,9 @@ * * trousers - An open source TCG Software Stack * + * Portions Copyright (c) 2007 Nokia Corporation + * All Rights Reserved. + * * (C) Copyright International Business Machines Corp. 2004-2006 * */ @@ -15,6 +18,7 @@ #include #include #include +#include #include "trousers/tss.h" #include "trousers/trousers.h" diff -Naur trousers-0.2.9.1/src/tspi/ps/tspps.c trousers-0.2.9.1-mtm/src/tspi/ps/tspps.c --- trousers-0.2.9.1/src/tspi/ps/tspps.c 2006-12-18 21:25:42.000000000 +0000 +++ trousers-0.2.9.1-mtm/src/tspi/ps/tspps.c 2007-09-18 12:41:48.000000000 +0000 @@ -54,6 +54,7 @@ euid = geteuid(); setpwent(); +#ifdef HAVE_GETPWENT_R while (1) { rc = getpwent_r(&pw, buf, PASSWD_BUFSIZE, &pwp); if (rc) { @@ -68,10 +69,34 @@ break; } } +#else +# ifdef HAVE_GETPWENT + while (1) { + pwp = getpwent(); + if (pwp == NULL) { + LogDebugFn("USER PS: Error getting path to home directory: getpwent: %s", + strerror(rc)); + endpwent(); + return TSPERR(TSS_E_INTERNAL_ERROR); + } + + LogDebug("euid=%d uid=%d", euid, pwp->pw_uid); + if (euid == pwp->pw_uid) { + home_dir = strdup(pwp->pw_dir); + LogDebug("Home directory is %s", home_dir); + break; + } + } +# else +# error "Neither getpwent_r nor getpwent supported" +# endif /* HAVE_GETPWENT */ +#endif /* HAVE_GETPWENT_R */ endpwent(); - if (!home_dir) + if (!home_dir) { + LogDebug("Return out-of-memory"); return TSPERR(TSS_E_OUTOFMEMORY); + } /* Tack on TSS_USER_PS_DIR and see if it exists */ rc = snprintf(buf, PASSWD_BUFSIZE, "%s/%s", home_dir, TSS_USER_PS_DIR); @@ -81,6 +106,7 @@ } errno = 0; + LogDebug("User dir: %s", buf); if ((rc = stat(buf, &stat_buf)) == -1) { if (errno == ENOENT) { errno = 0; @@ -133,7 +159,7 @@ /* open and lock the file */ if ((result = get_user_ps_path(&file_name))) { - LogDebugFn("USER PS: error getting file path"); + LogDebugFn("USER PS: error getting file path %s", file_name); pthread_mutex_unlock(&user_ps_lock); return result; } diff -Naur trousers-0.2.9.1/src/tspi/spi_mtm.c trousers-0.2.9.1-mtm/src/tspi/spi_mtm.c --- trousers-0.2.9.1/src/tspi/spi_mtm.c 1970-01-01 00:00:00.000000000 +0000 +++ trousers-0.2.9.1-mtm/src/tspi/spi_mtm.c 2007-11-13 13:20:42.000000000 +0000 @@ -0,0 +1,288 @@ + +/* + * MTM specific additions to TrouSerS TSS. These functions are not part of the + * standard TSS. + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright Nokia Corporation 2007 - All Rights Reserved + * This file is made available under the terms of the IBM Common Public License v1.0 + * + */ + +#include +#include +#include +#include + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "spi_internal_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + +TSS_RESULT +Tspi_MTM_InstallRIM(TSS_HTPM hTPM, /* in */ + UINT32 ulRimCertSize, /* in */ + BYTE * rimCertData, /* in */ + UINT32 * outCertSize, /* out */ + BYTE ** outCertData) /* out */ +{ + UINT64 offset; + TSS_RESULT result; + TSS_HCONTEXT tspContext; + TSS_HPOLICY hOwnerPolicy; + TPM_AUTH verificationAuth; + TCPA_DIGEST digest; + BYTE hashBlob[1024]; + + if (ulRimCertSize > 0 && rimCertData == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + if ((result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hOwnerPolicy))) + return result; + + offset = 0; + Trspi_LoadBlob_UINT32(&offset, MTM_ORD_InstallRIM, hashBlob); + Trspi_LoadBlob_UINT32(&offset, ulRimCertSize, hashBlob); + Trspi_LoadBlob(&offset, ulRimCertSize, hashBlob, rimCertData); + Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob, digest.digest); + + if ((result = secret_PerformAuth_OIAP(hTPM, MTM_ORD_InstallRIM, + hOwnerPolicy, &digest, + &verificationAuth))) + return result; + + if ((result = TCSP_InstallRIM(tspContext, ulRimCertSize, rimCertData, + &verificationAuth, outCertSize, outCertData))) { + LogInfo("TCSP_InstallRIM failed\n"); + return result; + } + + LogInfo("Succesful return from TCSP_InstallRIM\n"); + offset = 0; + Trspi_LoadBlob_UINT32(&offset, result, hashBlob); + Trspi_LoadBlob_UINT32(&offset, MTM_ORD_InstallRIM, hashBlob); + Trspi_LoadBlob_UINT32(&offset, *outCertSize, hashBlob); + Trspi_LoadBlob(&offset, *outCertSize, hashBlob, *outCertData); + Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob, digest.digest); + + LogDebug("TSPI_InstallRIM out size=%d", *outCertSize); + + if ((result = obj_policy_validate_auth_oiap(hOwnerPolicy, &digest, + &verificationAuth))) { + LogDebug("[OIAP failed]"); + LogDebug("Result=%d", result); + return result; + } + + return TSS_SUCCESS; +} + +TSS_RESULT +Tspi_MTM_LoadVerificationKey(TSS_HTPM hTPM, /* in */ + UINT32 hParentKey, /* in */ + UINT32 verificationKeySize, /* in */ + BYTE * verificationKeyData, /* in */ + UINT32 * hVerificationKey, /* out */ + BYTE * loadMethod) /* out */ +{ + UINT64 offset; + TSS_RESULT result; + TSS_HCONTEXT tspContext; + TSS_HPOLICY hOwnerPolicy; + TPM_AUTH ownerAuth; + TCPA_DIGEST digest; + BYTE hashBlob[1024]; + + if (verificationKeySize > 0 && verificationKeyData == NULL) { + LogDebug("[Bad parameter: verificationkeyData]"); + return TSPERR(TSS_E_BAD_PARAMETER); + } + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) { + LogDebug("[Bad context]"); + return result; + } + + if ((result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hOwnerPolicy))) { + LogDebug("[Cannot get policy object]"); + return result; + } + + offset = 0; + Trspi_LoadBlob_UINT32(&offset, MTM_ORD_LoadVerificationKey, hashBlob); + Trspi_LoadBlob_UINT32(&offset, hParentKey, hashBlob); + Trspi_LoadBlob_UINT32(&offset, verificationKeySize, hashBlob); + Trspi_LoadBlob(&offset, verificationKeySize, hashBlob, verificationKeyData); + Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob, digest.digest); + + if ((result = secret_PerformAuth_OIAP(hTPM, MTM_ORD_LoadVerificationKey, + hOwnerPolicy, &digest, + &ownerAuth))) { + LogDebug("[OIAP failed]"); + return result; + } + + if ((result = TCSP_LoadVerificationKey(tspContext, hParentKey, + verificationKeySize, verificationKeyData, + &ownerAuth, hVerificationKey, loadMethod))) { + LogDebug("[TCSP_LoadVerificationKey failed]"); + return result; + } + + offset = 0; + Trspi_LoadBlob_UINT32(&offset, result, hashBlob); + Trspi_LoadBlob_UINT32(&offset, MTM_ORD_LoadVerificationKey, hashBlob); + Trspi_LoadBlob_UINT32(&offset, *hVerificationKey, hashBlob); + Trspi_LoadBlob_BYTE(&offset, *loadMethod, hashBlob); + Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob, digest.digest); + LogDebug("[Hash blob loaded]"); + + /* FIXME: How should this work? */ + if ((result = obj_policy_validate_auth_oiap(hOwnerPolicy, &digest, &ownerAuth))) { + LogDebug("[OIAP failed]"); + LogDebug("Result=%d", result); + return result; + } + + return TSS_SUCCESS; +} + +TSS_RESULT +Tspi_MTM_LoadVerificationRootKeyDisable(TSS_HTPM hTPM /* in */) +{ + TSS_RESULT result; + TSS_HCONTEXT tspContext; + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + if ((result = TCSP_LoadVerificationRootKeyDisable(tspContext))) + return result; + + return TSS_SUCCESS; +} + +TSS_RESULT +Tspi_MTM_VerifyRIMCert(TSS_HTPM hTPM, /* in */ + UINT32 ulRimCertSize, /* in */ + BYTE * rimCertData, /* in */ + UINT32 hVerificationKey) /* in */ +{ + TSS_RESULT result; + TSS_HCONTEXT tspContext; + + if (ulRimCertSize > 0 && rimCertData == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + if ((result = TCSP_VerifyRIMCert(tspContext, ulRimCertSize, rimCertData, hVerificationKey))) + return result; + + return TSS_SUCCESS; +} + +TSS_RESULT +Tspi_MTM_VerifyRIMCertAndExtend(TSS_HTPM hTPM, /* in */ + UINT32 ulRimCertSize, /* in */ + BYTE * rimCertData, /* in */ + UINT32 hVerificationKey, /* in */ + TCPA_PCRVALUE * pPcrValue) /* out */ +{ + TSS_RESULT result; + TSS_HCONTEXT tspContext; + + if (ulRimCertSize > 0 && rimCertData == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + if ((result = TCSP_VerifyRIMCertAndExtend(tspContext, ulRimCertSize, rimCertData, hVerificationKey, pPcrValue))) + return result; + + return TSS_SUCCESS; +} + +TSS_RESULT +Tspi_MTM_IncrementBootstrapCounter(TSS_HTPM hTPM, /* in */ + UINT32 ulRimCertSize, /* in */ + BYTE * rimCertData, /* in */ + UINT32 hKey) /* in */ +{ + TSS_RESULT result; + TSS_HCONTEXT tspContext; + + if (ulRimCertSize > 0 && rimCertData == NULL) + return TSPERR(TSS_E_BAD_PARAMETER); + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) + return result; + + if ((result = TCSP_IncrementBootstrapCounter(tspContext, ulRimCertSize, rimCertData, hKey))) + return result; + + return TSS_SUCCESS; +} + +TSS_RESULT +Tspi_MTM_SetVerifiedPCRSelection(TSS_HTPM hTPM, /* in */ + TCPA_PCR_SELECTION * selection) /* in */ +{ + UINT64 offset; + TSS_RESULT result; + TSS_HCONTEXT tspContext; + TSS_HPOLICY hOwnerPolicy; + TPM_AUTH ownerAuth; + TCPA_DIGEST digest; + BYTE hashBlob[1024]; + + if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext))) { + LogInfo("Cannot get context"); + return result; + } + + if ((result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hOwnerPolicy))) { + LogInfo("Cannot get policy object"); + return result; + } + + offset = 0; + Trspi_LoadBlob_UINT32(&offset, MTM_ORD_SetVerifiedPCRSelection, hashBlob); + Trspi_LoadBlob_PCR_SELECTION(&offset, hashBlob, selection); + Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob, digest.digest); + + if ((result = secret_PerformAuth_OIAP(hTPM, MTM_ORD_SetVerifiedPCRSelection, + hOwnerPolicy, &digest, + &ownerAuth))) { + LogInfo("OIAP auth failed"); + return result; + } + + if ((result = TCSP_SetVerifiedPCRSelection(tspContext, selection, &ownerAuth))) { + LogInfo("TCSP_SetVerifiedPCRSelection failed"); + return result; + } + + offset = 0; + Trspi_LoadBlob_UINT32(&offset, result, hashBlob); + Trspi_LoadBlob_UINT32(&offset, MTM_ORD_SetVerifiedPCRSelection, hashBlob); + Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob, digest.digest); + + if ((result = obj_policy_validate_auth_oiap(hOwnerPolicy, &digest, &ownerAuth))) { + LogDebug("[OIAP failed]"); + LogDebug("Result=%d", result); + return result; + } + + return TSS_SUCCESS; +} + diff -Naur trousers-0.2.9.1/src/tspi/spi_tpm.c trousers-0.2.9.1-mtm/src/tspi/spi_tpm.c --- trousers-0.2.9.1/src/tspi/spi_tpm.c 2007-04-12 15:20:13.000000000 +0000 +++ trousers-0.2.9.1-mtm/src/tspi/spi_tpm.c 2007-11-13 13:18:44.000000000 +0000 @@ -4,6 +4,9 @@ * * trousers - An open source TCG Software Stack * + * Portions Copyright (c) 2007 Nokia Corporation + * All Rights Reserved. + * * (C) Copyright International Business Machines Corp. 2004-2006 * */ @@ -12,6 +15,7 @@ #include #include #include +#include #include "trousers/tss.h" #include "trousers/trousers.h" @@ -1398,7 +1402,7 @@ BYTE ** prgbRespData) /* out */ { TSS_HCONTEXT tspContext; - TCPA_CAPABILITY_AREA tcsCapArea; + TCPA_CAPABILITY_AREA tcsCapArea = 0; UINT32 tcsSubCap = 0; UINT32 tcsSubCapContainer; TSS_RESULT result; diff -Naur trousers-0.2.9.1/src/tspi/spi_utils.c trousers-0.2.9.1-mtm/src/tspi/spi_utils.c --- trousers-0.2.9.1/src/tspi/spi_utils.c 2007-01-12 19:50:53.000000000 +0000 +++ trousers-0.2.9.1-mtm/src/tspi/spi_utils.c 2007-12-12 08:34:27.000000000 +0000 @@ -4,6 +4,9 @@ * * trousers - An open source TCG Software Stack * + * Portions Copyright (c) 2007 Nokia Corporation + * All Rights Reserved. + * * (C) Copyright International Business Machines Corp. 2004-2006 * */ @@ -26,6 +29,9 @@ #include "tsplog.h" #include "obj.h" +/* Cygwin compilation: Comment out HAVE_MLOCK - or add autotools macro to check this. */ +#define HAVE_MLOCK 1 + TSS_UUID NULL_UUID = { 0, 0, 0, 0, 0, { 0, 0, 0, 0, 0, 0 } }; TSS_VERSION VERSION_1_1 = { 1, 1, 0, 0 }; @@ -39,10 +45,13 @@ return 0; } + /* mlock/munlock is not supported in Cygwin */ +#ifdef HAVE_MLOCK if (mlock(addr, len) == -1) { LogError("mlock: %s", strerror(errno)); return 1; } +#endif /* HAVE_MLOCK */ return 0; } @@ -55,10 +64,13 @@ return 0; } + /* mlock/munlock is not supported in Cygwin */ +#ifdef HAVE_MLOCK if (munlock(addr, len) == -1) { LogError("mlock: %s", strerror(errno)); return 1; } +#endif /* HAVE_MLOCK */ return 0; } @@ -146,7 +158,12 @@ /* auth is expected to have both nonces and the digest from the TPM */ memcpy(digest, &auth->HMAC, 20); HMAC_Auth(secret, hash, auth); - + LogDebug("Secret-Digest-HMAC"); +#if 0 + LogBlobData("Secret", 20, secret); + LogBlobData("Digest", 20, digest); + LogBlobData("HMAC ", 20, auth->HMAC.authdata); +#endif return (TSS_BOOL) memcmp(digest, &auth->HMAC, 20); }