1 /*############################################################################
2 # Copyright 2017 Intel Corporation
3 #
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
7 #
8 # http://www.apache.org/licenses/LICENSE-2.0
9 #
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
15 ############################################################################*/
16
17 /*!
18 * \brief TPM2_CreatePrimary command implementation.
19 * \file
20 */
21 #include "epid/member/tpm2/createprimary.h"
22 #include "epid/common/src/memory.h"
23 #include "epid/member/tpm2/ibm_tss/conversion.h"
24 #include "epid/member/tpm2/ibm_tss/printtss.h"
25 #include "epid/member/tpm2/ibm_tss/state.h"
26 #include "tss2/TPM_Types.h"
27 #include "tss2/tss.h"
28
Tpm2CreatePrimary(Tpm2Ctx * ctx,G1ElemStr * p_str)29 EpidStatus Tpm2CreatePrimary(Tpm2Ctx* ctx, G1ElemStr* p_str) {
30 if (!ctx || !ctx->epid2_params || !p_str) {
31 return kEpidBadArgErr;
32 }
33 CreatePrimary_In in = {0};
34 CreatePrimary_Out out;
35 TPM_RC rc = TPM_RC_SUCCESS;
36 TPMI_ALG_PUBLIC algPublic = TPM_ALG_ECC;
37 TPMI_ECC_CURVE curveID = TPM_ECC_BN_P256;
38 TPMI_ALG_HASH halg = TPM_ALG_NULL;
39 TPMI_ALG_HASH nalg = TPM_ALG_NULL;
40 TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW;
41 TPM2B_ECC_POINT public_area;
42 unsigned int sessionAttributes0 = 0;
43 const char* parentPasswordPtr = NULL;
44
45 in.primaryHandle = TPM_RH_ENDORSEMENT;
46 halg = EpidtoTpm2HashAlg(ctx->hash_alg);
47 if (halg == TPM_ALG_NULL) {
48 return kEpidHashAlgorithmNotSupported;
49 }
50 nalg = halg;
51 /* Table 185 - TPM2B_PUBLIC inPublic */
52 /* Table 184 - TPMT_PUBLIC in.inPublic.publicArea */
53 in.inPublic.publicArea.type = algPublic;
54 in.inPublic.publicArea.nameAlg = nalg;
55
56 /* Table 32 - TPMA_OBJECT objectAttributes */
57 in.inPublic.publicArea.objectAttributes.val |= TPMA_OBJECT_NODA;
58 in.inPublic.publicArea.objectAttributes.val |= TPMA_OBJECT_FIXEDTPM;
59 in.inPublic.publicArea.objectAttributes.val |= TPMA_OBJECT_FIXEDPARENT;
60 in.inPublic.publicArea.objectAttributes.val |=
61 TPMA_OBJECT_SENSITIVEDATAORIGIN;
62 in.inPublic.publicArea.parameters.eccDetail.symmetric.algorithm =
63 TPM_ALG_NULL;
64 in.inPublic.publicArea.parameters.eccDetail.scheme.scheme = TPM_ALG_ECDAA;
65 in.inPublic.publicArea.parameters.eccDetail.scheme.details.ecdaa.hashAlg =
66 halg;
67 in.inPublic.publicArea.parameters.eccDetail.scheme.details.ecdaa.count = 1;
68 in.inPublic.publicArea.parameters.eccDetail.curveID = curveID;
69 in.inPublic.publicArea.parameters.eccDetail.kdf.scheme = TPM_ALG_NULL;
70 in.inSensitive.sensitive.userAuth.t.size = 0;
71 in.inSensitive.sensitive.data.t.size = 0;
72 in.inPublic.publicArea.objectAttributes.val |=
73 TPMA_OBJECT_SENSITIVEDATAORIGIN;
74 in.inPublic.publicArea.objectAttributes.val |= TPMA_OBJECT_USERWITHAUTH;
75 in.inPublic.publicArea.objectAttributes.val &= ~TPMA_OBJECT_ADMINWITHPOLICY;
76 in.inPublic.publicArea.objectAttributes.val |= TPMA_OBJECT_SIGN;
77 in.inPublic.publicArea.objectAttributes.val &= ~TPMA_OBJECT_DECRYPT;
78 in.inPublic.publicArea.objectAttributes.val &= ~TPMA_OBJECT_RESTRICTED;
79 in.inPublic.publicArea.unique.ecc.y.t.size = 0;
80 in.inPublic.publicArea.unique.ecc.x.t.size = 0;
81 in.inPublic.publicArea.authPolicy.t.size = 0;
82 in.inPublic.publicArea.unique.rsa.t.size = 0;
83 in.outsideInfo.t.size = 0;
84 in.creationPCR.count = 0;
85 rc = TSS_Execute(ctx->tss, (RESPONSE_PARAMETERS*)&out,
86 (COMMAND_PARAMETERS*)&in, NULL, TPM_CC_CreatePrimary,
87 sessionHandle0, parentPasswordPtr, sessionAttributes0,
88 TPM_RH_NULL, NULL, 0);
89 if (rc != TPM_RC_SUCCESS) {
90 print_tpm2_response_code("TPM2_CreatePrimary", rc);
91 if (TPM_RC_ATTRIBUTES == rc || TPM_RC_KDF == rc || TPM_RC_SYMMETRIC == rc ||
92 TPM_RC_TYPE == rc || TPM_RC_SCHEME == rc || TPM_RC_SIZE == rc ||
93 TPM_RC_KEY == rc)
94 return kEpidBadArgErr;
95 return kEpidErr;
96 }
97 ctx->key_handle = out.objectHandle;
98 public_area.point = out.outPublic.publicArea.unique.ecc;
99 return WriteTpm2EcPoint(&public_area, p_str);
100 }
101