1 /*############################################################################
2 # Copyright 2017 Intel Corporation
3 #
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
7 #
8 #     http://www.apache.org/licenses/LICENSE-2.0
9 #
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
15 ############################################################################*/
16 
17 /*!
18  * \brief TPM2_CreatePrimary command implementation.
19  * \file
20  */
21 #include "epid/member/tpm2/createprimary.h"
22 #include "epid/common/src/memory.h"
23 #include "epid/member/tpm2/ibm_tss/conversion.h"
24 #include "epid/member/tpm2/ibm_tss/printtss.h"
25 #include "epid/member/tpm2/ibm_tss/state.h"
26 #include "tss2/TPM_Types.h"
27 #include "tss2/tss.h"
28 
Tpm2CreatePrimary(Tpm2Ctx * ctx,G1ElemStr * p_str)29 EpidStatus Tpm2CreatePrimary(Tpm2Ctx* ctx, G1ElemStr* p_str) {
30   if (!ctx || !ctx->epid2_params || !p_str) {
31     return kEpidBadArgErr;
32   }
33   CreatePrimary_In in = {0};
34   CreatePrimary_Out out;
35   TPM_RC rc = TPM_RC_SUCCESS;
36   TPMI_ALG_PUBLIC algPublic = TPM_ALG_ECC;
37   TPMI_ECC_CURVE curveID = TPM_ECC_BN_P256;
38   TPMI_ALG_HASH halg = TPM_ALG_NULL;
39   TPMI_ALG_HASH nalg = TPM_ALG_NULL;
40   TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW;
41   TPM2B_ECC_POINT public_area;
42   unsigned int sessionAttributes0 = 0;
43   const char* parentPasswordPtr = NULL;
44 
45   in.primaryHandle = TPM_RH_ENDORSEMENT;
46   halg = EpidtoTpm2HashAlg(ctx->hash_alg);
47   if (halg == TPM_ALG_NULL) {
48     return kEpidHashAlgorithmNotSupported;
49   }
50   nalg = halg;
51   /* Table 185 - TPM2B_PUBLIC inPublic */
52   /* Table 184 - TPMT_PUBLIC in.inPublic.publicArea */
53   in.inPublic.publicArea.type = algPublic;
54   in.inPublic.publicArea.nameAlg = nalg;
55 
56   /* Table 32 - TPMA_OBJECT objectAttributes */
57   in.inPublic.publicArea.objectAttributes.val |= TPMA_OBJECT_NODA;
58   in.inPublic.publicArea.objectAttributes.val |= TPMA_OBJECT_FIXEDTPM;
59   in.inPublic.publicArea.objectAttributes.val |= TPMA_OBJECT_FIXEDPARENT;
60   in.inPublic.publicArea.objectAttributes.val |=
61       TPMA_OBJECT_SENSITIVEDATAORIGIN;
62   in.inPublic.publicArea.parameters.eccDetail.symmetric.algorithm =
63       TPM_ALG_NULL;
64   in.inPublic.publicArea.parameters.eccDetail.scheme.scheme = TPM_ALG_ECDAA;
65   in.inPublic.publicArea.parameters.eccDetail.scheme.details.ecdaa.hashAlg =
66       halg;
67   in.inPublic.publicArea.parameters.eccDetail.scheme.details.ecdaa.count = 1;
68   in.inPublic.publicArea.parameters.eccDetail.curveID = curveID;
69   in.inPublic.publicArea.parameters.eccDetail.kdf.scheme = TPM_ALG_NULL;
70   in.inSensitive.sensitive.userAuth.t.size = 0;
71   in.inSensitive.sensitive.data.t.size = 0;
72   in.inPublic.publicArea.objectAttributes.val |=
73       TPMA_OBJECT_SENSITIVEDATAORIGIN;
74   in.inPublic.publicArea.objectAttributes.val |= TPMA_OBJECT_USERWITHAUTH;
75   in.inPublic.publicArea.objectAttributes.val &= ~TPMA_OBJECT_ADMINWITHPOLICY;
76   in.inPublic.publicArea.objectAttributes.val |= TPMA_OBJECT_SIGN;
77   in.inPublic.publicArea.objectAttributes.val &= ~TPMA_OBJECT_DECRYPT;
78   in.inPublic.publicArea.objectAttributes.val &= ~TPMA_OBJECT_RESTRICTED;
79   in.inPublic.publicArea.unique.ecc.y.t.size = 0;
80   in.inPublic.publicArea.unique.ecc.x.t.size = 0;
81   in.inPublic.publicArea.authPolicy.t.size = 0;
82   in.inPublic.publicArea.unique.rsa.t.size = 0;
83   in.outsideInfo.t.size = 0;
84   in.creationPCR.count = 0;
85   rc = TSS_Execute(ctx->tss, (RESPONSE_PARAMETERS*)&out,
86                    (COMMAND_PARAMETERS*)&in, NULL, TPM_CC_CreatePrimary,
87                    sessionHandle0, parentPasswordPtr, sessionAttributes0,
88                    TPM_RH_NULL, NULL, 0);
89   if (rc != TPM_RC_SUCCESS) {
90     print_tpm2_response_code("TPM2_CreatePrimary", rc);
91     if (TPM_RC_ATTRIBUTES == rc || TPM_RC_KDF == rc || TPM_RC_SYMMETRIC == rc ||
92         TPM_RC_TYPE == rc || TPM_RC_SCHEME == rc || TPM_RC_SIZE == rc ||
93         TPM_RC_KEY == rc)
94       return kEpidBadArgErr;
95     return kEpidErr;
96   }
97   ctx->key_handle = out.objectHandle;
98   public_area.point = out.outPublic.publicArea.unique.ecc;
99   return WriteTpm2EcPoint(&public_area, p_str);
100 }
101