← Back to branch summary

~ubuntu-branches/ubuntu/hardy/trousers/hardy-proposed

« back to all changes in this revision

Viewing changes to src/tspi/spi_context.c

  • Committer: Bazaar Package Importer
  • Author(s): Daniel Baumann
  • Date: 2008-01-23 22:03:00 UTC
  • mfrom: (1.1.1 upstream)
  • Revision ID: james.westby@ubuntu.com-20080123220300-fhtqja3c0oq0gp6z
Tags: 0.3.1-4
http://bugs.debian.org/457400
http://bugs.debian.org/459682
* Added patch from Aaron M. Ucko <ucko@debian.org> to allow trousers to
  build successfully on amd64, and presumably also other 64-bit
  architectures (Closes: #457400).
* Including udev rule for /dev/tpm from William Lima
  <wlima.amadeus@gmail.com> as suggested by David Smith <dds@google.com>
  (Closes: #459682).
* Added lintian overrides.

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/tspi/spi_context.c
1
 
 
2
 
/*
3
 
 * Licensed Materials - Property of IBM
4
 
 *
5
 
 * trousers - An open source TCG Software Stack
6
 
 *
7
 
 * (C) Copyright International Business Machines Corp. 2004-2006
8
 
 *
9
 
 */
10
 
 
11
 
 
12
 
#include <stdlib.h>
13
 
#include <stdio.h>
14
 
#include <string.h>
15
 
 
16
 
#include "trousers/tss.h"
17
 
#include "trousers/trousers.h"
18
 
#include "trousers_types.h"
19
 
#include "spi_internal_types.h"
20
 
#include "spi_utils.h"
21
 
#include "capabilities.h"
22
 
#include "tsplog.h"
23
 
#include "tcs_tsp.h"
24
 
#include "tspps.h"
25
 
#include "hosttable.h"
26
 
#include "tcsd_wrap.h"
27
 
#include "tcsd.h"
28
 
#include "obj.h"
29
 
 
30
 
 
31
 
TSS_RESULT
32
 
Tspi_Context_Create(TSS_HCONTEXT * phContext)   /* out */
33
 
{
34
 
        if (phContext == NULL)
35
 
                return TSPERR(TSS_E_BAD_PARAMETER);
36
 
 
37
 
        return obj_context_add(phContext);
38
 
}
39
 
 
40
 
TSS_RESULT
41
 
Tspi_Context_Close(TSS_HCONTEXT tspContext)     /* in */
42
 
{
43
 
        TSS_RESULT result;
44
 
 
45
 
        if (!obj_is_context(tspContext))
46
 
                return TSPERR(TSS_E_INVALID_HANDLE);
47
 
 
48
 
        /* Have the TCS do its thing */
49
 
        result = TCS_CloseContext(tspContext);
50
 
 
51
 
        /* Note: Memory that was returned to the app that was alloc'd by this
52
 
         * context isn't free'd here.  Any memory that the app doesn't explicitly
53
 
         * free is left for it to free itself. */
54
 
 
55
 
        /* Destroy all objects */
56
 
        obj_close_context(tspContext);
57
 
 
58
 
        /* close the ps file */
59
 
        ps_close();
60
 
 
61
 
        /* We're not a connected context, so just exit */
62
 
        return result;
63
 
}
64
 
 
65
 
TSS_RESULT
66
 
Tspi_Context_Connect(TSS_HCONTEXT tspContext,   /* in */
67
 
                     UNICODE *wszDestination)   /* in */
68
 
{
69
 
        TSS_RESULT result;
70
 
        BYTE *machine_name = NULL;
71
 
        TSS_HOBJECT hTpm;
72
 
        UINT32 string_len = 0;
73
 
 
74
 
        if (wszDestination == NULL) {
75
 
                if ((result = obj_context_get_machine_name(tspContext,
76
 
                                                           &string_len,
77
 
                                                           &machine_name)))
78
 
                        return result;
79
 
 
80
 
                if ((result = TCS_OpenContext_RPC(tspContext, machine_name,
81
 
                                                  CONNECTION_TYPE_TCP_PERSISTANT)))
82
 
                        return result;
83
 
        } else {
84
 
                if ((machine_name =
85
 
                    Trspi_UNICODE_To_Native((BYTE *)wszDestination, NULL)) == NULL) {
86
 
                        LogError("Error converting hostname to UTF-8");
87
 
                        return TSPERR(TSS_E_INTERNAL_ERROR);
88
 
                }
89
 
 
90
 
                if ((result = TCS_OpenContext_RPC(tspContext, machine_name,
91
 
                                                  CONNECTION_TYPE_TCP_PERSISTANT)))
92
 
                        return result;
93
 
 
94
 
                if ((result = obj_context_set_machine_name(tspContext, machine_name,
95
 
                                                strlen((char *)machine_name)+1)))
96
 
                        return result;
97
 
        }
98
 
 
99
 
        if ((obj_tpm_add(tspContext, &hTpm))) {
100
 
                TCS_CloseContext(tspContext);
101
 
                return TSPERR(TSS_E_INTERNAL_ERROR);
102
 
        }
103
 
 
104
 
        return TSS_SUCCESS;
105
 
}
106
 
 
107
 
TSS_RESULT
108
 
Tspi_Context_FreeMemory(TSS_HCONTEXT tspContext,        /* in */
109
 
                        BYTE * rgbMemory)               /* in */
110
 
{
111
 
        if (!obj_is_context(tspContext))
112
 
                return TSPERR(TSS_E_INVALID_HANDLE);
113
 
 
114
 
        return free_tspi(tspContext, rgbMemory);
115
 
}
116
 
 
117
 
TSS_RESULT
118
 
Tspi_Context_GetDefaultPolicy(TSS_HCONTEXT tspContext,  /* in */
119
 
                              TSS_HPOLICY * phPolicy)   /* out */
120
 
{
121
 
        if (phPolicy == NULL )
122
 
                return TSPERR(TSS_E_BAD_PARAMETER);
123
 
 
124
 
        if (!obj_is_context(tspContext))
125
 
                return TSPERR(TSS_E_INVALID_HANDLE);
126
 
 
127
 
        return obj_context_get_policy(tspContext, phPolicy);
128
 
}
129
 
 
130
 
TSS_RESULT
131
 
Tspi_Context_CreateObject(TSS_HCONTEXT tspContext,      /* in */
132
 
                          TSS_FLAG objectType,          /* in */
133
 
                          TSS_FLAG initFlags,           /* in */
134
 
                          TSS_HOBJECT * phObject)       /* out */
135
 
{
136
 
        TSS_RESULT result;
137
 
 
138
 
        if (phObject == NULL)
139
 
                return TSPERR(TSS_E_BAD_PARAMETER);
140
 
 
141
 
        if (!obj_is_context(tspContext))
142
 
                return TSPERR(TSS_E_INVALID_HANDLE);
143
 
 
144
 
        switch (objectType) {
145
 
        case TSS_OBJECT_TYPE_POLICY:
146
 
                switch (initFlags) {
147
 
                        case TSS_POLICY_MIGRATION:
148
 
                                /* fall through */
149
 
                        case TSS_POLICY_USAGE:
150
 
                                break;
151
 
                        default:
152
 
                                return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG);
153
 
                }
154
 
 
155
 
                result = obj_policy_add(tspContext, initFlags, phObject);
156
 
                break;
157
 
        case TSS_OBJECT_TYPE_RSAKEY:
158
 
                /* If other flags are set that disagree with the SRK, this will
159
 
                 * help catch that conflict in the later steps */
160
 
                if (initFlags & TSS_KEY_TSP_SRK) {
161
 
                        initFlags |= (TSS_KEY_TYPE_STORAGE | TSS_KEY_NOT_MIGRATABLE |
162
 
                                      TSS_KEY_NON_VOLATILE | TSS_KEY_SIZE_2048);
163
 
                }
164
 
 
165
 
                /* Set default key flags */
166
 
 
167
 
                /* Default key size = 2k */
168
 
                if ((initFlags & TSS_KEY_SIZE_MASK) == 0)
169
 
                        initFlags |= TSS_KEY_SIZE_2048;
170
 
 
171
 
                /* Default key type = storage */
172
 
                if ((initFlags & TSS_KEY_TYPE_MASK) == 0)
173
 
                        initFlags |= TSS_KEY_TYPE_STORAGE;
174
 
 
175
 
                /* Check the key flags */
176
 
                switch (initFlags & TSS_KEY_SIZE_MASK) {
177
 
                        case TSS_KEY_SIZE_512:
178
 
                                /* fall through */
179
 
                        case TSS_KEY_SIZE_1024:
180
 
                                /* fall through */
181
 
                        case TSS_KEY_SIZE_2048:
182
 
                                /* fall through */
183
 
                        case TSS_KEY_SIZE_4096:
184
 
                                /* fall through */
185
 
                        case TSS_KEY_SIZE_8192:
186
 
                                /* fall through */
187
 
                        case TSS_KEY_SIZE_16384:
188
 
                                break;
189
 
                        default:
190
 
                                return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG);
191
 
                }
192
 
 
193
 
                switch (initFlags & TSS_KEY_TYPE_MASK) {
194
 
                        case TSS_KEY_TYPE_STORAGE:
195
 
                                /* fall through */
196
 
                        case TSS_KEY_TYPE_SIGNING:
197
 
                                /* fall through */
198
 
                        case TSS_KEY_TYPE_BIND:
199
 
                                /* fall through */
200
 
                        case TSS_KEY_TYPE_AUTHCHANGE:
201
 
                                /* fall through */
202
 
                        case TSS_KEY_TYPE_LEGACY:
203
 
                                /* fall through */
204
 
                        case TSS_KEY_TYPE_IDENTITY:
205
 
                                break;
206
 
                        default:
207
 
                                return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG);
208
 
                }
209
 
 
210
 
                result = obj_rsakey_add(tspContext, initFlags, phObject);
211
 
                break;
212
 
        case TSS_OBJECT_TYPE_ENCDATA:
213
 
                switch (initFlags & TSS_ENCDATA_TYPE_MASK) {
214
 
                        case TSS_ENCDATA_LEGACY:
215
 
                                /* fall through */
216
 
                        case TSS_ENCDATA_SEAL:
217
 
                                /* fall through */
218
 
                        case TSS_ENCDATA_BIND:
219
 
                                break;
220
 
                        default:
221
 
                                return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG);
222
 
                }
223
 
 
224
 
                result = obj_encdata_add(tspContext, (initFlags & TSS_ENCDATA_TYPE_MASK),
225
 
                                         phObject);
226
 
                break;
227
 
        case TSS_OBJECT_TYPE_PCRS:
228
 
                /* There are no valid flags for a PCRs object */
229
 
                if (initFlags & ~(0UL))
230
 
                        return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG);
231
 
 
232
 
                result = obj_pcrs_add(tspContext, phObject);
233
 
                break;
234
 
        case TSS_OBJECT_TYPE_HASH:
235
 
                switch (initFlags) {
236
 
                        case TSS_HASH_DEFAULT:
237
 
                                /* fall through */
238
 
                        case TSS_HASH_SHA1:
239
 
                                /* fall through */
240
 
                        case TSS_HASH_OTHER:
241
 
                                break;
242
 
                        default:
243
 
                                return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG);
244
 
                }
245
 
 
246
 
                result = obj_hash_add(tspContext, initFlags, phObject);
247
 
                break;
248
 
        default:
249
 
                LogDebug("Invalid Object type");
250
 
                return TSPERR(TSS_E_INVALID_OBJECT_TYPE);
251
 
                break;
252
 
        }
253
 
 
254
 
        return result;
255
 
}
256
 
 
257
 
TSS_RESULT
258
 
Tspi_Context_CloseObject(TSS_HCONTEXT tspContext,       /* in */
259
 
                         TSS_HOBJECT hObject)           /* in */
260
 
{
261
 
        TSS_RESULT result;
262
 
 
263
 
        if (!obj_is_context(tspContext))
264
 
                return TSPERR(TSS_E_INVALID_HANDLE);
265
 
 
266
 
        if (obj_is_pcrs(hObject)) {
267
 
                result = obj_pcrs_remove(hObject, tspContext);
268
 
        } else if (obj_is_encdata(hObject)) {
269
 
                result = obj_encdata_remove(hObject, tspContext);
270
 
        } else if (obj_is_hash(hObject)) {
271
 
                result = obj_hash_remove(hObject, tspContext);
272
 
        } else if (obj_is_rsakey(hObject)) {
273
 
                result = obj_rsakey_remove(hObject, tspContext);
274
 
        } else if (obj_is_policy(hObject)) {
275
 
                result = obj_policy_remove(hObject, tspContext);
276
 
        } else {
277
 
                result = TSPERR(TSS_E_INVALID_HANDLE);
278
 
        }
279
 
 
280
 
        return result;
281
 
}
282
 
 
283
 
TSS_RESULT
284
 
Tspi_Context_GetTpmObject(TSS_HCONTEXT tspContext,      /*  in */
285
 
                          TSS_HTPM * phTPM)             /*  out */
286
 
{
287
 
        if (phTPM == NULL)
288
 
                return TSPERR(TSS_E_BAD_PARAMETER);
289
 
 
290
 
        if (!obj_is_context(tspContext))
291
 
                return TSPERR(TSS_E_INVALID_HANDLE);
292
 
 
293
 
        return obj_tpm_get(tspContext, phTPM);
294
 
}
295
 
 
296
 
TSS_RESULT
297
 
Tspi_Context_GetCapability(TSS_HCONTEXT tspContext,     /* in */
298
 
                           TSS_FLAG capArea,            /* in */
299
 
                           UINT32 ulSubCapLength,       /* in */
300
 
                           BYTE * rgbSubCap,            /* in */
301
 
                           UINT32 * pulRespDataLength,  /* out */
302
 
                           BYTE ** prgbRespData)        /* out */
303
 
{
304
 
        TSS_RESULT result;
305
 
        UINT32 subCap;
306
 
 
307
 
        if (prgbRespData == NULL || pulRespDataLength == NULL )
308
 
                return TSPERR(TSS_E_BAD_PARAMETER);
309
 
 
310
 
        if (rgbSubCap == NULL && ulSubCapLength != 0)
311
 
                return TSPERR(TSS_E_BAD_PARAMETER);
312
 
 
313
 
        if (ulSubCapLength > sizeof(UINT32))
314
 
                return TSPERR(TSS_E_BAD_PARAMETER);
315
 
 
316
 
        if (!obj_is_context(tspContext))
317
 
                return TSPERR(TSS_E_INVALID_HANDLE);
318
 
 
319
 
        switch (capArea) {
320
 
                case TSS_TSPCAP_ALG:
321
 
                case TSS_TSPCAP_VERSION:
322
 
                case TSS_TSPCAP_PERSSTORAGE:
323
 
                        if (capArea == TSS_TSPCAP_ALG) {
324
 
                                if (ulSubCapLength != sizeof(UINT32) || !rgbSubCap)
325
 
                                        return TSPERR(TSS_E_BAD_PARAMETER);
326
 
                        }
327
 
 
328
 
                        result = internal_GetCap(tspContext, capArea,
329
 
                                                 rgbSubCap ? *(UINT32 *)rgbSubCap : 0,
330
 
                                                 pulRespDataLength,
331
 
                                                 prgbRespData);
332
 
                        break;
333
 
                case TSS_TCSCAP_ALG:
334
 
                case TSS_TCSCAP_VERSION:
335
 
                case TSS_TCSCAP_CACHING:
336
 
                case TSS_TCSCAP_PERSSTORAGE:
337
 
                case TSS_TCSCAP_MANUFACTURER:
338
 
                        if (capArea == TSS_TCSCAP_ALG) {
339
 
                                if (ulSubCapLength != sizeof(UINT32) || !rgbSubCap)
340
 
                                        return TSPERR(TSS_E_BAD_PARAMETER);
341
 
                        }
342
 
 
343
 
                        subCap = rgbSubCap ? endian32(*(UINT32 *)rgbSubCap) : 0;
344
 
 
345
 
                        result = TCS_GetCapability(tspContext, capArea, ulSubCapLength,
346
 
                                                   (BYTE *)&subCap, pulRespDataLength,
347
 
                                                   prgbRespData);
348
 
                        break;
349
 
                default:
350
 
                        result = TSPERR(TSS_E_BAD_PARAMETER);
351
 
                        break;
352
 
        }
353
 
 
354
 
        return result;
355
 
}
356
 
 
357
 
TSS_RESULT
358
 
Tspi_Context_LoadKeyByBlob(TSS_HCONTEXT tspContext,     /* in */
359
 
                           TSS_HKEY hUnwrappingKey,     /* in */
360
 
                           UINT32 ulBlobLength,         /* in */
361
 
                           BYTE * rgbBlobData,          /* in */
362
 
                           TSS_HKEY * phKey)            /* out */
363
 
{
364
 
        TPM_AUTH auth;
365
 
        BYTE blob[1024];
366
 
        UINT64 offset;
367
 
        TCPA_DIGEST digest;
368
 
        TSS_RESULT result;
369
 
        UINT32 keyslot;
370
 
        TSS_HPOLICY hPolicy;
371
 
        TCS_KEY_HANDLE parentTCSKeyHandle;
372
 
        TCS_KEY_HANDLE myTCSKeyHandle;
373
 
        TCPA_KEY keyContainer;
374
 
        TSS_BOOL useAuth;
375
 
        TPM_AUTH *pAuth;
376
 
        TSS_FLAG initFlags;
377
 
        UINT16 realKeyBlobSize;
378
 
        TCPA_KEY_USAGE keyUsage;
379
 
        UINT32 pubLen;
380
 
 
381
 
        if (phKey == NULL || rgbBlobData == NULL )
382
 
                return TSPERR(TSS_E_BAD_PARAMETER);
383
 
 
384
 
        if (!obj_is_context(tspContext) || !obj_is_rsakey(hUnwrappingKey))
385
 
                return TSPERR(TSS_E_INVALID_HANDLE);
386
 
 
387
 
        /* Get the Parent Handle */
388
 
        if ((result = obj_rsakey_get_tcs_handle(hUnwrappingKey, &parentTCSKeyHandle)))
389
 
                return result;
390
 
 
391
 
        offset = 0;
392
 
        if ((result = Trspi_UnloadBlob_KEY(&offset, rgbBlobData, &keyContainer)))
393
 
                return result;
394
 
        realKeyBlobSize = offset;
395
 
        pubLen = keyContainer.pubKey.keyLength;
396
 
        keyUsage = keyContainer.keyUsage;
397
 
        /* free these now, since they're not used below */
398
 
        free_key_refs(&keyContainer);
399
 
 
400
 
        if ((result = obj_rsakey_get_policy(hUnwrappingKey, TSS_POLICY_USAGE,
401
 
                                        &hPolicy, &useAuth)))
402
 
                return result;
403
 
 
404
 
        if (useAuth) {
405
 
                /* ---  Create the Authorization */
406
 
                offset = 0;
407
 
                Trspi_LoadBlob_UINT32(&offset, TPM_ORD_LoadKey, blob);
408
 
                Trspi_LoadBlob(&offset, ulBlobLength, blob, rgbBlobData);
409
 
                Trspi_Hash(TSS_HASH_SHA1, offset, blob, digest.digest);
410
 
 
411
 
                if ((result = secret_PerformAuth_OIAP(hUnwrappingKey, TPM_ORD_LoadKey,
412
 
                                                      hPolicy, &digest, &auth)))
413
 
                        return result;
414
 
 
415
 
                pAuth = &auth;
416
 
        } else {
417
 
                pAuth = NULL;
418
 
        }
419
 
 
420
 
        if ((result = TCSP_LoadKeyByBlob(tspContext, parentTCSKeyHandle, ulBlobLength, rgbBlobData,
421
 
                                         pAuth, &myTCSKeyHandle, &keyslot)))
422
 
                return result;
423
 
 
424
 
        if (useAuth) {
425
 
                /* ---  Validate return auth */
426
 
                offset = 0;
427
 
                Trspi_LoadBlob_UINT32(&offset, result, blob);
428
 
                Trspi_LoadBlob_UINT32(&offset, TPM_ORD_LoadKey, blob);
429
 
                Trspi_LoadBlob_UINT32(&offset, keyslot, blob);
430
 
                Trspi_Hash(TSS_HASH_SHA1, offset, blob, digest.digest);
431
 
 
432
 
                if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, &auth)))
433
 
                        return result;
434
 
        }
435
 
 
436
 
        /* ---  Create a new Object */
437
 
        initFlags = 0;
438
 
        if (pubLen == 0x100)
439
 
                initFlags |= TSS_KEY_SIZE_2048;
440
 
        else if (pubLen == 0x80)
441
 
                initFlags |= TSS_KEY_SIZE_1024;
442
 
        else if (pubLen == 0x40)
443
 
                initFlags |= TSS_KEY_SIZE_512;
444
 
 
445
 
        /* clear the key type field */
446
 
        initFlags &= ~TSS_KEY_TYPE_MASK;
447
 
 
448
 
        if (keyUsage == TPM_KEY_STORAGE)
449
 
                initFlags |= TSS_KEY_TYPE_STORAGE;
450
 
        else
451
 
                initFlags |= TSS_KEY_TYPE_SIGNING;      /* loading the blob
452
 
                                                           will fix this
453
 
                                                           back to what it
454
 
                                                           should be. */
455
 
 
456
 
        if ((result = obj_rsakey_add(tspContext, initFlags, phKey))) {
457
 
                LogDebug("Failed create object");
458
 
                return TSPERR(TSS_E_INTERNAL_ERROR);
459
 
        }
460
 
 
461
 
        if ((result = obj_rsakey_set_tcpakey(*phKey,realKeyBlobSize, rgbBlobData))) {
462
 
                LogDebug("Key loaded but failed to setup the key object"
463
 
                          "correctly");
464
 
                return TSPERR(TSS_E_INTERNAL_ERROR);
465
 
        }
466
 
 
467
 
        return obj_rsakey_set_tcs_handle(*phKey, myTCSKeyHandle);
468
 
}
469
 
 
470
 
TSS_RESULT
471
 
Tspi_Context_LoadKeyByUUID(TSS_HCONTEXT tspContext,             /* in */
472
 
                           TSS_FLAG persistentStorageType,      /* in */
473
 
                           TSS_UUID uuidData,                   /* in */
474
 
                           TSS_HKEY * phKey)                    /* out */
475
 
{
476
 
        TSS_RESULT result;
477
 
        TSS_UUID parentUUID;
478
 
        UINT32 keyBlobSize, parentPSType;
479
 
        BYTE *keyBlob = NULL;
480
 
        TCS_KEY_HANDLE tcsKeyHandle;
481
 
        TSS_HKEY parentTspHandle;
482
 
        TCS_LOADKEY_INFO info;
483
 
 
484
 
        if (phKey == NULL)
485
 
                return TSPERR(TSS_E_BAD_PARAMETER);
486
 
 
487
 
        if (!obj_is_context(tspContext))
488
 
                return TSPERR(TSS_E_INVALID_HANDLE);
489
 
 
490
 
        /* This key is in the System Persistant storage */
491
 
        if (persistentStorageType == TSS_PS_TYPE_SYSTEM) {
492
 
                memset(&info, 0, sizeof(TCS_LOADKEY_INFO));
493
 
 
494
 
                result = TCSP_LoadKeyByUUID(tspContext, uuidData, &info, &tcsKeyHandle);
495
 
 
496
 
                if (TSS_ERROR_CODE(result) == TCS_E_KM_LOADFAILED) {
497
 
                        TSS_HKEY keyHandle;
498
 
                        TSS_HPOLICY hPolicy;
499
 
 
500
 
                        /* load failed, due to some key in the chain needing auth
501
 
                         * which doesn't yet exist at the TCS level. However, the
502
 
                         * auth may already be set in policies at the TSP level.
503
 
                         * To find out, get the key handle of the key requiring
504
 
                         * auth. First, look at the list of keys in memory. */
505
 
                        if ((obj_rsakey_get_by_uuid(&info.parentKeyUUID, &keyHandle))) {
506
 
                                /* If that failed, look on disk, in User PS. */
507
 
                                if (ps_get_key_by_uuid(tspContext, &info.parentKeyUUID,
508
 
                                                       &keyHandle))
509
 
                                        return result;
510
 
                        }
511
 
 
512
 
                        if (obj_rsakey_get_policy(keyHandle, TSS_POLICY_USAGE,
513
 
                                                  &hPolicy, NULL))
514
 
                                return result;
515
 
 
516
 
                        if (secret_PerformAuth_OIAP(keyHandle,
517
 
                                                    TPM_ORD_LoadKey,
518
 
                                                    hPolicy, &info.paramDigest,
519
 
                                                    &info.authData))
520
 
                                return result;
521
 
 
522
 
                        if ((result = TCSP_LoadKeyByUUID(tspContext, uuidData, &info,
523
 
                                                         &tcsKeyHandle)))
524
 
                                return result;
525
 
                } else if (result)
526
 
                        return result;
527
 
 
528
 
                if ((result = TCS_GetRegisteredKeyBlob(tspContext, uuidData, &keyBlobSize,
529
 
                                                       &keyBlob)))
530
 
                        return result;
531
 
 
532
 
                if ((result = obj_rsakey_add_by_key(tspContext, &uuidData, keyBlob,
533
 
                                                    TSS_OBJ_FLAG_SYSTEM_PS, phKey))) {
534
 
                        free (keyBlob);
535
 
                        return result;
536
 
                }
537
 
 
538
 
                result = obj_rsakey_set_tcs_handle(*phKey, tcsKeyHandle);
539
 
 
540
 
                free (keyBlob);
541
 
        } else if (persistentStorageType == TSS_PS_TYPE_USER) {
542
 
                if ((result = ps_get_parent_uuid_by_uuid(&uuidData, &parentUUID)))
543
 
                        return result;
544
 
 
545
 
                /* If the parent is not in memory, recursively call ourselves on it */
546
 
                if (obj_rsakey_get_by_uuid(&parentUUID, &parentTspHandle) != TSS_SUCCESS) {
547
 
                        if ((result = ps_get_parent_ps_type_by_uuid(&uuidData, &parentPSType)))
548
 
                                return result;
549
 
 
550
 
                        if ((result = Tspi_Context_LoadKeyByUUID(tspContext, parentPSType,
551
 
                                                                 parentUUID, &parentTspHandle)))
552
 
                                return result;
553
 
                }
554
 
 
555
 
                if ((result = ps_get_key_by_uuid(tspContext, &uuidData, phKey)))
556
 
                        return result;
557
 
 
558
 
                /* The parent is loaded and we have the parent key handle, so call the TCS to
559
 
                 * actually load the child. */
560
 
                return Tspi_Key_LoadKey(*phKey, parentTspHandle);
561
 
        } else {
562
 
                return TSPERR(TSS_E_BAD_PARAMETER);
563
 
        }
564
 
 
565
 
        return TSS_SUCCESS;
566
 
}
567
 
 
568
 
TSS_RESULT
569
 
Tspi_Context_RegisterKey(TSS_HCONTEXT tspContext,               /* in */
570
 
                         TSS_HKEY hKey,                         /* in */
571
 
                         TSS_FLAG persistentStorageType,        /* in */
572
 
                         TSS_UUID uuidKey,                      /* in */
573
 
                         TSS_FLAG persistentStorageTypeParent,  /* in */
574
 
                         TSS_UUID uuidParentKey)                /* in */
575
 
{
576
 
        BYTE *keyBlob;
577
 
        UINT32 keyBlobSize;
578
 
        TSS_RESULT result;
579
 
        TSS_BOOL answer;
580
 
 
581
 
        if (!obj_is_context(tspContext) || !obj_is_rsakey(hKey))
582
 
                return TSPERR(TSS_E_INVALID_HANDLE);
583
 
 
584
 
        if (persistentStorageType == TSS_PS_TYPE_SYSTEM) {
585
 
                if (persistentStorageTypeParent == TSS_PS_TYPE_USER) {
586
 
                        return TSPERR(TSS_E_NOTIMPL);
587
 
                } else if (persistentStorageTypeParent == TSS_PS_TYPE_SYSTEM) {
588
 
                        if ((result = obj_rsakey_get_blob(hKey, &keyBlobSize,
589
 
                                                          &keyBlob)))
590
 
                                return result;
591
 
 
592
 
                        if ((result = TCS_RegisterKey(tspContext, uuidParentKey, uuidKey,
593
 
                                                      keyBlobSize, keyBlob,
594
 
                                                      strlen(PACKAGE_STRING) + 1,
595
 
                                                      (BYTE *)PACKAGE_STRING)))
596
 
                                return result;
597
 
                } else {
598
 
                        return TSPERR(TSS_E_BAD_PARAMETER);
599
 
                }
600
 
        } else if (persistentStorageType == TSS_PS_TYPE_USER) {
601
 
                if ((result = ps_is_key_registered(&uuidKey, &answer)))
602
 
                        return result;
603
 
 
604
 
                if (answer == TRUE)
605
 
                        return TSPERR(TSS_E_KEY_ALREADY_REGISTERED);
606
 
 
607
 
                if ((result = obj_rsakey_get_blob (hKey, &keyBlobSize, &keyBlob)))
608
 
                        return result;
609
 
 
610
 
                if ((result = ps_write_key(&uuidKey, &uuidParentKey,
611
 
                                           persistentStorageTypeParent,
612
 
                                           keyBlobSize, keyBlob)))
613
 
                        return result;
614
 
        } else {
615
 
                return TSPERR(TSS_E_BAD_PARAMETER);
616
 
        }
617
 
 
618
 
        if ((result = obj_rsakey_set_uuid(hKey, persistentStorageType, &uuidKey)))
619
 
                return result;
620
 
 
621
 
        return TSS_SUCCESS;
622
 
}
623
 
 
624
 
TSS_RESULT
625
 
Tspi_Context_UnregisterKey(TSS_HCONTEXT tspContext,             /* in */
626
 
                           TSS_FLAG persistentStorageType,      /* in */
627
 
                           TSS_UUID uuidKey,                    /* in */
628
 
                           TSS_HKEY *phKey)                     /* out */
629
 
{
630
 
        BYTE *keyBlob = NULL;
631
 
        UINT32 keyBlobSize;
632
 
        TSS_RESULT result;
633
 
 
634
 
        if (phKey == NULL)
635
 
                return TSPERR(TSS_E_BAD_PARAMETER);
636
 
 
637
 
        if (!obj_is_context(tspContext))
638
 
                return TSPERR(TSS_E_INVALID_HANDLE);
639
 
 
640
 
        if (persistentStorageType == TSS_PS_TYPE_SYSTEM) {
641
 
                /* get the key first, so it doesn't disappear when we
642
 
                 * unregister it */
643
 
                if ((result = TCS_GetRegisteredKeyBlob(tspContext, uuidKey, &keyBlobSize,
644
 
                                                       &keyBlob)))
645
 
                        return result;
646
 
 
647
 
                if ((obj_rsakey_add_by_key(tspContext, &uuidKey, keyBlob, TSS_OBJ_FLAG_SYSTEM_PS,
648
 
                                           phKey))) {
649
 
                        free(keyBlob);
650
 
                        return result;
651
 
                }
652
 
 
653
 
                free(keyBlob);
654
 
 
655
 
                /* now unregister it */
656
 
                if ((result = TCSP_UnregisterKey(tspContext, uuidKey)))
657
 
                        return result;
658
 
        } else if (persistentStorageType == TSS_PS_TYPE_USER) {
659
 
                if (!obj_is_context(tspContext))
660
 
                        return TSPERR(TSS_E_INVALID_HANDLE);
661
 
 
662
 
                /* get the key first, so it doesn't disappear when we
663
 
                 * unregister it */
664
 
                if ((result = ps_get_key_by_uuid(tspContext, &uuidKey, phKey)))
665
 
                        return result;
666
 
 
667
 
                /* now unregister it */
668
 
                if ((result = ps_remove_key(&uuidKey)))
669
 
                        return result;
670
 
        } else {
671
 
                return TSPERR(TSS_E_BAD_PARAMETER);
672
 
        }
673
 
 
674
 
        return TSS_SUCCESS;
675
 
}
676
 
 
677
 
TSS_RESULT
678
 
Tspi_Context_GetKeyByUUID(TSS_HCONTEXT tspContext,              /* in */
679
 
                          TSS_FLAG persistentStorageType,       /* in */
680
 
                          TSS_UUID uuidData,                    /* in */
681
 
                          TSS_HKEY * phKey)                     /* out */
682
 
{
683
 
        TCPA_RESULT result;
684
 
        UINT32 keyBlobSize = 0;
685
 
        BYTE *keyBlob = NULL;
686
 
 
687
 
        if (phKey == NULL)
688
 
                return TSPERR(TSS_E_BAD_PARAMETER);
689
 
 
690
 
        if (!obj_is_context(tspContext))
691
 
                return TSPERR(TSS_E_INVALID_HANDLE);
692
 
 
693
 
        if (persistentStorageType == TSS_PS_TYPE_SYSTEM) {
694
 
                if ((result = TCS_GetRegisteredKeyBlob(tspContext, uuidData, &keyBlobSize,
695
 
                                                       &keyBlob)))
696
 
                        return result;
697
 
 
698
 
                if ((obj_rsakey_add_by_key(tspContext, &uuidData, keyBlob, TSS_OBJ_FLAG_SYSTEM_PS,
699
 
                                           phKey))) {
700
 
                        free(keyBlob);
701
 
                        return result;
702
 
                }
703
 
 
704
 
                free(keyBlob);
705
 
        } else if (persistentStorageType == TSS_PS_TYPE_USER) {
706
 
                if (!obj_is_context(tspContext))
707
 
                        return TSPERR(TSS_E_INVALID_HANDLE);
708
 
 
709
 
                if ((result = ps_get_key_by_uuid(tspContext, &uuidData, phKey)))
710
 
                        return result;
711
 
        } else
712
 
                return TSPERR(TSS_E_BAD_PARAMETER);
713
 
 
714
 
        return TSS_SUCCESS;
715
 
}
716
 
 
717
 
TSS_RESULT
718
 
Tspi_Context_GetKeyByPublicInfo(TSS_HCONTEXT tspContext,        /* in */
719
 
                                TSS_FLAG persistentStorageType, /* in */
720
 
                                TSS_ALGORITHM_ID algID,         /* in */
721
 
                                UINT32 ulPublicInfoLength,      /* in */
722
 
                                BYTE * rgbPublicInfo,           /* in */
723
 
                                TSS_HKEY * phKey)               /* out */
724
 
{
725
 
        TCPA_ALGORITHM_ID tcsAlgID;
726
 
        UINT32 keyBlobSize;
727
 
        BYTE *keyBlob;
728
 
        TSS_RESULT result;
729
 
        TSS_HKEY keyOutHandle;
730
 
        UINT32 flag = 0;
731
 
        TCPA_KEY keyContainer;
732
 
        UINT64 offset;
733
 
 
734
 
        if (phKey == NULL)
735
 
                return TSPERR(TSS_E_BAD_PARAMETER);
736
 
 
737
 
        if (!obj_is_context(tspContext))
738
 
                return TSPERR(TSS_E_INVALID_HANDLE);
739
 
 
740
 
        switch (algID) {
741
 
                case TSS_ALG_RSA:
742
 
                        tcsAlgID = TCPA_ALG_RSA;
743
 
                        break;
744
 
                default:
745
 
                        LogError("Algorithm ID was not type RSA.");
746
 
                        return TSPERR(TSS_E_BAD_PARAMETER);
747
 
        }
748
 
 
749
 
        if (persistentStorageType == TSS_PS_TYPE_SYSTEM) {
750
 
                if ((result = TCSP_GetRegisteredKeyByPublicInfo(tspContext, tcsAlgID,
751
 
                                                                ulPublicInfoLength, rgbPublicInfo,
752
 
                                                                &keyBlobSize, &keyBlob)))
753
 
                        return result;
754
 
 
755
 
        } else if (persistentStorageType == TSS_PS_TYPE_USER) {
756
 
                return ps_get_key_by_pub(tspContext, ulPublicInfoLength, rgbPublicInfo,
757
 
                                         phKey);
758
 
        } else
759
 
                return TSPERR(TSS_E_BAD_PARAMETER);
760
 
 
761
 
        /* need to setup the init flags of the create object based on
762
 
         * the size of the blob's pubkey */
763
 
        offset = 0;
764
 
        if ((result = Trspi_UnloadBlob_KEY(&offset, keyBlob, &keyContainer))) {
765
 
                free(keyBlob);
766
 
                return result;
767
 
        }
768
 
 
769
 
        /* begin setting up the key object */
770
 
        switch (keyContainer.pubKey.keyLength) {
771
 
                case 16384/8:
772
 
                        flag |= TSS_KEY_SIZE_16384;
773
 
                        break;
774
 
                case 8192/8:
775
 
                        flag |= TSS_KEY_SIZE_8192;
776
 
                        break;
777
 
                case 4096/8:
778
 
                        flag |= TSS_KEY_SIZE_4096;
779
 
                        break;
780
 
                case 2048/8:
781
 
                        flag |= TSS_KEY_SIZE_2048;
782
 
                        break;
783
 
                case 1024/8:
784
 
                        flag |= TSS_KEY_SIZE_1024;
785
 
                        break;
786
 
                case 512/8:
787
 
                        flag |= TSS_KEY_SIZE_512;
788
 
                        break;
789
 
                default:
790
 
                        LogError("Key was not a known keylength.");
791
 
                        free(keyBlob);
792
 
                        free_key_refs(&keyContainer);
793
 
                        return TSPERR(TSS_E_INTERNAL_ERROR);
794
 
        }
795
 
 
796
 
        if (keyContainer.keyUsage == TPM_KEY_SIGNING)
797
 
                flag |= TSS_KEY_TYPE_SIGNING;
798
 
        else if (keyContainer.keyUsage == TPM_KEY_STORAGE)
799
 
                flag |= TSS_KEY_TYPE_STORAGE;
800
 
        else if (keyContainer.keyUsage == TPM_KEY_IDENTITY)
801
 
                flag |= TSS_KEY_TYPE_IDENTITY;
802
 
        else if (keyContainer.keyUsage == TPM_KEY_AUTHCHANGE)
803
 
                flag |= TSS_KEY_TYPE_AUTHCHANGE;
804
 
        else if (keyContainer.keyUsage == TPM_KEY_BIND)
805
 
                flag |= TSS_KEY_TYPE_BIND;
806
 
        else if (keyContainer.keyUsage == TPM_KEY_LEGACY)
807
 
                flag |= TSS_KEY_TYPE_LEGACY;
808
 
 
809
 
        if (keyContainer.authDataUsage == TPM_AUTH_NEVER)
810
 
                flag |= TSS_KEY_NO_AUTHORIZATION;
811
 
        else
812
 
                flag |= TSS_KEY_AUTHORIZATION;
813
 
 
814
 
        if (keyContainer.keyFlags & migratable)
815
 
                flag |= TSS_KEY_MIGRATABLE;
816
 
        else
817
 
                flag |= TSS_KEY_NOT_MIGRATABLE;
818
 
 
819
 
        if (keyContainer.keyFlags & volatileKey)
820
 
                flag |= TSS_KEY_VOLATILE;
821
 
        else
822
 
                flag |= TSS_KEY_NON_VOLATILE;
823
 
 
824
 
        /* Create a new Key Object */
825
 
        if ((result = obj_rsakey_add(tspContext, flag, &keyOutHandle))) {
826
 
                free(keyBlob);
827
 
                free_key_refs(&keyContainer);
828
 
                return result;
829
 
        }
830
 
        /* Stick the info into this net KeyObject */
831
 
        if ((result = obj_rsakey_set_tcpakey(keyOutHandle, keyBlobSize, keyBlob))) {
832
 
                free(keyBlob);
833
 
                free_key_refs(&keyContainer);
834
 
                return result;
835
 
        }
836
 
 
837
 
        free(keyBlob);
838
 
        free_key_refs(&keyContainer);
839
 
        *phKey = keyOutHandle;
840
 
 
841
 
        return TSS_SUCCESS;
842
 
}
843
 
 
844
 
TSS_RESULT
845
 
Tspi_Context_GetRegisteredKeysByUUID(TSS_HCONTEXT tspContext,           /* in */
846
 
                                     TSS_FLAG persistentStorageType,    /* in */
847
 
                                     TSS_UUID * pUuidData,              /* in */
848
 
                                     UINT32 * pulKeyHierarchySize,      /* out */
849
 
                                     TSS_KM_KEYINFO ** ppKeyHierarchy)  /* out */
850
 
{
851
 
        TSS_RESULT result;
852
 
        TSS_KM_KEYINFO *tcsHier, *tspHier;
853
 
        UINT32 tcsHierSize, tspHierSize;
854
 
        TSS_UUID tcs_uuid;
855
 
 
856
 
        if (pulKeyHierarchySize == NULL || ppKeyHierarchy == NULL)
857
 
                return TSPERR(TSS_E_BAD_PARAMETER);
858
 
 
859
 
        if (!obj_is_context(tspContext))
860
 
                return TSPERR(TSS_E_INVALID_HANDLE);
861
 
 
862
 
        if (pUuidData) {
863
 
                if (persistentStorageType == TSS_PS_TYPE_SYSTEM) {
864
 
                        if ((result = TCS_EnumRegisteredKeys(tspContext, pUuidData,
865
 
                                                             pulKeyHierarchySize,
866
 
                                                             ppKeyHierarchy)))
867
 
                                return result;
868
 
                } else if (persistentStorageType == TSS_PS_TYPE_USER) {
869
 
                        if ((result = ps_get_registered_keys(pUuidData, &tcs_uuid,
870
 
                                                             &tspHierSize, &tspHier)))
871
 
                                return result;
872
 
 
873
 
                        if ((result = TCS_EnumRegisteredKeys(tspContext, &tcs_uuid, &tcsHierSize,
874
 
                                                             &tcsHier))) {
875
 
                                free(tspHier);
876
 
                                return result;
877
 
                        }
878
 
 
879
 
                        result = merge_key_hierarchies(tspContext, tspHierSize, tspHier,
880
 
                                                       tcsHierSize, tcsHier, pulKeyHierarchySize,
881
 
                                                       ppKeyHierarchy);
882
 
                        free(tcsHier);
883
 
                        free(tspHier);
884
 
                } else
885
 
                        return TSPERR(TSS_E_BAD_PARAMETER);
886
 
        } else {
887
 
                if ((result = TCS_EnumRegisteredKeys(tspContext, pUuidData, &tcsHierSize,
888
 
                                                     &tcsHier)))
889
 
                        return result;
890
 
 
891
 
                if ((result = ps_get_registered_keys(pUuidData, NULL, &tspHierSize, &tspHier))) {
892
 
                        free(tcsHier);
893
 
                        return result;
894
 
                }
895
 
 
896
 
                result = merge_key_hierarchies(tspContext, tspHierSize, tspHier, tcsHierSize,
897
 
                                               tcsHier, pulKeyHierarchySize, ppKeyHierarchy);
898
 
                free(tcsHier);
899
 
                free(tspHier);
900
 
        }
901
 
 
902
 
        if ((result = add_mem_entry(tspContext, *ppKeyHierarchy))) {
903
 
                free(*ppKeyHierarchy);
904
 
                *ppKeyHierarchy = NULL;
905
 
                *pulKeyHierarchySize = 0;
906
 
        }
907
 
 
908
 
        return result;
909
 
}