20
20
#include "trousers/tss.h"
21
21
#include "trousers/trousers.h"
22
22
#include "trousers_types.h"
23
#include "spi_internal_types.h"
23
#include "trousers_types.h"
24
24
#include "spi_utils.h"
25
25
#include "capabilities.h"
26
26
#include "tsplog.h"
29
30
TSS_UUID NULL_UUID = { 0, 0, 0, 0, 0, { 0, 0, 0, 0, 0, 0 } };
31
32
TSS_VERSION VERSION_1_1 = { 1, 1, 0, 0 };
34
pin_mem(void *addr, size_t len)
36
/* only root can lock pages into RAM */
37
if (getuid() != (uid_t)0) {
38
LogWarn("Not pinning secrets in memory due to insufficient perms.");
42
if (mlock(addr, len) == -1) {
43
LogError("mlock: %s", strerror(errno));
51
unpin_mem(void *addr, size_t len)
53
/* only root can lock pages into RAM */
54
if (getuid() != (uid_t)0) {
58
if (munlock(addr, len) == -1) {
59
LogError("mlock: %s", strerror(errno));
72
env_port = getenv("TSS_TCSD_PORT");
75
return TCSD_DEFAULT_PORT;
77
port = atoi(env_port);
79
if (port == 0 || port > 65535)
80
return TCSD_DEFAULT_PORT;
86
internal_GetRandomNonce(TSS_HCONTEXT tspContext, TCPA_NONCE * nonce)
91
if ((result = get_local_random(tspContext, sizeof(TCPA_NONCE), &random)))
92
return TSPERR(TSS_E_INTERNAL_ERROR);
94
memcpy(nonce->nonce, random, sizeof(TCPA_NONCE));
95
free_tspi(tspContext, random);
101
get_num_pcrs(TCS_CONTEXT_HANDLE hContext)
104
static UINT16 ret = 0;
112
subCap = endian32(TPM_CAP_PROP_PCR);
113
if ((result = TCSP_GetCapability(hContext, TCPA_CAP_PROPERTY, sizeof(UINT32),
114
(BYTE *)&subCap, &respSize, &resp))) {
115
if ((resp = (BYTE *)getenv("TSS_DEFAULT_NUM_PCRS")) == NULL)
116
return TSS_DEFAULT_NUM_PCRS;
118
/* don't set ret here, next time we may be connected */
119
return atoi((char *)resp);
122
ret = (UINT16)Decode_UINT32(resp);
129
Init_AuthNonce(TSS_HCONTEXT tspContext, TPM_AUTH * auth)
133
auth->fContinueAuthSession = 0x00;
134
if ((result = internal_GetRandomNonce(tspContext, &auth->NonceOdd))) {
135
LogError("Failed creating random nonce");
136
return TSPERR(TSS_E_INTERNAL_ERROR);
143
validateReturnAuth(BYTE *secret, BYTE *hash, TPM_AUTH *auth)
146
/* auth is expected to have both nonces and the digest from the TPM */
147
memcpy(digest, &auth->HMAC, 20);
148
HMAC_Auth(secret, hash, auth);
150
return (TSS_BOOL) memcmp(digest, &auth->HMAC, 20);
154
HMAC_Auth(BYTE * secret, BYTE * Digest, TPM_AUTH * auth)
160
Trspi_LoadBlob(&offset, 20, Blob, Digest);
161
Trspi_LoadBlob(&offset, 20, Blob, auth->NonceEven.nonce);
162
Trspi_LoadBlob(&offset, 20, Blob, auth->NonceOdd.nonce);
163
Blob[offset++] = auth->fContinueAuthSession;
165
Trspi_HMAC(TSS_HASH_SHA1, 20, secret, offset, Blob, (BYTE *)&auth->HMAC);
169
OSAP_Calc(TSS_HCONTEXT tspContext, UINT16 EntityType, UINT32 EntityValue, BYTE *authSecret,
170
BYTE *usageSecret, BYTE *migSecret, TCPA_ENCAUTH *encAuthUsage, TCPA_ENCAUTH *encAuthMig,
171
BYTE *sharedSecret, TPM_AUTH *auth)
174
TCPA_NONCE nonceEvenOSAP;
176
BYTE hmacBlob[0x200];
177
BYTE hashBlob[0x200];
178
BYTE xorUsageAuth[20];
182
if ((rc = internal_GetRandomNonce(tspContext, &auth->NonceOdd))) {
183
LogError("Failed creating random nonce");
184
return TSPERR(TSS_E_INTERNAL_ERROR);
186
auth->fContinueAuthSession = 0x00;
188
if ((rc = TCSP_OSAP(tspContext, EntityType, EntityValue, auth->NonceOdd, &auth->AuthHandle,
189
&auth->NonceEven, &nonceEvenOSAP))) {
190
if (rc == TCPA_E_RESOURCES) {
193
/* POSIX sleep time, { secs, nanosecs } */
194
struct timespec t = { 0, AUTH_RETRY_NANOSECS };
198
rc = TCSP_OSAP(tspContext, EntityType, EntityValue, auth->NonceOdd,
199
&auth->AuthHandle, &auth->NonceEven, &nonceEvenOSAP);
200
} while (rc == TCPA_E_RESOURCES && ++retry < AUTH_RETRY_COUNT);
208
Trspi_LoadBlob(&offset, 20, hmacBlob, nonceEvenOSAP.nonce);
209
Trspi_LoadBlob(&offset, 20, hmacBlob, auth->NonceOdd.nonce);
211
Trspi_HMAC(TSS_HASH_SHA1, 20, authSecret, offset, hmacBlob, sharedSecret);
214
Trspi_LoadBlob(&offset, 20, hashBlob, sharedSecret);
215
Trspi_LoadBlob(&offset, 20, hashBlob, auth->NonceEven.nonce);
217
Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob, xorUsageAuth);
220
Trspi_LoadBlob(&offset, 20, hashBlob, sharedSecret);
221
Trspi_LoadBlob(&offset, 20, hashBlob, auth->NonceOdd.nonce);
222
Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob, xorMigAuth);
224
for (i = 0; i < sizeof(TCPA_ENCAUTH); i++)
225
encAuthUsage->authdata[i] = usageSecret[i] ^ xorUsageAuth[i];
226
for (i = 0; i < sizeof(TCPA_ENCAUTH); i++)
227
encAuthMig->authdata[i] = migSecret[i] ^ xorMigAuth[i];
34
struct tcs_api_table tcs_normal_api = {
36
.LoadKeyByBlob = RPC_LoadKeyByBlob,
37
.EvictKey = RPC_EvictKey,
38
.CreateWrapKey = RPC_CreateWrapKey,
39
.GetPubKey = RPC_GetPubKey,
40
#ifdef TSS_BUILD_TSS12
41
.OwnerReadInternalPub = RPC_OwnerReadInternalPub,
43
#ifdef TSS_BUILD_CERTIFY
44
.CertifyKey = RPC_CertifyKey,
48
.OwnerClear = RPC_OwnerClear,
49
.ForceClear = RPC_ForceClear,
52
.TerminateHandle = RPC_TerminateHandle,
56
#ifdef TSS_BUILD_CHANGEAUTH
57
.ChangeAuth = RPC_ChangeAuth,
58
.ChangeAuthOwner = RPC_ChangeAuthOwner,
59
.ChangeAuthAsymStart = RPC_ChangeAuthAsymStart,
60
.ChangeAuthAsymFinish = RPC_ChangeAuthAsymFinish,
63
.ActivateTPMIdentity = RPC_ActivateTPMIdentity,
65
#ifdef TSS_BUILD_PCR_EXTEND
67
.PcrRead = RPC_PcrRead,
68
.PcrReset = RPC_PcrReset,
70
#ifdef TSS_BUILD_QUOTE
73
#ifdef TSS_BUILD_QUOTE2
77
.DirWriteAuth = RPC_DirWriteAuth,
78
.DirRead = RPC_DirRead,
88
#ifdef TSS_BUILD_MIGRATION
89
.CreateMigrationBlob = RPC_CreateMigrationBlob,
90
.ConvertMigrationBlob = RPC_ConvertMigrationBlob,
91
.AuthorizeMigrationKey = RPC_AuthorizeMigrationKey,
96
#ifdef TSS_BUILD_RANDOM
97
.GetRandom = RPC_GetRandom,
98
.StirRandom = RPC_StirRandom,
100
#ifdef TSS_BUILD_CAPS_TPM
101
.GetTPMCapability = RPC_GetTPMCapability,
102
.SetCapability = RPC_SetCapability,
103
.GetCapabilityOwner = RPC_GetCapabilityOwner,
106
.CreateEndorsementKeyPair = RPC_CreateEndorsementKeyPair,
107
.ReadPubek = RPC_ReadPubek,
108
.OwnerReadPubek = RPC_OwnerReadPubek,
110
#ifdef TSS_BUILD_SELFTEST
111
.SelfTestFull = RPC_SelfTestFull,
112
.CertifySelfTest = RPC_CertifySelfTest,
113
.GetTestResult = RPC_GetTestResult,
115
#ifdef TSS_BUILD_ADMIN
116
.SetOwnerInstall = RPC_SetOwnerInstall,
117
.DisablePubekRead = RPC_DisablePubekRead,
118
.OwnerSetDisable = RPC_OwnerSetDisable,
119
.ResetLockValue = RPC_ResetLockValue,
120
.DisableOwnerClear = RPC_DisableOwnerClear,
121
.DisableForceClear = RPC_DisableForceClear,
122
.PhysicalDisable = RPC_PhysicalDisable,
123
.PhysicalEnable = RPC_PhysicalEnable,
124
.PhysicalSetDeactivated = RPC_PhysicalSetDeactivated,
125
.PhysicalPresence = RPC_PhysicalPresence,
126
.SetTempDeactivated = RPC_SetTempDeactivated,
127
.SetTempDeactivated2 = RPC_SetTempDeactivated2,
129
#ifdef TSS_BUILD_MAINT
130
.CreateMaintenanceArchive = RPC_CreateMaintenanceArchive,
131
.LoadMaintenanceArchive = RPC_LoadMaintenanceArchive,
132
.KillMaintenanceFeature = RPC_KillMaintenanceFeature,
133
.LoadManuMaintPub = RPC_LoadManuMaintPub,
134
.ReadManuMaintPub = RPC_ReadManuMaintPub,
137
.DaaJoin = RPC_DaaJoin,
138
.DaaSign = RPC_DaaSign,
140
#ifdef TSS_BUILD_COUNTER
141
.ReadCounter = RPC_ReadCounter,
142
.CreateCounter = RPC_CreateCounter,
143
.IncrementCounter = RPC_IncrementCounter,
144
.ReleaseCounter = RPC_ReleaseCounter,
145
.ReleaseCounterOwner = RPC_ReleaseCounterOwner,
147
#ifdef TSS_BUILD_TICK
148
.ReadCurrentTicks = RPC_ReadCurrentTicks,
149
.TickStampBlob = RPC_TickStampBlob,
152
.NV_DefineOrReleaseSpace = RPC_NV_DefineOrReleaseSpace,
153
.NV_WriteValue = RPC_NV_WriteValue,
154
.NV_WriteValueAuth = RPC_NV_WriteValueAuth,
155
.NV_ReadValue = RPC_NV_ReadValue,
156
.NV_ReadValueAuth = RPC_NV_ReadValueAuth,
158
#ifdef TSS_BUILD_AUDIT
159
.SetOrdinalAuditStatus = RPC_SetOrdinalAuditStatus,
160
.GetAuditDigest = RPC_GetAuditDigest,
161
.GetAuditDigestSigned = RPC_GetAuditDigestSigned,
163
#ifdef TSS_BUILD_TSS12
164
.SetOperatorAuth = RPC_SetOperatorAuth,
165
.FlushSpecific = RPC_FlushSpecific,
167
#ifdef TSS_BUILD_DELEGATION
168
.Delegate_Manage = RPC_Delegate_Manage,
169
.Delegate_CreateKeyDelegation = RPC_Delegate_CreateKeyDelegation,
170
.Delegate_CreateOwnerDelegation = RPC_Delegate_CreateOwnerDelegation,
171
.Delegate_LoadOwnerDelegation = RPC_Delegate_LoadOwnerDelegation,
172
.Delegate_ReadTable = RPC_Delegate_ReadTable,
173
.Delegate_UpdateVerificationCount = RPC_Delegate_UpdateVerificationCount,
174
.Delegate_VerifyDelegation = RPC_Delegate_VerifyDelegation,
177
.FieldUpgrade = RPC_FieldUpgrade,
178
.SetRedirection = RPC_SetRedirection,
181
struct tcs_api_table tcs_transport_api = {
183
.LoadKeyByBlob = Transport_LoadKeyByBlob,
184
.EvictKey = Transport_EvictKey,
185
.CreateWrapKey = Transport_CreateWrapKey,
186
.GetPubKey = Transport_GetPubKey,
187
#ifdef TSS_BUILD_TSS12
188
.OwnerReadInternalPub = Transport_OwnerReadInternalPub,
190
#ifdef TSS_BUILD_CERTIFY
191
.CertifyKey = Transport_CertifyKey,
195
.OwnerClear = Transport_OwnerClear,
196
.ForceClear = Transport_ForceClear,
198
#ifdef TSS_BUILD_AUTH
199
.OIAP = Transport_OIAP,
200
.OSAP = Transport_OSAP,
201
.TerminateHandle = Transport_TerminateHandle,
203
#ifdef TSS_BUILD_CHANGEAUTH
204
.ChangeAuth = Transport_ChangeAuth,
205
.ChangeAuthOwner = Transport_ChangeAuthOwner,
206
.ChangeAuthAsymStart = RPC_ChangeAuthAsymStart,
207
.ChangeAuthAsymFinish = RPC_ChangeAuthAsymFinish,
210
.ActivateTPMIdentity = Transport_ActivateTPMIdentity,
212
#ifdef TSS_BUILD_PCR_EXTEND
213
.Extend = Transport_Extend,
214
.PcrRead = Transport_PcrRead,
215
.PcrReset = Transport_PcrReset,
217
#ifdef TSS_BUILD_QUOTE
218
.Quote = Transport_Quote,
220
#ifdef TSS_BUILD_QUOTE2
221
.Quote2 = Transport_Quote2,
224
.DirWriteAuth = Transport_DirWriteAuth,
225
.DirRead = Transport_DirRead,
227
#ifdef TSS_BUILD_SEAL
228
.Seal = Transport_Seal,
229
.Sealx = Transport_Sealx,
230
.Unseal = Transport_Unseal,
232
#ifdef TSS_BUILD_BIND
233
.UnBind = Transport_UnBind,
235
#ifdef TSS_BUILD_MIGRATION
236
.CreateMigrationBlob = Transport_CreateMigrationBlob,
237
.ConvertMigrationBlob = Transport_ConvertMigrationBlob,
238
.AuthorizeMigrationKey = Transport_AuthorizeMigrationKey,
240
#ifdef TSS_BUILD_SIGN
241
.Sign = Transport_Sign,
243
#ifdef TSS_BUILD_RANDOM
244
.GetRandom = Transport_GetRandom,
245
.StirRandom = Transport_StirRandom,
247
#ifdef TSS_BUILD_CAPS_TPM
248
.GetTPMCapability = Transport_GetTPMCapability,
249
.SetCapability = Transport_SetCapability,
250
.GetCapabilityOwner = Transport_GetCapabilityOwner,
253
.ReadPubek = RPC_ReadPubek,
254
.OwnerReadPubek = RPC_OwnerReadPubek,
256
#ifdef TSS_BUILD_SELFTEST
257
.SelfTestFull = Transport_SelfTestFull,
258
.CertifySelfTest = Transport_CertifySelfTest,
259
.GetTestResult = Transport_GetTestResult,
261
#ifdef TSS_BUILD_ADMIN
262
.SetOwnerInstall = Transport_SetOwnerInstall,
263
.DisablePubekRead = Transport_DisablePubekRead,
264
.OwnerSetDisable = Transport_OwnerSetDisable,
265
.ResetLockValue = Transport_ResetLockValue,
266
.DisableOwnerClear = Transport_DisableOwnerClear,
267
.DisableForceClear = Transport_DisableForceClear,
268
.PhysicalDisable = Transport_PhysicalDisable,
269
.PhysicalEnable = Transport_PhysicalEnable,
270
.PhysicalSetDeactivated = Transport_PhysicalSetDeactivated,
271
.PhysicalPresence = Transport_PhysicalPresence,
272
.SetTempDeactivated = Transport_SetTempDeactivated,
273
.SetTempDeactivated2 = Transport_SetTempDeactivated2,
275
#ifdef TSS_BUILD_MAINT
276
.CreateMaintenanceArchive = Transport_CreateMaintenanceArchive,
277
.LoadMaintenanceArchive = Transport_LoadMaintenanceArchive,
278
.KillMaintenanceFeature = Transport_KillMaintenanceFeature,
279
.LoadManuMaintPub = Transport_LoadManuMaintPub,
280
.ReadManuMaintPub = Transport_ReadManuMaintPub,
283
.DaaJoin = RPC_DaaJoin,
284
.DaaSign = RPC_DaaSign,
286
#ifdef TSS_BUILD_COUNTER
287
.ReadCounter = Transport_ReadCounter,
288
.CreateCounter = RPC_CreateCounter,
289
.IncrementCounter = RPC_IncrementCounter,
290
.ReleaseCounter = RPC_ReleaseCounter,
291
.ReleaseCounterOwner = RPC_ReleaseCounterOwner,
293
#ifdef TSS_BUILD_TICK
294
.ReadCurrentTicks = Transport_ReadCurrentTicks,
295
.TickStampBlob = Transport_TickStampBlob,
298
.NV_DefineOrReleaseSpace = Transport_NV_DefineOrReleaseSpace,
299
.NV_WriteValue = Transport_NV_WriteValue,
300
.NV_WriteValueAuth = Transport_NV_WriteValueAuth,
301
.NV_ReadValue = Transport_NV_ReadValue,
302
.NV_ReadValueAuth = Transport_NV_ReadValueAuth,
304
#ifdef TSS_BUILD_AUDIT
305
.SetOrdinalAuditStatus = Transport_SetOrdinalAuditStatus,
306
.GetAuditDigest = Transport_GetAuditDigest,
307
.GetAuditDigestSigned = Transport_GetAuditDigestSigned,
309
#ifdef TSS_BUILD_TSS12
310
.SetOperatorAuth = Transport_SetOperatorAuth,
311
.FlushSpecific = Transport_FlushSpecific,
313
#ifdef TSS_BUILD_DELEGATION
314
.Delegate_Manage = Transport_Delegate_Manage,
315
.Delegate_CreateKeyDelegation = Transport_Delegate_CreateKeyDelegation,
316
.Delegate_CreateOwnerDelegation = Transport_Delegate_CreateOwnerDelegation,
317
.Delegate_LoadOwnerDelegation = Transport_Delegate_LoadOwnerDelegation,
318
.Delegate_ReadTable = Transport_Delegate_ReadTable,
319
.Delegate_UpdateVerificationCount = Transport_Delegate_UpdateVerificationCount,
320
.Delegate_VerifyDelegation = Transport_Delegate_VerifyDelegation,
321
.DSAP = Transport_DSAP,
323
.FieldUpgrade = RPC_FieldUpgrade,
324
.SetRedirection = RPC_SetRedirection,
233
328
Decode_UINT16(BYTE * in)
286
UnloadBlob_AUTH(UINT64 * offset, BYTE * blob, TPM_AUTH * auth)
411
UnloadBlob_AUTH(UINT64 *offset, BYTE *blob, TPM_AUTH *auth)
288
413
Trspi_UnloadBlob(offset, 20, blob, auth->NonceEven.nonce);
289
414
Trspi_UnloadBlob_BOOL(offset, &auth->fContinueAuthSession, blob);
290
415
Trspi_UnloadBlob(offset, 20, blob, (BYTE *)&auth->HMAC);
294
LoadBlob_LOADKEY_INFO(UINT64 *offset, BYTE *blob, TCS_LOADKEY_INFO *info)
296
Trspi_LoadBlob_UUID(offset, blob, info->keyUUID);
297
Trspi_LoadBlob_UUID(offset, blob, info->parentKeyUUID);
298
Trspi_LoadBlob(offset, TCPA_DIGEST_SIZE, blob, info->paramDigest.digest);
299
Trspi_LoadBlob_UINT32(offset, info->authData.AuthHandle, blob);
300
Trspi_LoadBlob(offset, TCPA_NONCE_SIZE, blob, (BYTE *)&info->authData.NonceOdd.nonce);
301
Trspi_LoadBlob(offset, TCPA_NONCE_SIZE, blob, (BYTE *)&info->authData.NonceEven.nonce);
302
Trspi_LoadBlob_BOOL(offset, info->authData.fContinueAuthSession, blob);
303
Trspi_LoadBlob(offset, TCPA_DIGEST_SIZE, blob, (BYTE *)&info->authData.HMAC);
307
UnloadBlob_LOADKEY_INFO(UINT64 *offset, BYTE *blob, TCS_LOADKEY_INFO *info)
309
Trspi_UnloadBlob_UUID(offset, blob, &info->keyUUID);
310
Trspi_UnloadBlob_UUID(offset, blob, &info->parentKeyUUID);
311
Trspi_UnloadBlob(offset, TCPA_DIGEST_SIZE, blob, (BYTE *)&info->paramDigest.digest);
312
Trspi_UnloadBlob_UINT32(offset, &info->authData.AuthHandle, blob);
313
Trspi_UnloadBlob(offset, TCPA_NONCE_SIZE, blob, (BYTE *)&info->authData.NonceOdd.nonce);
314
Trspi_UnloadBlob(offset, TCPA_NONCE_SIZE, blob, (BYTE *)&info->authData.NonceEven.nonce);
315
Trspi_UnloadBlob_BOOL(offset, &info->authData.fContinueAuthSession, blob);
316
Trspi_UnloadBlob(offset, TCPA_DIGEST_SIZE, blob, (BYTE *)&info->authData.HMAC);
320
Trspi_LoadBlob_BOUND_DATA(UINT64 * offset, TCPA_BOUND_DATA bd,
321
UINT32 payloadLength, BYTE * blob)
323
Trspi_LoadBlob_TCPA_VERSION(offset, blob, bd.ver);
324
Trspi_LoadBlob(offset, 1, blob, &bd.payload);
325
Trspi_LoadBlob(offset, payloadLength, blob, bd.payloadData);
329
Trspi_LoadBlob_IDENTITY_REQ(UINT64 * offset, BYTE *blob,
330
TCPA_IDENTITY_REQ *req)
332
Trspi_LoadBlob_UINT32(offset, req->asymSize, blob);
333
Trspi_LoadBlob_UINT32(offset, req->symSize, blob);
334
Trspi_LoadBlob_KEY_PARMS(offset, blob, &req->asymAlgorithm);
335
Trspi_LoadBlob_KEY_PARMS(offset, blob, &req->symAlgorithm);
336
Trspi_LoadBlob(offset, req->asymSize, blob, req->asymBlob);
337
Trspi_LoadBlob(offset, req->symSize, blob, req->symBlob);
341
Trspi_LoadBlob_CHANGEAUTH_VALIDATE(UINT64 * offset, BYTE * blob,
342
TCPA_CHANGEAUTH_VALIDATE * caValidate)
344
Trspi_LoadBlob(offset, TCPA_SHA1_160_HASH_LEN, blob, caValidate->newAuthSecret.authdata);
345
Trspi_LoadBlob(offset, TCPA_SHA1_160_HASH_LEN, blob, caValidate->n1.nonce);
350
get_tpm_flags(TSS_HCONTEXT tspContext, TSS_HTPM hTPM, UINT32 *volFlags, UINT32 *nonVolFlags)
355
TCPA_VERSION version;
360
if ((result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hPolicy)))
363
/* do an owner authorized get capability call */
364
UINT32ToArray(TPM_ORD_GetCapabilityOwner, hashBlob);
365
Trspi_Hash(TSS_HASH_SHA1, sizeof(UINT32), hashBlob, digest.digest);
367
if ((result = secret_PerformAuth_OIAP(hTPM, TPM_ORD_GetCapabilityOwner,
368
hPolicy, &digest, &auth)))
371
if ((result = TCSP_GetCapabilityOwner(tspContext, &auth, &version, nonVolFlags, volFlags)))
375
Trspi_LoadBlob_UINT32(&offset, result, hashBlob);
376
Trspi_LoadBlob_UINT32(&offset, TPM_ORD_GetCapabilityOwner, hashBlob);
377
Trspi_LoadBlob_TCPA_VERSION(&offset, hashBlob, version);
378
Trspi_LoadBlob_UINT32(&offset, *nonVolFlags, hashBlob);
379
Trspi_LoadBlob_UINT32(&offset, *volFlags, hashBlob);
381
Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob, digest.digest);
383
return obj_policy_validate_auth_oiap(hPolicy, &digest, &auth);
387
get_local_random(TSS_HCONTEXT tspContext, UINT32 size, BYTE **data)
418
/* If alloc is true, we allocate a new buffer for the bytes and set *data to that.
419
* If alloc is false, data is really a BYTE*, so write the bytes directly to that buffer */
421
get_local_random(TSS_HCONTEXT tspContext, TSS_BOOL alloc, UINT32 size, BYTE **data)
390
424
BYTE *buf = NULL;
392
426
f = fopen(TSS_LOCAL_RANDOM_DEVICE, "r");
394
LogError("open of %s failed: %s",
395
TSS_LOCAL_RANDOM_DEVICE, strerror(errno));
428
LogError("open of %s failed: %s", TSS_LOCAL_RANDOM_DEVICE, strerror(errno));
396
429
return TSPERR(TSS_E_INTERNAL_ERROR);
399
buf = calloc_tspi(tspContext, size);
401
LogError("malloc of %u bytes failed", size);
403
return TSPERR(TSS_E_OUTOFMEMORY);
433
buf = calloc_tspi(tspContext, size);
435
LogError("malloc of %u bytes failed", size);
437
return TSPERR(TSS_E_OUTOFMEMORY);
406
442
if (fread(buf, size, 1, f) == 0) {
407
LogError("fread of %s failed: %s", TSS_LOCAL_RANDOM_DEVICE,
443
LogError("fread of %s failed: %s", TSS_LOCAL_RANDOM_DEVICE, strerror(errno));
410
445
return TSPERR(TSS_E_INTERNAL_ERROR);
420
internal_GetCap(TSS_HCONTEXT tspContext, TSS_FLAG capArea, UINT32 subCap,
421
UINT32 * respSize, BYTE ** respData)
424
TSS_VERSION v = INTERNAL_CAP_TSP_VERSION;
426
if (capArea == TSS_TSPCAP_VERSION) {
427
if ((*respData = calloc_tspi(tspContext, sizeof(TSS_VERSION))) == NULL)
428
return TSPERR(TSS_E_OUTOFMEMORY);
430
Trspi_LoadBlob_TSS_VERSION(&offset, *respData, v);
432
} else if (capArea == TSS_TSPCAP_ALG) {
433
if ((*respData = calloc_tspi(tspContext, 1)) == NULL)
434
return TSPERR(TSS_E_OUTOFMEMORY);
439
(*respData)[0] = INTERNAL_CAP_TSP_ALG_RSA;
442
(*respData)[0] = INTERNAL_CAP_TSP_ALG_AES;
445
(*respData)[0] = INTERNAL_CAP_TSP_ALG_SHA;
448
(*respData)[0] = INTERNAL_CAP_TSP_ALG_HMAC;
451
(*respData)[0] = INTERNAL_CAP_TSP_ALG_DES;
454
(*respData)[0] = INTERNAL_CAP_TSP_ALG_3DES;
457
free_tspi(tspContext, *respData);
458
return TSPERR(TSS_E_BAD_PARAMETER);
460
} else if (capArea == TSS_TSPCAP_PERSSTORAGE) {
461
if ((*respData = calloc_tspi(tspContext, 1)) == NULL)
462
return TSPERR(TSS_E_OUTOFMEMORY);
465
(*respData)[0] = INTERNAL_CAP_TSP_PERSSTORAGE;
467
return TSPERR(TSS_E_BAD_PARAMETER);
473
free_key_refs(TCPA_KEY *key)
475
free(key->algorithmParms.parms);
476
key->algorithmParms.parms = NULL;
477
key->algorithmParms.parmSize = 0;
479
free(key->pubKey.key);
480
key->pubKey.key = NULL;
481
key->pubKey.keyLength = 0;
489
key->PCRInfoSize = 0;
493
merge_key_hierarchies(TSS_HCONTEXT tspContext, UINT32 tsp_size, TSS_KM_KEYINFO *tsp_hier,
494
UINT32 tcs_size, TSS_KM_KEYINFO *tcs_hier, UINT32 *merged_size,
495
TSS_KM_KEYINFO **merged_hier)
499
*merged_hier = malloc((tsp_size + tcs_size) * sizeof(TSS_KM_KEYINFO));
500
if (*merged_hier == NULL) {
501
LogError("malloc of %zu bytes failed.", (tsp_size + tcs_size) *
502
sizeof(TSS_KM_KEYINFO));
503
return TSPERR(TSS_E_OUTOFMEMORY);
506
for (i = 0; i < tsp_size; i++)
507
memcpy(&((*merged_hier)[i]), &tsp_hier[i], sizeof(TSS_KM_KEYINFO));
509
for (j = 0; j < tcs_size; j++)
510
memcpy(&((*merged_hier)[i + j]), &tcs_hier[j], sizeof(TSS_KM_KEYINFO));
512
*merged_size = i + j;
514
452
return TSS_SUCCESS;