3
* Licensed Materials - Property of IBM
5
* trousers - An open source TCG Software Stack
7
* (C) Copyright International Business Machines Corp. 2004
17
#include "trousers/tss.h"
18
#include "trousers_types.h"
21
#include "tcs_utils.h"
22
#include "tcs_int_literals.h"
23
#include "capabilities.h"
26
#include "tcsd_wrap.h"
31
TCSP_ChangeAuth_Internal(TCS_CONTEXT_HANDLE contextHandle, /* in */
32
TCS_KEY_HANDLE parentHandle, /* in */
33
TCPA_PROTOCOL_ID protocolID, /* in */
34
TCPA_ENCAUTH newAuth, /* in */
35
TCPA_ENTITY_TYPE entityType, /* in */
36
UINT32 encDataSize, /* in */
37
BYTE *encData, /* in */
38
TPM_AUTH *ownerAuth, /* in, out */
39
TPM_AUTH *entityAuth, /* in, out */
40
UINT32 *outDataSize, /* out */
41
BYTE **outData /* out */
47
TCPA_KEY_HANDLE keySlot;
48
TCS_KEY_HANDLE tcsKeyHandleToEvict;
49
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
51
LogDebug("Entering Changeauth");
52
if ((result = ctx_verify_context(contextHandle)))
55
if ((result = auth_mgr_check(contextHandle, &ownerAuth->AuthHandle)))
57
if ((result = auth_mgr_check(contextHandle, &entityAuth->AuthHandle)))
60
if ((result = ensureKeyIsLoaded(contextHandle, parentHandle, &keySlot)))
63
if ((result = tpm_rqu_build(TPM_ORD_ChangeAuth, &offset, txBlob, keySlot, protocolID,
64
newAuth.authdata, entityType, encDataSize, encData, ownerAuth,
68
if ((result = req_mgr_submit_req(txBlob)))
71
result = UnloadBlob_Header(txBlob, ¶mSize);
73
result = tpm_rsp_parse(TPM_ORD_ChangeAuth, txBlob, paramSize, outDataSize, outData,
74
ownerAuth, entityAuth);
76
/* if the malloc above failed, terminate the 2 new auth handles and exit */
81
* Check if ET is a key. If it is, we need to
82
* 1 - Evict the key if loaded
83
* 2 - update the mem cache entry
85
if (entityType == TCPA_ET_KEYHANDLE || entityType == TCPA_ET_KEY) {
86
LogDebug("entity type is a key. Check if mem cache needs updating...");
87
tcsKeyHandleToEvict = mc_get_handle_by_encdata(encData);
88
LogDebug("tcsKeyHandle being evicted is %.8X", tcsKeyHandleToEvict);
89
/*--- If it was found in knowledge, replace it */
90
if (tcsKeyHandleToEvict != 0) {
91
internal_EvictByKeySlot(keySlot);
92
mc_update_encdata(encData, *outData);
97
LogResult("ChangeAuth", result);
99
auth_mgr_release_auth(ownerAuth, entityAuth, contextHandle);
104
TCSP_ChangeAuthOwner_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
105
TCPA_PROTOCOL_ID protocolID, /* in */
106
TCPA_ENCAUTH newAuth, /* in */
107
TCPA_ENTITY_TYPE entityType, /* in */
108
TPM_AUTH * ownerAuth /* in, out */
114
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
116
LogDebug("Entering ChangeAuthOwner");
118
if ((result = ctx_verify_context(hContext)))
121
if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)))
124
if ((result = tpm_rqu_build(TPM_ORD_ChangeAuthOwner, &offset, txBlob, protocolID,
125
newAuth.authdata, entityType, ownerAuth)))
128
if ((result = req_mgr_submit_req(txBlob)))
131
result = UnloadBlob_Header(txBlob, ¶mSize);
133
result = tpm_rsp_parse(TPM_ORD_ChangeAuthOwner, txBlob, paramSize, ownerAuth);
136
LogResult("ChangeAuthOwner", result);
138
auth_mgr_release_auth(ownerAuth, NULL, hContext);
143
TCSP_ChangeAuthAsymStart_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
144
TCS_KEY_HANDLE idHandle, /* in */
145
TCPA_NONCE antiReplay, /* in */
146
UINT32 KeySizeIn, /* in */
147
BYTE * KeyDataIn, /* in */
148
TPM_AUTH * pAuth, /* in, out */
149
UINT32 * KeySizeOut, /* out */
150
BYTE ** KeyDataOut, /* out */
151
UINT32 * CertifyInfoSize, /* out */
152
BYTE ** CertifyInfo, /* out */
153
UINT32 * sigSize, /* out */
154
BYTE ** sig, /* out */
155
TCS_KEY_HANDLE * ephHandle /* out */
159
#warning Locking trouble in evictFirstKey
164
TCPA_CERTIFY_INFO certifyInfo;
167
TCPA_KEY_PARMS keyParmsContainer;
169
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
171
LogDebug("Entering ChangeAuthAsymStart");
172
if ((result = ctx_verify_context(hContext)))
176
LogDebug("Auth Command");
177
if ((result = auth_mgr_check(hContext, pAuth->AuthHandle)))
183
if ((result = ensureKeyIsLoaded(hContext, idHandle, &keySlot)))
186
LogDebug("Checking for room to load the eph key");
188
if ((result = UnloadBlob_KEY_PARMS(&offset, KeyDataIn, &keyParmsContainer)))
191
/* if we can't load the key, evict keys until we can */
192
if ((result = canILoadThisKey(&keyParmsContainer, &canLoad)))
195
while (canLoad == FALSE) {
196
/* Evict a key that isn't the parent */
197
if ((result = evictFirstKey(idHandle)))
200
if ((result = canILoadThisKey(&keyParmsContainer, &canLoad)))
205
LoadBlob_UINT32(&offset, keySlot, txBlob);
206
LoadBlob(&offset, TCPA_NONCE_SIZE, txBlob, antiReplay.nonce);
207
/* LoadBlob_KEY_PARMS( &offset, txBlob, &tempKeyParms ); */
208
/* LoadBlob_UINT32( &offset, KeySizeIn, txBlob ); */
209
LoadBlob(&offset, KeySizeIn, txBlob, KeyDataIn);
212
LoadBlob_Auth(&offset, txBlob, pAuth);
213
LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, offset,
214
TPM_ORD_ChangeAuthAsymStart, txBlob);
216
LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset,
217
TPM_ORD_ChangeAuthAsymStart, txBlob);
220
if ((result = req_mgr_submit_req(txBlob)))
224
result = UnloadBlob_Header(txBlob, ¶mSize);
226
UnloadBlob_CERTIFY_INFO(&offset, txBlob, &certifyInfo);
227
*CertifyInfoSize = offset - 10;
228
*CertifyInfo = malloc(*CertifyInfoSize);
229
if (*CertifyInfo == NULL) {
230
LogError("malloc of %u bytes failed.", *CertifyInfoSize);
231
result = TCSERR(TSS_E_OUTOFMEMORY);
234
memcpy(*CertifyInfo, &txBlob[offset - *CertifyInfoSize],
236
UnloadBlob_UINT32(&offset, sigSize, txBlob);
237
*sig = malloc(*sigSize);
239
LogError("malloc of %u bytes failed.", *sigSize);
240
result = TCSERR(TSS_E_OUTOFMEMORY);
243
UnloadBlob(&offset, *sigSize, txBlob, *sig);
244
UnloadBlob_UINT32(&offset, ephHandle, txBlob);
246
UnloadBlob_TSS_KEY(&offset, txBlob, &tempKey);
247
*KeySizeOut = offset - tempSize;
248
*KeyDataOut = malloc(*KeySizeOut);
249
if (*KeyDataOut == NULL) {
250
LogError("malloc of %u bytes failed.", *KeySizeOut);
251
result = TCSERR(TSS_E_OUTOFMEMORY);
254
memcpy(*KeyDataOut, &txBlob[offset - *KeySizeOut], *KeySizeOut);
256
UnloadBlob_Auth(&offset, txBlob, pAuth);
259
LogResult("ChangeAuthAsymStart", result);
261
auth_mgr_release_auth(pAuth, NULL, hContext);
264
return TCSERR(TSS_E_NOTIMPL);
269
TCSP_ChangeAuthAsymFinish_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
270
TCS_KEY_HANDLE parentHandle, /* in */
271
TCS_KEY_HANDLE ephHandle, /* in */
272
TCPA_ENTITY_TYPE entityType, /* in */
273
TCPA_HMAC newAuthLink, /* in */
274
UINT32 newAuthSize, /* in */
275
BYTE * encNewAuth, /* in */
276
UINT32 encDataSizeIn, /* in */
277
BYTE * encDataIn, /* in */
278
TPM_AUTH * ownerAuth, /* in, out */
279
UINT32 * encDataSizeOut, /* out */
280
BYTE ** encDataOut, /* out */
281
TCPA_SALT_NONCE * saltNonce, /* out */
282
TCPA_DIGEST * changeProof /* out */
291
TCPA_CERTIFY_INFO certifyInfo;
294
TSS_UUID *uuidKeyToEvict;
296
TCS_KEY_HANDLE tcsKeyHandleToEvict;
297
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
299
LogDebug("Entering ChangeAuthAsymFinish");
300
if ((result = ctx_verify_context(hContext)))
303
if (ownerAuth != NULL) {
304
LogDebug("Auth used");
305
if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)))
310
if ((result = ensureKeyIsLoaded(hContext, parentHandle, &keySlot)))
314
LoadBlob_UINT32(&offset, keySlot, txBlob);
315
LoadBlob_UINT32(&offset, ephHandle, txBlob);
316
LoadBlob_UINT16(&offset, entityType, txBlob);
317
LoadBlob(&offset, 20, txBlob, newAuthLink.digest);
318
LoadBlob_UINT32(&offset, newAuthSize, txBlob);
319
LoadBlob(&offset, newAuthSize, txBlob, encNewAuth);
320
LoadBlob_UINT32(&offset, encDataSizeIn, txBlob);
321
LoadBlob(&offset, encDataSizeIn, txBlob, encDataIn);
323
if (ownerAuth != NULL) {
324
LoadBlob_Auth(&offset, txBlob, ownerAuth);
325
LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, offset,
326
TPM_ORD_ChangeAuthAsymFinish, txBlob);
328
LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset,
329
TPM_ORD_ChangeAuthAsymFinish, txBlob);
332
if ((result = req_mgr_submit_req(txBlob)))
336
result = UnloadBlob_Header(txBlob, ¶mSize);
338
UnloadBlob_UINT32(&offset, encDataSizeOut, txBlob);
339
*encDataOut = calloc(1, *encDataSizeOut);
340
if (*encDataOut == NULL) {
341
LogError("malloc of %u bytes failed.", *encDataSizeOut);
342
result = TCSERR(TSS_E_OUTOFMEMORY);
345
UnloadBlob(&offset, *encDataSizeOut, txBlob, *encDataOut);
346
UnloadBlob(&offset, 20, txBlob, saltNonce->nonce);
347
UnloadBlob(&offset, 20, txBlob, changeProof->digest);
348
if (ownerAuth != NULL)
349
UnloadBlob_Auth(&offset, txBlob, ownerAuth);
351
/* Check if ET is a key. If it is, we need to
352
* 1 - Evict the key if loaded
353
* 2 - update the mem cache entry
355
if (entityType == TCPA_ET_KEYHANDLE ||
356
entityType == TCPA_ET_KEY) {
357
tcsKeyHandleToEvict = mc_get_handle_by_encdata(encDataIn);
358
/* If it was found in mem cache, replace it */
359
if (tcsKeyHandleToEvict != 0) {
360
key_mgr_evict(hContext, tcsKeyHandleToEvict);
361
mc_update_encdata(encDataIn, *encDataOut);
366
LogResult("ChangeAuthAsymFinish", result);
368
auth_mgr_release_auth(ownerAuth, NULL, hContext);
371
return TCSERR(TSS_E_NOTIMPL);