806
obj_policy_has_expired(TSS_HPOLICY hPolicy, TSS_BOOL *answer)
821
policy_has_expired(struct tr_policy_obj *policy, TSS_BOOL *answer)
808
struct tsp_object *obj;
809
struct tr_policy_obj *policy;
810
TSS_RESULT result = TSS_SUCCESS;
812
if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
813
return TSPERR(TSS_E_INVALID_HANDLE);
815
policy = (struct tr_policy_obj *)obj->data;
817
if (policy->SecretLifetime == TSS_TSPATTRIB_POLICYSECRET_LIFETIME_ALWAYS) {
823
switch (policy->SecretLifetime) {
824
case TSS_TSPATTRIB_POLICYSECRET_LIFETIME_ALWAYS:
819
} else if (policy->SecretLifetime == TSS_TSPATTRIB_POLICYSECRET_LIFETIME_COUNTER) {
820
if (policy->SecretCounter == 0)
824
} else if (policy->SecretLifetime == TSS_TSPATTRIB_POLICYSECRET_LIFETIME_TIMER) {
827
case TSS_TSPATTRIB_POLICYSECRET_LIFETIME_COUNTER:
828
*answer = (policy->SecretCounter == 0 ? TRUE : FALSE);
830
case TSS_TSPATTRIB_POLICYSECRET_LIFETIME_TIMER:
825
832
int seconds_elapsed;
826
833
time_t t = time(NULL);
828
835
if (t == ((time_t)-1)) {
829
836
LogError("time failed: %s", strerror(errno));
830
result = TSPERR(TSS_E_INTERNAL_ERROR);
837
return TSPERR(TSS_E_INTERNAL_ERROR);
833
839
/* curtime - SecretTimer is the number of seconds elapsed since we
834
840
* started the timer. SecretCounter is the number of seconds the
835
841
* secret is valid. If seconds_elspased > SecretCounter, we've
838
seconds_elapsed = t - policy->SecretTimer;
839
if ((UINT32)seconds_elapsed >= policy->SecretCounter) {
844
seconds_elapsed = t - policy->SecretTimeStamp;
845
*answer = ((UINT32)seconds_elapsed >= policy->SecretCounter ? TRUE : FALSE);
849
LogError("policy has an undefined secret lifetime!");
850
return TSPERR(TSS_E_INVALID_OBJ_ACCESS);
857
obj_policy_has_expired(TSS_HPOLICY hPolicy, TSS_BOOL *answer)
859
struct tsp_object *obj;
860
struct tr_policy_obj *policy;
863
if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
864
return TSPERR(TSS_E_INVALID_HANDLE);
866
policy = (struct tr_policy_obj *)obj->data;
868
result = policy_has_expired(policy, answer);
870
obj_list_put(&policy_list);
876
obj_policy_get_xsap_params(TSS_HPOLICY hPolicy,
877
TPM_COMMAND_CODE command,
879
UINT32 *entity_value_size,
882
TSS_CALLBACK *cb_xor,
883
TSS_CALLBACK *cb_hmac,
884
TSS_CALLBACK *cb_sealx,
887
struct tsp_object *obj;
888
struct tr_policy_obj *policy;
890
TSS_BOOL answer = FALSE;
892
if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
893
return TSPERR(TSS_E_INVALID_HANDLE);
895
policy = (struct tr_policy_obj *)obj->data;
897
if ((result = policy_has_expired(policy, &answer)))
901
result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
905
/* if the delegation index or blob is set, check to see if the command is delegated, if so,
906
* return the blob or index as the secret data */
907
if (command && (policy->delegationType != TSS_DELEGATIONTYPE_NONE)) {
908
if (policy->delegationBlob) {
909
if ((*entity_value = malloc(policy->delegationBlobLength)) == NULL) {
910
LogError("malloc of %u bytes failed.",
911
policy->delegationBlobLength);
912
result = TSPERR(TSS_E_OUTOFMEMORY);
916
memcpy(*entity_value, policy->delegationBlob, policy->delegationBlobLength);
917
*entity_value_size = policy->delegationBlobLength;
918
if (policy->delegationType == TSS_DELEGATIONTYPE_OWNER)
919
*et = TPM_ET_DEL_OWNER_BLOB;
921
*et = TPM_ET_DEL_KEY_BLOB;
845
result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
923
if ((*entity_value = malloc(sizeof(UINT32))) == NULL) {
924
LogError("malloc of %zd bytes failed.", sizeof(UINT32));
925
result = TSPERR(TSS_E_OUTOFMEMORY);
929
*(UINT32 *)entity_value = policy->delegationIndex;
930
*entity_value_size = sizeof(UINT32);
931
*et = TPM_ET_DEL_ROW;
935
/* Either this is a policy set to mode callback, in which case both xor and hmac addresses
936
* must be set, or this is an encrypted data object's policy, where its mode is independent
937
* of whether a sealx callback is set */
938
if (policy->SecretMode == TSS_SECRET_MODE_CALLBACK && cb_xor && cb_hmac) {
939
if ((policy->Tspicb_CallbackXorEnc && !policy->Tspicb_CallbackHMACAuth) ||
940
(!policy->Tspicb_CallbackXorEnc && policy->Tspicb_CallbackHMACAuth)) {
941
result = TSPERR(TSS_E_INTERNAL_ERROR);
945
cb_xor->callback = policy->Tspicb_CallbackXorEnc;
946
cb_xor->appData = policy->xorAppData;
947
cb_xor->alg = policy->xorAlg;
949
cb_hmac->callback = policy->Tspicb_CallbackHMACAuth;
950
cb_hmac->appData = policy->hmacAppData;
951
cb_hmac->alg = policy->hmacAlg;
952
} else if (cb_sealx && policy->Tspicb_CallbackSealxMask) {
953
cb_sealx->callback = policy->Tspicb_CallbackSealxMask;
954
cb_sealx->appData = policy->sealxAppData;
955
cb_sealx->alg = policy->sealxAlg;
958
memcpy(secret, policy->Secret, TPM_SHA1_160_HASH_LEN);
959
*mode = policy->SecretMode;
849
961
obj_list_put(&policy_list);
997
1060
return TSS_SUCCESS;
1063
#ifdef TSS_BUILD_DELEGATION
1065
obj_policy_set_delegation_type(TSS_HPOLICY hPolicy, UINT32 type)
1067
struct tsp_object *obj;
1068
struct tr_policy_obj *policy;
1069
TSS_RESULT result = TSS_SUCCESS;
1071
if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
1072
return TSPERR(TSS_E_INVALID_HANDLE);
1074
policy = (struct tr_policy_obj *)obj->data;
1077
case TSS_DELEGATIONTYPE_NONE:
1078
obj_policy_clear_delegation(policy);
1080
case TSS_DELEGATIONTYPE_OWNER:
1081
case TSS_DELEGATIONTYPE_KEY:
1082
if (policy->delegationIndexSet || policy->delegationBlob) {
1083
result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
1089
policy->delegationType = type;
1092
obj_list_put(&policy_list);
1099
obj_policy_get_delegation_type(TSS_HPOLICY hPolicy, UINT32 *type)
1101
struct tsp_object *obj;
1102
struct tr_policy_obj *policy;
1104
if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
1105
return TSPERR(TSS_E_INVALID_HANDLE);
1107
policy = (struct tr_policy_obj *)obj->data;
1109
*type = policy->delegationType;
1111
obj_list_put(&policy_list);
1117
obj_policy_set_delegation_index(TSS_HPOLICY hPolicy, UINT32 index)
1119
struct tsp_object *obj;
1120
struct tr_policy_obj *policy;
1121
TPM_DELEGATE_PUBLIC public;
1124
if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
1125
return TSPERR(TSS_E_INVALID_HANDLE);
1127
policy = (struct tr_policy_obj *)obj->data;
1129
if ((result = get_delegate_index(obj->tspContext, index, &public)))
1132
free(public.pcrInfo.pcrSelection.pcrSelect);
1134
obj_policy_clear_delegation(policy);
1135
switch (public.permissions.delegateType) {
1136
case TPM_DEL_OWNER_BITS:
1137
policy->delegationType = TSS_DELEGATIONTYPE_OWNER;
1139
case TPM_DEL_KEY_BITS:
1140
policy->delegationType = TSS_DELEGATIONTYPE_KEY;
1143
result = TSPERR(TSS_E_BAD_PARAMETER);
1146
policy->delegationIndex = index;
1147
policy->delegationIndexSet = TRUE;
1150
obj_list_put(&policy_list);
1156
obj_policy_get_delegation_index(TSS_HPOLICY hPolicy, UINT32 *index)
1158
struct tsp_object *obj;
1159
struct tr_policy_obj *policy;
1160
TSS_RESULT result = TSS_SUCCESS;
1162
if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
1163
return TSPERR(TSS_E_INVALID_HANDLE);
1165
policy = (struct tr_policy_obj *)obj->data;
1167
if (!policy->delegationIndexSet) {
1168
result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
1172
*index = policy->delegationIndex;
1175
obj_list_put(&policy_list);
1180
TSS_RESULT obj_policy_set_delegation_per1(TSS_HPOLICY hPolicy, UINT32 per1)
1182
struct tsp_object *obj;
1183
struct tr_policy_obj *policy;
1184
TSS_RESULT result = TSS_SUCCESS;
1186
if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
1187
return TSPERR(TSS_E_INVALID_HANDLE);
1189
policy = (struct tr_policy_obj *)obj->data;
1191
if (policy->delegationIndexSet || policy->delegationBlob) {
1192
result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
1196
policy->delegationPer1 = per1;
1199
obj_list_put(&policy_list);
1204
TSS_RESULT obj_policy_get_delegation_per1(TSS_HPOLICY hPolicy, UINT32 *per1)
1206
struct tsp_object *obj;
1207
struct tr_policy_obj *policy;
1208
TPM_DELEGATE_PUBLIC public;
1209
TSS_RESULT result = TSS_SUCCESS;
1211
if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
1212
return TSPERR(TSS_E_INVALID_HANDLE);
1214
policy = (struct tr_policy_obj *)obj->data;
1216
if (policy->delegationIndexSet || policy->delegationBlob) {
1217
if ((result = obj_policy_get_delegate_public(obj, &public)))
1219
*per1 = public.permissions.per1;
1220
free(public.pcrInfo.pcrSelection.pcrSelect);
1222
*per1 = policy->delegationPer1;
1225
obj_list_put(&policy_list);
1230
TSS_RESULT obj_policy_set_delegation_per2(TSS_HPOLICY hPolicy, UINT32 per2)
1232
struct tsp_object *obj;
1233
struct tr_policy_obj *policy;
1234
TSS_RESULT result = TSS_SUCCESS;
1236
if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
1237
return TSPERR(TSS_E_INVALID_HANDLE);
1239
policy = (struct tr_policy_obj *)obj->data;
1241
if (policy->delegationIndexSet || policy->delegationBlob) {
1242
result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
1246
policy->delegationPer2 = per2;
1249
obj_list_put(&policy_list);
1254
TSS_RESULT obj_policy_get_delegation_per2(TSS_HPOLICY hPolicy, UINT32 *per2)
1256
struct tsp_object *obj;
1257
struct tr_policy_obj *policy;
1258
TPM_DELEGATE_PUBLIC public;
1259
TSS_RESULT result = TSS_SUCCESS;
1261
if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
1262
return TSPERR(TSS_E_INVALID_HANDLE);
1264
policy = (struct tr_policy_obj *)obj->data;
1266
if (policy->delegationIndexSet || policy->delegationBlob) {
1267
if ((result = obj_policy_get_delegate_public(obj, &public)))
1269
*per2 = public.permissions.per2;
1270
free(public.pcrInfo.pcrSelection.pcrSelect);
1272
*per2 = policy->delegationPer2;
1275
obj_list_put(&policy_list);
1281
obj_policy_set_delegation_blob(TSS_HPOLICY hPolicy, UINT32 type, UINT32 blobLength, BYTE *blob)
1283
struct tsp_object *obj;
1284
struct tr_policy_obj *policy;
1287
TSS_RESULT result = TSS_SUCCESS;
1289
if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
1290
return TSPERR(TSS_E_INVALID_HANDLE);
1292
policy = (struct tr_policy_obj *)obj->data;
1294
obj_policy_clear_delegation(policy);
1296
if (blobLength == 0) {
1297
result = TSPERR(TSS_E_BAD_PARAMETER);
1302
Trspi_UnloadBlob_UINT16(&offset, &tag, blob);
1304
case TPM_TAG_DELEGATE_OWNER_BLOB:
1305
if (type && (type != TSS_DELEGATIONTYPE_OWNER)) {
1306
result = TSPERR(TSS_E_BAD_PARAMETER);
1309
policy->delegationType = TSS_DELEGATIONTYPE_OWNER;
1311
case TPM_TAG_DELG_KEY_BLOB:
1312
if (type && (type != TSS_DELEGATIONTYPE_KEY)) {
1313
result = TSPERR(TSS_E_BAD_PARAMETER);
1316
policy->delegationType = TSS_DELEGATIONTYPE_KEY;
1319
result = TSPERR(TSS_E_BAD_PARAMETER);
1323
if ((policy->delegationBlob = malloc(blobLength)) == NULL) {
1324
LogError("malloc of %u bytes failed.", blobLength);
1325
result = TSPERR(TSS_E_OUTOFMEMORY);
1329
policy->delegationBlobLength = blobLength;
1330
memcpy(policy->delegationBlob, blob, blobLength);
1333
obj_list_put(&policy_list);
1339
obj_policy_get_delegation_blob(TSS_HPOLICY hPolicy, UINT32 type, UINT32 *blobLength, BYTE **blob)
1341
struct tsp_object *obj;
1342
struct tr_policy_obj *policy;
1343
TSS_RESULT result = TSS_SUCCESS;
1345
if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
1346
return TSPERR(TSS_E_INVALID_HANDLE);
1348
policy = (struct tr_policy_obj *)obj->data;
1350
if (policy->delegationBlobLength == 0) {
1351
result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
1355
if (type && (type != policy->delegationType)) {
1356
result = TSPERR(TSS_E_BAD_PARAMETER);
1360
if ((*blob = calloc_tspi(obj->tspContext, policy->delegationBlobLength)) == NULL) {
1361
LogError("malloc of %u bytes failed.", policy->delegationBlobLength);
1362
result = TSPERR(TSS_E_OUTOFMEMORY);
1366
memcpy(*blob, policy->delegationBlob, policy->delegationBlobLength);
1367
*blobLength = policy->delegationBlobLength;
1370
obj_list_put(&policy_list);
1376
obj_policy_get_delegation_label(TSS_HPOLICY hPolicy, BYTE *label)
1378
struct tsp_object *obj;
1379
struct tr_policy_obj *policy;
1380
TPM_DELEGATE_PUBLIC public;
1381
TSS_RESULT result = TSS_SUCCESS;
1383
if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
1384
return TSPERR(TSS_E_INVALID_HANDLE);
1386
policy = (struct tr_policy_obj *)obj->data;
1388
if (policy->delegationIndexSet || policy->delegationBlob) {
1389
if ((result = obj_policy_get_delegate_public(obj, &public)))
1391
*label = public.label.label;
1392
free(public.pcrInfo.pcrSelection.pcrSelect);
1394
result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
1397
obj_list_put(&policy_list);
1403
obj_policy_get_delegation_familyid(TSS_HPOLICY hPolicy, UINT32 *familyID)
1405
struct tsp_object *obj;
1406
struct tr_policy_obj *policy;
1407
TPM_DELEGATE_PUBLIC public;
1408
TSS_RESULT result = TSS_SUCCESS;
1410
if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
1411
return TSPERR(TSS_E_INVALID_HANDLE);
1413
policy = (struct tr_policy_obj *)obj->data;
1415
if (policy->delegationIndexSet || policy->delegationBlob) {
1416
if ((result = obj_policy_get_delegate_public(obj, &public)))
1418
*familyID = public.familyID;
1419
free(public.pcrInfo.pcrSelection.pcrSelect);
1421
result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
1424
obj_list_put(&policy_list);
1430
obj_policy_get_delegation_vercount(TSS_HPOLICY hPolicy, UINT32 *verCount)
1432
struct tsp_object *obj;
1433
struct tr_policy_obj *policy;
1434
TPM_DELEGATE_PUBLIC public;
1435
TSS_RESULT result = TSS_SUCCESS;
1437
if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
1438
return TSPERR(TSS_E_INVALID_HANDLE);
1440
policy = (struct tr_policy_obj *)obj->data;
1442
if (policy->delegationIndexSet || policy->delegationBlob) {
1443
if ((result = obj_policy_get_delegate_public(obj, &public)))
1445
*verCount = public.verificationCount;
1446
free(public.pcrInfo.pcrSelection.pcrSelect);
1448
result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
1451
obj_list_put(&policy_list);
1457
obj_policy_get_delegation_pcr_locality(TSS_HPOLICY hPolicy, UINT32 *locality)
1459
struct tsp_object *obj;
1460
struct tr_policy_obj *policy;
1461
TPM_DELEGATE_PUBLIC public;
1462
TSS_RESULT result = TSS_SUCCESS;
1464
if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
1465
return TSPERR(TSS_E_INVALID_HANDLE);
1467
policy = (struct tr_policy_obj *)obj->data;
1469
if (policy->delegationIndexSet || policy->delegationBlob) {
1470
if ((result = obj_policy_get_delegate_public(obj, &public)))
1472
*locality = public.pcrInfo.localityAtRelease;
1473
free(public.pcrInfo.pcrSelection.pcrSelect);
1475
result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
1478
obj_list_put(&policy_list);
1484
obj_policy_get_delegation_pcr_digest(TSS_HPOLICY hPolicy, UINT32 *digestLength, BYTE **digest)
1486
struct tsp_object *obj;
1487
struct tr_policy_obj *policy;
1488
TPM_DELEGATE_PUBLIC public;
1489
TSS_RESULT result = TSS_SUCCESS;
1491
if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
1492
return TSPERR(TSS_E_INVALID_HANDLE);
1494
policy = (struct tr_policy_obj *)obj->data;
1496
if (policy->delegationIndexSet || policy->delegationBlob) {
1497
if ((result = obj_policy_get_delegate_public(obj, &public)))
1499
*digest = calloc_tspi(obj->tspContext, TPM_SHA1_160_HASH_LEN);
1500
if (*digest == NULL) {
1501
LogError("malloc of %u bytes failed.", TPM_SHA1_160_HASH_LEN);
1502
result = TSPERR(TSS_E_OUTOFMEMORY);
1505
memcpy(*digest, &public.pcrInfo.digestAtRelease.digest, TPM_SHA1_160_HASH_LEN);
1506
*digestLength = TPM_SHA1_160_HASH_LEN;
1507
free(public.pcrInfo.pcrSelection.pcrSelect);
1509
result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
1512
obj_list_put(&policy_list);
1518
obj_policy_get_delegation_pcr_selection(TSS_HPOLICY hPolicy, UINT32 *selectionLength,
1521
struct tsp_object *obj;
1522
struct tr_policy_obj *policy;
1523
TPM_DELEGATE_PUBLIC public;
1525
TSS_RESULT result = TSS_SUCCESS;
1527
if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
1528
return TSPERR(TSS_E_INVALID_HANDLE);
1530
policy = (struct tr_policy_obj *)obj->data;
1532
if (policy->delegationIndexSet || policy->delegationBlob) {
1533
if ((result = obj_policy_get_delegate_public(obj, &public)))
1536
Trspi_LoadBlob_PCR_SELECTION(&offset, NULL, &public.pcrInfo.pcrSelection);
1537
*selection = calloc_tspi(obj->tspContext, offset);
1538
if (*selection == NULL) {
1539
LogError("malloc of %u bytes failed.", (UINT32)offset);
1540
result = TSPERR(TSS_E_OUTOFMEMORY);
1544
Trspi_LoadBlob_PCR_SELECTION(&offset, *selection, &public.pcrInfo.pcrSelection);
1545
*selectionLength = offset;
1546
free(public.pcrInfo.pcrSelection.pcrSelect);
1548
result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
1551
obj_list_put(&policy_list);
1557
obj_policy_is_delegation_index_set(TSS_HPOLICY hPolicy, TSS_BOOL *indexSet)
1559
struct tsp_object *obj;
1560
struct tr_policy_obj *policy;
1562
if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
1563
return TSPERR(TSS_E_INVALID_HANDLE);
1565
policy = (struct tr_policy_obj *)obj->data;
1567
*indexSet = policy->delegationIndexSet;
1569
obj_list_put(&policy_list);
1575
obj_policy_clear_delegation(struct tr_policy_obj *policy)
1577
free(policy->delegationBlob);
1578
policy->delegationType = TSS_DELEGATIONTYPE_NONE;
1579
policy->delegationPer1 = 0;
1580
policy->delegationPer2 = 0;
1581
policy->delegationIndexSet = FALSE;
1582
policy->delegationIndex = 0;
1583
policy->delegationBlobLength = 0;
1584
policy->delegationBlob = NULL;
1588
obj_policy_get_delegate_public(struct tsp_object *obj, TPM_DELEGATE_PUBLIC *public)
1590
struct tr_policy_obj *policy;
1592
TPM_DELEGATE_OWNER_BLOB ownerBlob;
1593
TPM_DELEGATE_KEY_BLOB keyBlob;
1597
policy = (struct tr_policy_obj *)obj->data;
1599
if (policy->delegationIndexSet) {
1600
if ((result = get_delegate_index(obj->tspContext, policy->delegationIndex,
1603
} else if (policy->delegationBlob) {
1605
Trspi_UnloadBlob_UINT16(&offset, &tag, policy->delegationBlob);
1609
case TPM_TAG_DELEGATE_OWNER_BLOB:
1610
if ((result = Trspi_UnloadBlob_TPM_DELEGATE_OWNER_BLOB(&offset,
1611
policy->delegationBlob,
1614
*public = ownerBlob.pub;
1615
free(ownerBlob.additionalArea);
1616
free(ownerBlob.sensitiveArea);
1618
case TPM_TAG_DELG_KEY_BLOB:
1619
if ((result = Trspi_UnloadBlob_TPM_DELEGATE_KEY_BLOB(&offset,
1620
policy->delegationBlob,
1623
*public = keyBlob.pub;
1624
free(keyBlob.additionalArea);
1625
free(keyBlob.sensitiveArea);
1628
return TSPERR(TSS_E_INTERNAL_ERROR);
1631
return TSPERR(TSS_E_INTERNAL_ERROR);