← Back to branch summary

~ubuntu-branches/ubuntu/karmic/trousers/karmic

« back to all changes in this revision

Viewing changes to src/tspi/obj_policy.c

  • Committer: Bazaar Package Importer
  • Author(s): Daniel Baumann
  • Date: 2008-01-23 22:03:00 UTC
  • mfrom: (1.1.1 upstream)
  • Revision ID: james.westby@ubuntu.com-20080123220300-fhtqja3c0oq0gp6z
Tags: 0.3.1-4
http://bugs.debian.org/457400
http://bugs.debian.org/459682
* Added patch from Aaron M. Ucko <ucko@debian.org> to allow trousers to
  build successfully on amd64, and presumably also other 64-bit
  architectures (Closes: #457400).
* Including udev rule for /dev/tpm from William Lima
  <wlima.amadeus@gmail.com> as suggested by David Smith <dds@google.com>
  (Closes: #459682).
* Added lintian overrides.

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/tspi/obj_policy.c
4
4
 *
5
5
 * trousers - An open source TCG Software Stack
6
6
 *
7
 
 * (C) Copyright International Business Machines Corp. 2005, 2006
 
7
 * (C) Copyright International Business Machines Corp. 2005, 2007
8
8
 *
9
9
 */
10
10
 
13
13
#include <stdio.h>
14
14
#include <errno.h>
15
15
#include <string.h>
16
 
#include <pthread.h>
17
16
 
18
17
#include "trousers/tss.h"
19
18
#include "trousers/trousers.h"
20
 
#include "spi_internal_types.h"
 
19
#include "trousers_types.h"
21
20
#include "spi_utils.h"
22
21
#include "capabilities.h"
23
22
#include "tsplog.h"
24
23
#include "obj.h"
 
24
#include "tsp_delegate.h"
 
25
#include "authsess.h"
 
26
 
25
27
 
26
28
TSS_RESULT
27
29
obj_policy_add(TSS_HCONTEXT tsp_context, UINT32 type, TSS_HOBJECT *phObject)
30
32
        TSS_RESULT result;
31
33
 
32
34
        if ((policy = calloc(1, sizeof(struct tr_policy_obj))) == NULL) {
33
 
                LogError("malloc of %zd bytes failed",
34
 
                                sizeof(struct tr_policy_obj));
 
35
                LogError("malloc of %zd bytes failed", sizeof(struct tr_policy_obj));
35
36
                return TSPERR(TSS_E_OUTOFMEMORY);
36
37
        }
37
38
 
38
39
        policy->type = type;
39
40
#ifndef TSS_SPEC_COMPLIANCE
40
41
        policy->SecretMode = TSS_SECRET_MODE_NONE;
 
42
#else
 
43
        policy->SecretMode = TSS_SECRET_MODE_POPUP;
 
44
#endif
41
45
        /* The policy object will inherit this attribute from the context */
42
46
        if ((result = obj_context_get_hash_mode(tsp_context, &policy->hashMode))) {
43
47
                free(policy);
44
48
                return result;
45
49
        }
46
 
#else
47
 
        policy->SecretMode = TSS_SECRET_MODE_POPUP;
 
50
        policy->SecretLifetime = TSS_TSPATTRIB_POLICYSECRET_LIFETIME_ALWAYS;
 
51
#ifdef TSS_BUILD_DELEGATION
 
52
        policy->delegationType = TSS_DELEGATIONTYPE_NONE;
48
53
#endif
49
 
        policy->SecretLifetime = TSS_TSPATTRIB_POLICYSECRET_LIFETIME_ALWAYS;
50
54
 
51
55
        if ((result = obj_list_add(&policy_list, tsp_context, 0, policy, phObject))) {
52
56
                free(policy);
56
60
        return TSS_SUCCESS;
57
61
}
58
62
 
 
63
void
 
64
policy_free(void *data)
 
65
{
 
66
        struct tr_policy_obj *policy = (struct tr_policy_obj *)data;
 
67
 
 
68
        free(policy->popupString);
 
69
#ifdef TSS_BUILD_DELEGATION
 
70
        free(policy->delegationBlob);
 
71
#endif
 
72
        free(policy);
 
73
}
 
74
 
59
75
TSS_RESULT
60
76
obj_policy_remove(TSS_HOBJECT hObject, TSS_HCONTEXT tspContext)
61
77
{
62
78
        TSS_RESULT result;
63
79
 
64
 
        if ((result = obj_list_remove(&policy_list, hObject, tspContext)))
 
80
        if ((result = obj_list_remove(&policy_list, &policy_free, hObject, tspContext)))
65
81
                return result;
66
82
 
67
83
        obj_lists_remove_policy_refs(hObject, tspContext);
186
202
                        /* if the secret is still NULL, grab it using the GUI */
187
203
                        if (policy->SecretSet == FALSE) {
188
204
                                if ((result = popup_GetSecret(ctx,
189
 
#ifndef TSS_SPEC_COMPLIANCE
190
205
                                                              policy->hashMode,
191
 
#else
192
 
                                                              0,
193
 
#endif
194
206
                                                              policy->popupString,
195
207
                                                              policy->Secret)))
196
208
                                        break;
266
278
                }
267
279
        }
268
280
 
 
281
        if (policy->SecretLifetime == TSS_TSPATTRIB_POLICYSECRET_LIFETIME_COUNTER) {
 
282
                policy->SecretCounter = policy->SecretTimeStamp;
 
283
        } else if (policy->SecretLifetime == TSS_TSPATTRIB_POLICYSECRET_LIFETIME_TIMER) {
 
284
                time_t t = time(NULL);
 
285
                if (t == ((time_t)-1)) {
 
286
                        LogError("time failed: %s", strerror(errno));
 
287
                        result = TSPERR(TSS_E_INTERNAL_ERROR);
 
288
                        goto done;
 
289
                }
 
290
 
 
291
                policy->SecretTimeStamp = t;
 
292
        }
 
293
 
269
294
        memcpy(policy->Secret, digest, size);
270
295
        policy->SecretMode = mode;
271
296
        policy->SecretSize = size;
277
302
}
278
303
 
279
304
TSS_RESULT
280
 
obj_policy_copy_secret(TSS_HPOLICY destPolicy, TSS_HPOLICY srcPolicy)
281
 
{
282
 
        struct tsp_object *obj;
283
 
        struct tr_policy_obj *policy;
284
 
        TCPA_DIGEST digest;
285
 
        UINT32 secret_size, mode;
286
 
        TSS_BOOL secret_set;
287
 
 
288
 
        if ((obj = obj_list_get_obj(&policy_list, srcPolicy)) == NULL)
289
 
                return TSPERR(TSS_E_INVALID_HANDLE);
290
 
 
291
 
        policy = (struct tr_policy_obj *)obj->data;
292
 
        memcpy(&digest.digest, &policy->Secret, policy->SecretSize);
293
 
        mode = policy->SecretMode;
294
 
        secret_size = policy->SecretSize;
295
 
        secret_set = policy->SecretSet;
296
 
 
297
 
        obj_list_put(&policy_list);
298
 
 
299
 
        return obj_policy_set_secret_object(destPolicy, mode, secret_size,
300
 
                                            &digest, secret_set);
301
 
}
302
 
 
303
 
TSS_RESULT
304
305
obj_policy_set_secret(TSS_HPOLICY hPolicy, TSS_FLAG mode, UINT32 size, BYTE *data)
305
306
{
306
307
        TCPA_DIGEST digest;
307
308
        UINT32 secret_size = 0;
308
309
        TSS_BOOL secret_set = TRUE;
 
310
        TSS_RESULT result;
309
311
 
310
312
        memset(&digest.digest, 0, sizeof(TCPA_DIGEST));
311
313
 
312
314
        switch (mode) {
313
315
                case TSS_SECRET_MODE_PLAIN:
314
 
                        Trspi_Hash(TSS_HASH_SHA1, size, data, (BYTE *)&digest.digest);
 
316
                        if ((result = Trspi_Hash(TSS_HASH_SHA1, size, data,
 
317
                                                 (BYTE *)&digest.digest)))
 
318
                                return result;
315
319
                        secret_size = TCPA_SHA1_160_HASH_LEN;
316
320
                        break;
317
321
                case TSS_SECRET_MODE_SHA1:
416
420
#endif
417
421
}
418
422
 
419
 
#ifndef TSS_SPEC_COMPLIANCE
420
423
TSS_RESULT
421
424
obj_policy_set_cb12(TSS_HPOLICY hPolicy, TSS_FLAG flag, BYTE *in)
422
425
{
483
486
                        policy->changeauthAppData = cb->appData;
484
487
                        policy->changeauthAlg = cb->alg;
485
488
                        break;
 
489
#ifdef TSS_BUILD_SEALX
 
490
                case TSS_TSPATTRIB_POLICY_CALLBACK_SEALX_MASK:
 
491
                        if (!cb) {
 
492
                                policy->Tspicb_CallbackSealxMask = NULL;
 
493
                                policy->sealxAppData = NULL;
 
494
                                policy->sealxAlg = 0;
 
495
                                break;
 
496
                        }
 
497
 
 
498
                        policy->Tspicb_CallbackSealxMask =
 
499
                                (TSS_RESULT (*)(PVOID, TSS_HKEY, TSS_HENCDATA,
 
500
                                TSS_ALGORITHM_ID, UINT32, BYTE *, BYTE *, BYTE *, BYTE *,
 
501
                                UINT32, BYTE *, BYTE *))cb->callback;
 
502
                        policy->sealxAppData = cb->appData;
 
503
                        policy->sealxAlg = cb->alg;
 
504
                        break;
 
505
#endif
486
506
                default:
487
507
                        result = TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
488
508
                        break;
541
561
                        *size = sizeof(TSS_CALLBACK);
542
562
                        *out = (BYTE *)cb;
543
563
                        break;
 
564
#ifdef TSS_BUILD_SEALX
 
565
                case TSS_TSPATTRIB_POLICY_CALLBACK_SEALX_MASK:
 
566
                        cb->callback = policy->Tspicb_CallbackSealxMask;
 
567
                        cb->appData = policy->sealxAppData;
 
568
                        cb->alg = policy->sealxAlg;
 
569
                        *size = sizeof(TSS_CALLBACK);
 
570
                        *out = (BYTE *)cb;
 
571
                        break;
 
572
#endif
544
573
                default:
545
574
                        free_tspi(obj->tspContext, cb);
546
575
                        result = TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
551
580
 
552
581
        return result;
553
582
}
554
 
#endif
555
583
 
556
584
TSS_RESULT
557
585
obj_policy_get_lifetime(TSS_HPOLICY hPolicy, UINT32 *lifetime)
571
599
}
572
600
 
573
601
TSS_RESULT
574
 
obj_policy_set_lifetime(TSS_HPOLICY hPolicy)
 
602
obj_policy_set_lifetime(TSS_HPOLICY hPolicy, UINT32 type, UINT32 value)
575
603
{
576
604
        struct tsp_object *obj;
577
605
        struct tr_policy_obj *policy;
 
606
        TSS_RESULT result = TSS_SUCCESS;
 
607
        time_t t;
578
608
 
579
609
        if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
580
610
                return TSPERR(TSS_E_INVALID_HANDLE);
581
611
 
582
612
        policy = (struct tr_policy_obj *)obj->data;
583
 
        policy->SecretCounter = 0;
584
 
        policy->SecretLifetime = TSS_TSPATTRIB_POLICYSECRET_LIFETIME_ALWAYS;
585
 
        policy->SecretTimer = 0;
 
613
 
 
614
        switch (type) {
 
615
                case TSS_TSPATTRIB_POLICYSECRET_LIFETIME_ALWAYS:
 
616
                        policy->SecretCounter = 0;
 
617
                        policy->SecretLifetime = TSS_TSPATTRIB_POLICYSECRET_LIFETIME_ALWAYS;
 
618
                        policy->SecretTimeStamp = 0;
 
619
                        break;
 
620
                case TSS_TSPATTRIB_POLICYSECRET_LIFETIME_COUNTER:
 
621
                        /* Both SecretCounter and SecretTimeStamp will receive value. Every time the
 
622
                         * policy is used, SecretCounter will be decremented. Each time SetSecret is
 
623
                         * called, SecretCounter will get the value stored in SecretTimeStamp */
 
624
                        policy->SecretCounter = value;
 
625
                        policy->SecretLifetime = TSS_TSPATTRIB_POLICYSECRET_LIFETIME_COUNTER;
 
626
                        policy->SecretTimeStamp = value;
 
627
                        break;
 
628
                case TSS_TSPATTRIB_POLICYSECRET_LIFETIME_TIMER:
 
629
                        t = time(NULL);
 
630
                        if (t == ((time_t)-1)) {
 
631
                                LogError("time failed: %s", strerror(errno));
 
632
                                result = TSPERR(TSS_E_INTERNAL_ERROR);
 
633
                                break;
 
634
                        }
 
635
 
 
636
                        /* For mode time, we'll use the SecretCounter variable to hold the number
 
637
                         * of seconds we're valid and the SecretTimeStamp var to record the current
 
638
                         * timestamp. This should protect against overflows. */
 
639
                        policy->SecretCounter = value;
 
640
                        policy->SecretLifetime = TSS_TSPATTRIB_POLICYSECRET_LIFETIME_TIMER;
 
641
                        policy->SecretTimeStamp = t;
 
642
                        break;
 
643
                default:
 
644
                        result = TSPERR(TSS_E_BAD_PARAMETER);
 
645
                        break;
 
646
        }
586
647
 
587
648
        obj_list_put(&policy_list);
588
649
 
589
 
        return TSS_SUCCESS;
 
650
        return result;
590
651
}
591
652
 
592
653
TSS_RESULT
611
672
{
612
673
        struct tsp_object *obj;
613
674
        struct tr_policy_obj *policy;
614
 
 
615
 
        if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
616
 
                return TSPERR(TSS_E_INVALID_HANDLE);
617
 
 
618
 
        policy = (struct tr_policy_obj *)obj->data;
619
 
        *counter = policy->SecretCounter;
620
 
 
621
 
        obj_list_put(&policy_list);
622
 
 
623
 
        return TSS_SUCCESS;
624
 
}
625
 
 
626
 
TSS_RESULT
627
 
obj_policy_set_counter(TSS_HPOLICY hPolicy, UINT32 counter)
628
 
{
629
 
        struct tsp_object *obj;
630
 
        struct tr_policy_obj *policy;
631
 
 
632
 
        if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
633
 
                return TSPERR(TSS_E_INVALID_HANDLE);
634
 
 
635
 
        policy = (struct tr_policy_obj *)obj->data;
636
 
        policy->SecretCounter = counter;
637
 
        policy->SecretLifetime = TSS_TSPATTRIB_POLICYSECRET_LIFETIME_COUNTER;
638
 
        policy->SecretTimer = 0;
639
 
 
640
 
        obj_list_put(&policy_list);
641
 
 
642
 
        return TSS_SUCCESS;
 
675
        TSS_RESULT result = TSS_SUCCESS;
 
676
 
 
677
        if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
 
678
                return TSPERR(TSS_E_INVALID_HANDLE);
 
679
 
 
680
        policy = (struct tr_policy_obj *)obj->data;
 
681
 
 
682
        if (policy->SecretLifetime == TSS_TSPATTRIB_POLICYSECRET_LIFETIME_COUNTER)
 
683
                *counter = policy->SecretCounter;
 
684
        else
 
685
                result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
 
686
 
 
687
        obj_list_put(&policy_list);
 
688
 
 
689
        return result;
643
690
}
644
691
 
645
692
TSS_RESULT
652
699
                return TSPERR(TSS_E_INVALID_HANDLE);
653
700
 
654
701
        policy = (struct tr_policy_obj *)obj->data;
655
 
        if (policy->SecretLifetime == TSS_TSPATTRIB_POLICYSECRET_LIFETIME_COUNTER)
 
702
 
 
703
        /* Only decrement if SecretCounter > 0, otherwise it could loop and become valid again */
 
704
        if (policy->SecretLifetime == TSS_TSPATTRIB_POLICYSECRET_LIFETIME_COUNTER &&
 
705
            policy->SecretCounter > 0) {
656
706
                policy->SecretCounter--;
 
707
        }
657
708
 
658
709
        obj_list_put(&policy_list);
659
710
 
660
711
        return TSS_SUCCESS;
661
712
}
662
713
 
663
 
TSS_RESULT
664
 
obj_policy_set_timer(TSS_HPOLICY hPolicy, UINT32 timer)
665
 
{
666
 
        TSS_RESULT result = TSS_SUCCESS;
667
 
        struct tsp_object *obj;
668
 
        struct tr_policy_obj *policy;
669
 
        time_t t;
670
 
 
671
 
        if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
672
 
                return TSPERR(TSS_E_INVALID_HANDLE);
673
 
 
674
 
        policy = (struct tr_policy_obj *)obj->data;
675
 
 
676
 
        t = time(NULL);
677
 
        if (t == ((time_t)-1)) {
678
 
                LogError("time failed: %s", strerror(errno));
679
 
                result = TSPERR(TSS_E_INTERNAL_ERROR);
680
 
                goto done;
681
 
        }
682
 
        /* for mode time, we'll use the SecretCounter variable to hold
683
 
         * the number of seconds we're valid and the SecretTimer var to
684
 
         * record the current timestamp. This should protect against
685
 
         * overflows.
686
 
         */
687
 
        policy->SecretCounter = timer;
688
 
        policy->SecretLifetime = TSS_TSPATTRIB_POLICYSECRET_LIFETIME_TIMER;
689
 
        policy->SecretTimer = t;
690
 
 
691
 
done:
692
 
        obj_list_put(&policy_list);
693
 
 
694
 
        return result;
695
 
}
696
 
 
697
714
/* return a unicode string to the Tspi_GetAttribData function */
698
715
TSS_RESULT
699
716
obj_policy_get_string(TSS_HPOLICY hPolicy, UINT32 *size, BYTE **data)
775
792
        policy = (struct tr_policy_obj *)obj->data;
776
793
 
777
794
        if (policy->SecretLifetime != TSS_TSPATTRIB_POLICYSECRET_LIFETIME_TIMER) {
778
 
                result = TSPERR(TSS_E_BAD_PARAMETER);
 
795
                result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
779
796
                goto done;
780
797
        }
781
798
 
784
801
                result = TSPERR(TSS_E_INTERNAL_ERROR);
785
802
                goto done;
786
803
        }
787
 
        /* curtime - SecretTimer is the number of seconds elapsed since we
788
 
         * started the timer. SecretCounter is the number of seconds the
789
 
         * secret is valid.  If seconds_elspased > SecretCounter, we've
790
 
         * expired.
791
 
         */
792
 
        seconds_elapsed = t - policy->SecretTimer;
 
804
        /* curtime - SecretTimeStamp is the number of seconds elapsed since we started the timer.
 
805
         * SecretCounter is the number of seconds the secret is valid.  If
 
806
         * seconds_elspased > SecretCounter, we've expired. */
 
807
        seconds_elapsed = t - policy->SecretTimeStamp;
793
808
        if ((UINT32)seconds_elapsed >= policy->SecretCounter) {
794
809
                *secs = 0;
795
810
        } else {
803
818
}
804
819
 
805
820
TSS_RESULT
806
 
obj_policy_has_expired(TSS_HPOLICY hPolicy, TSS_BOOL *answer)
 
821
policy_has_expired(struct tr_policy_obj *policy, TSS_BOOL *answer)
807
822
{
808
 
        struct tsp_object *obj;
809
 
        struct tr_policy_obj *policy;
810
 
        TSS_RESULT result = TSS_SUCCESS;
811
 
 
812
 
        if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
813
 
                return TSPERR(TSS_E_INVALID_HANDLE);
814
 
 
815
 
        policy = (struct tr_policy_obj *)obj->data;
816
 
 
817
 
        if (policy->SecretLifetime == TSS_TSPATTRIB_POLICYSECRET_LIFETIME_ALWAYS) {
 
823
        switch (policy->SecretLifetime) {
 
824
        case TSS_TSPATTRIB_POLICYSECRET_LIFETIME_ALWAYS:
818
825
                *answer = FALSE;
819
 
        } else if (policy->SecretLifetime == TSS_TSPATTRIB_POLICYSECRET_LIFETIME_COUNTER) {
820
 
                if (policy->SecretCounter == 0)
821
 
                        *answer = TRUE;
822
 
                else
823
 
                        *answer = FALSE;
824
 
        } else if (policy->SecretLifetime == TSS_TSPATTRIB_POLICYSECRET_LIFETIME_TIMER) {
 
826
                break;
 
827
        case TSS_TSPATTRIB_POLICYSECRET_LIFETIME_COUNTER:
 
828
                *answer = (policy->SecretCounter == 0 ? TRUE : FALSE);
 
829
                break;
 
830
        case TSS_TSPATTRIB_POLICYSECRET_LIFETIME_TIMER:
 
831
        {
825
832
                int seconds_elapsed;
826
833
                time_t t = time(NULL);
827
834
 
828
835
                if (t == ((time_t)-1)) {
829
836
                        LogError("time failed: %s", strerror(errno));
830
 
                        result = TSPERR(TSS_E_INTERNAL_ERROR);
831
 
                        goto done;
 
837
                        return TSPERR(TSS_E_INTERNAL_ERROR);
832
838
                }
833
839
                /* curtime - SecretTimer is the number of seconds elapsed since we
834
840
                 * started the timer. SecretCounter is the number of seconds the
835
841
                 * secret is valid.  If seconds_elspased > SecretCounter, we've
836
842
                 * expired.
837
843
                 */
838
 
                seconds_elapsed = t - policy->SecretTimer;
839
 
                if ((UINT32)seconds_elapsed >= policy->SecretCounter) {
840
 
                        *answer = TRUE;
 
844
                seconds_elapsed = t - policy->SecretTimeStamp;
 
845
                *answer = ((UINT32)seconds_elapsed >= policy->SecretCounter ? TRUE : FALSE);
 
846
                break;
 
847
        }
 
848
        default:
 
849
                LogError("policy has an undefined secret lifetime!");
 
850
                return TSPERR(TSS_E_INVALID_OBJ_ACCESS);
 
851
        }
 
852
 
 
853
        return TSS_SUCCESS;
 
854
}
 
855
 
 
856
TSS_RESULT
 
857
obj_policy_has_expired(TSS_HPOLICY hPolicy, TSS_BOOL *answer)
 
858
{
 
859
        struct tsp_object *obj;
 
860
        struct tr_policy_obj *policy;
 
861
        TSS_RESULT result;
 
862
 
 
863
        if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
 
864
                return TSPERR(TSS_E_INVALID_HANDLE);
 
865
 
 
866
        policy = (struct tr_policy_obj *)obj->data;
 
867
 
 
868
        result = policy_has_expired(policy, answer);
 
869
 
 
870
        obj_list_put(&policy_list);
 
871
 
 
872
        return result;
 
873
}
 
874
 
 
875
TSS_RESULT
 
876
obj_policy_get_xsap_params(TSS_HPOLICY hPolicy,
 
877
                           TPM_COMMAND_CODE command,
 
878
                           TPM_ENTITY_TYPE *et,
 
879
                           UINT32 *entity_value_size,
 
880
                           BYTE **entity_value,
 
881
                           BYTE *secret,
 
882
                           TSS_CALLBACK *cb_xor,
 
883
                           TSS_CALLBACK *cb_hmac,
 
884
                           TSS_CALLBACK *cb_sealx,
 
885
                           UINT32 *mode)
 
886
{
 
887
        struct tsp_object *obj;
 
888
        struct tr_policy_obj *policy;
 
889
        TSS_RESULT result;
 
890
        TSS_BOOL answer = FALSE;
 
891
 
 
892
        if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
 
893
                return TSPERR(TSS_E_INVALID_HANDLE);
 
894
 
 
895
        policy = (struct tr_policy_obj *)obj->data;
 
896
 
 
897
        if ((result = policy_has_expired(policy, &answer)))
 
898
                goto done;
 
899
 
 
900
        if (answer) {
 
901
                result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
 
902
                goto done;
 
903
        }
 
904
 
 
905
        /* if the delegation index or blob is set, check to see if the command is delegated, if so,
 
906
         * return the blob or index as the secret data */
 
907
        if (command && (policy->delegationType != TSS_DELEGATIONTYPE_NONE)) {
 
908
                if (policy->delegationBlob) {
 
909
                        if ((*entity_value = malloc(policy->delegationBlobLength)) == NULL) {
 
910
                                LogError("malloc of %u bytes failed.",
 
911
                                         policy->delegationBlobLength);
 
912
                                result = TSPERR(TSS_E_OUTOFMEMORY);
 
913
                                goto done;
 
914
                        }
 
915
 
 
916
                        memcpy(*entity_value, policy->delegationBlob, policy->delegationBlobLength);
 
917
                        *entity_value_size = policy->delegationBlobLength;
 
918
                        if (policy->delegationType == TSS_DELEGATIONTYPE_OWNER)
 
919
                                *et = TPM_ET_DEL_OWNER_BLOB;
 
920
                        else
 
921
                                *et = TPM_ET_DEL_KEY_BLOB;
841
922
                } else {
842
 
                        *answer = FALSE;
843
 
                }
844
 
        } else {
845
 
                result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
846
 
        }
847
 
 
 
923
                        if ((*entity_value = malloc(sizeof(UINT32))) == NULL) {
 
924
                                LogError("malloc of %zd bytes failed.", sizeof(UINT32));
 
925
                                result = TSPERR(TSS_E_OUTOFMEMORY);
 
926
                                goto done;
 
927
                        }
 
928
 
 
929
                        *(UINT32 *)entity_value = policy->delegationIndex;
 
930
                        *entity_value_size = sizeof(UINT32);
 
931
                        *et = TPM_ET_DEL_ROW;
 
932
                }
 
933
        }
 
934
 
 
935
        /* Either this is a policy set to mode callback, in which case both xor and hmac addresses
 
936
         * must be set, or this is an encrypted data object's policy, where its mode is independent
 
937
         * of whether a sealx callback is set */
 
938
        if (policy->SecretMode == TSS_SECRET_MODE_CALLBACK && cb_xor && cb_hmac) {
 
939
                if ((policy->Tspicb_CallbackXorEnc && !policy->Tspicb_CallbackHMACAuth) ||
 
940
                    (!policy->Tspicb_CallbackXorEnc && policy->Tspicb_CallbackHMACAuth)) {
 
941
                        result = TSPERR(TSS_E_INTERNAL_ERROR);
 
942
                        goto done;
 
943
                }
 
944
 
 
945
                cb_xor->callback = policy->Tspicb_CallbackXorEnc;
 
946
                cb_xor->appData = policy->xorAppData;
 
947
                cb_xor->alg = policy->xorAlg;
 
948
 
 
949
                cb_hmac->callback = policy->Tspicb_CallbackHMACAuth;
 
950
                cb_hmac->appData = policy->hmacAppData;
 
951
                cb_hmac->alg = policy->hmacAlg;
 
952
        } else if (cb_sealx && policy->Tspicb_CallbackSealxMask) {
 
953
                cb_sealx->callback = policy->Tspicb_CallbackSealxMask;
 
954
                cb_sealx->appData = policy->sealxAppData;
 
955
                cb_sealx->alg = policy->sealxAlg;
 
956
        }
 
957
 
 
958
        memcpy(secret, policy->Secret, TPM_SHA1_160_HASH_LEN);
 
959
        *mode = policy->SecretMode;
848
960
done:
849
961
        obj_list_put(&policy_list);
850
962
 
852
964
}
853
965
 
854
966
TSS_RESULT
855
 
obj_policy_validate_auth_oiap(TSS_HPOLICY hPolicy, TCPA_DIGEST *hashDigest, TPM_AUTH *auth)
856
 
{
857
 
        TSS_RESULT result = TSS_SUCCESS;
858
 
        struct tsp_object *obj;
859
 
        struct tr_policy_obj *policy;
860
 
        BYTE wellKnown[TCPA_SHA1_160_HASH_LEN] = TSS_WELL_KNOWN_SECRET;
861
 
 
862
 
        if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
863
 
                return TSPERR(TSS_E_INVALID_HANDLE);
864
 
 
865
 
        policy = (struct tr_policy_obj *)obj->data;
866
 
 
867
 
        switch (policy->SecretMode) {
868
 
                case TSS_SECRET_MODE_CALLBACK:
869
 
                        result = policy->Tspicb_CallbackHMACAuth(
870
 
                                        policy->hmacAppData,
871
 
                                        hPolicy,
872
 
                                        0,
873
 
                                        auth->fContinueAuthSession,
874
 
                                        FALSE,
875
 
                                        20,
876
 
                                        auth->NonceEven.nonce,
877
 
                                        auth->NonceOdd.nonce,
878
 
                                        NULL, NULL, 20,
879
 
                                        hashDigest->digest,
880
 
                                        (BYTE *)&auth->HMAC);
881
 
                        break;
882
 
                case TSS_SECRET_MODE_SHA1:
883
 
                case TSS_SECRET_MODE_PLAIN:
884
 
                case TSS_SECRET_MODE_POPUP:
885
 
                        if (validateReturnAuth(policy->Secret, hashDigest->digest, auth))
886
 
                                result = TSPERR(TSS_E_TSP_AUTHFAIL);
887
 
                        break;
888
 
                case TSS_SECRET_MODE_NONE:
889
 
                        if (validateReturnAuth(wellKnown, hashDigest->digest, auth))
890
 
                                result = TSPERR(TSS_E_TSP_AUTHFAIL);
891
 
                        break;
892
 
                default:
893
 
                        result = TSPERR(TSS_E_POLICY_NO_SECRET);
894
 
                        break;
895
 
        }
896
 
 
897
 
        obj_list_put(&policy_list);
898
 
 
899
 
        return result;
900
 
}
901
 
 
902
 
TSS_RESULT
903
967
obj_policy_do_xor(TSS_HPOLICY hPolicy,
904
968
                  TSS_HOBJECT hOSAPObject, TSS_HOBJECT hObject,
905
969
                  TSS_FLAG PurposeSecret, UINT32 ulSizeNonces,
954
1018
        return result;
955
1019
}
956
1020
 
957
 
#ifndef TSS_SPEC_COMPLIANCE
958
1021
TSS_RESULT
959
1022
obj_policy_get_hash_mode(TSS_HPOLICY hPolicy, UINT32 *mode)
960
1023
{
996
1059
 
997
1060
        return TSS_SUCCESS;
998
1061
}
 
1062
 
 
1063
#ifdef TSS_BUILD_DELEGATION
 
1064
TSS_RESULT
 
1065
obj_policy_set_delegation_type(TSS_HPOLICY hPolicy, UINT32 type)
 
1066
{
 
1067
        struct tsp_object *obj;
 
1068
        struct tr_policy_obj *policy;
 
1069
        TSS_RESULT result = TSS_SUCCESS;
 
1070
 
 
1071
        if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
 
1072
                return TSPERR(TSS_E_INVALID_HANDLE);
 
1073
 
 
1074
        policy = (struct tr_policy_obj *)obj->data;
 
1075
 
 
1076
        switch (type) {
 
1077
        case TSS_DELEGATIONTYPE_NONE:
 
1078
                obj_policy_clear_delegation(policy);
 
1079
                break;
 
1080
        case TSS_DELEGATIONTYPE_OWNER:
 
1081
        case TSS_DELEGATIONTYPE_KEY:
 
1082
                if (policy->delegationIndexSet || policy->delegationBlob) {
 
1083
                        result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
 
1084
                        goto done;
 
1085
                }
 
1086
                break;
 
1087
        }
 
1088
 
 
1089
        policy->delegationType = type;
 
1090
 
 
1091
done:
 
1092
        obj_list_put(&policy_list);
 
1093
 
 
1094
        return result;
 
1095
}
 
1096
 
 
1097
 
 
1098
TSS_RESULT
 
1099
obj_policy_get_delegation_type(TSS_HPOLICY hPolicy, UINT32 *type)
 
1100
{
 
1101
        struct tsp_object *obj;
 
1102
        struct tr_policy_obj *policy;
 
1103
 
 
1104
        if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
 
1105
                return TSPERR(TSS_E_INVALID_HANDLE);
 
1106
 
 
1107
        policy = (struct tr_policy_obj *)obj->data;
 
1108
 
 
1109
        *type = policy->delegationType;
 
1110
 
 
1111
        obj_list_put(&policy_list);
 
1112
 
 
1113
        return TSS_SUCCESS;
 
1114
}
 
1115
 
 
1116
TSS_RESULT
 
1117
obj_policy_set_delegation_index(TSS_HPOLICY hPolicy, UINT32 index)
 
1118
{
 
1119
        struct tsp_object *obj;
 
1120
        struct tr_policy_obj *policy;
 
1121
        TPM_DELEGATE_PUBLIC public;
 
1122
        TSS_RESULT result;
 
1123
 
 
1124
        if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
 
1125
                return TSPERR(TSS_E_INVALID_HANDLE);
 
1126
 
 
1127
        policy = (struct tr_policy_obj *)obj->data;
 
1128
 
 
1129
        if ((result = get_delegate_index(obj->tspContext, index, &public)))
 
1130
                goto done;
 
1131
 
 
1132
        free(public.pcrInfo.pcrSelection.pcrSelect);
 
1133
 
 
1134
        obj_policy_clear_delegation(policy);
 
1135
        switch (public.permissions.delegateType) {
 
1136
        case TPM_DEL_OWNER_BITS:
 
1137
                policy->delegationType = TSS_DELEGATIONTYPE_OWNER;
 
1138
                break;
 
1139
        case TPM_DEL_KEY_BITS:
 
1140
                policy->delegationType = TSS_DELEGATIONTYPE_KEY;
 
1141
                break;
 
1142
        default:
 
1143
                result = TSPERR(TSS_E_BAD_PARAMETER);
 
1144
                goto done;
 
1145
        }
 
1146
        policy->delegationIndex = index;
 
1147
        policy->delegationIndexSet = TRUE;
 
1148
 
 
1149
done:
 
1150
        obj_list_put(&policy_list);
 
1151
 
 
1152
        return result;
 
1153
}
 
1154
 
 
1155
TSS_RESULT
 
1156
obj_policy_get_delegation_index(TSS_HPOLICY hPolicy, UINT32 *index)
 
1157
{
 
1158
        struct tsp_object *obj;
 
1159
        struct tr_policy_obj *policy;
 
1160
        TSS_RESULT result = TSS_SUCCESS;
 
1161
 
 
1162
        if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
 
1163
                return TSPERR(TSS_E_INVALID_HANDLE);
 
1164
 
 
1165
        policy = (struct tr_policy_obj *)obj->data;
 
1166
 
 
1167
        if (!policy->delegationIndexSet) {
 
1168
                result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
 
1169
                goto done;
 
1170
        }
 
1171
 
 
1172
        *index = policy->delegationIndex;
 
1173
 
 
1174
done:
 
1175
        obj_list_put(&policy_list);
 
1176
 
 
1177
        return result;
 
1178
}
 
1179
 
 
1180
TSS_RESULT obj_policy_set_delegation_per1(TSS_HPOLICY hPolicy, UINT32 per1)
 
1181
{
 
1182
        struct tsp_object *obj;
 
1183
        struct tr_policy_obj *policy;
 
1184
        TSS_RESULT result = TSS_SUCCESS;
 
1185
 
 
1186
        if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
 
1187
                return TSPERR(TSS_E_INVALID_HANDLE);
 
1188
 
 
1189
        policy = (struct tr_policy_obj *)obj->data;
 
1190
 
 
1191
        if (policy->delegationIndexSet || policy->delegationBlob) {
 
1192
                result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
 
1193
                goto done;
 
1194
        }
 
1195
 
 
1196
        policy->delegationPer1 = per1;
 
1197
 
 
1198
done:
 
1199
        obj_list_put(&policy_list);
 
1200
 
 
1201
        return result;
 
1202
}
 
1203
 
 
1204
TSS_RESULT obj_policy_get_delegation_per1(TSS_HPOLICY hPolicy, UINT32 *per1)
 
1205
{
 
1206
        struct tsp_object *obj;
 
1207
        struct tr_policy_obj *policy;
 
1208
        TPM_DELEGATE_PUBLIC public;
 
1209
        TSS_RESULT result = TSS_SUCCESS;
 
1210
 
 
1211
        if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
 
1212
                return TSPERR(TSS_E_INVALID_HANDLE);
 
1213
 
 
1214
        policy = (struct tr_policy_obj *)obj->data;
 
1215
 
 
1216
        if (policy->delegationIndexSet || policy->delegationBlob) {
 
1217
                if ((result = obj_policy_get_delegate_public(obj, &public)))
 
1218
                        goto done;
 
1219
                *per1 = public.permissions.per1;
 
1220
                free(public.pcrInfo.pcrSelection.pcrSelect);
 
1221
        } else
 
1222
                *per1 = policy->delegationPer1;
 
1223
 
 
1224
done:
 
1225
        obj_list_put(&policy_list);
 
1226
 
 
1227
        return result;
 
1228
}
 
1229
 
 
1230
TSS_RESULT obj_policy_set_delegation_per2(TSS_HPOLICY hPolicy, UINT32 per2)
 
1231
{
 
1232
        struct tsp_object *obj;
 
1233
        struct tr_policy_obj *policy;
 
1234
        TSS_RESULT result = TSS_SUCCESS;
 
1235
 
 
1236
        if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
 
1237
                return TSPERR(TSS_E_INVALID_HANDLE);
 
1238
 
 
1239
        policy = (struct tr_policy_obj *)obj->data;
 
1240
 
 
1241
        if (policy->delegationIndexSet || policy->delegationBlob) {
 
1242
                result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
 
1243
                goto done;
 
1244
        }
 
1245
 
 
1246
        policy->delegationPer2 = per2;
 
1247
 
 
1248
done:
 
1249
        obj_list_put(&policy_list);
 
1250
 
 
1251
        return result;
 
1252
}
 
1253
 
 
1254
TSS_RESULT obj_policy_get_delegation_per2(TSS_HPOLICY hPolicy, UINT32 *per2)
 
1255
{
 
1256
        struct tsp_object *obj;
 
1257
        struct tr_policy_obj *policy;
 
1258
        TPM_DELEGATE_PUBLIC public;
 
1259
        TSS_RESULT result = TSS_SUCCESS;
 
1260
 
 
1261
        if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
 
1262
                return TSPERR(TSS_E_INVALID_HANDLE);
 
1263
 
 
1264
        policy = (struct tr_policy_obj *)obj->data;
 
1265
 
 
1266
        if (policy->delegationIndexSet || policy->delegationBlob) {
 
1267
                if ((result = obj_policy_get_delegate_public(obj, &public)))
 
1268
                        goto done;
 
1269
                *per2 = public.permissions.per2;
 
1270
                free(public.pcrInfo.pcrSelection.pcrSelect);
 
1271
        } else
 
1272
                *per2 = policy->delegationPer2;
 
1273
 
 
1274
done:
 
1275
        obj_list_put(&policy_list);
 
1276
 
 
1277
        return result;
 
1278
}
 
1279
 
 
1280
TSS_RESULT
 
1281
obj_policy_set_delegation_blob(TSS_HPOLICY hPolicy, UINT32 type, UINT32 blobLength, BYTE *blob)
 
1282
{
 
1283
        struct tsp_object *obj;
 
1284
        struct tr_policy_obj *policy;
 
1285
        UINT16 tag;
 
1286
        UINT64 offset;
 
1287
        TSS_RESULT result = TSS_SUCCESS;
 
1288
 
 
1289
        if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
 
1290
                return TSPERR(TSS_E_INVALID_HANDLE);
 
1291
 
 
1292
        policy = (struct tr_policy_obj *)obj->data;
 
1293
 
 
1294
        obj_policy_clear_delegation(policy);
 
1295
 
 
1296
        if (blobLength == 0) {
 
1297
                result = TSPERR(TSS_E_BAD_PARAMETER);
 
1298
                goto done;
 
1299
        }
 
1300
 
 
1301
        offset = 0;
 
1302
        Trspi_UnloadBlob_UINT16(&offset, &tag, blob);
 
1303
        switch (tag) {
 
1304
        case TPM_TAG_DELEGATE_OWNER_BLOB:
 
1305
                if (type && (type != TSS_DELEGATIONTYPE_OWNER)) {
 
1306
                        result = TSPERR(TSS_E_BAD_PARAMETER);
 
1307
                        goto done;
 
1308
                }
 
1309
                policy->delegationType = TSS_DELEGATIONTYPE_OWNER;
 
1310
                break;
 
1311
        case TPM_TAG_DELG_KEY_BLOB:
 
1312
                if (type && (type != TSS_DELEGATIONTYPE_KEY)) {
 
1313
                        result = TSPERR(TSS_E_BAD_PARAMETER);
 
1314
                        goto done;
 
1315
                }
 
1316
                policy->delegationType = TSS_DELEGATIONTYPE_KEY;
 
1317
                break;
 
1318
        default:
 
1319
                result = TSPERR(TSS_E_BAD_PARAMETER);
 
1320
                goto done;
 
1321
        }
 
1322
 
 
1323
        if ((policy->delegationBlob = malloc(blobLength)) == NULL) {
 
1324
                LogError("malloc of %u bytes failed.", blobLength);
 
1325
                result = TSPERR(TSS_E_OUTOFMEMORY);
 
1326
                goto done;
 
1327
        }
 
1328
 
 
1329
        policy->delegationBlobLength = blobLength;
 
1330
        memcpy(policy->delegationBlob, blob, blobLength);
 
1331
 
 
1332
done:
 
1333
        obj_list_put(&policy_list);
 
1334
 
 
1335
        return result;
 
1336
}
 
1337
 
 
1338
TSS_RESULT
 
1339
obj_policy_get_delegation_blob(TSS_HPOLICY hPolicy, UINT32 type, UINT32 *blobLength, BYTE **blob)
 
1340
{
 
1341
        struct tsp_object *obj;
 
1342
        struct tr_policy_obj *policy;
 
1343
        TSS_RESULT result = TSS_SUCCESS;
 
1344
 
 
1345
        if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
 
1346
                return TSPERR(TSS_E_INVALID_HANDLE);
 
1347
 
 
1348
        policy = (struct tr_policy_obj *)obj->data;
 
1349
 
 
1350
        if (policy->delegationBlobLength == 0) {
 
1351
                result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
 
1352
                goto done;
 
1353
        }
 
1354
 
 
1355
        if (type && (type != policy->delegationType)) {
 
1356
                result = TSPERR(TSS_E_BAD_PARAMETER);
 
1357
                goto done;
 
1358
        }
 
1359
 
 
1360
        if ((*blob = calloc_tspi(obj->tspContext, policy->delegationBlobLength)) == NULL) {
 
1361
                LogError("malloc of %u bytes failed.", policy->delegationBlobLength);
 
1362
                result = TSPERR(TSS_E_OUTOFMEMORY);
 
1363
                goto done;
 
1364
        }
 
1365
 
 
1366
        memcpy(*blob, policy->delegationBlob, policy->delegationBlobLength);
 
1367
        *blobLength = policy->delegationBlobLength;
 
1368
 
 
1369
done:
 
1370
        obj_list_put(&policy_list);
 
1371
 
 
1372
        return result;
 
1373
}
 
1374
 
 
1375
TSS_RESULT
 
1376
obj_policy_get_delegation_label(TSS_HPOLICY hPolicy, BYTE *label)
 
1377
{
 
1378
        struct tsp_object *obj;
 
1379
        struct tr_policy_obj *policy;
 
1380
        TPM_DELEGATE_PUBLIC public;
 
1381
        TSS_RESULT result = TSS_SUCCESS;
 
1382
 
 
1383
        if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
 
1384
                return TSPERR(TSS_E_INVALID_HANDLE);
 
1385
 
 
1386
        policy = (struct tr_policy_obj *)obj->data;
 
1387
 
 
1388
        if (policy->delegationIndexSet || policy->delegationBlob) {
 
1389
                if ((result = obj_policy_get_delegate_public(obj, &public)))
 
1390
                        goto done;
 
1391
                *label = public.label.label;
 
1392
                free(public.pcrInfo.pcrSelection.pcrSelect);
 
1393
        } else
 
1394
                result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
 
1395
 
 
1396
done:
 
1397
        obj_list_put(&policy_list);
 
1398
 
 
1399
        return result;
 
1400
}
 
1401
 
 
1402
TSS_RESULT
 
1403
obj_policy_get_delegation_familyid(TSS_HPOLICY hPolicy, UINT32 *familyID)
 
1404
{
 
1405
        struct tsp_object *obj;
 
1406
        struct tr_policy_obj *policy;
 
1407
        TPM_DELEGATE_PUBLIC public;
 
1408
        TSS_RESULT result = TSS_SUCCESS;
 
1409
 
 
1410
        if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
 
1411
                return TSPERR(TSS_E_INVALID_HANDLE);
 
1412
 
 
1413
        policy = (struct tr_policy_obj *)obj->data;
 
1414
 
 
1415
        if (policy->delegationIndexSet || policy->delegationBlob) {
 
1416
                if ((result = obj_policy_get_delegate_public(obj, &public)))
 
1417
                        goto done;
 
1418
                *familyID = public.familyID;
 
1419
                free(public.pcrInfo.pcrSelection.pcrSelect);
 
1420
        } else
 
1421
                result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
 
1422
 
 
1423
done:
 
1424
        obj_list_put(&policy_list);
 
1425
 
 
1426
        return result;
 
1427
}
 
1428
 
 
1429
TSS_RESULT
 
1430
obj_policy_get_delegation_vercount(TSS_HPOLICY hPolicy, UINT32 *verCount)
 
1431
{
 
1432
        struct tsp_object *obj;
 
1433
        struct tr_policy_obj *policy;
 
1434
        TPM_DELEGATE_PUBLIC public;
 
1435
        TSS_RESULT result = TSS_SUCCESS;
 
1436
 
 
1437
        if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
 
1438
                return TSPERR(TSS_E_INVALID_HANDLE);
 
1439
 
 
1440
        policy = (struct tr_policy_obj *)obj->data;
 
1441
 
 
1442
        if (policy->delegationIndexSet || policy->delegationBlob) {
 
1443
                if ((result = obj_policy_get_delegate_public(obj, &public)))
 
1444
                        goto done;
 
1445
                *verCount = public.verificationCount;
 
1446
                free(public.pcrInfo.pcrSelection.pcrSelect);
 
1447
        } else
 
1448
                result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
 
1449
 
 
1450
done:
 
1451
        obj_list_put(&policy_list);
 
1452
 
 
1453
        return result;
 
1454
}
 
1455
 
 
1456
TSS_RESULT
 
1457
obj_policy_get_delegation_pcr_locality(TSS_HPOLICY hPolicy, UINT32 *locality)
 
1458
{
 
1459
        struct tsp_object *obj;
 
1460
        struct tr_policy_obj *policy;
 
1461
        TPM_DELEGATE_PUBLIC public;
 
1462
        TSS_RESULT result = TSS_SUCCESS;
 
1463
 
 
1464
        if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
 
1465
                return TSPERR(TSS_E_INVALID_HANDLE);
 
1466
 
 
1467
        policy = (struct tr_policy_obj *)obj->data;
 
1468
 
 
1469
        if (policy->delegationIndexSet || policy->delegationBlob) {
 
1470
                if ((result = obj_policy_get_delegate_public(obj, &public)))
 
1471
                        goto done;
 
1472
                *locality = public.pcrInfo.localityAtRelease;
 
1473
                free(public.pcrInfo.pcrSelection.pcrSelect);
 
1474
        } else
 
1475
                result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
 
1476
 
 
1477
done:
 
1478
        obj_list_put(&policy_list);
 
1479
 
 
1480
        return result;
 
1481
}
 
1482
 
 
1483
TSS_RESULT
 
1484
obj_policy_get_delegation_pcr_digest(TSS_HPOLICY hPolicy, UINT32 *digestLength, BYTE **digest)
 
1485
{
 
1486
        struct tsp_object *obj;
 
1487
        struct tr_policy_obj *policy;
 
1488
        TPM_DELEGATE_PUBLIC public;
 
1489
        TSS_RESULT result = TSS_SUCCESS;
 
1490
 
 
1491
        if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
 
1492
                return TSPERR(TSS_E_INVALID_HANDLE);
 
1493
 
 
1494
        policy = (struct tr_policy_obj *)obj->data;
 
1495
 
 
1496
        if (policy->delegationIndexSet || policy->delegationBlob) {
 
1497
                if ((result = obj_policy_get_delegate_public(obj, &public)))
 
1498
                        goto done;
 
1499
                *digest = calloc_tspi(obj->tspContext, TPM_SHA1_160_HASH_LEN);
 
1500
                if (*digest == NULL) {
 
1501
                        LogError("malloc of %u bytes failed.", TPM_SHA1_160_HASH_LEN);
 
1502
                        result = TSPERR(TSS_E_OUTOFMEMORY);
 
1503
                        goto done;
 
1504
                }
 
1505
                memcpy(*digest, &public.pcrInfo.digestAtRelease.digest, TPM_SHA1_160_HASH_LEN);
 
1506
                *digestLength = TPM_SHA1_160_HASH_LEN;
 
1507
                free(public.pcrInfo.pcrSelection.pcrSelect);
 
1508
        } else
 
1509
                result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
 
1510
 
 
1511
done:
 
1512
        obj_list_put(&policy_list);
 
1513
 
 
1514
        return result;
 
1515
}
 
1516
 
 
1517
TSS_RESULT
 
1518
obj_policy_get_delegation_pcr_selection(TSS_HPOLICY hPolicy, UINT32 *selectionLength,
 
1519
                                        BYTE **selection)
 
1520
{
 
1521
        struct tsp_object *obj;
 
1522
        struct tr_policy_obj *policy;
 
1523
        TPM_DELEGATE_PUBLIC public;
 
1524
        UINT64 offset;
 
1525
        TSS_RESULT result = TSS_SUCCESS;
 
1526
 
 
1527
        if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
 
1528
                return TSPERR(TSS_E_INVALID_HANDLE);
 
1529
 
 
1530
        policy = (struct tr_policy_obj *)obj->data;
 
1531
 
 
1532
        if (policy->delegationIndexSet || policy->delegationBlob) {
 
1533
                if ((result = obj_policy_get_delegate_public(obj, &public)))
 
1534
                        goto done;
 
1535
                offset = 0;
 
1536
                Trspi_LoadBlob_PCR_SELECTION(&offset, NULL, &public.pcrInfo.pcrSelection);
 
1537
                *selection = calloc_tspi(obj->tspContext, offset);
 
1538
                if (*selection == NULL) {
 
1539
                        LogError("malloc of %u bytes failed.", (UINT32)offset);
 
1540
                        result = TSPERR(TSS_E_OUTOFMEMORY);
 
1541
                        goto done;
 
1542
                }
 
1543
                offset = 0;
 
1544
                Trspi_LoadBlob_PCR_SELECTION(&offset, *selection, &public.pcrInfo.pcrSelection);
 
1545
                *selectionLength = offset;
 
1546
                free(public.pcrInfo.pcrSelection.pcrSelect);
 
1547
        } else
 
1548
                result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
 
1549
 
 
1550
done:
 
1551
        obj_list_put(&policy_list);
 
1552
 
 
1553
        return result;
 
1554
}
 
1555
 
 
1556
TSS_RESULT
 
1557
obj_policy_is_delegation_index_set(TSS_HPOLICY hPolicy, TSS_BOOL *indexSet)
 
1558
{
 
1559
        struct tsp_object *obj;
 
1560
        struct tr_policy_obj *policy;
 
1561
 
 
1562
        if ((obj = obj_list_get_obj(&policy_list, hPolicy)) == NULL)
 
1563
                return TSPERR(TSS_E_INVALID_HANDLE);
 
1564
 
 
1565
        policy = (struct tr_policy_obj *)obj->data;
 
1566
 
 
1567
        *indexSet = policy->delegationIndexSet;
 
1568
 
 
1569
        obj_list_put(&policy_list);
 
1570
 
 
1571
        return TSS_SUCCESS;
 
1572
}
 
1573
 
 
1574
void
 
1575
obj_policy_clear_delegation(struct tr_policy_obj *policy)
 
1576
{
 
1577
        free(policy->delegationBlob);
 
1578
        policy->delegationType = TSS_DELEGATIONTYPE_NONE;
 
1579
        policy->delegationPer1 = 0;
 
1580
        policy->delegationPer2 = 0;
 
1581
        policy->delegationIndexSet = FALSE;
 
1582
        policy->delegationIndex = 0;
 
1583
        policy->delegationBlobLength = 0;
 
1584
        policy->delegationBlob = NULL;
 
1585
}
 
1586
 
 
1587
TSS_RESULT
 
1588
obj_policy_get_delegate_public(struct tsp_object *obj, TPM_DELEGATE_PUBLIC *public)
 
1589
{
 
1590
        struct tr_policy_obj *policy;
 
1591
        UINT16 tag;
 
1592
        TPM_DELEGATE_OWNER_BLOB ownerBlob;
 
1593
        TPM_DELEGATE_KEY_BLOB keyBlob;
 
1594
        UINT64 offset;
 
1595
        TSS_RESULT result;
 
1596
 
 
1597
        policy = (struct tr_policy_obj *)obj->data;
 
1598
 
 
1599
        if (policy->delegationIndexSet) {
 
1600
                if ((result = get_delegate_index(obj->tspContext, policy->delegationIndex,
 
1601
                                public)))
 
1602
                        return result;
 
1603
        } else if (policy->delegationBlob) {
 
1604
                offset = 0;
 
1605
                Trspi_UnloadBlob_UINT16(&offset, &tag, policy->delegationBlob);
 
1606
 
 
1607
                offset = 0;
 
1608
                switch (tag) {
 
1609
                case TPM_TAG_DELEGATE_OWNER_BLOB:
 
1610
                        if ((result = Trspi_UnloadBlob_TPM_DELEGATE_OWNER_BLOB(&offset,
 
1611
                                                                        policy->delegationBlob,
 
1612
                                                                        &ownerBlob)))
 
1613
                                return result;
 
1614
                        *public = ownerBlob.pub;
 
1615
                        free(ownerBlob.additionalArea);
 
1616
                        free(ownerBlob.sensitiveArea);
 
1617
                        break;
 
1618
                case TPM_TAG_DELG_KEY_BLOB:
 
1619
                        if ((result = Trspi_UnloadBlob_TPM_DELEGATE_KEY_BLOB(&offset,
 
1620
                                                                             policy->delegationBlob,
 
1621
                                                                             &keyBlob)))
 
1622
                                return result;
 
1623
                        *public = keyBlob.pub;
 
1624
                        free(keyBlob.additionalArea);
 
1625
                        free(keyBlob.sensitiveArea);
 
1626
                        break;
 
1627
                default:
 
1628
                        return TSPERR(TSS_E_INTERNAL_ERROR);
 
1629
                }
 
1630
        } else
 
1631
                return TSPERR(TSS_E_INTERNAL_ERROR);
 
1632
 
 
1633
        return TSS_SUCCESS;
 
1634
}
999
1635
#endif
 
1636