3
* Licensed Materials - Property of IBM
5
* trousers - An open source TCG Software Stack
7
* (C) Copyright International Business Machines Corp. 2007
16
#include "trousers/tss.h"
17
#include "trousers/trousers.h"
18
#include "trousers_types.h"
19
#include "spi_utils.h"
22
#include "tsp_delegate.h"
27
do_delegate_manage(TSS_HTPM hTpm, UINT32 familyID, UINT32 opFlag,
28
UINT32 opDataSize, BYTE *opData, UINT32 *outDataSize, BYTE **outData)
30
TSS_HCONTEXT hContext;
32
UINT32 secretMode = TSS_SECRET_MODE_NONE;
33
Trspi_HashCtx hashCtx;
35
TPM_AUTH ownerAuth, *pAuth;
40
if ((result = obj_tpm_get_tsp_context(hTpm, &hContext)))
43
if ((result = obj_tpm_get_policy(hTpm, TSS_POLICY_USAGE, &hPolicy)))
46
if (hPolicy != NULL_HPOLICY) {
47
if ((result = obj_policy_get_mode(hPolicy, &secretMode)))
51
if (secretMode != TSS_SECRET_MODE_NONE) {
52
result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
53
result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_Delegate_Manage);
54
result |= Trspi_Hash_UINT32(&hashCtx, familyID);
55
result |= Trspi_Hash_UINT32(&hashCtx, opFlag);
56
result |= Trspi_Hash_UINT32(&hashCtx, opDataSize);
57
result |= Trspi_HashUpdate(&hashCtx, opDataSize, opData);
58
if ((result |= Trspi_HashFinal(&hashCtx, digest.digest)))
62
if ((result = secret_PerformAuth_OIAP(hTpm, TPM_ORD_Delegate_Manage, hPolicy, FALSE,
68
/* Perform the delegation operation */
69
if ((result = TCS_API(hContext)->Delegate_Manage(hContext, familyID, opFlag, opDataSize,
70
opData, pAuth, &retDataSize, &retData)))
74
result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
75
result |= Trspi_Hash_UINT32(&hashCtx, result);
76
result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_Delegate_Manage);
77
result |= Trspi_Hash_UINT32(&hashCtx, retDataSize);
78
result |= Trspi_HashUpdate(&hashCtx, retDataSize, retData);
79
if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) {
84
if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, pAuth))) {
90
*outDataSize = retDataSize;
98
create_owner_delegation(TSS_HTPM hTpm,
102
TSS_HDELFAMILY hFamily,
103
TSS_HPOLICY hDelegation)
105
TSS_HCONTEXT hContext;
106
TSS_BOOL incrementCount = FALSE;
108
UINT32 publicInfoSize;
109
BYTE *publicInfo = NULL;
110
Trspi_HashCtx hashCtx;
115
struct authsess *xsap = NULL;
117
if ((result = obj_tpm_get_tsp_context(hTpm, &hContext)))
120
if ((ulFlags & ~TSS_DELEGATE_INCREMENTVERIFICATIONCOUNT) > 0)
121
return TSPERR(TSS_E_BAD_PARAMETER);
123
if (ulFlags & TSS_DELEGATE_INCREMENTVERIFICATIONCOUNT)
124
incrementCount = TRUE;
126
if ((result = obj_policy_get_delegation_type(hDelegation, &type)))
129
if (type != TSS_DELEGATIONTYPE_OWNER)
130
return TSPERR(TSS_E_BAD_PARAMETER);
132
if ((result = build_delegate_public_info(bLabel, hPcrs, hFamily, hDelegation,
133
&publicInfoSize, &publicInfo)))
136
if ((result = authsess_xsap_init(hContext, hTpm, hDelegation, TSS_AUTH_POLICY_NOT_REQUIRED,
137
TPM_ORD_Delegate_CreateOwnerDelegation, TPM_ET_OWNER,
141
result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
142
result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_Delegate_CreateOwnerDelegation);
143
result |= Trspi_Hash_BOOL(&hashCtx, incrementCount);
144
result |= Trspi_HashUpdate(&hashCtx, publicInfoSize, publicInfo);
145
result |= Trspi_Hash_DIGEST(&hashCtx, xsap->encAuthUse.authdata);
146
if ((result |= Trspi_HashFinal(&hashCtx, digest.digest)))
149
if ((result = authsess_xsap_hmac(xsap, &digest)))
152
/* Create the delegation */
153
if ((result = TCS_API(hContext)->Delegate_CreateOwnerDelegation(hContext, incrementCount,
154
publicInfoSize, publicInfo,
156
xsap->pAuth, &blobSize,
160
result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
161
result |= Trspi_Hash_UINT32(&hashCtx, result);
162
result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_Delegate_CreateOwnerDelegation);
163
result |= Trspi_Hash_UINT32(&hashCtx, blobSize);
164
result |= Trspi_HashUpdate(&hashCtx, blobSize, blob);
165
if ((result |= Trspi_HashFinal(&hashCtx, digest.digest)))
168
if (authsess_xsap_verify(xsap, &digest)) {
169
result = TSPERR(TSS_E_TSP_AUTHFAIL);
173
result = obj_policy_set_delegation_blob(hDelegation, TSS_DELEGATIONTYPE_OWNER,
184
create_key_delegation(TSS_HKEY hKey,
188
TSS_HDELFAMILY hFamily,
189
TSS_HPOLICY hDelegation)
191
TSS_HCONTEXT hContext;
193
TCS_KEY_HANDLE tcsKeyHandle;
194
UINT32 publicInfoSize;
195
BYTE *publicInfo = NULL;
196
Trspi_HashCtx hashCtx;
201
struct authsess *xsap = NULL;
203
if ((result = obj_rsakey_get_tsp_context(hKey, &hContext)))
207
return TSPERR(TSS_E_BAD_PARAMETER);
209
if ((result = obj_policy_get_delegation_type(hDelegation, &type)))
212
if (type != TSS_DELEGATIONTYPE_KEY)
213
return TSPERR(TSS_E_BAD_PARAMETER);
215
if ((result = obj_rsakey_get_tcs_handle(hKey, &tcsKeyHandle)))
218
if ((result = build_delegate_public_info(bLabel, hPcrs, hFamily, hDelegation,
219
&publicInfoSize, &publicInfo)))
222
if ((result = authsess_xsap_init(hContext, hKey, hDelegation, TSS_AUTH_POLICY_REQUIRED,
223
TPM_ORD_Delegate_CreateKeyDelegation, TPM_ET_KEYHANDLE,
227
result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
228
result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_Delegate_CreateKeyDelegation);
229
result |= Trspi_HashUpdate(&hashCtx, publicInfoSize, publicInfo);
230
result |= Trspi_Hash_ENCAUTH(&hashCtx, xsap->encAuthUse.authdata);
231
if ((result |= Trspi_HashFinal(&hashCtx, digest.digest)))
234
if ((result = authsess_xsap_hmac(xsap, &digest)))
237
/* Create the delegation */
238
if ((result = TCS_API(hContext)->Delegate_CreateKeyDelegation(hContext, tcsKeyHandle,
239
publicInfoSize, publicInfo,
241
xsap->pAuth, &blobSize,
245
result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
246
result |= Trspi_Hash_UINT32(&hashCtx, result);
247
result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_Delegate_CreateKeyDelegation);
248
result |= Trspi_Hash_UINT32(&hashCtx, blobSize);
249
result |= Trspi_HashUpdate(&hashCtx, blobSize, blob);
250
if ((result |= Trspi_HashFinal(&hashCtx, digest.digest)))
253
if (authsess_xsap_verify(xsap, &digest)) {
254
result = TSPERR(TSS_E_TSP_AUTHFAIL);
258
result = obj_policy_set_delegation_blob(hDelegation, TSS_DELEGATIONTYPE_KEY, blobSize,
269
update_delfamily_object(TSS_HTPM hTpm, UINT32 familyID)
271
TSS_HCONTEXT hContext;
272
UINT32 familyTableSize, delegateTableSize;
273
BYTE *familyTable = NULL, *delegateTable = NULL;
275
TPM_FAMILY_TABLE_ENTRY familyTableEntry;
276
TSS_BOOL familyState;
277
TSS_HDELFAMILY hFamily;
280
if ((result = obj_tpm_get_tsp_context(hTpm, &hContext)))
283
if ((result = TCS_API(hContext)->Delegate_ReadTable(hContext, &familyTableSize,
284
&familyTable, &delegateTableSize,
288
for (offset = 0; offset < familyTableSize;) {
289
Trspi_UnloadBlob_TPM_FAMILY_TABLE_ENTRY(&offset, familyTable, &familyTableEntry);
290
if (familyTableEntry.familyID == familyID) {
291
obj_delfamily_find_by_familyid(hContext, familyID, &hFamily);
292
if (hFamily == NULL_HDELFAMILY) {
293
if ((result = obj_delfamily_add(hContext, &hFamily)))
295
if ((result = obj_delfamily_set_familyid(hFamily,
296
familyTableEntry.familyID)))
298
if ((result = obj_delfamily_set_label(hFamily,
299
familyTableEntry.label.label)))
303
/* Set/Update the family attributes */
304
familyState = (familyTableEntry.flags & TPM_FAMFLAG_DELEGATE_ADMIN_LOCK) ?
306
if ((result = obj_delfamily_set_locked(hFamily, familyState, FALSE)))
308
familyState = (familyTableEntry.flags & TPM_FAMFLAG_ENABLE) ? TRUE : FALSE;
309
if ((result = obj_delfamily_set_enabled(hFamily, familyState, FALSE)))
311
if ((result = obj_delfamily_set_vercount(hFamily,
312
familyTableEntry.verificationCount)))
327
get_delegate_index(TSS_HCONTEXT hContext, UINT32 index, TPM_DELEGATE_PUBLIC *public)
329
UINT32 familyTableSize, delegateTableSize;
330
BYTE *familyTable = NULL, *delegateTable = NULL;
333
TPM_DELEGATE_PUBLIC tempPublic;
336
if ((result = TCS_API(hContext)->Delegate_ReadTable(hContext, &familyTableSize,
337
&familyTable, &delegateTableSize,
341
for (offset = 0; offset < delegateTableSize;) {
342
Trspi_UnloadBlob_UINT32(&offset, &tpmIndex, delegateTable);
343
if (tpmIndex == index) {
344
result = Trspi_UnloadBlob_TPM_DELEGATE_PUBLIC(&offset, delegateTable, public);
347
if ((result = Trspi_UnloadBlob_TPM_DELEGATE_PUBLIC(&offset, delegateTable, &tempPublic)))
351
free(tempPublic.pcrInfo.pcrSelection.pcrSelect);
354
/* Didn't find a matching index */
355
result = TSPERR(TSS_E_BAD_PARAMETER);
365
build_delegate_public_info(BYTE bLabel,
367
TSS_HDELFAMILY hFamily,
368
TSS_HPOLICY hDelegation,
369
UINT32 *publicInfoSize,
372
TPM_DELEGATE_PUBLIC public;
375
BYTE *pcrInfo = NULL;
377
TSS_RESULT result = TSS_SUCCESS;
379
if (hDelegation == NULL_HPOLICY)
380
return TSPERR(TSS_E_BAD_PARAMETER);
382
if ((result = obj_policy_get_delegation_type(hDelegation, &delegateType)))
385
/* This call will create a "null" PCR_INFO_SHORT if hPcrs is null */
386
if ((result = obj_pcrs_create_info_short(hPcrs, &pcrInfoSize, &pcrInfo)))
389
memset(&public, 0, sizeof(public));
390
public.tag = TPM_TAG_DELEGATE_PUBLIC;
391
public.label.label = bLabel;
393
if ((result = Trspi_UnloadBlob_PCR_INFO_SHORT(&offset, pcrInfo, &public.pcrInfo)))
395
public.permissions.tag = TPM_TAG_DELEGATIONS;
396
public.permissions.delegateType =
397
(delegateType == TSS_DELEGATIONTYPE_OWNER) ? TPM_DEL_OWNER_BITS : TPM_DEL_KEY_BITS;
398
if ((result = obj_policy_get_delegation_per1(hDelegation, &public.permissions.per1)))
400
if ((result = obj_policy_get_delegation_per2(hDelegation, &public.permissions.per2)))
402
if ((result = obj_delfamily_get_familyid(hFamily, &public.familyID)))
404
if ((result = obj_delfamily_get_vercount(hFamily, &public.verificationCount)))
408
Trspi_LoadBlob_TPM_DELEGATE_PUBLIC(&offset, NULL, &public);
409
*publicInfoSize = offset;
410
*publicInfo = malloc(*publicInfoSize);
411
if (*publicInfo == NULL) {
412
LogError("malloc of %u bytes failed.", *publicInfoSize);
413
result = TSPERR(TSS_E_OUTOFMEMORY);
417
Trspi_LoadBlob_TPM_DELEGATE_PUBLIC(&offset, *publicInfo, &public);
421
free(public.pcrInfo.pcrSelection.pcrSelect);
426
#ifdef TSS_BUILD_TRANSPORT
428
Transport_Delegate_Manage(TSS_HCONTEXT tspContext, /* in */
429
TPM_FAMILY_ID familyID, /* in */
430
TPM_FAMILY_OPERATION opFlag, /* in */
431
UINT32 opDataSize, /* in */
432
BYTE *opData, /* in */
433
TPM_AUTH *ownerAuth, /* in, out */
434
UINT32 *retDataSize, /* out */
435
BYTE **retData) /* out */
438
UINT32 handlesLen = 0, decLen, dataLen;
443
if ((result = obj_context_transport_init(tspContext)))
446
LogDebugFn("Executing in a transport session");
448
dataLen = sizeof(TPM_FAMILY_ID)
449
+ sizeof(TPM_FAMILY_OPERATION)
452
if ((data = malloc(dataLen)) == NULL) {
453
LogError("malloc of %u bytes failed", dataLen);
454
return TSPERR(TSS_E_OUTOFMEMORY);
458
Trspi_LoadBlob_UINT32(&offset, familyID, data);
459
Trspi_LoadBlob_UINT32(&offset, opFlag, data);
460
Trspi_LoadBlob_UINT32(&offset, opDataSize, data);
461
Trspi_LoadBlob(&offset, opDataSize, data, opData);
463
if ((result = obj_context_transport_execute(tspContext, TPM_ORD_Delegate_Manage, dataLen,
464
data, NULL, &handlesLen, NULL, ownerAuth,
465
NULL, &decLen, &dec))) {
472
Trspi_UnloadBlob_UINT32(&offset, retDataSize, dec);
474
if ((*retData = malloc(*retDataSize)) == NULL) {
476
LogError("malloc of %u bytes failed", *retDataSize);
478
return TSPERR(TSS_E_OUTOFMEMORY);
480
Trspi_UnloadBlob(&offset, *retDataSize, dec, *retData);
488
Transport_Delegate_CreateKeyDelegation(TSS_HCONTEXT tspContext, /* in */
489
TCS_KEY_HANDLE hKey, /* in */
490
UINT32 publicInfoSize, /* in */
491
BYTE *publicInfo, /* in */
492
TPM_ENCAUTH *encDelAuth, /* in */
493
TPM_AUTH *keyAuth, /* in, out */
494
UINT32 *blobSize, /* out */
495
BYTE **blob) /* out */
498
UINT32 handlesLen, decLen, dataLen;
499
TCS_HANDLE *handles, handle;
500
TPM_DIGEST pubKeyHash;
501
Trspi_HashCtx hashCtx;
506
if ((result = obj_context_transport_init(tspContext)))
509
LogDebugFn("Executing in a transport session");
511
if ((result = obj_tcskey_get_pubkeyhash(hKey, pubKeyHash.digest)))
514
result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
515
result |= Trspi_Hash_DIGEST(&hashCtx, pubKeyHash.digest);
516
if ((result |= Trspi_HashFinal(&hashCtx, pubKeyHash.digest)))
523
dataLen = publicInfoSize + sizeof(TPM_ENCAUTH);
524
if ((data = malloc(dataLen)) == NULL) {
525
LogError("malloc of %u bytes failed", dataLen);
526
return TSPERR(TSS_E_OUTOFMEMORY);
530
Trspi_LoadBlob(&offset, publicInfoSize, data, publicInfo);
531
Trspi_LoadBlob(&offset, sizeof(TPM_ENCAUTH), data, encDelAuth->authdata);
533
if ((result = obj_context_transport_execute(tspContext,
534
TPM_ORD_Delegate_CreateKeyDelegation, dataLen,
535
data, &pubKeyHash, &handlesLen, &handles,
536
keyAuth, NULL, &decLen, &dec))) {
543
Trspi_UnloadBlob_UINT32(&offset, blobSize, dec);
545
if ((*blob = malloc(*blobSize)) == NULL) {
547
LogError("malloc of %u bytes failed", *blobSize);
549
return TSPERR(TSS_E_OUTOFMEMORY);
551
Trspi_UnloadBlob(&offset, *blobSize, dec, *blob);
559
Transport_Delegate_CreateOwnerDelegation(TSS_HCONTEXT tspContext, /* in */
560
TSS_BOOL increment, /* in */
561
UINT32 publicInfoSize, /* in */
562
BYTE *publicInfo, /* in */
563
TPM_ENCAUTH *encDelAuth, /* in */
564
TPM_AUTH *ownerAuth, /* in, out */
565
UINT32 *blobSize, /* out */
566
BYTE **blob) /* out */
569
UINT32 handlesLen = 0, decLen, dataLen;
574
if ((result = obj_context_transport_init(tspContext)))
577
LogDebugFn("Executing in a transport session");
579
dataLen = sizeof(TSS_BOOL) + publicInfoSize + sizeof(TPM_ENCAUTH);
580
if ((data = malloc(dataLen)) == NULL) {
581
LogError("malloc of %u bytes failed", dataLen);
582
return TSPERR(TSS_E_OUTOFMEMORY);
586
Trspi_LoadBlob_BOOL(&offset, increment, data);
587
Trspi_LoadBlob(&offset, publicInfoSize, data, publicInfo);
588
Trspi_LoadBlob(&offset, sizeof(TPM_ENCAUTH), data, encDelAuth->authdata);
590
if ((result = obj_context_transport_execute(tspContext,
591
TPM_ORD_Delegate_CreateOwnerDelegation, dataLen,
592
data, NULL, &handlesLen, NULL, ownerAuth,
593
NULL, &decLen, &dec))) {
600
Trspi_UnloadBlob_UINT32(&offset, blobSize, dec);
602
if ((*blob = malloc(*blobSize)) == NULL) {
604
LogError("malloc of %u bytes failed", *blobSize);
606
return TSPERR(TSS_E_OUTOFMEMORY);
608
Trspi_UnloadBlob(&offset, *blobSize, dec, *blob);
616
Transport_Delegate_LoadOwnerDelegation(TSS_HCONTEXT tspContext, /* in */
617
TPM_DELEGATE_INDEX index, /* in */
618
UINT32 blobSize, /* in */
620
TPM_AUTH *ownerAuth) /* in, out */
623
UINT32 handlesLen = 0, dataLen;
628
if ((result = obj_context_transport_init(tspContext)))
631
LogDebugFn("Executing in a transport session");
633
dataLen = sizeof(TPM_DELEGATE_INDEX) + sizeof(UINT32) + blobSize;
634
if ((data = malloc(dataLen)) == NULL) {
635
LogError("malloc of %u bytes failed", dataLen);
636
return TSPERR(TSS_E_OUTOFMEMORY);
640
Trspi_LoadBlob_UINT32(&offset, index, data);
641
Trspi_LoadBlob_UINT32(&offset, blobSize, data);
642
Trspi_LoadBlob(&offset, blobSize, data, blob);
644
if ((result = obj_context_transport_execute(tspContext,
645
TPM_ORD_Delegate_LoadOwnerDelegation, dataLen,
646
data, NULL, &handlesLen, NULL, ownerAuth,
647
NULL, NULL, NULL))) {
657
Transport_Delegate_ReadTable(TSS_HCONTEXT tspContext, /* in */
658
UINT32 *familyTableSize, /* out */
659
BYTE **familyTable, /* out */
660
UINT32 *delegateTableSize, /* out */
661
BYTE **delegateTable) /* out */
664
UINT32 handlesLen = 0, decLen;
669
if ((result = obj_context_transport_init(tspContext)))
672
LogDebugFn("Executing in a transport session");
674
if ((result = obj_context_transport_execute(tspContext, TPM_ORD_Delegate_ReadTable, 0, NULL,
675
NULL, &handlesLen, NULL, NULL, NULL, &decLen,
680
Trspi_UnloadBlob_UINT32(&offset, familyTableSize, dec);
682
if ((*familyTable = malloc(*familyTableSize)) == NULL) {
684
LogError("malloc of %u bytes failed", *familyTableSize);
685
*familyTableSize = 0;
686
return TSPERR(TSS_E_OUTOFMEMORY);
688
Trspi_UnloadBlob(&offset, *familyTableSize, dec, *familyTable);
690
Trspi_UnloadBlob_UINT32(&offset, delegateTableSize, dec);
692
if ((*delegateTable = malloc(*delegateTableSize)) == NULL) {
696
*familyTableSize = 0;
697
LogError("malloc of %u bytes failed", *delegateTableSize);
698
*delegateTableSize = 0;
699
return TSPERR(TSS_E_OUTOFMEMORY);
701
Trspi_UnloadBlob(&offset, *delegateTableSize, dec, *delegateTable);
709
Transport_Delegate_UpdateVerificationCount(TSS_HCONTEXT tspContext, /* in */
710
UINT32 inputSize, /* in */
711
BYTE *input, /* in */
712
TPM_AUTH *ownerAuth, /* in, out */
713
UINT32 *outputSize, /* out */
714
BYTE **output) /* out */
717
UINT32 handlesLen = 0, decLen, dataLen;
722
if ((result = obj_context_transport_init(tspContext)))
725
LogDebugFn("Executing in a transport session");
727
dataLen = sizeof(UINT32) + inputSize;
728
if ((data = malloc(dataLen)) == NULL) {
729
LogError("malloc of %u bytes failed", dataLen);
730
return TSPERR(TSS_E_OUTOFMEMORY);
734
Trspi_LoadBlob_UINT32(&offset, inputSize, data);
735
Trspi_LoadBlob(&offset, inputSize, data, input);
737
if ((result = obj_context_transport_execute(tspContext, TPM_ORD_Delegate_UpdateVerification,
738
dataLen, data, NULL, &handlesLen, NULL,
739
ownerAuth, NULL, &decLen, &dec))) {
747
Trspi_UnloadBlob_UINT32(&offset, outputSize, dec);
749
if ((*output = malloc(*outputSize)) == NULL) {
751
LogError("malloc of %u bytes failed", *outputSize);
753
return TSPERR(TSS_E_OUTOFMEMORY);
755
Trspi_UnloadBlob(&offset, *outputSize, dec, *output);
763
Transport_Delegate_VerifyDelegation(TSS_HCONTEXT tspContext, /* in */
764
UINT32 delegateSize, /* in */
765
BYTE *delegate) /* in */
768
UINT32 handlesLen = 0, dataLen;
773
if ((result = obj_context_transport_init(tspContext)))
776
LogDebugFn("Executing in a transport session");
778
dataLen = + sizeof(UINT32) + delegateSize;
779
if ((data = malloc(dataLen)) == NULL) {
780
LogError("malloc of %u bytes failed", dataLen);
781
return TSPERR(TSS_E_OUTOFMEMORY);
785
Trspi_LoadBlob_UINT32(&offset, delegateSize, data);
786
Trspi_LoadBlob(&offset, delegateSize, data, delegate);
788
result = obj_context_transport_execute(tspContext, TPM_ORD_Delegate_VerifyDelegation,
789
dataLen, data, NULL, &handlesLen, NULL, NULL, NULL,
797
Transport_DSAP(TSS_HCONTEXT tspContext, /* in */
798
TPM_ENTITY_TYPE entityType, /* in */
799
TCS_KEY_HANDLE keyHandle, /* in */
800
TPM_NONCE *nonceOddDSAP, /* in */
801
UINT32 entityValueSize, /* in */
802
BYTE * entityValue, /* in */
803
TCS_AUTHHANDLE *authHandle, /* out */
804
TPM_NONCE *nonceEven, /* out */
805
TPM_NONCE *nonceEvenDSAP) /* out */
808
UINT32 handlesLen, dataLen, decLen;
809
TCS_HANDLE *handles, handle;
810
TPM_DIGEST pubKeyHash;
811
Trspi_HashCtx hashCtx;
816
if ((result = obj_context_transport_init(tspContext)))
819
LogDebugFn("Executing in a transport session");
821
if ((result = obj_tcskey_get_pubkeyhash(keyHandle, pubKeyHash.digest)))
824
result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
825
result |= Trspi_Hash_DIGEST(&hashCtx, pubKeyHash.digest);
826
if ((result |= Trspi_HashFinal(&hashCtx, pubKeyHash.digest)))
829
dataLen = sizeof(TPM_ENTITY_TYPE) + sizeof(TPM_KEY_HANDLE)
833
if ((data = malloc(dataLen)) == NULL) {
834
LogError("malloc of %u bytes failed", dataLen);
835
return TSPERR(TSS_E_OUTOFMEMORY);
843
Trspi_LoadBlob_UINT32(&offset, entityType, data);
844
Trspi_LoadBlob_UINT32(&offset, keyHandle, data);
845
Trspi_LoadBlob(&offset, sizeof(TPM_NONCE), data, nonceEvenDSAP->nonce);
846
Trspi_LoadBlob_UINT32(&offset, entityValueSize, data);
847
Trspi_LoadBlob(&offset, entityValueSize, data, entityValue);
849
if ((result = obj_context_transport_execute(tspContext, TPM_ORD_DSAP, dataLen, data,
850
&pubKeyHash, &handlesLen, &handles, NULL, NULL,
858
Trspi_UnloadBlob_UINT32(&offset, authHandle, dec);
860
Trspi_UnloadBlob(&offset, sizeof(TPM_NONCE), dec, nonceEven->nonce);
861
Trspi_UnloadBlob(&offset, sizeof(TPM_NONCE), dec, nonceEvenDSAP->nonce);