« back to all changes in this revision
Viewing changes to src/tcs/tcspbg.c
- browse files at revision 1
- compare with another revision
- download diff
- download tarball
- view history from revision 1
- Committer: Bazaar Package Importer
- Author(s): William Lima
- Date: 2007-04-18 16:39:38 UTC
- Revision ID: james.westby@ubuntu.com-20070418163938-opscl2mvvi76jiec
Tags: upstream-0.2.9.1
ImportĀ upstreamĀ versionĀ 0.2.9.1
- files added:
- autom4te.cache
- dist
- dist/fedora
- doc
- man
- man/man3
- man/man5
- man/man8
- src
- src/include
- src/include/linux
- src/include/trousers
- src/include/tss
- src/tcs
- src/tcs/ps
- src/tcsd
- src/tcsd_api
- src/tddl
- src/trspi
- src/trspi/crypto
- src/trspi/crypto/openssl
- src/tspi
- src/tspi/gtk
- src/tspi/ps
- tools
added
removed
src/tcs/tcspbg.c
1
2
/*
3
* Licensed Materials - Property of IBM
4
*
5
* trousers - An open source TCG Software Stack
6
*
7
* (C) Copyright International Business Machines Corp. 2004
8
*
9
*/
10
11
12
#include <stdlib.h>
13
#include <stdio.h>
14
#include <string.h>
15
#include <inttypes.h>
16
17
#include "trousers/tss.h"
18
#include "spi_internal_types.h"
19
#include "tcs_internal_types.h"
20
#include "tcs_tsp.h"
21
#include "tcsps.h"
22
#include "tcs_utils.h"
23
#include "tcs_int_literals.h"
24
#include "capabilities.h"
25
#include "tcslog.h"
26
#include "req_mgr.h"
27
#include "tcsd_wrap.h"
28
#include "tcsd.h"
29
30
TSS_RESULT
31
TCSP_SetOwnerInstall_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
32
TSS_BOOL state /* in */
33
)
34
{
35
UINT64 offset;
36
UINT32 paramSize;
37
TSS_RESULT result;
38
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
39
40
LogDebug("Entering SetOwnerInstall");
41
if ((result = ctx_verify_context(hContext)))
42
return result;
43
44
offset = 10;
45
LoadBlob_BOOL(&offset, state, txBlob, "State");
46
LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset, TPM_ORD_SetOwnerInstall,
47
txBlob);
48
49
if ((result = req_mgr_submit_req(txBlob)))
50
return result;
51
52
result = UnloadBlob_Header(txBlob, ¶mSize);
53
offset = 10;
54
LogResult("SetOwnerInstall", result);
55
return result;
56
}
57
58
TSS_RESULT
59
TCSP_TakeOwnership_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
60
UINT16 protocolID, /* in */
61
UINT32 encOwnerAuthSize, /* in */
62
BYTE * encOwnerAuth, /* in */
63
UINT32 encSrkAuthSize, /* in */
64
BYTE * encSrkAuth, /* in */
65
UINT32 srkInfoSize, /*in */
66
BYTE * srkInfo, /*in */
67
TPM_AUTH * ownerAuth, /* in, out */
68
UINT32 * srkKeySize, /*out */
69
BYTE ** srkKey /*out */
70
)
71
{
72
UINT64 offset;
73
UINT32 paramSize;
74
TSS_RESULT result;
75
TCPA_KEY srkKeyContainer;
76
BYTE oldAuthDataUsage;
77
UINT64 bugOffset;
78
BYTE newSRK[1024];
79
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
80
81
if ((result = ctx_verify_context(hContext)))
82
goto done;
83
84
if ((result = auth_mgr_check(hContext, ownerAuth->AuthHandle)))
85
goto done;
86
87
/* Check on the Atmel Bug Patch */
88
offset = 0;
89
UnloadBlob_KEY(&offset, srkInfo, &srkKeyContainer);
90
oldAuthDataUsage = srkKeyContainer.authDataUsage;
91
LogDebug("auth data usage is %.2X", oldAuthDataUsage);
92
93
offset = 10;
94
LoadBlob_UINT16(&offset, protocolID, txBlob, "prot id");
95
LoadBlob_UINT32(&offset, encOwnerAuthSize, txBlob,
96
"enc owner auth size");
97
LoadBlob(&offset, encOwnerAuthSize, txBlob, encOwnerAuth,
98
"enc owner auth");
99
LoadBlob_UINT32(&offset, encSrkAuthSize, txBlob,
100
"srk auth size");
101
LoadBlob(&offset, encSrkAuthSize, txBlob, encSrkAuth,
102
"srk auth");
103
104
LoadBlob(&offset, srkInfoSize, txBlob, srkInfo, "srk");
105
106
LoadBlob_Auth(&offset, txBlob, ownerAuth);
107
LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, offset,
108
TPM_ORD_TakeOwnership, txBlob);
109
110
if ((result = req_mgr_submit_req(txBlob)))
111
goto done;
112
113
result = UnloadBlob_Header(txBlob, ¶mSize);
114
115
offset = 10;
116
if (result == 0) {
117
if ((result = UnloadBlob_KEY(&offset, txBlob, &srkKeyContainer)))
118
goto done;
119
120
*srkKeySize = offset - 10;
121
*srkKey = calloc(1, *srkKeySize);
122
if (*srkKey == NULL) {
123
destroy_key_refs(&srkKeyContainer);
124
LogError("malloc of %u bytes failed.", *srkKeySize);
125
result = TCSERR(TSS_E_OUTOFMEMORY);
126
goto done;
127
}
128
if (srkKeyContainer.authDataUsage != oldAuthDataUsage) {
129
LogDebug("AuthDataUsage was changed by TPM. Atmel Bug. Fixing it in PS");
130
srkKeyContainer.authDataUsage = oldAuthDataUsage;
131
}
132
memcpy(*srkKey, &txBlob[10], *srkKeySize);
133
134
memset(srkKeyContainer.pubKey.key, 0, srkKeyContainer.pubKey.keyLength);
135
bugOffset = 0;
136
LoadBlob_KEY(&bugOffset, newSRK, &srkKeyContainer);
137
138
UnloadBlob_Auth(&offset, txBlob, ownerAuth);
139
140
/* Once the key file is created, it stays forever. There could be
141
* migratable keys in the hierarchy that are still useful to someone.
142
*/
143
result = ps_remove_key(&SRK_UUID);
144
if (result != TSS_SUCCESS && result != TCSERR(TSS_E_PS_KEY_NOTFOUND)) {
145
destroy_key_refs(&srkKeyContainer);
146
LogError("Error removing SRK from key file.");
147
goto done;
148
}
149
150
if ((result = ps_write_key(&SRK_UUID, &NULL_UUID, NULL, 0, newSRK, bugOffset))) {
151
destroy_key_refs(&srkKeyContainer);
152
LogError("Error writing SRK to disk");
153
goto done;
154
}
155
result = mc_add_entry_srk(SRK_TPM_HANDLE, SRK_TPM_HANDLE, &srkKeyContainer);
156
if (result != TSS_SUCCESS) {
157
destroy_key_refs(&srkKeyContainer);
158
LogError("Error creating SRK mem cache entry");
159
*srkKeySize = 0;
160
free(*srkKey);
161
}
162
destroy_key_refs(&srkKeyContainer);
163
}
164
LogResult("TakeOwnership", result);
165
done:
166
auth_mgr_release_auth(ownerAuth, NULL, hContext);
167
return result;
168
}
169
170
TSS_RESULT
171
TCSP_OIAP_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
172
TCS_AUTHHANDLE *authHandle, /* out */
173
TCPA_NONCE *nonce0 /* out */
174
)
175
{
176
UINT64 offset;
177
TSS_RESULT result;
178
UINT32 paramSize;
179
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
180
181
LogDebug("Entering TCSI_OIAP");
182
183
if ((result = ctx_verify_context(hContext)))
184
return result;
185
186
offset = 10;
187
LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset, TPM_ORD_OIAP, txBlob);
188
189
if ((result = req_mgr_submit_req(txBlob)))
190
return result;
191
192
offset = 10;
193
result = UnloadBlob_Header(txBlob, ¶mSize);
194
195
if (!result) {
196
UnloadBlob_UINT32(&offset, authHandle, txBlob, "authHandle");
197
UnloadBlob(&offset, TCPA_NONCE_SIZE, txBlob,
198
nonce0->nonce, "n0");
199
}
200
201
LogResult("OIAP", result);
202
return result;
203
}
204
205
TSS_RESULT
206
TCSP_OSAP_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
207
TCPA_ENTITY_TYPE entityType, /* in */
208
UINT32 entityValue, /* in */
209
TCPA_NONCE nonceOddOSAP, /* in */
210
TCS_AUTHHANDLE * authHandle, /* out */
211
TCPA_NONCE * nonceEven, /* out */
212
TCPA_NONCE * nonceEvenOSAP /* out */
213
)
214
{
215
UINT64 offset;
216
TSS_RESULT result;
217
UINT32 paramSize;
218
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
219
220
LogDebug("Entering OSAP");
221
if ((result = ctx_verify_context(hContext)))
222
return result;
223
224
offset = 10;
225
LoadBlob_UINT16(&offset, entityType, txBlob, "entity type");
226
LoadBlob_UINT32(&offset, entityValue, txBlob, "entity value");
227
LoadBlob(&offset, TCPA_NONCE_SIZE, txBlob, nonceOddOSAP.nonce, "nonce osap");
228
LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset, TPM_ORD_OSAP, txBlob);
229
230
if ((result = req_mgr_submit_req(txBlob)))
231
return result;
232
233
offset = 10;
234
235
result = UnloadBlob_Header(txBlob, ¶mSize);
236
if (!result) {
237
UnloadBlob_UINT32(&offset, authHandle, txBlob, "auth handle");
238
UnloadBlob(&offset, TCPA_NONCE_SIZE, txBlob, nonceEven->nonce, "n0");
239
UnloadBlob(&offset, TCPA_NONCE_SIZE, txBlob, nonceEvenOSAP->nonce, "n0 osap");
240
}
241
LogResult("OSAP", result);
242
243
return result;
244
}
245
246
TSS_RESULT
247
TCSP_ChangeAuth_Internal(TCS_CONTEXT_HANDLE contextHandle, /* in */
248
TCS_KEY_HANDLE parentHandle, /* in */
249
TCPA_PROTOCOL_ID protocolID, /* in */
250
TCPA_ENCAUTH newAuth, /* in */
251
TCPA_ENTITY_TYPE entityType, /* in */
252
UINT32 encDataSize, /* in */
253
BYTE *encData, /* in */
254
TPM_AUTH *ownerAuth, /* in, out */
255
TPM_AUTH *entityAuth, /* in, out */
256
UINT32 *outDataSize, /* out */
257
BYTE **outData /* out */
258
)
259
{
260
UINT64 offset;
261
UINT32 paramSize;
262
TSS_RESULT result;
263
TCPA_KEY_HANDLE keySlot;
264
TCS_KEY_HANDLE tcsKeyHandleToEvict;
265
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
266
267
LogDebug("Entering Changeauth");
268
if ((result = ctx_verify_context(contextHandle)))
269
goto done;
270
271
if ((result = auth_mgr_check(contextHandle, ownerAuth->AuthHandle)))
272
goto done;
273
if ((result = auth_mgr_check(contextHandle, entityAuth->AuthHandle)))
274
goto done;
275
276
if ((result = ensureKeyIsLoaded(contextHandle, parentHandle, &keySlot)))
277
goto done;
278
279
offset = 10;
280
LoadBlob_UINT32(&offset, keySlot, txBlob, "handle");
281
LoadBlob_UINT16(&offset, protocolID, txBlob, "prot ID");
282
LoadBlob(&offset, TCPA_ENCAUTH_SIZE, txBlob,
283
newAuth.authdata, "encauth");
284
LoadBlob_UINT16(&offset, entityType, txBlob, "entity type");
285
LoadBlob_UINT32(&offset, encDataSize, txBlob, "enc data size");
286
LoadBlob(&offset, encDataSize, txBlob, encData, "enc data");
287
LoadBlob_Auth(&offset, txBlob, ownerAuth);
288
LoadBlob_Auth(&offset, txBlob, entityAuth);
289
290
LoadBlob_Header(TPM_TAG_RQU_AUTH2_COMMAND, offset,
291
TPM_ORD_ChangeAuth, txBlob);
292
293
if ((result = req_mgr_submit_req(txBlob)))
294
goto done;
295
296
offset = 10;
297
result = UnloadBlob_Header(txBlob, ¶mSize);
298
299
if (!result) {
300
UnloadBlob_UINT32(&offset, outDataSize, txBlob,
301
"out data size");
302
*outData = calloc(1, *outDataSize);
303
if (*outData == NULL) {
304
LogError("malloc of %d bytes failed.", *outDataSize);
305
result = TCSERR(TSS_E_OUTOFMEMORY);
306
} else {
307
UnloadBlob(&offset, *outDataSize, txBlob, *outData, "outdata");
308
}
309
UnloadBlob_Auth(&offset, txBlob, ownerAuth);
310
UnloadBlob_Auth(&offset, txBlob, entityAuth);
311
312
/* if the malloc above failed, terminate the 2 new auth handles and exit */
313
if (result)
314
goto done;
315
316
/****************************************
317
* Check if ET is a key. If it is, we need to
318
* 1 - Evict the key if loaded
319
* 2 - update the knowledge entries where applicable.
320
* 3 - Update the PS if applicable.
321
* 4 - Reload the key ( optional ) - Not doing it here
322
****************************************/
323
if (entityType == TCPA_ET_KEYHANDLE ||
324
entityType == TCPA_ET_KEY) {
325
LogDebug("entity type is a key. Check if storage/knowledge must be updated");
326
/*--- Compare the EncData against the TCS tables */
327
#if 0
328
/*--- Check PS */
329
LogDebug("Checking PS");
330
uuidKeyToEvict = mc_get_uuid_by_encdata(encData);
331
if (uuidKeyToEvict != NULL) {
332
LogDebug("UUID is not NULL, replace storage");
333
replaceEncData_PS(*uuidKeyToEvict, encData, *outData);
334
}
335
#endif
336
tcsKeyHandleToEvict = mc_get_handle_by_encdata(encData);
337
LogDebug("tcsKeyHandle being evicted is %.8X", tcsKeyHandleToEvict);
338
/*--- If it was found in knowledge, replace it */
339
if (tcsKeyHandleToEvict != 0) {
340
key_mgr_evict(contextHandle, tcsKeyHandleToEvict);
341
mc_update_encdata(encData, *outData);
342
}
343
344
}
345
}
346
LogResult("ChangeAuth", result);
347
done:
348
auth_mgr_release_auth(ownerAuth, entityAuth, contextHandle);
349
return result;
350
}
351
352
TSS_RESULT
353
TCSP_ChangeAuthOwner_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
354
TCPA_PROTOCOL_ID protocolID, /* in */
355
TCPA_ENCAUTH newAuth, /* in */
356
TCPA_ENTITY_TYPE entityType, /* in */
357
TPM_AUTH * ownerAuth /* in, out */
358
)
359
{
360
UINT64 offset;
361
UINT32 paramSize;
362
TSS_RESULT result;
363
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
364
365
LogDebug("Entering ChangeAuthOwner");
366
367
if ((result = ctx_verify_context(hContext)))
368
goto done;
369
370
if ((result = auth_mgr_check(hContext, ownerAuth->AuthHandle)))
371
goto done;
372
373
offset = 10;
374
LoadBlob_UINT16(&offset, protocolID, txBlob, "prot id");
375
LoadBlob(&offset, 20, txBlob, newAuth.authdata, "enc auth");
376
LoadBlob_UINT16(&offset, entityType, txBlob, "entity type");
377
LoadBlob_Auth(&offset, txBlob, ownerAuth);
378
LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, offset, TPM_ORD_ChangeAuthOwner, txBlob);
379
380
if ((result = req_mgr_submit_req(txBlob)))
381
goto done;
382
383
offset = 10;
384
result = UnloadBlob_Header(txBlob, ¶mSize);
385
UnloadBlob_Auth(&offset, txBlob, ownerAuth);
386
387
LogResult("ChangeAuthOwner", result);
388
done:
389
auth_mgr_release_auth(ownerAuth, NULL, hContext);
390
return result;
391
}
392
393
TSS_RESULT
394
TCSP_ChangeAuthAsymStart_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
395
TCS_KEY_HANDLE idHandle, /* in */
396
TCPA_NONCE antiReplay, /* in */
397
UINT32 KeySizeIn, /* in */
398
BYTE * KeyDataIn, /* in */
399
TPM_AUTH * pAuth, /* in, out */
400
UINT32 * KeySizeOut, /* out */
401
BYTE ** KeyDataOut, /* out */
402
UINT32 * CertifyInfoSize, /* out */
403
BYTE ** CertifyInfo, /* out */
404
UINT32 * sigSize, /* out */
405
BYTE ** sig, /* out */
406
TCS_KEY_HANDLE * ephHandle /* out */
407
)
408
{
409
#if 0
410
#warning Locking trouble in evictFirstKey
411
UINT16 offset;
412
UINT32 paramSize;
413
TSS_RESULT result;
414
UINT32 keySlot;
415
TCPA_CERTIFY_INFO certifyInfo;
416
TCPA_KEY tempKey;
417
UINT32 tempSize;
418
TCPA_KEY_PARMS keyParmsContainer;
419
TSS_BOOL canLoad;
420
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
421
422
LogDebug("Entering ChangeAuthAsymStart");
423
if ((result = ctx_verify_context(hContext)))
424
goto done;
425
426
if (pAuth != NULL) {
427
LogDebug("Auth Command");
428
if ((result = auth_mgr_check(hContext, pAuth->AuthHandle)))
429
goto done;
430
} else {
431
LogDebug("No Auth");
432
}
433
434
if ((result = ensureKeyIsLoaded(hContext, idHandle, &keySlot)))
435
goto done;
436
437
LogDebug("Checking for room to load the eph key");
438
offset = 0;
439
if ((result = UnloadBlob_KEY_PARMS(&offset, KeyDataIn, &keyParmsContainer)))
440
goto done;
441
442
/* if we can't load the key, evict keys until we can */
443
if ((result = canILoadThisKey(&keyParmsContainer, &canLoad)))
444
goto done;
445
446
while (canLoad == FALSE) {
447
/* Evict a key that isn't the parent */
448
if ((result = evictFirstKey(idHandle)))
449
goto done;
450
451
if ((result = canILoadThisKey(&keyParmsContainer, &canLoad)))
452
goto done;
453
}
454
455
offset = 10;
456
LoadBlob_UINT32(&offset, keySlot, txBlob, "idhandle");
457
LoadBlob(&offset, TCPA_NONCE_SIZE, txBlob, antiReplay.nonce, "nonce");
458
/* LoadBlob_KEY_PARMS( &offset, txBlob, &tempKeyParms ); */
459
/* LoadBlob_UINT32( &offset, KeySizeIn, txBlob, "temp key size" ); */
460
LoadBlob(&offset, KeySizeIn, txBlob, KeyDataIn, "Temp Key");
461
462
if (pAuth != NULL) {
463
LoadBlob_Auth(&offset, txBlob, pAuth);
464
LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, offset,
465
TPM_ORD_ChangeAuthAsymStart, txBlob);
466
} else {
467
LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset,
468
TPM_ORD_ChangeAuthAsymStart, txBlob);
469
}
470
471
if ((result = req_mgr_submit_req(txBlob)))
472
goto done;
473
474
offset = 10;
475
result = UnloadBlob_Header(txBlob, ¶mSize);
476
if (result == 0) {
477
UnloadBlob_CERTIFY_INFO(&offset, txBlob, &certifyInfo);
478
*CertifyInfoSize = offset - 10;
479
*CertifyInfo = malloc(*CertifyInfoSize);
480
if (*CertifyInfo == NULL) {
481
LogError("malloc of %u bytes failed.", *CertifyInfoSize);
482
result = TCSERR(TSS_E_OUTOFMEMORY);
483
goto done;
484
}
485
memcpy(*CertifyInfo, &txBlob[offset - *CertifyInfoSize],
486
*CertifyInfoSize);
487
UnloadBlob_UINT32(&offset, sigSize, txBlob, "sig size");
488
*sig = malloc(*sigSize);
489
if (*sig == NULL) {
490
LogError("malloc of %u bytes failed.", *sigSize);
491
result = TCSERR(TSS_E_OUTOFMEMORY);
492
goto done;
493
}
494
UnloadBlob(&offset, *sigSize, txBlob, *sig, "sig");
495
UnloadBlob_UINT32(&offset, ephHandle, txBlob, "eph handle");
496
tempSize = offset;
497
UnloadBlob_KEY(&offset, txBlob, &tempKey);
498
*KeySizeOut = offset - tempSize;
499
*KeyDataOut = malloc(*KeySizeOut);
500
if (*KeyDataOut == NULL) {
501
LogError("malloc of %u bytes failed.", *KeySizeOut);
502
result = TCSERR(TSS_E_OUTOFMEMORY);
503
goto done;
504
}
505
memcpy(*KeyDataOut, &txBlob[offset - *KeySizeOut], *KeySizeOut);
506
if (pAuth != NULL)
507
UnloadBlob_Auth(&offset, txBlob, pAuth);
508
}
509
510
LogResult("ChangeAuthAsymStart", result);
511
done:
512
auth_mgr_release_auth(pAuth, NULL, hContext);
513
return result;
514
#else
515
return TSPERR(TSS_E_NOTIMPL);
516
#endif
517
}
518
519
TSS_RESULT
520
TCSP_ChangeAuthAsymFinish_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
521
TCS_KEY_HANDLE parentHandle, /* in */
522
TCS_KEY_HANDLE ephHandle, /* in */
523
TCPA_ENTITY_TYPE entityType, /* in */
524
TCPA_HMAC newAuthLink, /* in */
525
UINT32 newAuthSize, /* in */
526
BYTE * encNewAuth, /* in */
527
UINT32 encDataSizeIn, /* in */
528
BYTE * encDataIn, /* in */
529
TPM_AUTH * ownerAuth, /* in, out */
530
UINT32 * encDataSizeOut, /* out */
531
BYTE ** encDataOut, /* out */
532
TCPA_SALT_NONCE * saltNonce, /* out */
533
TCPA_DIGEST * changeProof /* out */
534
)
535
{
536
UINT64 offset;
537
UINT32 paramSize;
538
TSS_RESULT result;
539
UINT32 keySlot;
540
#if 0
541
TCPA_CERTIFY_INFO certifyInfo;
542
TCPA_KEY tempKey;
543
UINT32 tempSize;
544
TSS_UUID *uuidKeyToEvict;
545
#endif
546
TCS_KEY_HANDLE tcsKeyHandleToEvict;
547
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
548
549
LogDebug("Entering ChangeAuthAsymFinish");
550
if ((result = ctx_verify_context(hContext)))
551
goto done;
552
553
if (ownerAuth != NULL) {
554
LogDebug("Auth used");
555
if ((result = auth_mgr_check(hContext, ownerAuth->AuthHandle)))
556
goto done;
557
} else {
558
LogDebug("No Auth");
559
}
560
if ((result = ensureKeyIsLoaded(hContext, parentHandle, &keySlot)))
561
goto done;
562
563
offset = 10;
564
LoadBlob_UINT32(&offset, keySlot, txBlob, "idhandle");
565
LoadBlob_UINT32(&offset, ephHandle, txBlob, "ephHandle");
566
LoadBlob_UINT16(&offset, entityType, txBlob, "entity Type");
567
LoadBlob(&offset, 20, txBlob, newAuthLink.digest, "newAuthLink");
568
LoadBlob_UINT32(&offset, newAuthSize, txBlob, "newAuthSize");
569
LoadBlob(&offset, newAuthSize, txBlob, encNewAuth, "encNewauth");
570
LoadBlob_UINT32(&offset, encDataSizeIn, txBlob, "encDatasize ");
571
LoadBlob(&offset, encDataSizeIn, txBlob, encDataIn, "encDataIn");
572
573
if (ownerAuth != NULL) {
574
LoadBlob_Auth(&offset, txBlob, ownerAuth);
575
LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, offset,
576
TPM_ORD_ChangeAuthAsymFinish, txBlob);
577
} else {
578
LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset,
579
TPM_ORD_ChangeAuthAsymFinish, txBlob);
580
}
581
582
if ((result = req_mgr_submit_req(txBlob)))
583
goto done;
584
585
offset = 10;
586
result = UnloadBlob_Header(txBlob, ¶mSize);
587
if (!result) {
588
UnloadBlob_UINT32(&offset, encDataSizeOut, txBlob,
589
"outDataSize");
590
*encDataOut = calloc(1, *encDataSizeOut);
591
if (*encDataOut == NULL) {
592
LogError("malloc of %u bytes failed.", *encDataSizeOut);
593
result = TCSERR(TSS_E_OUTOFMEMORY);
594
goto done;
595
}
596
UnloadBlob(&offset, *encDataSizeOut, txBlob,
597
*encDataOut, "outData");
598
UnloadBlob(&offset, 20, txBlob, saltNonce->nonce, "salt Nonce");
599
UnloadBlob(&offset, 20, txBlob, changeProof->digest,
600
"changeProof");
601
if (ownerAuth != NULL)
602
UnloadBlob_Auth(&offset, txBlob, ownerAuth);
603
604
/****************************************
605
* Check if ET is a key. If it is, we need to
606
* 1 - Evict the key if loaded
607
* 2 - update the knowledge entries where applicable.
608
* 3 - Update the PS if applicable.
609
* 4 - Reload the key ( optional ) - Not doing it here
610
****************************************/
611
if (entityType == TCPA_ET_KEYHANDLE ||
612
entityType == TCPA_ET_KEY) {
613
/*--- Compare the EncData against the TCS tables */
614
tcsKeyHandleToEvict = mc_get_handle_by_encdata(encDataIn);
615
#if 0
616
/*--- Check PS */
617
uuidKeyToEvict = mc_get_uuid_by_encdata(encDataIn);
618
if (uuidKeyToEvict != NULL) {
619
replaceEncData_PS(*uuidKeyToEvict,
620
encDataIn, *encDataOut);
621
}
622
#endif
623
/*--- If it was found in knowledge, replace it */
624
if (tcsKeyHandleToEvict != 0) {
625
key_mgr_evict(hContext, tcsKeyHandleToEvict);
626
mc_update_encdata(encDataIn, *encDataOut);
627
}
628
}
629
}
630
631
LogResult("ChangeAuthAsymFinish", result);
632
done:
633
auth_mgr_release_auth(ownerAuth, NULL, hContext);
634
return result;
635
}
636
637
TSS_RESULT
638
internal_TerminateHandle(TCS_AUTHHANDLE handle)
639
{
640
UINT64 offset;
641
UINT32 paramSize;
642
TSS_RESULT result;
643
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
644
645
offset = 10;
646
LoadBlob_UINT32(&offset, handle, txBlob, "handle");
647
LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset, TPM_ORD_Terminate_Handle, txBlob);
648
649
if ((result = req_mgr_submit_req(txBlob)))
650
return result;
651
652
offset = 10;
653
return UnloadBlob_Header(txBlob, ¶mSize);
654
}
655
656
TSS_RESULT
657
TCSP_TerminateHandle_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
658
TCS_AUTHHANDLE handle /* in */
659
)
660
{
661
TSS_RESULT result;
662
663
LogDebug("Entering TCSI_TerminateHandle");
664
if ((result = ctx_verify_context(hContext)))
665
return result;
666
667
if ((result = auth_mgr_check(hContext, handle)))
668
return result;
669
670
result = auth_mgr_release_auth_handle(handle, hContext, 1);
671
672
LogResult("Terminate Handle", result);
673
return result;
674
}
675
676
TSS_RESULT
677
TCSP_ActivateTPMIdentity_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
678
TCS_KEY_HANDLE idKey, /* in */
679
UINT32 blobSize, /* in */
680
BYTE * blob, /* in */
681
TPM_AUTH * idKeyAuth, /* in, out */
682
TPM_AUTH * ownerAuth, /* in, out */
683
UINT32 * SymmetricKeySize, /* out */
684
BYTE ** SymmetricKey /* out */
685
)
686
{
687
UINT64 offset;
688
UINT64 authOffset;
689
TCPA_SYMMETRIC_KEY symKey;
690
TSS_RESULT result;
691
UINT32 paramSize;
692
UINT32 keySlot;
693
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
694
695
LogDebug("TCSP_ActivateTPMIdentity");
696
697
if ((result = ctx_verify_context(hContext)))
698
goto done;
699
700
if (idKeyAuth != NULL) {
701
if ((result = auth_mgr_check(hContext, idKeyAuth->AuthHandle)))
702
goto done;
703
}
704
if ((result = auth_mgr_check(hContext, ownerAuth->AuthHandle)))
705
goto done;
706
707
if ((result = ensureKeyIsLoaded(hContext, idKey, &keySlot)))
708
goto done;
709
710
offset = 10;
711
LoadBlob_UINT32(&offset, keySlot, txBlob, "id key handle");
712
LoadBlob_UINT32(&offset, blobSize, txBlob, "blob size");
713
LoadBlob(&offset, blobSize, txBlob, blob, "in blob");
714
if (idKeyAuth != NULL) {
715
LoadBlob_Auth(&offset, txBlob, idKeyAuth);
716
LoadBlob_Auth(&offset, txBlob, ownerAuth);
717
LoadBlob_Header(TPM_TAG_RQU_AUTH2_COMMAND,
718
offset,
719
TPM_ORD_ActivateTPMIdentity, txBlob);
720
} else {
721
LoadBlob_Auth(&offset, txBlob, ownerAuth);
722
LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND,
723
offset,
724
TPM_ORD_ActivateTPMIdentity, txBlob);
725
}
726
727
if ((result = req_mgr_submit_req(txBlob)))
728
goto done;
729
730
result = UnloadBlob_Header(txBlob, ¶mSize);
731
732
if (!result) {
733
/* We don't know what kind of key the symmetric key is, or how big it is.
734
* So, call UnloadBlob_SYMMETRIC_KEY to parse through the returned data
735
* and create the expanded TCPA_SYMMETRIC_KEY structure. Then, serialize
736
* that data to pass back to the TSP. */
737
offset = 10;
738
if ((result = UnloadBlob_SYMMETRIC_KEY(&offset, txBlob, &symKey)))
739
goto done;
740
741
/* After parsing through the symmetric key, offset will point to the auth
742
* structure(s) */
743
authOffset = offset;
744
745
*SymmetricKey = calloc(1, offset - 10);
746
if (*SymmetricKey == NULL) {
747
free(symKey.data);
748
LogError("malloc of %" PRIu64 " bytes failed.", offset - 10);
749
result = TCSERR(TSS_E_OUTOFMEMORY);
750
goto done;
751
}
752
*SymmetricKeySize = offset - 10;
753
offset = 0;
754
LoadBlob_SYMMETRIC_KEY(&offset, *SymmetricKey, &symKey);
755
free(symKey.data);
756
757
if (idKeyAuth != NULL) {
758
UnloadBlob_Auth(&authOffset, txBlob, idKeyAuth);
759
}
760
UnloadBlob_Auth(&authOffset, txBlob, ownerAuth);
761
}
762
763
done:
764
auth_mgr_release_auth(idKeyAuth, ownerAuth, hContext);
765
return result;
766
}
767
768
TSS_RESULT
769
TCSP_Extend_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
770
TCPA_PCRINDEX pcrNum, /* in */
771
TCPA_DIGEST inDigest, /* in */
772
TCPA_PCRVALUE * outDigest /* out */
773
)
774
{
775
UINT64 offset;
776
TSS_RESULT result;
777
UINT32 paramSize;
778
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
779
780
LogDebug("Entering Extend");
781
if ((result = ctx_verify_context(hContext)))
782
return result;
783
784
/* PCRs are numbered 0 - (NUM_PCRS - 1), thus the >= */
785
if (pcrNum >= tpm_metrics.num_pcrs)
786
return TCSERR(TSS_E_BAD_PARAMETER);
787
788
if (tcsd_options.kernel_pcrs & (1 << pcrNum)) {
789
LogInfo("PCR %d is configured to be kernel controlled. Extend request denied.",
790
pcrNum);
791
return TCSERR(TSS_E_FAIL);
792
}
793
794
if (tcsd_options.firmware_pcrs & (1 << pcrNum)) {
795
LogInfo("PCR %d is configured to be firmware controlled. Extend request denied.",
796
pcrNum);
797
return TCSERR(TSS_E_FAIL);
798
}
799
800
offset = 10;
801
802
LoadBlob_UINT32(&offset, pcrNum, txBlob, "pcrNum");
803
LoadBlob(&offset, TCPA_DIGEST_SIZE, txBlob, inDigest.digest,
804
"in digest");
805
806
LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset, TPM_ORD_Extend, txBlob);
807
808
if ((result = req_mgr_submit_req(txBlob)))
809
return result;
810
811
offset = 10;
812
result = UnloadBlob_Header(txBlob, ¶mSize);
813
if (!result) {
814
UnloadBlob(&offset, TCPA_DIGEST_SIZE, txBlob,
815
outDigest->digest, "digest");
816
}
817
LogResult("Extend", result);
818
return result;
819
}
820
821
TSS_RESULT
822
TCSP_PcrRead_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
823
TCPA_PCRINDEX pcrNum, /* in */
824
TCPA_PCRVALUE * outDigest /* out */
825
)
826
{
827
UINT64 offset;
828
TSS_RESULT result;
829
UINT32 paramSize;
830
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
831
832
LogDebug("Entering PCRRead");
833
834
if ((result = ctx_verify_context(hContext)))
835
return result;
836
837
/* PCRs are numbered 0 - (NUM_PCRS - 1), thus the >= */
838
if (pcrNum >= tpm_metrics.num_pcrs)
839
return TCSERR(TSS_E_BAD_PARAMETER);
840
841
offset = 10;
842
LoadBlob_UINT32(&offset, pcrNum, txBlob, "pcrnum");
843
844
LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset, TPM_ORD_PcrRead, txBlob);
845
846
if ((result = req_mgr_submit_req(txBlob)))
847
return result;
848
849
offset = 10;
850
result = UnloadBlob_Header(txBlob, ¶mSize);
851
if (!result) {
852
UnloadBlob(&offset, TCPA_DIGEST_SIZE, txBlob,
853
outDigest->digest, "digest");
854
}
855
LogResult("PCR Read", result);
856
return result;
857
}
858
859
TSS_RESULT
860
TCSP_Quote_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
861
TCS_KEY_HANDLE keyHandle, /* in */
862
TCPA_NONCE antiReplay, /* in */
863
UINT32 pcrDataSizeIn, /* in */
864
BYTE * pcrDataIn, /* in */
865
TPM_AUTH * privAuth, /* in, out */
866
UINT32 * pcrDataSizeOut, /* out */
867
BYTE ** pcrDataOut, /* out */
868
UINT32 * sigSize, /* out */
869
BYTE ** sig /* out */
870
)
871
{
872
873
UINT64 offset = 0;
874
UINT32 paramSize;
875
TSS_RESULT result;
876
UINT32 keySlot;
877
TCPA_PCR_COMPOSITE pcrComp;
878
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
879
880
LogDebug("Entering quote");
881
882
if ((result = ctx_verify_context(hContext)))
883
goto done;
884
885
if (privAuth != NULL) {
886
LogDebug("Auth Used");
887
if ((result = auth_mgr_check(hContext, privAuth->AuthHandle)))
888
goto done;
889
} else {
890
LogDebug("No Auth");
891
}
892
if ((result = ensureKeyIsLoaded(hContext, keyHandle, &keySlot)))
893
goto done;
894
895
offset = 10;
896
LoadBlob_UINT32(&offset, keySlot, txBlob, "key handle");
897
LoadBlob(&offset, TCPA_NONCE_SIZE, txBlob, antiReplay.nonce, "anti nonce");
898
LoadBlob(&offset, pcrDataSizeIn, txBlob, pcrDataIn, "Pcr Data");
899
if (privAuth != NULL) {
900
LoadBlob_Auth(&offset, txBlob, privAuth);
901
LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND,
902
offset, TPM_ORD_Quote, txBlob);
903
} else {
904
LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset,
905
TPM_ORD_Quote, txBlob);
906
}
907
if ((result = req_mgr_submit_req(txBlob)))
908
goto done;
909
910
offset = 10;
911
result = UnloadBlob_Header(txBlob, ¶mSize);
912
913
if (!result) {
914
if ((result = UnloadBlob_PCR_COMPOSITE(&offset, txBlob, &pcrComp)))
915
goto done;
916
free(pcrComp.select.pcrSelect);
917
free(pcrComp.pcrValue);
918
919
*pcrDataSizeOut = offset - 10;
920
*pcrDataOut = calloc(1, *pcrDataSizeOut);
921
if (*pcrDataOut == NULL) {
922
LogError("malloc of %u bytes failed.", *pcrDataSizeOut);
923
result = TCSERR(TSS_E_OUTOFMEMORY);
924
goto done;
925
}
926
memcpy(*pcrDataOut, &txBlob[10], *pcrDataSizeOut);
927
UnloadBlob_UINT32(&offset, sigSize, txBlob, "sigsize");
928
*sig = calloc(1, *sigSize);
929
if (*sig == NULL) {
930
free(*pcrDataOut);
931
LogError("malloc of %u bytes failed.", *sigSize);
932
result = TCSERR(TSS_E_OUTOFMEMORY);
933
goto done;
934
}
935
UnloadBlob(&offset, *sigSize, txBlob, *sig, "sig");
936
if (privAuth != NULL)
937
UnloadBlob_Auth(&offset, txBlob, privAuth);
938
}
939
LogResult("Quote", result);
940
done:
941
auth_mgr_release_auth(privAuth, NULL, hContext);
942
return result;
943
}
944
945
TSS_RESULT
946
TCSP_DirWriteAuth_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
947
TCPA_DIRINDEX dirIndex, /* in */
948
TCPA_DIRVALUE newContents, /* in */
949
TPM_AUTH * ownerAuth /* in, out */
950
)
951
{
952
UINT64 offset;
953
UINT32 paramSize;
954
TSS_RESULT result;
955
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
956
957
LogDebug("Entering dirwriteauth");
958
if ((result = ctx_verify_context(hContext)))
959
goto done;
960
961
if ((result = auth_mgr_check(hContext, ownerAuth->AuthHandle)))
962
goto done;
963
964
if (dirIndex > tpm_metrics.num_dirs) {
965
result = TCSERR(TSS_E_BAD_PARAMETER);
966
goto done;
967
}
968
969
offset = 10;
970
LoadBlob_UINT32(&offset, dirIndex, txBlob, "dir index");
971
LoadBlob(&offset, TCPA_DIRVALUE_SIZE, txBlob,
972
newContents.digest, "new contents");
973
LoadBlob_Auth(&offset, txBlob, ownerAuth);
974
LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, offset,
975
TPM_ORD_DirWriteAuth, txBlob);
976
977
if ((result = req_mgr_submit_req(txBlob)))
978
goto done;
979
980
offset = 10;
981
result = UnloadBlob_Header(txBlob, ¶mSize);
982
983
if (!result) {
984
UnloadBlob_Auth(&offset, txBlob, ownerAuth);
985
}
986
LogResult("DirWriteAuth", result);
987
done:
988
auth_mgr_release_auth(ownerAuth, NULL, hContext);
989
return result;
990
}
991
992
TSS_RESULT
993
TCSP_DirRead_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
994
TCPA_DIRINDEX dirIndex, /* in */
995
TCPA_DIRVALUE * dirValue /* out */
996
)
997
{
998
UINT64 offset;
999
UINT32 paramSize;
1000
TSS_RESULT result;
1001
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
1002
1003
LogDebug("Entering DirRead");
1004
if ((result = ctx_verify_context(hContext)))
1005
return result;
1006
1007
if (dirValue == NULL)
1008
return TCSERR(TSS_E_BAD_PARAMETER);
1009
1010
if (dirIndex > tpm_metrics.num_dirs)
1011
return TCSERR(TSS_E_BAD_PARAMETER);
1012
1013
offset = 10;
1014
LoadBlob_UINT32(&offset, dirIndex, txBlob, "dir index");
1015
LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset, TPM_ORD_DirRead, txBlob);
1016
1017
if ((result = req_mgr_submit_req(txBlob)))
1018
return result;
1019
1020
offset = 10;
1021
result = UnloadBlob_Header(txBlob, ¶mSize);
1022
if (!result) {
1023
UnloadBlob(&offset, TCPA_DIRVALUE_SIZE, txBlob,
1024
dirValue->digest, "digest");
1025
}
1026
LogResult("DirRead", result);
1027
return result;
1028
}
1029
1030
TSS_RESULT
1031
TCSP_Seal_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
1032
TCS_KEY_HANDLE keyHandle, /* in */
1033
TCPA_ENCAUTH encAuth, /* in */
1034
UINT32 pcrInfoSize, /* in */
1035
BYTE * PcrInfo, /* in */
1036
UINT32 inDataSize, /* in */
1037
BYTE * inData, /* in */
1038
TPM_AUTH * pubAuth, /* in, out */
1039
UINT32 * SealedDataSize, /* out */
1040
BYTE ** SealedData /* out */
1041
)
1042
{
1043
UINT64 offset;
1044
TSS_RESULT result;
1045
UINT32 paramSize;
1046
TCPA_KEY_HANDLE keySlot;
1047
TCPA_STORED_DATA storedData;
1048
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
1049
1050
LogDebug("Entering Seal");
1051
if (!pubAuth)
1052
return TCSERR(TSS_E_BAD_PARAMETER);
1053
1054
if ((result = ctx_verify_context(hContext)))
1055
goto done;
1056
1057
if ((result = auth_mgr_check(hContext, pubAuth->AuthHandle)))
1058
goto done;
1059
1060
if ((result = ensureKeyIsLoaded(hContext, keyHandle, &keySlot)))
1061
goto done;
1062
1063
if (keySlot == 0) {
1064
result = TCSERR(TSS_E_FAIL);
1065
goto done;
1066
}
1067
1068
offset = 10;
1069
LoadBlob_UINT32(&offset, keySlot, txBlob, "handle");
1070
LoadBlob(&offset, TCPA_ENCAUTH_SIZE, txBlob,
1071
encAuth.authdata, "encauth");
1072
LoadBlob_UINT32(&offset, pcrInfoSize, txBlob, "pcr info size");
1073
LoadBlob(&offset, pcrInfoSize, txBlob, PcrInfo, "pcr info");
1074
LoadBlob_UINT32(&offset, inDataSize, txBlob, "in data size");
1075
LoadBlob(&offset, inDataSize, txBlob, inData, "in data");
1076
1077
LoadBlob_Auth(&offset, txBlob, pubAuth);
1078
LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, offset, TPM_ORD_Seal, txBlob);
1079
1080
if ((result = req_mgr_submit_req(txBlob)))
1081
goto done;
1082
1083
offset = 10;
1084
result = UnloadBlob_Header(txBlob, ¶mSize);
1085
1086
if (!result) {
1087
if ((result = UnloadBlob_STORED_DATA(&offset, txBlob, &storedData)))
1088
goto done;
1089
free(storedData.sealInfo);
1090
free(storedData.encData);
1091
1092
*SealedDataSize = offset - 10;
1093
*SealedData = calloc(1, *SealedDataSize);
1094
if (*SealedData == NULL) {
1095
LogError("malloc of %u bytes failed.", *SealedDataSize);
1096
result = TCSERR(TSS_E_OUTOFMEMORY);
1097
goto done;
1098
}
1099
memcpy(*SealedData, &txBlob[10], *SealedDataSize);
1100
UnloadBlob_Auth(&offset, txBlob, pubAuth);
1101
}
1102
LogResult("Seal", result);
1103
done:
1104
auth_mgr_release_auth(pubAuth, NULL, hContext);
1105
return result;
1106
}
1107
1108
TSS_RESULT
1109
TCSP_Unseal_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
1110
TCS_KEY_HANDLE parentHandle, /* in */
1111
UINT32 SealedDataSize, /* in */
1112
BYTE * SealedData, /* in */
1113
TPM_AUTH * parentAuth, /* in, out */
1114
TPM_AUTH * dataAuth, /* in, out */
1115
UINT32 * DataSize, /* out */
1116
BYTE ** Data /* out */
1117
)
1118
{
1119
UINT64 offset;
1120
UINT32 paramSize;
1121
TSS_RESULT result;
1122
TCPA_KEY_HANDLE keySlot;
1123
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
1124
1125
LogDebug("Entering Unseal");
1126
1127
if (dataAuth == NULL)
1128
return TCSERR(TSS_E_BAD_PARAMETER);
1129
1130
if ((result = ctx_verify_context(hContext)))
1131
goto done;
1132
1133
if (parentAuth != NULL) {
1134
LogDebug("Auth used");
1135
if ((result = auth_mgr_check(hContext, parentAuth->AuthHandle)))
1136
goto done;
1137
} else {
1138
LogDebug("No Auth");
1139
}
1140
1141
if ((result = auth_mgr_check(hContext, dataAuth->AuthHandle)))
1142
goto done;
1143
1144
if ((result = ensureKeyIsLoaded(hContext, parentHandle, &keySlot)))
1145
goto done;
1146
1147
if (keySlot == 0) {
1148
result = TCSERR(TSS_E_FAIL);
1149
goto done;
1150
}
1151
1152
offset = 10;
1153
LoadBlob_UINT32(&offset, keySlot, txBlob, "handle");
1154
LoadBlob(&offset, SealedDataSize, txBlob, SealedData, "data");
1155
if (parentAuth != NULL) {
1156
LoadBlob_Auth(&offset, txBlob, parentAuth);
1157
LoadBlob_Auth(&offset, txBlob, dataAuth);
1158
LoadBlob_Header(TPM_TAG_RQU_AUTH2_COMMAND,
1159
offset, TPM_ORD_Unseal, txBlob);
1160
} else {
1161
LoadBlob_Auth(&offset, txBlob, dataAuth);
1162
LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND,
1163
offset, TPM_ORD_Unseal, txBlob);
1164
}
1165
if ((result = req_mgr_submit_req(txBlob)))
1166
goto done;
1167
1168
offset = 10;
1169
result = UnloadBlob_Header(txBlob, ¶mSize);
1170
1171
if (!result) {
1172
UnloadBlob_UINT32(&offset, DataSize, txBlob,
1173
"sealed data size");
1174
*Data = calloc(1, *DataSize);
1175
if (*Data == NULL) {
1176
LogError("malloc of %u bytes failed.", *DataSize);
1177
result = TCSERR(TSS_E_OUTOFMEMORY);
1178
goto done;
1179
}
1180
UnloadBlob(&offset, *DataSize, txBlob, *Data, "sealed data");
1181
if (parentAuth != NULL)
1182
UnloadBlob_Auth(&offset, txBlob, parentAuth);
1183
UnloadBlob_Auth(&offset, txBlob, dataAuth);
1184
}
1185
LogResult("Unseal", result);
1186
done:
1187
auth_mgr_release_auth(parentAuth, dataAuth, hContext);
1188
return result;
1189
}
1190
1191
TSS_RESULT
1192
TCSP_UnBind_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
1193
TCS_KEY_HANDLE keyHandle, /* in */
1194
UINT32 inDataSize, /* in */
1195
BYTE * inData, /* in */
1196
TPM_AUTH * privAuth, /* in, out */
1197
UINT32 * outDataSize, /* out */
1198
BYTE ** outData /* out */
1199
)
1200
{
1201
UINT32 paramSize;
1202
TSS_RESULT result;
1203
UINT64 offset;
1204
TCPA_KEY_HANDLE keySlot;
1205
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
1206
1207
LogDebug("Entering TCSI_UnBind");
1208
if ((result = ctx_verify_context(hContext)))
1209
goto done;
1210
1211
if (privAuth != NULL) {
1212
LogDebug("Auth Used");
1213
if ((result = auth_mgr_check(hContext, privAuth->AuthHandle)))
1214
goto done;
1215
} else {
1216
LogDebug("No Auth");
1217
}
1218
1219
LogDebugFn("calling ensureKeyIsLoaded for TCS handle 0x%x",
1220
keyHandle);
1221
if ((result = ensureKeyIsLoaded(hContext, keyHandle, &keySlot)))
1222
goto done;
1223
1224
offset = 10;
1225
LoadBlob_UINT32(&offset, keySlot, txBlob, "key handle");
1226
LoadBlob_UINT32(&offset, inDataSize, txBlob, "data size");
1227
LoadBlob(&offset, inDataSize, txBlob, inData, "in data");
1228
if (privAuth != NULL) {
1229
LoadBlob_Auth(&offset, txBlob, privAuth);
1230
LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND,
1231
offset, TPM_ORD_UnBind, txBlob);
1232
} else
1233
LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset,
1234
TPM_ORD_UnBind, txBlob);
1235
1236
if ((result = req_mgr_submit_req(txBlob)))
1237
goto done;
1238
1239
offset = 10;
1240
result = UnloadBlob_Header(txBlob, ¶mSize);
1241
1242
if (!result) {
1243
UnloadBlob_UINT32(&offset, outDataSize, txBlob, "out data size");
1244
*outData = calloc(1, *outDataSize);
1245
if (*outData == NULL) {
1246
LogError("malloc of %d bytes failed.", *outDataSize);
1247
result = TCSERR(TSS_E_OUTOFMEMORY);
1248
} else {
1249
UnloadBlob(&offset, (*outDataSize), txBlob, *outData, "out data");
1250
}
1251
if (privAuth != NULL)
1252
UnloadBlob_Auth(&offset, txBlob, privAuth);
1253
}
1254
1255
done:
1256
auth_mgr_release_auth(privAuth, NULL, hContext);
1257
return result;
1258
}
1259
1260
TSS_RESULT
1261
TCSP_CreateMigrationBlob_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
1262
TCS_KEY_HANDLE parentHandle, /* in */
1263
TSS_MIGRATE_SCHEME migrationType, /* in */
1264
UINT32 MigrationKeyAuthSize, /* in */
1265
BYTE * MigrationKeyAuth, /* in */
1266
UINT32 encDataSize, /* in */
1267
BYTE * encData, /* in */
1268
TPM_AUTH * parentAuth, /* in, out */
1269
TPM_AUTH * entityAuth, /* in, out */
1270
UINT32 * randomSize, /* out */
1271
BYTE ** random, /* out */
1272
UINT32 * outDataSize, /* out */
1273
BYTE ** outData /* out */
1274
)
1275
{
1276
UINT64 offset;
1277
UINT32 paramSize;
1278
TSS_RESULT result;
1279
TCPA_KEY_HANDLE keyHandle;
1280
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
1281
1282
LogDebug("Entering TPM_CreateMigrationBlob");
1283
1284
if ((result = ctx_verify_context(hContext)))
1285
goto done;
1286
1287
if (parentAuth != NULL) {
1288
if ((result = auth_mgr_check(hContext, parentAuth->AuthHandle)))
1289
goto done;
1290
}
1291
1292
if ((result = auth_mgr_check(hContext, entityAuth->AuthHandle)))
1293
goto done;
1294
1295
if ((result = ensureKeyIsLoaded(hContext, parentHandle, &keyHandle)))
1296
goto done;
1297
1298
switch (migrationType) {
1299
case TSS_MS_MIGRATE:
1300
migrationType = TCPA_MS_MIGRATE;
1301
break;
1302
case TSS_MS_REWRAP:
1303
migrationType = TCPA_MS_REWRAP;
1304
break;
1305
case TSS_MS_MAINT:
1306
migrationType = TCPA_MS_MAINT;
1307
break;
1308
default:
1309
/* Let the TPM return an error */
1310
break;
1311
}
1312
1313
offset = 10;
1314
LoadBlob_UINT32(&offset, keyHandle, txBlob, "parent handle");
1315
LoadBlob_UINT16(&offset, migrationType, txBlob, "mig type");
1316
LoadBlob(&offset, MigrationKeyAuthSize, txBlob,
1317
MigrationKeyAuth, "mig key auth");
1318
LoadBlob_UINT32(&offset, encDataSize, txBlob, "enc size");
1319
LoadBlob(&offset, encDataSize, txBlob, encData, "enc data");
1320
if (parentAuth) {
1321
LoadBlob_Auth(&offset, txBlob, parentAuth);
1322
LoadBlob_Auth(&offset, txBlob, entityAuth);
1323
LoadBlob_Header(TPM_TAG_RQU_AUTH2_COMMAND, offset,
1324
TPM_ORD_CreateMigrationBlob, txBlob);
1325
} else {
1326
LoadBlob_Auth(&offset, txBlob, entityAuth);
1327
LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, offset,
1328
TPM_ORD_CreateMigrationBlob, txBlob);
1329
}
1330
1331
if ((result = req_mgr_submit_req(txBlob)))
1332
goto done;
1333
1334
offset = 10;
1335
result = UnloadBlob_Header(txBlob, ¶mSize);
1336
1337
if (result == TSS_SUCCESS) {
1338
UnloadBlob_UINT32(&offset, randomSize, txBlob, "random size");
1339
*random = calloc(1, *randomSize);
1340
if (*random == NULL) {
1341
LogError("malloc of %u bytes failed.", *randomSize);
1342
result = TCSERR(TSS_E_OUTOFMEMORY);
1343
goto done;
1344
}
1345
1346
UnloadBlob(&offset, *randomSize, txBlob, *random, "random");
1347
UnloadBlob_UINT32(&offset, outDataSize, txBlob, "out data size");
1348
*outData = calloc(1, *outDataSize);
1349
if (*outData == NULL) {
1350
free(*random);
1351
LogError("malloc of %u bytes failed.", *outDataSize);
1352
result = TCSERR(TSS_E_OUTOFMEMORY);
1353
goto done;
1354
} else {
1355
UnloadBlob(&offset, *outDataSize, txBlob, *outData, "out data");
1356
}
1357
if (parentAuth != NULL)
1358
UnloadBlob_Auth(&offset, txBlob, parentAuth);
1359
UnloadBlob_Auth(&offset, txBlob, entityAuth);
1360
}
1361
LogResult("TPM_CreateMigrationBlob", result);
1362
1363
done:
1364
auth_mgr_release_auth(entityAuth, parentAuth, hContext);
1365
return result;
1366
}
1367
1368
TSS_RESULT
1369
TCSP_ConvertMigrationBlob_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
1370
TCS_KEY_HANDLE parentHandle, /* in */
1371
UINT32 inDataSize, /* in */
1372
BYTE * inData, /* in */
1373
UINT32 randomSize, /* in */
1374
BYTE * random, /* in */
1375
TPM_AUTH * parentAuth, /* in, out */
1376
UINT32 * outDataSize, /* out */
1377
BYTE ** outData /* out */
1378
)
1379
{
1380
TSS_RESULT result;
1381
UINT32 paramSize;
1382
UINT64 offset;
1383
TCPA_KEY_HANDLE keySlot;
1384
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
1385
1386
LogDebug("ConvertMigBlob");
1387
if ((result = ctx_verify_context(hContext)))
1388
goto done;
1389
1390
if (parentAuth != NULL) {
1391
LogDebug("Auth Used");
1392
if ((result = auth_mgr_check(hContext, parentAuth->AuthHandle)))
1393
goto done;
1394
} else {
1395
LogDebug("No Auth");
1396
}
1397
if ((result = ensureKeyIsLoaded(hContext, parentHandle, &keySlot)))
1398
goto done;
1399
1400
offset = 10;
1401
LoadBlob_UINT32(&offset, keySlot, txBlob, "parent handle");
1402
LoadBlob_UINT32(&offset, inDataSize, txBlob, "in data size");
1403
LoadBlob(&offset, inDataSize, txBlob, inData, "in data");
1404
LoadBlob_UINT32(&offset, randomSize, txBlob, "random size");
1405
LoadBlob(&offset, randomSize, txBlob, random, "random");
1406
if (parentAuth != NULL) {
1407
LoadBlob_Auth(&offset, txBlob, parentAuth);
1408
LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND,
1409
offset,
1410
TPM_ORD_ConvertMigrationBlob, txBlob);
1411
} else {
1412
LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset,
1413
TPM_ORD_ConvertMigrationBlob, txBlob);
1414
}
1415
1416
if ((result = req_mgr_submit_req(txBlob)))
1417
goto done;
1418
1419
offset = 10;
1420
result = UnloadBlob_Header(txBlob, ¶mSize);
1421
1422
if (!result) {
1423
UnloadBlob_UINT32(&offset, outDataSize, txBlob,
1424
"out data size");
1425
*outData = calloc(1, *outDataSize);
1426
if (*outData == NULL) {
1427
LogError("malloc of %d bytes failed.", *outDataSize);
1428
result = TCSERR(TSS_E_OUTOFMEMORY);
1429
} else {
1430
UnloadBlob(&offset, *outDataSize, txBlob, *outData, "out data");
1431
}
1432
if (parentAuth != NULL) {
1433
UnloadBlob_Auth(&offset, txBlob, parentAuth);
1434
}
1435
}
1436
LogResult("***Leaving ConvertMigrationBlob with result ", result);
1437
done:
1438
auth_mgr_release_auth(parentAuth, NULL, hContext);
1439
return result;
1440
}
1441
1442
TSS_RESULT
1443
TCSP_AuthorizeMigrationKey_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
1444
TSS_MIGRATE_SCHEME migrateScheme, /* in */
1445
UINT32 MigrationKeySize, /* in */
1446
BYTE * MigrationKey, /* in */
1447
TPM_AUTH * ownerAuth, /* in, out */
1448
UINT32 * MigrationKeyAuthSize, /* out */
1449
BYTE ** MigrationKeyAuth /* out */
1450
)
1451
{
1452
1453
TSS_RESULT result;
1454
UINT32 paramSize;
1455
UINT64 offset;
1456
TCPA_MIGRATIONKEYAUTH container;
1457
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
1458
1459
LogDebug("TCSP_AuthorizeMigrationKey");
1460
if ((result = ctx_verify_context(hContext)))
1461
goto done;
1462
1463
if ((result = auth_mgr_check(hContext, ownerAuth->AuthHandle)))
1464
goto done;
1465
1466
switch (migrateScheme) {
1467
case TSS_MS_MIGRATE:
1468
migrateScheme = TCPA_MS_MIGRATE;
1469
break;
1470
case TSS_MS_REWRAP:
1471
migrateScheme = TCPA_MS_REWRAP;
1472
break;
1473
case TSS_MS_MAINT:
1474
migrateScheme = TCPA_MS_MAINT;
1475
break;
1476
default:
1477
/* Let the TPM return an error */
1478
break;
1479
}
1480
1481
offset = 10;
1482
LoadBlob_UINT16(&offset, migrateScheme, txBlob, "migation scheme");
1483
LoadBlob(&offset, MigrationKeySize, txBlob, MigrationKey, "pubKey");
1484
LoadBlob_Auth(&offset, txBlob, ownerAuth);
1485
LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, offset,
1486
TPM_ORD_AuthorizeMigrationKey, txBlob);
1487
if ((result = req_mgr_submit_req(txBlob)))
1488
goto done;
1489
1490
offset = 10;
1491
result = UnloadBlob_Header(txBlob, ¶mSize);
1492
1493
if (!result) {
1494
if ((result = UnloadBlob_MIGRATIONKEYAUTH(&offset, txBlob, &container)))
1495
goto done;
1496
free(container.migrationKey.pubKey.key);
1497
free(container.migrationKey.algorithmParms.parms);
1498
1499
*MigrationKeyAuthSize = offset - 10;
1500
*MigrationKeyAuth = calloc(1, *MigrationKeyAuthSize);
1501
if (*MigrationKeyAuth == NULL) {
1502
LogError("malloc of %d bytes failed.", *MigrationKeyAuthSize);
1503
result = TCSERR(TSS_E_OUTOFMEMORY);
1504
} else {
1505
memcpy(*MigrationKeyAuth, &txBlob[10], *MigrationKeyAuthSize);
1506
}
1507
1508
UnloadBlob_Auth(&offset, txBlob, ownerAuth);
1509
}
1510
LogDebugFn("TPM_AuthorizeMigrationKey result: 0x%x", result);
1511
done:
1512
auth_mgr_release_auth(ownerAuth, NULL, hContext);
1513
return result;
1514
1515
}
1516
1517
TSS_RESULT
1518
TCSP_CertifyKey_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
1519
TCS_KEY_HANDLE certHandle, /* in */
1520
TCS_KEY_HANDLE keyHandle, /* in */
1521
TCPA_NONCE antiReplay, /* in */
1522
TPM_AUTH * certAuth, /* in, out */
1523
TPM_AUTH * keyAuth, /* in, out */
1524
UINT32 * CertifyInfoSize, /* out */
1525
BYTE ** CertifyInfo, /* out */
1526
UINT32 * outDataSize, /* out */
1527
BYTE ** outData /* out */
1528
)
1529
{
1530
UINT64 offset;
1531
UINT32 paramSize;
1532
TSS_RESULT result;
1533
TCPA_KEY_HANDLE certKeySlot, keySlot;
1534
TCPA_CERTIFY_INFO certifyContainer;
1535
UINT16 tag;
1536
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
1537
1538
LogDebug("Entering Certify Key");
1539
offset = 10;
1540
if ((result = ctx_verify_context(hContext)))
1541
goto done;
1542
1543
if (certAuth != NULL) {
1544
LogDebug("Auth Used for Cert signing key");
1545
if ((result = auth_mgr_check(hContext, certAuth->AuthHandle)))
1546
goto done;
1547
} else {
1548
LogDebug("No Auth used for Cert signing key");
1549
}
1550
1551
if (keyAuth != NULL) {
1552
LogDebug("Auth Used for Key being signed");
1553
if ((result = auth_mgr_check(hContext, keyAuth->AuthHandle)))
1554
goto done;
1555
} else {
1556
LogDebug("No Auth used for Key being signed");
1557
}
1558
1559
if ((result = ensureKeyIsLoaded(hContext, certHandle, &certKeySlot)))
1560
goto done;
1561
1562
if ((result = ensureKeyIsLoaded(hContext, keyHandle, &keySlot)))
1563
goto done;
1564
1565
LoadBlob_UINT32(&offset, certKeySlot, txBlob, "cert handle");
1566
LoadBlob_UINT32(&offset, keySlot, txBlob, "key handle");
1567
LoadBlob(&offset, TCPA_NONCE_SIZE, txBlob,
1568
antiReplay.nonce, "anti replay");
1569
1570
tag = TPM_TAG_RQU_COMMAND;
1571
if (certAuth != NULL) {
1572
tag++;
1573
LoadBlob_Auth(&offset, txBlob, certAuth);
1574
}
1575
if (keyAuth != NULL) {
1576
tag++;
1577
LoadBlob_Auth(&offset, txBlob, keyAuth);
1578
}
1579
LoadBlob_Header(tag, offset, TPM_ORD_CertifyKey, txBlob);
1580
1581
if ((result = req_mgr_submit_req(txBlob)))
1582
goto done;
1583
1584
offset = 10;
1585
1586
result = UnloadBlob_Header(txBlob, ¶mSize);
1587
1588
if (!result) {
1589
if ((result = UnloadBlob_CERTIFY_INFO(&offset, txBlob, &certifyContainer)))
1590
goto done;
1591
free(certifyContainer.algorithmParms.parms);
1592
free(certifyContainer.PCRInfo);
1593
1594
*CertifyInfoSize = offset - 10;
1595
*CertifyInfo = calloc(1, *CertifyInfoSize);
1596
if (*CertifyInfo == NULL) {
1597
LogError("malloc of %u bytes failed.", *CertifyInfoSize);
1598
result = TCSERR(TSS_E_OUTOFMEMORY);
1599
goto done;
1600
} else {
1601
memcpy(*CertifyInfo, &txBlob[10], *CertifyInfoSize);
1602
}
1603
1604
UnloadBlob_UINT32(&offset, outDataSize, txBlob, "out data size");
1605
*outData = calloc(1, *outDataSize);
1606
if (*outData == NULL) {
1607
free(*CertifyInfo);
1608
LogError("malloc of %u bytes failed.", *outDataSize);
1609
result = TCSERR(TSS_E_OUTOFMEMORY);
1610
goto done;
1611
} else {
1612
UnloadBlob(&offset, *outDataSize, txBlob, *outData, "out data");
1613
}
1614
1615
if (certAuth != NULL) {
1616
UnloadBlob_Auth(&offset, txBlob, certAuth);
1617
}
1618
if (keyAuth != NULL) {
1619
UnloadBlob_Auth(&offset, txBlob, keyAuth);
1620
}
1621
}
1622
LogResult("Certify Key", result);
1623
done:
1624
auth_mgr_release_auth(certAuth, keyAuth, hContext);
1625
return result;
1626
}
1627
1628
TSS_RESULT
1629
TCSP_Sign_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
1630
TCS_KEY_HANDLE keyHandle, /* in */
1631
UINT32 areaToSignSize, /* in */
1632
BYTE * areaToSign, /* in */
1633
TPM_AUTH * privAuth, /* in, out */
1634
UINT32 * sigSize, /* out */
1635
BYTE ** sig /* out */
1636
)
1637
{
1638
UINT64 offset;
1639
UINT32 paramSize;
1640
TSS_RESULT result;
1641
TCPA_KEY_HANDLE keySlot;
1642
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
1643
1644
LogDebug("Entering Sign");
1645
if ((result = ctx_verify_context(hContext)))
1646
return result;
1647
1648
if (privAuth != NULL) {
1649
LogDebug("Auth Used");
1650
if ((result = auth_mgr_check(hContext, privAuth->AuthHandle)))
1651
goto done;
1652
} else {
1653
LogDebug("No Auth");
1654
}
1655
1656
if ((result = ensureKeyIsLoaded(hContext, keyHandle, &keySlot)))
1657
goto done;
1658
1659
offset = 10;
1660
1661
LoadBlob_UINT32(&offset, keySlot, txBlob, "key handle");
1662
LoadBlob_UINT32(&offset, areaToSignSize, txBlob, "size");
1663
LoadBlob(&offset, areaToSignSize, txBlob, areaToSign,
1664
"area to sign");
1665
if (privAuth != NULL) {
1666
LoadBlob_Auth(&offset, txBlob, privAuth);
1667
LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND,
1668
offset, TPM_ORD_Sign, txBlob);
1669
} else {
1670
LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset,
1671
TPM_ORD_Sign, txBlob);
1672
}
1673
1674
if ((result = req_mgr_submit_req(txBlob)))
1675
goto done;
1676
1677
offset = 10;
1678
result = UnloadBlob_Header(txBlob, ¶mSize);
1679
1680
if (!result) {
1681
UnloadBlob_UINT32(&offset, sigSize, txBlob, "sig size");
1682
*sig = calloc(1, *sigSize);
1683
if (*sig == NULL) {
1684
LogError("malloc of %d bytes failed.", *sigSize);
1685
result = TCSERR(TSS_E_OUTOFMEMORY);
1686
goto done;
1687
}
1688
UnloadBlob(&offset, *sigSize, txBlob, *sig, "sig");
1689
if (privAuth != NULL)
1690
UnloadBlob_Auth(&offset, txBlob, privAuth);
1691
}
1692
LogResult("sign", result);
1693
done:
1694
auth_mgr_release_auth(privAuth, NULL, hContext);
1695
return result;
1696
}
1697
1698
/*
1699
* Get a random number generated by the TPM. Most (all?) TPMs return a maximum number of random
1700
* bytes that's less than the max allowed to be returned at the TSP level, which is 4K bytes.
1701
* According to the TPM compliance work posted here: http://www.prosec.rub.de/tpmcompliance.html,
1702
* some TPMs return as little as 132 bytes per query, which would require about 30 loops to get 4K.
1703
* We'll be extremely conservative here and loop 50 times, since it won't affect performance on
1704
* TPMs that return more bytes.
1705
*/
1706
TSS_RESULT
1707
TCSP_GetRandom_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
1708
UINT32 * bytesRequested, /* in, out */
1709
BYTE ** randomBytes /* out */
1710
)
1711
{
1712
UINT64 offset;
1713
TSS_RESULT result;
1714
UINT32 paramSize, totalReturned = 0, bytesReturned, retries = 50;
1715
BYTE txBlob[TSS_TPM_TXBLOB_SIZE], *rnd_tmp = NULL;
1716
1717
LogDebugFn("%u bytes", *bytesRequested);
1718
1719
if ((result = ctx_verify_context(hContext)))
1720
return result;
1721
1722
do {
1723
offset = 10;
1724
LoadBlob_UINT32(&offset, *bytesRequested - totalReturned,
1725
txBlob, "requested");
1726
LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset, TPM_ORD_GetRandom,
1727
txBlob);
1728
1729
if ((result = req_mgr_submit_req(txBlob)))
1730
return result;
1731
1732
offset = 10;
1733
result = UnloadBlob_Header(txBlob, ¶mSize);
1734
if (!result) {
1735
UnloadBlob_UINT32(&offset, &bytesReturned, txBlob,
1736
"random bytes size");
1737
1738
LogDebugFn("received %u bytes from the TPM",
1739
bytesReturned);
1740
1741
rnd_tmp = realloc(rnd_tmp, totalReturned + bytesReturned);
1742
if (rnd_tmp == NULL) {
1743
LogError("malloc of %d bytes failed.",
1744
bytesReturned);
1745
return TCSERR(TSS_E_OUTOFMEMORY);
1746
}
1747
UnloadBlob(&offset, bytesReturned, txBlob,
1748
&rnd_tmp[totalReturned], "random bytes");
1749
totalReturned += bytesReturned;
1750
} else {
1751
free(rnd_tmp);
1752
return result;
1753
}
1754
} while (totalReturned < *bytesRequested && retries--);
1755
1756
if (totalReturned != *bytesRequested) {
1757
LogDebugFn("Only %u random bytes recieved from TPM.", totalReturned);
1758
free(rnd_tmp);
1759
result = TCSERR(TSS_E_FAIL);
1760
} else
1761
*randomBytes = rnd_tmp;
1762
1763
return result;
1764
}
1765
1766
TSS_RESULT
1767
TCSP_StirRandom_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
1768
UINT32 inDataSize, /* in */
1769
BYTE * inData /* in */
1770
)
1771
{
1772
UINT64 offset;
1773
UINT32 paramSize;
1774
TSS_RESULT result;
1775
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
1776
1777
LogDebug("Entering stir random");
1778
1779
if ((result = ctx_verify_context(hContext)))
1780
return result;
1781
1782
if (inDataSize > 255) {
1783
LogDebugFn("inData is too large! (%u bytes)", inDataSize);
1784
return TCSERR(TSS_E_BAD_PARAMETER);
1785
}
1786
1787
offset = 10;
1788
LoadBlob_UINT32(&offset, inDataSize, txBlob, "in data size");
1789
LoadBlob(&offset, inDataSize, txBlob, inData, "in data");
1790
LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset, TPM_ORD_StirRandom,
1791
txBlob);
1792
1793
if ((result = req_mgr_submit_req(txBlob)))
1794
return result;
1795
1796
offset = 10;
1797
result = UnloadBlob_Header(txBlob, ¶mSize);
1798
LogResult("Stir random", result);
1799
return result;
1800
}
1801
1802
TSS_RESULT
1803
internal_TCSGetCap(TCS_CONTEXT_HANDLE hContext,
1804
TCPA_CAPABILITY_AREA capArea,
1805
UINT32 subCapSize, BYTE * subCap,
1806
UINT32 * respSize, BYTE ** resp)
1807
{
1808
UINT32 tcsSubCapContainer;
1809
UINT64 offset;
1810
TSS_RESULT result;
1811
TCPA_VERSION tcsVersion = INTERNAL_CAP_TCS_VERSION;
1812
1813
if ((result = ctx_verify_context(hContext)))
1814
return result;
1815
1816
LogDebug("Checking Software Cap of TCS");
1817
switch (capArea) {
1818
case TSS_TCSCAP_ALG:
1819
LogDebug("TSS_TCSCAP_ALG");
1820
tcsSubCapContainer = Decode_UINT32(subCap);
1821
*respSize = 1;
1822
*resp = malloc(1);
1823
if (*resp == NULL) {
1824
LogError("malloc of %d bytes failed.", 1);
1825
return TCSERR(TSS_E_OUTOFMEMORY);
1826
}
1827
switch (tcsSubCapContainer) {
1828
case TSS_ALG_RSA:
1829
(*resp)[0] = INTERNAL_CAP_TCS_ALG_RSA;
1830
break;
1831
case TSS_ALG_DES:
1832
(*resp)[0] = INTERNAL_CAP_TCS_ALG_DES;
1833
break;
1834
case TSS_ALG_3DES:
1835
(*resp)[0] = INTERNAL_CAP_TCS_ALG_3DES;
1836
break;
1837
case TSS_ALG_SHA:
1838
(*resp)[0] = INTERNAL_CAP_TCS_ALG_SHA;
1839
break;
1840
case TSS_ALG_AES:
1841
(*resp)[0] = INTERNAL_CAP_TCS_ALG_AES;
1842
break;
1843
case TSS_ALG_HMAC:
1844
(*resp)[0] = INTERNAL_CAP_TCS_ALG_HMAC;
1845
break;
1846
default:
1847
free(*resp);
1848
*resp = NULL;
1849
return TCSERR(TSS_E_FAIL);
1850
}
1851
break;
1852
case TSS_TCSCAP_VERSION:
1853
LogDebug("TSS_TCSCAP_VERSION");
1854
*resp = calloc(1, 4);
1855
if (*resp == NULL) {
1856
LogError("malloc of %d bytes failed.", 4);
1857
return TCSERR(TSS_E_OUTOFMEMORY);
1858
}
1859
offset = 0;
1860
LoadBlob_VERSION(&offset, *resp, &tcsVersion);
1861
*respSize = offset;
1862
break;
1863
case TSS_TCSCAP_PERSSTORAGE:
1864
LogDebug("TSS_TCSCAP_PERSSTORAGE");
1865
*respSize = 1;
1866
*resp = malloc(1);
1867
if (*resp == NULL) {
1868
LogError("malloc of %d byte failed.", 1);
1869
return TCSERR(TSS_E_OUTOFMEMORY);
1870
}
1871
(*resp)[0] = INTERNAL_CAP_TCS_PERSSTORAGE;
1872
break;
1873
1874
case TSS_TCSCAP_CACHING:
1875
LogDebug("TSS_TCSCAP_CACHING");
1876
tcsSubCapContainer = Decode_UINT32(subCap);
1877
if (tcsSubCapContainer == TSS_TCSCAP_PROP_KEYCACHE) {
1878
*respSize = 1;
1879
*resp = malloc(1);
1880
if (*resp == NULL) {
1881
LogError("malloc of %d byte failed.", 1);
1882
return TCSERR(TSS_E_OUTOFMEMORY);
1883
}
1884
(*resp)[0] = INTERNAL_CAP_TCS_CACHING_KEYCACHE;
1885
} else if (tcsSubCapContainer == TSS_TCSCAP_PROP_AUTHCACHE) {
1886
*respSize = 1;
1887
*resp = malloc(1);
1888
if (*resp == NULL) {
1889
LogError("malloc of %d byte failed.", 1);
1890
return TCSERR(TSS_E_OUTOFMEMORY);
1891
}
1892
(*resp)[0] = INTERNAL_CAP_TCS_CACHING_AUTHCACHE;
1893
} else {
1894
LogDebugFn("Bad subcap");
1895
return TCSERR(TSS_E_FAIL);
1896
}
1897
break;
1898
case TSS_TCSCAP_MANUFACTURER:
1899
tcsSubCapContainer = Decode_UINT32(subCap);
1900
if (tcsSubCapContainer == TSS_TCSCAP_PROP_MANUFACTURER_ID) {
1901
*respSize = sizeof(UINT32);
1902
*resp = malloc(sizeof(UINT32));
1903
if (*resp == NULL) {
1904
LogError("malloc of %zd byte failed.", sizeof(UINT32));
1905
return TCSERR(TSS_E_OUTOFMEMORY);
1906
}
1907
*(UINT32 *)(*resp) = INTERNAL_CAP_TCS_MANUFACTURER_ID;
1908
} else if (tcsSubCapContainer == TSS_TCSCAP_PROP_MANUFACTURER_STR) {
1909
BYTE str[] = INTERNAL_CAP_TCS_MANUFACTURER_STR;
1910
1911
*respSize = INTERNAL_CAP_TCS_MANUFACTURER_STR_LEN;
1912
*resp = malloc(INTERNAL_CAP_TCS_MANUFACTURER_STR_LEN);
1913
if (*resp == NULL) {
1914
LogError("malloc of %d byte failed.", 1);
1915
return TCSERR(TSS_E_OUTOFMEMORY);
1916
}
1917
memcpy(*resp, str, INTERNAL_CAP_TCS_MANUFACTURER_STR_LEN);
1918
} else {
1919
LogDebugFn("Bad subcap");
1920
return TCSERR(TSS_E_FAIL);
1921
}
1922
break;
1923
default:
1924
return TCSERR(TSS_E_FAIL);
1925
}
1926
1927
return TSS_SUCCESS;
1928
}
1929
1930
TSS_RESULT
1931
TCS_GetCapability_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
1932
TCPA_CAPABILITY_AREA capArea, /* in */
1933
UINT32 subCapSize, /* in */
1934
BYTE * subCap, /* in */
1935
UINT32 * respSize, /* out */
1936
BYTE ** resp /* out */
1937
)
1938
{
1939
TSS_RESULT result;
1940
1941
if ((result = ctx_verify_context(hContext)))
1942
return result;
1943
1944
return internal_TCSGetCap(hContext, capArea, subCapSize, subCap,
1945
respSize, resp);
1946
}
1947
1948
TSS_RESULT
1949
TCSP_GetCapability_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
1950
TCPA_CAPABILITY_AREA capArea, /* in */
1951
UINT32 subCapSize, /* in */
1952
BYTE * subCap, /* in */
1953
UINT32 * respSize, /* out */
1954
BYTE ** resp /* out */
1955
)
1956
{
1957
UINT64 offset;
1958
UINT32 paramSize;
1959
TSS_RESULT result;
1960
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
1961
1962
if ((result = ctx_verify_context(hContext)))
1963
return result;
1964
1965
LogDebug("Entering Get Cap");
1966
offset = 10;
1967
LoadBlob_UINT32(&offset, capArea, txBlob, "capArea");
1968
LoadBlob_UINT32(&offset, subCapSize, txBlob, "sub cap size");
1969
LoadBlob(&offset, subCapSize, txBlob, subCap, "sub cap");
1970
LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset,
1971
TPM_ORD_GetCapability, txBlob);
1972
1973
if ((result = req_mgr_submit_req(txBlob)))
1974
return result;
1975
1976
offset = 10;
1977
result = UnloadBlob_Header(txBlob, ¶mSize);
1978
if (!result) {
1979
UnloadBlob_UINT32(&offset, respSize, txBlob, "resp size");
1980
*resp = malloc(*respSize);
1981
if (*resp == NULL) {
1982
LogError("malloc of %d bytes failed.", *respSize);
1983
return TCSERR(TSS_E_OUTOFMEMORY);
1984
}
1985
UnloadBlob(&offset, *respSize, txBlob, *resp, "resp");
1986
}
1987
LogResult("Get Cap", result);
1988
return result;
1989
}
1990
1991
TSS_RESULT
1992
TCSP_GetCapabilityOwner_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
1993
TPM_AUTH * pOwnerAuth, /* out */
1994
TCPA_VERSION * pVersion, /* out */
1995
UINT32 * pNonVolatileFlags, /* out */
1996
UINT32 * pVolatileFlags /* out */
1997
)
1998
{
1999
UINT64 offset;
2000
TSS_RESULT result;
2001
UINT32 paramSize;
2002
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
2003
2004
LogDebug("Entering Getcap owner");
2005
2006
if ((result = ctx_verify_context(hContext)))
2007
goto done;
2008
2009
if ((result = auth_mgr_check(hContext, pOwnerAuth->AuthHandle)))
2010
goto done;
2011
2012
offset = 10;
2013
LoadBlob_Auth(&offset, txBlob, pOwnerAuth);
2014
LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, offset,
2015
TPM_ORD_GetCapabilityOwner, txBlob);
2016
2017
if ((result = req_mgr_submit_req(txBlob)))
2018
goto done;
2019
2020
offset = 10;
2021
result = UnloadBlob_Header(txBlob, ¶mSize);
2022
2023
if (!result) {
2024
UnloadBlob_VERSION(&offset, txBlob, pVersion);
2025
UnloadBlob_UINT32(&offset, pNonVolatileFlags, txBlob,
2026
"nonvolflags");
2027
UnloadBlob_UINT32(&offset, pVolatileFlags, txBlob, "vol flags");
2028
UnloadBlob_Auth(&offset, txBlob, pOwnerAuth);
2029
}
2030
2031
LogResult("GetCapowner", result);
2032
done:
2033
auth_mgr_release_auth(pOwnerAuth, NULL, hContext);
2034
return result;
2035
}
2036
2037
TSS_RESULT
2038
TCSP_CreateEndorsementKeyPair_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
2039
TCPA_NONCE antiReplay, /* in */
2040
UINT32 endorsementKeyInfoSize, /* in */
2041
BYTE * endorsementKeyInfo, /* in */
2042
UINT32 * endorsementKeySize, /* out */
2043
BYTE ** endorsementKey, /* out */
2044
TCPA_DIGEST * checksum /* out */
2045
)
2046
{
2047
UINT64 offset;
2048
UINT32 paramSize;
2049
TSS_RESULT result;
2050
TCPA_PUBKEY pubKey;
2051
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
2052
2053
if ((result = ctx_verify_context(hContext)))
2054
return result;
2055
2056
offset = 10;
2057
LoadBlob(&offset, TCPA_NONCE_SIZE, txBlob, antiReplay.nonce,
2058
"anit replay");
2059
LoadBlob(&offset, endorsementKeyInfoSize, txBlob,
2060
endorsementKeyInfo, "ek stuff");
2061
LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset,
2062
TPM_ORD_CreateEndorsementKeyPair, txBlob);
2063
2064
if ((result = req_mgr_submit_req(txBlob)))
2065
return result;
2066
2067
offset = 10;
2068
result = UnloadBlob_Header(txBlob, ¶mSize);
2069
if (!result) {
2070
if ((result = UnloadBlob_PUBKEY(&offset, txBlob, &pubKey)))
2071
goto done;
2072
free(pubKey.pubKey.key);
2073
free(pubKey.algorithmParms.parms);
2074
2075
*endorsementKeySize = offset - 10;
2076
*endorsementKey = malloc(*endorsementKeySize);
2077
if (*endorsementKey == NULL) {
2078
LogError("malloc of %u bytes failed.",
2079
*endorsementKeySize);
2080
return TCSERR(TSS_E_OUTOFMEMORY);
2081
}
2082
memcpy(*endorsementKey, &txBlob[10], *endorsementKeySize);
2083
2084
UnloadBlob(&offset, TCPA_DIGEST_SIZE, txBlob,
2085
checksum->digest, "digest");
2086
}
2087
done:
2088
LogDebug("Leaving CreateEKPair with result: 0x%x", result);
2089
return result;
2090
}
2091
2092
TSS_RESULT
2093
TCSP_ReadPubek_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
2094
TCPA_NONCE antiReplay, /* in */
2095
UINT32 * pubEndorsementKeySize, /* out */
2096
BYTE ** pubEndorsementKey, /* out */
2097
TCPA_DIGEST * checksum /* out */
2098
)
2099
{
2100
UINT64 offset;
2101
UINT32 paramSize;
2102
TSS_RESULT result;
2103
TCPA_PUBKEY pubkey;
2104
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
2105
2106
LogDebugFn("Enter");
2107
2108
if ((result = ctx_verify_context(hContext)))
2109
return result;
2110
2111
offset = 10;
2112
LoadBlob(&offset, 20, txBlob, antiReplay.nonce, "anti replay");
2113
LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset, TPM_ORD_ReadPubek, txBlob);
2114
if ((result = req_mgr_submit_req(txBlob)))
2115
return result;
2116
2117
offset = 10;
2118
result = UnloadBlob_Header(txBlob, ¶mSize);
2119
2120
if (!result) {
2121
if ((result = UnloadBlob_PUBKEY(&offset, txBlob, &pubkey)))
2122
goto done;
2123
free(pubkey.pubKey.key);
2124
free(pubkey.algorithmParms.parms);
2125
2126
*pubEndorsementKeySize = (UINT32) (offset - 10);
2127
*pubEndorsementKey = malloc(*pubEndorsementKeySize);
2128
if (*pubEndorsementKey == NULL) {
2129
LogError("malloc of %u bytes failed.", *pubEndorsementKeySize);
2130
return TCSERR(TSS_E_OUTOFMEMORY);
2131
}
2132
memcpy(*pubEndorsementKey, &txBlob[10], *pubEndorsementKeySize);
2133
UnloadBlob(&offset, TCPA_DIGEST_SIZE, txBlob,
2134
checksum->digest, "digest");
2135
}
2136
done:
2137
LogDebugFn("result: 0x%x", result);
2138
return result;
2139
}
2140
2141
TSS_RESULT
2142
TCSP_DisablePubekRead_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
2143
TPM_AUTH * ownerAuth /* in, out */
2144
)
2145
{
2146
UINT64 offset;
2147
UINT32 paramSize;
2148
TSS_RESULT result;
2149
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
2150
2151
LogDebug("DisablePubekRead");
2152
2153
if ((result = ctx_verify_context(hContext)))
2154
goto done;
2155
2156
if ((result = auth_mgr_check(hContext, ownerAuth->AuthHandle)))
2157
goto done;
2158
2159
offset = 10;
2160
LoadBlob_Auth(&offset, txBlob, ownerAuth);
2161
LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, offset,
2162
TPM_ORD_DisablePubekRead, txBlob);
2163
2164
if ((result = req_mgr_submit_req(txBlob)))
2165
goto done;
2166
2167
offset = 10;
2168
result = UnloadBlob_Header(txBlob, ¶mSize);
2169
2170
if (!result) {
2171
UnloadBlob_Auth(&offset, txBlob, ownerAuth);
2172
}
2173
done:
2174
auth_mgr_release_auth(ownerAuth, NULL, hContext);
2175
return result;
2176
}
2177
2178
TSS_RESULT
2179
TCSP_OwnerReadPubek_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
2180
TPM_AUTH * ownerAuth, /* in, out */
2181
UINT32 * pubEndorsementKeySize, /* out */
2182
BYTE ** pubEndorsementKey /* out */
2183
)
2184
{
2185
UINT32 paramSize;
2186
TSS_RESULT result;
2187
UINT64 offset;
2188
TCPA_PUBKEY container;
2189
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
2190
2191
LogDebug("Entering OwnerReadPubek");
2192
2193
if ((result = ctx_verify_context(hContext)))
2194
goto done;
2195
2196
if ((result = auth_mgr_check(hContext, ownerAuth->AuthHandle)))
2197
goto done;
2198
2199
offset = 10;
2200
LoadBlob_Auth(&offset, txBlob, ownerAuth);
2201
2202
LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, offset,
2203
TPM_ORD_OwnerReadPubek, txBlob);
2204
2205
if ((result = req_mgr_submit_req(txBlob)))
2206
goto done;
2207
2208
result = UnloadBlob_Header(txBlob, ¶mSize);
2209
2210
if (!result) {
2211
offset = 10;
2212
/* Call UnloadBlob to parse the data and set its size in &offset */
2213
if ((result = UnloadBlob_PUBKEY(&offset, txBlob, &container)))
2214
goto done;
2215
2216
free(container.pubKey.key);
2217
free(container.algorithmParms.parms);
2218
2219
*pubEndorsementKeySize = offset - 10;
2220
*pubEndorsementKey = malloc(*pubEndorsementKeySize);
2221
if (*pubEndorsementKey == NULL) {
2222
LogError("malloc of %u bytes failed.", *pubEndorsementKeySize);
2223
result = TCSERR(TSS_E_OUTOFMEMORY);
2224
goto done;
2225
}
2226
memcpy(*pubEndorsementKey, &txBlob[10], *pubEndorsementKeySize);
2227
UnloadBlob_Auth(&offset, txBlob, ownerAuth);
2228
}
2229
LogResult("Owner Read Pubek", result);
2230
done:
2231
auth_mgr_release_auth(ownerAuth, NULL, hContext);
2232
return result;
2233
}
2234
2235
TSS_RESULT
2236
TCSP_SelfTestFull_Internal(TCS_CONTEXT_HANDLE hContext /* in */
2237
)
2238
{
2239
UINT32 paramSize;
2240
TSS_RESULT result;
2241
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
2242
2243
LogDebug("Entering Self Test Full");
2244
if ((result = ctx_verify_context(hContext)))
2245
return result;
2246
2247
LoadBlob_Header(TPM_TAG_RQU_COMMAND, 0x0A, TPM_ORD_SelfTestFull,
2248
txBlob);
2249
2250
if ((result = req_mgr_submit_req(txBlob)))
2251
return result;
2252
2253
result = UnloadBlob_Header(txBlob, ¶mSize);
2254
LogResult("Self Test Full", result);
2255
return result;
2256
}
2257
2258
TSS_RESULT
2259
TCSP_CertifySelfTest_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
2260
TCS_KEY_HANDLE keyHandle, /* in */
2261
TCPA_NONCE antiReplay, /* in */
2262
TPM_AUTH * privAuth, /* in, out */
2263
UINT32 * sigSize, /* out */
2264
BYTE ** sig /* out */
2265
)
2266
{
2267
UINT64 offset;
2268
UINT32 paramSize;
2269
TSS_RESULT result;
2270
TCPA_KEY_HANDLE keySlot;
2271
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
2272
2273
LogDebug("Entering Certify Self Test");
2274
2275
if ((result = ctx_verify_context(hContext)))
2276
goto done;
2277
2278
if (privAuth != NULL) {
2279
LogDebug("Auth Used");
2280
if ((result = auth_mgr_check(hContext, privAuth->AuthHandle)))
2281
goto done;
2282
} else {
2283
LogDebug("No Auth");
2284
}
2285
2286
if ((result = ensureKeyIsLoaded(hContext, keyHandle, &keySlot)))
2287
goto done;
2288
2289
offset = 10;
2290
LoadBlob_UINT32(&offset, keySlot, txBlob, "key handle");
2291
LoadBlob(&offset, TCPA_NONCE_SIZE, txBlob,
2292
antiReplay.nonce, "nonoce");
2293
if (privAuth != NULL) {
2294
LoadBlob_Auth(&offset, txBlob, privAuth);
2295
LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND,
2296
offset, TPM_ORD_CertifySelfTest,
2297
txBlob);
2298
} else {
2299
LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset,
2300
TPM_ORD_CertifySelfTest, txBlob);
2301
}
2302
2303
if ((result = req_mgr_submit_req(txBlob)))
2304
goto done;
2305
2306
offset = 10;
2307
result = UnloadBlob_Header(txBlob, ¶mSize);
2308
2309
if (!result) {
2310
UnloadBlob_UINT32(&offset, sigSize, txBlob, "sig size");
2311
*sig = malloc(*sigSize);
2312
if (*sig == NULL) {
2313
LogError("malloc of %d bytes failed.", *sigSize);
2314
result = TCSERR(TSS_E_OUTOFMEMORY);
2315
goto done;
2316
}
2317
UnloadBlob(&offset, *sigSize, txBlob, *sig, "sig");
2318
if (privAuth != NULL)
2319
UnloadBlob_Auth(&offset, txBlob, privAuth);
2320
}
2321
LogResult("Certify Self Test", result);
2322
done:
2323
auth_mgr_release_auth(privAuth, NULL, hContext);
2324
return result;
2325
}
2326
2327
TSS_RESULT
2328
TCSP_GetTestResult_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
2329
UINT32 * outDataSize, /* out */
2330
BYTE ** outData /* out */
2331
)
2332
{
2333
TSS_RESULT result;
2334
UINT32 paramSize;
2335
UINT64 offset;
2336
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
2337
2338
LogDebug("Entering Get Test Result");
2339
if ((result = ctx_verify_context(hContext)))
2340
return result;
2341
2342
LoadBlob_Header(TPM_TAG_RQU_COMMAND, 0x0A, TPM_ORD_GetTestResult, txBlob);
2343
2344
if ((result = req_mgr_submit_req(txBlob)))
2345
return result;
2346
2347
offset = 10;
2348
2349
result = UnloadBlob_Header(txBlob, ¶mSize);
2350
if (!result) {
2351
UnloadBlob_UINT32(&offset, outDataSize, txBlob, "data size");
2352
*outData = malloc(*outDataSize);
2353
if (*outData == NULL) {
2354
LogError("malloc of %d bytes failed.", *outDataSize);
2355
return TCSERR(TSS_E_OUTOFMEMORY);
2356
}
2357
UnloadBlob(&offset, *outDataSize, txBlob, *outData, "outdata");
2358
LogBlob(*outDataSize, *outData);
2359
}
2360
LogResult("Get Test Result", result);
2361
return result;
2362
}
2363
2364
TSS_RESULT
2365
TCSP_OwnerSetDisable_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
2366
TSS_BOOL disableState, /* in */
2367
TPM_AUTH * ownerAuth /* in, out */
2368
)
2369
{
2370
UINT64 offset;
2371
UINT32 paramSize;
2372
TSS_RESULT result;
2373
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
2374
2375
offset = 10;
2376
2377
if ((result = ctx_verify_context(hContext)))
2378
goto done;
2379
2380
if ((result = auth_mgr_check(hContext, ownerAuth->AuthHandle)))
2381
goto done;
2382
2383
LoadBlob_BOOL(&offset, disableState, txBlob, "State");
2384
LoadBlob_Auth(&offset, txBlob, ownerAuth);
2385
LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, offset,
2386
TPM_ORD_OwnerSetDisable, txBlob);
2387
2388
if ((result = req_mgr_submit_req(txBlob)))
2389
goto done;
2390
2391
offset = 10;
2392
result = UnloadBlob_Header(txBlob, ¶mSize);
2393
2394
if (!result) {
2395
UnloadBlob_Auth(&offset, txBlob, ownerAuth);
2396
}
2397
done:
2398
auth_mgr_release_auth(ownerAuth, NULL, hContext);
2399
return result;
2400
}
2401
2402
TSS_RESULT
2403
TCSP_OwnerClear_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
2404
TPM_AUTH * ownerAuth /* in, out */
2405
)
2406
{
2407
UINT64 offset;
2408
UINT32 paramSize;
2409
TSS_RESULT result;
2410
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
2411
2412
LogDebug("Entering OwnerClear");
2413
2414
if ((result = ctx_verify_context(hContext)))
2415
goto done;
2416
2417
if ((result = auth_mgr_check(hContext, ownerAuth->AuthHandle)))
2418
goto done;
2419
2420
offset = 10;
2421
LoadBlob_Auth(&offset, txBlob, ownerAuth);
2422
LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, offset,
2423
TPM_ORD_OwnerClear, txBlob);
2424
2425
if ((result = req_mgr_submit_req(txBlob)))
2426
goto done;
2427
2428
offset = 10;
2429
result = UnloadBlob_Header(txBlob, ¶mSize);
2430
2431
if (!result) {
2432
UnloadBlob_Auth(&offset, txBlob, ownerAuth);
2433
}
2434
LogResult("Ownerclear", result);
2435
done:
2436
auth_mgr_release_auth(ownerAuth, NULL, hContext);
2437
return result;
2438
}
2439
2440
TSS_RESULT
2441
TCSP_DisableOwnerClear_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
2442
TPM_AUTH * ownerAuth /* in, out */
2443
)
2444
{
2445
UINT64 offset;
2446
UINT32 paramSize;
2447
TSS_RESULT result;
2448
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
2449
2450
LogDebug("Entering DisableownerClear");
2451
2452
if ((result = ctx_verify_context(hContext)))
2453
goto done;
2454
2455
if ((result = auth_mgr_check(hContext, ownerAuth->AuthHandle)))
2456
goto done;
2457
2458
offset = 10;
2459
LoadBlob_Auth(&offset, txBlob, ownerAuth);
2460
LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, offset,
2461
TPM_ORD_DisableOwnerClear, txBlob);
2462
2463
if ((result = req_mgr_submit_req(txBlob)))
2464
goto done;
2465
2466
offset = 10;
2467
result = UnloadBlob_Header(txBlob, ¶mSize);
2468
2469
if (!result) {
2470
UnloadBlob_Auth(&offset, txBlob, ownerAuth);
2471
}
2472
LogResult("DisableOwnerClear", result);
2473
done:
2474
auth_mgr_release_auth(ownerAuth, NULL, hContext);
2475
return result;
2476
}
2477
2478
TSS_RESULT
2479
TCSP_ForceClear_Internal(TCS_CONTEXT_HANDLE hContext /* in */
2480
)
2481
{
2482
UINT32 paramSize;
2483
TSS_RESULT result;
2484
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
2485
2486
LogDebug("Entering Force Clear");
2487
if ((result = ctx_verify_context(hContext)))
2488
return result;
2489
2490
LoadBlob_Header(TPM_TAG_RQU_COMMAND, 0x0A, TPM_ORD_ForceClear, txBlob);
2491
2492
if ((result = req_mgr_submit_req(txBlob)))
2493
return result;
2494
2495
result = UnloadBlob_Header(txBlob, ¶mSize);
2496
LogResult("Force Clear", result);
2497
return result;
2498
}
2499
2500
TSS_RESULT
2501
TCSP_DisableForceClear_Internal(TCS_CONTEXT_HANDLE hContext /* in */
2502
)
2503
{
2504
UINT32 paramSize;
2505
TSS_RESULT result;
2506
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
2507
2508
LogDebug("Entering Disable Force Clear");
2509
if ((result = ctx_verify_context(hContext)))
2510
return result;
2511
2512
LoadBlob_Header(TPM_TAG_RQU_COMMAND, 0x0A,
2513
TPM_ORD_DisableForceClear, txBlob);
2514
2515
if ((result = req_mgr_submit_req(txBlob)))
2516
return result;
2517
2518
result = UnloadBlob_Header(txBlob, ¶mSize);
2519
LogResult("Disable Force Clear", result);
2520
return result;
2521
2522
}
2523
2524
TSS_RESULT
2525
TCSP_PhysicalPresence_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
2526
TCPA_PHYSICAL_PRESENCE fPhysicalPresence /* in */
2527
)
2528
{
2529
UINT64 offset;
2530
UINT32 paramSize;
2531
TSS_RESULT result = TCSERR(TSS_E_NOTIMPL);
2532
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
2533
char runlevel;
2534
2535
runlevel = platform_get_runlevel();
2536
2537
if (runlevel != 's' && runlevel != 'S' && runlevel != '1') {
2538
LogInfo("Physical Presence command denied: Must be in single"
2539
" user mode.");
2540
return TCSERR(TSS_E_NOTIMPL);
2541
}
2542
2543
if ((result = ctx_verify_context(hContext)))
2544
return result;
2545
2546
offset = 10;
2547
LoadBlob_UINT16(&offset, fPhysicalPresence, txBlob, NULL);
2548
LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset,
2549
TPM_ORD_PhysicalPresence, txBlob);
2550
2551
if ((result = req_mgr_submit_req(txBlob)))
2552
return result;
2553
2554
return UnloadBlob_Header(txBlob, ¶mSize);
2555
}
2556
2557
TSS_RESULT
2558
TCSP_PhysicalDisable_Internal(TCS_CONTEXT_HANDLE hContext /* in */
2559
)
2560
{
2561
UINT32 paramSize;
2562
TSS_RESULT result;
2563
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
2564
2565
LogDebug("Entering Physical Disable");
2566
if ((result = ctx_verify_context(hContext)))
2567
return result;
2568
2569
/* XXX ooh, magic */
2570
LoadBlob_Header(TPM_TAG_RQU_COMMAND, 0x0A,
2571
TPM_ORD_PhysicalDisable, txBlob);
2572
2573
if ((result = req_mgr_submit_req(txBlob)))
2574
return result;
2575
2576
result = UnloadBlob_Header(txBlob, ¶mSize);
2577
LogResult("Physical Disable", result);
2578
2579
return result;
2580
}
2581
2582
TSS_RESULT
2583
TCSP_PhysicalEnable_Internal(TCS_CONTEXT_HANDLE hContext /* in */
2584
)
2585
{
2586
TSS_RESULT result;
2587
UINT32 paramSize;
2588
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
2589
2590
LogDebug("Entering Physical Enable");
2591
if ((result = ctx_verify_context(hContext)))
2592
return result;
2593
2594
LoadBlob_Header(TPM_TAG_RQU_COMMAND, 0x0A,
2595
TPM_ORD_PhysicalEnable, txBlob);
2596
2597
if ((result = req_mgr_submit_req(txBlob)))
2598
return result;
2599
2600
result = UnloadBlob_Header(txBlob, ¶mSize);
2601
LogResult("Physical Enable", result);
2602
2603
return result;
2604
}
2605
2606
TSS_RESULT
2607
TCSP_PhysicalSetDeactivated_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
2608
TSS_BOOL state /* in */
2609
)
2610
{
2611
UINT64 offset;
2612
UINT32 paramSize;
2613
TSS_RESULT result;
2614
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
2615
2616
LogDebug("Entering Physical Set Decativated");
2617
if ((result = ctx_verify_context(hContext)))
2618
return result;
2619
2620
offset = 10;
2621
LoadBlob_BOOL(&offset, state, txBlob, "State");
2622
LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset,
2623
TPM_ORD_PhysicalSetDeactivated, txBlob);
2624
2625
if ((result = req_mgr_submit_req(txBlob)))
2626
return result;
2627
2628
result = UnloadBlob_Header(txBlob, ¶mSize);
2629
LogResult("PhysicalSetDeactivated", result);
2630
return result;
2631
}
2632
2633
TSS_RESULT
2634
TCSP_SetTempDeactivated_Internal(TCS_CONTEXT_HANDLE hContext /* in */
2635
)
2636
{
2637
UINT32 paramSize;
2638
TSS_RESULT result;
2639
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
2640
2641
LogDebug("Entering Set Temp Deactivated");
2642
if ((result = ctx_verify_context(hContext)))
2643
return result;
2644
2645
LoadBlob_Header(TPM_TAG_RQU_COMMAND, 0x0A,
2646
TPM_ORD_SetTempDeactivated, txBlob);
2647
2648
if ((result = req_mgr_submit_req(txBlob)))
2649
return result;
2650
2651
result = UnloadBlob_Header(txBlob, ¶mSize);
2652
LogResult("SetTempDeactivated", result);
2653
2654
return result;
2655
}
2656
2657
TSS_RESULT
2658
TCSP_FieldUpgrade_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
2659
UINT32 dataInSize, /* in */
2660
BYTE * dataIn, /* in */
2661
UINT32 * dataOutSize, /* out */
2662
BYTE ** dataOut, /* out */
2663
TPM_AUTH * ownerAuth /* in, out */
2664
)
2665
{
2666
TSS_RESULT result;
2667
UINT32 paramSize;
2668
UINT64 offset;
2669
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
2670
2671
LogDebug("Field Upgrade");
2672
2673
if ((result = ctx_verify_context(hContext)))
2674
goto done;
2675
2676
if ((result = auth_mgr_check(hContext, ownerAuth->AuthHandle)))
2677
goto done;
2678
2679
offset = 10;
2680
if (dataInSize != 0) {
2681
LoadBlob_UINT32(&offset, dataInSize, txBlob,
2682
"data size");
2683
LoadBlob(&offset, dataInSize, txBlob, dataIn, "data");
2684
}
2685
LoadBlob_Auth(&offset, txBlob, ownerAuth);
2686
2687
LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, offset,
2688
TPM_ORD_FieldUpgrade, txBlob);
2689
2690
if ((result = req_mgr_submit_req(txBlob)))
2691
goto done;
2692
2693
result = UnloadBlob_Header(txBlob, ¶mSize);
2694
2695
if (!result) {
2696
offset = 10;
2697
if (dataInSize != 0) {
2698
UnloadBlob_UINT32(&offset, dataOutSize, txBlob, "size");
2699
*dataOut = malloc(*dataOutSize);
2700
if (*dataOut == NULL) {
2701
LogError("malloc of %u bytes failed.",
2702
*dataOutSize);
2703
result = TCSERR(TSS_E_OUTOFMEMORY);
2704
goto done;
2705
}
2706
UnloadBlob(&offset, *dataOutSize, txBlob,
2707
*dataOut, "data");
2708
}
2709
UnloadBlob_Auth(&offset, txBlob, ownerAuth);
2710
}
2711
LogResult("Field Upgrade", result);
2712
done:
2713
auth_mgr_release_auth(ownerAuth, NULL, hContext);
2714
return result;
2715
}
2716
2717
TSS_RESULT
2718
TCSP_SetRedirection_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
2719
TCS_KEY_HANDLE keyHandle, /* in */
2720
UINT32 c1, /* in */
2721
UINT32 c2, /* in */
2722
TPM_AUTH * privAuth /* in, out */
2723
)
2724
{
2725
TSS_RESULT result;
2726
UINT32 paramSize;
2727
UINT64 offset;
2728
TCPA_KEY_HANDLE keySlot;
2729
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
2730
2731
LogDebug("Set Redirection");
2732
2733
if ((result = ctx_verify_context(hContext)))
2734
goto done;
2735
2736
if (privAuth != NULL) {
2737
if ((result = auth_mgr_check(hContext, privAuth->AuthHandle)))
2738
goto done;
2739
}
2740
2741
if ((result = ensureKeyIsLoaded(hContext, keyHandle, &keySlot))) {
2742
result = TCSERR(TSS_E_FAIL);
2743
goto done;
2744
}
2745
2746
offset = 10;
2747
LoadBlob_UINT32(&offset, keySlot, txBlob, "key slot");
2748
LoadBlob_UINT32(&offset, c1, txBlob, "c1");
2749
LoadBlob_UINT32(&offset, c2, txBlob, "c2");
2750
if (privAuth != NULL) {
2751
LoadBlob_Auth(&offset, txBlob, privAuth);
2752
LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND,
2753
offset, TPM_ORD_SetRedirection, txBlob);
2754
} else {
2755
LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset,
2756
TPM_ORD_SetRedirection, txBlob);
2757
}
2758
if ((result = req_mgr_submit_req(txBlob)))
2759
goto done;
2760
2761
result = UnloadBlob_Header(txBlob, ¶mSize);
2762
2763
if (!result) {
2764
offset = 10;
2765
if (privAuth != NULL)
2766
UnloadBlob_Auth(&offset, txBlob, privAuth);
2767
}
2768
LogResult("Set Redirection", result);
2769
done:
2770
auth_mgr_release_auth(privAuth, NULL, hContext);
2771
return result;
2772
}
2773
2774
TSS_RESULT
2775
TCSP_CreateMaintenanceArchive_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
2776
TSS_BOOL generateRandom, /* in */
2777
TPM_AUTH * ownerAuth, /* in, out */
2778
UINT32 * randomSize, /* out */
2779
BYTE ** random, /* out */
2780
UINT32 * archiveSize, /* out */
2781
BYTE ** archive /* out */
2782
)
2783
{
2784
TSS_RESULT result;
2785
UINT32 paramSize;
2786
UINT64 offset;
2787
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
2788
2789
LogDebug("Create Main Archive");
2790
2791
if ((result = ctx_verify_context(hContext)))
2792
goto done;
2793
2794
if ((result = auth_mgr_check(hContext, ownerAuth->AuthHandle)))
2795
goto done;
2796
2797
offset = 10;
2798
LoadBlob_BOOL(&offset, generateRandom, txBlob, "gen rand");
2799
LoadBlob_Auth(&offset, txBlob, ownerAuth);
2800
2801
LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, offset,
2802
TPM_ORD_CreateMaintenanceArchive, txBlob);
2803
2804
if ((result = req_mgr_submit_req(txBlob)))
2805
goto done;
2806
2807
result = UnloadBlob_Header(txBlob, ¶mSize);
2808
2809
if (!result) {
2810
offset = 10;
2811
UnloadBlob_UINT32(&offset, randomSize, txBlob, "random size");
2812
*random = malloc(*randomSize);
2813
if (*random == NULL) {
2814
LogError("malloc of %d bytes failed.", *randomSize);
2815
result = TCSERR(TSS_E_OUTOFMEMORY);
2816
goto done;
2817
} else {
2818
UnloadBlob(&offset, *randomSize, txBlob, *random, "random");
2819
}
2820
2821
UnloadBlob_UINT32(&offset, archiveSize, txBlob, "archive size");
2822
*archive = malloc(*archiveSize);
2823
if (*archive == NULL) {
2824
free(*random);
2825
LogError("malloc of %d bytes failed.", *archiveSize);
2826
result = TCSERR(TSS_E_OUTOFMEMORY);
2827
goto done;
2828
} else {
2829
UnloadBlob(&offset, *archiveSize, txBlob, *archive, "archive");
2830
}
2831
2832
UnloadBlob_Auth(&offset, txBlob, ownerAuth);
2833
}
2834
LogResult("Create Main Archive", result);
2835
done:
2836
auth_mgr_release_auth(ownerAuth, NULL, hContext);
2837
return result;
2838
}
2839
2840
TSS_RESULT
2841
TCSP_LoadMaintenanceArchive_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
2842
UINT32 dataInSize, /* in */
2843
BYTE * dataIn, /* in */
2844
TPM_AUTH * ownerAuth, /* in, out */
2845
UINT32 * dataOutSize, /* out */
2846
BYTE ** dataOut /* out */
2847
)
2848
{
2849
TSS_RESULT result;
2850
UINT32 paramSize;
2851
UINT64 offset;
2852
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
2853
2854
LogDebug("Load Maint Archive");
2855
2856
if ((result = ctx_verify_context(hContext)))
2857
goto done;
2858
2859
if ((result = auth_mgr_check(hContext, ownerAuth->AuthHandle)))
2860
goto done;
2861
2862
offset = 10;
2863
if (dataInSize != 0) {
2864
LoadBlob_UINT32(&offset, dataInSize, txBlob,
2865
"vendor data size");
2866
LoadBlob(&offset, dataInSize, txBlob, dataIn,
2867
"vendor data");
2868
}
2869
LoadBlob_Auth(&offset, txBlob, ownerAuth);
2870
2871
LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, offset,
2872
TPM_ORD_LoadMaintenanceArchive, txBlob);
2873
2874
if ((result = req_mgr_submit_req(txBlob)))
2875
goto done;
2876
2877
result = UnloadBlob_Header(txBlob, ¶mSize);
2878
2879
if (!result) {
2880
offset = 10;
2881
if (dataInSize != 0) {
2882
UnloadBlob_UINT32(&offset, dataOutSize, txBlob, "vendor data size");
2883
*dataOut = calloc(1, *dataOutSize);
2884
if (*dataOut == NULL) {
2885
LogError("malloc of %u bytes failed.",
2886
*dataOutSize);
2887
result = TCSERR(TSS_E_OUTOFMEMORY);
2888
goto done;
2889
}
2890
UnloadBlob(&offset, *dataOutSize, txBlob,
2891
*dataOut, "vendor data");
2892
}
2893
UnloadBlob_Auth(&offset, txBlob, ownerAuth);
2894
}
2895
LogResult("Load Maint Archive", result);
2896
done:
2897
auth_mgr_release_auth(ownerAuth, NULL, hContext);
2898
return result;
2899
}
2900
2901
TSS_RESULT
2902
TCSP_KillMaintenanceFeature_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
2903
TPM_AUTH * ownerAuth /* in, out */
2904
)
2905
{
2906
TSS_RESULT result;
2907
UINT32 paramSize;
2908
UINT64 offset;
2909
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
2910
2911
if ((result = ctx_verify_context(hContext)))
2912
goto done;
2913
2914
if ((result = auth_mgr_check(hContext, ownerAuth->AuthHandle)))
2915
goto done;
2916
2917
offset = 10;
2918
LoadBlob_Auth(&offset, txBlob, ownerAuth);
2919
2920
LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, offset,
2921
TPM_ORD_KillMaintenanceFeature, txBlob);
2922
2923
if ((result = req_mgr_submit_req(txBlob)))
2924
goto done;
2925
2926
result = UnloadBlob_Header(txBlob, ¶mSize);
2927
2928
if (!result) {
2929
offset = 10;
2930
UnloadBlob_Auth(&offset, txBlob, ownerAuth);
2931
}
2932
done:
2933
auth_mgr_release_auth(ownerAuth, NULL, hContext);
2934
return result;
2935
}
2936
2937
TSS_RESULT
2938
TCSP_LoadManuMaintPub_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
2939
TCPA_NONCE antiReplay, /* in */
2940
UINT32 PubKeySize, /* in */
2941
BYTE * PubKey, /* in */
2942
TCPA_DIGEST * checksum /* out */
2943
)
2944
{
2945
TSS_RESULT result;
2946
UINT32 paramSize;
2947
UINT64 offset;
2948
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
2949
2950
LogDebug("Entering Load Manu Maint Pub");
2951
2952
offset = 10;
2953
LoadBlob(&offset, 20, txBlob, antiReplay.nonce, "checksum");
2954
LoadBlob(&offset, PubKeySize, txBlob, PubKey, "pubkey");
2955
LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset,
2956
TPM_ORD_LoadManuMaintPub, txBlob);
2957
2958
if ((result = req_mgr_submit_req(txBlob)))
2959
return result;
2960
2961
result = UnloadBlob_Header(txBlob, ¶mSize);
2962
if (!result) {
2963
offset = 10;
2964
UnloadBlob(&offset, 20, txBlob, checksum->digest, "checksum");
2965
}
2966
LogResult("Load Manu Maint Pub", result);
2967
return result;
2968
}
2969
2970
TSS_RESULT
2971
TCSP_ReadManuMaintPub_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
2972
TCPA_NONCE antiReplay, /* in */
2973
TCPA_DIGEST * checksum /* out */
2974
)
2975
{
2976
TSS_RESULT result;
2977
UINT32 paramSize;
2978
UINT64 offset;
2979
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
2980
2981
LogDebug("Entering Read Manu Maint Pub");
2982
2983
offset = 10;
2984
LoadBlob(&offset, 20, txBlob, antiReplay.nonce, "checksum");
2985
LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset,
2986
TPM_ORD_ReadManuMaintPub, txBlob);
2987
2988
if ((result = req_mgr_submit_req(txBlob)))
2989
return result;
2990
2991
result = UnloadBlob_Header(txBlob, ¶mSize);
2992
if (!result) {
2993
offset = 10;
2994
UnloadBlob(&offset, 20, txBlob, checksum->digest, "checksum");
2995
}
2996
LogResult("Read Manu Maint Pub", result);
2997
return result;
2998
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.1