3
* Licensed Materials - Property of IBM
5
* trousers - An open source TCG Software Stack
7
* (C) Copyright International Business Machines Corp. 2005
19
#include "trousers/tss.h"
20
#include "trousers/trousers.h"
21
#include "spi_internal_types.h"
22
#include "spi_utils.h"
23
#include "capabilities.h"
28
obj_rsakey_add(TSS_HCONTEXT tspContext, TSS_FLAG initFlags, TSS_HOBJECT *phObject)
32
TCPA_RSA_KEY_PARMS rsaKeyParms;
34
struct tr_rsakey_obj *rsakey = calloc(1, sizeof(struct tr_rsakey_obj));
35
TCPA_VERSION ver = { 1, 1, 0, 0 }; // Must be 1.1.0.0 for 1.2 TPMs
38
LogError("malloc of %zd bytes failed.",
39
sizeof(struct tr_rsakey_obj));
40
return TSPERR(TSS_E_OUTOFMEMORY);
43
memset(&rsaKeyParms, 0, sizeof(TCPA_RSA_KEY_PARMS));
45
#ifdef TSS_COPY_POLICY_OBJECTS
46
/* add usage policy */
47
if ((result = obj_policy_add(tspContext, TSS_POLICY_USAGE,
48
&rsakey->usagePolicy))) {
53
/* add migration policy */
54
if ((result = obj_policy_add(tspContext, TSS_POLICY_MIGRATION,
55
&rsakey->migPolicy))) {
56
obj_policy_remove(rsakey->usagePolicy, tspContext);
61
if ((result = obj_context_get_policy(tspContext, &rsakey->usagePolicy))) {
67
if (initFlags & TSS_KEY_EMPTY_KEY)
70
memcpy(&rsakey->tcpaKey.ver, &ver, sizeof(TCPA_VERSION));
72
rsakey->tcpaKey.algorithmParms.algorithmID = TCPA_ALG_RSA;
73
rsakey->tcpaKey.algorithmParms.parmSize = sizeof(TCPA_RSA_KEY_PARMS);
74
rsakey->tcpaKey.algorithmParms.parms = calloc(1, sizeof(TCPA_RSA_KEY_PARMS));
76
if (rsakey->tcpaKey.algorithmParms.parms == NULL) {
77
LogError("calloc of %d bytes failed.",
78
rsakey->tcpaKey.algorithmParms.parmSize);
79
#ifdef TSS_COPY_POLICY_OBJECTS
80
obj_policy_remove(rsakey->usagePolicy, tspContext);
81
obj_policy_remove(rsakey->migPolicy, tspContext);
84
return TSPERR(TSS_E_OUTOFMEMORY);
86
rsaKeyParms.exponentSize = 0;
87
rsaKeyParms.numPrimes = 2;
88
memset(&rsakey->tcpaKey.keyFlags, 0, sizeof(TCPA_KEY_FLAGS));
90
rsakey->tcpaKey.pubKey.keyLength = 0;
91
rsakey->tcpaKey.encSize = 0;
92
rsakey->tcpaKey.PCRInfoSize = 0;
94
/* End of all the default stuff */
96
if (initFlags & TSS_KEY_VOLATILE)
97
rsakey->tcpaKey.keyFlags |= volatileKey;
98
if (initFlags & TSS_KEY_MIGRATABLE)
99
rsakey->tcpaKey.keyFlags |= migratable;
100
if (initFlags & TSS_KEY_AUTHORIZATION) {
101
rsakey->tcpaKey.authDataUsage = TPM_AUTH_ALWAYS;
102
flags |= TSS_OBJ_FLAG_USAGEAUTH;
106
/* set the key length */
107
if ((initFlags & TSS_KEY_SIZE_MASK) == TSS_KEY_SIZE_512) {
108
rsaKeyParms.keyLength = 512;
109
} else if ((initFlags & TSS_KEY_SIZE_MASK) == TSS_KEY_SIZE_1024) {
110
rsaKeyParms.keyLength = 1024;
111
} else if ((initFlags & TSS_KEY_SIZE_MASK) == TSS_KEY_SIZE_2048) {
112
rsaKeyParms.keyLength = 2048;
113
} else if ((initFlags & TSS_KEY_SIZE_MASK) == TSS_KEY_SIZE_4096) {
114
rsaKeyParms.keyLength = 4096;
115
} else if ((initFlags & TSS_KEY_SIZE_MASK) == TSS_KEY_SIZE_8192) {
116
rsaKeyParms.keyLength = 8192;
117
} else if ((initFlags & TSS_KEY_SIZE_MASK) == TSS_KEY_SIZE_16384) {
118
rsaKeyParms.keyLength = 16384;
121
/* assign encryption and signature schemes */
122
if ((initFlags & TSS_KEY_TYPE_MASK) == TSS_KEY_TYPE_SIGNING) {
123
rsakey->tcpaKey.keyUsage = TPM_KEY_SIGNING;
124
rsakey->tcpaKey.algorithmParms.encScheme = TCPA_ES_NONE;
125
rsakey->tcpaKey.algorithmParms.sigScheme = TCPA_SS_RSASSAPKCS1v15_SHA1;
126
} else if ((initFlags & TSS_KEY_TYPE_MASK) == TSS_KEY_TYPE_BIND) {
127
rsakey->tcpaKey.keyUsage = TPM_KEY_BIND;
128
rsakey->tcpaKey.algorithmParms.encScheme = TCPA_ES_RSAESOAEP_SHA1_MGF1;
129
rsakey->tcpaKey.algorithmParms.sigScheme = TCPA_SS_NONE;
130
} else if ((initFlags & TSS_KEY_TYPE_MASK) == TSS_KEY_TYPE_LEGACY) {
131
rsakey->tcpaKey.keyUsage = TPM_KEY_LEGACY;
132
rsakey->tcpaKey.algorithmParms.encScheme = TCPA_ES_RSAESOAEP_SHA1_MGF1;
133
rsakey->tcpaKey.algorithmParms.sigScheme = TCPA_SS_RSASSAPKCS1v15_SHA1;
134
} else if ((initFlags & TSS_KEY_TYPE_MASK) == TSS_KEY_TYPE_STORAGE) {
135
rsakey->tcpaKey.keyUsage = TPM_KEY_STORAGE;
136
rsakey->tcpaKey.algorithmParms.encScheme = TCPA_ES_RSAESOAEP_SHA1_MGF1;
137
rsakey->tcpaKey.algorithmParms.sigScheme = TCPA_SS_NONE;
138
} else if ((initFlags & TSS_KEY_TYPE_MASK) == TSS_KEY_TYPE_IDENTITY) {
139
rsakey->tcpaKey.keyUsage = TPM_KEY_IDENTITY;
140
rsakey->tcpaKey.algorithmParms.encScheme = TCPA_ES_NONE;
141
rsakey->tcpaKey.algorithmParms.sigScheme = TCPA_SS_RSASSAPKCS1v15_SHA1;
142
} else if ((initFlags & TSS_KEY_TYPE_MASK) == TSS_KEY_TYPE_AUTHCHANGE) {
143
rsakey->tcpaKey.keyUsage = TPM_KEY_AUTHCHANGE;
144
rsakey->tcpaKey.algorithmParms.encScheme = TCPA_ES_RSAESOAEP_SHA1_MGF1;
145
rsakey->tcpaKey.algorithmParms.sigScheme = TCPA_SS_NONE;
148
/* Load the RSA key parms into the blob in the TCPA_KEY_PARMS pointer.
149
* If the exponent is left NULL, the parmSize variable will change
152
Trspi_LoadBlob_RSA_KEY_PARMS(&offset, rsakey->tcpaKey.algorithmParms.parms,
154
rsakey->tcpaKey.algorithmParms.parmSize = offset;
157
if ((result = obj_list_add(&rsakey_list, tspContext, flags, rsakey, phObject))) {
158
#ifdef TSS_COPY_POLICY_OBJECTS
159
obj_policy_remove(rsakey->usagePolicy, tspContext);
160
obj_policy_remove(rsakey->migPolicy, tspContext);
162
free(rsakey->tcpaKey.algorithmParms.parms);
170
/* Add a new rsakey to the list when its pulled from user PS */
172
obj_rsakey_add_by_key(TSS_HCONTEXT tspContext, TSS_UUID *uuid, BYTE *key, TSS_FLAG flags,
177
struct tr_rsakey_obj *rsakey = calloc(1, sizeof(struct tr_rsakey_obj));
179
if (rsakey == NULL) {
180
LogError("malloc of %zd bytes failed.", sizeof(struct tr_rsakey_obj));
181
return TSPERR(TSS_E_OUTOFMEMORY);
184
memcpy(&rsakey->uuid, uuid, sizeof(TSS_UUID));
187
if ((result = Trspi_UnloadBlob_KEY(&offset, key, &rsakey->tcpaKey))) {
192
flags |= TSS_OBJ_FLAG_KEY_SET;
193
if (rsakey->tcpaKey.authDataUsage)
194
flags |= TSS_OBJ_FLAG_USAGEAUTH;
196
#ifdef TSS_COPY_POLICY_OBJECTS
197
/* add usage policy */
198
if ((result = obj_policy_add(tspContext, TSS_POLICY_USAGE, &rsakey->usagePolicy))) {
199
free_key_refs(&rsakey->tcpaKey);
204
/* add migration policy */
205
if ((result = obj_policy_add(tspContext, TSS_POLICY_MIGRATION, &rsakey->migPolicy))) {
206
free_key_refs(&rsakey->tcpaKey);
207
obj_policy_remove(rsakey->usagePolicy, tspContext);
212
if ((result = obj_context_get_policy(tspContext, &rsakey->usagePolicy))) {
218
if ((result = obj_list_add(&rsakey_list, tspContext, flags, rsakey, phKey))) {
219
free_key_refs(&rsakey->tcpaKey);
220
#ifdef TSS_COPY_POLICY_OBJECTS
221
obj_policy_remove(rsakey->usagePolicy, tspContext);
222
obj_policy_remove(rsakey->migPolicy, tspContext);
232
obj_is_rsakey(TSS_HOBJECT hObject)
234
TSS_BOOL answer = FALSE;
236
if ((obj_list_get_obj(&rsakey_list, hObject))) {
238
obj_list_put(&rsakey_list);
245
obj_rsakey_set_flags(TSS_HKEY hKey, UINT32 flags)
247
struct tsp_object *obj;
248
struct tr_rsakey_obj *rsakey;
249
TSS_RESULT result = TSS_SUCCESS;
251
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
252
return TSPERR(TSS_E_INVALID_HANDLE);
254
if (obj->flags & TSS_OBJ_FLAG_KEY_SET) {
255
result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
259
rsakey = (struct tr_rsakey_obj *)obj->data;
260
rsakey->tcpaKey.keyFlags = flags;
262
obj_list_put(&rsakey_list);
268
obj_rsakey_set_size(TSS_HKEY hKey, UINT32 len)
270
struct tsp_object *obj;
271
struct tr_rsakey_obj *rsakey;
272
TSS_RESULT result = TSS_SUCCESS;
274
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
275
return TSPERR(TSS_E_INVALID_HANDLE);
277
if (obj->flags & TSS_OBJ_FLAG_KEY_SET) {
278
result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
282
rsakey = (struct tr_rsakey_obj *)obj->data;
283
rsakey->tcpaKey.pubKey.keyLength = len/8;
285
obj_list_put(&rsakey_list);
291
obj_rsakey_set_key_parms(TSS_HKEY hKey, TCPA_KEY_PARMS *parms)
293
struct tsp_object *obj;
294
struct tr_rsakey_obj *rsakey;
295
TSS_RESULT result = TSS_SUCCESS;
297
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
298
return TSPERR(TSS_E_INVALID_HANDLE);
300
if (obj->flags & TSS_OBJ_FLAG_KEY_SET) {
301
result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
305
rsakey = (struct tr_rsakey_obj *)obj->data;
307
free(rsakey->tcpaKey.algorithmParms.parms);
309
memcpy(&rsakey->tcpaKey.algorithmParms, parms, sizeof(TCPA_KEY_PARMS));
311
if (parms->parmSize > 0) {
312
if ((rsakey->tcpaKey.algorithmParms.parms =
313
malloc(parms->parmSize)) == NULL) {
314
LogError("calloc of %d bytes failed.", parms->parmSize);
315
result = TSPERR(TSS_E_OUTOFMEMORY);
319
memcpy(rsakey->tcpaKey.algorithmParms.parms, parms->parms,
322
rsakey->tcpaKey.algorithmParms.parms = NULL;
326
obj_list_put(&rsakey_list);
332
obj_rsakey_set_policy(TSS_HKEY hKey, UINT32 type, TSS_HPOLICY hPolicy)
334
struct tsp_object *obj;
335
struct tr_rsakey_obj *rsakey;
337
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
338
return TSPERR(TSS_E_INVALID_HANDLE);
340
rsakey = (struct tr_rsakey_obj *)obj->data;
342
if (type == TSS_POLICY_USAGE)
343
rsakey->usagePolicy = hPolicy;
345
rsakey->migPolicy = hPolicy;
347
obj_list_put(&rsakey_list);
353
obj_rsakey_set_pstype(TSS_HKEY hKey, UINT32 type)
355
struct tsp_object *obj;
357
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
358
return TSPERR(TSS_E_INVALID_HANDLE);
361
case TSS_PS_TYPE_USER:
362
obj->flags |= TSS_OBJ_FLAG_USER_PS;
363
obj->flags &= ~TSS_OBJ_FLAG_SYSTEM_PS;
365
case TSS_PS_TYPE_SYSTEM:
366
obj->flags |= TSS_OBJ_FLAG_SYSTEM_PS;
367
obj->flags &= ~TSS_OBJ_FLAG_USER_PS;
371
obj->flags &= ~TSS_OBJ_FLAG_USER_PS;
372
obj->flags &= ~TSS_OBJ_FLAG_SYSTEM_PS;
376
obj_list_put(&rsakey_list);
381
/* WARN: Nobody should call this function directly except for the
382
* Get/Set Attrib functions. The TCPA_KEY structure wants values
383
* for keyUsage to be TPM_KEY_* values, and this function translates
384
* to TSS_KEYUSAGE_* values for passing to an app. */
386
obj_rsakey_get_usage(TSS_HKEY hKey, UINT32 *usage)
388
TSS_RESULT result = TSS_SUCCESS;
389
struct tsp_object *obj;
390
struct tr_rsakey_obj *rsakey;
392
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
393
return TSPERR(TSS_E_INVALID_HANDLE);
395
rsakey = (struct tr_rsakey_obj *)obj->data;
397
switch (rsakey->tcpaKey.keyUsage) {
398
case TPM_KEY_SIGNING:
399
*usage = TSS_KEYUSAGE_SIGN;
402
*usage = TSS_KEYUSAGE_BIND;
405
*usage = TSS_KEYUSAGE_LEGACY;
407
case TPM_KEY_AUTHCHANGE:
408
*usage = TSS_KEYUSAGE_AUTHCHANGE;
410
case TPM_KEY_IDENTITY:
411
*usage = TSS_KEYUSAGE_IDENTITY;
413
case TPM_KEY_STORAGE:
414
*usage = TSS_KEYUSAGE_STORAGE;
417
result = TSPERR(TSS_E_INVALID_ATTRIB_DATA);
421
obj_list_put(&rsakey_list);
426
/* WARN: Nobody should call this function directly except for the
427
* Get/Set Attrib functions. The TCPA_KEY structure wants values
428
* for keyUsage to be TPM_KEY_* values, and this function translates
429
* to TSS_KEYUSAGE_* values for passing to an app. */
431
obj_rsakey_set_usage(TSS_HKEY hKey, UINT32 usage)
433
TSS_RESULT result = TSS_SUCCESS;
434
struct tsp_object *obj;
435
struct tr_rsakey_obj *rsakey;
437
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
438
return TSPERR(TSS_E_INVALID_HANDLE);
440
if (obj->flags & TSS_OBJ_FLAG_KEY_SET) {
441
result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
445
rsakey = (struct tr_rsakey_obj *)obj->data;
448
case TSS_KEYUSAGE_SIGN:
449
rsakey->tcpaKey.keyUsage = TPM_KEY_SIGNING;
451
case TSS_KEYUSAGE_BIND:
452
rsakey->tcpaKey.keyUsage = TPM_KEY_BIND;
454
case TSS_KEYUSAGE_LEGACY:
455
rsakey->tcpaKey.keyUsage = TPM_KEY_LEGACY;
457
case TSS_KEYUSAGE_AUTHCHANGE:
458
rsakey->tcpaKey.keyUsage = TPM_KEY_AUTHCHANGE;
460
case TSS_KEYUSAGE_IDENTITY:
461
rsakey->tcpaKey.keyUsage = TPM_KEY_IDENTITY;
463
case TSS_KEYUSAGE_STORAGE:
464
rsakey->tcpaKey.keyUsage = TPM_KEY_STORAGE;
467
result = TSPERR(TSS_E_INVALID_ATTRIB_DATA);
471
obj_list_put(&rsakey_list);
477
obj_rsakey_set_migratable(TSS_HKEY hKey, UINT32 mig)
479
struct tsp_object *obj;
480
struct tr_rsakey_obj *rsakey;
481
TSS_RESULT result = TSS_SUCCESS;
483
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
484
return TSPERR(TSS_E_INVALID_HANDLE);
486
if (obj->flags & TSS_OBJ_FLAG_KEY_SET) {
487
result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
491
rsakey = (struct tr_rsakey_obj *)obj->data;
493
rsakey->tcpaKey.keyFlags |= migratable;
495
rsakey->tcpaKey.keyFlags &= (~migratable);
497
obj_list_put(&rsakey_list);
503
obj_rsakey_set_redirected(TSS_HKEY hKey, UINT32 redir)
505
struct tsp_object *obj;
506
struct tr_rsakey_obj *rsakey;
507
TSS_RESULT result = TSS_SUCCESS;
509
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
510
return TSPERR(TSS_E_INVALID_HANDLE);
512
if (obj->flags & TSS_OBJ_FLAG_KEY_SET) {
513
result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
517
rsakey = (struct tr_rsakey_obj *)obj->data;
519
rsakey->tcpaKey.keyFlags |= redirection;
521
rsakey->tcpaKey.keyFlags &= (~redirection);
523
obj_list_put(&rsakey_list);
529
obj_rsakey_set_volatile(TSS_HKEY hKey, UINT32 vol)
531
struct tsp_object *obj;
532
struct tr_rsakey_obj *rsakey;
533
TSS_RESULT result = TSS_SUCCESS;
535
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
536
return TSPERR(TSS_E_INVALID_HANDLE);
538
if (obj->flags & TSS_OBJ_FLAG_KEY_SET) {
539
result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
543
rsakey = (struct tr_rsakey_obj *)obj->data;
545
rsakey->tcpaKey.keyFlags |= volatileKey;
547
rsakey->tcpaKey.keyFlags &= (~volatileKey);
549
obj_list_put(&rsakey_list);
555
obj_rsakey_get_authdata_usage(TSS_HKEY hKey, UINT32 *usage)
557
struct tsp_object *obj;
558
struct tr_rsakey_obj *rsakey;
560
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
561
return TSPERR(TSS_E_INVALID_HANDLE);
563
rsakey = (struct tr_rsakey_obj *)obj->data;
564
*usage = (UINT32)rsakey->tcpaKey.authDataUsage ? TRUE : FALSE;
566
obj_list_put(&rsakey_list);
572
obj_rsakey_set_authdata_usage(TSS_HKEY hKey, UINT32 usage)
574
struct tsp_object *obj;
575
struct tr_rsakey_obj *rsakey;
576
TSS_RESULT result = TSS_SUCCESS;
578
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
579
return TSPERR(TSS_E_INVALID_HANDLE);
581
if (obj->flags & TSS_OBJ_FLAG_KEY_SET) {
582
result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
586
rsakey = (struct tr_rsakey_obj *)obj->data;
588
rsakey->tcpaKey.authDataUsage = (BYTE)usage;
590
obj->flags |= TSS_OBJ_FLAG_USAGEAUTH;
592
obj->flags &= ~TSS_OBJ_FLAG_USAGEAUTH;
594
obj_list_put(&rsakey_list);
600
obj_rsakey_get_alg(TSS_HKEY hKey, UINT32 *alg)
602
struct tsp_object *obj;
603
struct tr_rsakey_obj *rsakey;
605
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
606
return TSPERR(TSS_E_INVALID_HANDLE);
608
rsakey = (struct tr_rsakey_obj *)obj->data;
610
switch (rsakey->tcpaKey.algorithmParms.algorithmID) {
615
*alg = rsakey->tcpaKey.algorithmParms.algorithmID;
619
obj_list_put(&rsakey_list);
625
obj_rsakey_set_alg(TSS_HKEY hKey, UINT32 alg)
627
struct tsp_object *obj;
628
struct tr_rsakey_obj *rsakey;
629
TSS_RESULT result = TSS_SUCCESS;
631
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
632
return TSPERR(TSS_E_INVALID_HANDLE);
634
if (obj->flags & TSS_OBJ_FLAG_KEY_SET) {
635
result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
639
rsakey = (struct tr_rsakey_obj *)obj->data;
642
rsakey->tcpaKey.algorithmParms.algorithmID = TCPA_ALG_RSA;
645
rsakey->tcpaKey.algorithmParms.algorithmID = alg;
649
obj_list_put(&rsakey_list);
655
obj_rsakey_get_es(TSS_HKEY hKey, UINT32 *es)
657
struct tsp_object *obj;
658
struct tr_rsakey_obj *rsakey;
660
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
661
return TSPERR(TSS_E_INVALID_HANDLE);
663
rsakey = (struct tr_rsakey_obj *)obj->data;
665
/* translate TPM numbers to TSS numbers */
666
switch (rsakey->tcpaKey.algorithmParms.encScheme) {
670
case TCPA_ES_RSAESPKCSv15:
671
*es = TSS_ES_RSAESPKCSV15;
673
case TCPA_ES_RSAESOAEP_SHA1_MGF1:
674
*es = TSS_ES_RSAESOAEP_SHA1_MGF1;
677
*es = rsakey->tcpaKey.algorithmParms.encScheme;
681
obj_list_put(&rsakey_list);
687
obj_rsakey_set_es(TSS_HKEY hKey, UINT32 es)
689
struct tsp_object *obj;
690
struct tr_rsakey_obj *rsakey;
691
TSS_RESULT result = TSS_SUCCESS;
693
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
694
return TSPERR(TSS_E_INVALID_HANDLE);
696
if (obj->flags & TSS_OBJ_FLAG_KEY_SET) {
697
result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
701
rsakey = (struct tr_rsakey_obj *)obj->data;
703
/* translate TSS numbers to TPM numbers */
706
rsakey->tcpaKey.algorithmParms.encScheme = TCPA_ES_NONE;
708
case TSS_ES_RSAESPKCSV15:
709
rsakey->tcpaKey.algorithmParms.encScheme = TCPA_ES_RSAESPKCSv15;
711
case TSS_ES_RSAESOAEP_SHA1_MGF1:
712
rsakey->tcpaKey.algorithmParms.encScheme = TCPA_ES_RSAESOAEP_SHA1_MGF1;
715
rsakey->tcpaKey.algorithmParms.encScheme = es;
719
obj_list_put(&rsakey_list);
725
obj_rsakey_get_ss(TSS_HKEY hKey, UINT32 *ss)
727
struct tsp_object *obj;
728
struct tr_rsakey_obj *rsakey;
730
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
731
return TSPERR(TSS_E_INVALID_HANDLE);
733
rsakey = (struct tr_rsakey_obj *)obj->data;
735
/* translate TPM numbers to TSS numbers */
736
switch (rsakey->tcpaKey.algorithmParms.sigScheme) {
740
case TCPA_SS_RSASSAPKCS1v15_SHA1:
741
*ss = TSS_SS_RSASSAPKCS1V15_SHA1;
743
case TCPA_SS_RSASSAPKCS1v15_DER:
744
*ss = TSS_SS_RSASSAPKCS1V15_DER;
747
*ss = rsakey->tcpaKey.algorithmParms.sigScheme;
752
obj_list_put(&rsakey_list);
758
obj_rsakey_set_ss(TSS_HKEY hKey, UINT32 ss)
760
struct tsp_object *obj;
761
struct tr_rsakey_obj *rsakey;
762
TSS_RESULT result = TSS_SUCCESS;
764
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
765
return TSPERR(TSS_E_INVALID_HANDLE);
767
if (obj->flags & TSS_OBJ_FLAG_KEY_SET) {
768
result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
772
rsakey = (struct tr_rsakey_obj *)obj->data;
774
/* translate TSS numbers to TPM numbers */
777
rsakey->tcpaKey.algorithmParms.sigScheme = TCPA_SS_NONE;
779
case TSS_SS_RSASSAPKCS1V15_SHA1:
780
rsakey->tcpaKey.algorithmParms.sigScheme = TCPA_SS_RSASSAPKCS1v15_SHA1;
782
case TSS_SS_RSASSAPKCS1V15_DER:
783
rsakey->tcpaKey.algorithmParms.sigScheme = TCPA_SS_RSASSAPKCS1v15_DER;
786
rsakey->tcpaKey.algorithmParms.sigScheme = ss;
790
obj_list_put(&rsakey_list);
796
obj_rsakey_set_num_primes(TSS_HKEY hKey, UINT32 num)
798
struct tsp_object *obj;
799
struct tr_rsakey_obj *rsakey;
800
TSS_RESULT result = TSS_SUCCESS;
802
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
803
return TSPERR(TSS_E_INVALID_HANDLE);
805
if (obj->flags & TSS_OBJ_FLAG_KEY_SET) {
806
result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
810
rsakey = (struct tr_rsakey_obj *)obj->data;
811
UINT32ToArray(num, &rsakey->tcpaKey.algorithmParms.parms[4]);
813
obj_list_put(&rsakey_list);
819
obj_rsakey_get_num_primes(TSS_HKEY hKey, UINT32 *num)
821
struct tsp_object *obj;
822
struct tr_rsakey_obj *rsakey;
823
TCPA_RSA_KEY_PARMS *parms;
825
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
826
return TSPERR(TSS_E_INVALID_HANDLE);
828
rsakey = (struct tr_rsakey_obj *)obj->data;
829
parms = (TCPA_RSA_KEY_PARMS *)rsakey->tcpaKey.algorithmParms.parms;
830
*num = endian32(parms->numPrimes);
832
obj_list_put(&rsakey_list);
838
obj_rsakey_get_flags(TSS_HKEY hKey, UINT32 *flags)
840
struct tsp_object *obj;
841
struct tr_rsakey_obj *rsakey;
843
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
844
return TSPERR(TSS_E_INVALID_HANDLE);
846
rsakey = (struct tr_rsakey_obj *)obj->data;
847
*flags = rsakey->tcpaKey.keyFlags;
849
obj_list_put(&rsakey_list);
855
obj_rsakey_get_size(TSS_HKEY hKey, UINT32 *len)
857
struct tsp_object *obj;
858
struct tr_rsakey_obj *rsakey;
860
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
861
return TSPERR(TSS_E_INVALID_HANDLE);
863
rsakey = (struct tr_rsakey_obj *)obj->data;
865
switch (rsakey->tcpaKey.pubKey.keyLength) {
867
*len = TSS_KEY_SIZEVAL_512BIT;
870
*len = TSS_KEY_SIZEVAL_1024BIT;
873
*len = TSS_KEY_SIZEVAL_2048BIT;
876
*len = rsakey->tcpaKey.pubKey.keyLength * 8;
880
obj_list_put(&rsakey_list);
886
obj_rsakey_get_pstype(TSS_HKEY hKey, UINT32 *type)
888
struct tsp_object *obj;
890
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
891
return TSPERR(TSS_E_INVALID_HANDLE);
893
if (obj->flags & TSS_OBJ_FLAG_SYSTEM_PS)
894
*type = TSS_PS_TYPE_SYSTEM;
895
else if (obj->flags & TSS_OBJ_FLAG_USER_PS)
896
*type = TSS_PS_TYPE_USER;
898
*type = TSS_PS_TYPE_NO;
900
obj_list_put(&rsakey_list);
906
obj_rsakey_is_migratable(TSS_HKEY hKey)
908
struct tsp_object *obj;
909
struct tr_rsakey_obj *rsakey;
910
TSS_BOOL answer = FALSE;
912
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
915
rsakey = (struct tr_rsakey_obj *)obj->data;
916
if (rsakey->tcpaKey.keyFlags & migratable)
919
obj_list_put(&rsakey_list);
925
obj_rsakey_is_redirected(TSS_HKEY hKey)
927
struct tsp_object *obj;
928
struct tr_rsakey_obj *rsakey;
929
TSS_BOOL answer = FALSE;
931
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
934
rsakey = (struct tr_rsakey_obj *)obj->data;
935
if (rsakey->tcpaKey.keyFlags & redirection)
938
obj_list_put(&rsakey_list);
944
obj_rsakey_is_volatile(TSS_HKEY hKey)
946
struct tsp_object *obj;
947
struct tr_rsakey_obj *rsakey;
948
TSS_BOOL answer = FALSE;
950
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
953
rsakey = (struct tr_rsakey_obj *)obj->data;
954
if (rsakey->tcpaKey.keyFlags & volatileKey)
957
obj_list_put(&rsakey_list);
963
obj_rsakey_get_tsp_context(TSS_HKEY hKey, TSS_HCONTEXT *tspContext)
965
struct tsp_object *obj;
967
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
968
return TSPERR(TSS_E_INVALID_HANDLE);
970
*tspContext = obj->tspContext;
972
obj_list_put(&rsakey_list);
974
if (!obj_is_context(*tspContext))
975
return TSPERR(TSS_E_INVALID_HANDLE);
981
obj_rsakey_get_policy(TSS_HKEY hKey, TSS_FLAG policyType,
982
TSS_HPOLICY *phPolicy, TSS_BOOL *auth)
984
struct tsp_object *obj;
985
struct tr_rsakey_obj *rsakey;
986
TSS_RESULT result = TSS_SUCCESS;
988
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
989
return TSPERR(TSS_E_INVALID_HANDLE);
991
rsakey = (struct tr_rsakey_obj *)obj->data;
993
if (policyType == TSS_POLICY_USAGE) {
994
*phPolicy = rsakey->usagePolicy;
996
if (obj->flags & TSS_OBJ_FLAG_USAGEAUTH)
1002
#ifndef TSS_COPY_POLICY_OBJECTS
1003
if (!rsakey->migPolicy) {
1004
result = TSPERR(TSS_E_KEY_NO_MIGRATION_POLICY);
1008
*phPolicy = rsakey->migPolicy;
1010
if (obj->flags & TSS_OBJ_FLAG_MIGAUTH)
1016
#ifndef TSS_COPY_POLICY_OBJECTS
1019
obj_list_put(&rsakey_list);
1025
obj_rsakey_get_blob(TSS_HKEY hKey, UINT32 *size, BYTE **data)
1027
struct tsp_object *obj;
1028
struct tr_rsakey_obj *rsakey;
1029
TSS_RESULT result = TSS_SUCCESS;
1033
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1034
return TSPERR(TSS_E_INVALID_HANDLE);
1036
rsakey = (struct tr_rsakey_obj *)obj->data;
1039
Trspi_LoadBlob_KEY(&offset, temp, &rsakey->tcpaKey);
1041
if (offset > 2048) {
1042
LogError("memory corruption");
1043
result = TSPERR(TSS_E_INTERNAL_ERROR);
1046
*data = calloc_tspi(obj->tspContext, offset);
1047
if (*data == NULL) {
1048
LogError("malloc of %" PRIu64 " bytes failed.", offset);
1049
result = TSPERR(TSS_E_OUTOFMEMORY);
1053
memcpy(*data, temp, offset);
1057
obj_list_put(&rsakey_list);
1063
obj_rsakey_get_priv_blob(TSS_HKEY hKey, UINT32 *size, BYTE **data)
1065
struct tsp_object *obj;
1066
struct tr_rsakey_obj *rsakey;
1067
TSS_RESULT result = TSS_SUCCESS;
1070
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1071
return TSPERR(TSS_E_INVALID_HANDLE);
1073
rsakey = (struct tr_rsakey_obj *)obj->data;
1075
offset = rsakey->tcpaKey.encSize;
1077
*data = calloc_tspi(obj->tspContext, offset);
1078
if (*data == NULL) {
1079
LogError("malloc of %u bytes failed.", offset);
1080
result = TSPERR(TSS_E_OUTOFMEMORY);
1084
memcpy(*data, rsakey->tcpaKey.encData, offset);
1087
obj_list_put(&rsakey_list);
1093
obj_rsakey_get_modulus(TSS_HKEY hKey, UINT32 *size, BYTE **data)
1095
struct tsp_object *obj;
1096
struct tr_rsakey_obj *rsakey;
1097
TSS_RESULT result = TSS_SUCCESS;
1100
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1101
return TSPERR(TSS_E_INVALID_HANDLE);
1103
rsakey = (struct tr_rsakey_obj *)obj->data;
1105
offset = rsakey->tcpaKey.pubKey.keyLength;
1107
/* if this key object represents the SRK and the public key
1108
* data here is all 0's, then we shouldn't return it, we
1109
* should return TSS_E_BAD_PARAMETER. This is part of protecting
1110
* the SRK public key. */
1111
if (rsakey->tcsHandle == TPM_KEYHND_SRK) {
1112
BYTE zeroBlob[2048] = { 0, };
1114
if (!memcmp(rsakey->tcpaKey.pubKey.key, zeroBlob, offset)) {
1115
result = TSPERR(TSS_E_BAD_PARAMETER);
1120
*data = calloc_tspi(obj->tspContext, offset);
1121
if (*data == NULL) {
1122
LogError("malloc of %u bytes failed.", offset);
1123
result = TSPERR(TSS_E_OUTOFMEMORY);
1127
memcpy(*data, rsakey->tcpaKey.pubKey.key, offset);
1130
obj_list_put(&rsakey_list);
1136
obj_rsakey_set_modulus(TSS_HKEY hKey, UINT32 size, BYTE *data)
1138
struct tsp_object *obj;
1139
struct tr_rsakey_obj *rsakey;
1140
TSS_RESULT result = TSS_SUCCESS;
1143
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1144
return TSPERR(TSS_E_INVALID_HANDLE);
1146
if (obj->flags & TSS_OBJ_FLAG_KEY_SET) {
1147
result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
1151
rsakey = (struct tr_rsakey_obj *)obj->data;
1153
free_ptr = rsakey->tcpaKey.pubKey.key;
1155
rsakey->tcpaKey.pubKey.key = malloc(size);
1156
if (rsakey->tcpaKey.pubKey.key == NULL) {
1157
rsakey->tcpaKey.pubKey.key = free_ptr; // restore
1158
LogError("malloc of %u bytes failed.", size);
1159
result = TSPERR(TSS_E_OUTOFMEMORY);
1162
rsakey->tcpaKey.pubKey.keyLength = size;
1163
memcpy(rsakey->tcpaKey.pubKey.key, data, size);
1166
obj_list_put(&rsakey_list);
1172
obj_rsakey_get_pub_blob(TSS_HKEY hKey, UINT32 *size, BYTE **data)
1174
struct tsp_object *obj;
1175
struct tr_rsakey_obj *rsakey;
1176
TSS_RESULT result = TSS_SUCCESS;
1180
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1181
return TSPERR(TSS_E_INVALID_HANDLE);
1183
rsakey = (struct tr_rsakey_obj *)obj->data;
1185
offset = rsakey->tcpaKey.pubKey.keyLength;
1187
/* if this key object represents the SRK and the public key
1188
* data here is all 0's, then we shouldn't return it, we
1189
* should return TSS_E_BAD_PARAMETER. This is part of protecting
1190
* the SRK public key. */
1191
if (rsakey->tcsHandle == TPM_KEYHND_SRK) {
1192
BYTE zeroBlob[2048] = { 0, };
1194
if (!memcmp(rsakey->tcpaKey.pubKey.key, zeroBlob, offset)) {
1195
result = TSPERR(TSS_E_BAD_PARAMETER);
1201
Trspi_LoadBlob_KEY_PARMS(&offset, blob, &rsakey->tcpaKey.algorithmParms);
1202
Trspi_LoadBlob_STORE_PUBKEY(&offset, blob, &rsakey->tcpaKey.pubKey);
1204
*data = calloc_tspi(obj->tspContext, offset);
1205
if (*data == NULL) {
1206
LogError("malloc of %" PRIu64 " bytes failed.", offset);
1207
result = TSPERR(TSS_E_OUTOFMEMORY);
1211
memcpy(*data, blob, offset);
1214
obj_list_put(&rsakey_list);
1220
obj_rsakey_get_version(TSS_HKEY hKey, UINT32 *size, BYTE **data)
1222
struct tsp_object *obj;
1223
struct tr_rsakey_obj *rsakey;
1224
TSS_RESULT result = TSS_SUCCESS;
1228
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1229
return TSPERR(TSS_E_INVALID_HANDLE);
1231
rsakey = (struct tr_rsakey_obj *)obj->data;
1234
Trspi_LoadBlob_TCPA_VERSION(&offset, temp, rsakey->tcpaKey.ver);
1237
LogError("memory corruption");
1238
result = TSPERR(TSS_E_INTERNAL_ERROR);
1241
*data = calloc_tspi(obj->tspContext, offset);
1242
if (*data == NULL) {
1243
LogError("malloc of %" PRIu64 " bytes failed.", offset);
1244
result = TSPERR(TSS_E_OUTOFMEMORY);
1248
memcpy(*data, temp, offset);
1252
obj_list_put(&rsakey_list);
1258
obj_rsakey_get_exponent(TSS_HKEY hKey, UINT32 *size, BYTE **data)
1260
struct tsp_object *obj;
1261
struct tr_rsakey_obj *rsakey;
1262
TSS_RESULT result = TSS_SUCCESS;
1263
TCPA_RSA_KEY_PARMS *parms;
1264
BYTE default_exp[3] = { 0x1, 0x0, 0x1 };
1267
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1268
return TSPERR(TSS_E_INVALID_HANDLE);
1270
rsakey = (struct tr_rsakey_obj *)obj->data;
1271
parms = (TCPA_RSA_KEY_PARMS *)rsakey->tcpaKey.algorithmParms.parms;
1272
offset = parms->exponentSize;
1274
/* see TPM 1.1b spec pg. 51. If exponentSize is 0, we're using the
1275
* default exponent of 2^16 + 1. */
1278
*data = calloc_tspi(obj->tspContext, offset);
1279
if (*data == NULL) {
1280
LogError("malloc of %d bytes failed.", offset);
1281
result = TSPERR(TSS_E_OUTOFMEMORY);
1285
memcpy(*data, default_exp, offset);
1287
*data = calloc_tspi(obj->tspContext, offset);
1288
if (*data == NULL) {
1289
LogError("malloc of %d bytes failed.", offset);
1290
result = TSPERR(TSS_E_OUTOFMEMORY);
1294
memcpy(*data, parms->exponent, offset);
1298
obj_list_put(&rsakey_list);
1304
obj_rsakey_set_exponent(TSS_HKEY hKey, UINT32 size, BYTE *data)
1306
struct tsp_object *obj;
1307
struct tr_rsakey_obj *rsakey;
1308
TSS_RESULT result = TSS_SUCCESS;
1309
TCPA_RSA_KEY_PARMS *parms;
1312
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1313
return TSPERR(TSS_E_INVALID_HANDLE);
1315
if (obj->flags & TSS_OBJ_FLAG_KEY_SET) {
1316
result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
1320
rsakey = (struct tr_rsakey_obj *)obj->data;
1321
parms = (TCPA_RSA_KEY_PARMS *)rsakey->tcpaKey.algorithmParms.parms;
1323
free_ptr = parms->exponent;
1325
parms->exponent = malloc(size);
1326
if (parms->exponent == NULL) {
1327
parms->exponent = free_ptr; // restore
1328
LogError("malloc of %u bytes failed.", size);
1329
result = TSPERR(TSS_E_OUTOFMEMORY);
1332
parms->exponentSize = size;
1333
memcpy(parms->exponent, data, size);
1335
obj_list_put(&rsakey_list);
1341
obj_rsakey_get_uuid(TSS_HKEY hKey, UINT32 *size, BYTE **data)
1343
struct tsp_object *obj;
1344
struct tr_rsakey_obj *rsakey;
1345
TSS_RESULT result = TSS_SUCCESS;
1349
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1350
return TSPERR(TSS_E_INVALID_HANDLE);
1352
rsakey = (struct tr_rsakey_obj *)obj->data;
1355
Trspi_LoadBlob_UUID(&offset, temp, rsakey->uuid);
1358
LogError("memory corruption");
1359
result = TSPERR(TSS_E_INTERNAL_ERROR);
1363
*data = calloc_tspi(obj->tspContext, offset);
1364
if (*data == NULL) {
1365
LogError("malloc of %" PRIu64 " bytes failed.", offset);
1366
result = TSPERR(TSS_E_OUTOFMEMORY);
1370
memcpy(*data, temp, offset);
1373
obj_list_put(&rsakey_list);
1379
obj_rsakey_set_uuid(TSS_HKEY hKey, TSS_FLAG ps_type, TSS_UUID *uuid)
1381
struct tsp_object *obj;
1382
struct tr_rsakey_obj *rsakey;
1384
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1385
return TSPERR(TSS_E_INVALID_HANDLE);
1387
rsakey = (struct tr_rsakey_obj *)obj->data;
1388
memcpy(&rsakey->uuid, uuid, sizeof(TSS_UUID));
1391
case TSS_PS_TYPE_SYSTEM:
1392
obj->flags |= TSS_OBJ_FLAG_SYSTEM_PS;
1393
obj->flags &= ~TSS_OBJ_FLAG_USER_PS;
1395
case TSS_PS_TYPE_USER:
1396
obj->flags |= TSS_OBJ_FLAG_USER_PS;
1397
obj->flags &= ~TSS_OBJ_FLAG_SYSTEM_PS;
1399
case TSS_PS_TYPE_NO:
1401
obj->flags &= ~TSS_OBJ_FLAG_USER_PS;
1402
obj->flags &= ~TSS_OBJ_FLAG_SYSTEM_PS;
1406
obj_list_put(&rsakey_list);
1412
obj_rsakey_set_tcs_handle(TSS_HKEY hKey, TCS_KEY_HANDLE tcsHandle)
1414
struct tsp_object *obj;
1415
struct tr_rsakey_obj *rsakey;
1417
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1418
return TSPERR(TSS_E_INVALID_HANDLE);
1420
rsakey = (struct tr_rsakey_obj *)obj->data;
1421
rsakey->tcsHandle = tcsHandle;
1423
obj_list_put(&rsakey_list);
1429
obj_rsakey_get_tcs_handle(TSS_HKEY hKey, TCS_KEY_HANDLE *tcsHandle)
1431
struct tsp_object *obj;
1432
struct tr_rsakey_obj *rsakey;
1433
TSS_RESULT result = TSS_SUCCESS;
1435
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1436
return TSPERR(TSS_E_INVALID_HANDLE);
1438
rsakey = (struct tr_rsakey_obj *)obj->data;
1439
if (rsakey->tcsHandle)
1440
*tcsHandle = rsakey->tcsHandle;
1442
result = TSPERR(TSS_E_KEY_NOT_LOADED);
1444
obj_list_put(&rsakey_list);
1450
obj_rsakey_set_tcpakey(TSS_HKEY hKey, UINT32 size, BYTE *data)
1452
struct tsp_object *obj;
1453
struct tr_rsakey_obj *rsakey;
1455
TSS_RESULT result = TSS_SUCCESS;
1457
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1458
return TSPERR(TSS_E_INVALID_HANDLE);
1460
rsakey = (struct tr_rsakey_obj *)obj->data;
1463
if ((result = Trspi_UnloadBlob_KEY(&offset, data, &rsakey->tcpaKey)))
1466
if (rsakey->tcpaKey.authDataUsage)
1467
obj->flags |= TSS_OBJ_FLAG_USAGEAUTH;
1469
obj->flags &= ~TSS_OBJ_FLAG_USAGEAUTH;
1471
obj->flags |= TSS_OBJ_FLAG_KEY_SET;
1474
obj_list_put(&rsakey_list);
1480
obj_rsakey_get_pcr_atcreation(TSS_HKEY hKey, UINT32 *size, BYTE **data)
1482
struct tsp_object *obj;
1483
struct tr_rsakey_obj *rsakey;
1484
TSS_RESULT result = TSS_SUCCESS;
1486
TCPA_PCR_INFO *info;
1488
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1489
return TSPERR(TSS_E_INVALID_HANDLE);
1491
rsakey = (struct tr_rsakey_obj *)obj->data;
1493
if (rsakey->tcpaKey.PCRInfo == NULL) {
1497
*data = calloc_tspi(obj->tspContext, sizeof(TCPA_DIGEST));
1498
if (*data == NULL) {
1499
LogError("malloc of %zd bytes failed.", sizeof(TCPA_DIGEST));
1500
result = TSPERR(TSS_E_OUTOFMEMORY);
1503
*size = sizeof(TCPA_DIGEST);
1504
info = (TCPA_PCR_INFO *)rsakey->tcpaKey.PCRInfo;
1506
Trspi_LoadBlob(&offset, sizeof(TCPA_DIGEST), *data,
1507
(BYTE *)&info->digestAtCreation);
1511
obj_list_put(&rsakey_list);
1517
obj_rsakey_get_pcr_atrelease(TSS_HKEY hKey, UINT32 *size, BYTE **data)
1519
struct tsp_object *obj;
1520
struct tr_rsakey_obj *rsakey;
1521
TSS_RESULT result = TSS_SUCCESS;
1523
TCPA_PCR_INFO *info;
1525
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1526
return TSPERR(TSS_E_INVALID_HANDLE);
1528
rsakey = (struct tr_rsakey_obj *)obj->data;
1530
if (rsakey->tcpaKey.PCRInfo == NULL) {
1534
*data = calloc_tspi(obj->tspContext, sizeof(TCPA_DIGEST));
1535
if (*data == NULL) {
1536
LogError("malloc of %zd bytes failed.", sizeof(TCPA_DIGEST));
1537
result = TSPERR(TSS_E_OUTOFMEMORY);
1540
*size = sizeof(TCPA_DIGEST);
1541
info = (TCPA_PCR_INFO *)rsakey->tcpaKey.PCRInfo;
1543
Trspi_LoadBlob(&offset, sizeof(TCPA_DIGEST), *data,
1544
(BYTE *)&info->digestAtRelease);
1548
obj_list_put(&rsakey_list);
1554
obj_rsakey_get_pcr_selection(TSS_HKEY hKey, UINT32 *size, BYTE **data)
1556
struct tsp_object *obj;
1557
struct tr_rsakey_obj *rsakey;
1558
TSS_RESULT result = TSS_SUCCESS;
1560
TCPA_PCR_INFO *info;
1562
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1563
return TSPERR(TSS_E_INVALID_HANDLE);
1565
rsakey = (struct tr_rsakey_obj *)obj->data;
1567
if (rsakey->tcpaKey.PCRInfo == NULL) {
1571
info = (TCPA_PCR_INFO *)rsakey->tcpaKey.PCRInfo;
1572
offset = info->pcrSelection.sizeOfSelect;
1573
*data = calloc_tspi(obj->tspContext, offset);
1574
if (*data == NULL) {
1575
LogError("malloc of %" PRIu64 " bytes failed.", offset);
1576
result = TSPERR(TSS_E_OUTOFMEMORY);
1580
memcpy(*data, &info->pcrSelection.pcrSelect, *size);
1584
obj_list_put(&rsakey_list);
1590
/* Expect a TPM_PUBKEY as is explained in the portable data section of the spec */
1592
obj_rsakey_set_pubkey(TSS_HKEY hKey, UINT32 force, BYTE *data)
1594
struct tsp_object *obj;
1595
struct tr_rsakey_obj *rsakey;
1600
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1601
return TSPERR(TSS_E_INVALID_HANDLE);
1603
rsakey = (struct tr_rsakey_obj *)obj->data;
1605
if (!force && (obj->flags & TSS_OBJ_FLAG_KEY_SET)) {
1606
result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
1610
if ((result = Trspi_UnloadBlob_PUBKEY(&offset, data, &pub)))
1613
free(rsakey->tcpaKey.pubKey.key);
1614
free(rsakey->tcpaKey.algorithmParms.parms);
1616
memcpy(&rsakey->tcpaKey.pubKey, &pub.pubKey, sizeof(TCPA_STORE_PUBKEY));
1617
memcpy(&rsakey->tcpaKey.algorithmParms, &pub.algorithmParms, sizeof(TCPA_KEY_PARMS));
1619
obj_list_put(&rsakey_list);
1625
obj_rsakey_set_privkey(TSS_HKEY hKey, UINT32 force, UINT32 size, BYTE *data)
1627
struct tsp_object *obj;
1628
struct tr_rsakey_obj *rsakey;
1629
TSS_RESULT result = TSS_SUCCESS;
1632
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1633
return TSPERR(TSS_E_INVALID_HANDLE);
1635
if (!force && (obj->flags & TSS_OBJ_FLAG_KEY_SET)) {
1636
result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
1640
rsakey = (struct tr_rsakey_obj *)obj->data;
1642
to_free = rsakey->tcpaKey.encData;
1644
rsakey->tcpaKey.encData = calloc(1, size);
1645
if (rsakey->tcpaKey.encData == NULL) {
1646
rsakey->tcpaKey.encData = to_free; // restore
1647
LogError("malloc of %u bytes failed.", size);
1648
result = TSPERR(TSS_E_OUTOFMEMORY);
1653
rsakey->tcpaKey.encSize = size;
1654
memcpy(rsakey->tcpaKey.encData, data, size);
1656
obj_list_put(&rsakey_list);
1662
obj_rsakey_set_pcr_data(TSS_HKEY hKey, TSS_HPCRS hPcrComposite)
1664
struct tsp_object *obj;
1665
struct tr_rsakey_obj *rsakey;
1666
TSS_RESULT result = TSS_SUCCESS;
1667
TCPA_PCR_SELECTION pcrSelect;
1668
TCPA_PCRVALUE pcrComposite;
1673
memset(pcrBlob, 0, sizeof(pcrBlob));
1675
if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1676
return TSPERR(TSS_E_INVALID_HANDLE);
1678
if (obj->flags & TSS_OBJ_FLAG_KEY_SET) {
1679
result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
1683
rsakey = (struct tr_rsakey_obj *)obj->data;
1685
to_free = rsakey->tcpaKey.PCRInfo;
1687
if ((result = obj_pcrs_get_composite(hPcrComposite, &pcrComposite)))
1690
if ((result = obj_pcrs_get_selection(hPcrComposite, &pcrSelect)))
1694
Trspi_LoadBlob_PCR_SELECTION(&offset, pcrBlob, &pcrSelect);
1695
memcpy(&pcrBlob[offset], &pcrComposite.digest, TCPA_SHA1_160_HASH_LEN);
1696
offset += TCPA_SHA1_160_HASH_LEN * 2; // skip over digestAtRelease
1698
/* --- Stuff it into the key container */
1699
rsakey->tcpaKey.PCRInfo = calloc(1, offset);
1700
if (rsakey->tcpaKey.PCRInfo == NULL) {
1701
rsakey->tcpaKey.PCRInfo = to_free; // restore
1702
LogError("malloc of %" PRIu64 " bytes failed.", offset);
1703
result = TSPERR(TSS_E_OUTOFMEMORY);
1706
/* free the info that may already be set */
1708
rsakey->tcpaKey.PCRInfoSize = offset;
1709
memcpy(rsakey->tcpaKey.PCRInfo, pcrBlob, offset);
1712
obj_list_put(&rsakey_list);
1718
rsakey_free(struct tr_rsakey_obj *rsakey)
1720
free(rsakey->tcpaKey.algorithmParms.parms);
1721
free(rsakey->tcpaKey.encData);
1722
free(rsakey->tcpaKey.PCRInfo);
1723
free(rsakey->tcpaKey.pubKey.key);
1727
/* Remove an individual rsakey object from the rsakey list with handle
1728
* equal to hObject. Clean up the TSP's key handle table. */
1730
obj_rsakey_remove(TSS_HOBJECT hObject, TSS_HCONTEXT tspContext)
1732
struct tsp_object *obj, *prev = NULL;
1733
struct obj_list *list = &rsakey_list;
1734
TSS_RESULT result = TSPERR(TSS_E_INVALID_HANDLE);
1736
pthread_mutex_lock(&list->lock);
1738
for (obj = list->head; obj; prev = obj, obj = obj->next) {
1739
if (obj->handle == hObject) {
1740
/* validate tspContext */
1741
if (obj->tspContext != tspContext)
1744
rsakey_free(obj->data);
1746
prev->next = obj->next;
1748
list->head = obj->next;
1750
result = TSS_SUCCESS;
1755
pthread_mutex_unlock(&list->lock);
1761
obj_list_rsakey_close(struct obj_list *list, TSS_HCONTEXT tspContext)
1763
struct tsp_object *index;
1764
struct tsp_object *next = NULL;
1765
struct tsp_object *toKill;
1766
struct tsp_object *prev = NULL;
1768
pthread_mutex_lock(&list->lock);
1770
for (index = list->head; index; ) {
1772
if (index->tspContext == tspContext) {
1775
list->head = toKill->next;
1777
prev->next = toKill->next;
1780
rsakey_free(toKill->data);
1790
pthread_mutex_unlock(&list->lock);
1794
obj_rsakey_get_by_pub(UINT32 pub_size, BYTE *pub, TSS_HKEY *hKey)
1796
struct obj_list *list = &rsakey_list;
1797
struct tsp_object *obj;
1798
struct tr_rsakey_obj *rsakey;
1799
TSS_RESULT result = TSS_SUCCESS;
1801
pthread_mutex_lock(&list->lock);
1803
for (obj = list->head; obj; obj = obj->next) {
1804
rsakey = (struct tr_rsakey_obj *)obj->data;
1806
if (rsakey->tcpaKey.pubKey.keyLength == pub_size &&
1807
!memcmp(&rsakey->tcpaKey.pubKey.key, pub, pub_size)) {
1808
*hKey = obj->handle;
1815
pthread_mutex_unlock(&list->lock);
1821
obj_rsakey_get_by_uuid(TSS_UUID *uuid, TSS_HKEY *hKey)
1823
struct obj_list *list = &rsakey_list;
1824
struct tsp_object *obj;
1825
struct tr_rsakey_obj *rsakey;
1826
TSS_RESULT result = TSS_SUCCESS;
1828
pthread_mutex_lock(&list->lock);
1830
for (obj = list->head; obj; obj = obj->next) {
1831
rsakey = (struct tr_rsakey_obj *)obj->data;
1833
if (!memcmp(&rsakey->uuid, uuid, sizeof(TSS_UUID))) {
1834
*hKey = obj->handle;
1839
result = TSPERR(TSS_E_PS_KEY_NOTFOUND);
1841
pthread_mutex_unlock(&list->lock);
1847
obj_rsakey_remove_policy_refs(TSS_HPOLICY hPolicy, TSS_HCONTEXT tspContext)
1849
struct tsp_object *obj, *prev = NULL;
1850
struct obj_list *list = &rsakey_list;
1851
struct tr_rsakey_obj *rsakey;
1853
pthread_mutex_lock(&list->lock);
1855
for (obj = list->head; obj; prev = obj, obj = obj->next) {
1856
if (obj->tspContext != tspContext)
1859
rsakey = (struct tr_rsakey_obj *)obj->data;
1860
if (rsakey->usagePolicy == hPolicy)
1861
rsakey->usagePolicy = NULL_HPOLICY;
1863
if (rsakey->migPolicy == hPolicy)
1864
rsakey->migPolicy = NULL_HPOLICY;
1867
pthread_mutex_unlock(&list->lock);