« back to all changes in this revision
Viewing changes to src/tspi/spi_getset.c
- browse files at revision 1
- compare with another revision
- download diff
- download tarball
- view history from revision 1
- Committer: Bazaar Package Importer
- Author(s): William Lima
- Date: 2007-04-18 16:39:38 UTC
- Revision ID: james.westby@ubuntu.com-20070418163938-opscl2mvvi76jiec
Tags: upstream-0.2.9.1
ImportĀ upstreamĀ versionĀ 0.2.9.1
- files added:
- autom4te.cache
- dist
- dist/fedora
- doc
- man
- man/man3
- man/man5
- man/man8
- src
- src/include
- src/include/linux
- src/include/trousers
- src/include/tss
- src/tcs
- src/tcs/ps
- src/tcsd
- src/tcsd_api
- src/tddl
- src/trspi
- src/trspi/crypto
- src/trspi/crypto/openssl
- src/tspi
- src/tspi/gtk
- src/tspi/ps
- tools
added
removed
src/tspi/spi_getset.c
1
2
/*
3
* Licensed Materials - Property of IBM
4
*
5
* trousers - An open source TCG Software Stack
6
*
7
* (C) Copyright International Business Machines Corp. 2004-2006
8
*
9
*/
10
11
12
#include <stdlib.h>
13
#include <stdio.h>
14
#include <string.h>
15
#include <time.h>
16
#include <errno.h>
17
18
#include "trousers/tss.h"
19
#include "trousers/trousers.h"
20
#include "trousers_types.h"
21
#include "spi_internal_types.h"
22
#include "spi_utils.h"
23
#include "capabilities.h"
24
#include "tsplog.h"
25
#include "obj.h"
26
27
TSS_RESULT
28
Tspi_ChangeAuth(TSS_HOBJECT hObjectToChange, /* in */
29
TSS_HOBJECT hParentObject, /* in */
30
TSS_HPOLICY hNewPolicy) /* in */
31
{
32
TCPA_ENCAUTH encAuthUsage;
33
TCPA_ENCAUTH encAuthMig;
34
BYTE sharedSecret[20];
35
TPM_AUTH auth1;
36
TPM_AUTH auth2;
37
UINT64 offset;
38
BYTE hashBlob[0x1000];
39
TCPA_DIGEST digest;
40
TCPA_RESULT result;
41
UINT32 keyHandle;
42
TSS_HPOLICY hPolicy;
43
TSS_HPOLICY hParentPolicy;
44
TCPA_NONCE nonceEvenOSAP;
45
UINT32 dataBlobLength;
46
BYTE *dataBlob;
47
TCPA_STORED_DATA storedData;
48
UINT32 keyToChangeHandle;
49
UINT32 objectLength;
50
TCPA_KEY keyToChange;
51
BYTE *keyBlob;
52
UINT32 newEncSize;
53
BYTE *newEncData;
54
TSS_HCONTEXT tspContext;
55
56
/* Perform the initial checks
57
* If the parent Object is Null
58
* - Trying to change the TPM Auth
59
* - This requires Owner Authorization
60
* If the parent Object is not Null
61
* - Trying to change the auth of an entity
62
* If the ObjectToChange is the SRK, then the parent must be the TPM
63
* Object
64
*/
65
66
if ((result = obj_policy_get_tsp_context(hNewPolicy, &tspContext)))
67
return result;
68
69
/* if the object to change is the TPM object, then the parent should
70
* be NULL. If the object to change is not the TPM, then the parent
71
* object must be either an rsakey or the TPM */
72
if (obj_is_tpm(hObjectToChange)) {
73
if (hParentObject != NULL_HOBJECT)
74
return TSPERR(TSS_E_INVALID_HANDLE);
75
} else if (!obj_is_rsakey(hParentObject) &&
76
!obj_is_tpm(hParentObject)) {
77
return TSPERR(TSS_E_INVALID_HANDLE);
78
}
79
80
if (obj_is_tpm(hObjectToChange)) {/* if TPM Owner Auth change */
81
/* get the owner policy */
82
if ((result = obj_tpm_get_policy(hObjectToChange, &hPolicy)))
83
return result;
84
85
/* Now Calculate the authorization */
86
if ((result =
87
secret_PerformXOR_OSAP(hPolicy, hNewPolicy, hNewPolicy,
88
hObjectToChange, TCPA_ET_OWNER, 0,
89
&encAuthUsage, &encAuthMig,
90
sharedSecret, &auth1,
91
&nonceEvenOSAP)))
92
return result;
93
94
/* calculate auth data */
95
offset = 0;
96
Trspi_LoadBlob_UINT32(&offset, TPM_ORD_ChangeAuthOwner,
97
hashBlob);
98
Trspi_LoadBlob_UINT16(&offset, TCPA_PID_ADCP, hashBlob);
99
Trspi_LoadBlob(&offset, 20, hashBlob, encAuthUsage.authdata);
100
Trspi_LoadBlob_UINT16(&offset, TCPA_ET_OWNER, hashBlob);
101
Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob, digest.digest);
102
103
if ((result =
104
secret_PerformAuth_OSAP(hObjectToChange,
105
TPM_ORD_ChangeAuthOwner, hPolicy,
106
hNewPolicy, hNewPolicy,
107
sharedSecret, &auth1,
108
digest.digest, &nonceEvenOSAP)))
109
return result;
110
111
if ((result = TCSP_ChangeAuthOwner(tspContext, TCPA_PID_ADCP, encAuthUsage,
112
TCPA_ET_OWNER, &auth1)))
113
return result;
114
115
offset = 0;
116
Trspi_LoadBlob_UINT32(&offset, result, hashBlob);
117
Trspi_LoadBlob_UINT32(&offset, TPM_ORD_ChangeAuthOwner,
118
hashBlob);
119
Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob, digest.digest);
120
121
if ((result = secret_ValidateAuth_OSAP(hObjectToChange,
122
TPM_ORD_ChangeAuthOwner,
123
hPolicy, hNewPolicy,
124
hNewPolicy,
125
sharedSecret, &auth1,
126
digest.digest,
127
&nonceEvenOSAP)))
128
return result;
129
130
} else if (obj_is_rsakey(hObjectToChange)) {
131
if ((result = obj_rsakey_get_tcs_handle(hObjectToChange, &keyToChangeHandle)))
132
return result;
133
134
if (keyToChangeHandle == TPM_KEYHND_SRK) {
135
LogDebug("SRK Handle");
136
/* get the owner policy */
137
if ((result = obj_tpm_get_policy(hParentObject,
138
&hParentPolicy)))
139
return result;
140
141
/* Now Calculate the authorization */
142
if ((result =
143
secret_PerformXOR_OSAP(hParentPolicy, hNewPolicy,
144
hNewPolicy, hParentObject,
145
TCPA_ET_OWNER, 0,
146
&encAuthUsage, &encAuthMig,
147
sharedSecret, &auth1,
148
&nonceEvenOSAP)))
149
return result;
150
151
/* calculate auth data */
152
offset = 0;
153
Trspi_LoadBlob_UINT32(&offset, TPM_ORD_ChangeAuthOwner,
154
hashBlob);
155
Trspi_LoadBlob_UINT16(&offset, TCPA_PID_ADCP, hashBlob);
156
Trspi_LoadBlob(&offset, 20, hashBlob,
157
encAuthUsage.authdata);
158
Trspi_LoadBlob_UINT16(&offset, TCPA_ET_SRK, hashBlob);
159
Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob,
160
digest.digest);
161
162
if ((result =
163
secret_PerformAuth_OSAP(hParentObject,
164
TPM_ORD_ChangeAuthOwner,
165
hParentPolicy, hNewPolicy,
166
hNewPolicy, sharedSecret,
167
&auth1, digest.digest,
168
&nonceEvenOSAP)))
169
return result;
170
171
if ((result = TCSP_ChangeAuthOwner(tspContext, TCPA_PID_ADCP, encAuthUsage,
172
TCPA_ET_SRK, &auth1)))
173
return result;
174
175
/* Validate the Auths */
176
offset = 0;
177
Trspi_LoadBlob_UINT32(&offset, result, hashBlob);
178
Trspi_LoadBlob_UINT32(&offset, TPM_ORD_ChangeAuthOwner,
179
hashBlob);
180
Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob,
181
digest.digest);
182
183
if ((result =
184
secret_ValidateAuth_OSAP(hParentObject,
185
TPM_ORD_ChangeAuthOwner,
186
hParentPolicy, hNewPolicy,
187
hNewPolicy, sharedSecret,
188
&auth1, digest.digest,
189
&nonceEvenOSAP)))
190
return result;
191
} else {
192
if ((result = obj_rsakey_get_policy(hObjectToChange,
193
TSS_POLICY_USAGE,
194
&hPolicy, NULL)))
195
return result;
196
197
/* get the parent secret */
198
if ((result = obj_rsakey_get_policy(hParentObject,
199
TSS_POLICY_USAGE,
200
&hParentPolicy, NULL)))
201
return result;
202
203
if ((result = obj_rsakey_get_blob(hObjectToChange,
204
&objectLength, &keyBlob)))
205
return result;
206
207
offset = 0;
208
if ((result = Trspi_UnloadBlob_KEY(&offset, keyBlob,
209
&keyToChange))) {
210
LogDebug("Trspi_UnloadBlob_KEY failed. "
211
"result=0x%x", result);
212
return result;
213
}
214
215
if ((result = obj_rsakey_get_tcs_handle(hParentObject, &keyHandle)))
216
return result;
217
218
if ((result =
219
secret_PerformXOR_OSAP(hParentPolicy,
220
hNewPolicy,
221
hNewPolicy,
222
hParentObject,
223
keyHandle == TPM_KEYHND_SRK ?
224
TCPA_ET_SRK :
225
TCPA_ET_KEYHANDLE,
226
keyHandle,
227
&encAuthUsage,
228
&encAuthMig,
229
sharedSecret,
230
&auth1,
231
&nonceEvenOSAP)))
232
return result;
233
234
/* caluculate auth data */
235
offset = 0;
236
Trspi_LoadBlob_UINT32(&offset, TPM_ORD_ChangeAuth,
237
hashBlob);
238
Trspi_LoadBlob_UINT16(&offset, TCPA_PID_ADCP, hashBlob);
239
Trspi_LoadBlob(&offset, 20, hashBlob,
240
encAuthUsage.authdata);
241
Trspi_LoadBlob_UINT16(&offset, TCPA_ET_KEY, hashBlob);
242
Trspi_LoadBlob_UINT32(&offset, keyToChange.encSize,
243
hashBlob);
244
Trspi_LoadBlob(&offset, keyToChange.encSize, hashBlob,
245
keyToChange.encData);
246
Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob,
247
digest.digest);
248
249
if ((result =
250
secret_PerformAuth_OSAP(hParentObject,
251
TPM_ORD_ChangeAuth,
252
hParentPolicy, hNewPolicy,
253
hNewPolicy, sharedSecret,
254
&auth1, digest.digest,
255
&nonceEvenOSAP)))
256
return result;
257
258
if ((result = secret_PerformAuth_OIAP(hObjectToChange,
259
TPM_ORD_ChangeAuth,
260
hPolicy, &digest,
261
&auth2))) {
262
TCSP_TerminateHandle(tspContext, auth1.AuthHandle);
263
return result;
264
}
265
266
if ((result = TCSP_ChangeAuth(tspContext, keyHandle, TCPA_PID_ADCP,
267
encAuthUsage, TCPA_ET_KEY,
268
keyToChange.encSize, keyToChange.encData,
269
&auth1, &auth2, &newEncSize, &newEncData)))
270
return result;
271
272
/* Validate the Auths */
273
offset = 0;
274
Trspi_LoadBlob_UINT32(&offset, result, hashBlob);
275
Trspi_LoadBlob_UINT32(&offset, TPM_ORD_ChangeAuth,
276
hashBlob);
277
Trspi_LoadBlob_UINT32(&offset, newEncSize, hashBlob);
278
Trspi_LoadBlob(&offset, newEncSize, hashBlob,
279
newEncData);
280
Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob,
281
digest.digest);
282
283
if ((result =
284
secret_ValidateAuth_OSAP(hParentObject,
285
TPM_ORD_ChangeAuth,
286
hParentPolicy, hNewPolicy,
287
hNewPolicy, sharedSecret,
288
&auth1, digest.digest,
289
&nonceEvenOSAP))) {
290
free(newEncData);
291
return result;
292
}
293
294
if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest,
295
&auth2)))
296
return result;
297
298
memcpy(keyToChange.encData, newEncData, newEncSize);
299
free(newEncData);
300
301
offset = 0;
302
Trspi_LoadBlob_KEY(&offset, keyBlob, &keyToChange);
303
objectLength = offset;
304
305
if ((result = obj_rsakey_set_tcpakey(hObjectToChange,
306
objectLength, keyBlob)))
307
return result;
308
309
/* XXX replace with valid impl if we really want to
310
* touch the PS here */
311
//keyreg_replaceEncData_PS(oldEncData,
312
// keyToChange.encData);
313
}
314
} else if (obj_is_encdata(hObjectToChange)) {
315
/* get the secret for the parent */
316
if ((result = obj_encdata_get_policy(hObjectToChange, &hPolicy)))
317
return result;
318
319
/* get the parent secret */
320
if ((result = obj_rsakey_get_policy(hParentObject,
321
TSS_POLICY_USAGE,
322
&hParentPolicy, NULL)))
323
return result;
324
325
/* get the data Object */
326
if ((result = obj_encdata_get_data(hObjectToChange,
327
&dataBlobLength, &dataBlob)))
328
return result;
329
330
offset = 0;
331
if ((result = Trspi_UnloadBlob_STORED_DATA(&offset, dataBlob,
332
&storedData)))
333
return result;
334
335
if ((result = obj_rsakey_get_tcs_handle(hParentObject, &keyHandle))) {
336
free(storedData.sealInfo);
337
free(storedData.encData);
338
return result;
339
}
340
341
if ((result =
342
secret_PerformXOR_OSAP(hParentPolicy, hNewPolicy,
343
hNewPolicy, hParentObject,
344
TCPA_ET_KEYHANDLE, keyHandle,
345
&encAuthUsage, &encAuthMig,
346
sharedSecret, &auth1,
347
&nonceEvenOSAP))) {
348
free(storedData.sealInfo);
349
free(storedData.encData);
350
return result;
351
}
352
353
/* caluculate auth data */
354
offset = 0;
355
Trspi_LoadBlob_UINT32(&offset, TPM_ORD_ChangeAuth, hashBlob);
356
Trspi_LoadBlob_UINT16(&offset, TCPA_PID_ADCP, hashBlob);
357
Trspi_LoadBlob(&offset, 20, hashBlob, encAuthUsage.authdata);
358
Trspi_LoadBlob_UINT16(&offset, TCPA_ET_DATA, hashBlob);
359
Trspi_LoadBlob_UINT32(&offset, storedData.encDataSize, hashBlob);
360
Trspi_LoadBlob(&offset, storedData.encDataSize, hashBlob,
361
storedData.encData);
362
Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob, digest.digest);
363
364
if ((result =
365
secret_PerformAuth_OSAP(hParentObject, TPM_ORD_ChangeAuth,
366
hParentPolicy, hNewPolicy,
367
hNewPolicy, sharedSecret, &auth1,
368
digest.digest, &nonceEvenOSAP))) {
369
free(storedData.sealInfo);
370
free(storedData.encData);
371
return result;
372
}
373
374
if ((result = secret_PerformAuth_OIAP(hObjectToChange,
375
TPM_ORD_ChangeAuth,
376
hPolicy, &digest,
377
&auth2))) {
378
TCSP_TerminateHandle(tspContext, auth1.AuthHandle);
379
free(storedData.sealInfo);
380
free(storedData.encData);
381
return result;
382
}
383
384
if ((result = TCSP_ChangeAuth(tspContext, keyHandle,
385
TCPA_PID_ADCP, encAuthUsage,
386
TCPA_ET_DATA,
387
storedData.encDataSize,
388
storedData.encData, &auth1,
389
&auth2, &newEncSize,
390
&newEncData))) {
391
free(storedData.sealInfo);
392
free(storedData.encData);
393
return result;
394
}
395
396
/* Validate the Auths */
397
offset = 0;
398
Trspi_LoadBlob_UINT32(&offset, result, hashBlob);
399
Trspi_LoadBlob_UINT32(&offset, TPM_ORD_ChangeAuth, hashBlob);
400
Trspi_LoadBlob_UINT32(&offset, newEncSize, hashBlob);
401
Trspi_LoadBlob(&offset, newEncSize, hashBlob, newEncData);
402
Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob, digest.digest);
403
404
if ((result =
405
secret_ValidateAuth_OSAP(hParentObject, TPM_ORD_ChangeAuth,
406
hParentPolicy, hNewPolicy,
407
hNewPolicy, sharedSecret, &auth1,
408
digest.digest, &nonceEvenOSAP))) {
409
free(storedData.sealInfo);
410
free(storedData.encData);
411
free(newEncData);
412
return result;
413
}
414
415
if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest,
416
&auth2))) {
417
free(storedData.sealInfo);
418
free(storedData.encData);
419
return result;
420
}
421
422
memcpy(storedData.encData, newEncData, newEncSize);
423
free(newEncData);
424
storedData.encDataSize = newEncSize;
425
426
offset = 0;
427
Trspi_LoadBlob_STORED_DATA(&offset, dataBlob, &storedData);
428
free(storedData.sealInfo);
429
free(storedData.encData);
430
if ((result = obj_encdata_set_data(hObjectToChange,
431
offset, dataBlob)))
432
return result;
433
434
} else if (obj_is_policy(hObjectToChange) || obj_is_hash(hObjectToChange) ||
435
obj_is_pcrs(hObjectToChange) || obj_is_context(hObjectToChange)) {
436
return TSPERR(TSS_E_BAD_PARAMETER);
437
} else {
438
return TSPERR(TSS_E_INVALID_HANDLE);
439
}
440
441
if ((result = obj_policy_set_type(hNewPolicy, TSS_POLICY_USAGE)))
442
return result;
443
444
return Tspi_Policy_AssignToObject(hNewPolicy, hObjectToChange);
445
}
446
447
TSS_RESULT
448
Tspi_ChangeAuthAsym(TSS_HOBJECT hObjectToChange, /* in */
449
TSS_HOBJECT hParentObject, /* in */
450
TSS_HKEY hIdentKey, /* in */
451
TSS_HPOLICY hNewPolicy) /* in */
452
{
453
TPM_AUTH auth;
454
UINT64 offset;
455
BYTE hashBlob[0x1000];
456
TCPA_DIGEST digest;
457
TCPA_RESULT result;
458
UINT32 keyHandle;
459
UINT32 idHandle;
460
TSS_HPOLICY hPolicy;
461
TSS_HPOLICY hParentPolicy;
462
UINT32 keyToChangeHandle;
463
TCPA_NONCE antiReplay;
464
UINT32 bytesRequested;
465
BYTE *randomBytes;
466
UINT64 tempSize;
467
BYTE tempKey[512];
468
TCPA_KEY_PARMS keyParms;
469
/* XXX Wow... */
470
BYTE ephParms[] = { 0, 0, 0x08, 0, 0, 0, 0, 0x02, 0, 0, 0, 0 };
471
UINT32 KeySizeOut;
472
BYTE *KeyDataOut;
473
UINT32 CertifyInfoSize;
474
BYTE *CertifyInfo;
475
UINT32 sigSize;
476
BYTE *sig;
477
UINT32 ephHandle;
478
TCPA_CHANGEAUTH_VALIDATE caValidate;
479
TCPA_SECRET newSecret, oldSecret;
480
BYTE seed[20];
481
BYTE a1[256];
482
UINT32 a1Size;
483
TCPA_KEY ephemeralKey;
484
TCPA_DIGEST newAuthLink;
485
UINT32 encObjectSize;
486
BYTE *encObject = NULL;
487
UINT32 encDataSizeOut;
488
BYTE *encDataOut;
489
TCPA_NONCE saltNonce;
490
TCPA_DIGEST changeProof;
491
TSS_HPOLICY hOldPolicy;
492
UINT32 caValidSize;
493
UINT32 keyObjectSize;
494
BYTE *keyObject;
495
TCPA_KEY keyContainer;
496
TCPA_STORED_DATA dataContainer;
497
BYTE *dataObject;
498
UINT32 dataObjectSize;
499
UINT16 entityType;
500
TSS_BOOL useAuth = TRUE; // XXX
501
TPM_AUTH *pAuth;
502
BYTE dataBlob[1024];
503
TSS_HCONTEXT tspContext;
504
505
if ((result = obj_policy_get_tsp_context(hNewPolicy, &tspContext)))
506
return result;
507
508
/* grab all of the needed handles */
509
if ((result = obj_rsakey_get_tcs_handle(hIdentKey, &idHandle)))
510
return result;
511
512
/* get the secret for the parent */
513
if ((result = obj_rsakey_get_policy(hIdentKey, TSS_POLICY_USAGE,
514
&hPolicy, &useAuth)))
515
return result;
516
517
/* get the parent secret */
518
if ((result = Tspi_GetPolicyObject(hParentObject, TSS_POLICY_USAGE,
519
&hParentPolicy)))
520
return result;
521
522
if (!obj_is_rsakey(hParentObject) && !obj_is_tpm(hParentObject))
523
return TSPERR(TSS_E_INVALID_HANDLE);
524
525
/* get the keyObject */
526
if ((result = obj_rsakey_get_tcs_handle(hParentObject, &keyHandle)))
527
return result;
528
529
if (obj_is_rsakey(hObjectToChange) ||
530
obj_is_encdata(hObjectToChange)) {
531
532
if ((result = obj_rsakey_get_tcs_handle(hObjectToChange, &keyToChangeHandle)))
533
return result;
534
535
if (keyToChangeHandle == TPM_KEYHND_SRK) {
536
return TSPERR(TSS_E_BAD_PARAMETER);
537
} else {
538
/* generate container for ephemeral key */
539
keyParms.algorithmID = 1; /* rsa */
540
keyParms.encScheme = 3;
541
keyParms.sigScheme = 1;
542
keyParms.parmSize = 12;
543
keyParms.parms = malloc(12);
544
if (keyParms.parms == NULL) {
545
LogError("malloc of %d bytes failed.", 12);
546
return TSPERR(TSS_E_OUTOFMEMORY);
547
}
548
memcpy(keyParms.parms, ephParms, 12);
549
550
tempSize = 0;
551
Trspi_LoadBlob_KEY_PARMS(&tempSize, tempKey, &keyParms);
552
553
/* generate antireplay nonce */
554
bytesRequested = 20;
555
if ((result = get_local_random(tspContext, bytesRequested,
556
&randomBytes)))
557
return result;
558
memcpy(antiReplay.nonce, randomBytes, bytesRequested);
559
free_tspi(tspContext, randomBytes);
560
561
/* caluculate auth data */
562
offset = 0;
563
Trspi_LoadBlob_UINT32(&offset,
564
TPM_ORD_ChangeAuthAsymStart,
565
hashBlob);
566
Trspi_LoadBlob(&offset, 20, hashBlob, antiReplay.nonce);
567
Trspi_LoadBlob_KEY_PARMS(&offset, hashBlob, &keyParms);
568
Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob,
569
digest.digest);
570
571
if (useAuth) {
572
if ((result = secret_PerformAuth_OIAP(hIdentKey,
573
TPM_ORD_ChangeAuthAsymStart,
574
hPolicy,
575
&digest,
576
&auth))) {
577
TCSP_TerminateHandle(tspContext, auth.AuthHandle);
578
return result;
579
}
580
pAuth = &auth;
581
} else {
582
pAuth = NULL;
583
}
584
585
if ((result = TCSP_ChangeAuthAsymStart(tspContext, idHandle, antiReplay,
586
(UINT32)tempSize, tempKey, pAuth,
587
&KeySizeOut, &KeyDataOut,
588
&CertifyInfoSize, &CertifyInfo,
589
&sigSize, &sig, &ephHandle)))
590
return result;
591
592
/* --- Validate the Auth's */
593
offset = 0;
594
Trspi_LoadBlob_UINT32(&offset, result, hashBlob);
595
Trspi_LoadBlob_UINT32(&offset,
596
TPM_ORD_ChangeAuthAsymStart,
597
hashBlob);
598
Trspi_LoadBlob(&offset, CertifyInfoSize, hashBlob,
599
CertifyInfo);
600
Trspi_LoadBlob_UINT32(&offset, sigSize, hashBlob);
601
Trspi_LoadBlob(&offset, sigSize, hashBlob, sig);
602
Trspi_LoadBlob_UINT32(&offset, ephHandle, hashBlob);
603
Trspi_LoadBlob(&offset, KeySizeOut, hashBlob,
604
KeyDataOut);
605
Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob,
606
digest.digest);
607
608
if (useAuth) {
609
if ((result = obj_policy_validate_auth_oiap(hPolicy,
610
&digest,
611
&auth)))
612
return result;
613
}
614
615
/* generate random data for asymfinish */
616
bytesRequested = 20;
617
if ((result = get_local_random(tspContext, bytesRequested,
618
&randomBytes)))
619
return result;
620
621
memcpy(caValidate.n1.nonce, randomBytes, bytesRequested);
622
free_tspi(tspContext, randomBytes);
623
bytesRequested = 20;
624
625
if ((result = get_local_random(tspContext, bytesRequested,
626
&randomBytes)))
627
return result;
628
629
memcpy(antiReplay.nonce, randomBytes, bytesRequested);
630
free_tspi(tspContext, randomBytes);
631
bytesRequested = 20;
632
633
if ((result = get_local_random(tspContext, bytesRequested,
634
&randomBytes)))
635
return result;
636
637
memcpy(seed, randomBytes, 20);
638
free_tspi(tspContext, randomBytes);
639
640
if ((result = Tspi_GetPolicyObject(hObjectToChange,
641
TSS_POLICY_USAGE,
642
&hOldPolicy)))
643
return result;
644
645
if ((result = obj_policy_get_secret(hNewPolicy, TR_SECRET_CTX_NEW,
646
&newSecret)))
647
return result;
648
if ((result = obj_policy_get_secret(hOldPolicy, TR_SECRET_CTX_NOT_NEW,
649
&oldSecret)))
650
return result;
651
652
/* Encrypt the ChangeAuthValidate structure with the
653
* ephemeral key */
654
655
memcpy(caValidate.newAuthSecret.authdata,
656
newSecret.authdata, 20);
657
658
offset = 0;
659
Trspi_LoadBlob_CHANGEAUTH_VALIDATE(&offset, hashBlob,
660
&caValidate);
661
caValidSize = offset;
662
663
offset = 0;
664
if ((result = Trspi_UnloadBlob_KEY(&offset, KeyDataOut,
665
&ephemeralKey)))
666
return result;
667
668
Trspi_RSA_Encrypt(hashBlob, caValidSize, a1, &a1Size,
669
ephemeralKey.pubKey.key,
670
ephemeralKey.pubKey.keyLength);
671
672
free_key_refs(&ephemeralKey);
673
674
Trspi_HMAC(TSS_HASH_SHA1, 20, oldSecret.authdata,
675
20, newSecret.authdata,
676
newAuthLink.digest);
677
678
if (obj_is_rsakey(hObjectToChange)) {
679
if ((result = obj_rsakey_get_blob(hObjectToChange,
680
&keyObjectSize, &keyObject)))
681
return result;
682
683
memset(&keyContainer, 0, sizeof(TCPA_KEY));
684
685
offset = 0;
686
if ((result = Trspi_UnloadBlob_KEY(&offset,
687
keyObject,
688
&keyContainer)))
689
return result;
690
691
encObjectSize = keyContainer.encSize;
692
encObject = malloc(encObjectSize);
693
if (encObject == NULL) {
694
LogError("malloc of %d bytes failed.",
695
encObjectSize);
696
free_key_refs(&keyContainer);
697
return TSPERR(TSS_E_OUTOFMEMORY);
698
}
699
memcpy(encObject, keyContainer.encData,
700
encObjectSize);
701
entityType = TCPA_ET_KEY;
702
} else {
703
if ((result = obj_encdata_get_data(hObjectToChange,
704
&dataObjectSize, &dataObject)))
705
return result;
706
707
offset = 0;
708
if ((result = Trspi_UnloadBlob_STORED_DATA(&offset,
709
dataObject,
710
&dataContainer)))
711
return result;
712
713
encObjectSize = dataContainer.encDataSize;
714
encObject = malloc(encObjectSize);
715
if (encObject == NULL) {
716
LogError("malloc of %d bytes failed.",
717
encObjectSize);
718
free(dataContainer.sealInfo);
719
free(dataContainer.encData);
720
return TSPERR(TSS_E_OUTOFMEMORY);
721
}
722
memcpy(encObject, dataContainer.encData,
723
encObjectSize);
724
entityType = TCPA_ET_DATA;
725
}
726
727
offset = 0;
728
Trspi_LoadBlob_UINT32(&offset,
729
TPM_ORD_ChangeAuthAsymFinish,
730
hashBlob);
731
Trspi_LoadBlob_UINT16(&offset, entityType, hashBlob);
732
Trspi_LoadBlob(&offset, 20, hashBlob,
733
newAuthLink.digest);
734
Trspi_LoadBlob_UINT32(&offset, a1Size, hashBlob);
735
Trspi_LoadBlob(&offset, a1Size, hashBlob, a1);
736
Trspi_LoadBlob_UINT32(&offset, encObjectSize, hashBlob);
737
Trspi_LoadBlob(&offset, encObjectSize, hashBlob,
738
encObject);
739
Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob,
740
digest.digest);
741
#if 0
742
/* XXX */
743
if ((result = policy_UsesAuth(hParentPolicy,
744
&useAuth))) {
745
free(encObject);
746
return result;
747
}
748
#endif
749
if (useAuth) {
750
if ((result = secret_PerformAuth_OIAP(hParentObject,
751
TPM_ORD_ChangeAuthAsymFinish,
752
hParentPolicy,
753
&digest,
754
&auth))) {
755
TCSP_TerminateHandle(tspContext, auth.AuthHandle);
756
free(encObject);
757
free_key_refs(&keyContainer);
758
return result;
759
}
760
pAuth = &auth;
761
} else {
762
pAuth = NULL;
763
}
764
765
if ((result = TCSP_ChangeAuthAsymFinish(tspContext, keyHandle, ephHandle,
766
entityType, newAuthLink, a1Size,
767
a1, encObjectSize, encObject, pAuth,
768
&encDataSizeOut, &encDataOut,
769
&saltNonce, &changeProof))) {
770
free_key_refs(&keyContainer);
771
free(encObject);
772
return result;
773
}
774
775
/* --- Validate the Auth's */
776
offset = 0;
777
Trspi_LoadBlob_UINT32(&offset, result, hashBlob);
778
Trspi_LoadBlob_UINT32(&offset,
779
TPM_ORD_ChangeAuthAsymFinish,
780
hashBlob);
781
Trspi_LoadBlob_UINT32(&offset, encDataSizeOut,
782
hashBlob);
783
Trspi_LoadBlob(&offset, encDataSizeOut, hashBlob,
784
encDataOut);
785
Trspi_LoadBlob(&offset, 20, hashBlob, saltNonce.nonce);
786
Trspi_LoadBlob(&offset, 20, hashBlob, changeProof.digest);
787
Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob, digest.digest);
788
789
if (useAuth) {
790
if ((result = obj_policy_validate_auth_oiap(hParentPolicy,
791
&digest,
792
&auth))) {
793
free_key_refs(&keyContainer);
794
free(encObject);
795
return result;
796
}
797
}
798
799
if (entityType == TCPA_ET_KEY ||
800
entityType == TCPA_ET_KEYHANDLE) {
801
/* XXX replace with valid impl */
802
//keyreg_replaceEncData_PS(encObject, encDataOut);
803
804
memcpy(keyContainer.encData, encDataOut,
805
encDataSizeOut);
806
keyContainer.encSize = encDataSizeOut;
807
808
offset = 0;
809
Trspi_LoadBlob_KEY(&offset, keyObject,
810
&keyContainer);
811
free_key_refs(&keyContainer);
812
if ((result = obj_rsakey_set_tcpakey(
813
hObjectToChange,
814
offset, keyObject))) {
815
free(encObject);
816
return result;
817
}
818
}
819
820
if (entityType == TCPA_ET_DATA) {
821
memcpy(dataContainer.encData, encDataOut,
822
encDataSizeOut);
823
dataContainer.encDataSize = encDataSizeOut;
824
825
offset = 0;
826
Trspi_LoadBlob_STORED_DATA(&offset, dataBlob,
827
&dataContainer);
828
free(dataContainer.sealInfo);
829
free(dataContainer.encData);
830
obj_encdata_set_data(hObjectToChange,
831
offset, dataBlob);
832
}
833
}
834
} else
835
return TSPERR(TSS_E_BAD_PARAMETER);
836
837
free(encObject);
838
839
return Tspi_Policy_AssignToObject(hNewPolicy, hObjectToChange);
840
}
841
842
TSS_RESULT
843
Tspi_SetAttribUint32(TSS_HOBJECT hObject, /* in */
844
TSS_FLAG attribFlag, /* in */
845
TSS_FLAG subFlag, /* in */
846
UINT32 ulAttrib) /* in */
847
{
848
TSS_RESULT result;
849
850
if (obj_is_rsakey(hObject)) {
851
if (attribFlag == TSS_TSPATTRIB_KEY_REGISTER) {
852
if (subFlag)
853
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
854
855
if (ulAttrib == TSS_TSPATTRIB_KEYREGISTER_USER)
856
result = obj_rsakey_set_pstype(hObject, TSS_PS_TYPE_USER);
857
else if (ulAttrib == TSS_TSPATTRIB_KEYREGISTER_SYSTEM)
858
result = obj_rsakey_set_pstype(hObject, TSS_PS_TYPE_SYSTEM);
859
else if (ulAttrib == TSS_TSPATTRIB_KEYREGISTER_NO)
860
result = obj_rsakey_set_pstype(hObject, TSS_PS_TYPE_NO);
861
else
862
return TSPERR(TSS_E_INVALID_ATTRIB_DATA);
863
} else if (attribFlag == TSS_TSPATTRIB_KEY_INFO) {
864
switch (subFlag) {
865
case TSS_TSPATTRIB_KEYINFO_USAGE:
866
result = obj_rsakey_set_usage(hObject, ulAttrib);
867
break;
868
case TSS_TSPATTRIB_KEYINFO_MIGRATABLE:
869
if (ulAttrib != TRUE && ulAttrib != FALSE)
870
return TSPERR(TSS_E_INVALID_ATTRIB_DATA);
871
872
result = obj_rsakey_set_migratable(hObject, ulAttrib);
873
break;
874
case TSS_TSPATTRIB_KEYINFO_REDIRECTED:
875
if (ulAttrib != TRUE && ulAttrib != FALSE)
876
return TSPERR(TSS_E_INVALID_ATTRIB_DATA);
877
878
result = obj_rsakey_set_redirected(hObject, ulAttrib);
879
break;
880
case TSS_TSPATTRIB_KEYINFO_VOLATILE:
881
if (ulAttrib != TRUE && ulAttrib != FALSE)
882
return TSPERR(TSS_E_INVALID_ATTRIB_DATA);
883
884
result = obj_rsakey_set_volatile(hObject, ulAttrib);
885
break;
886
case TSS_TSPATTRIB_KEYINFO_AUTHDATAUSAGE:
887
/* fall through */
888
case TSS_TSPATTRIB_KEYINFO_AUTHUSAGE:
889
if (ulAttrib != TRUE && ulAttrib != FALSE)
890
return TSPERR(TSS_E_INVALID_ATTRIB_DATA);
891
892
result = obj_rsakey_set_authdata_usage(hObject, ulAttrib);
893
break;
894
case TSS_TSPATTRIB_KEYINFO_ALGORITHM:
895
result = obj_rsakey_set_alg(hObject, ulAttrib);
896
break;
897
case TSS_TSPATTRIB_KEYINFO_ENCSCHEME:
898
if (ulAttrib != TSS_ES_NONE &&
899
ulAttrib != TSS_ES_RSAESPKCSV15 &&
900
ulAttrib != TSS_ES_RSAESOAEP_SHA1_MGF1)
901
return TSPERR(TSS_E_INVALID_ATTRIB_DATA);
902
903
result = obj_rsakey_set_es(hObject, ulAttrib);
904
break;
905
case TSS_TSPATTRIB_KEYINFO_SIGSCHEME:
906
if (ulAttrib != TSS_SS_NONE &&
907
ulAttrib != TSS_SS_RSASSAPKCS1V15_SHA1 &&
908
ulAttrib != TSS_SS_RSASSAPKCS1V15_DER)
909
return TSPERR(TSS_E_INVALID_ATTRIB_DATA);
910
911
result = obj_rsakey_set_ss(hObject, ulAttrib);
912
break;
913
case TSS_TSPATTRIB_KEYINFO_KEYFLAGS:
914
result = obj_rsakey_set_flags(hObject, ulAttrib);
915
break;
916
case TSS_TSPATTRIB_KEYINFO_SIZE:
917
result = obj_rsakey_set_size(hObject, ulAttrib);
918
break;
919
default:
920
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
921
}
922
} else if (attribFlag == TSS_TSPATTRIB_RSAKEY_INFO) {
923
if (subFlag == TSS_TSPATTRIB_KEYINFO_RSA_PRIMES) {
924
result = obj_rsakey_set_num_primes(hObject, ulAttrib);
925
} else
926
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
927
} else
928
return TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
929
} else if (obj_is_policy(hObject)) {
930
switch (attribFlag) {
931
case TSS_TSPATTRIB_POLICY_CALLBACK_HMAC:
932
case TSS_TSPATTRIB_POLICY_CALLBACK_XOR_ENC:
933
case TSS_TSPATTRIB_POLICY_CALLBACK_TAKEOWNERSHIP:
934
case TSS_TSPATTRIB_POLICY_CALLBACK_CHANGEAUTHASYM:
935
result = obj_policy_set_cb11(hObject, attribFlag,
936
subFlag, ulAttrib);
937
break;
938
case TSS_TSPATTRIB_POLICY_SECRET_LIFETIME:
939
if (subFlag == TSS_TSPATTRIB_POLICYSECRET_LIFETIME_ALWAYS) {
940
result = obj_policy_set_lifetime(hObject);
941
} else if (subFlag == TSS_TSPATTRIB_POLICYSECRET_LIFETIME_COUNTER) {
942
result = obj_policy_set_counter(hObject, ulAttrib);
943
} else if (subFlag == TSS_TSPATTRIB_POLICYSECRET_LIFETIME_TIMER) {
944
result = obj_policy_set_timer(hObject, ulAttrib);
945
} else {
946
result = TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
947
}
948
break;
949
#ifndef TSS_SPEC_COMPLIANCE
950
case TSS_TSPATTRIB_SECRET_HASH_MODE:
951
result = obj_policy_set_hash_mode(hObject, ulAttrib);
952
break;
953
#endif
954
default:
955
return TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
956
break;
957
}
958
} else if (obj_is_context(hObject)) {
959
switch (attribFlag) {
960
case TSS_TSPATTRIB_CONTEXT_SILENT_MODE:
961
if (ulAttrib == TSS_TSPATTRIB_CONTEXT_NOT_SILENT)
962
result = obj_context_set_mode(hObject, ulAttrib);
963
else if (ulAttrib == TSS_TSPATTRIB_CONTEXT_SILENT) {
964
if (obj_context_has_popups(hObject))
965
return TSPERR(TSS_E_SILENT_CONTEXT);
966
result = obj_context_set_mode(hObject, ulAttrib);
967
} else
968
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
969
break;
970
#ifndef TSS_SPEC_COMPLIANCE
971
case TSS_TSPATTRIB_SECRET_HASH_MODE:
972
result = obj_context_set_hash_mode(hObject, ulAttrib);
973
break;
974
#endif
975
default:
976
return TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
977
break;
978
}
979
} else if (obj_is_tpm(hObject)) {
980
switch (attribFlag) {
981
case TSS_TSPATTRIB_TPM_CALLBACK_COLLATEIDENTITY:
982
case TSS_TSPATTRIB_TPM_CALLBACK_ACTIVATEIDENTITY:
983
if ((result = obj_tpm_set_cb11(hObject, attribFlag, subFlag,
984
ulAttrib)))
985
return result;
986
break;
987
default:
988
result = TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
989
break;
990
}
991
} else {
992
if (obj_is_hash(hObject) || obj_is_pcrs(hObject) || obj_is_encdata(hObject))
993
result = TSPERR(TSS_E_BAD_PARAMETER);
994
else
995
result = TSPERR(TSS_E_INVALID_HANDLE);
996
}
997
998
return result;
999
}
1000
1001
TSS_RESULT
1002
Tspi_GetAttribUint32(TSS_HOBJECT hObject, /* in */
1003
TSS_FLAG attribFlag, /* in */
1004
TSS_FLAG subFlag, /* in */
1005
UINT32 * pulAttrib) /* out */
1006
{
1007
UINT32 attrib;
1008
TSS_RESULT result = TSS_SUCCESS;
1009
1010
if (pulAttrib == NULL)
1011
return TSPERR(TSS_E_BAD_PARAMETER);
1012
1013
if (obj_is_rsakey(hObject)) {
1014
if (attribFlag == TSS_TSPATTRIB_KEY_REGISTER) {
1015
if (subFlag != 0)
1016
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
1017
1018
if ((result = obj_rsakey_get_pstype(hObject, &attrib)))
1019
return result;
1020
1021
if (attrib == TSS_PS_TYPE_USER)
1022
*pulAttrib = TSS_TSPATTRIB_KEYREGISTER_USER;
1023
else if (attrib == TSS_PS_TYPE_SYSTEM)
1024
*pulAttrib = TSS_TSPATTRIB_KEYREGISTER_SYSTEM;
1025
else
1026
*pulAttrib = TSS_TSPATTRIB_KEYREGISTER_NO;
1027
} else if (attribFlag == TSS_TSPATTRIB_KEY_INFO) {
1028
switch (subFlag) {
1029
case TSS_TSPATTRIB_KEYINFO_USAGE:
1030
if ((result = obj_rsakey_get_usage(hObject, pulAttrib)))
1031
return result;
1032
break;
1033
case TSS_TSPATTRIB_KEYINFO_MIGRATABLE:
1034
*pulAttrib = obj_rsakey_is_migratable(hObject);
1035
break;
1036
case TSS_TSPATTRIB_KEYINFO_REDIRECTED:
1037
*pulAttrib = obj_rsakey_is_redirected(hObject);
1038
break;
1039
case TSS_TSPATTRIB_KEYINFO_VOLATILE:
1040
*pulAttrib = obj_rsakey_is_volatile(hObject);
1041
break;
1042
case TSS_TSPATTRIB_KEYINFO_AUTHUSAGE:
1043
/* fall through */
1044
case TSS_TSPATTRIB_KEYINFO_AUTHDATAUSAGE:
1045
if ((result = obj_rsakey_get_authdata_usage(hObject, pulAttrib)))
1046
return result;
1047
break;
1048
case TSS_TSPATTRIB_KEYINFO_ALGORITHM:
1049
if ((result = obj_rsakey_get_alg(hObject, pulAttrib)))
1050
return result;
1051
break;
1052
case TSS_TSPATTRIB_KEYINFO_ENCSCHEME:
1053
if ((result = obj_rsakey_get_es(hObject, pulAttrib)))
1054
return result;
1055
break;
1056
case TSS_TSPATTRIB_KEYINFO_SIGSCHEME:
1057
if ((result = obj_rsakey_get_ss(hObject, pulAttrib)))
1058
return result;
1059
break;
1060
case TSS_TSPATTRIB_KEYINFO_KEYFLAGS:
1061
if ((result = obj_rsakey_get_flags(hObject, pulAttrib)))
1062
return result;
1063
break;
1064
case TSS_TSPATTRIB_KEYINFO_SIZE:
1065
if ((result = obj_rsakey_get_size(hObject, pulAttrib)))
1066
return result;
1067
break;
1068
default:
1069
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
1070
}
1071
} else if (attribFlag == TSS_TSPATTRIB_RSAKEY_INFO) {
1072
if (subFlag == TSS_TSPATTRIB_KEYINFO_RSA_KEYSIZE) {
1073
if ((result = obj_rsakey_get_size(hObject, pulAttrib)))
1074
return result;
1075
} else if (subFlag == TSS_TSPATTRIB_KEYINFO_RSA_PRIMES) {
1076
if ((result = obj_rsakey_get_num_primes(hObject, pulAttrib)))
1077
return result;
1078
} else {
1079
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
1080
}
1081
} else
1082
return TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
1083
} else if (obj_is_policy(hObject)) {
1084
switch (attribFlag) {
1085
case TSS_TSPATTRIB_POLICY_CALLBACK_HMAC:
1086
case TSS_TSPATTRIB_POLICY_CALLBACK_XOR_ENC:
1087
case TSS_TSPATTRIB_POLICY_CALLBACK_TAKEOWNERSHIP:
1088
case TSS_TSPATTRIB_POLICY_CALLBACK_CHANGEAUTHASYM:
1089
if ((result = obj_policy_get_cb11(hObject, attribFlag, pulAttrib)))
1090
return result;
1091
break;
1092
case TSS_TSPATTRIB_POLICY_SECRET_LIFETIME:
1093
if ((result = obj_policy_get_lifetime(hObject, &attrib)))
1094
return result;
1095
1096
if (subFlag == TSS_TSPATTRIB_POLICYSECRET_LIFETIME_ALWAYS) {
1097
if (attrib == TSS_TSPATTRIB_POLICYSECRET_LIFETIME_ALWAYS)
1098
*pulAttrib = TRUE;
1099
else
1100
*pulAttrib = FALSE;
1101
} else if (subFlag == TSS_TSPATTRIB_POLICYSECRET_LIFETIME_COUNTER) {
1102
if (attrib != TSS_TSPATTRIB_POLICYSECRET_LIFETIME_COUNTER)
1103
return TSPERR(TSS_E_BAD_PARAMETER);
1104
if ((result = obj_policy_get_counter(hObject, pulAttrib)))
1105
return result;
1106
} else if (subFlag == TSS_TSPATTRIB_POLICYSECRET_LIFETIME_TIMER) {
1107
if ((result =
1108
obj_policy_get_secs_until_expired(hObject, pulAttrib)))
1109
return result;
1110
} else
1111
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
1112
break;
1113
#ifndef TSS_SPEC_COMPLIANCE
1114
case TSS_TSPATTRIB_SECRET_HASH_MODE:
1115
if (subFlag == TSS_TSPATTRIB_SECRET_HASH_MODE_POPUP)
1116
result = obj_policy_get_hash_mode(hObject, pulAttrib);
1117
else
1118
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
1119
break;
1120
#endif
1121
default:
1122
return TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
1123
break;
1124
}
1125
} else if (obj_is_context(hObject)) {
1126
switch (attribFlag) {
1127
case TSS_TSPATTRIB_CONTEXT_SILENT_MODE:
1128
if ((result = obj_context_get_mode(hObject, pulAttrib)))
1129
return result;
1130
break;
1131
#ifndef TSS_SPEC_COMPLIANCE
1132
case TSS_TSPATTRIB_SECRET_HASH_MODE:
1133
if (subFlag == TSS_TSPATTRIB_SECRET_HASH_MODE_POPUP)
1134
result = obj_context_get_hash_mode(hObject, pulAttrib);
1135
else
1136
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
1137
break;
1138
#endif
1139
default:
1140
return TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
1141
break;
1142
}
1143
} else if (obj_is_tpm(hObject)) {
1144
switch (attribFlag) {
1145
case TSS_TSPATTRIB_TPM_CALLBACK_COLLATEIDENTITY:
1146
case TSS_TSPATTRIB_TPM_CALLBACK_ACTIVATEIDENTITY:
1147
if ((result = obj_tpm_get_cb11(hObject, attribFlag, pulAttrib)))
1148
return result;
1149
break;
1150
default:
1151
result = TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
1152
break;
1153
}
1154
} else {
1155
if (obj_is_hash(hObject) || obj_is_pcrs(hObject) || obj_is_encdata(hObject))
1156
result = TSPERR(TSS_E_BAD_PARAMETER);
1157
else
1158
result = TSPERR(TSS_E_INVALID_HANDLE);
1159
}
1160
1161
return result;
1162
}
1163
1164
TSS_RESULT
1165
Tspi_SetAttribData(TSS_HOBJECT hObject, /* in */
1166
TSS_FLAG attribFlag, /* in */
1167
TSS_FLAG subFlag, /* in */
1168
UINT32 ulAttribDataSize, /* in */
1169
BYTE * rgbAttribData) /* in */
1170
{
1171
TSS_RESULT result;
1172
BYTE *string = NULL;
1173
1174
if (obj_is_rsakey(hObject)) {
1175
if (attribFlag == TSS_TSPATTRIB_KEY_BLOB) {
1176
if (subFlag == TSS_TSPATTRIB_KEYBLOB_BLOB) {
1177
/* A TCPA_KEY structure, in blob form */
1178
result = obj_rsakey_set_tcpakey(hObject, ulAttribDataSize,
1179
rgbAttribData);
1180
} else if (subFlag == TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY) {
1181
/* A TCPA_PUBKEY structure, in blob form */
1182
result = obj_rsakey_set_pubkey(hObject, FALSE, rgbAttribData);
1183
} else if (subFlag == TSS_TSPATTRIB_KEYBLOB_PRIVATE_KEY) {
1184
/* A blob, either encrypted or unencrypted */
1185
result = obj_rsakey_set_privkey(hObject, FALSE, ulAttribDataSize,
1186
rgbAttribData);
1187
} else {
1188
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
1189
}
1190
#ifndef TSS_SPEC_COMPLIANCE
1191
} else if (attribFlag == TSS_TSPATTRIB_RSAKEY_INFO) {
1192
if (subFlag == TSS_TSPATTRIB_KEYINFO_RSA_EXPONENT) {
1193
result = obj_rsakey_set_exponent(hObject, ulAttribDataSize,
1194
rgbAttribData);
1195
} else if (subFlag == TSS_TSPATTRIB_KEYINFO_RSA_MODULUS) {
1196
result = obj_rsakey_set_modulus(hObject, ulAttribDataSize,
1197
rgbAttribData);
1198
} else {
1199
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
1200
}
1201
#endif
1202
} else {
1203
return TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
1204
}
1205
} else if (obj_is_encdata(hObject)) {
1206
if (attribFlag != TSS_TSPATTRIB_ENCDATA_BLOB)
1207
return TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
1208
if (subFlag != TSS_TSPATTRIB_ENCDATABLOB_BLOB)
1209
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
1210
1211
result = obj_encdata_set_data(hObject, ulAttribDataSize, rgbAttribData);
1212
} else if (obj_is_policy(hObject)) {
1213
switch (attribFlag) {
1214
case TSS_TSPATTRIB_POLICY_POPUPSTRING:
1215
if ((string = Trspi_UNICODE_To_Native(rgbAttribData,
1216
NULL)) == NULL)
1217
return TSPERR(TSS_E_INTERNAL_ERROR);
1218
1219
result = obj_policy_set_string(hObject,
1220
ulAttribDataSize,
1221
string);
1222
break;
1223
#ifndef TSS_SPEC_COMPLIANCE
1224
case TSS_TSPATTRIB_POLICY_CALLBACK_HMAC:
1225
case TSS_TSPATTRIB_POLICY_CALLBACK_XOR_ENC:
1226
case TSS_TSPATTRIB_POLICY_CALLBACK_TAKEOWNERSHIP:
1227
case TSS_TSPATTRIB_POLICY_CALLBACK_CHANGEAUTHASYM:
1228
result = obj_policy_set_cb12(hObject, attribFlag,
1229
rgbAttribData);
1230
break;
1231
#endif
1232
default:
1233
return TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
1234
break;
1235
}
1236
} else if (obj_is_hash(hObject)) {
1237
if (attribFlag != TSS_TSPATTRIB_HASH_IDENTIFIER)
1238
return TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
1239
1240
if (subFlag != 0)
1241
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
1242
1243
result = obj_hash_set_value(hObject, ulAttribDataSize, rgbAttribData);
1244
} else if (obj_is_tpm(hObject)) {
1245
switch (attribFlag) {
1246
#ifndef TSS_SPEC_COMPLIANCE
1247
case TSS_TSPATTRIB_TPM_CALLBACK_COLLATEIDENTITY:
1248
case TSS_TSPATTRIB_TPM_CALLBACK_ACTIVATEIDENTITY:
1249
result = obj_tpm_set_cb12(hObject, attribFlag,
1250
rgbAttribData);
1251
break;
1252
#endif
1253
default:
1254
return TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
1255
break;
1256
}
1257
} else {
1258
if (obj_is_pcrs(hObject) || obj_is_context(hObject))
1259
result = TSPERR(TSS_E_BAD_PARAMETER);
1260
else
1261
result = TSPERR(TSS_E_INVALID_HANDLE);
1262
}
1263
1264
return result;
1265
}
1266
1267
TSS_RESULT
1268
Tspi_GetAttribData(TSS_HOBJECT hObject, /* in */
1269
TSS_FLAG attribFlag, /* in */
1270
TSS_FLAG subFlag, /* in */
1271
UINT32 * pulAttribDataSize, /* out */
1272
BYTE ** prgbAttribData) /* out */
1273
{
1274
TSS_RESULT result;
1275
1276
if (pulAttribDataSize == NULL || prgbAttribData == NULL)
1277
return TSPERR(TSS_E_BAD_PARAMETER);
1278
1279
if (obj_is_rsakey(hObject)) {
1280
if (attribFlag == TSS_TSPATTRIB_KEY_BLOB) {
1281
if (subFlag == TSS_TSPATTRIB_KEYBLOB_BLOB) {
1282
/* A TCPA_KEY structure, in blob form */
1283
result = obj_rsakey_get_blob(hObject, pulAttribDataSize,
1284
prgbAttribData);
1285
} else if (subFlag == TSS_TSPATTRIB_KEYBLOB_PRIVATE_KEY) {
1286
/* A blob, either encrypted or unencrypted */
1287
result = obj_rsakey_get_priv_blob(hObject, pulAttribDataSize,
1288
prgbAttribData);
1289
} else if (subFlag == TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY) {
1290
/* A TCPA_PUBKEY structure, in blob form */
1291
result = obj_rsakey_get_pub_blob(hObject, pulAttribDataSize,
1292
prgbAttribData);
1293
} else {
1294
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
1295
}
1296
} else if (attribFlag == TSS_TSPATTRIB_KEY_INFO) {
1297
if (subFlag != TSS_TSPATTRIB_KEYINFO_VERSION)
1298
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
1299
1300
result = obj_rsakey_get_version(hObject, pulAttribDataSize,
1301
prgbAttribData);
1302
} else if (attribFlag == TSS_TSPATTRIB_RSAKEY_INFO) {
1303
if (subFlag == TSS_TSPATTRIB_KEYINFO_RSA_EXPONENT) {
1304
result = obj_rsakey_get_exponent(hObject, pulAttribDataSize,
1305
prgbAttribData);
1306
} else if (subFlag == TSS_TSPATTRIB_KEYINFO_RSA_MODULUS) {
1307
result = obj_rsakey_get_modulus(hObject, pulAttribDataSize,
1308
prgbAttribData);
1309
} else
1310
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
1311
} else if (attribFlag == TSS_TSPATTRIB_KEY_UUID) {
1312
if (subFlag)
1313
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
1314
1315
result = obj_rsakey_get_uuid(hObject,
1316
pulAttribDataSize,
1317
prgbAttribData);
1318
} else if (attribFlag == TSS_TSPATTRIB_KEY_PCR) {
1319
if (subFlag == TSS_TSPATTRIB_KEYPCR_DIGEST_ATCREATION) {
1320
result = obj_rsakey_get_pcr_atcreation(hObject,
1321
pulAttribDataSize,
1322
prgbAttribData);
1323
} else if (subFlag == TSS_TSPATTRIB_KEYPCR_DIGEST_ATRELEASE) {
1324
result = obj_rsakey_get_pcr_atrelease(hObject,
1325
pulAttribDataSize,
1326
prgbAttribData);
1327
} else if (subFlag == TSS_TSPATTRIB_KEYPCR_SELECTION) {
1328
result = obj_rsakey_get_pcr_selection(hObject,
1329
pulAttribDataSize,
1330
prgbAttribData);
1331
} else
1332
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
1333
} else
1334
return TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
1335
} else if (obj_is_encdata(hObject)) {
1336
if (attribFlag == TSS_TSPATTRIB_ENCDATA_BLOB) {
1337
if (subFlag != TSS_TSPATTRIB_ENCDATABLOB_BLOB)
1338
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
1339
1340
result = obj_encdata_get_data(hObject,
1341
pulAttribDataSize,
1342
prgbAttribData);
1343
} else if (attribFlag == TSS_TSPATTRIB_ENCDATA_PCR) {
1344
if (subFlag == TSS_TSPATTRIB_ENCDATAPCR_DIGEST_ATCREATION) {
1345
result = obj_encdata_get_pcr_atcreation(hObject,
1346
pulAttribDataSize,
1347
prgbAttribData);
1348
} else if (subFlag == TSS_TSPATTRIB_ENCDATAPCR_DIGEST_RELEASE) {
1349
result = obj_encdata_get_pcr_atrelease(hObject,
1350
pulAttribDataSize,
1351
prgbAttribData);
1352
} else if (subFlag == TSS_TSPATTRIB_ENCDATAPCR_SELECTION) {
1353
result = obj_encdata_get_pcr_selection(hObject,
1354
pulAttribDataSize,
1355
prgbAttribData);
1356
} else {
1357
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
1358
}
1359
} else {
1360
return TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
1361
}
1362
} else if (obj_is_context(hObject)) {
1363
if (attribFlag != TSS_TSPATTRIB_CONTEXT_MACHINE_NAME)
1364
return TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
1365
1366
if ((result = obj_context_get_machine_name_attrib(hObject,
1367
pulAttribDataSize,
1368
prgbAttribData)))
1369
return result;
1370
} else if (obj_is_policy(hObject)) {
1371
switch (attribFlag) {
1372
#ifndef TSS_SPEC_COMPLIANCE
1373
case TSS_TSPATTRIB_POLICY_CALLBACK_HMAC:
1374
case TSS_TSPATTRIB_POLICY_CALLBACK_XOR_ENC:
1375
case TSS_TSPATTRIB_POLICY_CALLBACK_TAKEOWNERSHIP:
1376
case TSS_TSPATTRIB_POLICY_CALLBACK_CHANGEAUTHASYM:
1377
result = obj_policy_get_cb12(hObject, attribFlag,
1378
pulAttribDataSize, prgbAttribData);
1379
break;
1380
#endif
1381
case TSS_TSPATTRIB_POLICY_POPUPSTRING:
1382
if ((result = obj_policy_get_string(hObject, pulAttribDataSize,
1383
prgbAttribData)))
1384
return result;
1385
break;
1386
default:
1387
result = TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
1388
break;
1389
}
1390
} else if (obj_is_tpm(hObject)) {
1391
switch (attribFlag) {
1392
#ifndef TSS_SPEC_COMPLIANCE
1393
case TSS_TSPATTRIB_TPM_CALLBACK_COLLATEIDENTITY:
1394
case TSS_TSPATTRIB_TPM_CALLBACK_ACTIVATEIDENTITY:
1395
result = obj_tpm_get_cb12(hObject, attribFlag,
1396
pulAttribDataSize, prgbAttribData);
1397
break;
1398
#endif
1399
default:
1400
return TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
1401
break;
1402
}
1403
} else {
1404
if (obj_is_hash(hObject) || obj_is_pcrs(hObject))
1405
result = TSPERR(TSS_E_BAD_PARAMETER);
1406
else
1407
result = TSPERR(TSS_E_INVALID_HANDLE);
1408
}
1409
1410
return result;
1411
}
1412
1413
TSS_RESULT
1414
Tspi_GetPolicyObject(TSS_HOBJECT hObject, /* in */
1415
TSS_FLAG policyType, /* in */
1416
TSS_HPOLICY * phPolicy) /* out */
1417
{
1418
TSS_RESULT result;
1419
1420
if (phPolicy == NULL)
1421
return TSPERR(TSS_E_BAD_PARAMETER);
1422
1423
if (policyType != TSS_POLICY_USAGE &&
1424
policyType != TSS_POLICY_MIGRATION)
1425
return TSPERR(TSS_E_BAD_PARAMETER);
1426
1427
if (obj_is_rsakey(hObject)) {
1428
result = obj_rsakey_get_policy(hObject, policyType, phPolicy, NULL);
1429
} else if (obj_is_tpm(hObject)) {
1430
if (policyType == TSS_POLICY_MIGRATION)
1431
result = TSPERR(TSS_E_BAD_PARAMETER);
1432
else
1433
result = obj_tpm_get_policy(hObject, phPolicy);
1434
} else if (obj_is_encdata(hObject)) {
1435
if (policyType == TSS_POLICY_MIGRATION)
1436
result = TSPERR(TSS_E_BAD_PARAMETER);
1437
else
1438
result = obj_encdata_get_policy(hObject, phPolicy);
1439
} else {
1440
if (obj_is_policy(hObject) || obj_is_hash(hObject) ||
1441
obj_is_pcrs(hObject) || obj_is_context(hObject))
1442
result = TSPERR(TSS_E_BAD_PARAMETER);
1443
else
1444
result = TSPERR(TSS_E_INVALID_HANDLE);
1445
}
1446
1447
if (result == TSS_SUCCESS && *phPolicy == NULL_HPOLICY)
1448
result = TSPERR(TSS_E_INTERNAL_ERROR);
1449
1450
return result;
1451
}
1452
Loggerhead is a web-based interface for Breezy
Version: 2.0.1