3
* Licensed Materials - Property of IBM
5
* trousers - An open source TCG Software Stack
7
* (C) Copyright International Business Machines Corp. 2004-2006
18
#include "trousers/tss.h"
19
#include "trousers/trousers.h"
20
#include "trousers_types.h"
21
#include "spi_internal_types.h"
22
#include "spi_utils.h"
23
#include "capabilities.h"
28
Tspi_ChangeAuth(TSS_HOBJECT hObjectToChange, /* in */
29
TSS_HOBJECT hParentObject, /* in */
30
TSS_HPOLICY hNewPolicy) /* in */
32
TCPA_ENCAUTH encAuthUsage;
33
TCPA_ENCAUTH encAuthMig;
34
BYTE sharedSecret[20];
38
BYTE hashBlob[0x1000];
43
TSS_HPOLICY hParentPolicy;
44
TCPA_NONCE nonceEvenOSAP;
45
UINT32 dataBlobLength;
47
TCPA_STORED_DATA storedData;
48
UINT32 keyToChangeHandle;
54
TSS_HCONTEXT tspContext;
56
/* Perform the initial checks
57
* If the parent Object is Null
58
* - Trying to change the TPM Auth
59
* - This requires Owner Authorization
60
* If the parent Object is not Null
61
* - Trying to change the auth of an entity
62
* If the ObjectToChange is the SRK, then the parent must be the TPM
66
if ((result = obj_policy_get_tsp_context(hNewPolicy, &tspContext)))
69
/* if the object to change is the TPM object, then the parent should
70
* be NULL. If the object to change is not the TPM, then the parent
71
* object must be either an rsakey or the TPM */
72
if (obj_is_tpm(hObjectToChange)) {
73
if (hParentObject != NULL_HOBJECT)
74
return TSPERR(TSS_E_INVALID_HANDLE);
75
} else if (!obj_is_rsakey(hParentObject) &&
76
!obj_is_tpm(hParentObject)) {
77
return TSPERR(TSS_E_INVALID_HANDLE);
80
if (obj_is_tpm(hObjectToChange)) {/* if TPM Owner Auth change */
81
/* get the owner policy */
82
if ((result = obj_tpm_get_policy(hObjectToChange, &hPolicy)))
85
/* Now Calculate the authorization */
87
secret_PerformXOR_OSAP(hPolicy, hNewPolicy, hNewPolicy,
88
hObjectToChange, TCPA_ET_OWNER, 0,
89
&encAuthUsage, &encAuthMig,
94
/* calculate auth data */
96
Trspi_LoadBlob_UINT32(&offset, TPM_ORD_ChangeAuthOwner,
98
Trspi_LoadBlob_UINT16(&offset, TCPA_PID_ADCP, hashBlob);
99
Trspi_LoadBlob(&offset, 20, hashBlob, encAuthUsage.authdata);
100
Trspi_LoadBlob_UINT16(&offset, TCPA_ET_OWNER, hashBlob);
101
Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob, digest.digest);
104
secret_PerformAuth_OSAP(hObjectToChange,
105
TPM_ORD_ChangeAuthOwner, hPolicy,
106
hNewPolicy, hNewPolicy,
107
sharedSecret, &auth1,
108
digest.digest, &nonceEvenOSAP)))
111
if ((result = TCSP_ChangeAuthOwner(tspContext, TCPA_PID_ADCP, encAuthUsage,
112
TCPA_ET_OWNER, &auth1)))
116
Trspi_LoadBlob_UINT32(&offset, result, hashBlob);
117
Trspi_LoadBlob_UINT32(&offset, TPM_ORD_ChangeAuthOwner,
119
Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob, digest.digest);
121
if ((result = secret_ValidateAuth_OSAP(hObjectToChange,
122
TPM_ORD_ChangeAuthOwner,
125
sharedSecret, &auth1,
130
} else if (obj_is_rsakey(hObjectToChange)) {
131
if ((result = obj_rsakey_get_tcs_handle(hObjectToChange, &keyToChangeHandle)))
134
if (keyToChangeHandle == TPM_KEYHND_SRK) {
135
LogDebug("SRK Handle");
136
/* get the owner policy */
137
if ((result = obj_tpm_get_policy(hParentObject,
141
/* Now Calculate the authorization */
143
secret_PerformXOR_OSAP(hParentPolicy, hNewPolicy,
144
hNewPolicy, hParentObject,
146
&encAuthUsage, &encAuthMig,
147
sharedSecret, &auth1,
151
/* calculate auth data */
153
Trspi_LoadBlob_UINT32(&offset, TPM_ORD_ChangeAuthOwner,
155
Trspi_LoadBlob_UINT16(&offset, TCPA_PID_ADCP, hashBlob);
156
Trspi_LoadBlob(&offset, 20, hashBlob,
157
encAuthUsage.authdata);
158
Trspi_LoadBlob_UINT16(&offset, TCPA_ET_SRK, hashBlob);
159
Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob,
163
secret_PerformAuth_OSAP(hParentObject,
164
TPM_ORD_ChangeAuthOwner,
165
hParentPolicy, hNewPolicy,
166
hNewPolicy, sharedSecret,
167
&auth1, digest.digest,
171
if ((result = TCSP_ChangeAuthOwner(tspContext, TCPA_PID_ADCP, encAuthUsage,
172
TCPA_ET_SRK, &auth1)))
175
/* Validate the Auths */
177
Trspi_LoadBlob_UINT32(&offset, result, hashBlob);
178
Trspi_LoadBlob_UINT32(&offset, TPM_ORD_ChangeAuthOwner,
180
Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob,
184
secret_ValidateAuth_OSAP(hParentObject,
185
TPM_ORD_ChangeAuthOwner,
186
hParentPolicy, hNewPolicy,
187
hNewPolicy, sharedSecret,
188
&auth1, digest.digest,
192
if ((result = obj_rsakey_get_policy(hObjectToChange,
197
/* get the parent secret */
198
if ((result = obj_rsakey_get_policy(hParentObject,
200
&hParentPolicy, NULL)))
203
if ((result = obj_rsakey_get_blob(hObjectToChange,
204
&objectLength, &keyBlob)))
208
if ((result = Trspi_UnloadBlob_KEY(&offset, keyBlob,
210
LogDebug("Trspi_UnloadBlob_KEY failed. "
211
"result=0x%x", result);
215
if ((result = obj_rsakey_get_tcs_handle(hParentObject, &keyHandle)))
219
secret_PerformXOR_OSAP(hParentPolicy,
223
keyHandle == TPM_KEYHND_SRK ?
234
/* caluculate auth data */
236
Trspi_LoadBlob_UINT32(&offset, TPM_ORD_ChangeAuth,
238
Trspi_LoadBlob_UINT16(&offset, TCPA_PID_ADCP, hashBlob);
239
Trspi_LoadBlob(&offset, 20, hashBlob,
240
encAuthUsage.authdata);
241
Trspi_LoadBlob_UINT16(&offset, TCPA_ET_KEY, hashBlob);
242
Trspi_LoadBlob_UINT32(&offset, keyToChange.encSize,
244
Trspi_LoadBlob(&offset, keyToChange.encSize, hashBlob,
245
keyToChange.encData);
246
Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob,
250
secret_PerformAuth_OSAP(hParentObject,
252
hParentPolicy, hNewPolicy,
253
hNewPolicy, sharedSecret,
254
&auth1, digest.digest,
258
if ((result = secret_PerformAuth_OIAP(hObjectToChange,
262
TCSP_TerminateHandle(tspContext, auth1.AuthHandle);
266
if ((result = TCSP_ChangeAuth(tspContext, keyHandle, TCPA_PID_ADCP,
267
encAuthUsage, TCPA_ET_KEY,
268
keyToChange.encSize, keyToChange.encData,
269
&auth1, &auth2, &newEncSize, &newEncData)))
272
/* Validate the Auths */
274
Trspi_LoadBlob_UINT32(&offset, result, hashBlob);
275
Trspi_LoadBlob_UINT32(&offset, TPM_ORD_ChangeAuth,
277
Trspi_LoadBlob_UINT32(&offset, newEncSize, hashBlob);
278
Trspi_LoadBlob(&offset, newEncSize, hashBlob,
280
Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob,
284
secret_ValidateAuth_OSAP(hParentObject,
286
hParentPolicy, hNewPolicy,
287
hNewPolicy, sharedSecret,
288
&auth1, digest.digest,
294
if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest,
298
memcpy(keyToChange.encData, newEncData, newEncSize);
302
Trspi_LoadBlob_KEY(&offset, keyBlob, &keyToChange);
303
objectLength = offset;
305
if ((result = obj_rsakey_set_tcpakey(hObjectToChange,
306
objectLength, keyBlob)))
309
/* XXX replace with valid impl if we really want to
310
* touch the PS here */
311
//keyreg_replaceEncData_PS(oldEncData,
312
// keyToChange.encData);
314
} else if (obj_is_encdata(hObjectToChange)) {
315
/* get the secret for the parent */
316
if ((result = obj_encdata_get_policy(hObjectToChange, &hPolicy)))
319
/* get the parent secret */
320
if ((result = obj_rsakey_get_policy(hParentObject,
322
&hParentPolicy, NULL)))
325
/* get the data Object */
326
if ((result = obj_encdata_get_data(hObjectToChange,
327
&dataBlobLength, &dataBlob)))
331
if ((result = Trspi_UnloadBlob_STORED_DATA(&offset, dataBlob,
335
if ((result = obj_rsakey_get_tcs_handle(hParentObject, &keyHandle))) {
336
free(storedData.sealInfo);
337
free(storedData.encData);
342
secret_PerformXOR_OSAP(hParentPolicy, hNewPolicy,
343
hNewPolicy, hParentObject,
344
TCPA_ET_KEYHANDLE, keyHandle,
345
&encAuthUsage, &encAuthMig,
346
sharedSecret, &auth1,
348
free(storedData.sealInfo);
349
free(storedData.encData);
353
/* caluculate auth data */
355
Trspi_LoadBlob_UINT32(&offset, TPM_ORD_ChangeAuth, hashBlob);
356
Trspi_LoadBlob_UINT16(&offset, TCPA_PID_ADCP, hashBlob);
357
Trspi_LoadBlob(&offset, 20, hashBlob, encAuthUsage.authdata);
358
Trspi_LoadBlob_UINT16(&offset, TCPA_ET_DATA, hashBlob);
359
Trspi_LoadBlob_UINT32(&offset, storedData.encDataSize, hashBlob);
360
Trspi_LoadBlob(&offset, storedData.encDataSize, hashBlob,
362
Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob, digest.digest);
365
secret_PerformAuth_OSAP(hParentObject, TPM_ORD_ChangeAuth,
366
hParentPolicy, hNewPolicy,
367
hNewPolicy, sharedSecret, &auth1,
368
digest.digest, &nonceEvenOSAP))) {
369
free(storedData.sealInfo);
370
free(storedData.encData);
374
if ((result = secret_PerformAuth_OIAP(hObjectToChange,
378
TCSP_TerminateHandle(tspContext, auth1.AuthHandle);
379
free(storedData.sealInfo);
380
free(storedData.encData);
384
if ((result = TCSP_ChangeAuth(tspContext, keyHandle,
385
TCPA_PID_ADCP, encAuthUsage,
387
storedData.encDataSize,
388
storedData.encData, &auth1,
391
free(storedData.sealInfo);
392
free(storedData.encData);
396
/* Validate the Auths */
398
Trspi_LoadBlob_UINT32(&offset, result, hashBlob);
399
Trspi_LoadBlob_UINT32(&offset, TPM_ORD_ChangeAuth, hashBlob);
400
Trspi_LoadBlob_UINT32(&offset, newEncSize, hashBlob);
401
Trspi_LoadBlob(&offset, newEncSize, hashBlob, newEncData);
402
Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob, digest.digest);
405
secret_ValidateAuth_OSAP(hParentObject, TPM_ORD_ChangeAuth,
406
hParentPolicy, hNewPolicy,
407
hNewPolicy, sharedSecret, &auth1,
408
digest.digest, &nonceEvenOSAP))) {
409
free(storedData.sealInfo);
410
free(storedData.encData);
415
if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest,
417
free(storedData.sealInfo);
418
free(storedData.encData);
422
memcpy(storedData.encData, newEncData, newEncSize);
424
storedData.encDataSize = newEncSize;
427
Trspi_LoadBlob_STORED_DATA(&offset, dataBlob, &storedData);
428
free(storedData.sealInfo);
429
free(storedData.encData);
430
if ((result = obj_encdata_set_data(hObjectToChange,
434
} else if (obj_is_policy(hObjectToChange) || obj_is_hash(hObjectToChange) ||
435
obj_is_pcrs(hObjectToChange) || obj_is_context(hObjectToChange)) {
436
return TSPERR(TSS_E_BAD_PARAMETER);
438
return TSPERR(TSS_E_INVALID_HANDLE);
441
if ((result = obj_policy_set_type(hNewPolicy, TSS_POLICY_USAGE)))
444
return Tspi_Policy_AssignToObject(hNewPolicy, hObjectToChange);
448
Tspi_ChangeAuthAsym(TSS_HOBJECT hObjectToChange, /* in */
449
TSS_HOBJECT hParentObject, /* in */
450
TSS_HKEY hIdentKey, /* in */
451
TSS_HPOLICY hNewPolicy) /* in */
455
BYTE hashBlob[0x1000];
461
TSS_HPOLICY hParentPolicy;
462
UINT32 keyToChangeHandle;
463
TCPA_NONCE antiReplay;
464
UINT32 bytesRequested;
468
TCPA_KEY_PARMS keyParms;
470
BYTE ephParms[] = { 0, 0, 0x08, 0, 0, 0, 0, 0x02, 0, 0, 0, 0 };
473
UINT32 CertifyInfoSize;
478
TCPA_CHANGEAUTH_VALIDATE caValidate;
479
TCPA_SECRET newSecret, oldSecret;
483
TCPA_KEY ephemeralKey;
484
TCPA_DIGEST newAuthLink;
485
UINT32 encObjectSize;
486
BYTE *encObject = NULL;
487
UINT32 encDataSizeOut;
489
TCPA_NONCE saltNonce;
490
TCPA_DIGEST changeProof;
491
TSS_HPOLICY hOldPolicy;
493
UINT32 keyObjectSize;
495
TCPA_KEY keyContainer;
496
TCPA_STORED_DATA dataContainer;
498
UINT32 dataObjectSize;
500
TSS_BOOL useAuth = TRUE; // XXX
503
TSS_HCONTEXT tspContext;
505
if ((result = obj_policy_get_tsp_context(hNewPolicy, &tspContext)))
508
/* grab all of the needed handles */
509
if ((result = obj_rsakey_get_tcs_handle(hIdentKey, &idHandle)))
512
/* get the secret for the parent */
513
if ((result = obj_rsakey_get_policy(hIdentKey, TSS_POLICY_USAGE,
514
&hPolicy, &useAuth)))
517
/* get the parent secret */
518
if ((result = Tspi_GetPolicyObject(hParentObject, TSS_POLICY_USAGE,
522
if (!obj_is_rsakey(hParentObject) && !obj_is_tpm(hParentObject))
523
return TSPERR(TSS_E_INVALID_HANDLE);
525
/* get the keyObject */
526
if ((result = obj_rsakey_get_tcs_handle(hParentObject, &keyHandle)))
529
if (obj_is_rsakey(hObjectToChange) ||
530
obj_is_encdata(hObjectToChange)) {
532
if ((result = obj_rsakey_get_tcs_handle(hObjectToChange, &keyToChangeHandle)))
535
if (keyToChangeHandle == TPM_KEYHND_SRK) {
536
return TSPERR(TSS_E_BAD_PARAMETER);
538
/* generate container for ephemeral key */
539
keyParms.algorithmID = 1; /* rsa */
540
keyParms.encScheme = 3;
541
keyParms.sigScheme = 1;
542
keyParms.parmSize = 12;
543
keyParms.parms = malloc(12);
544
if (keyParms.parms == NULL) {
545
LogError("malloc of %d bytes failed.", 12);
546
return TSPERR(TSS_E_OUTOFMEMORY);
548
memcpy(keyParms.parms, ephParms, 12);
551
Trspi_LoadBlob_KEY_PARMS(&tempSize, tempKey, &keyParms);
553
/* generate antireplay nonce */
555
if ((result = get_local_random(tspContext, bytesRequested,
558
memcpy(antiReplay.nonce, randomBytes, bytesRequested);
559
free_tspi(tspContext, randomBytes);
561
/* caluculate auth data */
563
Trspi_LoadBlob_UINT32(&offset,
564
TPM_ORD_ChangeAuthAsymStart,
566
Trspi_LoadBlob(&offset, 20, hashBlob, antiReplay.nonce);
567
Trspi_LoadBlob_KEY_PARMS(&offset, hashBlob, &keyParms);
568
Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob,
572
if ((result = secret_PerformAuth_OIAP(hIdentKey,
573
TPM_ORD_ChangeAuthAsymStart,
577
TCSP_TerminateHandle(tspContext, auth.AuthHandle);
585
if ((result = TCSP_ChangeAuthAsymStart(tspContext, idHandle, antiReplay,
586
(UINT32)tempSize, tempKey, pAuth,
587
&KeySizeOut, &KeyDataOut,
588
&CertifyInfoSize, &CertifyInfo,
589
&sigSize, &sig, &ephHandle)))
592
/* --- Validate the Auth's */
594
Trspi_LoadBlob_UINT32(&offset, result, hashBlob);
595
Trspi_LoadBlob_UINT32(&offset,
596
TPM_ORD_ChangeAuthAsymStart,
598
Trspi_LoadBlob(&offset, CertifyInfoSize, hashBlob,
600
Trspi_LoadBlob_UINT32(&offset, sigSize, hashBlob);
601
Trspi_LoadBlob(&offset, sigSize, hashBlob, sig);
602
Trspi_LoadBlob_UINT32(&offset, ephHandle, hashBlob);
603
Trspi_LoadBlob(&offset, KeySizeOut, hashBlob,
605
Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob,
609
if ((result = obj_policy_validate_auth_oiap(hPolicy,
615
/* generate random data for asymfinish */
617
if ((result = get_local_random(tspContext, bytesRequested,
621
memcpy(caValidate.n1.nonce, randomBytes, bytesRequested);
622
free_tspi(tspContext, randomBytes);
625
if ((result = get_local_random(tspContext, bytesRequested,
629
memcpy(antiReplay.nonce, randomBytes, bytesRequested);
630
free_tspi(tspContext, randomBytes);
633
if ((result = get_local_random(tspContext, bytesRequested,
637
memcpy(seed, randomBytes, 20);
638
free_tspi(tspContext, randomBytes);
640
if ((result = Tspi_GetPolicyObject(hObjectToChange,
645
if ((result = obj_policy_get_secret(hNewPolicy, TR_SECRET_CTX_NEW,
648
if ((result = obj_policy_get_secret(hOldPolicy, TR_SECRET_CTX_NOT_NEW,
652
/* Encrypt the ChangeAuthValidate structure with the
655
memcpy(caValidate.newAuthSecret.authdata,
656
newSecret.authdata, 20);
659
Trspi_LoadBlob_CHANGEAUTH_VALIDATE(&offset, hashBlob,
661
caValidSize = offset;
664
if ((result = Trspi_UnloadBlob_KEY(&offset, KeyDataOut,
668
Trspi_RSA_Encrypt(hashBlob, caValidSize, a1, &a1Size,
669
ephemeralKey.pubKey.key,
670
ephemeralKey.pubKey.keyLength);
672
free_key_refs(&ephemeralKey);
674
Trspi_HMAC(TSS_HASH_SHA1, 20, oldSecret.authdata,
675
20, newSecret.authdata,
678
if (obj_is_rsakey(hObjectToChange)) {
679
if ((result = obj_rsakey_get_blob(hObjectToChange,
680
&keyObjectSize, &keyObject)))
683
memset(&keyContainer, 0, sizeof(TCPA_KEY));
686
if ((result = Trspi_UnloadBlob_KEY(&offset,
691
encObjectSize = keyContainer.encSize;
692
encObject = malloc(encObjectSize);
693
if (encObject == NULL) {
694
LogError("malloc of %d bytes failed.",
696
free_key_refs(&keyContainer);
697
return TSPERR(TSS_E_OUTOFMEMORY);
699
memcpy(encObject, keyContainer.encData,
701
entityType = TCPA_ET_KEY;
703
if ((result = obj_encdata_get_data(hObjectToChange,
704
&dataObjectSize, &dataObject)))
708
if ((result = Trspi_UnloadBlob_STORED_DATA(&offset,
713
encObjectSize = dataContainer.encDataSize;
714
encObject = malloc(encObjectSize);
715
if (encObject == NULL) {
716
LogError("malloc of %d bytes failed.",
718
free(dataContainer.sealInfo);
719
free(dataContainer.encData);
720
return TSPERR(TSS_E_OUTOFMEMORY);
722
memcpy(encObject, dataContainer.encData,
724
entityType = TCPA_ET_DATA;
728
Trspi_LoadBlob_UINT32(&offset,
729
TPM_ORD_ChangeAuthAsymFinish,
731
Trspi_LoadBlob_UINT16(&offset, entityType, hashBlob);
732
Trspi_LoadBlob(&offset, 20, hashBlob,
734
Trspi_LoadBlob_UINT32(&offset, a1Size, hashBlob);
735
Trspi_LoadBlob(&offset, a1Size, hashBlob, a1);
736
Trspi_LoadBlob_UINT32(&offset, encObjectSize, hashBlob);
737
Trspi_LoadBlob(&offset, encObjectSize, hashBlob,
739
Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob,
743
if ((result = policy_UsesAuth(hParentPolicy,
750
if ((result = secret_PerformAuth_OIAP(hParentObject,
751
TPM_ORD_ChangeAuthAsymFinish,
755
TCSP_TerminateHandle(tspContext, auth.AuthHandle);
757
free_key_refs(&keyContainer);
765
if ((result = TCSP_ChangeAuthAsymFinish(tspContext, keyHandle, ephHandle,
766
entityType, newAuthLink, a1Size,
767
a1, encObjectSize, encObject, pAuth,
768
&encDataSizeOut, &encDataOut,
769
&saltNonce, &changeProof))) {
770
free_key_refs(&keyContainer);
775
/* --- Validate the Auth's */
777
Trspi_LoadBlob_UINT32(&offset, result, hashBlob);
778
Trspi_LoadBlob_UINT32(&offset,
779
TPM_ORD_ChangeAuthAsymFinish,
781
Trspi_LoadBlob_UINT32(&offset, encDataSizeOut,
783
Trspi_LoadBlob(&offset, encDataSizeOut, hashBlob,
785
Trspi_LoadBlob(&offset, 20, hashBlob, saltNonce.nonce);
786
Trspi_LoadBlob(&offset, 20, hashBlob, changeProof.digest);
787
Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob, digest.digest);
790
if ((result = obj_policy_validate_auth_oiap(hParentPolicy,
793
free_key_refs(&keyContainer);
799
if (entityType == TCPA_ET_KEY ||
800
entityType == TCPA_ET_KEYHANDLE) {
801
/* XXX replace with valid impl */
802
//keyreg_replaceEncData_PS(encObject, encDataOut);
804
memcpy(keyContainer.encData, encDataOut,
806
keyContainer.encSize = encDataSizeOut;
809
Trspi_LoadBlob_KEY(&offset, keyObject,
811
free_key_refs(&keyContainer);
812
if ((result = obj_rsakey_set_tcpakey(
814
offset, keyObject))) {
820
if (entityType == TCPA_ET_DATA) {
821
memcpy(dataContainer.encData, encDataOut,
823
dataContainer.encDataSize = encDataSizeOut;
826
Trspi_LoadBlob_STORED_DATA(&offset, dataBlob,
828
free(dataContainer.sealInfo);
829
free(dataContainer.encData);
830
obj_encdata_set_data(hObjectToChange,
835
return TSPERR(TSS_E_BAD_PARAMETER);
839
return Tspi_Policy_AssignToObject(hNewPolicy, hObjectToChange);
843
Tspi_SetAttribUint32(TSS_HOBJECT hObject, /* in */
844
TSS_FLAG attribFlag, /* in */
845
TSS_FLAG subFlag, /* in */
846
UINT32 ulAttrib) /* in */
850
if (obj_is_rsakey(hObject)) {
851
if (attribFlag == TSS_TSPATTRIB_KEY_REGISTER) {
853
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
855
if (ulAttrib == TSS_TSPATTRIB_KEYREGISTER_USER)
856
result = obj_rsakey_set_pstype(hObject, TSS_PS_TYPE_USER);
857
else if (ulAttrib == TSS_TSPATTRIB_KEYREGISTER_SYSTEM)
858
result = obj_rsakey_set_pstype(hObject, TSS_PS_TYPE_SYSTEM);
859
else if (ulAttrib == TSS_TSPATTRIB_KEYREGISTER_NO)
860
result = obj_rsakey_set_pstype(hObject, TSS_PS_TYPE_NO);
862
return TSPERR(TSS_E_INVALID_ATTRIB_DATA);
863
} else if (attribFlag == TSS_TSPATTRIB_KEY_INFO) {
865
case TSS_TSPATTRIB_KEYINFO_USAGE:
866
result = obj_rsakey_set_usage(hObject, ulAttrib);
868
case TSS_TSPATTRIB_KEYINFO_MIGRATABLE:
869
if (ulAttrib != TRUE && ulAttrib != FALSE)
870
return TSPERR(TSS_E_INVALID_ATTRIB_DATA);
872
result = obj_rsakey_set_migratable(hObject, ulAttrib);
874
case TSS_TSPATTRIB_KEYINFO_REDIRECTED:
875
if (ulAttrib != TRUE && ulAttrib != FALSE)
876
return TSPERR(TSS_E_INVALID_ATTRIB_DATA);
878
result = obj_rsakey_set_redirected(hObject, ulAttrib);
880
case TSS_TSPATTRIB_KEYINFO_VOLATILE:
881
if (ulAttrib != TRUE && ulAttrib != FALSE)
882
return TSPERR(TSS_E_INVALID_ATTRIB_DATA);
884
result = obj_rsakey_set_volatile(hObject, ulAttrib);
886
case TSS_TSPATTRIB_KEYINFO_AUTHDATAUSAGE:
888
case TSS_TSPATTRIB_KEYINFO_AUTHUSAGE:
889
if (ulAttrib != TRUE && ulAttrib != FALSE)
890
return TSPERR(TSS_E_INVALID_ATTRIB_DATA);
892
result = obj_rsakey_set_authdata_usage(hObject, ulAttrib);
894
case TSS_TSPATTRIB_KEYINFO_ALGORITHM:
895
result = obj_rsakey_set_alg(hObject, ulAttrib);
897
case TSS_TSPATTRIB_KEYINFO_ENCSCHEME:
898
if (ulAttrib != TSS_ES_NONE &&
899
ulAttrib != TSS_ES_RSAESPKCSV15 &&
900
ulAttrib != TSS_ES_RSAESOAEP_SHA1_MGF1)
901
return TSPERR(TSS_E_INVALID_ATTRIB_DATA);
903
result = obj_rsakey_set_es(hObject, ulAttrib);
905
case TSS_TSPATTRIB_KEYINFO_SIGSCHEME:
906
if (ulAttrib != TSS_SS_NONE &&
907
ulAttrib != TSS_SS_RSASSAPKCS1V15_SHA1 &&
908
ulAttrib != TSS_SS_RSASSAPKCS1V15_DER)
909
return TSPERR(TSS_E_INVALID_ATTRIB_DATA);
911
result = obj_rsakey_set_ss(hObject, ulAttrib);
913
case TSS_TSPATTRIB_KEYINFO_KEYFLAGS:
914
result = obj_rsakey_set_flags(hObject, ulAttrib);
916
case TSS_TSPATTRIB_KEYINFO_SIZE:
917
result = obj_rsakey_set_size(hObject, ulAttrib);
920
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
922
} else if (attribFlag == TSS_TSPATTRIB_RSAKEY_INFO) {
923
if (subFlag == TSS_TSPATTRIB_KEYINFO_RSA_PRIMES) {
924
result = obj_rsakey_set_num_primes(hObject, ulAttrib);
926
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
928
return TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
929
} else if (obj_is_policy(hObject)) {
930
switch (attribFlag) {
931
case TSS_TSPATTRIB_POLICY_CALLBACK_HMAC:
932
case TSS_TSPATTRIB_POLICY_CALLBACK_XOR_ENC:
933
case TSS_TSPATTRIB_POLICY_CALLBACK_TAKEOWNERSHIP:
934
case TSS_TSPATTRIB_POLICY_CALLBACK_CHANGEAUTHASYM:
935
result = obj_policy_set_cb11(hObject, attribFlag,
938
case TSS_TSPATTRIB_POLICY_SECRET_LIFETIME:
939
if (subFlag == TSS_TSPATTRIB_POLICYSECRET_LIFETIME_ALWAYS) {
940
result = obj_policy_set_lifetime(hObject);
941
} else if (subFlag == TSS_TSPATTRIB_POLICYSECRET_LIFETIME_COUNTER) {
942
result = obj_policy_set_counter(hObject, ulAttrib);
943
} else if (subFlag == TSS_TSPATTRIB_POLICYSECRET_LIFETIME_TIMER) {
944
result = obj_policy_set_timer(hObject, ulAttrib);
946
result = TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
949
#ifndef TSS_SPEC_COMPLIANCE
950
case TSS_TSPATTRIB_SECRET_HASH_MODE:
951
result = obj_policy_set_hash_mode(hObject, ulAttrib);
955
return TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
958
} else if (obj_is_context(hObject)) {
959
switch (attribFlag) {
960
case TSS_TSPATTRIB_CONTEXT_SILENT_MODE:
961
if (ulAttrib == TSS_TSPATTRIB_CONTEXT_NOT_SILENT)
962
result = obj_context_set_mode(hObject, ulAttrib);
963
else if (ulAttrib == TSS_TSPATTRIB_CONTEXT_SILENT) {
964
if (obj_context_has_popups(hObject))
965
return TSPERR(TSS_E_SILENT_CONTEXT);
966
result = obj_context_set_mode(hObject, ulAttrib);
968
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
970
#ifndef TSS_SPEC_COMPLIANCE
971
case TSS_TSPATTRIB_SECRET_HASH_MODE:
972
result = obj_context_set_hash_mode(hObject, ulAttrib);
976
return TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
979
} else if (obj_is_tpm(hObject)) {
980
switch (attribFlag) {
981
case TSS_TSPATTRIB_TPM_CALLBACK_COLLATEIDENTITY:
982
case TSS_TSPATTRIB_TPM_CALLBACK_ACTIVATEIDENTITY:
983
if ((result = obj_tpm_set_cb11(hObject, attribFlag, subFlag,
988
result = TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
992
if (obj_is_hash(hObject) || obj_is_pcrs(hObject) || obj_is_encdata(hObject))
993
result = TSPERR(TSS_E_BAD_PARAMETER);
995
result = TSPERR(TSS_E_INVALID_HANDLE);
1002
Tspi_GetAttribUint32(TSS_HOBJECT hObject, /* in */
1003
TSS_FLAG attribFlag, /* in */
1004
TSS_FLAG subFlag, /* in */
1005
UINT32 * pulAttrib) /* out */
1008
TSS_RESULT result = TSS_SUCCESS;
1010
if (pulAttrib == NULL)
1011
return TSPERR(TSS_E_BAD_PARAMETER);
1013
if (obj_is_rsakey(hObject)) {
1014
if (attribFlag == TSS_TSPATTRIB_KEY_REGISTER) {
1016
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
1018
if ((result = obj_rsakey_get_pstype(hObject, &attrib)))
1021
if (attrib == TSS_PS_TYPE_USER)
1022
*pulAttrib = TSS_TSPATTRIB_KEYREGISTER_USER;
1023
else if (attrib == TSS_PS_TYPE_SYSTEM)
1024
*pulAttrib = TSS_TSPATTRIB_KEYREGISTER_SYSTEM;
1026
*pulAttrib = TSS_TSPATTRIB_KEYREGISTER_NO;
1027
} else if (attribFlag == TSS_TSPATTRIB_KEY_INFO) {
1029
case TSS_TSPATTRIB_KEYINFO_USAGE:
1030
if ((result = obj_rsakey_get_usage(hObject, pulAttrib)))
1033
case TSS_TSPATTRIB_KEYINFO_MIGRATABLE:
1034
*pulAttrib = obj_rsakey_is_migratable(hObject);
1036
case TSS_TSPATTRIB_KEYINFO_REDIRECTED:
1037
*pulAttrib = obj_rsakey_is_redirected(hObject);
1039
case TSS_TSPATTRIB_KEYINFO_VOLATILE:
1040
*pulAttrib = obj_rsakey_is_volatile(hObject);
1042
case TSS_TSPATTRIB_KEYINFO_AUTHUSAGE:
1044
case TSS_TSPATTRIB_KEYINFO_AUTHDATAUSAGE:
1045
if ((result = obj_rsakey_get_authdata_usage(hObject, pulAttrib)))
1048
case TSS_TSPATTRIB_KEYINFO_ALGORITHM:
1049
if ((result = obj_rsakey_get_alg(hObject, pulAttrib)))
1052
case TSS_TSPATTRIB_KEYINFO_ENCSCHEME:
1053
if ((result = obj_rsakey_get_es(hObject, pulAttrib)))
1056
case TSS_TSPATTRIB_KEYINFO_SIGSCHEME:
1057
if ((result = obj_rsakey_get_ss(hObject, pulAttrib)))
1060
case TSS_TSPATTRIB_KEYINFO_KEYFLAGS:
1061
if ((result = obj_rsakey_get_flags(hObject, pulAttrib)))
1064
case TSS_TSPATTRIB_KEYINFO_SIZE:
1065
if ((result = obj_rsakey_get_size(hObject, pulAttrib)))
1069
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
1071
} else if (attribFlag == TSS_TSPATTRIB_RSAKEY_INFO) {
1072
if (subFlag == TSS_TSPATTRIB_KEYINFO_RSA_KEYSIZE) {
1073
if ((result = obj_rsakey_get_size(hObject, pulAttrib)))
1075
} else if (subFlag == TSS_TSPATTRIB_KEYINFO_RSA_PRIMES) {
1076
if ((result = obj_rsakey_get_num_primes(hObject, pulAttrib)))
1079
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
1082
return TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
1083
} else if (obj_is_policy(hObject)) {
1084
switch (attribFlag) {
1085
case TSS_TSPATTRIB_POLICY_CALLBACK_HMAC:
1086
case TSS_TSPATTRIB_POLICY_CALLBACK_XOR_ENC:
1087
case TSS_TSPATTRIB_POLICY_CALLBACK_TAKEOWNERSHIP:
1088
case TSS_TSPATTRIB_POLICY_CALLBACK_CHANGEAUTHASYM:
1089
if ((result = obj_policy_get_cb11(hObject, attribFlag, pulAttrib)))
1092
case TSS_TSPATTRIB_POLICY_SECRET_LIFETIME:
1093
if ((result = obj_policy_get_lifetime(hObject, &attrib)))
1096
if (subFlag == TSS_TSPATTRIB_POLICYSECRET_LIFETIME_ALWAYS) {
1097
if (attrib == TSS_TSPATTRIB_POLICYSECRET_LIFETIME_ALWAYS)
1101
} else if (subFlag == TSS_TSPATTRIB_POLICYSECRET_LIFETIME_COUNTER) {
1102
if (attrib != TSS_TSPATTRIB_POLICYSECRET_LIFETIME_COUNTER)
1103
return TSPERR(TSS_E_BAD_PARAMETER);
1104
if ((result = obj_policy_get_counter(hObject, pulAttrib)))
1106
} else if (subFlag == TSS_TSPATTRIB_POLICYSECRET_LIFETIME_TIMER) {
1108
obj_policy_get_secs_until_expired(hObject, pulAttrib)))
1111
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
1113
#ifndef TSS_SPEC_COMPLIANCE
1114
case TSS_TSPATTRIB_SECRET_HASH_MODE:
1115
if (subFlag == TSS_TSPATTRIB_SECRET_HASH_MODE_POPUP)
1116
result = obj_policy_get_hash_mode(hObject, pulAttrib);
1118
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
1122
return TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
1125
} else if (obj_is_context(hObject)) {
1126
switch (attribFlag) {
1127
case TSS_TSPATTRIB_CONTEXT_SILENT_MODE:
1128
if ((result = obj_context_get_mode(hObject, pulAttrib)))
1131
#ifndef TSS_SPEC_COMPLIANCE
1132
case TSS_TSPATTRIB_SECRET_HASH_MODE:
1133
if (subFlag == TSS_TSPATTRIB_SECRET_HASH_MODE_POPUP)
1134
result = obj_context_get_hash_mode(hObject, pulAttrib);
1136
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
1140
return TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
1143
} else if (obj_is_tpm(hObject)) {
1144
switch (attribFlag) {
1145
case TSS_TSPATTRIB_TPM_CALLBACK_COLLATEIDENTITY:
1146
case TSS_TSPATTRIB_TPM_CALLBACK_ACTIVATEIDENTITY:
1147
if ((result = obj_tpm_get_cb11(hObject, attribFlag, pulAttrib)))
1151
result = TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
1155
if (obj_is_hash(hObject) || obj_is_pcrs(hObject) || obj_is_encdata(hObject))
1156
result = TSPERR(TSS_E_BAD_PARAMETER);
1158
result = TSPERR(TSS_E_INVALID_HANDLE);
1165
Tspi_SetAttribData(TSS_HOBJECT hObject, /* in */
1166
TSS_FLAG attribFlag, /* in */
1167
TSS_FLAG subFlag, /* in */
1168
UINT32 ulAttribDataSize, /* in */
1169
BYTE * rgbAttribData) /* in */
1172
BYTE *string = NULL;
1174
if (obj_is_rsakey(hObject)) {
1175
if (attribFlag == TSS_TSPATTRIB_KEY_BLOB) {
1176
if (subFlag == TSS_TSPATTRIB_KEYBLOB_BLOB) {
1177
/* A TCPA_KEY structure, in blob form */
1178
result = obj_rsakey_set_tcpakey(hObject, ulAttribDataSize,
1180
} else if (subFlag == TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY) {
1181
/* A TCPA_PUBKEY structure, in blob form */
1182
result = obj_rsakey_set_pubkey(hObject, FALSE, rgbAttribData);
1183
} else if (subFlag == TSS_TSPATTRIB_KEYBLOB_PRIVATE_KEY) {
1184
/* A blob, either encrypted or unencrypted */
1185
result = obj_rsakey_set_privkey(hObject, FALSE, ulAttribDataSize,
1188
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
1190
#ifndef TSS_SPEC_COMPLIANCE
1191
} else if (attribFlag == TSS_TSPATTRIB_RSAKEY_INFO) {
1192
if (subFlag == TSS_TSPATTRIB_KEYINFO_RSA_EXPONENT) {
1193
result = obj_rsakey_set_exponent(hObject, ulAttribDataSize,
1195
} else if (subFlag == TSS_TSPATTRIB_KEYINFO_RSA_MODULUS) {
1196
result = obj_rsakey_set_modulus(hObject, ulAttribDataSize,
1199
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
1203
return TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
1205
} else if (obj_is_encdata(hObject)) {
1206
if (attribFlag != TSS_TSPATTRIB_ENCDATA_BLOB)
1207
return TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
1208
if (subFlag != TSS_TSPATTRIB_ENCDATABLOB_BLOB)
1209
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
1211
result = obj_encdata_set_data(hObject, ulAttribDataSize, rgbAttribData);
1212
} else if (obj_is_policy(hObject)) {
1213
switch (attribFlag) {
1214
case TSS_TSPATTRIB_POLICY_POPUPSTRING:
1215
if ((string = Trspi_UNICODE_To_Native(rgbAttribData,
1217
return TSPERR(TSS_E_INTERNAL_ERROR);
1219
result = obj_policy_set_string(hObject,
1223
#ifndef TSS_SPEC_COMPLIANCE
1224
case TSS_TSPATTRIB_POLICY_CALLBACK_HMAC:
1225
case TSS_TSPATTRIB_POLICY_CALLBACK_XOR_ENC:
1226
case TSS_TSPATTRIB_POLICY_CALLBACK_TAKEOWNERSHIP:
1227
case TSS_TSPATTRIB_POLICY_CALLBACK_CHANGEAUTHASYM:
1228
result = obj_policy_set_cb12(hObject, attribFlag,
1233
return TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
1236
} else if (obj_is_hash(hObject)) {
1237
if (attribFlag != TSS_TSPATTRIB_HASH_IDENTIFIER)
1238
return TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
1241
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
1243
result = obj_hash_set_value(hObject, ulAttribDataSize, rgbAttribData);
1244
} else if (obj_is_tpm(hObject)) {
1245
switch (attribFlag) {
1246
#ifndef TSS_SPEC_COMPLIANCE
1247
case TSS_TSPATTRIB_TPM_CALLBACK_COLLATEIDENTITY:
1248
case TSS_TSPATTRIB_TPM_CALLBACK_ACTIVATEIDENTITY:
1249
result = obj_tpm_set_cb12(hObject, attribFlag,
1254
return TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
1258
if (obj_is_pcrs(hObject) || obj_is_context(hObject))
1259
result = TSPERR(TSS_E_BAD_PARAMETER);
1261
result = TSPERR(TSS_E_INVALID_HANDLE);
1268
Tspi_GetAttribData(TSS_HOBJECT hObject, /* in */
1269
TSS_FLAG attribFlag, /* in */
1270
TSS_FLAG subFlag, /* in */
1271
UINT32 * pulAttribDataSize, /* out */
1272
BYTE ** prgbAttribData) /* out */
1276
if (pulAttribDataSize == NULL || prgbAttribData == NULL)
1277
return TSPERR(TSS_E_BAD_PARAMETER);
1279
if (obj_is_rsakey(hObject)) {
1280
if (attribFlag == TSS_TSPATTRIB_KEY_BLOB) {
1281
if (subFlag == TSS_TSPATTRIB_KEYBLOB_BLOB) {
1282
/* A TCPA_KEY structure, in blob form */
1283
result = obj_rsakey_get_blob(hObject, pulAttribDataSize,
1285
} else if (subFlag == TSS_TSPATTRIB_KEYBLOB_PRIVATE_KEY) {
1286
/* A blob, either encrypted or unencrypted */
1287
result = obj_rsakey_get_priv_blob(hObject, pulAttribDataSize,
1289
} else if (subFlag == TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY) {
1290
/* A TCPA_PUBKEY structure, in blob form */
1291
result = obj_rsakey_get_pub_blob(hObject, pulAttribDataSize,
1294
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
1296
} else if (attribFlag == TSS_TSPATTRIB_KEY_INFO) {
1297
if (subFlag != TSS_TSPATTRIB_KEYINFO_VERSION)
1298
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
1300
result = obj_rsakey_get_version(hObject, pulAttribDataSize,
1302
} else if (attribFlag == TSS_TSPATTRIB_RSAKEY_INFO) {
1303
if (subFlag == TSS_TSPATTRIB_KEYINFO_RSA_EXPONENT) {
1304
result = obj_rsakey_get_exponent(hObject, pulAttribDataSize,
1306
} else if (subFlag == TSS_TSPATTRIB_KEYINFO_RSA_MODULUS) {
1307
result = obj_rsakey_get_modulus(hObject, pulAttribDataSize,
1310
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
1311
} else if (attribFlag == TSS_TSPATTRIB_KEY_UUID) {
1313
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
1315
result = obj_rsakey_get_uuid(hObject,
1318
} else if (attribFlag == TSS_TSPATTRIB_KEY_PCR) {
1319
if (subFlag == TSS_TSPATTRIB_KEYPCR_DIGEST_ATCREATION) {
1320
result = obj_rsakey_get_pcr_atcreation(hObject,
1323
} else if (subFlag == TSS_TSPATTRIB_KEYPCR_DIGEST_ATRELEASE) {
1324
result = obj_rsakey_get_pcr_atrelease(hObject,
1327
} else if (subFlag == TSS_TSPATTRIB_KEYPCR_SELECTION) {
1328
result = obj_rsakey_get_pcr_selection(hObject,
1332
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
1334
return TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
1335
} else if (obj_is_encdata(hObject)) {
1336
if (attribFlag == TSS_TSPATTRIB_ENCDATA_BLOB) {
1337
if (subFlag != TSS_TSPATTRIB_ENCDATABLOB_BLOB)
1338
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
1340
result = obj_encdata_get_data(hObject,
1343
} else if (attribFlag == TSS_TSPATTRIB_ENCDATA_PCR) {
1344
if (subFlag == TSS_TSPATTRIB_ENCDATAPCR_DIGEST_ATCREATION) {
1345
result = obj_encdata_get_pcr_atcreation(hObject,
1348
} else if (subFlag == TSS_TSPATTRIB_ENCDATAPCR_DIGEST_RELEASE) {
1349
result = obj_encdata_get_pcr_atrelease(hObject,
1352
} else if (subFlag == TSS_TSPATTRIB_ENCDATAPCR_SELECTION) {
1353
result = obj_encdata_get_pcr_selection(hObject,
1357
return TSPERR(TSS_E_INVALID_ATTRIB_SUBFLAG);
1360
return TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
1362
} else if (obj_is_context(hObject)) {
1363
if (attribFlag != TSS_TSPATTRIB_CONTEXT_MACHINE_NAME)
1364
return TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
1366
if ((result = obj_context_get_machine_name_attrib(hObject,
1370
} else if (obj_is_policy(hObject)) {
1371
switch (attribFlag) {
1372
#ifndef TSS_SPEC_COMPLIANCE
1373
case TSS_TSPATTRIB_POLICY_CALLBACK_HMAC:
1374
case TSS_TSPATTRIB_POLICY_CALLBACK_XOR_ENC:
1375
case TSS_TSPATTRIB_POLICY_CALLBACK_TAKEOWNERSHIP:
1376
case TSS_TSPATTRIB_POLICY_CALLBACK_CHANGEAUTHASYM:
1377
result = obj_policy_get_cb12(hObject, attribFlag,
1378
pulAttribDataSize, prgbAttribData);
1381
case TSS_TSPATTRIB_POLICY_POPUPSTRING:
1382
if ((result = obj_policy_get_string(hObject, pulAttribDataSize,
1387
result = TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
1390
} else if (obj_is_tpm(hObject)) {
1391
switch (attribFlag) {
1392
#ifndef TSS_SPEC_COMPLIANCE
1393
case TSS_TSPATTRIB_TPM_CALLBACK_COLLATEIDENTITY:
1394
case TSS_TSPATTRIB_TPM_CALLBACK_ACTIVATEIDENTITY:
1395
result = obj_tpm_get_cb12(hObject, attribFlag,
1396
pulAttribDataSize, prgbAttribData);
1400
return TSPERR(TSS_E_INVALID_ATTRIB_FLAG);
1404
if (obj_is_hash(hObject) || obj_is_pcrs(hObject))
1405
result = TSPERR(TSS_E_BAD_PARAMETER);
1407
result = TSPERR(TSS_E_INVALID_HANDLE);
1414
Tspi_GetPolicyObject(TSS_HOBJECT hObject, /* in */
1415
TSS_FLAG policyType, /* in */
1416
TSS_HPOLICY * phPolicy) /* out */
1420
if (phPolicy == NULL)
1421
return TSPERR(TSS_E_BAD_PARAMETER);
1423
if (policyType != TSS_POLICY_USAGE &&
1424
policyType != TSS_POLICY_MIGRATION)
1425
return TSPERR(TSS_E_BAD_PARAMETER);
1427
if (obj_is_rsakey(hObject)) {
1428
result = obj_rsakey_get_policy(hObject, policyType, phPolicy, NULL);
1429
} else if (obj_is_tpm(hObject)) {
1430
if (policyType == TSS_POLICY_MIGRATION)
1431
result = TSPERR(TSS_E_BAD_PARAMETER);
1433
result = obj_tpm_get_policy(hObject, phPolicy);
1434
} else if (obj_is_encdata(hObject)) {
1435
if (policyType == TSS_POLICY_MIGRATION)
1436
result = TSPERR(TSS_E_BAD_PARAMETER);
1438
result = obj_encdata_get_policy(hObject, phPolicy);
1440
if (obj_is_policy(hObject) || obj_is_hash(hObject) ||
1441
obj_is_pcrs(hObject) || obj_is_context(hObject))
1442
result = TSPERR(TSS_E_BAD_PARAMETER);
1444
result = TSPERR(TSS_E_INVALID_HANDLE);
1447
if (result == TSS_SUCCESS && *phPolicy == NULL_HPOLICY)
1448
result = TSPERR(TSS_E_INTERNAL_ERROR);