Home | History | Annotate | Line # | Download | only in tcs 
      1 
      2 /*
      3  * Licensed Materials - Property of IBM
      4  *
      5  * trousers - An open source TCG Software Stack
      6  *
      7  * (C) Copyright International Business Machines Corp. 2004
      8  *
      9  */
     10 
     11 
     12 #include <stdlib.h>
     13 #include <stdio.h>
     14 #include <string.h>
     15 
     16 #include "trousers/tss.h"
     17 #include "trousers_types.h"
     18 #include "tcs_tsp.h"
     19 #include "tcs_utils.h"
     20 #include "tcs_int_literals.h"
     21 #include "capabilities.h"
     22 #include "tcslog.h"
     23 #include "tcsps.h"
     24 #include "req_mgr.h"
     25 
     26 
     27 TSS_RESULT
     28 TCSP_TakeOwnership_Internal(TCS_CONTEXT_HANDLE hContext,	/* in */
     29 			    UINT16 protocolID,	/* in */
     30 			    UINT32 encOwnerAuthSize,	/* in  */
     31 			    BYTE * encOwnerAuth,	/* in */
     32 			    UINT32 encSrkAuthSize,	/* in */
     33 			    BYTE * encSrkAuth,	/* in */
     34 			    UINT32 srkInfoSize,	/*in */
     35 			    BYTE * srkInfo,	/*in */
     36 			    TPM_AUTH * ownerAuth,	/* in, out */
     37 			    UINT32 * srkKeySize,	/*out */
     38 			    BYTE ** srkKey)	/*out */
     39 {
     40 	UINT64 offset;
     41 	UINT32 paramSize;
     42 	TSS_RESULT result;
     43 	TSS_KEY srkKeyContainer;
     44 	BYTE fake_pubkey[256] = { 0, }, fake_srk[2048] = { 0, };
     45 	BYTE oldAuthDataUsage;
     46 	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
     47 
     48 	if ((result = ctx_verify_context(hContext)))
     49 		goto done;
     50 
     51 	if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)))
     52 		goto done;
     53 
     54 	/* Check on the Atmel Bug Patch */
     55 	offset = 0;
     56 	UnloadBlob_TSS_KEY(&offset, srkInfo, &srkKeyContainer);
     57 	oldAuthDataUsage = srkKeyContainer.authDataUsage;
     58 	LogDebug("auth data usage is %.2X", oldAuthDataUsage);
     59 
     60 	offset = 0;
     61 	if ((result = tpm_rqu_build(TPM_ORD_TakeOwnership, &offset, txBlob, protocolID,
     62 				    encOwnerAuthSize, encOwnerAuth, encSrkAuthSize, encSrkAuth,
     63 				    srkInfoSize, srkInfo, ownerAuth)))
     64 		return result;
     65 
     66 	if ((result = req_mgr_submit_req(txBlob)))
     67 		goto done;
     68 
     69 	result = UnloadBlob_Header(txBlob, &paramSize);
     70 	if (!result) {
     71 		if ((result = tpm_rsp_parse(TPM_ORD_TakeOwnership, txBlob, paramSize, srkKeySize,
     72 					    srkKey, ownerAuth)))
     73 			goto done;
     74 
     75 		offset = 0;
     76 		if ((result = UnloadBlob_TSS_KEY(&offset, *srkKey, &srkKeyContainer))) {
     77 			*srkKeySize = 0;
     78 			free(*srkKey);
     79 			goto done;
     80 		}
     81 
     82 		if (srkKeyContainer.authDataUsage != oldAuthDataUsage) {
     83 			LogDebug("AuthDataUsage was changed by TPM.  Atmel Bug. Fixing it in PS");
     84 			srkKeyContainer.authDataUsage = oldAuthDataUsage;
     85 		}
     86 
     87 #ifdef TSS_BUILD_PS
     88 		{
     89 			BYTE *save;
     90 
     91 			/* Once the key file is created, it stays forever. There could be
     92 			 * migratable keys in the hierarchy that are still useful to someone.
     93 			 */
     94 			result = ps_remove_key(&SRK_UUID);
     95 			if (result != TSS_SUCCESS && result != TCSERR(TSS_E_PS_KEY_NOTFOUND)) {
     96 				destroy_key_refs(&srkKeyContainer);
     97 				LogError("Error removing SRK from key file.");
     98 				*srkKeySize = 0;
     99 				free(*srkKey);
    100 				goto done;
    101 			}
    102 
    103 			/* Set the SRK pubkey to all 0's before writing the SRK to disk, this is for
    104 			 * privacy reasons as outlined in the TSS spec */
    105 			save = srkKeyContainer.pubKey.key;
    106 			srkKeyContainer.pubKey.key = fake_pubkey;
    107 			offset = 0;
    108 			LoadBlob_TSS_KEY(&offset, fake_srk, &srkKeyContainer);
    109 
    110 			if ((result = ps_write_key(&SRK_UUID, &NULL_UUID, NULL, 0, fake_srk,
    111 						   offset))) {
    112 				destroy_key_refs(&srkKeyContainer);
    113 				LogError("Error writing SRK to disk");
    114 				*srkKeySize = 0;
    115 				free(*srkKey);
    116 				goto done;
    117 			}
    118 
    119 			srkKeyContainer.pubKey.key = save;
    120 		}
    121 #endif
    122 		if ((result = mc_add_entry_init(SRK_TPM_HANDLE, SRK_TPM_HANDLE, &srkKeyContainer,
    123 					        &SRK_UUID))) {
    124 			destroy_key_refs(&srkKeyContainer);
    125 			LogError("Error creating SRK mem cache entry");
    126 			*srkKeySize = 0;
    127 			free(*srkKey);
    128 		}
    129 		destroy_key_refs(&srkKeyContainer);
    130 	}
    131 	LogResult("TakeOwnership", result);
    132 done:
    133 	auth_mgr_release_auth(ownerAuth, NULL, hContext);
    134 	return result;
    135 }
    136 
    137 TSS_RESULT
    138 TCSP_OwnerClear_Internal(TCS_CONTEXT_HANDLE hContext,	/* in */
    139 			 TPM_AUTH * ownerAuth)	/* in, out */
    140 {
    141 	UINT64 offset = 0;
    142 	UINT32 paramSize;
    143 	TSS_RESULT result;
    144 	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
    145 
    146 	LogDebug("Entering OwnerClear");
    147 
    148 	if ((result = ctx_verify_context(hContext)))
    149 		goto done;
    150 
    151 	if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)))
    152 		goto done;
    153 
    154 	if ((result = tpm_rqu_build(TPM_ORD_OwnerClear, &offset, txBlob, ownerAuth)))
    155 		goto done;
    156 
    157 	if ((result = req_mgr_submit_req(txBlob)))
    158 		goto done;
    159 
    160 	result = UnloadBlob_Header(txBlob, &paramSize);
    161 	if (!result) {
    162 		result = tpm_rsp_parse(TPM_ORD_OwnerClear, txBlob, paramSize, ownerAuth);
    163 	}
    164 	LogResult("Ownerclear", result);
    165 done:
    166 	auth_mgr_release_auth(ownerAuth, NULL, hContext);
    167 	return result;
    168 }
    169 
    170