1
2 /*
3 * Licensed Materials - Property of IBM
4 *
5 * trousers - An open source TCG Software Stack
6 *
7 * (C) Copyright International Business Machines Corp. 2004, 2007
8 *
9 */
10
11
12 #include <stdlib.h>
13 #include <stdio.h>
14 #include <string.h>
15 #include <inttypes.h>
16
17 #include "trousers/tss.h"
18 #include "trousers_types.h"
19 #include "tcs_tsp.h"
20 #include "tcsps.h"
21 #include "tcs_utils.h"
22 #include "tcs_int_literals.h"
23 #include "capabilities.h"
24 #include "tcslog.h"
25 #include "req_mgr.h"
26 #include "tcsd_wrap.h"
27 #include "tcsd.h"
28
29 TSS_RESULT
TCSP_SetOwnerInstall_Internal(TCS_CONTEXT_HANDLE hContext,TSS_BOOL state)30 TCSP_SetOwnerInstall_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
31 TSS_BOOL state) /* in */
32 {
33 UINT64 offset = 0;
34 UINT32 paramSize;
35 TSS_RESULT result;
36 BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
37
38 LogDebug("Entering SetOwnerInstall");
39 if ((result = ctx_verify_context(hContext)))
40 return result;
41
42 if ((result = tpm_rqu_build(TPM_ORD_SetOwnerInstall, &offset, txBlob, state, NULL)))
43 return result;
44
45 if ((result = req_mgr_submit_req(txBlob)))
46 return result;
47
48 result = UnloadBlob_Header(txBlob, ¶mSize);
49 LogResult("SetOwnerInstall", result);
50 return result;
51 }
52
53 TSS_RESULT
TCSP_OwnerSetDisable_Internal(TCS_CONTEXT_HANDLE hContext,TSS_BOOL disableState,TPM_AUTH * ownerAuth)54 TCSP_OwnerSetDisable_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
55 TSS_BOOL disableState, /* in */
56 TPM_AUTH * ownerAuth) /* in, out */
57 {
58 UINT64 offset = 0;
59 UINT32 paramSize;
60 TSS_RESULT result;
61 BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
62
63 if ((result = ctx_verify_context(hContext)))
64 goto done;
65
66 if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)))
67 goto done;
68
69 if ((result = tpm_rqu_build(TPM_ORD_OwnerSetDisable, &offset, txBlob, disableState,
70 ownerAuth)))
71 goto done;
72
73 if ((result = req_mgr_submit_req(txBlob)))
74 goto done;
75
76 result = UnloadBlob_Header(txBlob, ¶mSize);
77 if (!result) {
78 result = tpm_rsp_parse(TPM_ORD_OwnerSetDisable, txBlob, paramSize, ownerAuth);
79 }
80 done:
81 auth_mgr_release_auth(ownerAuth, NULL, hContext);
82 return result;
83 }
84
85 TSS_RESULT
TCSP_DisableOwnerClear_Internal(TCS_CONTEXT_HANDLE hContext,TPM_AUTH * ownerAuth)86 TCSP_DisableOwnerClear_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
87 TPM_AUTH * ownerAuth) /* in, out */
88 {
89 UINT64 offset = 0;
90 UINT32 paramSize;
91 TSS_RESULT result;
92 BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
93
94 LogDebug("Entering DisableownerClear");
95
96 if ((result = ctx_verify_context(hContext)))
97 goto done;
98
99 if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)))
100 goto done;
101
102 if ((result = tpm_rqu_build(TPM_ORD_DisableOwnerClear, &offset, txBlob, ownerAuth)))
103 goto done;
104
105 if ((result = req_mgr_submit_req(txBlob)))
106 goto done;
107
108 result = UnloadBlob_Header(txBlob, ¶mSize);
109 if (!result) {
110 result = tpm_rsp_parse(TPM_ORD_DisableOwnerClear, txBlob, paramSize, ownerAuth);
111 }
112 LogResult("DisableOwnerClear", result);
113 done:
114 auth_mgr_release_auth(ownerAuth, NULL, hContext);
115 return result;
116 }
117
118 TSS_RESULT
TCSP_ForceClear_Internal(TCS_CONTEXT_HANDLE hContext)119 TCSP_ForceClear_Internal(TCS_CONTEXT_HANDLE hContext) /* in */
120 {
121 UINT64 offset = 0;
122 UINT32 paramSize;
123 TSS_RESULT result;
124 BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
125
126 LogDebug("Entering Force Clear");
127 if ((result = ctx_verify_context(hContext)))
128 return result;
129
130 if ((result = tpm_rqu_build(TPM_ORD_ForceClear, &offset, txBlob, NULL)))
131 return result;
132
133 if ((result = req_mgr_submit_req(txBlob)))
134 return result;
135
136 result = UnloadBlob_Header(txBlob, ¶mSize);
137 LogResult("Force Clear", result);
138 return result;
139 }
140
141 TSS_RESULT
TCSP_DisableForceClear_Internal(TCS_CONTEXT_HANDLE hContext)142 TCSP_DisableForceClear_Internal(TCS_CONTEXT_HANDLE hContext) /* in */
143 {
144 UINT64 offset = 0;
145 UINT32 paramSize;
146 TSS_RESULT result;
147 BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
148
149 LogDebug("Entering Disable Force Clear");
150 if ((result = ctx_verify_context(hContext)))
151 return result;
152
153 if ((result = tpm_rqu_build(TPM_ORD_DisableForceClear, &offset, txBlob, NULL)))
154 return result;
155
156 if ((result = req_mgr_submit_req(txBlob)))
157 return result;
158
159 result = UnloadBlob_Header(txBlob, ¶mSize);
160 LogResult("Disable Force Clear", result);
161 return result;
162 }
163
164 TSS_RESULT
TCSP_PhysicalPresence_Internal(TCS_CONTEXT_HANDLE hContext,TCPA_PHYSICAL_PRESENCE fPhysicalPresence)165 TCSP_PhysicalPresence_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
166 TCPA_PHYSICAL_PRESENCE fPhysicalPresence) /* in */
167 {
168 UINT64 offset = 0;
169 UINT32 paramSize;
170 TSS_RESULT result = TCSERR(TSS_E_NOTIMPL);
171 BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
172 char runlevel;
173
174 runlevel = platform_get_runlevel();
175
176 if (runlevel != 's' && runlevel != 'S' && runlevel != '1') {
177 LogInfo("Physical Presence command denied: Must be in single"
178 " user mode.");
179 return TCSERR(TSS_E_NOTIMPL);
180 }
181
182 if ((result = ctx_verify_context(hContext)))
183 return result;
184
185 if ((result = tpm_rqu_build(TSC_ORD_PhysicalPresence, &offset, txBlob, fPhysicalPresence)))
186 return result;
187
188 if ((result = req_mgr_submit_req(txBlob)))
189 return result;
190
191 return UnloadBlob_Header(txBlob, ¶mSize);
192 }
193
194 TSS_RESULT
TCSP_PhysicalDisable_Internal(TCS_CONTEXT_HANDLE hContext)195 TCSP_PhysicalDisable_Internal(TCS_CONTEXT_HANDLE hContext) /* in */
196 {
197 UINT64 offset = 0;
198 UINT32 paramSize;
199 TSS_RESULT result;
200 BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
201
202 LogDebug("Entering Physical Disable");
203 if ((result = ctx_verify_context(hContext)))
204 return result;
205
206 if ((result = tpm_rqu_build(TPM_ORD_PhysicalDisable, &offset, txBlob, NULL)))
207 return result;
208
209 if ((result = req_mgr_submit_req(txBlob)))
210 return result;
211
212 result = UnloadBlob_Header(txBlob, ¶mSize);
213 LogResult("Physical Disable", result);
214
215 return result;
216 }
217
218 TSS_RESULT
TCSP_PhysicalEnable_Internal(TCS_CONTEXT_HANDLE hContext)219 TCSP_PhysicalEnable_Internal(TCS_CONTEXT_HANDLE hContext) /* in */
220 {
221 UINT64 offset = 0;
222 TSS_RESULT result;
223 UINT32 paramSize;
224 BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
225
226 LogDebug("Entering Physical Enable");
227 if ((result = ctx_verify_context(hContext)))
228 return result;
229
230 if ((result = tpm_rqu_build(TPM_ORD_PhysicalEnable, &offset, txBlob, NULL)))
231 return result;
232
233 if ((result = req_mgr_submit_req(txBlob)))
234 return result;
235
236 result = UnloadBlob_Header(txBlob, ¶mSize);
237 LogResult("Physical Enable", result);
238
239 return result;
240 }
241
242 TSS_RESULT
TCSP_PhysicalSetDeactivated_Internal(TCS_CONTEXT_HANDLE hContext,TSS_BOOL state)243 TCSP_PhysicalSetDeactivated_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
244 TSS_BOOL state) /* in */
245 {
246 UINT64 offset = 0;
247 UINT32 paramSize;
248 TSS_RESULT result;
249 BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
250
251 LogDebug("Entering Physical Set Deactivated");
252 if ((result = ctx_verify_context(hContext)))
253 return result;
254
255 if ((result = tpm_rqu_build(TPM_ORD_PhysicalSetDeactivated, &offset, txBlob, state, NULL)))
256 return result;
257
258 if ((result = req_mgr_submit_req(txBlob)))
259 return result;
260
261 result = UnloadBlob_Header(txBlob, ¶mSize);
262 LogResult("PhysicalSetDeactivated", result);
263 return result;
264 }
265
266 TSS_RESULT
TCSP_SetTempDeactivated_Internal(TCS_CONTEXT_HANDLE hContext)267 TCSP_SetTempDeactivated_Internal(TCS_CONTEXT_HANDLE hContext) /* in */
268 {
269 UINT64 offset = 0;
270 UINT32 paramSize;
271 TSS_RESULT result;
272 BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
273
274 LogDebug("Entering Set Temp Deactivated");
275 if ((result = ctx_verify_context(hContext)))
276 return result;
277
278 if ((result = tpm_rqu_build(TPM_ORD_SetTempDeactivated, &offset, txBlob, NULL)))
279 return result;
280
281 if ((result = req_mgr_submit_req(txBlob)))
282 return result;
283
284 result = UnloadBlob_Header(txBlob, ¶mSize);
285 LogResult("SetTempDeactivated", result);
286
287 return result;
288 }
289
290 #ifdef TSS_BUILD_TSS12
291 TSS_RESULT
TCSP_SetTempDeactivated2_Internal(TCS_CONTEXT_HANDLE hContext,TPM_AUTH * operatorAuth)292 TCSP_SetTempDeactivated2_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
293 TPM_AUTH * operatorAuth) /* in, out */
294 {
295 UINT64 offset = 0;
296 UINT32 paramSize;
297 TSS_RESULT result;
298 BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
299
300 LogDebug("Entering Set Temp Deactivated2");
301 if ((result = ctx_verify_context(hContext)))
302 return result;
303
304 if (operatorAuth) {
305 if ((result = auth_mgr_check(hContext, &operatorAuth->AuthHandle)))
306 return result;
307 }
308
309 if ((result = tpm_rqu_build(TPM_ORD_SetTempDeactivated, &offset, txBlob, operatorAuth)))
310 goto done;
311
312 if ((result = req_mgr_submit_req(txBlob)))
313 goto done;
314
315 result = UnloadBlob_Header(txBlob, ¶mSize);
316
317 if (!result) {
318 result = tpm_rsp_parse(TPM_ORD_SetTempDeactivated, txBlob, paramSize,
319 operatorAuth);
320 }
321
322 LogResult("SetTempDeactivated2", result);
323
324 done:
325 auth_mgr_release_auth(operatorAuth, NULL, hContext);
326
327 return result;
328 }
329 #endif
330
331 TSS_RESULT
TCSP_FieldUpgrade_Internal(TCS_CONTEXT_HANDLE hContext,UINT32 dataInSize,BYTE * dataIn,UINT32 * dataOutSize,BYTE ** dataOut,TPM_AUTH * ownerAuth)332 TCSP_FieldUpgrade_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
333 UINT32 dataInSize, /* in */
334 BYTE * dataIn, /* in */
335 UINT32 * dataOutSize, /* out */
336 BYTE ** dataOut, /* out */
337 TPM_AUTH * ownerAuth) /* in, out */
338 {
339 TSS_RESULT result;
340 UINT32 paramSize;
341 UINT64 offset = 0;
342 BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
343
344 LogDebug("Field Upgrade");
345
346 if ((result = ctx_verify_context(hContext)))
347 goto done;
348
349 if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)))
350 goto done;
351
352 if ((result = tpm_rqu_build(TPM_ORD_FieldUpgrade, &offset, txBlob, dataInSize, dataInSize,
353 dataIn, ownerAuth, NULL)))
354 return result;
355
356 if ((result = req_mgr_submit_req(txBlob)))
357 goto done;
358
359 result = UnloadBlob_Header(txBlob, ¶mSize);
360
361 if (!result) {
362 result = tpm_rsp_parse(TPM_ORD_FieldUpgrade, txBlob, paramSize, dataOutSize,
363 dataOut, ownerAuth);
364 }
365 LogResult("Field Upgrade", result);
366 done:
367 auth_mgr_release_auth(ownerAuth, NULL, hContext);
368 return result;
369 }
370
371 TSS_RESULT
TCSP_SetRedirection_Internal(TCS_CONTEXT_HANDLE hContext,TCS_KEY_HANDLE keyHandle,UINT32 c1,UINT32 c2,TPM_AUTH * privAuth)372 TCSP_SetRedirection_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
373 TCS_KEY_HANDLE keyHandle, /* in */
374 UINT32 c1, /* in */
375 UINT32 c2, /* in */
376 TPM_AUTH * privAuth) /* in, out */
377 {
378 TSS_RESULT result;
379 UINT32 paramSize;
380 UINT64 offset = 0;
381 TCPA_KEY_HANDLE keySlot;
382 BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
383
384 LogDebug("Set Redirection");
385
386 if ((result = ctx_verify_context(hContext)))
387 goto done;
388
389 if (privAuth != NULL) {
390 if ((result = auth_mgr_check(hContext, &privAuth->AuthHandle)))
391 goto done;
392 }
393
394 if ((result = ensureKeyIsLoaded(hContext, keyHandle, &keySlot))) {
395 result = TCSERR(TSS_E_FAIL);
396 goto done;
397 }
398
399 if ((result = tpm_rqu_build(TPM_ORD_SetRedirection, &offset, txBlob, keySlot, c1, c2,
400 privAuth)))
401 goto done;
402
403 if ((result = req_mgr_submit_req(txBlob)))
404 goto done;
405
406 result = UnloadBlob_Header(txBlob, ¶mSize);
407
408 if (!result) {
409 result = tpm_rsp_parse(TPM_ORD_SetRedirection, txBlob, paramSize, privAuth);
410 }
411 LogResult("Set Redirection", result);
412 done:
413 auth_mgr_release_auth(privAuth, NULL, hContext);
414 return result;
415 }
416
417 #ifdef TSS_BUILD_TSS12
418 TSS_RESULT
TCSP_ResetLockValue_Internal(TCS_CONTEXT_HANDLE hContext,TPM_AUTH * ownerAuth)419 TCSP_ResetLockValue_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
420 TPM_AUTH * ownerAuth) /* in, out */
421 {
422 UINT64 offset = 0;
423 UINT32 paramSize;
424 TSS_RESULT result;
425 BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
426
427 if ((result = ctx_verify_context(hContext)))
428 goto done;
429
430 if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)))
431 goto done;
432
433 if ((result = tpm_rqu_build(TPM_ORD_ResetLockValue, &offset, txBlob, ownerAuth)))
434 return result;
435
436 if ((result = req_mgr_submit_req(txBlob)))
437 goto done;
438
439 result = UnloadBlob_Header(txBlob, ¶mSize);
440 if (!result) {
441 result = tpm_rsp_parse(TPM_ORD_ResetLockValue, txBlob, paramSize, ownerAuth);
442 }
443
444 done:
445 auth_mgr_release_auth(ownerAuth, NULL, hContext);
446 return result;
447 }
448
449 TSS_RESULT
TCSP_FlushSpecific_Common(UINT32 tpmResHandle,TPM_RESOURCE_TYPE resourceType)450 TCSP_FlushSpecific_Common(UINT32 tpmResHandle, TPM_RESOURCE_TYPE resourceType)
451 {
452 UINT64 offset = 0;
453 UINT32 paramSize;
454 TSS_RESULT result;
455 BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
456
457 if ((result = tpm_rqu_build(TPM_ORD_FlushSpecific, &offset, txBlob, tpmResHandle,
458 resourceType)))
459 return result;
460
461 if ((result = req_mgr_submit_req(txBlob)))
462 return result;
463
464 result = UnloadBlob_Header(txBlob, ¶mSize);
465 if (!result) {
466 result = tpm_rsp_parse(TPM_ORD_FlushSpecific, txBlob, paramSize, NULL);
467 }
468
469 return result;
470 }
471
472 TSS_RESULT
TCSP_FlushSpecific_Internal(TCS_CONTEXT_HANDLE hContext,TCS_HANDLE hResHandle,TPM_RESOURCE_TYPE resourceType)473 TCSP_FlushSpecific_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
474 TCS_HANDLE hResHandle, /* in */
475 TPM_RESOURCE_TYPE resourceType) /* in */
476 {
477 UINT32 tpmResHandle;
478 TSS_RESULT result;
479
480 if ((result = ctx_verify_context(hContext)))
481 return result;
482
483 switch (resourceType) {
484 case TPM_RT_KEY:
485 if ((result = get_slot_lite(hContext, hResHandle, &tpmResHandle)))
486 return result;
487
488 if ((result = ctx_remove_key_loaded(hContext, hResHandle)))
489 return result;
490
491 if ((result = key_mgr_dec_ref_count(hResHandle)))
492 return result;
493 break;
494 case TPM_RT_AUTH:
495 if ((result = auth_mgr_check(hContext, &hResHandle)))
496 return result;
497
498 auth_mgr_release_auth_handle(hResHandle, hContext, FALSE);
499 /* fall through */
500 case TPM_RT_TRANS:
501 case TPM_RT_DAA_TPM:
502 tpmResHandle = hResHandle;
503 break;
504 case TPM_RT_CONTEXT:
505 result = TCSERR(TSS_E_NOTIMPL);
506 goto done;
507 default:
508 LogDebugFn("Unknown resource type: 0x%x", resourceType);
509 goto done;
510 }
511
512 result = TCSP_FlushSpecific_Common(tpmResHandle, resourceType);
513
514 done:
515 return result;
516 }
517 #endif
518
519