1 
2 /*
3  * Licensed Materials - Property of IBM
4  *
5  * trousers - An open source TCG Software Stack
6  *
7  * (C) Copyright International Business Machines Corp. 2004
8  *
9  */
10 
11 
12 #include <stdlib.h>
13 #include <stdio.h>
14 #include <string.h>
15 
16 #include "trousers/tss.h"
17 #include "trousers_types.h"
18 #include "tcs_tsp.h"
19 #include "tcs_utils.h"
20 #include "tcs_int_literals.h"
21 #include "capabilities.h"
22 #include "tcslog.h"
23 #include "tcsps.h"
24 #include "req_mgr.h"
25 
26 
27 TSS_RESULT
TCSP_TakeOwnership_Internal(TCS_CONTEXT_HANDLE hContext,UINT16 protocolID,UINT32 encOwnerAuthSize,BYTE * encOwnerAuth,UINT32 encSrkAuthSize,BYTE * encSrkAuth,UINT32 srkInfoSize,BYTE * srkInfo,TPM_AUTH * ownerAuth,UINT32 * srkKeySize,BYTE ** srkKey)28 TCSP_TakeOwnership_Internal(TCS_CONTEXT_HANDLE hContext,	/* in */
29 			    UINT16 protocolID,	/* in */
30 			    UINT32 encOwnerAuthSize,	/* in  */
31 			    BYTE * encOwnerAuth,	/* in */
32 			    UINT32 encSrkAuthSize,	/* in */
33 			    BYTE * encSrkAuth,	/* in */
34 			    UINT32 srkInfoSize,	/*in */
35 			    BYTE * srkInfo,	/*in */
36 			    TPM_AUTH * ownerAuth,	/* in, out */
37 			    UINT32 * srkKeySize,	/*out */
38 			    BYTE ** srkKey)	/*out */
39 {
40 	UINT64 offset;
41 	UINT32 paramSize;
42 	TSS_RESULT result;
43 	TSS_KEY srkKeyContainer;
44 	BYTE fake_pubkey[256] = { 0, }, fake_srk[2048] = { 0, };
45 	BYTE oldAuthDataUsage;
46 	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
47 
48 	if ((result = ctx_verify_context(hContext)))
49 		goto done;
50 
51 	if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)))
52 		goto done;
53 
54 	/* Check on the Atmel Bug Patch */
55 	offset = 0;
56 	UnloadBlob_TSS_KEY(&offset, srkInfo, &srkKeyContainer);
57 	oldAuthDataUsage = srkKeyContainer.authDataUsage;
58 	LogDebug("auth data usage is %.2X", oldAuthDataUsage);
59 
60 	offset = 0;
61 	if ((result = tpm_rqu_build(TPM_ORD_TakeOwnership, &offset, txBlob, protocolID,
62 				    encOwnerAuthSize, encOwnerAuth, encSrkAuthSize, encSrkAuth,
63 				    srkInfoSize, srkInfo, ownerAuth)))
64 		return result;
65 
66 	if ((result = req_mgr_submit_req(txBlob)))
67 		goto done;
68 
69 	result = UnloadBlob_Header(txBlob, &paramSize);
70 	if (!result) {
71 		if ((result = tpm_rsp_parse(TPM_ORD_TakeOwnership, txBlob, paramSize, srkKeySize,
72 					    srkKey, ownerAuth)))
73 			goto done;
74 
75 		offset = 0;
76 		if ((result = UnloadBlob_TSS_KEY(&offset, *srkKey, &srkKeyContainer))) {
77 			*srkKeySize = 0;
78 			free(*srkKey);
79 			goto done;
80 		}
81 
82 		if (srkKeyContainer.authDataUsage != oldAuthDataUsage) {
83 			LogDebug("AuthDataUsage was changed by TPM.  Atmel Bug. Fixing it in PS");
84 			srkKeyContainer.authDataUsage = oldAuthDataUsage;
85 		}
86 
87 #ifdef TSS_BUILD_PS
88 		{
89 			BYTE *save;
90 
91 			/* Once the key file is created, it stays forever. There could be
92 			 * migratable keys in the hierarchy that are still useful to someone.
93 			 */
94 			result = ps_remove_key(&SRK_UUID);
95 			if (result != TSS_SUCCESS && result != TCSERR(TSS_E_PS_KEY_NOTFOUND)) {
96 				destroy_key_refs(&srkKeyContainer);
97 				LogError("Error removing SRK from key file.");
98 				*srkKeySize = 0;
99 				free(*srkKey);
100 				goto done;
101 			}
102 
103 			/* Set the SRK pubkey to all 0's before writing the SRK to disk, this is for
104 			 * privacy reasons as outlined in the TSS spec */
105 			save = srkKeyContainer.pubKey.key;
106 			srkKeyContainer.pubKey.key = fake_pubkey;
107 			offset = 0;
108 			LoadBlob_TSS_KEY(&offset, fake_srk, &srkKeyContainer);
109 
110 			if ((result = ps_write_key(&SRK_UUID, &NULL_UUID, NULL, 0, fake_srk,
111 						   offset))) {
112 				destroy_key_refs(&srkKeyContainer);
113 				LogError("Error writing SRK to disk");
114 				*srkKeySize = 0;
115 				free(*srkKey);
116 				goto done;
117 			}
118 
119 			srkKeyContainer.pubKey.key = save;
120 		}
121 #endif
122 		if ((result = mc_add_entry_init(SRK_TPM_HANDLE, SRK_TPM_HANDLE, &srkKeyContainer,
123 					        &SRK_UUID))) {
124 			destroy_key_refs(&srkKeyContainer);
125 			LogError("Error creating SRK mem cache entry");
126 			*srkKeySize = 0;
127 			free(*srkKey);
128 		}
129 		destroy_key_refs(&srkKeyContainer);
130 	}
131 	LogResult("TakeOwnership", result);
132 done:
133 	auth_mgr_release_auth(ownerAuth, NULL, hContext);
134 	return result;
135 }
136 
137 TSS_RESULT
TCSP_OwnerClear_Internal(TCS_CONTEXT_HANDLE hContext,TPM_AUTH * ownerAuth)138 TCSP_OwnerClear_Internal(TCS_CONTEXT_HANDLE hContext,	/* in */
139 			 TPM_AUTH * ownerAuth)	/* in, out */
140 {
141 	UINT64 offset = 0;
142 	UINT32 paramSize;
143 	TSS_RESULT result;
144 	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
145 
146 	LogDebug("Entering OwnerClear");
147 
148 	if ((result = ctx_verify_context(hContext)))
149 		goto done;
150 
151 	if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)))
152 		goto done;
153 
154 	if ((result = tpm_rqu_build(TPM_ORD_OwnerClear, &offset, txBlob, ownerAuth)))
155 		goto done;
156 
157 	if ((result = req_mgr_submit_req(txBlob)))
158 		goto done;
159 
160 	result = UnloadBlob_Header(txBlob, &paramSize);
161 	if (!result) {
162 		result = tpm_rsp_parse(TPM_ORD_OwnerClear, txBlob, paramSize, ownerAuth);
163 	}
164 	LogResult("Ownerclear", result);
165 done:
166 	auth_mgr_release_auth(ownerAuth, NULL, hContext);
167 	return result;
168 }
169 
170