1
2 /*
3 * Licensed Materials - Property of IBM
4 *
5 * trousers - An open source TCG Software Stack
6 *
7 * (C) Copyright International Business Machines Corp. 2004
8 *
9 */
10
11
12 #include <stdlib.h>
13 #include <stdio.h>
14 #include <string.h>
15
16 #include "trousers/tss.h"
17 #include "trousers_types.h"
18 #include "tcs_tsp.h"
19 #include "tcs_utils.h"
20 #include "tcs_int_literals.h"
21 #include "capabilities.h"
22 #include "tcslog.h"
23 #include "tcsps.h"
24 #include "req_mgr.h"
25
26
27 TSS_RESULT
TCSP_TakeOwnership_Internal(TCS_CONTEXT_HANDLE hContext,UINT16 protocolID,UINT32 encOwnerAuthSize,BYTE * encOwnerAuth,UINT32 encSrkAuthSize,BYTE * encSrkAuth,UINT32 srkInfoSize,BYTE * srkInfo,TPM_AUTH * ownerAuth,UINT32 * srkKeySize,BYTE ** srkKey)28 TCSP_TakeOwnership_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
29 UINT16 protocolID, /* in */
30 UINT32 encOwnerAuthSize, /* in */
31 BYTE * encOwnerAuth, /* in */
32 UINT32 encSrkAuthSize, /* in */
33 BYTE * encSrkAuth, /* in */
34 UINT32 srkInfoSize, /*in */
35 BYTE * srkInfo, /*in */
36 TPM_AUTH * ownerAuth, /* in, out */
37 UINT32 * srkKeySize, /*out */
38 BYTE ** srkKey) /*out */
39 {
40 UINT64 offset;
41 UINT32 paramSize;
42 TSS_RESULT result;
43 TSS_KEY srkKeyContainer;
44 BYTE fake_pubkey[256] = { 0, }, fake_srk[2048] = { 0, };
45 BYTE oldAuthDataUsage;
46 BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
47
48 if ((result = ctx_verify_context(hContext)))
49 goto done;
50
51 if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)))
52 goto done;
53
54 /* Check on the Atmel Bug Patch */
55 offset = 0;
56 UnloadBlob_TSS_KEY(&offset, srkInfo, &srkKeyContainer);
57 oldAuthDataUsage = srkKeyContainer.authDataUsage;
58 LogDebug("auth data usage is %.2X", oldAuthDataUsage);
59
60 offset = 0;
61 if ((result = tpm_rqu_build(TPM_ORD_TakeOwnership, &offset, txBlob, protocolID,
62 encOwnerAuthSize, encOwnerAuth, encSrkAuthSize, encSrkAuth,
63 srkInfoSize, srkInfo, ownerAuth)))
64 return result;
65
66 if ((result = req_mgr_submit_req(txBlob)))
67 goto done;
68
69 result = UnloadBlob_Header(txBlob, ¶mSize);
70 if (!result) {
71 if ((result = tpm_rsp_parse(TPM_ORD_TakeOwnership, txBlob, paramSize, srkKeySize,
72 srkKey, ownerAuth)))
73 goto done;
74
75 offset = 0;
76 if ((result = UnloadBlob_TSS_KEY(&offset, *srkKey, &srkKeyContainer))) {
77 *srkKeySize = 0;
78 free(*srkKey);
79 goto done;
80 }
81
82 if (srkKeyContainer.authDataUsage != oldAuthDataUsage) {
83 LogDebug("AuthDataUsage was changed by TPM. Atmel Bug. Fixing it in PS");
84 srkKeyContainer.authDataUsage = oldAuthDataUsage;
85 }
86
87 #ifdef TSS_BUILD_PS
88 {
89 BYTE *save;
90
91 /* Once the key file is created, it stays forever. There could be
92 * migratable keys in the hierarchy that are still useful to someone.
93 */
94 result = ps_remove_key(&SRK_UUID);
95 if (result != TSS_SUCCESS && result != TCSERR(TSS_E_PS_KEY_NOTFOUND)) {
96 destroy_key_refs(&srkKeyContainer);
97 LogError("Error removing SRK from key file.");
98 *srkKeySize = 0;
99 free(*srkKey);
100 goto done;
101 }
102
103 /* Set the SRK pubkey to all 0's before writing the SRK to disk, this is for
104 * privacy reasons as outlined in the TSS spec */
105 save = srkKeyContainer.pubKey.key;
106 srkKeyContainer.pubKey.key = fake_pubkey;
107 offset = 0;
108 LoadBlob_TSS_KEY(&offset, fake_srk, &srkKeyContainer);
109
110 if ((result = ps_write_key(&SRK_UUID, &NULL_UUID, NULL, 0, fake_srk,
111 offset))) {
112 destroy_key_refs(&srkKeyContainer);
113 LogError("Error writing SRK to disk");
114 *srkKeySize = 0;
115 free(*srkKey);
116 goto done;
117 }
118
119 srkKeyContainer.pubKey.key = save;
120 }
121 #endif
122 if ((result = mc_add_entry_init(SRK_TPM_HANDLE, SRK_TPM_HANDLE, &srkKeyContainer,
123 &SRK_UUID))) {
124 destroy_key_refs(&srkKeyContainer);
125 LogError("Error creating SRK mem cache entry");
126 *srkKeySize = 0;
127 free(*srkKey);
128 }
129 destroy_key_refs(&srkKeyContainer);
130 }
131 LogResult("TakeOwnership", result);
132 done:
133 auth_mgr_release_auth(ownerAuth, NULL, hContext);
134 return result;
135 }
136
137 TSS_RESULT
TCSP_OwnerClear_Internal(TCS_CONTEXT_HANDLE hContext,TPM_AUTH * ownerAuth)138 TCSP_OwnerClear_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
139 TPM_AUTH * ownerAuth) /* in, out */
140 {
141 UINT64 offset = 0;
142 UINT32 paramSize;
143 TSS_RESULT result;
144 BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
145
146 LogDebug("Entering OwnerClear");
147
148 if ((result = ctx_verify_context(hContext)))
149 goto done;
150
151 if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)))
152 goto done;
153
154 if ((result = tpm_rqu_build(TPM_ORD_OwnerClear, &offset, txBlob, ownerAuth)))
155 goto done;
156
157 if ((result = req_mgr_submit_req(txBlob)))
158 goto done;
159
160 result = UnloadBlob_Header(txBlob, ¶mSize);
161 if (!result) {
162 result = tpm_rsp_parse(TPM_ORD_OwnerClear, txBlob, paramSize, ownerAuth);
163 }
164 LogResult("Ownerclear", result);
165 done:
166 auth_mgr_release_auth(ownerAuth, NULL, hContext);
167 return result;
168 }
169
170