1 2/* 3 * Licensed Materials - Property of IBM 4 * 5 * trousers - An open source TCG Software Stack 6 * 7 * (C) Copyright International Business Machines Corp. 2007 8 * 9 */ 10 11 12#include <stdlib.h> 13#include <stdio.h> 14#include <string.h> 15 16#include "trousers/tss.h" 17#include "trousers/trousers.h" 18#include "trousers_types.h" 19#include "spi_utils.h" 20#include "tsplog.h" 21#include "obj.h" 22 23 24TSS_RESULT 25__tspi_audit_set_ordinal_audit_status(TSS_HTPM hTpm, 26 TSS_FLAG flag, 27 TSS_FLAG subFlag, 28 UINT32 ulOrdinal) 29{ 30 TSS_BOOL bAuditState; 31 TSS_HCONTEXT tspContext; 32 TSS_HPOLICY hPolicy; 33 TPM_AUTH ownerAuth; 34 Trspi_HashCtx hashCtx; 35 TCPA_DIGEST digest; 36 TSS_RESULT result = TSS_SUCCESS; 37 38 if (flag != TSS_TSPATTRIB_TPM_ORDINAL_AUDIT_STATUS) 39 return TSPERR(TSS_E_BAD_PARAMETER); 40 41 switch (subFlag) { 42 case TPM_CAP_PROP_TPM_SET_ORDINAL_AUDIT: 43 bAuditState = TRUE; 44 break; 45 46 case TPM_CAP_PROP_TPM_CLEAR_ORDINAL_AUDIT: 47 bAuditState = FALSE; 48 break; 49 50 default: 51 return TSPERR(TSS_E_BAD_PARAMETER); 52 } 53 54 if ((result = obj_tpm_get_tsp_context(hTpm, &tspContext))) 55 return result; 56 57 if ((result = obj_tpm_get_policy(hTpm, TSS_POLICY_USAGE, &hPolicy))) 58 return result; 59 60 result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); 61 result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_SetOrdinalAuditStatus); 62 result |= Trspi_Hash_UINT32(&hashCtx, ulOrdinal); 63 result |= Trspi_Hash_BOOL(&hashCtx, bAuditState); 64 if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) 65 return result; 66 67 if ((result = secret_PerformAuth_OIAP(hTpm, TPM_ORD_SetOrdinalAuditStatus, 68 hPolicy, FALSE, &digest, &ownerAuth))) 69 return result; 70 71 if ((result = TCS_API(tspContext)->SetOrdinalAuditStatus(tspContext, &ownerAuth, ulOrdinal, 72 bAuditState))) 73 return result; 74 75 result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); 76 result |= Trspi_Hash_UINT32(&hashCtx, result); 77 result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_SetOrdinalAuditStatus); 78 if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) 79 return result; 80 81 return obj_policy_validate_auth_oiap(hPolicy, &digest, &ownerAuth); 82} 83 84#ifdef TSS_BUILD_TRANSPORT 85TSS_RESULT 86Transport_SetOrdinalAuditStatus(TSS_HCONTEXT tspContext, /* in */ 87 TPM_AUTH *ownerAuth, /* in/out */ 88 UINT32 ulOrdinal, /* in */ 89 TSS_BOOL bAuditState) /* in */ 90{ 91 TSS_RESULT result; 92 UINT32 handlesLen = 0; 93 UINT64 offset; 94 BYTE data[sizeof(UINT32) + sizeof(TSS_BOOL)]; 95 96 97 if ((result = obj_context_transport_init(tspContext))) 98 return result; 99 100 LogDebugFn("Executing in a transport session"); 101 102 offset = 0; 103 Trspi_LoadBlob_UINT32(&offset, ulOrdinal, data); 104 Trspi_LoadBlob_BOOL(&offset, bAuditState, data); 105 106 result = obj_context_transport_execute(tspContext, TPM_ORD_SetOrdinalAuditStatus, 107 sizeof(data), data, NULL, &handlesLen, NULL, 108 ownerAuth, NULL, NULL, NULL); 109 return result; 110} 111 112TSS_RESULT 113Transport_GetAuditDigest(TSS_HCONTEXT tspContext, /* in */ 114 UINT32 startOrdinal, /* in */ 115 TPM_DIGEST *auditDigest, /* out */ 116 UINT32 *counterValueSize, /* out */ 117 BYTE **counterValue, /* out */ 118 TSS_BOOL *more, /* out */ 119 UINT32 *ordSize, /* out */ 120 UINT32 **ordList) /* out */ 121{ 122 TSS_RESULT result; 123 UINT32 handlesLen = 0, decLen; 124 BYTE *dec = NULL; 125 UINT64 offset; 126 BYTE data[sizeof(UINT32)]; 127 128 129 if ((result = obj_context_transport_init(tspContext))) 130 return result; 131 132 LogDebugFn("Executing in a transport session"); 133 134 offset = 0; 135 Trspi_LoadBlob_UINT32(&offset, startOrdinal, data); 136 137 if ((result = obj_context_transport_execute(tspContext, TPM_ORD_GetAuditDigest, 138 sizeof(data), data, NULL, &handlesLen, NULL, 139 NULL, NULL, &decLen, &dec))) 140 return result; 141 142 offset = 0; 143 Trspi_UnloadBlob_COUNTER_VALUE(&offset, dec, NULL); 144 145 *counterValueSize = (UINT32)offset; 146 if ((*counterValue = malloc(*counterValueSize)) == NULL) { 147 free(dec); 148 LogError("malloc of %u bytes failed", *counterValueSize); 149 *counterValueSize = 0; 150 return TSPERR(TSS_E_OUTOFMEMORY); 151 } 152 offset = 0; 153 Trspi_UnloadBlob(&offset, *counterValueSize, dec, *counterValue); 154 155 Trspi_UnloadBlob_DIGEST(&offset, dec, auditDigest); 156 Trspi_UnloadBlob_BOOL(&offset, more, dec); 157 158 Trspi_UnloadBlob_UINT32(&offset, ordSize, dec); 159 160 if ((*ordList = malloc(*ordSize)) == NULL) { 161 free(dec); 162 free(*counterValue); 163 *counterValue = NULL; 164 *counterValueSize = 0; 165 LogError("malloc of %u bytes failed", *ordSize); 166 *ordSize = 0; 167 return TSPERR(TSS_E_OUTOFMEMORY); 168 } 169 170 Trspi_UnloadBlob(&offset, *ordSize, dec, *(BYTE **)ordList); 171 *ordSize /= sizeof(UINT32); 172 173 return TSS_SUCCESS; 174} 175 176TSS_RESULT 177Transport_GetAuditDigestSigned(TSS_HCONTEXT tspContext, /* in */ 178 TCS_KEY_HANDLE keyHandle, /* in */ 179 TSS_BOOL closeAudit, /* in */ 180 TPM_NONCE *antiReplay, /* in */ 181 TPM_AUTH *privAuth, /* in/out */ 182 UINT32 *counterValueSize, /* out */ 183 BYTE **counterValue, /* out */ 184 TPM_DIGEST *auditDigest, /* out */ 185 TPM_DIGEST *ordinalDigest, /* out */ 186 UINT32 *sigSize, /* out */ 187 BYTE **sig) /* out */ 188{ 189 TSS_RESULT result; 190 UINT32 handlesLen, decLen; 191 TCS_HANDLE *handles, handle; 192 BYTE *dec = NULL; 193 TPM_DIGEST pubKeyHash; 194 Trspi_HashCtx hashCtx; 195 UINT64 offset; 196 BYTE data[sizeof(TSS_BOOL) + sizeof(TPM_NONCE)]; 197 198 199 if ((result = obj_context_transport_init(tspContext))) 200 return result; 201 202 LogDebugFn("Executing in a transport session"); 203 204 if ((result = obj_tcskey_get_pubkeyhash(keyHandle, pubKeyHash.digest))) 205 return result; 206 207 result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); 208 result |= Trspi_Hash_DIGEST(&hashCtx, pubKeyHash.digest); 209 if ((result |= Trspi_HashFinal(&hashCtx, pubKeyHash.digest))) 210 return result; 211 212 handlesLen = 1; 213 handle = keyHandle; 214 handles = &handle; 215 216 offset = 0; 217 Trspi_LoadBlob_BOOL(&offset, closeAudit, data); 218 Trspi_LoadBlob_NONCE(&offset, data, antiReplay); 219 220 if ((result = obj_context_transport_execute(tspContext, TPM_ORD_GetAuditDigestSigned, 221 sizeof(data), data, &pubKeyHash, &handlesLen, 222 &handles, privAuth, NULL, &decLen, &dec))) 223 return result; 224 225 offset = 0; 226 Trspi_UnloadBlob_COUNTER_VALUE(&offset, dec, NULL); 227 228 *counterValueSize = (UINT32)offset; 229 if ((*counterValue = malloc(*counterValueSize)) == NULL) { 230 free(dec); 231 LogError("malloc of %u bytes failed", *counterValueSize); 232 *counterValueSize = 0; 233 return TSPERR(TSS_E_OUTOFMEMORY); 234 } 235 offset = 0; 236 Trspi_UnloadBlob(&offset, *counterValueSize, dec, *counterValue); 237 238 Trspi_UnloadBlob_DIGEST(&offset, dec, auditDigest); 239 Trspi_UnloadBlob_DIGEST(&offset, dec, ordinalDigest); 240 241 Trspi_UnloadBlob_UINT32(&offset, sigSize, dec); 242 243 if ((*sig = malloc(*sigSize)) == NULL) { 244 free(dec); 245 free(*counterValue); 246 *counterValue = NULL; 247 *counterValueSize = 0; 248 LogError("malloc of %u bytes failed", *sigSize); 249 *counterValueSize = 0; 250 return TSPERR(TSS_E_OUTOFMEMORY); 251 } 252 Trspi_UnloadBlob(&offset, *sigSize, dec, *sig); 253 254 return TSS_SUCCESS; 255} 256#endif 257