1
2/*
3 * Licensed Materials - Property of IBM
4 *
5 * trousers - An open source TCG Software Stack
6 *
7 * (C) Copyright International Business Machines Corp. 2004, 2007
8 *
9 */
10
11
12#include <stdlib.h>
13#include <stdio.h>
14#include <string.h>
15#include <inttypes.h>
16
17#include "trousers/tss.h"
18#include "trousers_types.h"
19#include "tcs_tsp.h"
20#include "tcsps.h"
21#include "tcs_utils.h"
22#include "tcs_int_literals.h"
23#include "capabilities.h"
24#include "tcslog.h"
25#include "req_mgr.h"
26#include "tcsd_wrap.h"
27#include "tcsd.h"
28
29TSS_RESULT
30TCSP_SetOwnerInstall_Internal(TCS_CONTEXT_HANDLE hContext,	/* in */
31			      TSS_BOOL state)	/* in  */
32{
33	UINT64 offset = 0;
34	UINT32 paramSize;
35	TSS_RESULT result;
36	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
37
38	LogDebug("Entering SetOwnerInstall");
39	if ((result = ctx_verify_context(hContext)))
40		return result;
41
42	if ((result = tpm_rqu_build(TPM_ORD_SetOwnerInstall, &offset, txBlob, state, NULL)))
43		return result;
44
45	if ((result = req_mgr_submit_req(txBlob)))
46		return result;
47
48	result = UnloadBlob_Header(txBlob, &paramSize);
49	LogResult("SetOwnerInstall", result);
50	return result;
51}
52
53TSS_RESULT
54TCSP_OwnerSetDisable_Internal(TCS_CONTEXT_HANDLE hContext,	/* in */
55			      TSS_BOOL disableState,	/* in */
56			      TPM_AUTH * ownerAuth)	/* in, out */
57{
58	UINT64 offset = 0;
59	UINT32 paramSize;
60	TSS_RESULT result;
61	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
62
63	if ((result = ctx_verify_context(hContext)))
64		goto done;
65
66	if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)))
67		goto done;
68
69	if ((result = tpm_rqu_build(TPM_ORD_OwnerSetDisable, &offset, txBlob, disableState,
70				    ownerAuth)))
71		goto done;
72
73	if ((result = req_mgr_submit_req(txBlob)))
74		goto done;
75
76	result = UnloadBlob_Header(txBlob, &paramSize);
77	if (!result) {
78		result = tpm_rsp_parse(TPM_ORD_OwnerSetDisable, txBlob, paramSize, ownerAuth);
79	}
80done:
81	auth_mgr_release_auth(ownerAuth, NULL, hContext);
82	return result;
83}
84
85TSS_RESULT
86TCSP_DisableOwnerClear_Internal(TCS_CONTEXT_HANDLE hContext,	/* in */
87				TPM_AUTH * ownerAuth)	/* in, out */
88{
89	UINT64 offset = 0;
90	UINT32 paramSize;
91	TSS_RESULT result;
92	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
93
94	LogDebug("Entering DisableownerClear");
95
96	if ((result = ctx_verify_context(hContext)))
97		goto done;
98
99	if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)))
100		goto done;
101
102	if ((result = tpm_rqu_build(TPM_ORD_DisableOwnerClear, &offset, txBlob, ownerAuth)))
103		goto done;
104
105	if ((result = req_mgr_submit_req(txBlob)))
106		goto done;
107
108	result = UnloadBlob_Header(txBlob, &paramSize);
109	if (!result) {
110		result = tpm_rsp_parse(TPM_ORD_DisableOwnerClear, txBlob, paramSize, ownerAuth);
111	}
112	LogResult("DisableOwnerClear", result);
113done:
114	auth_mgr_release_auth(ownerAuth, NULL, hContext);
115	return result;
116}
117
118TSS_RESULT
119TCSP_ForceClear_Internal(TCS_CONTEXT_HANDLE hContext)	/* in */
120{
121	UINT64 offset = 0;
122	UINT32 paramSize;
123	TSS_RESULT result;
124	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
125
126	LogDebug("Entering Force Clear");
127	if ((result = ctx_verify_context(hContext)))
128		return result;
129
130	if ((result = tpm_rqu_build(TPM_ORD_ForceClear, &offset, txBlob, NULL)))
131		return result;
132
133	if ((result = req_mgr_submit_req(txBlob)))
134		return result;
135
136	result = UnloadBlob_Header(txBlob, &paramSize);
137	LogResult("Force Clear", result);
138	return result;
139}
140
141TSS_RESULT
142TCSP_DisableForceClear_Internal(TCS_CONTEXT_HANDLE hContext)	/* in */
143{
144	UINT64 offset = 0;
145	UINT32 paramSize;
146	TSS_RESULT result;
147	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
148
149	LogDebug("Entering Disable Force Clear");
150	if ((result = ctx_verify_context(hContext)))
151		return result;
152
153	if ((result = tpm_rqu_build(TPM_ORD_DisableForceClear, &offset, txBlob, NULL)))
154		return result;
155
156	if ((result = req_mgr_submit_req(txBlob)))
157		return result;
158
159	result = UnloadBlob_Header(txBlob, &paramSize);
160	LogResult("Disable Force Clear", result);
161	return result;
162}
163
164TSS_RESULT
165TCSP_PhysicalPresence_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
166			TCPA_PHYSICAL_PRESENCE fPhysicalPresence) /* in */
167{
168	UINT64 offset = 0;
169	UINT32 paramSize;
170	TSS_RESULT result = TCSERR(TSS_E_NOTIMPL);
171	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
172	char runlevel;
173
174	runlevel = platform_get_runlevel();
175
176	if (runlevel != 's' && runlevel != 'S' && runlevel != '1') {
177		LogInfo("Physical Presence command denied: Must be in single"
178				" user mode.");
179		return TCSERR(TSS_E_NOTIMPL);
180	}
181
182	if ((result = ctx_verify_context(hContext)))
183		return result;
184
185	if ((result = tpm_rqu_build(TSC_ORD_PhysicalPresence, &offset, txBlob, fPhysicalPresence)))
186		return result;
187
188	if ((result = req_mgr_submit_req(txBlob)))
189		return result;
190
191	return UnloadBlob_Header(txBlob, &paramSize);
192}
193
194TSS_RESULT
195TCSP_PhysicalDisable_Internal(TCS_CONTEXT_HANDLE hContext)	/* in */
196{
197	UINT64 offset = 0;
198	UINT32 paramSize;
199	TSS_RESULT result;
200	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
201
202	LogDebug("Entering Physical Disable");
203	if ((result = ctx_verify_context(hContext)))
204		return result;
205
206	if ((result = tpm_rqu_build(TPM_ORD_PhysicalDisable, &offset, txBlob, NULL)))
207		return result;
208
209	if ((result = req_mgr_submit_req(txBlob)))
210		return result;
211
212	result = UnloadBlob_Header(txBlob, &paramSize);
213	LogResult("Physical Disable", result);
214
215	return result;
216}
217
218TSS_RESULT
219TCSP_PhysicalEnable_Internal(TCS_CONTEXT_HANDLE hContext)	/* in */
220{
221	UINT64 offset = 0;
222	TSS_RESULT result;
223	UINT32 paramSize;
224	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
225
226	LogDebug("Entering Physical Enable");
227	if ((result = ctx_verify_context(hContext)))
228		return result;
229
230	if ((result = tpm_rqu_build(TPM_ORD_PhysicalEnable, &offset, txBlob, NULL)))
231		return result;
232
233	if ((result = req_mgr_submit_req(txBlob)))
234		return result;
235
236	result = UnloadBlob_Header(txBlob, &paramSize);
237	LogResult("Physical Enable", result);
238
239	return result;
240}
241
242TSS_RESULT
243TCSP_PhysicalSetDeactivated_Internal(TCS_CONTEXT_HANDLE hContext,	/* in */
244				     TSS_BOOL state)	/* in */
245{
246	UINT64 offset = 0;
247	UINT32 paramSize;
248	TSS_RESULT result;
249	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
250
251	LogDebug("Entering Physical Set Deactivated");
252	if ((result = ctx_verify_context(hContext)))
253		return result;
254
255	if ((result = tpm_rqu_build(TPM_ORD_PhysicalSetDeactivated, &offset, txBlob, state, NULL)))
256		return result;
257
258	if ((result = req_mgr_submit_req(txBlob)))
259		return result;
260
261	result = UnloadBlob_Header(txBlob, &paramSize);
262	LogResult("PhysicalSetDeactivated", result);
263	return result;
264}
265
266TSS_RESULT
267TCSP_SetTempDeactivated_Internal(TCS_CONTEXT_HANDLE hContext)	/* in */
268{
269	UINT64 offset = 0;
270	UINT32 paramSize;
271	TSS_RESULT result;
272	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
273
274	LogDebug("Entering Set Temp Deactivated");
275	if ((result = ctx_verify_context(hContext)))
276		return result;
277
278	if ((result = tpm_rqu_build(TPM_ORD_SetTempDeactivated, &offset, txBlob, NULL)))
279		return result;
280
281	if ((result = req_mgr_submit_req(txBlob)))
282		return result;
283
284	result = UnloadBlob_Header(txBlob, &paramSize);
285	LogResult("SetTempDeactivated", result);
286
287	return result;
288}
289
290#ifdef TSS_BUILD_TSS12
291TSS_RESULT
292TCSP_SetTempDeactivated2_Internal(TCS_CONTEXT_HANDLE hContext,	/* in */
293				  TPM_AUTH * operatorAuth)	/* in, out */
294{
295	UINT64 offset = 0;
296	UINT32 paramSize;
297	TSS_RESULT result;
298	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
299
300	LogDebug("Entering Set Temp Deactivated2");
301	if ((result = ctx_verify_context(hContext)))
302		return result;
303
304	if (operatorAuth) {
305		if ((result = auth_mgr_check(hContext, &operatorAuth->AuthHandle)))
306			return result;
307	}
308
309	if ((result = tpm_rqu_build(TPM_ORD_SetTempDeactivated, &offset, txBlob, operatorAuth)))
310		goto done;
311
312	if ((result = req_mgr_submit_req(txBlob)))
313		goto done;
314
315	result = UnloadBlob_Header(txBlob, &paramSize);
316
317	if (!result) {
318			result = tpm_rsp_parse(TPM_ORD_SetTempDeactivated, txBlob, paramSize,
319					       operatorAuth);
320	}
321
322	LogResult("SetTempDeactivated2", result);
323
324done:
325	auth_mgr_release_auth(operatorAuth, NULL, hContext);
326
327	return result;
328}
329#endif
330
331TSS_RESULT
332TCSP_FieldUpgrade_Internal(TCS_CONTEXT_HANDLE hContext,	/* in */
333			   UINT32 dataInSize,	/* in */
334			   BYTE * dataIn,	/* in */
335			   UINT32 * dataOutSize,	/* out */
336			   BYTE ** dataOut,	/* out */
337			   TPM_AUTH * ownerAuth)	/* in, out */
338{
339	TSS_RESULT result;
340	UINT32 paramSize;
341	UINT64 offset = 0;
342	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
343
344	LogDebug("Field Upgrade");
345
346	if ((result = ctx_verify_context(hContext)))
347		goto done;
348
349	if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)))
350		goto done;
351
352	if ((result = tpm_rqu_build(TPM_ORD_FieldUpgrade, &offset, txBlob, dataInSize, dataInSize,
353				    dataIn, ownerAuth, NULL)))
354		return result;
355
356	if ((result = req_mgr_submit_req(txBlob)))
357		goto done;
358
359	result = UnloadBlob_Header(txBlob, &paramSize);
360
361	if (!result) {
362		result = tpm_rsp_parse(TPM_ORD_FieldUpgrade, txBlob, paramSize, dataOutSize,
363				       dataOut, ownerAuth);
364	}
365	LogResult("Field Upgrade", result);
366done:
367	auth_mgr_release_auth(ownerAuth, NULL, hContext);
368	return result;
369}
370
371TSS_RESULT
372TCSP_SetRedirection_Internal(TCS_CONTEXT_HANDLE hContext,	/* in */
373			     TCS_KEY_HANDLE keyHandle,	/* in */
374			     UINT32 c1,	/* in */
375			     UINT32 c2,	/* in */
376			     TPM_AUTH * privAuth)	/* in, out */
377{
378	TSS_RESULT result;
379	UINT32 paramSize;
380	UINT64 offset = 0;
381	TCPA_KEY_HANDLE keySlot;
382	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
383
384	LogDebug("Set Redirection");
385
386	if ((result = ctx_verify_context(hContext)))
387		goto done;
388
389	if (privAuth != NULL) {
390		if ((result = auth_mgr_check(hContext, &privAuth->AuthHandle)))
391			goto done;
392	}
393
394	if ((result = ensureKeyIsLoaded(hContext, keyHandle, &keySlot))) {
395		result = TCSERR(TSS_E_FAIL);
396		goto done;
397	}
398
399	if ((result = tpm_rqu_build(TPM_ORD_SetRedirection, &offset, txBlob, keySlot, c1, c2,
400				    privAuth)))
401		goto done;
402
403	if ((result = req_mgr_submit_req(txBlob)))
404		goto done;
405
406	result = UnloadBlob_Header(txBlob, &paramSize);
407
408	if (!result) {
409		result = tpm_rsp_parse(TPM_ORD_SetRedirection, txBlob, paramSize, privAuth);
410	}
411	LogResult("Set Redirection", result);
412done:
413	auth_mgr_release_auth(privAuth, NULL, hContext);
414	return result;
415}
416
417#ifdef TSS_BUILD_TSS12
418TSS_RESULT
419TCSP_ResetLockValue_Internal(TCS_CONTEXT_HANDLE hContext,	/* in */
420			     TPM_AUTH * ownerAuth)	/* in, out */
421{
422	UINT64 offset = 0;
423	UINT32 paramSize;
424	TSS_RESULT result;
425	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
426
427	if ((result = ctx_verify_context(hContext)))
428		goto done;
429
430	if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)))
431		goto done;
432
433	if ((result = tpm_rqu_build(TPM_ORD_ResetLockValue, &offset, txBlob, ownerAuth)))
434		return result;
435
436	if ((result = req_mgr_submit_req(txBlob)))
437		goto done;
438
439	result = UnloadBlob_Header(txBlob, &paramSize);
440	if (!result) {
441		result = tpm_rsp_parse(TPM_ORD_ResetLockValue, txBlob, paramSize, ownerAuth);
442	}
443
444done:
445	auth_mgr_release_auth(ownerAuth, NULL, hContext);
446	return result;
447}
448
449TSS_RESULT
450TCSP_FlushSpecific_Common(UINT32 tpmResHandle, TPM_RESOURCE_TYPE resourceType)
451{
452	UINT64 offset = 0;
453	UINT32 paramSize;
454	TSS_RESULT result;
455	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
456
457	if ((result = tpm_rqu_build(TPM_ORD_FlushSpecific, &offset, txBlob, tpmResHandle,
458				    resourceType)))
459		return result;
460
461	if ((result = req_mgr_submit_req(txBlob)))
462		return result;
463
464	result = UnloadBlob_Header(txBlob, &paramSize);
465	if (!result) {
466		result = tpm_rsp_parse(TPM_ORD_FlushSpecific, txBlob, paramSize, NULL);
467	}
468
469	return result;
470}
471
472TSS_RESULT
473TCSP_FlushSpecific_Internal(TCS_CONTEXT_HANDLE hContext,	/* in */
474			    TCS_HANDLE hResHandle,	/* in */
475			    TPM_RESOURCE_TYPE resourceType) /* in */
476{
477	UINT32 tpmResHandle;
478	TSS_RESULT result;
479
480	if ((result = ctx_verify_context(hContext)))
481		return result;
482
483	switch (resourceType) {
484		case TPM_RT_KEY:
485			if ((result = get_slot_lite(hContext, hResHandle, &tpmResHandle)))
486				return result;
487
488			if ((result = ctx_remove_key_loaded(hContext, hResHandle)))
489				return result;
490
491			if ((result = key_mgr_dec_ref_count(hResHandle)))
492				return result;
493			break;
494		case TPM_RT_AUTH:
495			if ((result = auth_mgr_check(hContext, &hResHandle)))
496				return result;
497
498			auth_mgr_release_auth_handle(hResHandle, hContext, FALSE);
499			/* fall through */
500		case TPM_RT_TRANS:
501		case TPM_RT_DAA_TPM:
502			tpmResHandle = hResHandle;
503			break;
504		case TPM_RT_CONTEXT:
505			result = TCSERR(TSS_E_NOTIMPL);
506			goto done;
507		default:
508			LogDebugFn("Unknown resource type: 0x%x", resourceType);
509			goto done;
510	}
511
512	result = TCSP_FlushSpecific_Common(tpmResHandle, resourceType);
513
514done:
515	return result;
516}
517#endif
518
519