1
2/*
3 * Licensed Materials - Property of IBM
4 *
5 * trousers - An open source TCG Software Stack
6 *
7 * (C) Copyright International Business Machines Corp. 2004
8 *
9 */
10
11
12#include <stdlib.h>
13#include <stdio.h>
14#include <string.h>
15
16#include "trousers/tss.h"
17#include "trousers_types.h"
18#include "tcs_tsp.h"
19#include "tcs_utils.h"
20#include "tcs_int_literals.h"
21#include "capabilities.h"
22#include "tcslog.h"
23#include "tcsps.h"
24#include "req_mgr.h"
25
26
27TSS_RESULT
28TCSP_TakeOwnership_Internal(TCS_CONTEXT_HANDLE hContext,	/* in */
29			    UINT16 protocolID,	/* in */
30			    UINT32 encOwnerAuthSize,	/* in  */
31			    BYTE * encOwnerAuth,	/* in */
32			    UINT32 encSrkAuthSize,	/* in */
33			    BYTE * encSrkAuth,	/* in */
34			    UINT32 srkInfoSize,	/*in */
35			    BYTE * srkInfo,	/*in */
36			    TPM_AUTH * ownerAuth,	/* in, out */
37			    UINT32 * srkKeySize,	/*out */
38			    BYTE ** srkKey)	/*out */
39{
40	UINT64 offset;
41	UINT32 paramSize;
42	TSS_RESULT result;
43	TSS_KEY srkKeyContainer;
44	BYTE fake_pubkey[256] = { 0, }, fake_srk[2048] = { 0, };
45	BYTE oldAuthDataUsage;
46	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
47
48	if ((result = ctx_verify_context(hContext)))
49		goto done;
50
51	if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)))
52		goto done;
53
54	/* Check on the Atmel Bug Patch */
55	offset = 0;
56	UnloadBlob_TSS_KEY(&offset, srkInfo, &srkKeyContainer);
57	oldAuthDataUsage = srkKeyContainer.authDataUsage;
58	LogDebug("auth data usage is %.2X", oldAuthDataUsage);
59
60	offset = 0;
61	if ((result = tpm_rqu_build(TPM_ORD_TakeOwnership, &offset, txBlob, protocolID,
62				    encOwnerAuthSize, encOwnerAuth, encSrkAuthSize, encSrkAuth,
63				    srkInfoSize, srkInfo, ownerAuth)))
64		return result;
65
66	if ((result = req_mgr_submit_req(txBlob)))
67		goto done;
68
69	result = UnloadBlob_Header(txBlob, &paramSize);
70	if (!result) {
71		if ((result = tpm_rsp_parse(TPM_ORD_TakeOwnership, txBlob, paramSize, srkKeySize,
72					    srkKey, ownerAuth)))
73			goto done;
74
75		offset = 0;
76		if ((result = UnloadBlob_TSS_KEY(&offset, *srkKey, &srkKeyContainer))) {
77			*srkKeySize = 0;
78			free(*srkKey);
79			goto done;
80		}
81
82		if (srkKeyContainer.authDataUsage != oldAuthDataUsage) {
83			LogDebug("AuthDataUsage was changed by TPM.  Atmel Bug. Fixing it in PS");
84			srkKeyContainer.authDataUsage = oldAuthDataUsage;
85		}
86
87#ifdef TSS_BUILD_PS
88		{
89			BYTE *save;
90
91			/* Once the key file is created, it stays forever. There could be
92			 * migratable keys in the hierarchy that are still useful to someone.
93			 */
94			result = ps_remove_key(&SRK_UUID);
95			if (result != TSS_SUCCESS && result != TCSERR(TSS_E_PS_KEY_NOTFOUND)) {
96				destroy_key_refs(&srkKeyContainer);
97				LogError("Error removing SRK from key file.");
98				*srkKeySize = 0;
99				free(*srkKey);
100				goto done;
101			}
102
103			/* Set the SRK pubkey to all 0's before writing the SRK to disk, this is for
104			 * privacy reasons as outlined in the TSS spec */
105			save = srkKeyContainer.pubKey.key;
106			srkKeyContainer.pubKey.key = fake_pubkey;
107			offset = 0;
108			LoadBlob_TSS_KEY(&offset, fake_srk, &srkKeyContainer);
109
110			if ((result = ps_write_key(&SRK_UUID, &NULL_UUID, NULL, 0, fake_srk,
111						   offset))) {
112				destroy_key_refs(&srkKeyContainer);
113				LogError("Error writing SRK to disk");
114				*srkKeySize = 0;
115				free(*srkKey);
116				goto done;
117			}
118
119			srkKeyContainer.pubKey.key = save;
120		}
121#endif
122		if ((result = mc_add_entry_init(SRK_TPM_HANDLE, SRK_TPM_HANDLE, &srkKeyContainer,
123					        &SRK_UUID))) {
124			destroy_key_refs(&srkKeyContainer);
125			LogError("Error creating SRK mem cache entry");
126			*srkKeySize = 0;
127			free(*srkKey);
128		}
129		destroy_key_refs(&srkKeyContainer);
130	}
131	LogResult("TakeOwnership", result);
132done:
133	auth_mgr_release_auth(ownerAuth, NULL, hContext);
134	return result;
135}
136
137TSS_RESULT
138TCSP_OwnerClear_Internal(TCS_CONTEXT_HANDLE hContext,	/* in */
139			 TPM_AUTH * ownerAuth)	/* in, out */
140{
141	UINT64 offset = 0;
142	UINT32 paramSize;
143	TSS_RESULT result;
144	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
145
146	LogDebug("Entering OwnerClear");
147
148	if ((result = ctx_verify_context(hContext)))
149		goto done;
150
151	if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)))
152		goto done;
153
154	if ((result = tpm_rqu_build(TPM_ORD_OwnerClear, &offset, txBlob, ownerAuth)))
155		goto done;
156
157	if ((result = req_mgr_submit_req(txBlob)))
158		goto done;
159
160	result = UnloadBlob_Header(txBlob, &paramSize);
161	if (!result) {
162		result = tpm_rsp_parse(TPM_ORD_OwnerClear, txBlob, paramSize, ownerAuth);
163	}
164	LogResult("Ownerclear", result);
165done:
166	auth_mgr_release_auth(ownerAuth, NULL, hContext);
167	return result;
168}
169
170