1 2/* 3 * Licensed Materials - Property of IBM 4 * 5 * trousers - An open source TCG Software Stack 6 * 7 * (C) Copyright International Business Machines Corp. 2004 8 * 9 */ 10 11 12#include <stdlib.h> 13#include <stdio.h> 14#include <string.h> 15 16#include "trousers/tss.h" 17#include "trousers_types.h" 18#include "tcs_tsp.h" 19#include "tcs_utils.h" 20#include "tcs_int_literals.h" 21#include "capabilities.h" 22#include "tcslog.h" 23#include "tcsps.h" 24#include "req_mgr.h" 25 26 27TSS_RESULT 28TCSP_TakeOwnership_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ 29 UINT16 protocolID, /* in */ 30 UINT32 encOwnerAuthSize, /* in */ 31 BYTE * encOwnerAuth, /* in */ 32 UINT32 encSrkAuthSize, /* in */ 33 BYTE * encSrkAuth, /* in */ 34 UINT32 srkInfoSize, /*in */ 35 BYTE * srkInfo, /*in */ 36 TPM_AUTH * ownerAuth, /* in, out */ 37 UINT32 * srkKeySize, /*out */ 38 BYTE ** srkKey) /*out */ 39{ 40 UINT64 offset; 41 UINT32 paramSize; 42 TSS_RESULT result; 43 TSS_KEY srkKeyContainer; 44 BYTE fake_pubkey[256] = { 0, }, fake_srk[2048] = { 0, }; 45 BYTE oldAuthDataUsage; 46 BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; 47 48 if ((result = ctx_verify_context(hContext))) 49 goto done; 50 51 if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) 52 goto done; 53 54 /* Check on the Atmel Bug Patch */ 55 offset = 0; 56 UnloadBlob_TSS_KEY(&offset, srkInfo, &srkKeyContainer); 57 oldAuthDataUsage = srkKeyContainer.authDataUsage; 58 LogDebug("auth data usage is %.2X", oldAuthDataUsage); 59 60 offset = 0; 61 if ((result = tpm_rqu_build(TPM_ORD_TakeOwnership, &offset, txBlob, protocolID, 62 encOwnerAuthSize, encOwnerAuth, encSrkAuthSize, encSrkAuth, 63 srkInfoSize, srkInfo, ownerAuth))) 64 return result; 65 66 if ((result = req_mgr_submit_req(txBlob))) 67 goto done; 68 69 result = UnloadBlob_Header(txBlob, ¶mSize); 70 if (!result) { 71 if ((result = tpm_rsp_parse(TPM_ORD_TakeOwnership, txBlob, paramSize, srkKeySize, 72 srkKey, ownerAuth))) 73 goto done; 74 75 offset = 0; 76 if ((result = UnloadBlob_TSS_KEY(&offset, *srkKey, &srkKeyContainer))) { 77 *srkKeySize = 0; 78 free(*srkKey); 79 goto done; 80 } 81 82 if (srkKeyContainer.authDataUsage != oldAuthDataUsage) { 83 LogDebug("AuthDataUsage was changed by TPM. Atmel Bug. Fixing it in PS"); 84 srkKeyContainer.authDataUsage = oldAuthDataUsage; 85 } 86 87#ifdef TSS_BUILD_PS 88 { 89 BYTE *save; 90 91 /* Once the key file is created, it stays forever. There could be 92 * migratable keys in the hierarchy that are still useful to someone. 93 */ 94 result = ps_remove_key(&SRK_UUID); 95 if (result != TSS_SUCCESS && result != TCSERR(TSS_E_PS_KEY_NOTFOUND)) { 96 destroy_key_refs(&srkKeyContainer); 97 LogError("Error removing SRK from key file."); 98 *srkKeySize = 0; 99 free(*srkKey); 100 goto done; 101 } 102 103 /* Set the SRK pubkey to all 0's before writing the SRK to disk, this is for 104 * privacy reasons as outlined in the TSS spec */ 105 save = srkKeyContainer.pubKey.key; 106 srkKeyContainer.pubKey.key = fake_pubkey; 107 offset = 0; 108 LoadBlob_TSS_KEY(&offset, fake_srk, &srkKeyContainer); 109 110 if ((result = ps_write_key(&SRK_UUID, &NULL_UUID, NULL, 0, fake_srk, 111 offset))) { 112 destroy_key_refs(&srkKeyContainer); 113 LogError("Error writing SRK to disk"); 114 *srkKeySize = 0; 115 free(*srkKey); 116 goto done; 117 } 118 119 srkKeyContainer.pubKey.key = save; 120 } 121#endif 122 if ((result = mc_add_entry_init(SRK_TPM_HANDLE, SRK_TPM_HANDLE, &srkKeyContainer, 123 &SRK_UUID))) { 124 destroy_key_refs(&srkKeyContainer); 125 LogError("Error creating SRK mem cache entry"); 126 *srkKeySize = 0; 127 free(*srkKey); 128 } 129 destroy_key_refs(&srkKeyContainer); 130 } 131 LogResult("TakeOwnership", result); 132done: 133 auth_mgr_release_auth(ownerAuth, NULL, hContext); 134 return result; 135} 136 137TSS_RESULT 138TCSP_OwnerClear_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ 139 TPM_AUTH * ownerAuth) /* in, out */ 140{ 141 UINT64 offset = 0; 142 UINT32 paramSize; 143 TSS_RESULT result; 144 BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; 145 146 LogDebug("Entering OwnerClear"); 147 148 if ((result = ctx_verify_context(hContext))) 149 goto done; 150 151 if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) 152 goto done; 153 154 if ((result = tpm_rqu_build(TPM_ORD_OwnerClear, &offset, txBlob, ownerAuth))) 155 goto done; 156 157 if ((result = req_mgr_submit_req(txBlob))) 158 goto done; 159 160 result = UnloadBlob_Header(txBlob, ¶mSize); 161 if (!result) { 162 result = tpm_rsp_parse(TPM_ORD_OwnerClear, txBlob, paramSize, ownerAuth); 163 } 164 LogResult("Ownerclear", result); 165done: 166 auth_mgr_release_auth(ownerAuth, NULL, hContext); 167 return result; 168} 169 170