1 2 /* 3 * Licensed Materials - Property of IBM 4 * 5 * trousers - An open source TCG Software Stack 6 * 7 * (C) Copyright International Business Machines Corp. 2004-2007 8 * 9 */ 10 11 12 #include <stdlib.h> 13 #include <stdio.h> 14 #include <string.h> 15 16 #include "trousers/tss.h" 17 #include "trousers/trousers.h" 18 #include "trousers_types.h" 19 #include "trousers_types.h" 20 #include "spi_utils.h" 21 #include "capabilities.h" 22 #include "tsplog.h" 23 #include "tcs_tsp.h" 24 #include "tspps.h" 25 #include "hosttable.h" 26 #include "tcsd_wrap.h" 27 #include "tcsd.h" 28 #include "obj.h" 29 30 31 TSS_RESULT 32 Tspi_Context_Create(TSS_HCONTEXT * phContext) /* out */ 33 { 34 if (phContext == NULL) 35 return TSPERR(TSS_E_BAD_PARAMETER); 36 37 return obj_context_add(phContext); 38 } 39 40 TSS_RESULT 41 Tspi_Context_Close(TSS_HCONTEXT tspContext) /* in */ 42 { 43 if (!obj_is_context(tspContext)) 44 return TSPERR(TSS_E_INVALID_HANDLE); 45 46 obj_context_close(tspContext); 47 48 /* Have the TCS do its thing */ 49 RPC_CloseContext(tspContext); 50 51 /* Note: Memory that was returned to the app that was alloc'd by this 52 * context isn't free'd here. Any memory that the app doesn't explicitly 53 * free is left for it to free itself. */ 54 55 /* Destroy all objects */ 56 obj_close_context(tspContext); 57 58 /* close the ps file */ 59 PS_close(); 60 61 /* We're not a connected context, so just exit */ 62 return TSS_SUCCESS; 63 } 64 65 TSS_RESULT 66 Tspi_Context_Connect(TSS_HCONTEXT tspContext, /* in */ 67 TSS_UNICODE *wszDestination) /* in */ 68 { 69 TSS_RESULT result; 70 BYTE *machine_name = NULL; 71 TSS_HOBJECT hTpm; 72 UINT32 string_len = 0; 73 74 75 if (wszDestination == NULL) { 76 if ((result = obj_context_get_machine_name(tspContext, 77 &string_len, 78 &machine_name))) 79 return result; 80 81 if ((result = RPC_OpenContext(tspContext, machine_name, 82 CONNECTION_TYPE_TCP_PERSISTANT))) { 83 free(machine_name); 84 return result; 85 } 86 87 } else { 88 if ((machine_name = 89 Trspi_UNICODE_To_Native((BYTE *)wszDestination, NULL)) == NULL) { 90 LogError("Error converting hostname to UTF-8"); 91 return TSPERR(TSS_E_INTERNAL_ERROR); 92 } 93 94 if ((result = RPC_OpenContext(tspContext, machine_name, 95 CONNECTION_TYPE_TCP_PERSISTANT))) { 96 free(machine_name); 97 return result; 98 } 99 100 if ((result = obj_context_set_machine_name(tspContext, machine_name, 101 strlen((char *)machine_name)+1))) { 102 free(machine_name); 103 return result; 104 } 105 106 } 107 108 free(machine_name); 109 110 if ((obj_tpm_add(tspContext, &hTpm))) 111 return TSPERR(TSS_E_INTERNAL_ERROR); 112 113 return TSS_SUCCESS; 114 } 115 116 TSS_RESULT 117 Tspi_Context_FreeMemory(TSS_HCONTEXT tspContext, /* in */ 118 BYTE * rgbMemory) /* in */ 119 { 120 if (!obj_is_context(tspContext)) 121 return TSPERR(TSS_E_INVALID_HANDLE); 122 123 return free_tspi(tspContext, rgbMemory); 124 } 125 126 TSS_RESULT 127 Tspi_Context_GetDefaultPolicy(TSS_HCONTEXT tspContext, /* in */ 128 TSS_HPOLICY * phPolicy) /* out */ 129 { 130 if (phPolicy == NULL ) 131 return TSPERR(TSS_E_BAD_PARAMETER); 132 133 if (!obj_is_context(tspContext)) 134 return TSPERR(TSS_E_INVALID_HANDLE); 135 136 return obj_context_get_policy(tspContext, TSS_POLICY_USAGE, phPolicy); 137 } 138 139 TSS_RESULT 140 Tspi_Context_CreateObject(TSS_HCONTEXT tspContext, /* in */ 141 TSS_FLAG objectType, /* in */ 142 TSS_FLAG initFlags, /* in */ 143 TSS_HOBJECT * phObject) /* out */ 144 { 145 TSS_RESULT result; 146 147 if (phObject == NULL) 148 return TSPERR(TSS_E_BAD_PARAMETER); 149 150 if (!obj_is_context(tspContext)) 151 return TSPERR(TSS_E_INVALID_HANDLE); 152 153 switch (objectType) { 154 case TSS_OBJECT_TYPE_POLICY: 155 switch (initFlags) { 156 #ifdef TSS_BUILD_TSS12 157 case TSS_POLICY_OPERATOR: 158 /* fall through */ 159 #endif 160 case TSS_POLICY_MIGRATION: 161 /* fall through */ 162 case TSS_POLICY_USAGE: 163 break; 164 default: 165 return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG); 166 } 167 168 result = obj_policy_add(tspContext, initFlags, phObject); 169 break; 170 #ifdef TSS_BUILD_RSAKEY_LIST 171 case TSS_OBJECT_TYPE_RSAKEY: 172 /* If other flags are set that disagree with the SRK, this will 173 * help catch that conflict in the later steps */ 174 if (initFlags & TSS_KEY_TSP_SRK) { 175 initFlags |= (TSS_KEY_TYPE_STORAGE | TSS_KEY_NOT_MIGRATABLE | 176 TSS_KEY_NON_VOLATILE | TSS_KEY_SIZE_2048); 177 } 178 179 /* Set default key flags */ 180 181 /* Default key size = 2k */ 182 if ((initFlags & TSS_KEY_SIZE_MASK) == 0) 183 initFlags |= TSS_KEY_SIZE_2048; 184 185 /* Default key type = storage */ 186 if ((initFlags & TSS_KEY_TYPE_MASK) == 0) 187 initFlags |= TSS_KEY_TYPE_STORAGE; 188 189 /* Check the key flags */ 190 switch (initFlags & TSS_KEY_SIZE_MASK) { 191 case TSS_KEY_SIZE_512: 192 /* fall through */ 193 case TSS_KEY_SIZE_1024: 194 /* fall through */ 195 case TSS_KEY_SIZE_2048: 196 /* fall through */ 197 case TSS_KEY_SIZE_4096: 198 /* fall through */ 199 case TSS_KEY_SIZE_8192: 200 /* fall through */ 201 case TSS_KEY_SIZE_16384: 202 break; 203 default: 204 return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG); 205 } 206 207 switch (initFlags & TSS_KEY_TYPE_MASK) { 208 case TSS_KEY_TYPE_STORAGE: 209 /* fall through */ 210 case TSS_KEY_TYPE_SIGNING: 211 /* fall through */ 212 case TSS_KEY_TYPE_BIND: 213 /* fall through */ 214 case TSS_KEY_TYPE_AUTHCHANGE: 215 /* fall through */ 216 case TSS_KEY_TYPE_LEGACY: 217 /* fall through */ 218 case TSS_KEY_TYPE_IDENTITY: 219 break; 220 default: 221 return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG); 222 } 223 224 result = obj_rsakey_add(tspContext, initFlags, phObject); 225 break; 226 #endif 227 #ifdef TSS_BUILD_ENCDATA_LIST 228 case TSS_OBJECT_TYPE_ENCDATA: 229 switch (initFlags & TSS_ENCDATA_TYPE_MASK) { 230 case TSS_ENCDATA_LEGACY: 231 /* fall through */ 232 case TSS_ENCDATA_SEAL: 233 /* fall through */ 234 case TSS_ENCDATA_BIND: 235 break; 236 default: 237 return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG); 238 } 239 240 result = obj_encdata_add(tspContext, (initFlags & TSS_ENCDATA_TYPE_MASK), phObject); 241 break; 242 #endif 243 #ifdef TSS_BUILD_PCRS_LIST 244 case TSS_OBJECT_TYPE_PCRS: 245 switch (initFlags) { 246 case TSS_PCRS_STRUCT_DEFAULT: 247 /* fall through */ 248 case TSS_PCRS_STRUCT_INFO: 249 /* fall through */ 250 case TSS_PCRS_STRUCT_INFO_LONG: 251 /* fall through */ 252 case TSS_PCRS_STRUCT_INFO_SHORT: 253 /* fall through */ 254 break; 255 default: 256 return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG); 257 } 258 259 result = obj_pcrs_add(tspContext, initFlags, phObject); 260 break; 261 #endif 262 #ifdef TSS_BUILD_HASH_LIST 263 case TSS_OBJECT_TYPE_HASH: 264 switch (initFlags) { 265 case TSS_HASH_DEFAULT: 266 /* fall through */ 267 case TSS_HASH_SHA1: 268 /* fall through */ 269 case TSS_HASH_OTHER: 270 break; 271 default: 272 return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG); 273 } 274 275 result = obj_hash_add(tspContext, initFlags, phObject); 276 break; 277 #endif 278 #ifdef TSS_BUILD_DAA 279 //case TSS_OBJECT_TYPE_DAA_CREDENTIAL: 280 case TSS_OBJECT_TYPE_DAA_CERTIFICATE: 281 if (initFlags & ~(0UL)) 282 return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG); 283 284 result = obj_daacred_add(tspContext, phObject); 285 break; 286 case TSS_OBJECT_TYPE_DAA_ISSUER_KEY: 287 if (initFlags & ~(0UL)) 288 return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG); 289 290 result = obj_daaissuerkey_add(tspContext, phObject); 291 break; 292 case TSS_OBJECT_TYPE_DAA_ARA_KEY: 293 if (initFlags & ~(0UL)) 294 return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG); 295 296 result = obj_daaarakey_add(tspContext, phObject); 297 break; 298 #endif 299 #ifdef TSS_BUILD_NV 300 case TSS_OBJECT_TYPE_NV: 301 /* There are no valid flags for a NV object */ 302 if (initFlags & ~(0UL)) 303 return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG); 304 305 result = obj_nvstore_add(tspContext, phObject); 306 break; 307 #endif 308 #ifdef TSS_BUILD_DELEGATION 309 case TSS_OBJECT_TYPE_DELFAMILY: 310 /* There are no valid flags for a DELFAMILY object */ 311 if (initFlags & ~(0UL)) 312 return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG); 313 314 result = obj_delfamily_add(tspContext, phObject); 315 break; 316 #endif 317 #ifdef TSS_BUILD_CMK 318 case TSS_OBJECT_TYPE_MIGDATA: 319 /* There are no valid flags for a MIGDATA object */ 320 if (initFlags & ~(0UL)) 321 return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG); 322 323 result = obj_migdata_add(tspContext, phObject); 324 break; 325 #endif 326 default: 327 LogDebug("Invalid Object type"); 328 return TSPERR(TSS_E_INVALID_OBJECT_TYPE); 329 break; 330 } 331 332 return result; 333 } 334 335 TSS_RESULT 336 Tspi_Context_CloseObject(TSS_HCONTEXT tspContext, /* in */ 337 TSS_HOBJECT hObject) /* in */ 338 { 339 TSS_RESULT result; 340 341 if (!obj_is_context(tspContext)) 342 return TSPERR(TSS_E_INVALID_HANDLE); 343 344 if (obj_is_pcrs(hObject)) { 345 #ifdef TSS_BUILD_PCRS_LIST 346 result = obj_pcrs_remove(hObject, tspContext); 347 #endif 348 } else if (obj_is_encdata(hObject)) { 349 #ifdef TSS_BUILD_ENCDATA_LIST 350 result = obj_encdata_remove(hObject, tspContext); 351 #endif 352 } else if (obj_is_hash(hObject)) { 353 #ifdef TSS_BUILD_HASH_LIST 354 result = obj_hash_remove(hObject, tspContext); 355 #endif 356 } else if (obj_is_rsakey(hObject)) { 357 #ifdef TSS_BUILD_RSAKEY_LIST 358 result = obj_rsakey_remove(hObject, tspContext); 359 #endif 360 } else if (obj_is_policy(hObject)) { 361 result = obj_policy_remove(hObject, tspContext); 362 } else if (obj_is_delfamily(hObject)) { 363 #ifdef TSS_BUILD_DELEGATION 364 result = obj_delfamily_remove(hObject, tspContext); 365 #endif 366 } else if (obj_is_migdata(hObject)) { 367 #ifdef TSS_BUILD_CMK 368 result = obj_migdata_remove(hObject, tspContext); 369 #endif 370 } else if (obj_is_nvstore(hObject)) { 371 #ifdef TSS_BUILD_NV 372 result = obj_nvstore_remove(hObject, tspContext); 373 #endif 374 } else { 375 result = TSPERR(TSS_E_INVALID_HANDLE); 376 } 377 378 return result; 379 } 380 381 TSS_RESULT 382 Tspi_Context_GetTpmObject(TSS_HCONTEXT tspContext, /* in */ 383 TSS_HTPM * phTPM) /* out */ 384 { 385 if (phTPM == NULL) 386 return TSPERR(TSS_E_BAD_PARAMETER); 387 388 if (!obj_is_context(tspContext)) 389 return TSPERR(TSS_E_INVALID_HANDLE); 390 391 return obj_tpm_get(tspContext, phTPM); 392 } 393 394