1 
2 /*
3  * Licensed Materials - Property of IBM
4  *
5  * trousers - An open source TCG Software Stack
6  *
7  * (C) Copyright International Business Machines Corp. 2004-2007
8  *
9  */
10 
11 
12 #include <stdlib.h>
13 #include <stdio.h>
14 #include <string.h>
15 
16 #include "trousers/tss.h"
17 #include "trousers/trousers.h"
18 #include "trousers_types.h"
19 #include "trousers_types.h"
20 #include "spi_utils.h"
21 #include "capabilities.h"
22 #include "tsplog.h"
23 #include "tcs_tsp.h"
24 #include "tspps.h"
25 #include "hosttable.h"
26 #include "tcsd_wrap.h"
27 #include "tcsd.h"
28 #include "obj.h"
29 
30 
31 TSS_RESULT
Tspi_Context_Create(TSS_HCONTEXT * phContext)32 Tspi_Context_Create(TSS_HCONTEXT * phContext)     /* out */
33 {
34           if (phContext == NULL)
35                     return TSPERR(TSS_E_BAD_PARAMETER);
36 
37           return obj_context_add(phContext);
38 }
39 
40 TSS_RESULT
Tspi_Context_Close(TSS_HCONTEXT tspContext)41 Tspi_Context_Close(TSS_HCONTEXT tspContext)       /* in */
42 {
43           if (!obj_is_context(tspContext))
44                     return TSPERR(TSS_E_INVALID_HANDLE);
45 
46           obj_context_close(tspContext);
47 
48           /* Have the TCS do its thing */
49           RPC_CloseContext(tspContext);
50 
51           /* Note: Memory that was returned to the app that was alloc'd by this
52            * context isn't free'd here.  Any memory that the app doesn't explicitly
53            * free is left for it to free itself. */
54 
55           /* Destroy all objects */
56           obj_close_context(tspContext);
57 
58           /* close the ps file */
59           PS_close();
60 
61           /* We're not a connected context, so just exit */
62           return TSS_SUCCESS;
63 }
64 
65 TSS_RESULT
Tspi_Context_Connect(TSS_HCONTEXT tspContext,TSS_UNICODE * wszDestination)66 Tspi_Context_Connect(TSS_HCONTEXT tspContext,     /* in */
67                          TSS_UNICODE *wszDestination)       /* in */
68 {
69           TSS_RESULT result;
70           BYTE *machine_name = NULL;
71           TSS_HOBJECT hTpm;
72           UINT32 string_len = 0;
73 
74 
75           if (wszDestination == NULL) {
76                     if ((result = obj_context_get_machine_name(tspContext,
77                                                                          &string_len,
78                                                                          &machine_name)))
79                               return result;
80 
81                     if ((result = RPC_OpenContext(tspContext, machine_name,
82                                                         CONNECTION_TYPE_TCP_PERSISTANT))) {
83                               free(machine_name);
84                               return result;
85                     }
86 
87           } else {
88                     if ((machine_name =
89                         Trspi_UNICODE_To_Native((BYTE *)wszDestination, NULL)) == NULL) {
90                               LogError("Error converting hostname to UTF-8");
91                               return TSPERR(TSS_E_INTERNAL_ERROR);
92                     }
93 
94                     if ((result = RPC_OpenContext(tspContext, machine_name,
95                                                         CONNECTION_TYPE_TCP_PERSISTANT))) {
96                               free(machine_name);
97                               return result;
98                     }
99 
100                     if ((result = obj_context_set_machine_name(tspContext, machine_name,
101                                                             strlen((char *)machine_name)+1))) {
102                               free(machine_name);
103                               return result;
104                     }
105 
106           }
107 
108           free(machine_name);
109 
110         if ((obj_tpm_add(tspContext, &hTpm)))
111                 return TSPERR(TSS_E_INTERNAL_ERROR);
112 
113           return TSS_SUCCESS;
114 }
115 
116 TSS_RESULT
Tspi_Context_FreeMemory(TSS_HCONTEXT tspContext,BYTE * rgbMemory)117 Tspi_Context_FreeMemory(TSS_HCONTEXT tspContext,  /* in */
118                               BYTE * rgbMemory)             /* in */
119 {
120           if (!obj_is_context(tspContext))
121                     return TSPERR(TSS_E_INVALID_HANDLE);
122 
123           return free_tspi(tspContext, rgbMemory);
124 }
125 
126 TSS_RESULT
Tspi_Context_GetDefaultPolicy(TSS_HCONTEXT tspContext,TSS_HPOLICY * phPolicy)127 Tspi_Context_GetDefaultPolicy(TSS_HCONTEXT tspContext,      /* in */
128                                     TSS_HPOLICY * phPolicy) /* out */
129 {
130           if (phPolicy == NULL )
131                     return TSPERR(TSS_E_BAD_PARAMETER);
132 
133           if (!obj_is_context(tspContext))
134                     return TSPERR(TSS_E_INVALID_HANDLE);
135 
136           return obj_context_get_policy(tspContext, TSS_POLICY_USAGE, phPolicy);
137 }
138 
139 TSS_RESULT
Tspi_Context_CreateObject(TSS_HCONTEXT tspContext,TSS_FLAG objectType,TSS_FLAG initFlags,TSS_HOBJECT * phObject)140 Tspi_Context_CreateObject(TSS_HCONTEXT tspContext,          /* in */
141                                 TSS_FLAG objectType,                  /* in */
142                                 TSS_FLAG initFlags,                   /* in */
143                                 TSS_HOBJECT * phObject)     /* out */
144 {
145           TSS_RESULT result;
146 
147           if (phObject == NULL)
148                     return TSPERR(TSS_E_BAD_PARAMETER);
149 
150           if (!obj_is_context(tspContext))
151                     return TSPERR(TSS_E_INVALID_HANDLE);
152 
153           switch (objectType) {
154           case TSS_OBJECT_TYPE_POLICY:
155                     switch (initFlags) {
156 #ifdef TSS_BUILD_TSS12
157                               case TSS_POLICY_OPERATOR:
158                                         /* fall through */
159 #endif
160                               case TSS_POLICY_MIGRATION:
161                                         /* fall through */
162                               case TSS_POLICY_USAGE:
163                                         break;
164                               default:
165                                         return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG);
166                     }
167 
168                     result = obj_policy_add(tspContext, initFlags, phObject);
169                     break;
170 #ifdef TSS_BUILD_RSAKEY_LIST
171           case TSS_OBJECT_TYPE_RSAKEY:
172                     /* If other flags are set that disagree with the SRK, this will
173                      * help catch that conflict in the later steps */
174                     if (initFlags & TSS_KEY_TSP_SRK) {
175                               initFlags |= (TSS_KEY_TYPE_STORAGE | TSS_KEY_NOT_MIGRATABLE |
176                                               TSS_KEY_NON_VOLATILE | TSS_KEY_SIZE_2048);
177                     }
178 
179                     /* Set default key flags */
180 
181                     /* Default key size = 2k */
182                     if ((initFlags & TSS_KEY_SIZE_MASK) == 0)
183                               initFlags |= TSS_KEY_SIZE_2048;
184 
185                     /* Default key type = storage */
186                     if ((initFlags & TSS_KEY_TYPE_MASK) == 0)
187                               initFlags |= TSS_KEY_TYPE_STORAGE;
188 
189                     /* Check the key flags */
190                     switch (initFlags & TSS_KEY_SIZE_MASK) {
191                               case TSS_KEY_SIZE_512:
192                                         /* fall through */
193                               case TSS_KEY_SIZE_1024:
194                                         /* fall through */
195                               case TSS_KEY_SIZE_2048:
196                                         /* fall through */
197                               case TSS_KEY_SIZE_4096:
198                                         /* fall through */
199                               case TSS_KEY_SIZE_8192:
200                                         /* fall through */
201                               case TSS_KEY_SIZE_16384:
202                                         break;
203                               default:
204                                         return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG);
205                     }
206 
207                     switch (initFlags & TSS_KEY_TYPE_MASK) {
208                               case TSS_KEY_TYPE_STORAGE:
209                                         /* fall through */
210                               case TSS_KEY_TYPE_SIGNING:
211                                         /* fall through */
212                               case TSS_KEY_TYPE_BIND:
213                                         /* fall through */
214                               case TSS_KEY_TYPE_AUTHCHANGE:
215                                         /* fall through */
216                               case TSS_KEY_TYPE_LEGACY:
217                                         /* fall through */
218                               case TSS_KEY_TYPE_IDENTITY:
219                                         break;
220                               default:
221                                         return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG);
222                     }
223 
224                     result = obj_rsakey_add(tspContext, initFlags, phObject);
225                     break;
226 #endif
227 #ifdef TSS_BUILD_ENCDATA_LIST
228           case TSS_OBJECT_TYPE_ENCDATA:
229                     switch (initFlags & TSS_ENCDATA_TYPE_MASK) {
230                               case TSS_ENCDATA_LEGACY:
231                                         /* fall through */
232                               case TSS_ENCDATA_SEAL:
233                                         /* fall through */
234                               case TSS_ENCDATA_BIND:
235                                         break;
236                               default:
237                                         return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG);
238                     }
239 
240                     result = obj_encdata_add(tspContext, (initFlags & TSS_ENCDATA_TYPE_MASK), phObject);
241                     break;
242 #endif
243 #ifdef TSS_BUILD_PCRS_LIST
244           case TSS_OBJECT_TYPE_PCRS:
245                     switch (initFlags) {
246                               case TSS_PCRS_STRUCT_DEFAULT:
247                                         /* fall through */
248                               case TSS_PCRS_STRUCT_INFO:
249                                         /* fall through */
250                               case TSS_PCRS_STRUCT_INFO_LONG:
251                                         /* fall through */
252                               case TSS_PCRS_STRUCT_INFO_SHORT:
253                                         /* fall through */
254                                         break;
255                               default:
256                                         return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG);
257                     }
258 
259                     result = obj_pcrs_add(tspContext, initFlags, phObject);
260                     break;
261 #endif
262 #ifdef TSS_BUILD_HASH_LIST
263           case TSS_OBJECT_TYPE_HASH:
264                     switch (initFlags) {
265                               case TSS_HASH_DEFAULT:
266                                         /* fall through */
267                               case TSS_HASH_SHA1:
268                                         /* fall through */
269                               case TSS_HASH_OTHER:
270                                         break;
271                               default:
272                                         return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG);
273                     }
274 
275                     result = obj_hash_add(tspContext, initFlags, phObject);
276                     break;
277 #endif
278 #ifdef TSS_BUILD_DAA
279           //case TSS_OBJECT_TYPE_DAA_CREDENTIAL:
280           case TSS_OBJECT_TYPE_DAA_CERTIFICATE:
281                     if (initFlags & ~(0UL))
282                               return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG);
283 
284                     result = obj_daacred_add(tspContext, phObject);
285                     break;
286           case TSS_OBJECT_TYPE_DAA_ISSUER_KEY:
287                     if (initFlags & ~(0UL))
288                               return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG);
289 
290                     result = obj_daaissuerkey_add(tspContext, phObject);
291                     break;
292           case TSS_OBJECT_TYPE_DAA_ARA_KEY:
293                     if (initFlags & ~(0UL))
294                               return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG);
295 
296                     result = obj_daaarakey_add(tspContext, phObject);
297                     break;
298 #endif
299 #ifdef TSS_BUILD_NV
300           case TSS_OBJECT_TYPE_NV:
301                     /* There are no valid flags for a NV object */
302                     if (initFlags & ~(0UL))
303                               return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG);
304 
305                     result = obj_nvstore_add(tspContext, phObject);
306                     break;
307 #endif
308 #ifdef TSS_BUILD_DELEGATION
309           case TSS_OBJECT_TYPE_DELFAMILY:
310                     /* There are no valid flags for a DELFAMILY object */
311                     if (initFlags & ~(0UL))
312                               return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG);
313 
314                     result = obj_delfamily_add(tspContext, phObject);
315                     break;
316 #endif
317 #ifdef TSS_BUILD_CMK
318           case TSS_OBJECT_TYPE_MIGDATA:
319                     /* There are no valid flags for a MIGDATA object */
320                     if (initFlags & ~(0UL))
321                               return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG);
322 
323                     result = obj_migdata_add(tspContext, phObject);
324                     break;
325 #endif
326           default:
327                     LogDebug("Invalid Object type");
328                     return TSPERR(TSS_E_INVALID_OBJECT_TYPE);
329                     break;
330           }
331 
332           return result;
333 }
334 
335 TSS_RESULT
Tspi_Context_CloseObject(TSS_HCONTEXT tspContext,TSS_HOBJECT hObject)336 Tspi_Context_CloseObject(TSS_HCONTEXT tspContext, /* in */
337                                TSS_HOBJECT hObject)                   /* in */
338 {
339           TSS_RESULT result;
340 
341           if (!obj_is_context(tspContext))
342                     return TSPERR(TSS_E_INVALID_HANDLE);
343 
344           if (obj_is_pcrs(hObject)) {
345 #ifdef TSS_BUILD_PCRS_LIST
346                     result = obj_pcrs_remove(hObject, tspContext);
347 #endif
348           } else if (obj_is_encdata(hObject)) {
349 #ifdef TSS_BUILD_ENCDATA_LIST
350                     result = obj_encdata_remove(hObject, tspContext);
351 #endif
352           } else if (obj_is_hash(hObject)) {
353 #ifdef TSS_BUILD_HASH_LIST
354                     result = obj_hash_remove(hObject, tspContext);
355 #endif
356           } else if (obj_is_rsakey(hObject)) {
357 #ifdef TSS_BUILD_RSAKEY_LIST
358                     result = obj_rsakey_remove(hObject, tspContext);
359 #endif
360           } else if (obj_is_policy(hObject)) {
361                     result = obj_policy_remove(hObject, tspContext);
362           } else if (obj_is_delfamily(hObject)) {
363 #ifdef TSS_BUILD_DELEGATION
364                     result = obj_delfamily_remove(hObject, tspContext);
365 #endif
366           } else if (obj_is_migdata(hObject)) {
367 #ifdef TSS_BUILD_CMK
368                     result = obj_migdata_remove(hObject, tspContext);
369 #endif
370           } else if (obj_is_nvstore(hObject)) {
371 #ifdef TSS_BUILD_NV
372                     result = obj_nvstore_remove(hObject, tspContext);
373 #endif
374           } else {
375                     result = TSPERR(TSS_E_INVALID_HANDLE);
376           }
377 
378           return result;
379 }
380 
381 TSS_RESULT
Tspi_Context_GetTpmObject(TSS_HCONTEXT tspContext,TSS_HTPM * phTPM)382 Tspi_Context_GetTpmObject(TSS_HCONTEXT tspContext,          /* in */
383                                 TSS_HTPM * phTPM)           /* out */
384 {
385           if (phTPM == NULL)
386                     return TSPERR(TSS_E_BAD_PARAMETER);
387 
388           if (!obj_is_context(tspContext))
389                     return TSPERR(TSS_E_INVALID_HANDLE);
390 
391           return obj_tpm_get(tspContext, phTPM);
392 }
393 
394