1 
2 /*
3  * Licensed Materials - Property of IBM
4  *
5  * trousers - An open source TCG Software Stack
6  *
7  * (C) Copyright International Business Machines Corp. 2005, 2007
8  *
9  */
10 
11 
12 #include <stdlib.h>
13 #include <stdio.h>
14 #include <errno.h>
15 #include <string.h>
16 #include <inttypes.h>
17 
18 #include "trousers/tss.h"
19 #include "trousers/trousers.h"
20 #include "trousers_types.h"
21 #include "spi_utils.h"
22 #include "capabilities.h"
23 #include "tsplog.h"
24 #include "obj.h"
25 
26 TSS_RESULT
obj_rsakey_add(TSS_HCONTEXT tspContext,TSS_FLAG initFlags,TSS_HOBJECT * phObject)27 obj_rsakey_add(TSS_HCONTEXT tspContext, TSS_FLAG initFlags, TSS_HOBJECT *phObject)
28 {
29           UINT64 offset;
30           TSS_RESULT result;
31           TCPA_RSA_KEY_PARMS rsaKeyParms;
32           TSS_FLAG flags = 0;
33           struct tr_rsakey_obj *rsakey = calloc(1, sizeof(struct tr_rsakey_obj));
34           TPM_STRUCT_VER ver = { 1, 1, 0, 0 };  // Must be 1.1.0.0 for 1.2 TPMs
35           UINT32 ctx_ver;
36 
37           if (rsakey == NULL) {
38                     LogError("malloc of %zd bytes failed.", sizeof(struct tr_rsakey_obj));
39                     return TSPERR(TSS_E_OUTOFMEMORY);
40           }
41 
42           if ((result = obj_context_get_policy(tspContext, TSS_POLICY_USAGE, &rsakey->usagePolicy))) {
43                     free(rsakey);
44                     return result;
45           }
46 
47           if ((initFlags & TSS_KEY_STRUCT_BITMASK) == TSS_KEY_STRUCT_DEFAULT) {
48                     /* Its not set, go with the context's default */
49                     if ((result = obj_context_get_connection_version(tspContext, &ctx_ver))) {
50                               free(rsakey);
51                               return result;
52                     }
53 
54                     switch (ctx_ver) {
55                               case TSS_TSPATTRIB_CONTEXT_VERSION_V1_2:
56                                         initFlags |= TSS_KEY_STRUCT_KEY12;
57                                         break;
58                               case TSS_TSPATTRIB_CONTEXT_VERSION_V1_1:
59                                         /* fall through */
60                               default:
61                                         initFlags |= TSS_KEY_STRUCT_KEY;
62                                         break;
63                     }
64           }
65 
66           offset = 0;
67           switch (initFlags & TSS_KEY_STRUCT_BITMASK) {
68                     case TSS_KEY_STRUCT_KEY:
69                               rsakey->key.hdr.key11.ver = ver;
70                               rsakey->type = TSS_KEY_STRUCT_KEY;
71                               rsakey->pcrInfoType = TSS_PCRS_STRUCT_INFO;
72                               rsakey->key.keyFlags = 0;
73                               break;
74                     case TSS_KEY_STRUCT_KEY12:
75                               rsakey->key.hdr.key12.tag = TPM_TAG_KEY12;
76                               rsakey->key.hdr.key12.fill = 0;
77                               rsakey->type = TSS_KEY_STRUCT_KEY12;
78                               rsakey->pcrInfoType = TSS_PCRS_STRUCT_INFO_LONG;
79                               rsakey->key.keyFlags = TPM_PCRIGNOREDONREAD;
80                               break;
81                     default:
82                               free(rsakey);
83                               return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG);
84                               break;
85           }
86 
87           if (initFlags == TSS_KEY_EMPTY_KEY)
88                     goto add_key;
89 
90           __tspi_memset(&rsaKeyParms, 0, sizeof(TCPA_RSA_KEY_PARMS));
91 
92           rsakey->key.algorithmParms.algorithmID = TCPA_ALG_RSA;
93           rsakey->key.algorithmParms.parmSize = sizeof(TCPA_RSA_KEY_PARMS);
94 
95           rsakey->key.algorithmParms.parms = calloc(1, sizeof(TCPA_RSA_KEY_PARMS));
96           if (rsakey->key.algorithmParms.parms == NULL) {
97                     LogError("calloc of %u bytes failed.", rsakey->key.algorithmParms.parmSize);
98                     free(rsakey);
99                     return TSPERR(TSS_E_OUTOFMEMORY);
100           }
101           rsaKeyParms.exponentSize = 0;
102           rsaKeyParms.numPrimes = 2;
103 
104           rsakey->key.pubKey.keyLength = 0;
105           rsakey->key.encSize = 0;
106           rsakey->key.PCRInfoSize = 0;
107 
108           /* End of all the default stuff */
109 
110           if (initFlags & TSS_KEY_VOLATILE)
111                     rsakey->key.keyFlags |= TPM_VOLATILE;
112           if (initFlags & TSS_KEY_MIGRATABLE)
113                     rsakey->key.keyFlags |= TPM_MIGRATABLE;
114           if (initFlags & TSS_KEY_AUTHORIZATION) {
115                     rsakey->key.authDataUsage = TPM_AUTH_ALWAYS;
116                     flags |= TSS_OBJ_FLAG_USAGEAUTH;
117           }
118 
119 #ifdef TSS_BUILD_CMK
120           if (initFlags & TSS_KEY_CERTIFIED_MIGRATABLE) {
121                     if (rsakey->type == TSS_KEY_STRUCT_KEY) {
122                               free(rsakey);
123                               return TSPERR(TSS_E_BAD_PARAMETER);
124                     }
125                     rsakey->key.keyFlags |= TPM_MIGRATEAUTHORITY;
126           }
127 #endif
128 
129           /* set the key length */
130           if ((initFlags & TSS_KEY_SIZE_MASK) == TSS_KEY_SIZE_512) {
131                     rsaKeyParms.keyLength = 512;
132           } else if ((initFlags & TSS_KEY_SIZE_MASK) == TSS_KEY_SIZE_1024) {
133                     rsaKeyParms.keyLength = 1024;
134           } else if ((initFlags & TSS_KEY_SIZE_MASK) == TSS_KEY_SIZE_2048) {
135                     rsaKeyParms.keyLength = 2048;
136           } else if ((initFlags & TSS_KEY_SIZE_MASK) == TSS_KEY_SIZE_4096) {
137                     rsaKeyParms.keyLength = 4096;
138           } else if ((initFlags & TSS_KEY_SIZE_MASK) == TSS_KEY_SIZE_8192) {
139                     rsaKeyParms.keyLength = 8192;
140           } else if ((initFlags & TSS_KEY_SIZE_MASK) == TSS_KEY_SIZE_16384) {
141                     rsaKeyParms.keyLength = 16384;
142           }
143 
144           /* assign encryption and signature schemes */
145           if ((initFlags & TSS_KEY_TYPE_MASK) == TSS_KEY_TYPE_SIGNING) {
146                     rsakey->key.keyUsage = TPM_KEY_SIGNING;
147                     rsakey->key.algorithmParms.encScheme = TCPA_ES_NONE;
148                     rsakey->key.algorithmParms.sigScheme = TCPA_SS_RSASSAPKCS1v15_SHA1;
149           } else if ((initFlags & TSS_KEY_TYPE_MASK) == TSS_KEY_TYPE_BIND) {
150                     rsakey->key.keyUsage = TPM_KEY_BIND;
151                     rsakey->key.algorithmParms.encScheme = TCPA_ES_RSAESOAEP_SHA1_MGF1;
152                     rsakey->key.algorithmParms.sigScheme = TCPA_SS_NONE;
153           } else if ((initFlags & TSS_KEY_TYPE_MASK) == TSS_KEY_TYPE_LEGACY) {
154                     rsakey->key.keyUsage = TPM_KEY_LEGACY;
155                     rsakey->key.algorithmParms.encScheme = TCPA_ES_RSAESOAEP_SHA1_MGF1;
156                     rsakey->key.algorithmParms.sigScheme = TCPA_SS_RSASSAPKCS1v15_SHA1;
157           } else if ((initFlags & TSS_KEY_TYPE_MASK) == TSS_KEY_TYPE_STORAGE) {
158                     rsakey->key.keyUsage = TPM_KEY_STORAGE;
159                     rsakey->key.algorithmParms.encScheme = TCPA_ES_RSAESOAEP_SHA1_MGF1;
160                     rsakey->key.algorithmParms.sigScheme = TCPA_SS_NONE;
161           } else if ((initFlags & TSS_KEY_TYPE_MASK) == TSS_KEY_TYPE_IDENTITY) {
162                     rsakey->key.keyUsage = TPM_KEY_IDENTITY;
163                     rsakey->key.algorithmParms.encScheme = TCPA_ES_NONE;
164                     rsakey->key.algorithmParms.sigScheme = TCPA_SS_RSASSAPKCS1v15_SHA1;
165           } else if ((initFlags & TSS_KEY_TYPE_MASK) == TSS_KEY_TYPE_AUTHCHANGE) {
166                     rsakey->key.keyUsage = TPM_KEY_AUTHCHANGE;
167                     rsakey->key.algorithmParms.encScheme = TCPA_ES_RSAESOAEP_SHA1_MGF1;
168                     rsakey->key.algorithmParms.sigScheme = TCPA_SS_NONE;
169           }
170 
171           /* Load the RSA key parms into the blob in the TCPA_KEY_PARMS pointer.
172            * If the exponent is left NULL, the parmSize variable will change
173            * here */
174           offset = 0;
175           Trspi_LoadBlob_RSA_KEY_PARMS(&offset, rsakey->key.algorithmParms.parms, &rsaKeyParms);
176           rsakey->key.algorithmParms.parmSize = offset;
177 
178 add_key:
179           if ((result = obj_list_add(&rsakey_list, tspContext, flags, rsakey, phObject))) {
180                     free(rsakey->key.algorithmParms.parms);
181                     free(rsakey);
182                     return result;
183           }
184 
185           return TSS_SUCCESS;
186 }
187 
188 /* Add a new rsakey to the list when its pulled from user PS */
189 TSS_RESULT
obj_rsakey_add_by_key(TSS_HCONTEXT tspContext,TSS_UUID * uuid,BYTE * key,TSS_FLAG flags,TSS_HKEY * phKey)190 obj_rsakey_add_by_key(TSS_HCONTEXT tspContext, TSS_UUID *uuid, BYTE *key, TSS_FLAG flags,
191                           TSS_HKEY *phKey)
192 {
193           TSS_RESULT result;
194           UINT64 offset;
195           struct tr_rsakey_obj *rsakey = calloc(1, sizeof(struct tr_rsakey_obj));
196 
197           if (rsakey == NULL) {
198                     LogError("malloc of %zd bytes failed.", sizeof(struct tr_rsakey_obj));
199                     return TSPERR(TSS_E_OUTOFMEMORY);
200           }
201 
202           memcpy(&rsakey->uuid, uuid, sizeof(TSS_UUID));
203 
204           offset = 0;
205           if ((result = UnloadBlob_TSS_KEY(&offset, key, &rsakey->key))) {
206                     free(rsakey);
207                     return result;
208           }
209           if (rsakey->key.hdr.key12.tag == TPM_TAG_KEY12)
210                     rsakey->type = TSS_KEY_STRUCT_KEY12;
211           else
212                     rsakey->type = TSS_KEY_STRUCT_KEY;
213 
214           flags |= TSS_OBJ_FLAG_KEY_SET;
215           if (rsakey->key.authDataUsage)
216                     flags |= TSS_OBJ_FLAG_USAGEAUTH;
217 
218           if ((result = obj_context_get_policy(tspContext, TSS_POLICY_USAGE, &rsakey->usagePolicy))) {
219                     free(rsakey);
220                     return result;
221           }
222 
223           if ((result = obj_list_add(&rsakey_list, tspContext, flags, rsakey, phKey))) {
224                     free_key_refs(&rsakey->key);
225                     free(rsakey);
226                     return result;
227           }
228 
229           return TSS_SUCCESS;
230 }
231 
232 TSS_BOOL
obj_is_rsakey(TSS_HOBJECT hObject)233 obj_is_rsakey(TSS_HOBJECT hObject)
234 {
235           TSS_BOOL answer = FALSE;
236 
237           if ((obj_list_get_obj(&rsakey_list, hObject))) {
238                     answer = TRUE;
239                     obj_list_put(&rsakey_list);
240           }
241 
242           return answer;
243 }
244 
245 TSS_RESULT
obj_rsakey_set_flags(TSS_HKEY hKey,UINT32 flags)246 obj_rsakey_set_flags(TSS_HKEY hKey, UINT32 flags)
247 {
248           struct tsp_object *obj;
249           struct tr_rsakey_obj *rsakey;
250           TSS_RESULT result = TSS_SUCCESS;
251 
252           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
253                     return TSPERR(TSS_E_INVALID_HANDLE);
254 
255           if (obj->flags & TSS_OBJ_FLAG_KEY_SET) {
256                     result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
257                     goto done;
258           }
259 
260           rsakey = (struct tr_rsakey_obj *)obj->data;
261           rsakey->key.keyFlags = flags;
262 done:
263           obj_list_put(&rsakey_list);
264 
265           return result;
266 }
267 
268 TSS_RESULT
obj_rsakey_set_size(TSS_HKEY hKey,UINT32 len)269 obj_rsakey_set_size(TSS_HKEY hKey, UINT32 len)
270 {
271           struct tsp_object *obj;
272           struct tr_rsakey_obj *rsakey;
273           TSS_RESULT result = TSS_SUCCESS;
274 
275           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
276                     return TSPERR(TSS_E_INVALID_HANDLE);
277 
278           if (obj->flags & TSS_OBJ_FLAG_KEY_SET) {
279                     result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
280                     goto done;
281           }
282 
283           rsakey = (struct tr_rsakey_obj *)obj->data;
284           rsakey->key.pubKey.keyLength = len/8;
285 done:
286           obj_list_put(&rsakey_list);
287 
288           return result;
289 }
290 
291 TSS_RESULT
obj_rsakey_set_key_parms(TSS_HKEY hKey,TCPA_KEY_PARMS * parms)292 obj_rsakey_set_key_parms(TSS_HKEY hKey, TCPA_KEY_PARMS *parms)
293 {
294           struct tsp_object *obj;
295           struct tr_rsakey_obj *rsakey;
296           TSS_RESULT result = TSS_SUCCESS;
297 
298           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
299                     return TSPERR(TSS_E_INVALID_HANDLE);
300 
301           if (obj->flags & TSS_OBJ_FLAG_KEY_SET) {
302                     result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
303                     goto done;
304           }
305 
306           rsakey = (struct tr_rsakey_obj *)obj->data;
307 
308           free(rsakey->key.algorithmParms.parms);
309 
310           memcpy(&rsakey->key.algorithmParms, parms, sizeof(TCPA_KEY_PARMS));
311 
312           if (parms->parmSize > 0) {
313                     if ((rsakey->key.algorithmParms.parms =
314                                                   malloc(parms->parmSize)) == NULL) {
315                               LogError("calloc of %d bytes failed.", parms->parmSize);
316                               result = TSPERR(TSS_E_OUTOFMEMORY);
317                               goto done;
318                     }
319 
320                     memcpy(rsakey->key.algorithmParms.parms, parms->parms,
321                            parms->parmSize);
322           } else {
323                     rsakey->key.algorithmParms.parms = NULL;
324           }
325 
326 done:
327           obj_list_put(&rsakey_list);
328 
329           return result;
330 }
331 
332 TSS_RESULT
obj_rsakey_set_policy(TSS_HKEY hKey,TSS_HPOLICY hPolicy)333 obj_rsakey_set_policy(TSS_HKEY hKey, TSS_HPOLICY hPolicy)
334 {
335           struct tsp_object *obj;
336           struct tr_rsakey_obj *rsakey;
337           UINT32 policyType;
338           TSS_RESULT result = TSS_SUCCESS;
339 
340           if ((result = obj_policy_get_type(hPolicy, &policyType)))
341                     return result;
342 
343           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
344                     return TSPERR(TSS_E_INVALID_HANDLE);
345 
346           rsakey = (struct tr_rsakey_obj *)obj->data;
347 
348           switch (policyType) {
349                     case TSS_POLICY_USAGE:
350                               rsakey->usagePolicy = hPolicy;
351                               break;
352                     case TSS_POLICY_MIGRATION:
353                               rsakey->migPolicy = hPolicy;
354                               break;
355                     default:
356                               result = TSPERR(TSS_E_BAD_PARAMETER);
357           }
358 
359           obj_list_put(&rsakey_list);
360 
361           return result;
362 }
363 
364 TSS_RESULT
obj_rsakey_set_pstype(TSS_HKEY hKey,UINT32 type)365 obj_rsakey_set_pstype(TSS_HKEY hKey, UINT32 type)
366 {
367           struct tsp_object *obj;
368 
369           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
370                     return TSPERR(TSS_E_INVALID_HANDLE);
371 
372           switch (type) {
373                     case TSS_PS_TYPE_USER:
374                               obj->flags |= TSS_OBJ_FLAG_USER_PS;
375                               obj->flags &= ~TSS_OBJ_FLAG_SYSTEM_PS;
376                               break;
377                     case TSS_PS_TYPE_SYSTEM:
378                               obj->flags |= TSS_OBJ_FLAG_SYSTEM_PS;
379                               obj->flags &= ~TSS_OBJ_FLAG_USER_PS;
380                               break;
381                     case TSS_PS_TYPE_NO:
382                     default:
383                               obj->flags &= ~TSS_OBJ_FLAG_USER_PS;
384                               obj->flags &= ~TSS_OBJ_FLAG_SYSTEM_PS;
385                               break;
386           }
387 
388           obj_list_put(&rsakey_list);
389 
390           return TSS_SUCCESS;
391 }
392 
393 /* WARN: Nobody should call this function directly except for the
394  * Get/Set Attrib functions. The TCPA_KEY structure wants values
395  * for keyUsage to be TPM_KEY_* values, and this function translates
396  * to TSS_KEYUSAGE_* values for passing to an app. */
397 TSS_RESULT
obj_rsakey_get_usage(TSS_HKEY hKey,UINT32 * usage)398 obj_rsakey_get_usage(TSS_HKEY hKey, UINT32 *usage)
399 {
400           TSS_RESULT result = TSS_SUCCESS;
401           struct tsp_object *obj;
402           struct tr_rsakey_obj *rsakey;
403 
404           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
405                     return TSPERR(TSS_E_INVALID_HANDLE);
406 
407           rsakey = (struct tr_rsakey_obj *)obj->data;
408 
409           switch (rsakey->key.keyUsage) {
410                     case TPM_KEY_SIGNING:
411                               *usage = TSS_KEYUSAGE_SIGN;
412                               break;
413                     case TPM_KEY_BIND:
414                               *usage = TSS_KEYUSAGE_BIND;
415                               break;
416                     case TPM_KEY_LEGACY:
417                               *usage = TSS_KEYUSAGE_LEGACY;
418                               break;
419                     case TPM_KEY_AUTHCHANGE:
420                               *usage = TSS_KEYUSAGE_AUTHCHANGE;
421                               break;
422                     case TPM_KEY_IDENTITY:
423                               *usage = TSS_KEYUSAGE_IDENTITY;
424                               break;
425                     case TPM_KEY_STORAGE:
426                               *usage = TSS_KEYUSAGE_STORAGE;
427                               break;
428                     default:
429                               result = TSPERR(TSS_E_INVALID_ATTRIB_DATA);
430                               break;
431           }
432 
433           obj_list_put(&rsakey_list);
434 
435           return result;
436 }
437 
438 /* WARN: Nobody should call this function directly except for the
439  * Get/Set Attrib functions. The TCPA_KEY structure wants values
440  * for keyUsage to be TPM_KEY_* values, and this function translates
441  * to TSS_KEYUSAGE_* values for passing to an app. */
442 TSS_RESULT
obj_rsakey_set_usage(TSS_HKEY hKey,UINT32 usage)443 obj_rsakey_set_usage(TSS_HKEY hKey, UINT32 usage)
444 {
445           TSS_RESULT result = TSS_SUCCESS;
446           struct tsp_object *obj;
447           struct tr_rsakey_obj *rsakey;
448 
449           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
450                     return TSPERR(TSS_E_INVALID_HANDLE);
451 
452           if (obj->flags & TSS_OBJ_FLAG_KEY_SET) {
453                     result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
454                     goto done;
455           }
456 
457           rsakey = (struct tr_rsakey_obj *)obj->data;
458 
459           switch (usage) {
460                     case TSS_KEYUSAGE_SIGN:
461                               rsakey->key.keyUsage = TPM_KEY_SIGNING;
462                               break;
463                     case TSS_KEYUSAGE_BIND:
464                               rsakey->key.keyUsage = TPM_KEY_BIND;
465                               break;
466                     case TSS_KEYUSAGE_LEGACY:
467                               rsakey->key.keyUsage = TPM_KEY_LEGACY;
468                               break;
469                     case TSS_KEYUSAGE_AUTHCHANGE:
470                               rsakey->key.keyUsage = TPM_KEY_AUTHCHANGE;
471                               break;
472                     case TSS_KEYUSAGE_IDENTITY:
473                               rsakey->key.keyUsage = TPM_KEY_IDENTITY;
474                               break;
475                     case TSS_KEYUSAGE_STORAGE:
476                               rsakey->key.keyUsage = TPM_KEY_STORAGE;
477                               break;
478                     default:
479                               result = TSPERR(TSS_E_INVALID_ATTRIB_DATA);
480                               break;
481           }
482 done:
483           obj_list_put(&rsakey_list);
484 
485           return result;
486 }
487 
488 TSS_RESULT
obj_rsakey_set_migratable(TSS_HKEY hKey,UINT32 mig)489 obj_rsakey_set_migratable(TSS_HKEY hKey, UINT32 mig)
490 {
491           struct tsp_object *obj;
492           struct tr_rsakey_obj *rsakey;
493           TSS_RESULT result = TSS_SUCCESS;
494 
495           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
496                     return TSPERR(TSS_E_INVALID_HANDLE);
497 
498           if (obj->flags & TSS_OBJ_FLAG_KEY_SET) {
499                     result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
500                     goto done;
501           }
502 
503           rsakey = (struct tr_rsakey_obj *)obj->data;
504           if (mig)
505                     rsakey->key.keyFlags |= TPM_MIGRATABLE;
506           else
507                     rsakey->key.keyFlags &= (~TPM_MIGRATABLE);
508 done:
509           obj_list_put(&rsakey_list);
510 
511           return result;
512 }
513 
514 TSS_RESULT
obj_rsakey_set_redirected(TSS_HKEY hKey,UINT32 redir)515 obj_rsakey_set_redirected(TSS_HKEY hKey, UINT32 redir)
516 {
517           struct tsp_object *obj;
518           struct tr_rsakey_obj *rsakey;
519           TSS_RESULT result = TSS_SUCCESS;
520 
521           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
522                     return TSPERR(TSS_E_INVALID_HANDLE);
523 
524           if (obj->flags & TSS_OBJ_FLAG_KEY_SET) {
525                     result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
526                     goto done;
527           }
528 
529           rsakey = (struct tr_rsakey_obj *)obj->data;
530           if (redir)
531                     rsakey->key.keyFlags |= TPM_REDIRECTION;
532           else
533                     rsakey->key.keyFlags &= (~TPM_REDIRECTION);
534 done:
535           obj_list_put(&rsakey_list);
536 
537           return result;
538 }
539 
540 TSS_RESULT
obj_rsakey_set_volatile(TSS_HKEY hKey,UINT32 vol)541 obj_rsakey_set_volatile(TSS_HKEY hKey, UINT32 vol)
542 {
543           struct tsp_object *obj;
544           struct tr_rsakey_obj *rsakey;
545           TSS_RESULT result = TSS_SUCCESS;
546 
547           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
548                     return TSPERR(TSS_E_INVALID_HANDLE);
549 
550           if (obj->flags & TSS_OBJ_FLAG_KEY_SET) {
551                     result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
552                     goto done;
553           }
554 
555           rsakey = (struct tr_rsakey_obj *)obj->data;
556           if (vol)
557                     rsakey->key.keyFlags |= TPM_VOLATILE;
558           else
559                     rsakey->key.keyFlags &= (~TPM_VOLATILE);
560 done:
561           obj_list_put(&rsakey_list);
562 
563           return result;
564 }
565 
566 TSS_RESULT
obj_rsakey_get_authdata_usage(TSS_HKEY hKey,UINT32 * usage)567 obj_rsakey_get_authdata_usage(TSS_HKEY hKey, UINT32 *usage)
568 {
569           struct tsp_object *obj;
570           struct tr_rsakey_obj *rsakey;
571 
572           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
573                     return TSPERR(TSS_E_INVALID_HANDLE);
574 
575           rsakey = (struct tr_rsakey_obj *)obj->data;
576           *usage = (UINT32)rsakey->key.authDataUsage ? TRUE : FALSE;
577 
578           obj_list_put(&rsakey_list);
579 
580           return TSS_SUCCESS;
581 }
582 
583 TSS_RESULT
obj_rsakey_set_authdata_usage(TSS_HKEY hKey,UINT32 usage)584 obj_rsakey_set_authdata_usage(TSS_HKEY hKey, UINT32 usage)
585 {
586           struct tsp_object *obj;
587           struct tr_rsakey_obj *rsakey;
588           TSS_RESULT result = TSS_SUCCESS;
589 
590           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
591                     return TSPERR(TSS_E_INVALID_HANDLE);
592 
593           if (obj->flags & TSS_OBJ_FLAG_KEY_SET) {
594                     result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
595                     goto done;
596           }
597 
598           rsakey = (struct tr_rsakey_obj *)obj->data;
599 
600           rsakey->key.authDataUsage = (BYTE)usage;
601           if (usage)
602                     obj->flags |= TSS_OBJ_FLAG_USAGEAUTH;
603           else
604                     obj->flags &= ~TSS_OBJ_FLAG_USAGEAUTH;
605 done:
606           obj_list_put(&rsakey_list);
607 
608           return result;
609 }
610 
611 TSS_RESULT
obj_rsakey_get_alg(TSS_HKEY hKey,UINT32 * alg)612 obj_rsakey_get_alg(TSS_HKEY hKey, UINT32 *alg)
613 {
614           struct tsp_object *obj;
615           struct tr_rsakey_obj *rsakey;
616 
617           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
618                     return TSPERR(TSS_E_INVALID_HANDLE);
619 
620           rsakey = (struct tr_rsakey_obj *)obj->data;
621 
622           switch (rsakey->key.algorithmParms.algorithmID) {
623                     case TCPA_ALG_RSA:
624                               *alg = TSS_ALG_RSA;
625                               break;
626                     default:
627                               *alg = rsakey->key.algorithmParms.algorithmID;
628                               break;
629           }
630 
631           obj_list_put(&rsakey_list);
632 
633           return TSS_SUCCESS;
634 }
635 
636 TSS_RESULT
obj_rsakey_set_alg(TSS_HKEY hKey,UINT32 alg)637 obj_rsakey_set_alg(TSS_HKEY hKey, UINT32 alg)
638 {
639           struct tsp_object *obj;
640           struct tr_rsakey_obj *rsakey;
641           TSS_RESULT result = TSS_SUCCESS;
642 
643           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
644                     return TSPERR(TSS_E_INVALID_HANDLE);
645 
646           if (obj->flags & TSS_OBJ_FLAG_KEY_SET) {
647                     result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
648                     goto done;
649           }
650 
651           rsakey = (struct tr_rsakey_obj *)obj->data;
652           switch (alg) {
653                     case TSS_ALG_RSA:
654                               rsakey->key.algorithmParms.algorithmID = TCPA_ALG_RSA;
655                               break;
656                     default:
657                               rsakey->key.algorithmParms.algorithmID = alg;
658                               break;
659           }
660 done:
661           obj_list_put(&rsakey_list);
662 
663           return result;
664 }
665 
666 TSS_RESULT
obj_rsakey_get_es(TSS_HKEY hKey,UINT32 * es)667 obj_rsakey_get_es(TSS_HKEY hKey, UINT32 *es)
668 {
669           struct tsp_object *obj;
670           struct tr_rsakey_obj *rsakey;
671 
672           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
673                     return TSPERR(TSS_E_INVALID_HANDLE);
674 
675           rsakey = (struct tr_rsakey_obj *)obj->data;
676 
677           /* translate TPM numbers to TSS numbers */
678           switch (rsakey->key.algorithmParms.encScheme) {
679                     case TCPA_ES_NONE:
680                               *es = TSS_ES_NONE;
681                               break;
682                     case TCPA_ES_RSAESPKCSv15:
683                               *es = TSS_ES_RSAESPKCSV15;
684                               break;
685                     case TCPA_ES_RSAESOAEP_SHA1_MGF1:
686                               *es = TSS_ES_RSAESOAEP_SHA1_MGF1;
687                               break;
688                     default:
689                               *es = rsakey->key.algorithmParms.encScheme;
690                               break;
691           }
692 
693           obj_list_put(&rsakey_list);
694 
695           return TSS_SUCCESS;
696 }
697 
698 TSS_RESULT
obj_rsakey_set_es(TSS_HKEY hKey,UINT32 es)699 obj_rsakey_set_es(TSS_HKEY hKey, UINT32 es)
700 {
701           struct tsp_object *obj;
702           struct tr_rsakey_obj *rsakey;
703           TSS_RESULT result = TSS_SUCCESS;
704 
705           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
706                     return TSPERR(TSS_E_INVALID_HANDLE);
707 
708           if (obj->flags & TSS_OBJ_FLAG_KEY_SET) {
709                     result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
710                     goto done;
711           }
712 
713           rsakey = (struct tr_rsakey_obj *)obj->data;
714 
715           /* translate TSS numbers to TPM numbers */
716           switch (es) {
717                     case TSS_ES_NONE:
718                               rsakey->key.algorithmParms.encScheme = TCPA_ES_NONE;
719                               break;
720                     case TSS_ES_RSAESPKCSV15:
721                               rsakey->key.algorithmParms.encScheme = TCPA_ES_RSAESPKCSv15;
722                               break;
723                     case TSS_ES_RSAESOAEP_SHA1_MGF1:
724                               rsakey->key.algorithmParms.encScheme = TCPA_ES_RSAESOAEP_SHA1_MGF1;
725                               break;
726                     default:
727                               rsakey->key.algorithmParms.encScheme = es;
728                               break;
729           }
730 done:
731           obj_list_put(&rsakey_list);
732 
733           return result;
734 }
735 
736 TSS_RESULT
obj_rsakey_get_ss(TSS_HKEY hKey,UINT32 * ss)737 obj_rsakey_get_ss(TSS_HKEY hKey, UINT32 *ss)
738 {
739           struct tsp_object *obj;
740           struct tr_rsakey_obj *rsakey;
741 
742           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
743                     return TSPERR(TSS_E_INVALID_HANDLE);
744 
745           rsakey = (struct tr_rsakey_obj *)obj->data;
746 
747           /* translate TPM numbers to TSS numbers */
748           switch (rsakey->key.algorithmParms.sigScheme) {
749                     case TCPA_SS_NONE:
750                               *ss = TSS_SS_NONE;
751                               break;
752                     case TCPA_SS_RSASSAPKCS1v15_SHA1:
753                               *ss = TSS_SS_RSASSAPKCS1V15_SHA1;
754                               break;
755                     case TCPA_SS_RSASSAPKCS1v15_DER:
756                               *ss = TSS_SS_RSASSAPKCS1V15_DER;
757                               break;
758                     case TCPA_SS_RSASSAPKCS1v15_INFO:
759                               *ss = TSS_SS_RSASSAPKCS1V15_INFO;
760                               break;
761                     default:
762                               *ss = rsakey->key.algorithmParms.sigScheme;
763                               break;
764           }
765 
766 
767           obj_list_put(&rsakey_list);
768 
769           return TSS_SUCCESS;
770 }
771 
772 TSS_RESULT
obj_rsakey_set_ss(TSS_HKEY hKey,UINT32 ss)773 obj_rsakey_set_ss(TSS_HKEY hKey, UINT32 ss)
774 {
775           struct tsp_object *obj;
776           struct tr_rsakey_obj *rsakey;
777           TSS_RESULT result = TSS_SUCCESS;
778 
779           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
780                     return TSPERR(TSS_E_INVALID_HANDLE);
781 
782           if (obj->flags & TSS_OBJ_FLAG_KEY_SET) {
783                     result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
784                     goto done;
785           }
786 
787           rsakey = (struct tr_rsakey_obj *)obj->data;
788 
789           /* translate TSS numbers to TPM numbers */
790           switch (ss) {
791                     case TSS_SS_NONE:
792                               rsakey->key.algorithmParms.sigScheme = TCPA_SS_NONE;
793                               break;
794                     case TSS_SS_RSASSAPKCS1V15_SHA1:
795                               rsakey->key.algorithmParms.sigScheme = TCPA_SS_RSASSAPKCS1v15_SHA1;
796                               break;
797                     case TSS_SS_RSASSAPKCS1V15_DER:
798                               rsakey->key.algorithmParms.sigScheme = TCPA_SS_RSASSAPKCS1v15_DER;
799                               break;
800                     case TSS_SS_RSASSAPKCS1V15_INFO:
801                               rsakey->key.algorithmParms.sigScheme = TCPA_SS_RSASSAPKCS1v15_INFO;
802                               break;
803                     default:
804                               rsakey->key.algorithmParms.sigScheme = ss;
805                               break;
806           }
807 done:
808           obj_list_put(&rsakey_list);
809 
810           return result;
811 }
812 
813 TSS_RESULT
obj_rsakey_set_num_primes(TSS_HKEY hKey,UINT32 num)814 obj_rsakey_set_num_primes(TSS_HKEY hKey, UINT32 num)
815 {
816           struct tsp_object *obj;
817           struct tr_rsakey_obj *rsakey;
818           TSS_RESULT result = TSS_SUCCESS;
819 
820           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
821                     return TSPERR(TSS_E_INVALID_HANDLE);
822 
823           if (obj->flags & TSS_OBJ_FLAG_KEY_SET) {
824                     result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
825                     goto done;
826           }
827 
828           rsakey = (struct tr_rsakey_obj *)obj->data;
829           UINT32ToArray(num, &rsakey->key.algorithmParms.parms[4]);
830 done:
831           obj_list_put(&rsakey_list);
832 
833           return result;
834 }
835 
836 TSS_RESULT
obj_rsakey_get_num_primes(TSS_HKEY hKey,UINT32 * num)837 obj_rsakey_get_num_primes(TSS_HKEY hKey, UINT32 *num)
838 {
839           struct tsp_object *obj;
840           struct tr_rsakey_obj *rsakey;
841           TCPA_RSA_KEY_PARMS *parms;
842 
843           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
844                     return TSPERR(TSS_E_INVALID_HANDLE);
845 
846           rsakey = (struct tr_rsakey_obj *)obj->data;
847           parms = (TCPA_RSA_KEY_PARMS *)rsakey->key.algorithmParms.parms;
848           *num = endian32(parms->numPrimes);
849 
850           obj_list_put(&rsakey_list);
851 
852           return TSS_SUCCESS;
853 }
854 
855 TSS_RESULT
obj_rsakey_get_flags(TSS_HKEY hKey,UINT32 * flags)856 obj_rsakey_get_flags(TSS_HKEY hKey, UINT32 *flags)
857 {
858           struct tsp_object *obj;
859           struct tr_rsakey_obj *rsakey;
860 
861           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
862                     return TSPERR(TSS_E_INVALID_HANDLE);
863 
864           rsakey = (struct tr_rsakey_obj *)obj->data;
865           *flags = rsakey->key.keyFlags;
866 
867           obj_list_put(&rsakey_list);
868 
869           return TSS_SUCCESS;
870 }
871 
872 TSS_RESULT
obj_rsakey_get_size(TSS_HKEY hKey,UINT32 * len)873 obj_rsakey_get_size(TSS_HKEY hKey, UINT32 *len)
874 {
875           struct tsp_object *obj;
876           struct tr_rsakey_obj *rsakey;
877 
878           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
879                     return TSPERR(TSS_E_INVALID_HANDLE);
880 
881           rsakey = (struct tr_rsakey_obj *)obj->data;
882 
883           switch (rsakey->key.pubKey.keyLength) {
884                     case 512/8:
885                               *len = TSS_KEY_SIZEVAL_512BIT;
886                               break;
887                     case 1024/8:
888                               *len = TSS_KEY_SIZEVAL_1024BIT;
889                               break;
890                     case 2048/8:
891                               *len = TSS_KEY_SIZEVAL_2048BIT;
892                               break;
893                     default:
894                               *len = rsakey->key.pubKey.keyLength * 8;
895                               break;
896           }
897 
898           obj_list_put(&rsakey_list);
899 
900           return TSS_SUCCESS;
901 }
902 
903 TSS_RESULT
obj_rsakey_get_pstype(TSS_HKEY hKey,UINT32 * type)904 obj_rsakey_get_pstype(TSS_HKEY hKey, UINT32 *type)
905 {
906           struct tsp_object *obj;
907 
908           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
909                     return TSPERR(TSS_E_INVALID_HANDLE);
910 
911           if (obj->flags & TSS_OBJ_FLAG_SYSTEM_PS)
912                     *type = TSS_PS_TYPE_SYSTEM;
913           else if (obj->flags & TSS_OBJ_FLAG_USER_PS)
914                     *type = TSS_PS_TYPE_USER;
915           else
916                     *type = TSS_PS_TYPE_NO;
917 
918           obj_list_put(&rsakey_list);
919 
920           return TSS_SUCCESS;
921 }
922 
923 TSS_BOOL
obj_rsakey_is_migratable(TSS_HKEY hKey)924 obj_rsakey_is_migratable(TSS_HKEY hKey)
925 {
926           struct tsp_object *obj;
927           struct tr_rsakey_obj *rsakey;
928           TSS_BOOL answer = FALSE;
929 
930           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
931                     return answer;
932 
933           rsakey = (struct tr_rsakey_obj *)obj->data;
934           if (rsakey->key.keyFlags & TPM_MIGRATABLE)
935                     answer = TRUE;
936 
937           obj_list_put(&rsakey_list);
938 
939           return answer;
940 }
941 
942 TSS_BOOL
obj_rsakey_is_redirected(TSS_HKEY hKey)943 obj_rsakey_is_redirected(TSS_HKEY hKey)
944 {
945           struct tsp_object *obj;
946           struct tr_rsakey_obj *rsakey;
947           TSS_BOOL answer = FALSE;
948 
949           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
950                     return answer;
951 
952           rsakey = (struct tr_rsakey_obj *)obj->data;
953           if (rsakey->key.keyFlags & TPM_REDIRECTION)
954                     answer = TRUE;
955 
956           obj_list_put(&rsakey_list);
957 
958           return answer;
959 }
960 
961 TSS_BOOL
obj_rsakey_is_volatile(TSS_HKEY hKey)962 obj_rsakey_is_volatile(TSS_HKEY hKey)
963 {
964           struct tsp_object *obj;
965           struct tr_rsakey_obj *rsakey;
966           TSS_BOOL answer = FALSE;
967 
968           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
969                     return answer;
970 
971           rsakey = (struct tr_rsakey_obj *)obj->data;
972           if (rsakey->key.keyFlags & TPM_VOLATILE)
973                     answer = TRUE;
974 
975           obj_list_put(&rsakey_list);
976 
977           return answer;
978 }
979 
980 TSS_RESULT
obj_rsakey_get_tsp_context(TSS_HKEY hKey,TSS_HCONTEXT * tspContext)981 obj_rsakey_get_tsp_context(TSS_HKEY hKey, TSS_HCONTEXT *tspContext)
982 {
983           struct tsp_object *obj;
984 
985           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
986                     return TSPERR(TSS_E_INVALID_HANDLE);
987 
988           *tspContext = obj->tspContext;
989 
990           obj_list_put(&rsakey_list);
991 
992           return TSS_SUCCESS;
993 }
994 
995 TSS_RESULT
obj_rsakey_get_policies(TSS_HKEY hKey,TSS_HPOLICY * usage,TSS_HPOLICY * mig,TSS_BOOL * auth)996 obj_rsakey_get_policies(TSS_HKEY hKey, TSS_HPOLICY *usage, TSS_HPOLICY *mig, TSS_BOOL *auth)
997 {
998           struct tsp_object *obj;
999           struct tr_rsakey_obj *rsakey;
1000 
1001           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1002                     return TSPERR(TSS_E_INVALID_HANDLE);
1003 
1004           rsakey = (struct tr_rsakey_obj *)obj->data;
1005 
1006           *mig = rsakey->migPolicy;
1007           *usage = rsakey->usagePolicy;
1008           *auth = rsakey->key.authDataUsage ? TRUE : FALSE;
1009 
1010           obj_list_put(&rsakey_list);
1011 
1012           return TSS_SUCCESS;
1013 }
1014 
1015 TSS_RESULT
obj_rsakey_get_policy(TSS_HKEY hKey,UINT32 policyType,TSS_HPOLICY * phPolicy,TSS_BOOL * auth)1016 obj_rsakey_get_policy(TSS_HKEY hKey, UINT32 policyType,
1017                           TSS_HPOLICY *phPolicy, TSS_BOOL *auth)
1018 {
1019           struct tsp_object *obj;
1020           struct tr_rsakey_obj *rsakey;
1021           TSS_RESULT result = TSS_SUCCESS;
1022 
1023           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1024                     return TSPERR(TSS_E_INVALID_HANDLE);
1025 
1026           rsakey = (struct tr_rsakey_obj *)obj->data;
1027 
1028           switch (policyType) {
1029                     case TSS_POLICY_USAGE:
1030                               *phPolicy = rsakey->usagePolicy;
1031                               if (auth != NULL) {
1032                                         if (obj->flags & TSS_OBJ_FLAG_USAGEAUTH)
1033                                                   *auth = TRUE;
1034                                         else
1035                                                   *auth = FALSE;
1036                               }
1037                               break;
1038                     case TSS_POLICY_MIGRATION:
1039                               if (!rsakey->migPolicy) {
1040                                         result = TSPERR(TSS_E_KEY_NO_MIGRATION_POLICY);
1041                                         break;
1042                               }
1043 
1044                               *phPolicy = rsakey->migPolicy;
1045                               if (auth != NULL) {
1046                                         if (obj->flags & TSS_OBJ_FLAG_MIGAUTH)
1047                                                   *auth = TRUE;
1048                                         else
1049                                                   *auth = FALSE;
1050                               }
1051                               break;
1052                     default:
1053                               result = TSPERR(TSS_E_BAD_PARAMETER);
1054           }
1055 
1056           obj_list_put(&rsakey_list);
1057 
1058           return result;
1059 }
1060 
1061 TSS_RESULT
obj_rsakey_get_blob(TSS_HKEY hKey,UINT32 * size,BYTE ** data)1062 obj_rsakey_get_blob(TSS_HKEY hKey, UINT32 *size, BYTE **data)
1063 {
1064           struct tsp_object *obj;
1065           struct tr_rsakey_obj *rsakey;
1066           TSS_RESULT result = TSS_SUCCESS;
1067           UINT64 offset;
1068 
1069           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1070                     return TSPERR(TSS_E_INVALID_HANDLE);
1071 
1072           rsakey = (struct tr_rsakey_obj *)obj->data;
1073 
1074           offset = 0;
1075           LoadBlob_TSS_KEY(&offset, NULL, &rsakey->key);
1076 
1077           *data = calloc_tspi(obj->tspContext, offset);
1078           if (*data == NULL) {
1079                     LogError("malloc of %" PRIu64 " bytes failed.", offset);
1080                     result = TSPERR(TSS_E_OUTOFMEMORY);
1081                     goto done;
1082           }
1083 
1084           offset = 0;
1085           LoadBlob_TSS_KEY(&offset, *data, &rsakey->key);
1086           *size = offset;
1087 
1088 done:
1089           obj_list_put(&rsakey_list);
1090 
1091           return result;
1092 }
1093 
1094 TSS_RESULT
obj_rsakey_get_priv_blob(TSS_HKEY hKey,UINT32 * size,BYTE ** data)1095 obj_rsakey_get_priv_blob(TSS_HKEY hKey, UINT32 *size, BYTE **data)
1096 {
1097           struct tsp_object *obj;
1098           struct tr_rsakey_obj *rsakey;
1099           TSS_RESULT result = TSS_SUCCESS;
1100 
1101           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1102                     return TSPERR(TSS_E_INVALID_HANDLE);
1103 
1104           rsakey = (struct tr_rsakey_obj *)obj->data;
1105 
1106           *data = calloc_tspi(obj->tspContext, rsakey->key.encSize);
1107           if (*data == NULL) {
1108                     LogError("malloc of %u bytes failed.", rsakey->key.encSize);
1109                     result = TSPERR(TSS_E_OUTOFMEMORY);
1110                     goto done;
1111           }
1112           *size = rsakey->key.encSize;
1113           memcpy(*data, rsakey->key.encData, rsakey->key.encSize);
1114 
1115 done:
1116           obj_list_put(&rsakey_list);
1117 
1118           return result;
1119 }
1120 
1121 TSS_RESULT
obj_rsakey_get_modulus(TSS_HKEY hKey,UINT32 * size,BYTE ** data)1122 obj_rsakey_get_modulus(TSS_HKEY hKey, UINT32 *size, BYTE **data)
1123 {
1124           struct tsp_object *obj;
1125           struct tr_rsakey_obj *rsakey;
1126           TSS_RESULT result = TSS_SUCCESS;
1127 
1128           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1129                     return TSPERR(TSS_E_INVALID_HANDLE);
1130 
1131           rsakey = (struct tr_rsakey_obj *)obj->data;
1132 
1133           /* if this key object represents the SRK and the public key
1134            * data here is all 0's, then we shouldn't return it, we
1135            * should return TSS_E_BAD_PARAMETER. This is part of protecting
1136            * the SRK public key. */
1137           if (rsakey->tcsHandle == TPM_KEYHND_SRK) {
1138                     BYTE zeroBlob[2048] = { 0, };
1139 
1140                     if (!memcmp(rsakey->key.pubKey.key, zeroBlob, rsakey->key.pubKey.keyLength)) {
1141                               result = TSPERR(TSS_E_BAD_PARAMETER);
1142                               goto done;
1143                     }
1144           }
1145 
1146           *data = calloc_tspi(obj->tspContext, rsakey->key.pubKey.keyLength);
1147           if (*data == NULL) {
1148                     LogError("malloc of %u bytes failed.", rsakey->key.pubKey.keyLength);
1149                     result = TSPERR(TSS_E_OUTOFMEMORY);
1150                     goto done;
1151           }
1152           *size = rsakey->key.pubKey.keyLength;
1153           memcpy(*data, rsakey->key.pubKey.key, rsakey->key.pubKey.keyLength);
1154 
1155 done:
1156           obj_list_put(&rsakey_list);
1157 
1158           return result;
1159 }
1160 
1161 TSS_RESULT
obj_rsakey_set_modulus(TSS_HKEY hKey,UINT32 size,BYTE * data)1162 obj_rsakey_set_modulus(TSS_HKEY hKey, UINT32 size, BYTE *data)
1163 {
1164           struct tsp_object *obj;
1165           struct tr_rsakey_obj *rsakey;
1166           TSS_RESULT result = TSS_SUCCESS;
1167           BYTE *free_ptr;
1168 
1169           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1170                     return TSPERR(TSS_E_INVALID_HANDLE);
1171 
1172           if (obj->flags & TSS_OBJ_FLAG_KEY_SET) {
1173                     result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
1174                     goto done;
1175           }
1176 
1177           rsakey = (struct tr_rsakey_obj *)obj->data;
1178 
1179           free_ptr = rsakey->key.pubKey.key;
1180 
1181           rsakey->key.pubKey.key = malloc(size);
1182           if (rsakey->key.pubKey.key == NULL) {
1183                     rsakey->key.pubKey.key = free_ptr; // restore
1184                     LogError("malloc of %u bytes failed.", size);
1185                     result = TSPERR(TSS_E_OUTOFMEMORY);
1186                     goto done;
1187           }
1188           rsakey->key.pubKey.keyLength = size;
1189           memcpy(rsakey->key.pubKey.key, data, size);
1190 
1191 done:
1192           obj_list_put(&rsakey_list);
1193 
1194           return result;
1195 }
1196 
1197 TSS_RESULT
obj_rsakey_get_pub_blob(TSS_HKEY hKey,UINT32 * size,BYTE ** data)1198 obj_rsakey_get_pub_blob(TSS_HKEY hKey, UINT32 *size, BYTE **data)
1199 {
1200           struct tsp_object *obj;
1201           struct tr_rsakey_obj *rsakey;
1202           TSS_RESULT result = TSS_SUCCESS;
1203           UINT64 offset;
1204 
1205           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1206                     return TSPERR(TSS_E_INVALID_HANDLE);
1207 
1208           rsakey = (struct tr_rsakey_obj *)obj->data;
1209 
1210           /* if this key object represents the SRK and the public key
1211            * data here is all 0's, then we shouldn't return it, we
1212            * should return TSS_E_BAD_PARAMETER. This is part of protecting
1213            * the SRK public key. */
1214           if (rsakey->tcsHandle == TPM_KEYHND_SRK) {
1215                     BYTE zeroBlob[2048] = { 0, };
1216 
1217                     if (!memcmp(rsakey->key.pubKey.key, zeroBlob, rsakey->key.pubKey.keyLength)) {
1218                               result = TSPERR(TSS_E_BAD_PARAMETER);
1219                               goto done;
1220                     }
1221           }
1222 
1223           offset = 0;
1224           Trspi_LoadBlob_KEY_PARMS(&offset, NULL, &rsakey->key.algorithmParms);
1225           Trspi_LoadBlob_STORE_PUBKEY(&offset, NULL, &rsakey->key.pubKey);
1226 
1227           *data = calloc_tspi(obj->tspContext, offset);
1228           if (*data == NULL) {
1229                     LogError("malloc of %" PRIu64 " bytes failed.", offset);
1230                     result = TSPERR(TSS_E_OUTOFMEMORY);
1231                     goto done;
1232           }
1233 
1234           offset = 0;
1235           Trspi_LoadBlob_KEY_PARMS(&offset, *data, &rsakey->key.algorithmParms);
1236           Trspi_LoadBlob_STORE_PUBKEY(&offset, *data, &rsakey->key.pubKey);
1237           *size = offset;
1238 
1239 done:
1240           obj_list_put(&rsakey_list);
1241 
1242           return result;
1243 }
1244 
1245 TSS_RESULT
obj_rsakey_get_version(TSS_HKEY hKey,UINT32 * size,BYTE ** data)1246 obj_rsakey_get_version(TSS_HKEY hKey, UINT32 *size, BYTE **data)
1247 {
1248           struct tsp_object *obj;
1249           struct tr_rsakey_obj *rsakey;
1250           TSS_RESULT result = TSS_SUCCESS;
1251           UINT64 offset;
1252           TPM_STRUCT_VER ver = {1, 2, 0, 0}, *pVer;
1253 
1254           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1255                     return TSPERR(TSS_E_INVALID_HANDLE);
1256 
1257           rsakey = (struct tr_rsakey_obj *)obj->data;
1258 
1259           if (rsakey->key.hdr.key12.tag == TPM_TAG_KEY12)
1260                     pVer = &ver;
1261           else
1262                     pVer = &rsakey->key.hdr.key11.ver;
1263 
1264           offset = 0;
1265           Trspi_LoadBlob_TCPA_VERSION(&offset, NULL, *pVer);
1266 
1267           *data = calloc_tspi(obj->tspContext, offset);
1268           if (*data == NULL) {
1269                     LogError("malloc of %" PRIu64 " bytes failed.", offset);
1270                     result = TSPERR(TSS_E_OUTOFMEMORY);
1271                     goto done;
1272           }
1273 
1274           offset = 0;
1275           Trspi_LoadBlob_TCPA_VERSION(&offset, *data, *pVer);
1276           *size = offset;
1277 
1278 done:
1279           obj_list_put(&rsakey_list);
1280 
1281           return result;
1282 }
1283 
1284 TSS_RESULT
obj_rsakey_get_exponent(TSS_HKEY hKey,UINT32 * size,BYTE ** data)1285 obj_rsakey_get_exponent(TSS_HKEY hKey, UINT32 *size, BYTE **data)
1286 {
1287           struct tsp_object *obj;
1288           struct tr_rsakey_obj *rsakey;
1289           TSS_RESULT result = TSS_SUCCESS;
1290           TCPA_RSA_KEY_PARMS *parms;
1291           BYTE default_exp[3] = { 0x1, 0x0, 0x1 };
1292           UINT32 offset;
1293 
1294           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1295                     return TSPERR(TSS_E_INVALID_HANDLE);
1296 
1297           rsakey = (struct tr_rsakey_obj *)obj->data;
1298           parms = (TCPA_RSA_KEY_PARMS *)rsakey->key.algorithmParms.parms;
1299           offset = parms->exponentSize;
1300 
1301           /* see TPM 1.1b spec pg. 51. If exponentSize is 0, we're using the
1302            * default exponent of 2^16 + 1. */
1303           if (offset == 0) {
1304                     offset = 3;
1305                     *data = calloc_tspi(obj->tspContext, offset);
1306                     if (*data == NULL) {
1307                               LogError("malloc of %u bytes failed.", offset);
1308                               result = TSPERR(TSS_E_OUTOFMEMORY);
1309                               goto done;
1310                     }
1311                     *size = offset;
1312                     memcpy(*data, default_exp, offset);
1313           } else {
1314                     *data = calloc_tspi(obj->tspContext, offset);
1315                     if (*data == NULL) {
1316                               LogError("malloc of %u bytes failed.", offset);
1317                               result = TSPERR(TSS_E_OUTOFMEMORY);
1318                               goto done;
1319                     }
1320                     *size = offset;
1321                     memcpy(*data, parms->exponent, offset);
1322           }
1323 
1324 done:
1325           obj_list_put(&rsakey_list);
1326 
1327           return result;
1328 }
1329 
1330 TSS_RESULT
obj_rsakey_set_exponent(TSS_HKEY hKey,UINT32 size,BYTE * data)1331 obj_rsakey_set_exponent(TSS_HKEY hKey, UINT32 size, BYTE *data)
1332 {
1333           struct tsp_object *obj;
1334           struct tr_rsakey_obj *rsakey;
1335           TSS_RESULT result = TSS_SUCCESS;
1336           TCPA_RSA_KEY_PARMS *parms;
1337           BYTE *free_ptr;
1338 
1339           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1340                     return TSPERR(TSS_E_INVALID_HANDLE);
1341 
1342           if (obj->flags & TSS_OBJ_FLAG_KEY_SET) {
1343                     result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
1344                     goto done;
1345           }
1346 
1347           rsakey = (struct tr_rsakey_obj *)obj->data;
1348           parms = (TCPA_RSA_KEY_PARMS *)rsakey->key.algorithmParms.parms;
1349 
1350           free_ptr = parms->exponent;
1351 
1352           parms->exponent = malloc(size);
1353           if (parms->exponent == NULL) {
1354                     parms->exponent = free_ptr; // restore
1355                     LogError("malloc of %u bytes failed.", size);
1356                     result = TSPERR(TSS_E_OUTOFMEMORY);
1357                     goto done;
1358           }
1359           parms->exponentSize = size;
1360           memcpy(parms->exponent, data, size);
1361 done:
1362           obj_list_put(&rsakey_list);
1363 
1364           return result;
1365 }
1366 
1367 TSS_RESULT
obj_rsakey_get_uuid(TSS_HKEY hKey,UINT32 * size,BYTE ** data)1368 obj_rsakey_get_uuid(TSS_HKEY hKey, UINT32 *size, BYTE **data)
1369 {
1370           struct tsp_object *obj;
1371           struct tr_rsakey_obj *rsakey;
1372           TSS_RESULT result = TSS_SUCCESS;
1373           UINT64 offset;
1374 
1375           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1376                     return TSPERR(TSS_E_INVALID_HANDLE);
1377 
1378           rsakey = (struct tr_rsakey_obj *)obj->data;
1379 
1380           offset = 0;
1381           Trspi_LoadBlob_UUID(&offset, NULL, rsakey->uuid);
1382 
1383           *data = calloc_tspi(obj->tspContext, offset);
1384           if (*data == NULL) {
1385                     LogError("malloc of %" PRIu64 " bytes failed.", offset);
1386                     result = TSPERR(TSS_E_OUTOFMEMORY);
1387                     goto done;
1388           }
1389 
1390           offset = 0;
1391           Trspi_LoadBlob_UUID(&offset, *data, rsakey->uuid);
1392           *size = offset;
1393 
1394 done:
1395           obj_list_put(&rsakey_list);
1396 
1397           return result;
1398 }
1399 
1400 TSS_RESULT
obj_rsakey_set_uuid(TSS_HKEY hKey,TSS_FLAG ps_type,TSS_UUID * uuid)1401 obj_rsakey_set_uuid(TSS_HKEY hKey, TSS_FLAG ps_type, TSS_UUID *uuid)
1402 {
1403           struct tsp_object *obj;
1404           struct tr_rsakey_obj *rsakey;
1405 
1406           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1407                     return TSPERR(TSS_E_INVALID_HANDLE);
1408 
1409           rsakey = (struct tr_rsakey_obj *)obj->data;
1410           memcpy(&rsakey->uuid, uuid, sizeof(TSS_UUID));
1411 
1412           switch (ps_type) {
1413                     case TSS_PS_TYPE_SYSTEM:
1414                               obj->flags |= TSS_OBJ_FLAG_SYSTEM_PS;
1415                               obj->flags &= ~TSS_OBJ_FLAG_USER_PS;
1416                               break;
1417                     case TSS_PS_TYPE_USER:
1418                               obj->flags |= TSS_OBJ_FLAG_USER_PS;
1419                               obj->flags &= ~TSS_OBJ_FLAG_SYSTEM_PS;
1420                               break;
1421                     case TSS_PS_TYPE_NO:
1422                     default:
1423                               obj->flags &= ~TSS_OBJ_FLAG_USER_PS;
1424                               obj->flags &= ~TSS_OBJ_FLAG_SYSTEM_PS;
1425                               break;
1426           }
1427 
1428           obj_list_put(&rsakey_list);
1429 
1430           return TSS_SUCCESS;
1431 }
1432 
1433 TSS_RESULT
obj_rsakey_set_tcs_handle(TSS_HKEY hKey,TCS_KEY_HANDLE tcsHandle)1434 obj_rsakey_set_tcs_handle(TSS_HKEY hKey, TCS_KEY_HANDLE tcsHandle)
1435 {
1436           struct tsp_object *obj;
1437           struct tr_rsakey_obj *rsakey;
1438 
1439           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1440                     return TSPERR(TSS_E_INVALID_HANDLE);
1441 
1442           rsakey = (struct tr_rsakey_obj *)obj->data;
1443           rsakey->tcsHandle = tcsHandle;
1444 
1445           obj_list_put(&rsakey_list);
1446 
1447           return TSS_SUCCESS;
1448 }
1449 
1450 TSS_RESULT
obj_rsakey_get_tcs_handle(TSS_HKEY hKey,TCS_KEY_HANDLE * tcsHandle)1451 obj_rsakey_get_tcs_handle(TSS_HKEY hKey, TCS_KEY_HANDLE *tcsHandle)
1452 {
1453           struct tsp_object *obj;
1454           struct tr_rsakey_obj *rsakey;
1455           TSS_RESULT result = TSS_SUCCESS;
1456 
1457           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1458                     return TSPERR(TSS_E_INVALID_HANDLE);
1459 
1460           rsakey = (struct tr_rsakey_obj *)obj->data;
1461           if (rsakey->tcsHandle)
1462                     *tcsHandle = rsakey->tcsHandle;
1463           else
1464                     result = TSPERR(TSS_E_KEY_NOT_LOADED);
1465 
1466           obj_list_put(&rsakey_list);
1467 
1468           return result;
1469 }
1470 
1471 TSS_RESULT
obj_rsakey_set_tcpakey(TSS_HKEY hKey,UINT32 size,BYTE * data)1472 obj_rsakey_set_tcpakey(TSS_HKEY hKey, UINT32 size, BYTE *data)
1473 {
1474           struct tsp_object *obj;
1475           struct tr_rsakey_obj *rsakey;
1476           UINT64 offset;
1477           TSS_RESULT result = TSS_SUCCESS;
1478 
1479           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1480                     return TSPERR(TSS_E_INVALID_HANDLE);
1481 
1482           rsakey = (struct tr_rsakey_obj *)obj->data;
1483 
1484           free_key_refs(&rsakey->key);
1485 
1486           offset = 0;
1487           if ((result = UnloadBlob_TSS_KEY(&offset, data, &rsakey->key)))
1488                     goto done;
1489           if (rsakey->key.hdr.key12.tag == TPM_TAG_KEY12)
1490                     rsakey->type = TSS_KEY_STRUCT_KEY12;
1491           else
1492                     rsakey->type = TSS_KEY_STRUCT_KEY;
1493 
1494           if (rsakey->key.authDataUsage)
1495                     obj->flags |= TSS_OBJ_FLAG_USAGEAUTH;
1496           else
1497                     obj->flags &= ~TSS_OBJ_FLAG_USAGEAUTH;
1498 
1499           if (rsakey->key.PCRInfoSize && rsakey->key.PCRInfo) {
1500                     offset = 0;
1501                     if (rsakey->type == TSS_KEY_STRUCT_KEY12) {
1502                               if ((result = Trspi_UnloadBlob_PCR_INFO_LONG(&offset, rsakey->key.PCRInfo,
1503                                                                                      &rsakey->pcrInfo.infolong)))
1504                                         goto done;
1505                     } else {
1506                               if ((result = Trspi_UnloadBlob_PCR_INFO(&offset, rsakey->key.PCRInfo,
1507                                                                                 &rsakey->pcrInfo.info11)))
1508                                         goto done;
1509                     }
1510           }
1511 
1512           obj->flags |= TSS_OBJ_FLAG_KEY_SET;
1513 done:
1514           obj_list_put(&rsakey_list);
1515 
1516           return result;
1517 }
1518 
1519 TSS_RESULT
obj_rsakey_get_pcr_digest(TSS_HKEY hKey,TSS_FLAG pcrInfoType,TSS_FLAG dir,UINT32 * size,BYTE ** data)1520 obj_rsakey_get_pcr_digest(TSS_HKEY hKey,
1521                           TSS_FLAG pcrInfoType,
1522                           TSS_FLAG dir,
1523                           UINT32 *size,
1524                           BYTE **data)
1525 {
1526           struct tsp_object *obj;
1527           struct tr_rsakey_obj *rsakey;
1528           TSS_RESULT result = TSS_SUCCESS;
1529           TPM_DIGEST *digest = NULL;
1530           UINT64 offset;
1531 
1532           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1533                     return TSPERR(TSS_E_INVALID_HANDLE);
1534 
1535           rsakey = (struct tr_rsakey_obj *)obj->data;
1536 
1537           if (pcrInfoType != rsakey->pcrInfoType) {
1538                     result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
1539                     goto done;
1540           }
1541 
1542           switch (pcrInfoType) {
1543                     case TSS_PCRS_STRUCT_INFO:
1544                               if (dir == TSS_TSPATTRIB_KEYPCR_DIGEST_ATCREATION)
1545                                         digest = &rsakey->pcrInfo.info11.digestAtCreation;
1546                               else if (dir == TSS_TSPATTRIB_KEYPCR_DIGEST_ATRELEASE)
1547                                         digest = &rsakey->pcrInfo.info11.digestAtRelease;
1548                               else {
1549                                         result = TSPERR(TSS_E_BAD_PARAMETER);
1550                                         goto done;
1551                               }
1552                               break;
1553                     case TSS_PCRS_STRUCT_INFO_LONG:
1554                               if (dir == TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION)
1555                                         digest = &rsakey->pcrInfo.infolong.digestAtCreation;
1556                               else if (dir == TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE)
1557                                         digest = &rsakey->pcrInfo.infolong.digestAtRelease;
1558                               else {
1559                                         result = TSPERR(TSS_E_BAD_PARAMETER);
1560                                         goto done;
1561                               }
1562                               break;
1563                     default:
1564                               result = TSPERR(TSS_E_INTERNAL_ERROR);
1565                               goto done;
1566           }
1567 
1568           *size = sizeof(TPM_DIGEST);
1569 
1570           if ((*data = calloc_tspi(obj->tspContext, *size)) == NULL) {
1571                     LogError("malloc of %u bytes failed.", *size);
1572                     *size = 0;
1573                     result = TSPERR(TSS_E_OUTOFMEMORY);
1574                     goto done;
1575           }
1576 
1577           offset = 0;
1578           Trspi_LoadBlob_DIGEST(&offset, *data, digest);
1579 done:
1580           obj_list_put(&rsakey_list);
1581 
1582           return result;
1583 }
1584 
1585 
1586 TSS_RESULT
obj_rsakey_get_pcr_locality(TSS_HKEY hKey,TSS_FLAG dir,UINT32 * locality)1587 obj_rsakey_get_pcr_locality(TSS_HKEY hKey, TSS_FLAG dir, UINT32 *locality)
1588 {
1589           struct tsp_object *obj;
1590           struct tr_rsakey_obj *rsakey;
1591           TSS_RESULT result = TSS_SUCCESS;
1592 
1593           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1594                     return TSPERR(TSS_E_INVALID_HANDLE);
1595 
1596           rsakey = (struct tr_rsakey_obj *)obj->data;
1597 
1598           if (rsakey->pcrInfoType == TSS_PCRS_STRUCT_INFO_LONG) {
1599                     if (dir == TSS_TSPATTRIB_KEYPCRLONG_LOCALITY_ATCREATION)
1600                               *locality = rsakey->pcrInfo.infolong.localityAtCreation;
1601                     else if (dir == TSS_TSPATTRIB_KEYPCRLONG_LOCALITY_ATRELEASE)
1602                               *locality = rsakey->pcrInfo.infolong.localityAtRelease;
1603                     else
1604                               result = TSPERR(TSS_E_BAD_PARAMETER);
1605           } else
1606                     result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
1607 
1608           obj_list_put(&rsakey_list);
1609 
1610           return result;
1611 }
1612 
1613 TSS_RESULT
obj_rsakey_get_pcr_selection(TSS_HKEY hKey,UINT32 pcrInfoType,TSS_FLAG dir,UINT32 * size,BYTE ** data)1614 obj_rsakey_get_pcr_selection(TSS_HKEY hKey,
1615                                    UINT32 pcrInfoType,
1616                                    TSS_FLAG dir,
1617                                    UINT32 *size,
1618                                    BYTE **data)
1619 {
1620           struct tsp_object *obj;
1621           struct tr_rsakey_obj *rsakey;
1622           TSS_RESULT result = TSS_SUCCESS;
1623           UINT64 offset;
1624           TPM_PCR_SELECTION *selection = NULL;
1625 
1626           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1627                     return TSPERR(TSS_E_INVALID_HANDLE);
1628 
1629           rsakey = (struct tr_rsakey_obj *)obj->data;
1630 
1631         if (pcrInfoType != rsakey->pcrInfoType) {
1632                 result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
1633                 goto done;
1634         }
1635 
1636         switch (pcrInfoType) {
1637                 case TSS_PCRS_STRUCT_INFO:
1638                         if (dir == TSS_TSPATTRIB_KEYPCR_SELECTION)
1639                                 selection = &rsakey->pcrInfo.info11.pcrSelection;
1640                         else {
1641                                 result = TSPERR(TSS_E_BAD_PARAMETER);
1642                                 goto done;
1643                         }
1644                         break;
1645                 case TSS_PCRS_STRUCT_INFO_LONG:
1646                         if (dir == TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION)
1647                                 selection = &rsakey->pcrInfo.infolong.creationPCRSelection;
1648                         else if (dir == TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION)
1649                                 selection = &rsakey->pcrInfo.infolong.releasePCRSelection;
1650                         else {
1651                                 result = TSPERR(TSS_E_BAD_PARAMETER);
1652                                 goto done;
1653                         }
1654                         break;
1655                 default:
1656                         result = TSPERR(TSS_E_INTERNAL_ERROR);
1657                         goto done;
1658         }
1659 
1660         *size = sizeof(UINT16) + selection->sizeOfSelect;
1661 
1662         if ((*data = calloc_tspi(obj->tspContext, *size)) == NULL) {
1663                 LogError("malloc of %u bytes failed.", *size);
1664                 *size = 0;
1665                 result = TSPERR(TSS_E_OUTOFMEMORY);
1666                 goto done;
1667         }
1668 
1669         offset = 0;
1670         Trspi_LoadBlob_PCR_SELECTION(&offset, *data, selection);
1671 
1672 done:
1673           obj_list_put(&rsakey_list);
1674 
1675           return result;
1676 }
1677 
1678 TSS_RESULT
rsakey_set_pubkey(struct tr_rsakey_obj * rsakey,BYTE * pubkey)1679 rsakey_set_pubkey(struct tr_rsakey_obj *rsakey, BYTE *pubkey)
1680 {
1681           TSS_RESULT result;
1682           UINT64 offset = 0;
1683           TPM_PUBKEY pub;
1684 
1685           if ((result = Trspi_UnloadBlob_PUBKEY(&offset, pubkey, &pub)))
1686                     return result;
1687 
1688           free(rsakey->key.pubKey.key);
1689           free(rsakey->key.algorithmParms.parms);
1690 
1691           memcpy(&rsakey->key.pubKey, &pub.pubKey, sizeof(TPM_STORE_PUBKEY));
1692           memcpy(&rsakey->key.algorithmParms, &pub.algorithmParms, sizeof(TPM_KEY_PARMS));
1693 
1694           return TSS_SUCCESS;
1695 }
1696 
1697 /* Expect a TPM_PUBKEY as is explained in the portable data section of the spec */
1698 TSS_RESULT
obj_rsakey_set_pubkey(TSS_HKEY hKey,UINT32 force,BYTE * data)1699 obj_rsakey_set_pubkey(TSS_HKEY hKey, UINT32 force, BYTE *data)
1700 {
1701           struct tsp_object *obj;
1702           struct tr_rsakey_obj *rsakey;
1703           TSS_RESULT result;
1704 
1705           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1706                     return TSPERR(TSS_E_INVALID_HANDLE);
1707 
1708           rsakey = (struct tr_rsakey_obj *)obj->data;
1709 
1710           if (!force && (obj->flags & TSS_OBJ_FLAG_KEY_SET)) {
1711                     result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
1712                     goto done;
1713           }
1714 
1715           result = rsakey_set_pubkey(rsakey, data);
1716 done:
1717           obj_list_put(&rsakey_list);
1718 
1719           return result;
1720 }
1721 
1722 TSS_RESULT
obj_rsakey_set_srk_pubkey(BYTE * pubkey)1723 obj_rsakey_set_srk_pubkey(BYTE *pubkey)
1724 {
1725           struct tsp_object *obj;
1726           struct obj_list *list = &rsakey_list;
1727           struct tr_rsakey_obj *rsakey;
1728           TSS_RESULT result;
1729 
1730           MUTEX_LOCK(list->lock);
1731 
1732           for (obj = list->head; obj; obj = obj->next) {
1733                     rsakey = (struct tr_rsakey_obj *)obj->data;
1734 
1735                     /* we found the SRK, set this data as its public key */
1736                     if (rsakey->tcsHandle == TPM_KEYHND_SRK) {
1737                               result = rsakey_set_pubkey(rsakey, pubkey);
1738                               MUTEX_UNLOCK(list->lock);
1739                               return result;
1740                     }
1741           }
1742 
1743           MUTEX_UNLOCK(list->lock);
1744 
1745           return TSPERR(TSS_E_INVALID_HANDLE);
1746 }
1747 
1748 TSS_RESULT
obj_rsakey_set_privkey(TSS_HKEY hKey,UINT32 force,UINT32 size,BYTE * data)1749 obj_rsakey_set_privkey(TSS_HKEY hKey, UINT32 force, UINT32 size, BYTE *data)
1750 {
1751           struct tsp_object *obj;
1752           struct tr_rsakey_obj *rsakey;
1753           TSS_RESULT result = TSS_SUCCESS;
1754           void *to_free;
1755 
1756           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1757                     return TSPERR(TSS_E_INVALID_HANDLE);
1758 
1759           if (!force && (obj->flags & TSS_OBJ_FLAG_KEY_SET)) {
1760                     result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
1761                     goto done;
1762           }
1763 
1764           rsakey = (struct tr_rsakey_obj *)obj->data;
1765 
1766           to_free = rsakey->key.encData;
1767 
1768           rsakey->key.encData = calloc(1, size);
1769           if (rsakey->key.encData == NULL) {
1770                     rsakey->key.encData = to_free; // restore
1771                     LogError("malloc of %u bytes failed.", size);
1772                     result = TSPERR(TSS_E_OUTOFMEMORY);
1773                     goto done;
1774           }
1775 
1776           free(to_free);
1777           rsakey->key.encSize = size;
1778           memcpy(rsakey->key.encData, data, size);
1779 done:
1780           obj_list_put(&rsakey_list);
1781 
1782           return result;
1783 }
1784 
1785 TSS_RESULT
obj_rsakey_set_pcr_data(TSS_HKEY hKey,TSS_HPCRS hPcrComposite)1786 obj_rsakey_set_pcr_data(TSS_HKEY hKey, TSS_HPCRS hPcrComposite)
1787 {
1788           struct tsp_object *obj;
1789           struct tr_rsakey_obj *rsakey;
1790           TSS_RESULT result = TSS_SUCCESS;
1791           UINT32 pcrType, pcrSize;
1792           BYTE *pcrInfo;
1793 
1794           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1795                     return TSPERR(TSS_E_INVALID_HANDLE);
1796 
1797           if (obj->flags & TSS_OBJ_FLAG_KEY_SET) {
1798                     result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
1799                     goto done;
1800           }
1801 
1802           rsakey = (struct tr_rsakey_obj *)obj->data;
1803 
1804           /* passing in a pcrType of TSS_PCRS_STRUCT_DEFAULT will tell the pcr routine to create
1805            * a structure matching the type of the hPcrComposite object */
1806           pcrType = TSS_PCRS_STRUCT_DEFAULT;
1807           if ((result = obj_pcrs_create_info_type(hPcrComposite, &pcrType, &pcrSize, &pcrInfo)))
1808                     goto done;
1809 
1810           rsakey->key.PCRInfo = pcrInfo;
1811           rsakey->key.PCRInfoSize = pcrSize;
1812 done:
1813           obj_list_put(&rsakey_list);
1814 
1815           return result;
1816 }
1817 
1818 void
__tspi_rsakey_free(void * data)1819 __tspi_rsakey_free(void *data)
1820 {
1821           struct tr_rsakey_obj *rsakey = (struct tr_rsakey_obj *)data;
1822 
1823           free(rsakey->key.algorithmParms.parms);
1824           free(rsakey->key.encData);
1825           free(rsakey->key.PCRInfo);
1826           free(rsakey->key.pubKey.key);
1827           free(rsakey);
1828 }
1829 
1830 /* Remove an individual rsakey object from the rsakey list with handle
1831  * equal to hObject. Clean up the TSP's key handle table. */
1832 TSS_RESULT
obj_rsakey_remove(TSS_HOBJECT hObject,TSS_HCONTEXT tspContext)1833 obj_rsakey_remove(TSS_HOBJECT hObject, TSS_HCONTEXT tspContext)
1834 {
1835           TSS_RESULT result;
1836 
1837           if ((result = obj_list_remove(&rsakey_list, &__tspi_rsakey_free, hObject, tspContext)))
1838                     return result;
1839 
1840           return TSS_SUCCESS;
1841 }
1842 
1843 TSS_RESULT
obj_rsakey_get_by_pub(UINT32 pub_size,BYTE * pub,TSS_HKEY * hKey)1844 obj_rsakey_get_by_pub(UINT32 pub_size, BYTE *pub, TSS_HKEY *hKey)
1845 {
1846           struct obj_list *list = &rsakey_list;
1847           struct tsp_object *obj;
1848           struct tr_rsakey_obj *rsakey;
1849           TSS_RESULT result = TSS_SUCCESS;
1850 
1851           MUTEX_LOCK(list->lock);
1852 
1853           for (obj = list->head; obj; obj = obj->next) {
1854                     rsakey = (struct tr_rsakey_obj *)obj->data;
1855 
1856                     if (rsakey->key.pubKey.keyLength == pub_size &&
1857                         !memcmp(&rsakey->key.pubKey.key, pub, pub_size)) {
1858                               *hKey = obj->handle;
1859                               goto done;
1860                     }
1861           }
1862 
1863           *hKey = 0;
1864 done:
1865           MUTEX_UNLOCK(list->lock);
1866 
1867           return result;
1868 }
1869 
1870 TSS_RESULT
obj_rsakey_get_by_uuid(TSS_UUID * uuid,TSS_HKEY * hKey)1871 obj_rsakey_get_by_uuid(TSS_UUID *uuid, TSS_HKEY *hKey)
1872 {
1873           struct obj_list *list = &rsakey_list;
1874           struct tsp_object *obj;
1875           struct tr_rsakey_obj *rsakey;
1876           TSS_RESULT result = TSS_SUCCESS;
1877 
1878           MUTEX_LOCK(list->lock);
1879 
1880           for (obj = list->head; obj; obj = obj->next) {
1881                     rsakey = (struct tr_rsakey_obj *)obj->data;
1882 
1883                     if (!memcmp(&rsakey->uuid, uuid, sizeof(TSS_UUID))) {
1884                               *hKey = obj->handle;
1885                               goto done;
1886                     }
1887           }
1888 
1889           result = TSPERR(TSS_E_PS_KEY_NOTFOUND);
1890 done:
1891           MUTEX_UNLOCK(list->lock);
1892 
1893           return result;
1894 }
1895 
1896 void
obj_rsakey_remove_policy_refs(TSS_HPOLICY hPolicy,TSS_HCONTEXT tspContext)1897 obj_rsakey_remove_policy_refs(TSS_HPOLICY hPolicy, TSS_HCONTEXT tspContext)
1898 {
1899           struct tsp_object *obj;
1900           struct obj_list *list = &rsakey_list;
1901           struct tr_rsakey_obj *rsakey;
1902 
1903           MUTEX_LOCK(list->lock);
1904 
1905           for (obj = list->head; obj; obj = obj->next) {
1906                     if (obj->tspContext != tspContext)
1907                               continue;
1908 
1909                     rsakey = (struct tr_rsakey_obj *)obj->data;
1910                     if (rsakey->usagePolicy == hPolicy)
1911                               rsakey->usagePolicy = NULL_HPOLICY;
1912 
1913                     if (rsakey->migPolicy == hPolicy)
1914                               rsakey->migPolicy = NULL_HPOLICY;
1915           }
1916 
1917           MUTEX_UNLOCK(list->lock);
1918 }
1919 
1920 #if 0
1921 TSS_RESULT
1922 obj_rsakey_get_transport_attribs(TSS_HKEY hKey, TCS_KEY_HANDLE *hTCSKey, TPM_DIGEST *pubDigest)
1923 {
1924           struct tsp_object *obj;
1925           struct tr_rsakey_obj *rsakey;
1926           TSS_RESULT result;
1927           Trspi_HashCtx hashCtx;
1928 
1929           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1930                     return TSPERR(TSS_E_INVALID_HANDLE);
1931 
1932           rsakey = (struct tr_rsakey_obj *)obj->data;
1933           *hTCSKey = rsakey->tcsHandle;
1934 
1935           result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
1936           result |= Trspi_Hash_STORE_PUBKEY(&hashCtx, &rsakey->key.pubKey);
1937           result |= Trspi_HashFinal(&hashCtx, pubDigest->digest);
1938 
1939           obj_list_put(&rsakey_list);
1940 
1941           return result;
1942 }
1943 #endif
1944 
1945 #ifdef TSS_BUILD_CMK
1946 TSS_BOOL
obj_rsakey_is_cmk(TSS_HKEY hKey)1947 obj_rsakey_is_cmk(TSS_HKEY hKey)
1948 {
1949           struct tsp_object *obj;
1950           struct tr_rsakey_obj *rsakey;
1951           TSS_BOOL answer = FALSE;
1952 
1953           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1954                     return answer;
1955 
1956           rsakey = (struct tr_rsakey_obj *)obj->data;
1957           if (rsakey->type != TSS_KEY_STRUCT_KEY) {
1958                     if (rsakey->key.keyFlags & TPM_MIGRATEAUTHORITY)
1959                               answer = TRUE;
1960           }
1961 
1962           obj_list_put(&rsakey_list);
1963 
1964           return answer;
1965 }
1966 
1967 TSS_RESULT
obj_rsakey_set_cmk(TSS_HKEY hKey,UINT32 cmk)1968 obj_rsakey_set_cmk(TSS_HKEY hKey, UINT32 cmk)
1969 {
1970           struct tsp_object *obj;
1971           struct tr_rsakey_obj *rsakey;
1972           TSS_RESULT result = TSS_SUCCESS;
1973 
1974           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
1975                     return TSPERR(TSS_E_INVALID_HANDLE);
1976 
1977           if (obj->flags & TSS_OBJ_FLAG_KEY_SET) {
1978                     result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
1979                     goto done;
1980           }
1981 
1982           rsakey = (struct tr_rsakey_obj *)obj->data;
1983           if (rsakey->type == TSS_KEY_STRUCT_KEY) {
1984                     result = TSPERR(TSS_E_INVALID_OBJ_ACCESS);
1985                     goto done;
1986           }
1987 
1988           if (cmk)
1989                     rsakey->key.keyFlags |= TPM_MIGRATEAUTHORITY;
1990           else
1991                     rsakey->key.keyFlags &= (~TPM_MIGRATEAUTHORITY);
1992 
1993 done:
1994           obj_list_put(&rsakey_list);
1995 
1996           return result;
1997 }
1998 
1999 TSS_RESULT
obj_rsakey_set_msa_approval(TSS_HKEY hKey,UINT32 blobSize,BYTE * blob)2000 obj_rsakey_set_msa_approval(TSS_HKEY hKey, UINT32 blobSize, BYTE *blob)
2001 {
2002           struct tsp_object *obj;
2003           struct tr_rsakey_obj *rsakey;
2004           TSS_RESULT result = TSS_SUCCESS;
2005 
2006           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
2007                     return TSPERR(TSS_E_INVALID_HANDLE);
2008 
2009           rsakey = (struct tr_rsakey_obj *)obj->data;
2010 
2011           if (blobSize != sizeof(rsakey->msaApproval.digest)) {
2012                     result = TSPERR(TSS_E_BAD_PARAMETER);
2013                     goto done;
2014           }
2015           memcpy(rsakey->msaApproval.digest, blob, sizeof(rsakey->msaApproval.digest));
2016 
2017 done:
2018           obj_list_put(&rsakey_list);
2019 
2020           return result;
2021 }
2022 
2023 TSS_RESULT
obj_rsakey_get_msa_approval(TSS_HKEY hKey,UINT32 * blobSize,BYTE ** blob)2024 obj_rsakey_get_msa_approval(TSS_HKEY hKey, UINT32 *blobSize, BYTE **blob)
2025 {
2026           struct tsp_object *obj;
2027           struct tr_rsakey_obj *rsakey;
2028           TSS_RESULT result = TSS_SUCCESS;
2029 
2030           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
2031                     return TSPERR(TSS_E_INVALID_HANDLE);
2032 
2033           rsakey = (struct tr_rsakey_obj *)obj->data;
2034 
2035           if ((*blob = calloc_tspi(obj->tspContext, sizeof(rsakey->msaApproval.digest))) == NULL) {
2036                     LogError("malloc of %zd bytes failed.", sizeof(rsakey->msaApproval.digest));
2037                     result = TSPERR(TSS_E_OUTOFMEMORY);
2038                     goto done;
2039           }
2040           memcpy(*blob, rsakey->msaApproval.digest, sizeof(rsakey->msaApproval.digest));
2041           *blobSize = sizeof(rsakey->msaApproval.digest);
2042 
2043 done:
2044           obj_list_put(&rsakey_list);
2045 
2046           return result;
2047 }
2048 
2049 TSS_RESULT
obj_rsakey_set_msa_digest(TSS_HKEY hKey,UINT32 blobSize,BYTE * blob)2050 obj_rsakey_set_msa_digest(TSS_HKEY hKey, UINT32 blobSize, BYTE *blob)
2051 {
2052           struct tsp_object *obj;
2053           struct tr_rsakey_obj *rsakey;
2054           TSS_RESULT result = TSS_SUCCESS;
2055 
2056           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
2057                     return TSPERR(TSS_E_INVALID_HANDLE);
2058 
2059           rsakey = (struct tr_rsakey_obj *)obj->data;
2060 
2061           if (blobSize != sizeof(rsakey->msaDigest.digest)) {
2062                     result = TSPERR(TSS_E_BAD_PARAMETER);
2063                     goto done;
2064           }
2065           memcpy(rsakey->msaDigest.digest, blob, sizeof(rsakey->msaDigest.digest));
2066 
2067 done:
2068           obj_list_put(&rsakey_list);
2069 
2070           return result;
2071 }
2072 
2073 TSS_RESULT
obj_rsakey_get_msa_digest(TSS_HKEY hKey,UINT32 * blobSize,BYTE ** blob)2074 obj_rsakey_get_msa_digest(TSS_HKEY hKey, UINT32 *blobSize, BYTE **blob)
2075 {
2076           struct tsp_object *obj;
2077           struct tr_rsakey_obj *rsakey;
2078           TSS_RESULT result = TSS_SUCCESS;
2079 
2080           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
2081                     return TSPERR(TSS_E_INVALID_HANDLE);
2082 
2083           rsakey = (struct tr_rsakey_obj *)obj->data;
2084 
2085           if ((*blob = calloc_tspi(obj->tspContext, sizeof(rsakey->msaDigest.digest))) == NULL) {
2086                     LogError("malloc of %zd bytes failed.", sizeof(rsakey->msaDigest.digest));
2087                     result = TSPERR(TSS_E_OUTOFMEMORY);
2088                     goto done;
2089           }
2090           memcpy(*blob, rsakey->msaDigest.digest, sizeof(rsakey->msaDigest.digest));
2091           *blobSize = sizeof(rsakey->msaDigest.digest);
2092 
2093 done:
2094           obj_list_put(&rsakey_list);
2095 
2096           return result;
2097 }
2098 #endif
2099 
2100 TSS_RESULT
obj_rsakey_get_ownerevict(TSS_HKEY hKey,UINT32 * value)2101 obj_rsakey_get_ownerevict(TSS_HKEY hKey, UINT32 *value)
2102 {
2103           struct tsp_object *obj;
2104           struct tr_rsakey_obj *rsakey;
2105 
2106           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
2107                     return TSPERR(TSS_E_INVALID_HANDLE);
2108 
2109           rsakey = (struct tr_rsakey_obj *)obj->data;
2110           *value = rsakey->flags & TSS_RSAKEY_FLAG_OWNEREVICT;
2111 
2112           obj_list_put(&rsakey_list);
2113 
2114           return TSS_SUCCESS;
2115 }
2116 
2117 TSS_RESULT
obj_rsakey_set_ownerevict(TSS_HKEY hKey,TSS_BOOL value)2118 obj_rsakey_set_ownerevict(TSS_HKEY hKey, TSS_BOOL value)
2119 {
2120           struct tsp_object *obj;
2121           struct tr_rsakey_obj *rsakey;
2122 
2123           if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL)
2124                     return TSPERR(TSS_E_INVALID_HANDLE);
2125 
2126           rsakey = (struct tr_rsakey_obj *)obj->data;
2127 
2128           if (value)
2129                     rsakey->flags |= TSS_RSAKEY_FLAG_OWNEREVICT;
2130           else
2131                     rsakey->flags &= ~TSS_RSAKEY_FLAG_OWNEREVICT;
2132 
2133           obj_list_put(&rsakey_list);
2134 
2135           return TSS_SUCCESS;
2136 }
2137