TSS_RESULT Tspi_Context_RegisterKey(TSS_HCONTEXT tspContext, /* in */ TSS_HKEY hKey, /* in */ TSS_FLAG persistentStorageType, /* in */ TSS_UUID uuidKey, /* in */ TSS_FLAG persistentStorageTypeParent, /* in */ TSS_UUID uuidParentKey) /* in */ { BYTE *keyBlob; UINT32 keyBlobSize; TSS_RESULT result; TSS_BOOL answer; if (!obj_is_context(tspContext) || !obj_is_rsakey(hKey)) return TSPERR(TSS_E_INVALID_HANDLE); if (persistentStorageType == TSS_PS_TYPE_SYSTEM) { if (persistentStorageTypeParent == TSS_PS_TYPE_USER) { return TSPERR(TSS_E_NOTIMPL); } else if (persistentStorageTypeParent == TSS_PS_TYPE_SYSTEM) { if ((result = obj_rsakey_get_blob(hKey, &keyBlobSize, &keyBlob))) return result; if ((result = RPC_RegisterKey(tspContext, uuidParentKey, uuidKey, keyBlobSize, keyBlob, strlen(PACKAGE_STRING) + 1, (BYTE *)PACKAGE_STRING))) return result; } else { return TSPERR(TSS_E_BAD_PARAMETER); } } else if (persistentStorageType == TSS_PS_TYPE_USER) { if ((result = ps_is_key_registered(&uuidKey, &answer))) return result; if (answer == TRUE) return TSPERR(TSS_E_KEY_ALREADY_REGISTERED); if ((result = obj_rsakey_get_blob (hKey, &keyBlobSize, &keyBlob))) return result; if ((result = ps_write_key(&uuidKey, &uuidParentKey, persistentStorageTypeParent, keyBlobSize, keyBlob))) return result; } else { return TSPERR(TSS_E_BAD_PARAMETER); } if ((result = obj_rsakey_set_uuid(hKey, persistentStorageType, &uuidKey))) return result; return TSS_SUCCESS; }
TSS_RESULT TCS_RegisterKey_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ TSS_UUID *WrappingKeyUUID, /* in */ TSS_UUID *KeyUUID, /* in */ UINT32 cKeySize, /* in */ BYTE * rgbKey, /* in */ UINT32 cVendorData, /* in */ BYTE * gbVendorData) /* in */ { TSS_RESULT result; TSS_BOOL is_reg; if ((result = ctx_verify_context(hContext))) return result; /* Check if key is already regisitered */ if (isUUIDRegistered(KeyUUID, &is_reg) != TSS_SUCCESS) { LogError("Failed checking if UUID is registered."); return TCSERR(TSS_E_INTERNAL_ERROR); } if (is_reg == TRUE || TSS_UUID_IS_OWNEREVICT(KeyUUID)) { LogDebug("UUID is already registered"); return TCSERR(TSS_E_KEY_ALREADY_REGISTERED); } LogDebugUnrollKey(rgbKey); /* Go ahead and store it in system persistant storage */ if ((result = ps_write_key(KeyUUID, WrappingKeyUUID, gbVendorData, cVendorData, rgbKey, cKeySize))) { LogError("Error writing key to file"); return result; } return TSS_SUCCESS; }
TSS_RESULT TCSP_TakeOwnership_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ UINT16 protocolID, /* in */ UINT32 encOwnerAuthSize, /* in */ BYTE * encOwnerAuth, /* in */ UINT32 encSrkAuthSize, /* in */ BYTE * encSrkAuth, /* in */ UINT32 srkInfoSize, /*in */ BYTE * srkInfo, /*in */ TPM_AUTH * ownerAuth, /* in, out */ UINT32 * srkKeySize, /*out */ BYTE ** srkKey) /*out */ { UINT64 offset; UINT32 paramSize; TSS_RESULT result; TSS_KEY srkKeyContainer; BYTE fake_pubkey[256] = { 0, }, fake_srk[2048] = { 0, }; BYTE oldAuthDataUsage; BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; if ((result = ctx_verify_context(hContext))) goto done; if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) goto done; /* Check on the Atmel Bug Patch */ offset = 0; UnloadBlob_TSS_KEY(&offset, srkInfo, &srkKeyContainer); oldAuthDataUsage = srkKeyContainer.authDataUsage; LogDebug("auth data usage is %.2X", oldAuthDataUsage); offset = 0; if ((result = tpm_rqu_build(TPM_ORD_TakeOwnership, &offset, txBlob, protocolID, encOwnerAuthSize, encOwnerAuth, encSrkAuthSize, encSrkAuth, srkInfoSize, srkInfo, ownerAuth))) return result; if ((result = req_mgr_submit_req(txBlob))) goto done; result = UnloadBlob_Header(txBlob, ¶mSize); if (!result) { if ((result = tpm_rsp_parse(TPM_ORD_TakeOwnership, txBlob, paramSize, srkKeySize, srkKey, ownerAuth))) goto done; offset = 0; if ((result = UnloadBlob_TSS_KEY(&offset, *srkKey, &srkKeyContainer))) { *srkKeySize = 0; free(*srkKey); goto done; } if (srkKeyContainer.authDataUsage != oldAuthDataUsage) { LogDebug("AuthDataUsage was changed by TPM. Atmel Bug. Fixing it in PS"); srkKeyContainer.authDataUsage = oldAuthDataUsage; } #ifdef TSS_BUILD_PS { BYTE *save; /* Once the key file is created, it stays forever. There could be * migratable keys in the hierarchy that are still useful to someone. */ result = ps_remove_key(&SRK_UUID); if (result != TSS_SUCCESS && result != TCSERR(TSS_E_PS_KEY_NOTFOUND)) { destroy_key_refs(&srkKeyContainer); LogError("Error removing SRK from key file."); *srkKeySize = 0; free(*srkKey); goto done; } /* Set the SRK pubkey to all 0's before writing the SRK to disk, this is for * privacy reasons as outlined in the TSS spec */ save = srkKeyContainer.pubKey.key; srkKeyContainer.pubKey.key = fake_pubkey; offset = 0; LoadBlob_TSS_KEY(&offset, fake_srk, &srkKeyContainer); if ((result = ps_write_key(&SRK_UUID, &NULL_UUID, NULL, 0, fake_srk, offset))) { destroy_key_refs(&srkKeyContainer); LogError("Error writing SRK to disk"); *srkKeySize = 0; free(*srkKey); goto done; } srkKeyContainer.pubKey.key = save; } #endif if ((result = mc_add_entry_init(SRK_TPM_HANDLE, SRK_TPM_HANDLE, &srkKeyContainer, &SRK_UUID))) { destroy_key_refs(&srkKeyContainer); LogError("Error creating SRK mem cache entry"); *srkKeySize = 0; free(*srkKey); } destroy_key_refs(&srkKeyContainer); } LogResult("TakeOwnership", result); done: auth_mgr_release_auth(ownerAuth, NULL, hContext); return result; }