static TPM_RESULT execute_TPM_FlushSpecific(TPM_REQUEST *req, TPM_RESPONSE *rsp)
{
BYTE *ptr;
UINT32 len;
TPM_HANDLE handle;
TPM_RESOURCE_TYPE resourceType;
/* unmarshal input */
ptr = req->param;
len = req->paramSize;
if (tpm_unmarshal_TPM_HANDLE(&ptr, &len, &handle)
|| tpm_unmarshal_TPM_RESOURCE_TYPE(&ptr, &len, &resourceType)
|| len != 0) return TPM_BAD_PARAMETER;
/* execute command */
return TPM_FlushSpecific(handle, resourceType);
}
TPM_RESULT MTM_FlushSpecific(TPM_HANDLE handle,
TPM_RESOURCE_TYPE resourceType)
{
MTM_KEY_DATA *key;
info("MTM_FlushSpecific()");
debug("handle = %08x, resourceType = %08x", handle, resourceType);
if (resourceType == TPM_RT_KEY) {
key = mtm_get_key(handle);
if (key != NULL) {
free_MTM_KEY_DATA((*key));
memset(key, 0, sizeof(*key));
tpm_invalidate_sessions(handle);
return TPM_SUCCESS;
}
}
return TPM_FlushSpecific(handle, resourceType);
}
void tpm_execute_command(TPM_REQUEST *req, TPM_RESPONSE *rsp)
{
TPM_RESULT res;
/* setup authorization as well as response tag and size */
memset(rsp, 0, sizeof(*rsp));
switch (req->tag) {
case TPM_TAG_RQU_AUTH2_COMMAND:
rsp->tag = TPM_TAG_RSP_AUTH2_COMMAND;
rsp->size = 10 + 2 * 41;
rsp->auth1 = &req->auth1;
rsp->auth2 = &req->auth2;
break;
case TPM_TAG_RQU_AUTH1_COMMAND:
rsp->tag = TPM_TAG_RSP_AUTH1_COMMAND;
rsp->size = 10 + 41;
rsp->auth1 = &req->auth1;
break;
case TPM_TAG_RQU_COMMAND:
rsp->tag = TPM_TAG_RSP_COMMAND;
rsp->size = 10;
break;
default:
tpm_setup_error_response(TPM_BADTAG, rsp);
return;
}
/* check whether the command is allowed in the current mode of the TPM */
res = tpm_check_status_and_mode(req);
if (res != TPM_SUCCESS) {
tpm_setup_error_response(res, rsp);
return;
}
/* handle command ordinal */
switch (req->ordinal) {
case TPM_ORD_Startup:
res = execute_TPM_Startup(req, rsp);
break;
case TPM_ORD_SaveState:
res = execute_TPM_SaveState(req, rsp);
break;
case TPM_ORD_FlushSpecific:
res = execute_TPM_FlushSpecific(req, rsp);
break;
case TPM_ORD_OIAP:
res = execute_TPM_OIAP(req, rsp);
break;
case TPM_ORD_OSAP:
res = execute_TPM_OSAP(req, rsp);
break;
case TPM_ORD_TakeOwnership:
res = execute_TPM_TakeOwnership(req, rsp);
break;
case TPM_ORD_CreateWrapKey:
res = execute_TPM_CreateWrapKey(req, rsp);
break;
case TPM_ORD_LoadKey:
res = execute_TPM_LoadKey(req, rsp);
break;
case TPM_ORD_LoadKey2:
res = execute_TPM_LoadKey2(req, rsp);
break;
case TPM_ORD_GetPubKey:
res = execute_TPM_GetPubKey(req, rsp);
break;
case TPM_ORD_UnBind:
res = execute_TPM_UnBind(req, rsp);
break;
case TPM_ORD_MakeIdentity:
res = execute_TPM_MakeIdentity(req, rsp);
break;
case TPM_ORD_CertifyKey:
res = execute_TPM_CertifyKey(req, rsp);
break;
case TPM_ORD_Extend:
res = execute_TPM_Extend(req, rsp);
break;
case TPM_ORD_PCRRead:
res = execute_TPM_PCRRead(req, rsp);
break;
case TPM_ORD_Quote:
res = execute_TPM_Quote(req, rsp);
break;
default:
tpm_setup_error_response(TPM_BAD_ORDINAL, rsp);
return ;
}
/* setup response */
if (res != TPM_SUCCESS) {
tpm_setup_error_response(res, rsp);
if (!(res & TPM_NON_FATAL)) {
if (rsp->auth1 != NULL) rsp->auth1->continueAuthSession = FALSE;
if (rsp->auth2 != NULL) rsp->auth2->continueAuthSession = FALSE;
}
} else {
rsp->size += rsp->paramSize;
if (rsp->tag != TPM_TAG_RSP_COMMAND) tpm_setup_rsp_auth(req->ordinal, rsp);
}
/* terminate authorization sessions if necessary */
if (rsp->auth1 != NULL && !rsp->auth1->continueAuthSession)
TPM_FlushSpecific(rsp->auth1->authHandle, HANDLE_TO_RT(rsp->auth1->authHandle));
if (rsp->auth2 != NULL && !rsp->auth2->continueAuthSession)
TPM_FlushSpecific(rsp->auth2->authHandle, TPM_RT_AUTH);
/* if transportExclusive is set, only the execution of TPM_ExecuteTransport
and TPM_ReleaseTransportSigned is allowed */
if (stanyFlags.transportExclusive
&& req->ordinal != TPM_ORD_ExecuteTransport
&& req->ordinal != TPM_ORD_ReleaseTransportSigned) {
TPM_FlushSpecific(read_TPM_STANY_DATA_transExclusive(), TPM_RT_TRANS);
stanyFlags.transportExclusive = FALSE;
}
}
void tpm_owner_clear()
{
int i;
/* unload all keys */
for (i = 0; i < TPM_MAX_KEYS; i++) {
if (tpmData.permanent.data.keys[i].payload)
TPM_FlushSpecific(INDEX_TO_KEY_HANDLE(i), TPM_RT_KEY);
}
/* invalidate stany and stclear data */
memset(&tpmData.stany.data, 0 , sizeof(tpmData.stany.data));
memset(&tpmData.stclear.data, 0 , sizeof(tpmData.stclear.data));
/* release SRK */
tpm_rsa_release_private_key(&tpmData.permanent.data.srk.key);
/* invalidate permanent data */
memset(&tpmData.permanent.data.ownerAuth, 0,
sizeof(tpmData.permanent.data.ownerAuth));
memset(&tpmData.permanent.data.srk, 0,
sizeof(tpmData.permanent.data.srk));
memset(&tpmData.permanent.data.tpmProof, 0,
sizeof(tpmData.permanent.data.tpmProof));
memset(&tpmData.permanent.data.operatorAuth, 0,
sizeof(tpmData.permanent.data.operatorAuth));
/* invalidate delegate, context, and DAA key */
memset(&tpmData.permanent.data.contextKey, 0,
sizeof(tpmData.permanent.data.contextKey));
memset(&tpmData.permanent.data.delegateKey, 0,
sizeof(tpmData.permanent.data.delegateKey));
/* set permanent data */
tpmData.permanent.data.noOwnerNVWrite = 0;
tpmData.permanent.data.restrictDelegate = 0;
memset (tpmData.permanent.data.ordinalAuditStatus, 0,
sizeof(tpmData.permanent.data.ordinalAuditStatus));
/* set permanent flags */
tpmData.permanent.flags.owned = FALSE;
tpmData.permanent.flags.operator = FALSE;
tpmData.permanent.flags.disableOwnerClear = FALSE;
tpmData.permanent.flags.ownership = TRUE;
tpmData.permanent.flags.disable = FALSE;
tpmData.permanent.flags.deactivated = FALSE;
tpmData.permanent.flags.maintenanceDone = FALSE;
tpmData.permanent.flags.allowMaintenance = TRUE;
tpmData.permanent.flags.disableFullDALogicInfo = FALSE;
tpmData.permanent.flags.readPubek = TRUE;
/* release all counters */
for (i = 0; i < TPM_MAX_COUNTERS; i++)
memset(&tpmData.permanent.data.counters[i], 0, sizeof(TPM_COUNTER_VALUE));
/* invalidate family and delegates table */
for (i = 0; i < TPM_NUM_FAMILY_TABLE_ENTRY; i++) {
memset(&tpmData.permanent.data.familyTable.famRow[i], 0,
sizeof(TPM_FAMILY_TABLE_ENTRY));
}
for (i = 0; i < TPM_NUM_DELEGATE_TABLE_ENTRY; i++) {
memset(&tpmData.permanent.data.delegateTable.delRow[i], 0,
sizeof(TPM_DELEGATE_TABLE_ROW));
}
/* release NV storage */
for (i = 0; i < TPM_MAX_NVS; i++) {
if (tpmData.permanent.data.nvStorage[i].valid
&& (tpmData.permanent.data.nvStorage[i].pubInfo.permission.attributes
& (TPM_NV_PER_OWNERWRITE | TPM_NV_PER_OWNERREAD))) {
tpm_nv_remove_data(&tpmData.permanent.data.nvStorage[i]);
}
}
}
