static TPM_RESULT execute_TPM_FlushSpecific(TPM_REQUEST *req, TPM_RESPONSE *rsp) { BYTE *ptr; UINT32 len; TPM_HANDLE handle; TPM_RESOURCE_TYPE resourceType; /* unmarshal input */ ptr = req->param; len = req->paramSize; if (tpm_unmarshal_TPM_HANDLE(&ptr, &len, &handle) || tpm_unmarshal_TPM_RESOURCE_TYPE(&ptr, &len, &resourceType) || len != 0) return TPM_BAD_PARAMETER; /* execute command */ return TPM_FlushSpecific(handle, resourceType); }
TPM_RESULT MTM_FlushSpecific(TPM_HANDLE handle, TPM_RESOURCE_TYPE resourceType) { MTM_KEY_DATA *key; info("MTM_FlushSpecific()"); debug("handle = %08x, resourceType = %08x", handle, resourceType); if (resourceType == TPM_RT_KEY) { key = mtm_get_key(handle); if (key != NULL) { free_MTM_KEY_DATA((*key)); memset(key, 0, sizeof(*key)); tpm_invalidate_sessions(handle); return TPM_SUCCESS; } } return TPM_FlushSpecific(handle, resourceType); }
void tpm_execute_command(TPM_REQUEST *req, TPM_RESPONSE *rsp) { TPM_RESULT res; /* setup authorization as well as response tag and size */ memset(rsp, 0, sizeof(*rsp)); switch (req->tag) { case TPM_TAG_RQU_AUTH2_COMMAND: rsp->tag = TPM_TAG_RSP_AUTH2_COMMAND; rsp->size = 10 + 2 * 41; rsp->auth1 = &req->auth1; rsp->auth2 = &req->auth2; break; case TPM_TAG_RQU_AUTH1_COMMAND: rsp->tag = TPM_TAG_RSP_AUTH1_COMMAND; rsp->size = 10 + 41; rsp->auth1 = &req->auth1; break; case TPM_TAG_RQU_COMMAND: rsp->tag = TPM_TAG_RSP_COMMAND; rsp->size = 10; break; default: tpm_setup_error_response(TPM_BADTAG, rsp); return; } /* check whether the command is allowed in the current mode of the TPM */ res = tpm_check_status_and_mode(req); if (res != TPM_SUCCESS) { tpm_setup_error_response(res, rsp); return; } /* handle command ordinal */ switch (req->ordinal) { case TPM_ORD_Startup: res = execute_TPM_Startup(req, rsp); break; case TPM_ORD_SaveState: res = execute_TPM_SaveState(req, rsp); break; case TPM_ORD_FlushSpecific: res = execute_TPM_FlushSpecific(req, rsp); break; case TPM_ORD_OIAP: res = execute_TPM_OIAP(req, rsp); break; case TPM_ORD_OSAP: res = execute_TPM_OSAP(req, rsp); break; case TPM_ORD_TakeOwnership: res = execute_TPM_TakeOwnership(req, rsp); break; case TPM_ORD_CreateWrapKey: res = execute_TPM_CreateWrapKey(req, rsp); break; case TPM_ORD_LoadKey: res = execute_TPM_LoadKey(req, rsp); break; case TPM_ORD_LoadKey2: res = execute_TPM_LoadKey2(req, rsp); break; case TPM_ORD_GetPubKey: res = execute_TPM_GetPubKey(req, rsp); break; case TPM_ORD_UnBind: res = execute_TPM_UnBind(req, rsp); break; case TPM_ORD_MakeIdentity: res = execute_TPM_MakeIdentity(req, rsp); break; case TPM_ORD_CertifyKey: res = execute_TPM_CertifyKey(req, rsp); break; case TPM_ORD_Extend: res = execute_TPM_Extend(req, rsp); break; case TPM_ORD_PCRRead: res = execute_TPM_PCRRead(req, rsp); break; case TPM_ORD_Quote: res = execute_TPM_Quote(req, rsp); break; default: tpm_setup_error_response(TPM_BAD_ORDINAL, rsp); return ; } /* setup response */ if (res != TPM_SUCCESS) { tpm_setup_error_response(res, rsp); if (!(res & TPM_NON_FATAL)) { if (rsp->auth1 != NULL) rsp->auth1->continueAuthSession = FALSE; if (rsp->auth2 != NULL) rsp->auth2->continueAuthSession = FALSE; } } else { rsp->size += rsp->paramSize; if (rsp->tag != TPM_TAG_RSP_COMMAND) tpm_setup_rsp_auth(req->ordinal, rsp); } /* terminate authorization sessions if necessary */ if (rsp->auth1 != NULL && !rsp->auth1->continueAuthSession) TPM_FlushSpecific(rsp->auth1->authHandle, HANDLE_TO_RT(rsp->auth1->authHandle)); if (rsp->auth2 != NULL && !rsp->auth2->continueAuthSession) TPM_FlushSpecific(rsp->auth2->authHandle, TPM_RT_AUTH); /* if transportExclusive is set, only the execution of TPM_ExecuteTransport and TPM_ReleaseTransportSigned is allowed */ if (stanyFlags.transportExclusive && req->ordinal != TPM_ORD_ExecuteTransport && req->ordinal != TPM_ORD_ReleaseTransportSigned) { TPM_FlushSpecific(read_TPM_STANY_DATA_transExclusive(), TPM_RT_TRANS); stanyFlags.transportExclusive = FALSE; } }
void tpm_owner_clear() { int i; /* unload all keys */ for (i = 0; i < TPM_MAX_KEYS; i++) { if (tpmData.permanent.data.keys[i].payload) TPM_FlushSpecific(INDEX_TO_KEY_HANDLE(i), TPM_RT_KEY); } /* invalidate stany and stclear data */ memset(&tpmData.stany.data, 0 , sizeof(tpmData.stany.data)); memset(&tpmData.stclear.data, 0 , sizeof(tpmData.stclear.data)); /* release SRK */ tpm_rsa_release_private_key(&tpmData.permanent.data.srk.key); /* invalidate permanent data */ memset(&tpmData.permanent.data.ownerAuth, 0, sizeof(tpmData.permanent.data.ownerAuth)); memset(&tpmData.permanent.data.srk, 0, sizeof(tpmData.permanent.data.srk)); memset(&tpmData.permanent.data.tpmProof, 0, sizeof(tpmData.permanent.data.tpmProof)); memset(&tpmData.permanent.data.operatorAuth, 0, sizeof(tpmData.permanent.data.operatorAuth)); /* invalidate delegate, context, and DAA key */ memset(&tpmData.permanent.data.contextKey, 0, sizeof(tpmData.permanent.data.contextKey)); memset(&tpmData.permanent.data.delegateKey, 0, sizeof(tpmData.permanent.data.delegateKey)); /* set permanent data */ tpmData.permanent.data.noOwnerNVWrite = 0; tpmData.permanent.data.restrictDelegate = 0; memset (tpmData.permanent.data.ordinalAuditStatus, 0, sizeof(tpmData.permanent.data.ordinalAuditStatus)); /* set permanent flags */ tpmData.permanent.flags.owned = FALSE; tpmData.permanent.flags.operator = FALSE; tpmData.permanent.flags.disableOwnerClear = FALSE; tpmData.permanent.flags.ownership = TRUE; tpmData.permanent.flags.disable = FALSE; tpmData.permanent.flags.deactivated = FALSE; tpmData.permanent.flags.maintenanceDone = FALSE; tpmData.permanent.flags.allowMaintenance = TRUE; tpmData.permanent.flags.disableFullDALogicInfo = FALSE; tpmData.permanent.flags.readPubek = TRUE; /* release all counters */ for (i = 0; i < TPM_MAX_COUNTERS; i++) memset(&tpmData.permanent.data.counters[i], 0, sizeof(TPM_COUNTER_VALUE)); /* invalidate family and delegates table */ for (i = 0; i < TPM_NUM_FAMILY_TABLE_ENTRY; i++) { memset(&tpmData.permanent.data.familyTable.famRow[i], 0, sizeof(TPM_FAMILY_TABLE_ENTRY)); } for (i = 0; i < TPM_NUM_DELEGATE_TABLE_ENTRY; i++) { memset(&tpmData.permanent.data.delegateTable.delRow[i], 0, sizeof(TPM_DELEGATE_TABLE_ROW)); } /* release NV storage */ for (i = 0; i < TPM_MAX_NVS; i++) { if (tpmData.permanent.data.nvStorage[i].valid && (tpmData.permanent.data.nvStorage[i].pubInfo.permission.attributes & (TPM_NV_PER_OWNERWRITE | TPM_NV_PER_OWNERREAD))) { tpm_nv_remove_data(&tpmData.permanent.data.nvStorage[i]); } } }