TSS_RESULT
TCS_UnregisterKey_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
TSS_UUID KeyUUID) /* in */
{
TSS_RESULT result;
if ((result = ctx_verify_context(hContext)))
return result;
return ps_remove_key(&KeyUUID);
}
TSS_RESULT
Tspi_Context_UnregisterKey(TSS_HCONTEXT tspContext, /* in */
TSS_FLAG persistentStorageType, /* in */
TSS_UUID uuidKey, /* in */
TSS_HKEY *phKey) /* out */
{
BYTE *keyBlob = NULL;
UINT32 keyBlobSize;
TSS_RESULT result;
if (phKey == NULL)
return TSPERR(TSS_E_BAD_PARAMETER);
if ((!obj_is_context(tspContext)))
return TSPERR(TSS_E_INVALID_HANDLE);
if (persistentStorageType == TSS_PS_TYPE_SYSTEM) {
/* get the key first, so it doesn't disappear when we
* unregister it */
if ((result = RPC_GetRegisteredKeyBlob(tspContext, uuidKey, &keyBlobSize,
&keyBlob)))
return result;
if ((obj_rsakey_add_by_key(tspContext, &uuidKey, keyBlob, TSS_OBJ_FLAG_SYSTEM_PS,
phKey))) {
free(keyBlob);
return result;
}
free(keyBlob);
/* now unregister it */
if ((result = RPC_UnregisterKey(tspContext, uuidKey)))
return result;
} else if (persistentStorageType == TSS_PS_TYPE_USER) {
/* get the key first, so it doesn't disappear when we
* unregister it */
if ((result = ps_get_key_by_uuid(tspContext, &uuidKey, phKey)))
return result;
/* now unregister it */
if ((result = ps_remove_key(&uuidKey)))
return result;
} else {
return TSPERR(TSS_E_BAD_PARAMETER);
}
return TSS_SUCCESS;
}
TSS_RESULT
TCSP_TakeOwnership_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
UINT16 protocolID, /* in */
UINT32 encOwnerAuthSize, /* in */
BYTE * encOwnerAuth, /* in */
UINT32 encSrkAuthSize, /* in */
BYTE * encSrkAuth, /* in */
UINT32 srkInfoSize, /*in */
BYTE * srkInfo, /*in */
TPM_AUTH * ownerAuth, /* in, out */
UINT32 * srkKeySize, /*out */
BYTE ** srkKey) /*out */
{
UINT64 offset;
UINT32 paramSize;
TSS_RESULT result;
TSS_KEY srkKeyContainer;
BYTE fake_pubkey[256] = { 0, }, fake_srk[2048] = { 0, };
BYTE oldAuthDataUsage;
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
if ((result = ctx_verify_context(hContext)))
goto done;
if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)))
goto done;
/* Check on the Atmel Bug Patch */
offset = 0;
UnloadBlob_TSS_KEY(&offset, srkInfo, &srkKeyContainer);
oldAuthDataUsage = srkKeyContainer.authDataUsage;
LogDebug("auth data usage is %.2X", oldAuthDataUsage);
offset = 0;
if ((result = tpm_rqu_build(TPM_ORD_TakeOwnership, &offset, txBlob, protocolID,
encOwnerAuthSize, encOwnerAuth, encSrkAuthSize, encSrkAuth,
srkInfoSize, srkInfo, ownerAuth)))
return result;
if ((result = req_mgr_submit_req(txBlob)))
goto done;
result = UnloadBlob_Header(txBlob, ¶mSize);
if (!result) {
if ((result = tpm_rsp_parse(TPM_ORD_TakeOwnership, txBlob, paramSize, srkKeySize,
srkKey, ownerAuth)))
goto done;
offset = 0;
if ((result = UnloadBlob_TSS_KEY(&offset, *srkKey, &srkKeyContainer))) {
*srkKeySize = 0;
free(*srkKey);
goto done;
}
if (srkKeyContainer.authDataUsage != oldAuthDataUsage) {
LogDebug("AuthDataUsage was changed by TPM. Atmel Bug. Fixing it in PS");
srkKeyContainer.authDataUsage = oldAuthDataUsage;
}
#ifdef TSS_BUILD_PS
{
BYTE *save;
/* Once the key file is created, it stays forever. There could be
* migratable keys in the hierarchy that are still useful to someone.
*/
result = ps_remove_key(&SRK_UUID);
if (result != TSS_SUCCESS && result != TCSERR(TSS_E_PS_KEY_NOTFOUND)) {
destroy_key_refs(&srkKeyContainer);
LogError("Error removing SRK from key file.");
*srkKeySize = 0;
free(*srkKey);
goto done;
}
/* Set the SRK pubkey to all 0's before writing the SRK to disk, this is for
* privacy reasons as outlined in the TSS spec */
save = srkKeyContainer.pubKey.key;
srkKeyContainer.pubKey.key = fake_pubkey;
offset = 0;
LoadBlob_TSS_KEY(&offset, fake_srk, &srkKeyContainer);
if ((result = ps_write_key(&SRK_UUID, &NULL_UUID, NULL, 0, fake_srk,
offset))) {
destroy_key_refs(&srkKeyContainer);
LogError("Error writing SRK to disk");
*srkKeySize = 0;
free(*srkKey);
goto done;
}
srkKeyContainer.pubKey.key = save;
}
#endif
if ((result = mc_add_entry_init(SRK_TPM_HANDLE, SRK_TPM_HANDLE, &srkKeyContainer,
&SRK_UUID))) {
destroy_key_refs(&srkKeyContainer);
LogError("Error creating SRK mem cache entry");
*srkKeySize = 0;
free(*srkKey);
}
destroy_key_refs(&srkKeyContainer);
}
LogResult("TakeOwnership", result);
done:
auth_mgr_release_auth(ownerAuth, NULL, hContext);
return result;
}