diff options
author | Igor Pashev <pashev.igor@gmail.com> | 2012-11-25 14:36:20 +0000 |
---|---|---|
committer | Igor Pashev <pashev.igor@gmail.com> | 2012-11-25 14:36:20 +0000 |
commit | c3649a2def02c41d837ae1f79dda729ccb91e677 (patch) | |
tree | bea46dff212fdef977fe9094a70a939e8cc21885 /src/tspi/obj_rsakey.c | |
download | trousers-upstream.tar.gz |
Imported Upstream version 0.3.9upstream/0.3.9upstream
Diffstat (limited to 'src/tspi/obj_rsakey.c')
-rw-r--r-- | src/tspi/obj_rsakey.c | 2136 |
1 files changed, 2136 insertions, 0 deletions
diff --git a/src/tspi/obj_rsakey.c b/src/tspi/obj_rsakey.c new file mode 100644 index 0000000..3f509f1 --- /dev/null +++ b/src/tspi/obj_rsakey.c @@ -0,0 +1,2136 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2005, 2007 + * + */ + + +#include <stdlib.h> +#include <stdio.h> +#include <errno.h> +#include <string.h> +#include <inttypes.h> + +#include "trousers/tss.h" +#include "trousers/trousers.h" +#include "trousers_types.h" +#include "spi_utils.h" +#include "capabilities.h" +#include "tsplog.h" +#include "obj.h" + +TSS_RESULT +obj_rsakey_add(TSS_HCONTEXT tspContext, TSS_FLAG initFlags, TSS_HOBJECT *phObject) +{ + UINT64 offset; + TSS_RESULT result; + TCPA_RSA_KEY_PARMS rsaKeyParms; + TSS_FLAG flags = 0; + struct tr_rsakey_obj *rsakey = calloc(1, sizeof(struct tr_rsakey_obj)); + TPM_STRUCT_VER ver = { 1, 1, 0, 0 }; // Must be 1.1.0.0 for 1.2 TPMs + UINT32 ctx_ver; + + if (rsakey == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(struct tr_rsakey_obj)); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + if ((result = obj_context_get_policy(tspContext, TSS_POLICY_USAGE, &rsakey->usagePolicy))) { + free(rsakey); + return result; + } + + if ((initFlags & TSS_KEY_STRUCT_BITMASK) == TSS_KEY_STRUCT_DEFAULT) { + /* Its not set, go with the context's default */ + if ((result = obj_context_get_connection_version(tspContext, &ctx_ver))) { + free(rsakey); + return result; + } + + switch (ctx_ver) { + case TSS_TSPATTRIB_CONTEXT_VERSION_V1_2: + initFlags |= TSS_KEY_STRUCT_KEY12; + break; + case TSS_TSPATTRIB_CONTEXT_VERSION_V1_1: + /* fall through */ + default: + initFlags |= TSS_KEY_STRUCT_KEY; + break; + } + } + + offset = 0; + switch (initFlags & TSS_KEY_STRUCT_BITMASK) { + case TSS_KEY_STRUCT_KEY: + rsakey->key.hdr.key11.ver = ver; + rsakey->type = TSS_KEY_STRUCT_KEY; + rsakey->pcrInfoType = TSS_PCRS_STRUCT_INFO; + rsakey->key.keyFlags = 0; + break; + case TSS_KEY_STRUCT_KEY12: + rsakey->key.hdr.key12.tag = TPM_TAG_KEY12; + rsakey->key.hdr.key12.fill = 0; + rsakey->type = TSS_KEY_STRUCT_KEY12; + rsakey->pcrInfoType = TSS_PCRS_STRUCT_INFO_LONG; + rsakey->key.keyFlags = TPM_PCRIGNOREDONREAD; + break; + default: + free(rsakey); + return TSPERR(TSS_E_INVALID_OBJECT_INITFLAG); + break; + } + + if (initFlags == TSS_KEY_EMPTY_KEY) + goto add_key; + + memset(&rsaKeyParms, 0, sizeof(TCPA_RSA_KEY_PARMS)); + + rsakey->key.algorithmParms.algorithmID = TCPA_ALG_RSA; + rsakey->key.algorithmParms.parmSize = sizeof(TCPA_RSA_KEY_PARMS); + + rsakey->key.algorithmParms.parms = calloc(1, sizeof(TCPA_RSA_KEY_PARMS)); + if (rsakey->key.algorithmParms.parms == NULL) { + LogError("calloc of %u bytes failed.", rsakey->key.algorithmParms.parmSize); + free(rsakey); + return TSPERR(TSS_E_OUTOFMEMORY); + } + rsaKeyParms.exponentSize = 0; + rsaKeyParms.numPrimes = 2; + + rsakey->key.pubKey.keyLength = 0; + rsakey->key.encSize = 0; + rsakey->key.PCRInfoSize = 0; + + /* End of all the default stuff */ + + if (initFlags & TSS_KEY_VOLATILE) + rsakey->key.keyFlags |= TPM_VOLATILE; + if (initFlags & TSS_KEY_MIGRATABLE) + rsakey->key.keyFlags |= TPM_MIGRATABLE; + if (initFlags & TSS_KEY_AUTHORIZATION) { + rsakey->key.authDataUsage = TPM_AUTH_ALWAYS; + flags |= TSS_OBJ_FLAG_USAGEAUTH; + } + +#ifdef TSS_BUILD_CMK + if (initFlags & TSS_KEY_CERTIFIED_MIGRATABLE) { + if (rsakey->type == TSS_KEY_STRUCT_KEY) { + free(rsakey); + return TSPERR(TSS_E_BAD_PARAMETER); + } + rsakey->key.keyFlags |= TPM_MIGRATEAUTHORITY; + } +#endif + + /* set the key length */ + if ((initFlags & TSS_KEY_SIZE_MASK) == TSS_KEY_SIZE_512) { + rsaKeyParms.keyLength = 512; + } else if ((initFlags & TSS_KEY_SIZE_MASK) == TSS_KEY_SIZE_1024) { + rsaKeyParms.keyLength = 1024; + } else if ((initFlags & TSS_KEY_SIZE_MASK) == TSS_KEY_SIZE_2048) { + rsaKeyParms.keyLength = 2048; + } else if ((initFlags & TSS_KEY_SIZE_MASK) == TSS_KEY_SIZE_4096) { + rsaKeyParms.keyLength = 4096; + } else if ((initFlags & TSS_KEY_SIZE_MASK) == TSS_KEY_SIZE_8192) { + rsaKeyParms.keyLength = 8192; + } else if ((initFlags & TSS_KEY_SIZE_MASK) == TSS_KEY_SIZE_16384) { + rsaKeyParms.keyLength = 16384; + } + + /* assign encryption and signature schemes */ + if ((initFlags & TSS_KEY_TYPE_MASK) == TSS_KEY_TYPE_SIGNING) { + rsakey->key.keyUsage = TPM_KEY_SIGNING; + rsakey->key.algorithmParms.encScheme = TCPA_ES_NONE; + rsakey->key.algorithmParms.sigScheme = TCPA_SS_RSASSAPKCS1v15_SHA1; + } else if ((initFlags & TSS_KEY_TYPE_MASK) == TSS_KEY_TYPE_BIND) { + rsakey->key.keyUsage = TPM_KEY_BIND; + rsakey->key.algorithmParms.encScheme = TCPA_ES_RSAESOAEP_SHA1_MGF1; + rsakey->key.algorithmParms.sigScheme = TCPA_SS_NONE; + } else if ((initFlags & TSS_KEY_TYPE_MASK) == TSS_KEY_TYPE_LEGACY) { + rsakey->key.keyUsage = TPM_KEY_LEGACY; + rsakey->key.algorithmParms.encScheme = TCPA_ES_RSAESOAEP_SHA1_MGF1; + rsakey->key.algorithmParms.sigScheme = TCPA_SS_RSASSAPKCS1v15_SHA1; + } else if ((initFlags & TSS_KEY_TYPE_MASK) == TSS_KEY_TYPE_STORAGE) { + rsakey->key.keyUsage = TPM_KEY_STORAGE; + rsakey->key.algorithmParms.encScheme = TCPA_ES_RSAESOAEP_SHA1_MGF1; + rsakey->key.algorithmParms.sigScheme = TCPA_SS_NONE; + } else if ((initFlags & TSS_KEY_TYPE_MASK) == TSS_KEY_TYPE_IDENTITY) { + rsakey->key.keyUsage = TPM_KEY_IDENTITY; + rsakey->key.algorithmParms.encScheme = TCPA_ES_NONE; + rsakey->key.algorithmParms.sigScheme = TCPA_SS_RSASSAPKCS1v15_SHA1; + } else if ((initFlags & TSS_KEY_TYPE_MASK) == TSS_KEY_TYPE_AUTHCHANGE) { + rsakey->key.keyUsage = TPM_KEY_AUTHCHANGE; + rsakey->key.algorithmParms.encScheme = TCPA_ES_RSAESOAEP_SHA1_MGF1; + rsakey->key.algorithmParms.sigScheme = TCPA_SS_NONE; + } + + /* Load the RSA key parms into the blob in the TCPA_KEY_PARMS pointer. + * If the exponent is left NULL, the parmSize variable will change + * here */ + offset = 0; + Trspi_LoadBlob_RSA_KEY_PARMS(&offset, rsakey->key.algorithmParms.parms, &rsaKeyParms); + rsakey->key.algorithmParms.parmSize = offset; + +add_key: + if ((result = obj_list_add(&rsakey_list, tspContext, flags, rsakey, phObject))) { + free(rsakey->key.algorithmParms.parms); + free(rsakey); + return result; + } + + return TSS_SUCCESS; +} + +/* Add a new rsakey to the list when its pulled from user PS */ +TSS_RESULT +obj_rsakey_add_by_key(TSS_HCONTEXT tspContext, TSS_UUID *uuid, BYTE *key, TSS_FLAG flags, + TSS_HKEY *phKey) +{ + TSS_RESULT result; + UINT64 offset; + struct tr_rsakey_obj *rsakey = calloc(1, sizeof(struct tr_rsakey_obj)); + + if (rsakey == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(struct tr_rsakey_obj)); + return TSPERR(TSS_E_OUTOFMEMORY); + } + + memcpy(&rsakey->uuid, uuid, sizeof(TSS_UUID)); + + offset = 0; + if ((result = UnloadBlob_TSS_KEY(&offset, key, &rsakey->key))) { + free(rsakey); + return result; + } + if (rsakey->key.hdr.key12.tag == TPM_TAG_KEY12) + rsakey->type = TSS_KEY_STRUCT_KEY12; + else + rsakey->type = TSS_KEY_STRUCT_KEY; + + flags |= TSS_OBJ_FLAG_KEY_SET; + if (rsakey->key.authDataUsage) + flags |= TSS_OBJ_FLAG_USAGEAUTH; + + if ((result = obj_context_get_policy(tspContext, TSS_POLICY_USAGE, &rsakey->usagePolicy))) { + free(rsakey); + return result; + } + + if ((result = obj_list_add(&rsakey_list, tspContext, flags, rsakey, phKey))) { + free_key_refs(&rsakey->key); + free(rsakey); + return result; + } + + return TSS_SUCCESS; +} + +TSS_BOOL +obj_is_rsakey(TSS_HOBJECT hObject) +{ + TSS_BOOL answer = FALSE; + + if ((obj_list_get_obj(&rsakey_list, hObject))) { + answer = TRUE; + obj_list_put(&rsakey_list); + } + + return answer; +} + +TSS_RESULT +obj_rsakey_set_flags(TSS_HKEY hKey, UINT32 flags) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (obj->flags & TSS_OBJ_FLAG_KEY_SET) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + rsakey = (struct tr_rsakey_obj *)obj->data; + rsakey->key.keyFlags = flags; +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_set_size(TSS_HKEY hKey, UINT32 len) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (obj->flags & TSS_OBJ_FLAG_KEY_SET) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + rsakey = (struct tr_rsakey_obj *)obj->data; + rsakey->key.pubKey.keyLength = len/8; +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_set_key_parms(TSS_HKEY hKey, TCPA_KEY_PARMS *parms) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (obj->flags & TSS_OBJ_FLAG_KEY_SET) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + rsakey = (struct tr_rsakey_obj *)obj->data; + + free(rsakey->key.algorithmParms.parms); + + memcpy(&rsakey->key.algorithmParms, parms, sizeof(TCPA_KEY_PARMS)); + + if (parms->parmSize > 0) { + if ((rsakey->key.algorithmParms.parms = + malloc(parms->parmSize)) == NULL) { + LogError("calloc of %d bytes failed.", parms->parmSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + memcpy(rsakey->key.algorithmParms.parms, parms->parms, + parms->parmSize); + } else { + rsakey->key.algorithmParms.parms = NULL; + } + +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_set_policy(TSS_HKEY hKey, TSS_HPOLICY hPolicy) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + UINT32 policyType; + TSS_RESULT result = TSS_SUCCESS; + + if ((result = obj_policy_get_type(hPolicy, &policyType))) + return result; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + switch (policyType) { + case TSS_POLICY_USAGE: + rsakey->usagePolicy = hPolicy; + break; + case TSS_POLICY_MIGRATION: + rsakey->migPolicy = hPolicy; + break; + default: + result = TSPERR(TSS_E_BAD_PARAMETER); + } + + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_set_pstype(TSS_HKEY hKey, UINT32 type) +{ + struct tsp_object *obj; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + switch (type) { + case TSS_PS_TYPE_USER: + obj->flags |= TSS_OBJ_FLAG_USER_PS; + obj->flags &= ~TSS_OBJ_FLAG_SYSTEM_PS; + break; + case TSS_PS_TYPE_SYSTEM: + obj->flags |= TSS_OBJ_FLAG_SYSTEM_PS; + obj->flags &= ~TSS_OBJ_FLAG_USER_PS; + break; + case TSS_PS_TYPE_NO: + default: + obj->flags &= ~TSS_OBJ_FLAG_USER_PS; + obj->flags &= ~TSS_OBJ_FLAG_SYSTEM_PS; + break; + } + + obj_list_put(&rsakey_list); + + return TSS_SUCCESS; +} + +/* WARN: Nobody should call this function directly except for the + * Get/Set Attrib functions. The TCPA_KEY structure wants values + * for keyUsage to be TPM_KEY_* values, and this function translates + * to TSS_KEYUSAGE_* values for passing to an app. */ +TSS_RESULT +obj_rsakey_get_usage(TSS_HKEY hKey, UINT32 *usage) +{ + TSS_RESULT result = TSS_SUCCESS; + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + switch (rsakey->key.keyUsage) { + case TPM_KEY_SIGNING: + *usage = TSS_KEYUSAGE_SIGN; + break; + case TPM_KEY_BIND: + *usage = TSS_KEYUSAGE_BIND; + break; + case TPM_KEY_LEGACY: + *usage = TSS_KEYUSAGE_LEGACY; + break; + case TPM_KEY_AUTHCHANGE: + *usage = TSS_KEYUSAGE_AUTHCHANGE; + break; + case TPM_KEY_IDENTITY: + *usage = TSS_KEYUSAGE_IDENTITY; + break; + case TPM_KEY_STORAGE: + *usage = TSS_KEYUSAGE_STORAGE; + break; + default: + result = TSPERR(TSS_E_INVALID_ATTRIB_DATA); + break; + } + + obj_list_put(&rsakey_list); + + return result; +} + +/* WARN: Nobody should call this function directly except for the + * Get/Set Attrib functions. The TCPA_KEY structure wants values + * for keyUsage to be TPM_KEY_* values, and this function translates + * to TSS_KEYUSAGE_* values for passing to an app. */ +TSS_RESULT +obj_rsakey_set_usage(TSS_HKEY hKey, UINT32 usage) +{ + TSS_RESULT result = TSS_SUCCESS; + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (obj->flags & TSS_OBJ_FLAG_KEY_SET) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + rsakey = (struct tr_rsakey_obj *)obj->data; + + switch (usage) { + case TSS_KEYUSAGE_SIGN: + rsakey->key.keyUsage = TPM_KEY_SIGNING; + break; + case TSS_KEYUSAGE_BIND: + rsakey->key.keyUsage = TPM_KEY_BIND; + break; + case TSS_KEYUSAGE_LEGACY: + rsakey->key.keyUsage = TPM_KEY_LEGACY; + break; + case TSS_KEYUSAGE_AUTHCHANGE: + rsakey->key.keyUsage = TPM_KEY_AUTHCHANGE; + break; + case TSS_KEYUSAGE_IDENTITY: + rsakey->key.keyUsage = TPM_KEY_IDENTITY; + break; + case TSS_KEYUSAGE_STORAGE: + rsakey->key.keyUsage = TPM_KEY_STORAGE; + break; + default: + result = TSPERR(TSS_E_INVALID_ATTRIB_DATA); + break; + } +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_set_migratable(TSS_HKEY hKey, UINT32 mig) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (obj->flags & TSS_OBJ_FLAG_KEY_SET) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + rsakey = (struct tr_rsakey_obj *)obj->data; + if (mig) + rsakey->key.keyFlags |= TPM_MIGRATABLE; + else + rsakey->key.keyFlags &= (~TPM_MIGRATABLE); +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_set_redirected(TSS_HKEY hKey, UINT32 redir) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (obj->flags & TSS_OBJ_FLAG_KEY_SET) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + rsakey = (struct tr_rsakey_obj *)obj->data; + if (redir) + rsakey->key.keyFlags |= TPM_REDIRECTION; + else + rsakey->key.keyFlags &= (~TPM_REDIRECTION); +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_set_volatile(TSS_HKEY hKey, UINT32 vol) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (obj->flags & TSS_OBJ_FLAG_KEY_SET) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + rsakey = (struct tr_rsakey_obj *)obj->data; + if (vol) + rsakey->key.keyFlags |= TPM_VOLATILE; + else + rsakey->key.keyFlags &= (~TPM_VOLATILE); +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_get_authdata_usage(TSS_HKEY hKey, UINT32 *usage) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + *usage = (UINT32)rsakey->key.authDataUsage ? TRUE : FALSE; + + obj_list_put(&rsakey_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_rsakey_set_authdata_usage(TSS_HKEY hKey, UINT32 usage) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (obj->flags & TSS_OBJ_FLAG_KEY_SET) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + rsakey = (struct tr_rsakey_obj *)obj->data; + + rsakey->key.authDataUsage = (BYTE)usage; + if (usage) + obj->flags |= TSS_OBJ_FLAG_USAGEAUTH; + else + obj->flags &= ~TSS_OBJ_FLAG_USAGEAUTH; +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_get_alg(TSS_HKEY hKey, UINT32 *alg) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + switch (rsakey->key.algorithmParms.algorithmID) { + case TCPA_ALG_RSA: + *alg = TSS_ALG_RSA; + break; + default: + *alg = rsakey->key.algorithmParms.algorithmID; + break; + } + + obj_list_put(&rsakey_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_rsakey_set_alg(TSS_HKEY hKey, UINT32 alg) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (obj->flags & TSS_OBJ_FLAG_KEY_SET) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + rsakey = (struct tr_rsakey_obj *)obj->data; + switch (alg) { + case TSS_ALG_RSA: + rsakey->key.algorithmParms.algorithmID = TCPA_ALG_RSA; + break; + default: + rsakey->key.algorithmParms.algorithmID = alg; + break; + } +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_get_es(TSS_HKEY hKey, UINT32 *es) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + /* translate TPM numbers to TSS numbers */ + switch (rsakey->key.algorithmParms.encScheme) { + case TCPA_ES_NONE: + *es = TSS_ES_NONE; + break; + case TCPA_ES_RSAESPKCSv15: + *es = TSS_ES_RSAESPKCSV15; + break; + case TCPA_ES_RSAESOAEP_SHA1_MGF1: + *es = TSS_ES_RSAESOAEP_SHA1_MGF1; + break; + default: + *es = rsakey->key.algorithmParms.encScheme; + break; + } + + obj_list_put(&rsakey_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_rsakey_set_es(TSS_HKEY hKey, UINT32 es) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (obj->flags & TSS_OBJ_FLAG_KEY_SET) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + rsakey = (struct tr_rsakey_obj *)obj->data; + + /* translate TSS numbers to TPM numbers */ + switch (es) { + case TSS_ES_NONE: + rsakey->key.algorithmParms.encScheme = TCPA_ES_NONE; + break; + case TSS_ES_RSAESPKCSV15: + rsakey->key.algorithmParms.encScheme = TCPA_ES_RSAESPKCSv15; + break; + case TSS_ES_RSAESOAEP_SHA1_MGF1: + rsakey->key.algorithmParms.encScheme = TCPA_ES_RSAESOAEP_SHA1_MGF1; + break; + default: + rsakey->key.algorithmParms.encScheme = es; + break; + } +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_get_ss(TSS_HKEY hKey, UINT32 *ss) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + /* translate TPM numbers to TSS numbers */ + switch (rsakey->key.algorithmParms.sigScheme) { + case TCPA_SS_NONE: + *ss = TSS_SS_NONE; + break; + case TCPA_SS_RSASSAPKCS1v15_SHA1: + *ss = TSS_SS_RSASSAPKCS1V15_SHA1; + break; + case TCPA_SS_RSASSAPKCS1v15_DER: + *ss = TSS_SS_RSASSAPKCS1V15_DER; + break; + case TCPA_SS_RSASSAPKCS1v15_INFO: + *ss = TSS_SS_RSASSAPKCS1V15_INFO; + break; + default: + *ss = rsakey->key.algorithmParms.sigScheme; + break; + } + + + obj_list_put(&rsakey_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_rsakey_set_ss(TSS_HKEY hKey, UINT32 ss) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (obj->flags & TSS_OBJ_FLAG_KEY_SET) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + rsakey = (struct tr_rsakey_obj *)obj->data; + + /* translate TSS numbers to TPM numbers */ + switch (ss) { + case TSS_SS_NONE: + rsakey->key.algorithmParms.sigScheme = TCPA_SS_NONE; + break; + case TSS_SS_RSASSAPKCS1V15_SHA1: + rsakey->key.algorithmParms.sigScheme = TCPA_SS_RSASSAPKCS1v15_SHA1; + break; + case TSS_SS_RSASSAPKCS1V15_DER: + rsakey->key.algorithmParms.sigScheme = TCPA_SS_RSASSAPKCS1v15_DER; + break; + case TSS_SS_RSASSAPKCS1V15_INFO: + rsakey->key.algorithmParms.sigScheme = TCPA_SS_RSASSAPKCS1v15_INFO; + break; + default: + rsakey->key.algorithmParms.sigScheme = ss; + break; + } +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_set_num_primes(TSS_HKEY hKey, UINT32 num) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (obj->flags & TSS_OBJ_FLAG_KEY_SET) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + rsakey = (struct tr_rsakey_obj *)obj->data; + UINT32ToArray(num, &rsakey->key.algorithmParms.parms[4]); +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_get_num_primes(TSS_HKEY hKey, UINT32 *num) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TCPA_RSA_KEY_PARMS *parms; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + parms = (TCPA_RSA_KEY_PARMS *)rsakey->key.algorithmParms.parms; + *num = endian32(parms->numPrimes); + + obj_list_put(&rsakey_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_rsakey_get_flags(TSS_HKEY hKey, UINT32 *flags) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + *flags = rsakey->key.keyFlags; + + obj_list_put(&rsakey_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_rsakey_get_size(TSS_HKEY hKey, UINT32 *len) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + switch (rsakey->key.pubKey.keyLength) { + case 512/8: + *len = TSS_KEY_SIZEVAL_512BIT; + break; + case 1024/8: + *len = TSS_KEY_SIZEVAL_1024BIT; + break; + case 2048/8: + *len = TSS_KEY_SIZEVAL_2048BIT; + break; + default: + *len = rsakey->key.pubKey.keyLength * 8; + break; + } + + obj_list_put(&rsakey_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_rsakey_get_pstype(TSS_HKEY hKey, UINT32 *type) +{ + struct tsp_object *obj; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (obj->flags & TSS_OBJ_FLAG_SYSTEM_PS) + *type = TSS_PS_TYPE_SYSTEM; + else if (obj->flags & TSS_OBJ_FLAG_USER_PS) + *type = TSS_PS_TYPE_USER; + else + *type = TSS_PS_TYPE_NO; + + obj_list_put(&rsakey_list); + + return TSS_SUCCESS; +} + +TSS_BOOL +obj_rsakey_is_migratable(TSS_HKEY hKey) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_BOOL answer = FALSE; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return answer; + + rsakey = (struct tr_rsakey_obj *)obj->data; + if (rsakey->key.keyFlags & TPM_MIGRATABLE) + answer = TRUE; + + obj_list_put(&rsakey_list); + + return answer; +} + +TSS_BOOL +obj_rsakey_is_redirected(TSS_HKEY hKey) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_BOOL answer = FALSE; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return answer; + + rsakey = (struct tr_rsakey_obj *)obj->data; + if (rsakey->key.keyFlags & TPM_REDIRECTION) + answer = TRUE; + + obj_list_put(&rsakey_list); + + return answer; +} + +TSS_BOOL +obj_rsakey_is_volatile(TSS_HKEY hKey) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_BOOL answer = FALSE; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return answer; + + rsakey = (struct tr_rsakey_obj *)obj->data; + if (rsakey->key.keyFlags & TPM_VOLATILE) + answer = TRUE; + + obj_list_put(&rsakey_list); + + return answer; +} + +TSS_RESULT +obj_rsakey_get_tsp_context(TSS_HKEY hKey, TSS_HCONTEXT *tspContext) +{ + struct tsp_object *obj; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + *tspContext = obj->tspContext; + + obj_list_put(&rsakey_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_rsakey_get_policies(TSS_HKEY hKey, TSS_HPOLICY *usage, TSS_HPOLICY *mig, TSS_BOOL *auth) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + *mig = rsakey->migPolicy; + *usage = rsakey->usagePolicy; + *auth = rsakey->key.authDataUsage ? TRUE : FALSE; + + obj_list_put(&rsakey_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_rsakey_get_policy(TSS_HKEY hKey, UINT32 policyType, + TSS_HPOLICY *phPolicy, TSS_BOOL *auth) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + switch (policyType) { + case TSS_POLICY_USAGE: + *phPolicy = rsakey->usagePolicy; + if (auth != NULL) { + if (obj->flags & TSS_OBJ_FLAG_USAGEAUTH) + *auth = TRUE; + else + *auth = FALSE; + } + break; + case TSS_POLICY_MIGRATION: + if (!rsakey->migPolicy) { + result = TSPERR(TSS_E_KEY_NO_MIGRATION_POLICY); + break; + } + + *phPolicy = rsakey->migPolicy; + if (auth != NULL) { + if (obj->flags & TSS_OBJ_FLAG_MIGAUTH) + *auth = TRUE; + else + *auth = FALSE; + } + break; + default: + result = TSPERR(TSS_E_BAD_PARAMETER); + } + + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_get_blob(TSS_HKEY hKey, UINT32 *size, BYTE **data) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + UINT64 offset; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + offset = 0; + LoadBlob_TSS_KEY(&offset, NULL, &rsakey->key); + + *data = calloc_tspi(obj->tspContext, offset); + if (*data == NULL) { + LogError("malloc of %" PRIu64 " bytes failed.", offset); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + offset = 0; + LoadBlob_TSS_KEY(&offset, *data, &rsakey->key); + *size = offset; + +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_get_priv_blob(TSS_HKEY hKey, UINT32 *size, BYTE **data) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + *data = calloc_tspi(obj->tspContext, rsakey->key.encSize); + if (*data == NULL) { + LogError("malloc of %u bytes failed.", rsakey->key.encSize); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + *size = rsakey->key.encSize; + memcpy(*data, rsakey->key.encData, rsakey->key.encSize); + +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_get_modulus(TSS_HKEY hKey, UINT32 *size, BYTE **data) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + /* if this key object represents the SRK and the public key + * data here is all 0's, then we shouldn't return it, we + * should return TSS_E_BAD_PARAMETER. This is part of protecting + * the SRK public key. */ + if (rsakey->tcsHandle == TPM_KEYHND_SRK) { + BYTE zeroBlob[2048] = { 0, }; + + if (!memcmp(rsakey->key.pubKey.key, zeroBlob, rsakey->key.pubKey.keyLength)) { + result = TSPERR(TSS_E_BAD_PARAMETER); + goto done; + } + } + + *data = calloc_tspi(obj->tspContext, rsakey->key.pubKey.keyLength); + if (*data == NULL) { + LogError("malloc of %u bytes failed.", rsakey->key.pubKey.keyLength); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + *size = rsakey->key.pubKey.keyLength; + memcpy(*data, rsakey->key.pubKey.key, rsakey->key.pubKey.keyLength); + +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_set_modulus(TSS_HKEY hKey, UINT32 size, BYTE *data) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + BYTE *free_ptr; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (obj->flags & TSS_OBJ_FLAG_KEY_SET) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + rsakey = (struct tr_rsakey_obj *)obj->data; + + free_ptr = rsakey->key.pubKey.key; + + rsakey->key.pubKey.key = malloc(size); + if (rsakey->key.pubKey.key == NULL) { + rsakey->key.pubKey.key = free_ptr; // restore + LogError("malloc of %u bytes failed.", size); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + rsakey->key.pubKey.keyLength = size; + memcpy(rsakey->key.pubKey.key, data, size); + +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_get_pub_blob(TSS_HKEY hKey, UINT32 *size, BYTE **data) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + UINT64 offset; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + /* if this key object represents the SRK and the public key + * data here is all 0's, then we shouldn't return it, we + * should return TSS_E_BAD_PARAMETER. This is part of protecting + * the SRK public key. */ + if (rsakey->tcsHandle == TPM_KEYHND_SRK) { + BYTE zeroBlob[2048] = { 0, }; + + if (!memcmp(rsakey->key.pubKey.key, zeroBlob, rsakey->key.pubKey.keyLength)) { + result = TSPERR(TSS_E_BAD_PARAMETER); + goto done; + } + } + + offset = 0; + Trspi_LoadBlob_KEY_PARMS(&offset, NULL, &rsakey->key.algorithmParms); + Trspi_LoadBlob_STORE_PUBKEY(&offset, NULL, &rsakey->key.pubKey); + + *data = calloc_tspi(obj->tspContext, offset); + if (*data == NULL) { + LogError("malloc of %" PRIu64 " bytes failed.", offset); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + offset = 0; + Trspi_LoadBlob_KEY_PARMS(&offset, *data, &rsakey->key.algorithmParms); + Trspi_LoadBlob_STORE_PUBKEY(&offset, *data, &rsakey->key.pubKey); + *size = offset; + +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_get_version(TSS_HKEY hKey, UINT32 *size, BYTE **data) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + UINT64 offset; + TPM_STRUCT_VER ver = {1, 2, 0, 0}, *pVer; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + if (rsakey->key.hdr.key12.tag == TPM_TAG_KEY12) + pVer = &ver; + else + pVer = &rsakey->key.hdr.key11.ver; + + offset = 0; + Trspi_LoadBlob_TCPA_VERSION(&offset, NULL, *pVer); + + *data = calloc_tspi(obj->tspContext, offset); + if (*data == NULL) { + LogError("malloc of %" PRIu64 " bytes failed.", offset); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + offset = 0; + Trspi_LoadBlob_TCPA_VERSION(&offset, *data, *pVer); + *size = offset; + +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_get_exponent(TSS_HKEY hKey, UINT32 *size, BYTE **data) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + TCPA_RSA_KEY_PARMS *parms; + BYTE default_exp[3] = { 0x1, 0x0, 0x1 }; + UINT32 offset; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + parms = (TCPA_RSA_KEY_PARMS *)rsakey->key.algorithmParms.parms; + offset = parms->exponentSize; + + /* see TPM 1.1b spec pg. 51. If exponentSize is 0, we're using the + * default exponent of 2^16 + 1. */ + if (offset == 0) { + offset = 3; + *data = calloc_tspi(obj->tspContext, offset); + if (*data == NULL) { + LogError("malloc of %u bytes failed.", offset); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + *size = offset; + memcpy(*data, default_exp, offset); + } else { + *data = calloc_tspi(obj->tspContext, offset); + if (*data == NULL) { + LogError("malloc of %u bytes failed.", offset); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + *size = offset; + memcpy(*data, parms->exponent, offset); + } + +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_set_exponent(TSS_HKEY hKey, UINT32 size, BYTE *data) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + TCPA_RSA_KEY_PARMS *parms; + BYTE *free_ptr; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (obj->flags & TSS_OBJ_FLAG_KEY_SET) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + rsakey = (struct tr_rsakey_obj *)obj->data; + parms = (TCPA_RSA_KEY_PARMS *)rsakey->key.algorithmParms.parms; + + free_ptr = parms->exponent; + + parms->exponent = malloc(size); + if (parms->exponent == NULL) { + parms->exponent = free_ptr; // restore + LogError("malloc of %u bytes failed.", size); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + parms->exponentSize = size; + memcpy(parms->exponent, data, size); +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_get_uuid(TSS_HKEY hKey, UINT32 *size, BYTE **data) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + UINT64 offset; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + offset = 0; + Trspi_LoadBlob_UUID(&offset, NULL, rsakey->uuid); + + *data = calloc_tspi(obj->tspContext, offset); + if (*data == NULL) { + LogError("malloc of %" PRIu64 " bytes failed.", offset); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + offset = 0; + Trspi_LoadBlob_UUID(&offset, *data, rsakey->uuid); + *size = offset; + +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_set_uuid(TSS_HKEY hKey, TSS_FLAG ps_type, TSS_UUID *uuid) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + memcpy(&rsakey->uuid, uuid, sizeof(TSS_UUID)); + + switch (ps_type) { + case TSS_PS_TYPE_SYSTEM: + obj->flags |= TSS_OBJ_FLAG_SYSTEM_PS; + obj->flags &= ~TSS_OBJ_FLAG_USER_PS; + break; + case TSS_PS_TYPE_USER: + obj->flags |= TSS_OBJ_FLAG_USER_PS; + obj->flags &= ~TSS_OBJ_FLAG_SYSTEM_PS; + break; + case TSS_PS_TYPE_NO: + default: + obj->flags &= ~TSS_OBJ_FLAG_USER_PS; + obj->flags &= ~TSS_OBJ_FLAG_SYSTEM_PS; + break; + } + + obj_list_put(&rsakey_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_rsakey_set_tcs_handle(TSS_HKEY hKey, TCS_KEY_HANDLE tcsHandle) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + rsakey->tcsHandle = tcsHandle; + + obj_list_put(&rsakey_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_rsakey_get_tcs_handle(TSS_HKEY hKey, TCS_KEY_HANDLE *tcsHandle) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + if (rsakey->tcsHandle) + *tcsHandle = rsakey->tcsHandle; + else + result = TSPERR(TSS_E_KEY_NOT_LOADED); + + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_set_tcpakey(TSS_HKEY hKey, UINT32 size, BYTE *data) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + UINT64 offset; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + free_key_refs(&rsakey->key); + + offset = 0; + if ((result = UnloadBlob_TSS_KEY(&offset, data, &rsakey->key))) + goto done; + if (rsakey->key.hdr.key12.tag == TPM_TAG_KEY12) + rsakey->type = TSS_KEY_STRUCT_KEY12; + else + rsakey->type = TSS_KEY_STRUCT_KEY; + + if (rsakey->key.authDataUsage) + obj->flags |= TSS_OBJ_FLAG_USAGEAUTH; + else + obj->flags &= ~TSS_OBJ_FLAG_USAGEAUTH; + + if (rsakey->key.PCRInfoSize && rsakey->key.PCRInfo) { + offset = 0; + if (rsakey->type == TSS_KEY_STRUCT_KEY12) { + if ((result = Trspi_UnloadBlob_PCR_INFO_LONG(&offset, rsakey->key.PCRInfo, + &rsakey->pcrInfo.infolong))) + goto done; + } else { + if ((result = Trspi_UnloadBlob_PCR_INFO(&offset, rsakey->key.PCRInfo, + &rsakey->pcrInfo.info11))) + goto done; + } + } + + obj->flags |= TSS_OBJ_FLAG_KEY_SET; +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_get_pcr_digest(TSS_HKEY hKey, + TSS_FLAG pcrInfoType, + TSS_FLAG dir, + UINT32 *size, + BYTE **data) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + TPM_DIGEST *digest = NULL; + UINT64 offset; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + if (pcrInfoType != rsakey->pcrInfoType) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + switch (pcrInfoType) { + case TSS_PCRS_STRUCT_INFO: + if (dir == TSS_TSPATTRIB_KEYPCR_DIGEST_ATCREATION) + digest = &rsakey->pcrInfo.info11.digestAtCreation; + else if (dir == TSS_TSPATTRIB_KEYPCR_DIGEST_ATRELEASE) + digest = &rsakey->pcrInfo.info11.digestAtRelease; + else { + result = TSPERR(TSS_E_BAD_PARAMETER); + goto done; + } + break; + case TSS_PCRS_STRUCT_INFO_LONG: + if (dir == TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION) + digest = &rsakey->pcrInfo.infolong.digestAtCreation; + else if (dir == TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE) + digest = &rsakey->pcrInfo.infolong.digestAtRelease; + else { + result = TSPERR(TSS_E_BAD_PARAMETER); + goto done; + } + break; + default: + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *size = sizeof(TPM_DIGEST); + + if ((*data = calloc_tspi(obj->tspContext, *size)) == NULL) { + LogError("malloc of %u bytes failed.", *size); + *size = 0; + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + offset = 0; + Trspi_LoadBlob_DIGEST(&offset, *data, digest); +done: + obj_list_put(&rsakey_list); + + return result; +} + + +TSS_RESULT +obj_rsakey_get_pcr_locality(TSS_HKEY hKey, TSS_FLAG dir, UINT32 *locality) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + if (rsakey->pcrInfoType == TSS_PCRS_STRUCT_INFO_LONG) { + if (dir == TSS_TSPATTRIB_KEYPCRLONG_LOCALITY_ATCREATION) + *locality = rsakey->pcrInfo.infolong.localityAtCreation; + else if (dir == TSS_TSPATTRIB_KEYPCRLONG_LOCALITY_ATRELEASE) + *locality = rsakey->pcrInfo.infolong.localityAtRelease; + else + result = TSPERR(TSS_E_BAD_PARAMETER); + } else + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_get_pcr_selection(TSS_HKEY hKey, + UINT32 pcrInfoType, + TSS_FLAG dir, + UINT32 *size, + BYTE **data) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + UINT64 offset; + TPM_PCR_SELECTION *selection = NULL; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + if (pcrInfoType != rsakey->pcrInfoType) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + switch (pcrInfoType) { + case TSS_PCRS_STRUCT_INFO: + if (dir == TSS_TSPATTRIB_KEYPCR_SELECTION) + selection = &rsakey->pcrInfo.info11.pcrSelection; + else { + result = TSPERR(TSS_E_BAD_PARAMETER); + goto done; + } + break; + case TSS_PCRS_STRUCT_INFO_LONG: + if (dir == TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION) + selection = &rsakey->pcrInfo.infolong.creationPCRSelection; + else if (dir == TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION) + selection = &rsakey->pcrInfo.infolong.releasePCRSelection; + else { + result = TSPERR(TSS_E_BAD_PARAMETER); + goto done; + } + break; + default: + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + + *size = sizeof(UINT16) + selection->sizeOfSelect; + + if ((*data = calloc_tspi(obj->tspContext, *size)) == NULL) { + LogError("malloc of %u bytes failed.", *size); + *size = 0; + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + offset = 0; + Trspi_LoadBlob_PCR_SELECTION(&offset, *data, selection); + +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +rsakey_set_pubkey(struct tr_rsakey_obj *rsakey, BYTE *pubkey) +{ + TSS_RESULT result; + UINT64 offset = 0; + TPM_PUBKEY pub; + + if ((result = Trspi_UnloadBlob_PUBKEY(&offset, pubkey, &pub))) + return result; + + free(rsakey->key.pubKey.key); + free(rsakey->key.algorithmParms.parms); + + memcpy(&rsakey->key.pubKey, &pub.pubKey, sizeof(TPM_STORE_PUBKEY)); + memcpy(&rsakey->key.algorithmParms, &pub.algorithmParms, sizeof(TPM_KEY_PARMS)); + + return TSS_SUCCESS; +} + +/* Expect a TPM_PUBKEY as is explained in the portable data section of the spec */ +TSS_RESULT +obj_rsakey_set_pubkey(TSS_HKEY hKey, UINT32 force, BYTE *data) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + if (!force && (obj->flags & TSS_OBJ_FLAG_KEY_SET)) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + result = rsakey_set_pubkey(rsakey, data); +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_set_srk_pubkey(BYTE *pubkey) +{ + struct tsp_object *obj; + struct obj_list *list = &rsakey_list; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result; + + MUTEX_LOCK(list->lock); + + for (obj = list->head; obj; obj = obj->next) { + rsakey = (struct tr_rsakey_obj *)obj->data; + + /* we found the SRK, set this data as its public key */ + if (rsakey->tcsHandle == TPM_KEYHND_SRK) { + result = rsakey_set_pubkey(rsakey, pubkey); + MUTEX_UNLOCK(list->lock); + return result; + } + } + + MUTEX_UNLOCK(list->lock); + + return TSPERR(TSS_E_INVALID_HANDLE); +} + +TSS_RESULT +obj_rsakey_set_privkey(TSS_HKEY hKey, UINT32 force, UINT32 size, BYTE *data) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + void *to_free; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (!force && (obj->flags & TSS_OBJ_FLAG_KEY_SET)) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + rsakey = (struct tr_rsakey_obj *)obj->data; + + to_free = rsakey->key.encData; + + rsakey->key.encData = calloc(1, size); + if (rsakey->key.encData == NULL) { + rsakey->key.encData = to_free; // restore + LogError("malloc of %u bytes failed.", size); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + + free(to_free); + rsakey->key.encSize = size; + memcpy(rsakey->key.encData, data, size); +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_set_pcr_data(TSS_HKEY hKey, TSS_HPCRS hPcrComposite) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + UINT32 pcrType, pcrSize; + BYTE *pcrInfo; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (obj->flags & TSS_OBJ_FLAG_KEY_SET) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + rsakey = (struct tr_rsakey_obj *)obj->data; + + /* passing in a pcrType of TSS_PCRS_STRUCT_DEFAULT will tell the pcr routine to create + * a structure matching the type of the hPcrComposite object */ + pcrType = TSS_PCRS_STRUCT_DEFAULT; + if ((result = obj_pcrs_create_info_type(hPcrComposite, &pcrType, &pcrSize, &pcrInfo))) + goto done; + + rsakey->key.PCRInfo = pcrInfo; + rsakey->key.PCRInfoSize = pcrSize; +done: + obj_list_put(&rsakey_list); + + return result; +} + +void +__tspi_rsakey_free(void *data) +{ + struct tr_rsakey_obj *rsakey = (struct tr_rsakey_obj *)data; + + free(rsakey->key.algorithmParms.parms); + free(rsakey->key.encData); + free(rsakey->key.PCRInfo); + free(rsakey->key.pubKey.key); + free(rsakey); +} + +/* Remove an individual rsakey object from the rsakey list with handle + * equal to hObject. Clean up the TSP's key handle table. */ +TSS_RESULT +obj_rsakey_remove(TSS_HOBJECT hObject, TSS_HCONTEXT tspContext) +{ + TSS_RESULT result; + + if ((result = obj_list_remove(&rsakey_list, &__tspi_rsakey_free, hObject, tspContext))) + return result; + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_rsakey_get_by_pub(UINT32 pub_size, BYTE *pub, TSS_HKEY *hKey) +{ + struct obj_list *list = &rsakey_list; + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + MUTEX_LOCK(list->lock); + + for (obj = list->head; obj; obj = obj->next) { + rsakey = (struct tr_rsakey_obj *)obj->data; + + if (rsakey->key.pubKey.keyLength == pub_size && + !memcmp(&rsakey->key.pubKey.key, pub, pub_size)) { + *hKey = obj->handle; + goto done; + } + } + + *hKey = 0; +done: + MUTEX_UNLOCK(list->lock); + + return result; +} + +TSS_RESULT +obj_rsakey_get_by_uuid(TSS_UUID *uuid, TSS_HKEY *hKey) +{ + struct obj_list *list = &rsakey_list; + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + MUTEX_LOCK(list->lock); + + for (obj = list->head; obj; obj = obj->next) { + rsakey = (struct tr_rsakey_obj *)obj->data; + + if (!memcmp(&rsakey->uuid, uuid, sizeof(TSS_UUID))) { + *hKey = obj->handle; + goto done; + } + } + + result = TSPERR(TSS_E_PS_KEY_NOTFOUND); +done: + MUTEX_UNLOCK(list->lock); + + return result; +} + +void +obj_rsakey_remove_policy_refs(TSS_HPOLICY hPolicy, TSS_HCONTEXT tspContext) +{ + struct tsp_object *obj; + struct obj_list *list = &rsakey_list; + struct tr_rsakey_obj *rsakey; + + MUTEX_LOCK(list->lock); + + for (obj = list->head; obj; obj = obj->next) { + if (obj->tspContext != tspContext) + continue; + + rsakey = (struct tr_rsakey_obj *)obj->data; + if (rsakey->usagePolicy == hPolicy) + rsakey->usagePolicy = NULL_HPOLICY; + + if (rsakey->migPolicy == hPolicy) + rsakey->migPolicy = NULL_HPOLICY; + } + + MUTEX_UNLOCK(list->lock); +} + +#if 0 +TSS_RESULT +obj_rsakey_get_transport_attribs(TSS_HKEY hKey, TCS_KEY_HANDLE *hTCSKey, TPM_DIGEST *pubDigest) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result; + Trspi_HashCtx hashCtx; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + *hTCSKey = rsakey->tcsHandle; + + result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); + result |= Trspi_Hash_STORE_PUBKEY(&hashCtx, &rsakey->key.pubKey); + result |= Trspi_HashFinal(&hashCtx, pubDigest->digest); + + obj_list_put(&rsakey_list); + + return result; +} +#endif + +#ifdef TSS_BUILD_CMK +TSS_BOOL +obj_rsakey_is_cmk(TSS_HKEY hKey) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_BOOL answer = FALSE; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return answer; + + rsakey = (struct tr_rsakey_obj *)obj->data; + if (rsakey->type != TSS_KEY_STRUCT_KEY) { + if (rsakey->key.keyFlags & TPM_MIGRATEAUTHORITY) + answer = TRUE; + } + + obj_list_put(&rsakey_list); + + return answer; +} + +TSS_RESULT +obj_rsakey_set_cmk(TSS_HKEY hKey, UINT32 cmk) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + if (obj->flags & TSS_OBJ_FLAG_KEY_SET) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + rsakey = (struct tr_rsakey_obj *)obj->data; + if (rsakey->type == TSS_KEY_STRUCT_KEY) { + result = TSPERR(TSS_E_INVALID_OBJ_ACCESS); + goto done; + } + + if (cmk) + rsakey->key.keyFlags |= TPM_MIGRATEAUTHORITY; + else + rsakey->key.keyFlags &= (~TPM_MIGRATEAUTHORITY); + +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_set_msa_approval(TSS_HKEY hKey, UINT32 blobSize, BYTE *blob) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + if (blobSize != sizeof(rsakey->msaApproval.digest)) { + result = TSPERR(TSS_E_BAD_PARAMETER); + goto done; + } + memcpy(rsakey->msaApproval.digest, blob, sizeof(rsakey->msaApproval.digest)); + +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_get_msa_approval(TSS_HKEY hKey, UINT32 *blobSize, BYTE **blob) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + if ((*blob = calloc_tspi(obj->tspContext, sizeof(rsakey->msaApproval.digest))) == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(rsakey->msaApproval.digest)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + memcpy(*blob, rsakey->msaApproval.digest, sizeof(rsakey->msaApproval.digest)); + *blobSize = sizeof(rsakey->msaApproval.digest); + +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_set_msa_digest(TSS_HKEY hKey, UINT32 blobSize, BYTE *blob) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + if (blobSize != sizeof(rsakey->msaDigest.digest)) { + result = TSPERR(TSS_E_BAD_PARAMETER); + goto done; + } + memcpy(rsakey->msaDigest.digest, blob, sizeof(rsakey->msaDigest.digest)); + +done: + obj_list_put(&rsakey_list); + + return result; +} + +TSS_RESULT +obj_rsakey_get_msa_digest(TSS_HKEY hKey, UINT32 *blobSize, BYTE **blob) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + TSS_RESULT result = TSS_SUCCESS; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + if ((*blob = calloc_tspi(obj->tspContext, sizeof(rsakey->msaDigest.digest))) == NULL) { + LogError("malloc of %zd bytes failed.", sizeof(rsakey->msaDigest.digest)); + result = TSPERR(TSS_E_OUTOFMEMORY); + goto done; + } + memcpy(*blob, rsakey->msaDigest.digest, sizeof(rsakey->msaDigest.digest)); + *blobSize = sizeof(rsakey->msaDigest.digest); + +done: + obj_list_put(&rsakey_list); + + return result; +} +#endif + +TSS_RESULT +obj_rsakey_get_ownerevict(TSS_HKEY hKey, UINT32 *value) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + *value = rsakey->flags & TSS_RSAKEY_FLAG_OWNEREVICT; + + obj_list_put(&rsakey_list); + + return TSS_SUCCESS; +} + +TSS_RESULT +obj_rsakey_set_ownerevict(TSS_HKEY hKey, TSS_BOOL value) +{ + struct tsp_object *obj; + struct tr_rsakey_obj *rsakey; + + if ((obj = obj_list_get_obj(&rsakey_list, hKey)) == NULL) + return TSPERR(TSS_E_INVALID_HANDLE); + + rsakey = (struct tr_rsakey_obj *)obj->data; + + if (value) + rsakey->flags |= TSS_RSAKEY_FLAG_OWNEREVICT; + else + rsakey->flags &= ~TSS_RSAKEY_FLAG_OWNEREVICT; + + obj_list_put(&rsakey_list); + + return TSS_SUCCESS; +} |