Create.c - platform/external/tpm2 - Gitiles

 // This file was extracted from the TCG Published
 // Trusted Platform Module Library
 // Part 3: Commands
 // Family "2.0"
 // Level 00 Revision 01.16
 // October 30, 2014

 #include "InternalRoutines.h"
 #include "Object_spt_fp.h"
 #include "Create_fp.h"
 //
 //
 //     Error Returns               Meaning
 //
 //     TPM_RC_ASYMMETRIC           non-duplicable storage key and its parent have different public
 //                                 parameters
 //     TPM_RC_ATTRIBUTES           sensitiveDataOrigin is CLEAR when 'sensitive.data' is an Empty
 //                                 Buffer, or is SET when 'sensitive.data' is not empty; fixedTPM,
 //                                 fixedParent, or encryptedDuplication attributes are inconsistent
 //                                 between themselves or with those of the parent object; inconsistent
 //                                 restricted, decrypt and sign attributes; attempt to inject sensitive data
 //                                 for an asymmetric key; attempt to create a symmetric cipher key that
 //                                 is not a decryption key
 //     TPM_RC_HASH                 non-duplicable storage key and its parent have different name
 //                                 algorithm
 //     TPM_RC_KDF                  incorrect KDF specified for decrypting keyed hash object
 //     TPM_RC_KEY                  invalid key size values in an asymmetric key public area
 //     TPM_RC_KEY_SIZE             key size in public area for symmetric key differs from the size in the
 //                                 sensitive creation area; may also be returned if the TPM does not
 //                                 allow the key size to be used for a Storage Key
 //     TPM_RC_RANGE                the exponent value of an RSA key is not supported.
 //     TPM_RC_SCHEME               inconsistent attributes decrypt, sign, restricted and key's scheme ID;
 //                                 or hash algorithm is inconsistent with the scheme ID for keyed hash
 //                                 object
 //     TPM_RC_SIZE                 size of public auth policy or sensitive auth value does not match
 //                                 digest size of the name algorithm sensitive data size for the keyed
 //                                 hash object is larger than is allowed for the scheme
 //     TPM_RC_SYMMETRIC            a storage key with no symmetric algorithm specified; or non-storage
 //                                 key with symmetric algorithm different from TPM_ALG_NULL
 //     TPM_RC_TYPE                 unknown object type; non-duplicable storage key and its parent have
 //                                 different types; parentHandle does not reference a restricted
 //                                 decryption key in the storage hierarchy with both public and sensitive
 //                                 portion loaded
 //     TPM_RC_VALUE                exponent is not prime or could not find a prime using the provided
 //                                 parameters for an RSA key; unsupported name algorithm for an ECC
 //                                 key
 //     TPM_RC_OBJECT_MEMORY        there is no free slot for the object. This implementation does not
 //                                 return this error.
 //
 TPM_RC
 TPM2_Create(
    Create_In        *in,            // IN: input parameter list
    Create_Out       *out            // OUT: output parameter list
    )
 {
    TPM_RC                  result = TPM_RC_SUCCESS;
    TPMT_SENSITIVE          sensitive;
    TPM2B_NAME              name;

 // Input Validation

    OBJECT       *parentObject;

    parentObject = ObjectGet(in->parentHandle);

    // Does parent have the proper attributes?
    if(!AreAttributesForParent(parentObject))
        return TPM_RC_TYPE + RC_Create_parentHandle;

    // The sensitiveDataOrigin attribute must be consistent with the setting of
    // the size of the data object in inSensitive.
    if(   (in->inPublic.t.publicArea.objectAttributes.sensitiveDataOrigin == SET)
       != (in->inSensitive.t.sensitive.data.t.size == 0))
        // Mismatch between the object attributes and the parameter.
        return TPM_RC_ATTRIBUTES + RC_Create_inSensitive;

    // Check attributes in input public area. TPM_RC_ASYMMETRIC, TPM_RC_ATTRIBUTES,
    // TPM_RC_HASH, TPM_RC_KDF, TPM_RC_SCHEME, TPM_RC_SIZE, TPM_RC_SYMMETRIC,
    // or TPM_RC_TYPE error may be returned at this point.
    result = PublicAttributesValidation(FALSE, in->parentHandle,
                                        &in->inPublic.t.publicArea);
    if(result != TPM_RC_SUCCESS)
        return RcSafeAddToResult(result, RC_Create_inPublic);

    // Validate the sensitive area values
    if( MemoryRemoveTrailingZeros(&in->inSensitive.t.sensitive.userAuth)
            > CryptGetHashDigestSize(in->inPublic.t.publicArea.nameAlg))
        return TPM_RC_SIZE + RC_Create_inSensitive;

 // Command Output

    // Create object crypto data
    result = CryptCreateObject(in->parentHandle, &in->inPublic.t.publicArea,
                               &in->inSensitive.t.sensitive, &sensitive);
    if(result != TPM_RC_SUCCESS)
        return result;

    // Fill in creation data
    FillInCreationData(in->parentHandle, in->inPublic.t.publicArea.nameAlg,
                       &in->creationPCR, &in->outsideInfo,
                       &out->creationData, &out->creationHash);

    // Copy public area from input to output
    out->outPublic.t.publicArea = in->inPublic.t.publicArea;

    // Compute name from public area
    ObjectComputeName(&(out->outPublic.t.publicArea), &name);

    // Compute creation ticket
    TicketComputeCreation(EntityGetHierarchy(in->parentHandle), &name,
                          &out->creationHash, &out->creationTicket);

    // Prepare output private data from sensitive
    SensitiveToPrivate(&sensitive, &name, in->parentHandle,
                       out->outPublic.t.publicArea.nameAlg,
                       &out->outPrivate);

    return TPM_RC_SUCCESS;
 }
	// This file was extracted from the TCG Published
	// Trusted Platform Module Library
	// Part 3: Commands
	// Family "2.0"
	// Level 00 Revision 01.16
	// October 30, 2014

	#include "InternalRoutines.h"
	#include "Object_spt_fp.h"
	#include "Create_fp.h"
	//
	//
	// Error Returns Meaning
	//
	// TPM_RC_ASYMMETRIC non-duplicable storage key and its parent have different public
	// parameters
	// TPM_RC_ATTRIBUTES sensitiveDataOrigin is CLEAR when 'sensitive.data' is an Empty
	// Buffer, or is SET when 'sensitive.data' is not empty; fixedTPM,
	// fixedParent, or encryptedDuplication attributes are inconsistent
	// between themselves or with those of the parent object; inconsistent
	// restricted, decrypt and sign attributes; attempt to inject sensitive data
	// for an asymmetric key; attempt to create a symmetric cipher key that
	// is not a decryption key
	// TPM_RC_HASH non-duplicable storage key and its parent have different name
	// algorithm
	// TPM_RC_KDF incorrect KDF specified for decrypting keyed hash object
	// TPM_RC_KEY invalid key size values in an asymmetric key public area
	// TPM_RC_KEY_SIZE key size in public area for symmetric key differs from the size in the
	// sensitive creation area; may also be returned if the TPM does not
	// allow the key size to be used for a Storage Key
	// TPM_RC_RANGE the exponent value of an RSA key is not supported.
	// TPM_RC_SCHEME inconsistent attributes decrypt, sign, restricted and key's scheme ID;
	// or hash algorithm is inconsistent with the scheme ID for keyed hash
	// object
	// TPM_RC_SIZE size of public auth policy or sensitive auth value does not match
	// digest size of the name algorithm sensitive data size for the keyed
	// hash object is larger than is allowed for the scheme
	// TPM_RC_SYMMETRIC a storage key with no symmetric algorithm specified; or non-storage
	// key with symmetric algorithm different from TPM_ALG_NULL
	// TPM_RC_TYPE unknown object type; non-duplicable storage key and its parent have
	// different types; parentHandle does not reference a restricted
	// decryption key in the storage hierarchy with both public and sensitive
	// portion loaded
	// TPM_RC_VALUE exponent is not prime or could not find a prime using the provided
	// parameters for an RSA key; unsupported name algorithm for an ECC
	// key
	// TPM_RC_OBJECT_MEMORY there is no free slot for the object. This implementation does not
	// return this error.
	//
	TPM_RC
	TPM2_Create(
	Create_In *in, // IN: input parameter list
	Create_Out *out // OUT: output parameter list
	)
	{
	TPM_RC result = TPM_RC_SUCCESS;
	TPMT_SENSITIVE sensitive;
	TPM2B_NAME name;

	// Input Validation

	OBJECT *parentObject;

	parentObject = ObjectGet(in->parentHandle);

	// Does parent have the proper attributes?
	if(!AreAttributesForParent(parentObject))
	return TPM_RC_TYPE + RC_Create_parentHandle;

	// The sensitiveDataOrigin attribute must be consistent with the setting of
	// the size of the data object in inSensitive.
	if( (in->inPublic.t.publicArea.objectAttributes.sensitiveDataOrigin == SET)
	!= (in->inSensitive.t.sensitive.data.t.size == 0))
	// Mismatch between the object attributes and the parameter.
	return TPM_RC_ATTRIBUTES + RC_Create_inSensitive;

	// Check attributes in input public area. TPM_RC_ASYMMETRIC, TPM_RC_ATTRIBUTES,
	// TPM_RC_HASH, TPM_RC_KDF, TPM_RC_SCHEME, TPM_RC_SIZE, TPM_RC_SYMMETRIC,
	// or TPM_RC_TYPE error may be returned at this point.
	result = PublicAttributesValidation(FALSE, in->parentHandle,
	&in->inPublic.t.publicArea);
	if(result != TPM_RC_SUCCESS)
	return RcSafeAddToResult(result, RC_Create_inPublic);

	// Validate the sensitive area values
	if( MemoryRemoveTrailingZeros(&in->inSensitive.t.sensitive.userAuth)
	> CryptGetHashDigestSize(in->inPublic.t.publicArea.nameAlg))
	return TPM_RC_SIZE + RC_Create_inSensitive;

	// Command Output

	// Create object crypto data
	result = CryptCreateObject(in->parentHandle, &in->inPublic.t.publicArea,
	&in->inSensitive.t.sensitive, &sensitive);
	if(result != TPM_RC_SUCCESS)
	return result;

	// Fill in creation data
	FillInCreationData(in->parentHandle, in->inPublic.t.publicArea.nameAlg,
	&in->creationPCR, &in->outsideInfo,
	&out->creationData, &out->creationHash);

	// Copy public area from input to output
	out->outPublic.t.publicArea = in->inPublic.t.publicArea;

	// Compute name from public area
	ObjectComputeName(&(out->outPublic.t.publicArea), &name);

	// Compute creation ticket
	TicketComputeCreation(EntityGetHierarchy(in->parentHandle), &name,
	&out->creationHash, &out->creationTicket);

	// Prepare output private data from sensitive
	SensitiveToPrivate(&sensitive, &name, in->parentHandle,
	out->outPublic.t.publicArea.nameAlg,
	&out->outPrivate);

	return TPM_RC_SUCCESS;
	}