| // This file was extracted from the TCG Published |
| // Trusted Platform Module Library |
| // Part 4: Supporting Routines |
| // Family "2.0" |
| // Level 00 Revision 01.16 |
| // October 30, 2014 |
| |
| #include "InternalRoutines.h" |
| // |
| // |
| // 10.3.3 Functions |
| // |
| // 10.3.3.1 TicketIsSafe() |
| // |
| // This function indicates if producing a ticket is safe. It checks if the leading bytes of an input buffer is |
| // TPM_GENERATED_VALUE or its substring of canonical form. If so, it is not safe to produce ticket for an |
| // input buffer claiming to be TPM generated buffer |
| // |
| // Return Value Meaning |
| // |
| // TRUE It is safe to produce ticket |
| // FALSE It is not safe to produce ticket |
| // |
| BOOL |
| TicketIsSafe( |
| TPM2B *buffer |
| ) |
| { |
| TPM_GENERATED valueToCompare = TPM_GENERATED_VALUE; |
| BYTE bufferToCompare[sizeof(valueToCompare)]; |
| BYTE *marshalBuffer; |
| INT32 bufferSize; |
| // If the buffer size is less than the size of TPM_GENERATED_VALUE, assume |
| // it is not safe to generate a ticket |
| if(buffer->size < sizeof(valueToCompare)) |
| return FALSE; |
| marshalBuffer = bufferToCompare; |
| bufferSize = sizeof(TPM_GENERATED); |
| TPM_GENERATED_Marshal(&valueToCompare, &marshalBuffer, &bufferSize); |
| if(MemoryEqual(buffer->buffer, bufferToCompare, sizeof(valueToCompare))) |
| return FALSE; |
| else |
| return TRUE; |
| } |
| // |
| // |
| // 10.3.3.2 TicketComputeVerified() |
| // |
| // This function creates a TPMT_TK_VERIFIED ticket. |
| // |
| void |
| TicketComputeVerified( |
| TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket |
| TPM2B_DIGEST *digest, // IN: digest |
| TPM2B_NAME *keyName, // IN: name of key that signed the value |
| TPMT_TK_VERIFIED *ticket // OUT: verified ticket |
| ) |
| { |
| TPM2B_AUTH *proof; |
| HMAC_STATE hmacState; |
| // Fill in ticket fields |
| ticket->tag = TPM_ST_VERIFIED; |
| ticket->hierarchy = hierarchy; |
| // Use the proof value of the hierarchy |
| proof = HierarchyGetProof(hierarchy); |
| // Start HMAC |
| ticket->digest.t.size = CryptStartHMAC2B(CONTEXT_INTEGRITY_HASH_ALG, |
| &proof->b, &hmacState); |
| // add TPM_ST_VERIFIED |
| CryptUpdateDigestInt(&hmacState, sizeof(TPM_ST), &ticket->tag); |
| // add digest |
| CryptUpdateDigest2B(&hmacState, &digest->b); |
| // add key name |
| CryptUpdateDigest2B(&hmacState, &keyName->b); |
| // complete HMAC |
| CryptCompleteHMAC2B(&hmacState, &ticket->digest.b); |
| return; |
| } |
| // |
| // |
| // 10.3.3.3 TicketComputeAuth() |
| // |
| // This function creates a TPMT_TK_AUTH ticket. |
| // |
| void |
| TicketComputeAuth( |
| TPM_ST type, // IN: the type of ticket. |
| TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket |
| UINT64 timeout, // IN: timeout |
| TPM2B_DIGEST *cpHashA, // IN: input cpHashA |
| TPM2B_NONCE *policyRef, // IN: input policyRef |
| TPM2B_NAME *entityName, // IN: name of entity |
| TPMT_TK_AUTH *ticket // OUT: Created ticket |
| ) |
| { |
| TPM2B_AUTH *proof; |
| HMAC_STATE hmacState; |
| // Get proper proof |
| proof = HierarchyGetProof(hierarchy); |
| // Fill in ticket fields |
| ticket->tag = type; |
| ticket->hierarchy = hierarchy; |
| // Start HMAC |
| ticket->digest.t.size = CryptStartHMAC2B(CONTEXT_INTEGRITY_HASH_ALG, |
| &proof->b, &hmacState); |
| // Adding TPM_ST_AUTH |
| CryptUpdateDigestInt(&hmacState, sizeof(UINT16), &ticket->tag); |
| // Adding timeout |
| CryptUpdateDigestInt(&hmacState, sizeof(UINT64), &timeout); |
| // Adding cpHash |
| CryptUpdateDigest2B(&hmacState, &cpHashA->b); |
| // Adding policyRef |
| CryptUpdateDigest2B(&hmacState, &policyRef->b); |
| // Adding keyName |
| CryptUpdateDigest2B(&hmacState, &entityName->b); |
| // Compute HMAC |
| CryptCompleteHMAC2B(&hmacState, &ticket->digest.b); |
| return; |
| } |
| // |
| // |
| // 10.3.3.4 TicketComputeHashCheck() |
| // |
| // This function creates a TPMT_TK_HASHCHECK ticket. |
| // |
| void |
| TicketComputeHashCheck( |
| TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket |
| TPM_ALG_ID hashAlg, // IN: the hash algorithm used to create |
| // 'digest' |
| TPM2B_DIGEST *digest, // IN: input digest |
| TPMT_TK_HASHCHECK *ticket // OUT: Created ticket |
| ) |
| { |
| TPM2B_AUTH *proof; |
| HMAC_STATE hmacState; |
| // Get proper proof |
| proof = HierarchyGetProof(hierarchy); |
| // Fill in ticket fields |
| ticket->tag = TPM_ST_HASHCHECK; |
| ticket->hierarchy = hierarchy; |
| ticket->digest.t.size = CryptStartHMAC2B(CONTEXT_INTEGRITY_HASH_ALG, |
| &proof->b, &hmacState); |
| // Add TPM_ST_HASHCHECK |
| CryptUpdateDigestInt(&hmacState, sizeof(TPM_ST), &ticket->tag); |
| // |
| // Add hash algorithm |
| CryptUpdateDigestInt(&hmacState, sizeof(hashAlg), &hashAlg); |
| // Add digest |
| CryptUpdateDigest2B(&hmacState, &digest->b); |
| // Compute HMAC |
| CryptCompleteHMAC2B(&hmacState, &ticket->digest.b); |
| return; |
| } |
| // |
| // |
| // 10.3.3.5 TicketComputeCreation() |
| // |
| // This function creates a TPMT_TK_CREATION ticket. |
| // |
| void |
| TicketComputeCreation( |
| TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy for ticket |
| TPM2B_NAME *name, // IN: object name |
| TPM2B_DIGEST *creation, // IN: creation hash |
| TPMT_TK_CREATION *ticket // OUT: created ticket |
| ) |
| { |
| TPM2B_AUTH *proof; |
| HMAC_STATE hmacState; |
| // Get proper proof |
| proof = HierarchyGetProof(hierarchy); |
| // Fill in ticket fields |
| ticket->tag = TPM_ST_CREATION; |
| ticket->hierarchy = hierarchy; |
| ticket->digest.t.size = CryptStartHMAC2B(CONTEXT_INTEGRITY_HASH_ALG, |
| &proof->b, &hmacState); |
| // Add TPM_ST_CREATION |
| CryptUpdateDigestInt(&hmacState, sizeof(TPM_ST), &ticket->tag); |
| // Add name |
| CryptUpdateDigest2B(&hmacState, &name->b); |
| // Add creation hash |
| CryptUpdateDigest2B(&hmacState, &creation->b); |
| // Compute HMAC |
| CryptCompleteHMAC2B(&hmacState, &ticket->digest.b); |
| return; |
| } |