blob: 8ed14af29d68716eaa36c65e5514e04056095fa7 [file] [log] [blame]
// This file was extracted from the TCG Published
// Trusted Platform Module Library
// Part 4: Supporting Routines
// Family "2.0"
// Level 00 Revision 01.16
// October 30, 2014
#include "InternalRoutines.h"
#include "Context_spt_fp.h"
//
//
// Functions
//
// ComputeContextProtectionKey()
//
// This function retrieves the symmetric protection key for context encryption It is used by
// TPM2_ConextSave() and TPM2_ContextLoad() to create the symmetric encryption key and iv
//
void
ComputeContextProtectionKey(
TPMS_CONTEXT *contextBlob, // IN: context blob
TPM2B_SYM_KEY *symKey, // OUT: the symmetric key
TPM2B_IV *iv // OUT: the IV.
)
{
UINT16 symKeyBits; // number of bits in the parent's
// symmetric key
TPM2B_AUTH *proof = NULL; // the proof value to use. Is null for
// everything but a primary object in
// the Endorsement Hierarchy
BYTE kdfResult[sizeof(TPMU_HA) * 2];// Value produced by the KDF
TPM2B_DATA sequence2B, handle2B;
// Get proof value
proof = HierarchyGetProof(contextBlob->hierarchy);
// Get sequence value in 2B format
sequence2B.t.size = sizeof(contextBlob->sequence);
MemoryCopy(sequence2B.t.buffer, &contextBlob->sequence,
sizeof(contextBlob->sequence),
sizeof(sequence2B.t.buffer));
// Get handle value in 2B format
handle2B.t.size = sizeof(contextBlob->savedHandle);
MemoryCopy(handle2B.t.buffer, &contextBlob->savedHandle,
sizeof(contextBlob->savedHandle),
sizeof(handle2B.t.buffer));
// Get the symmetric encryption key size
symKey->t.size = CONTEXT_ENCRYPT_KEY_BYTES;
//
symKeyBits = CONTEXT_ENCRYPT_KEY_BITS;
// Get the size of the IV for the algorithm
iv->t.size = CryptGetSymmetricBlockSize(CONTEXT_ENCRYPT_ALG, symKeyBits);
// KDFa to generate symmetric key and IV value
KDFa(CONTEXT_INTEGRITY_HASH_ALG, &proof->b, "CONTEXT", &sequence2B.b,
&handle2B.b, (symKey->t.size + iv->t.size) * 8, kdfResult, NULL);
// Copy part of the returned value as the key
MemoryCopy(symKey->t.buffer, kdfResult, symKey->t.size,
sizeof(symKey->t.buffer));
// Copy the rest as the IV
MemoryCopy(iv->t.buffer, &kdfResult[symKey->t.size], iv->t.size,
sizeof(iv->t.buffer));
return;
}
//
//
// ComputeContextIntegrity()
//
// Generate the integrity hash for a context It is used by TPM2_ContextSave() to create an integrity hash
// and by TPM2_ContextLoad() to compare an integrity hash
//
void
ComputeContextIntegrity(
TPMS_CONTEXT *contextBlob, // IN: context blob
TPM2B_DIGEST *integrity // OUT: integrity
)
{
HMAC_STATE hmacState;
TPM2B_AUTH *proof;
UINT16 integritySize;
// Get proof value
proof = HierarchyGetProof(contextBlob->hierarchy);
// Start HMAC
integrity->t.size = CryptStartHMAC2B(CONTEXT_INTEGRITY_HASH_ALG,
&proof->b, &hmacState);
// Compute integrity size at the beginning of context blob
integritySize = sizeof(integrity->t.size) + integrity->t.size;
// Adding total reset counter so that the context cannot be
// used after a TPM Reset
CryptUpdateDigestInt(&hmacState, sizeof(gp.totalResetCount),
&gp.totalResetCount);
// If this is a ST_CLEAR object, add the clear count
// so that this contest cannot be loaded after a TPM Restart
if(contextBlob->savedHandle == 0x80000002)
CryptUpdateDigestInt(&hmacState, sizeof(gr.clearCount), &gr.clearCount);
// Adding sequence number to the HMAC to make sure that it doesn't
// get changed
CryptUpdateDigestInt(&hmacState, sizeof(contextBlob->sequence),
&contextBlob->sequence);
// Protect the handle
CryptUpdateDigestInt(&hmacState, sizeof(contextBlob->savedHandle),
&contextBlob->savedHandle);
// Adding sensitive contextData, skip the leading integrity area
CryptUpdateDigest(&hmacState, contextBlob->contextBlob.t.size - integritySize,
contextBlob->contextBlob.t.buffer + integritySize);
// Complete HMAC
CryptCompleteHMAC2B(&hmacState, &integrity->b);
return;
}
//
//
// SequenceDataImportExport()
//
// This function is used scan through the sequence object and either modify the hash state data for
// LIB_EXPORT or to import it into the internal format
//
void
SequenceDataImportExport(
OBJECT *object, // IN: the object containing the sequence data
OBJECT *exportObject, // IN/OUT: the object structure that will get
// the exported hash state
IMPORT_EXPORT direction
)
{
int count = 1;
HASH_OBJECT *internalFmt = (HASH_OBJECT *)object;
HASH_OBJECT *externalFmt = (HASH_OBJECT *)exportObject;
if(object->attributes.eventSeq)
count = HASH_COUNT;
for(; count; count--)
CryptHashStateImportExport(&internalFmt->state.hashState[count - 1],
externalFmt->state.hashState, direction);
}