Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / tpm2 / 7c2f61d943dd0e34764aae12e845ee3f1f98fdd3 / . / Ticket.c
blob: 0494251df0ded2fd4affb6a53212a66362528063 [file] [log] [blame]
Vadim Bendebury56797522015-05-20 10:32:25 -0700[diff] [blame]1// This file was extracted from the TCG Published
2// Trusted Platform Module Library
3// Part 4: Supporting Routines
4// Family "2.0"
5// Level 00 Revision 01.16
6// October 30, 2014
7
8#include "InternalRoutines.h"
9//
10//
11// 10.3.3 Functions
12//
13// 10.3.3.1 TicketIsSafe()
14//
15// This function indicates if producing a ticket is safe. It checks if the leading bytes of an input buffer is
16// TPM_GENERATED_VALUE or its substring of canonical form. If so, it is not safe to produce ticket for an
17// input buffer claiming to be TPM generated buffer
18//
19// Return Value Meaning
20//
21// TRUE It is safe to produce ticket
22// FALSE It is not safe to produce ticket
23//
24BOOL
25TicketIsSafe(
26 TPM2B *buffer
27 )
28{
29 TPM_GENERATED valueToCompare = TPM_GENERATED_VALUE;
30 BYTE bufferToCompare[sizeof(valueToCompare)];
31 BYTE *marshalBuffer;
32 // If the buffer size is less than the size of TPM_GENERATED_VALUE, assume
33 // it is not safe to generate a ticket
34 if(buffer->size < sizeof(valueToCompare))
35 return FALSE;
36 marshalBuffer = bufferToCompare;
37 TPM_GENERATED_Marshal(&valueToCompare, &marshalBuffer, NULL);
38 if(MemoryEqual(buffer->buffer, bufferToCompare, sizeof(valueToCompare)))
39 return FALSE;
40 else
41 return TRUE;
42}
43//
44//
45// 10.3.3.2 TicketComputeVerified()
46//
47// This function creates a TPMT_TK_VERIFIED ticket.
48//
49void
50TicketComputeVerified(
51 TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket
52 TPM2B_DIGEST *digest, // IN: digest
53 TPM2B_NAME *keyName, // IN: name of key that signed the value
54 TPMT_TK_VERIFIED *ticket // OUT: verified ticket
55 )
56{
57 TPM2B_AUTH *proof;
58 HMAC_STATE hmacState;
59 // Fill in ticket fields
60 ticket->tag = TPM_ST_VERIFIED;
61 ticket->hierarchy = hierarchy;
62 // Use the proof value of the hierarchy
63 proof = HierarchyGetProof(hierarchy);
64 // Start HMAC
65 ticket->digest.t.size = CryptStartHMAC2B(CONTEXT_INTEGRITY_HASH_ALG,
66 &proof->b, &hmacState);
67 // add TPM_ST_VERIFIED
68 CryptUpdateDigestInt(&hmacState, sizeof(TPM_ST), &ticket->tag);
69 // add digest
70 CryptUpdateDigest2B(&hmacState, &digest->b);
71 // add key name
72 CryptUpdateDigest2B(&hmacState, &keyName->b);
73 // complete HMAC
74 CryptCompleteHMAC2B(&hmacState, &ticket->digest.b);
75 return;
76}
77//
78//
79// 10.3.3.3 TicketComputeAuth()
80//
81// This function creates a TPMT_TK_AUTH ticket.
82//
83void
84TicketComputeAuth(
85 TPM_ST type, // IN: the type of ticket.
86 TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket
87 UINT64 timeout, // IN: timeout
88 TPM2B_DIGEST *cpHashA, // IN: input cpHashA
89 TPM2B_NONCE *policyRef, // IN: input policyRef
90 TPM2B_NAME *entityName, // IN: name of entity
91 TPMT_TK_AUTH *ticket // OUT: Created ticket
92 )
93{
94 TPM2B_AUTH *proof;
95 HMAC_STATE hmacState;
96 // Get proper proof
97 proof = HierarchyGetProof(hierarchy);
98 // Fill in ticket fields
99 ticket->tag = type;
100 ticket->hierarchy = hierarchy;
101 // Start HMAC
102 ticket->digest.t.size = CryptStartHMAC2B(CONTEXT_INTEGRITY_HASH_ALG,
103 &proof->b, &hmacState);
104 // Adding TPM_ST_AUTH
105 CryptUpdateDigestInt(&hmacState, sizeof(UINT16), &ticket->tag);
106 // Adding timeout
107 CryptUpdateDigestInt(&hmacState, sizeof(UINT64), &timeout);
108 // Adding cpHash
109 CryptUpdateDigest2B(&hmacState, &cpHashA->b);
110 // Adding policyRef
111 CryptUpdateDigest2B(&hmacState, &policyRef->b);
112 // Adding keyName
113 CryptUpdateDigest2B(&hmacState, &entityName->b);
114 // Compute HMAC
115 CryptCompleteHMAC2B(&hmacState, &ticket->digest.b);
116 return;
117}
118//
119//
120// 10.3.3.4 TicketComputeHashCheck()
121//
122// This function creates a TPMT_TK_HASHCHECK ticket.
123//
124void
125TicketComputeHashCheck(
126 TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket
127 TPM_ALG_ID hashAlg, // IN: the hash algorithm used to create
128 // 'digest'
129 TPM2B_DIGEST *digest, // IN: input digest
130 TPMT_TK_HASHCHECK *ticket // OUT: Created ticket
131 )
132{
133 TPM2B_AUTH *proof;
134 HMAC_STATE hmacState;
135 // Get proper proof
136 proof = HierarchyGetProof(hierarchy);
137 // Fill in ticket fields
138 ticket->tag = TPM_ST_HASHCHECK;
139 ticket->hierarchy = hierarchy;
140 ticket->digest.t.size = CryptStartHMAC2B(CONTEXT_INTEGRITY_HASH_ALG,
141 &proof->b, &hmacState);
142 // Add TPM_ST_HASHCHECK
143 CryptUpdateDigestInt(&hmacState, sizeof(TPM_ST), &ticket->tag);
144//
145 // Add hash algorithm
146 CryptUpdateDigestInt(&hmacState, sizeof(hashAlg), &hashAlg);
147 // Add digest
148 CryptUpdateDigest2B(&hmacState, &digest->b);
149 // Compute HMAC
150 CryptCompleteHMAC2B(&hmacState, &ticket->digest.b);
151 return;
152}
153//
154//
155// 10.3.3.5 TicketComputeCreation()
156//
157// This function creates a TPMT_TK_CREATION ticket.
158//
159void
160TicketComputeCreation(
161 TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy for ticket
162 TPM2B_NAME *name, // IN: object name
163 TPM2B_DIGEST *creation, // IN: creation hash
164 TPMT_TK_CREATION *ticket // OUT: created ticket
165 )
166{
167 TPM2B_AUTH *proof;
168 HMAC_STATE hmacState;
169 // Get proper proof
170 proof = HierarchyGetProof(hierarchy);
171 // Fill in ticket fields
172 ticket->tag = TPM_ST_CREATION;
173 ticket->hierarchy = hierarchy;
174 ticket->digest.t.size = CryptStartHMAC2B(CONTEXT_INTEGRITY_HASH_ALG,
175 &proof->b, &hmacState);
176 // Add TPM_ST_CREATION
177 CryptUpdateDigestInt(&hmacState, sizeof(TPM_ST), &ticket->tag);
178 // Add name
179 CryptUpdateDigest2B(&hmacState, &name->b);
180 // Add creation hash
181 CryptUpdateDigest2B(&hmacState, &creation->b);
182 // Compute HMAC
183 CryptCompleteHMAC2B(&hmacState, &ticket->digest.b);
184 return;
185}