Vadim Bendebury | 5679752 | 2015-05-20 10:32:25 -0700 | [diff] [blame] | 1 | // This file was extracted from the TCG Published |
| 2 | // Trusted Platform Module Library |
| 3 | // Part 4: Supporting Routines |
| 4 | // Family "2.0" |
| 5 | // Level 00 Revision 01.16 |
| 6 | // October 30, 2014 |
| 7 | |
| 8 | #include "InternalRoutines.h" |
| 9 | // |
| 10 | // |
| 11 | // 10.3.3 Functions |
| 12 | // |
| 13 | // 10.3.3.1 TicketIsSafe() |
| 14 | // |
| 15 | // This function indicates if producing a ticket is safe. It checks if the leading bytes of an input buffer is |
| 16 | // TPM_GENERATED_VALUE or its substring of canonical form. If so, it is not safe to produce ticket for an |
| 17 | // input buffer claiming to be TPM generated buffer |
| 18 | // |
| 19 | // Return Value Meaning |
| 20 | // |
| 21 | // TRUE It is safe to produce ticket |
| 22 | // FALSE It is not safe to produce ticket |
| 23 | // |
| 24 | BOOL |
| 25 | TicketIsSafe( |
| 26 | TPM2B *buffer |
| 27 | ) |
| 28 | { |
| 29 | TPM_GENERATED valueToCompare = TPM_GENERATED_VALUE; |
| 30 | BYTE bufferToCompare[sizeof(valueToCompare)]; |
| 31 | BYTE *marshalBuffer; |
Jocelyn Bohr | 32be404 | 2015-07-29 15:14:01 -0700 | [diff] [blame] | 32 | INT32 bufferSize; |
Vadim Bendebury | 5679752 | 2015-05-20 10:32:25 -0700 | [diff] [blame] | 33 | // If the buffer size is less than the size of TPM_GENERATED_VALUE, assume |
| 34 | // it is not safe to generate a ticket |
| 35 | if(buffer->size < sizeof(valueToCompare)) |
| 36 | return FALSE; |
| 37 | marshalBuffer = bufferToCompare; |
Jocelyn Bohr | 5aac585 | 2015-08-20 16:05:05 -0700 | [diff] [blame] | 38 | bufferSize = sizeof(TPM_GENERATED); |
Jocelyn Bohr | 32be404 | 2015-07-29 15:14:01 -0700 | [diff] [blame] | 39 | TPM_GENERATED_Marshal(&valueToCompare, &marshalBuffer, &bufferSize); |
Vadim Bendebury | 5679752 | 2015-05-20 10:32:25 -0700 | [diff] [blame] | 40 | if(MemoryEqual(buffer->buffer, bufferToCompare, sizeof(valueToCompare))) |
| 41 | return FALSE; |
| 42 | else |
| 43 | return TRUE; |
| 44 | } |
| 45 | // |
| 46 | // |
| 47 | // 10.3.3.2 TicketComputeVerified() |
| 48 | // |
| 49 | // This function creates a TPMT_TK_VERIFIED ticket. |
| 50 | // |
| 51 | void |
| 52 | TicketComputeVerified( |
| 53 | TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket |
| 54 | TPM2B_DIGEST *digest, // IN: digest |
| 55 | TPM2B_NAME *keyName, // IN: name of key that signed the value |
| 56 | TPMT_TK_VERIFIED *ticket // OUT: verified ticket |
| 57 | ) |
| 58 | { |
| 59 | TPM2B_AUTH *proof; |
| 60 | HMAC_STATE hmacState; |
| 61 | // Fill in ticket fields |
| 62 | ticket->tag = TPM_ST_VERIFIED; |
| 63 | ticket->hierarchy = hierarchy; |
| 64 | // Use the proof value of the hierarchy |
| 65 | proof = HierarchyGetProof(hierarchy); |
| 66 | // Start HMAC |
| 67 | ticket->digest.t.size = CryptStartHMAC2B(CONTEXT_INTEGRITY_HASH_ALG, |
| 68 | &proof->b, &hmacState); |
| 69 | // add TPM_ST_VERIFIED |
| 70 | CryptUpdateDigestInt(&hmacState, sizeof(TPM_ST), &ticket->tag); |
| 71 | // add digest |
| 72 | CryptUpdateDigest2B(&hmacState, &digest->b); |
| 73 | // add key name |
| 74 | CryptUpdateDigest2B(&hmacState, &keyName->b); |
| 75 | // complete HMAC |
| 76 | CryptCompleteHMAC2B(&hmacState, &ticket->digest.b); |
| 77 | return; |
| 78 | } |
| 79 | // |
| 80 | // |
| 81 | // 10.3.3.3 TicketComputeAuth() |
| 82 | // |
| 83 | // This function creates a TPMT_TK_AUTH ticket. |
| 84 | // |
| 85 | void |
| 86 | TicketComputeAuth( |
| 87 | TPM_ST type, // IN: the type of ticket. |
| 88 | TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket |
| 89 | UINT64 timeout, // IN: timeout |
| 90 | TPM2B_DIGEST *cpHashA, // IN: input cpHashA |
| 91 | TPM2B_NONCE *policyRef, // IN: input policyRef |
| 92 | TPM2B_NAME *entityName, // IN: name of entity |
| 93 | TPMT_TK_AUTH *ticket // OUT: Created ticket |
| 94 | ) |
| 95 | { |
| 96 | TPM2B_AUTH *proof; |
| 97 | HMAC_STATE hmacState; |
| 98 | // Get proper proof |
| 99 | proof = HierarchyGetProof(hierarchy); |
| 100 | // Fill in ticket fields |
| 101 | ticket->tag = type; |
| 102 | ticket->hierarchy = hierarchy; |
| 103 | // Start HMAC |
| 104 | ticket->digest.t.size = CryptStartHMAC2B(CONTEXT_INTEGRITY_HASH_ALG, |
| 105 | &proof->b, &hmacState); |
| 106 | // Adding TPM_ST_AUTH |
| 107 | CryptUpdateDigestInt(&hmacState, sizeof(UINT16), &ticket->tag); |
| 108 | // Adding timeout |
| 109 | CryptUpdateDigestInt(&hmacState, sizeof(UINT64), &timeout); |
| 110 | // Adding cpHash |
| 111 | CryptUpdateDigest2B(&hmacState, &cpHashA->b); |
| 112 | // Adding policyRef |
| 113 | CryptUpdateDigest2B(&hmacState, &policyRef->b); |
| 114 | // Adding keyName |
| 115 | CryptUpdateDigest2B(&hmacState, &entityName->b); |
| 116 | // Compute HMAC |
| 117 | CryptCompleteHMAC2B(&hmacState, &ticket->digest.b); |
| 118 | return; |
| 119 | } |
| 120 | // |
| 121 | // |
| 122 | // 10.3.3.4 TicketComputeHashCheck() |
| 123 | // |
| 124 | // This function creates a TPMT_TK_HASHCHECK ticket. |
| 125 | // |
| 126 | void |
| 127 | TicketComputeHashCheck( |
| 128 | TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket |
| 129 | TPM_ALG_ID hashAlg, // IN: the hash algorithm used to create |
| 130 | // 'digest' |
| 131 | TPM2B_DIGEST *digest, // IN: input digest |
| 132 | TPMT_TK_HASHCHECK *ticket // OUT: Created ticket |
| 133 | ) |
| 134 | { |
| 135 | TPM2B_AUTH *proof; |
| 136 | HMAC_STATE hmacState; |
| 137 | // Get proper proof |
| 138 | proof = HierarchyGetProof(hierarchy); |
| 139 | // Fill in ticket fields |
| 140 | ticket->tag = TPM_ST_HASHCHECK; |
| 141 | ticket->hierarchy = hierarchy; |
| 142 | ticket->digest.t.size = CryptStartHMAC2B(CONTEXT_INTEGRITY_HASH_ALG, |
| 143 | &proof->b, &hmacState); |
| 144 | // Add TPM_ST_HASHCHECK |
| 145 | CryptUpdateDigestInt(&hmacState, sizeof(TPM_ST), &ticket->tag); |
| 146 | // |
| 147 | // Add hash algorithm |
| 148 | CryptUpdateDigestInt(&hmacState, sizeof(hashAlg), &hashAlg); |
| 149 | // Add digest |
| 150 | CryptUpdateDigest2B(&hmacState, &digest->b); |
| 151 | // Compute HMAC |
| 152 | CryptCompleteHMAC2B(&hmacState, &ticket->digest.b); |
| 153 | return; |
| 154 | } |
| 155 | // |
| 156 | // |
| 157 | // 10.3.3.5 TicketComputeCreation() |
| 158 | // |
| 159 | // This function creates a TPMT_TK_CREATION ticket. |
| 160 | // |
| 161 | void |
| 162 | TicketComputeCreation( |
| 163 | TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy for ticket |
| 164 | TPM2B_NAME *name, // IN: object name |
| 165 | TPM2B_DIGEST *creation, // IN: creation hash |
| 166 | TPMT_TK_CREATION *ticket // OUT: created ticket |
| 167 | ) |
| 168 | { |
| 169 | TPM2B_AUTH *proof; |
| 170 | HMAC_STATE hmacState; |
| 171 | // Get proper proof |
| 172 | proof = HierarchyGetProof(hierarchy); |
| 173 | // Fill in ticket fields |
| 174 | ticket->tag = TPM_ST_CREATION; |
| 175 | ticket->hierarchy = hierarchy; |
| 176 | ticket->digest.t.size = CryptStartHMAC2B(CONTEXT_INTEGRITY_HASH_ALG, |
| 177 | &proof->b, &hmacState); |
| 178 | // Add TPM_ST_CREATION |
| 179 | CryptUpdateDigestInt(&hmacState, sizeof(TPM_ST), &ticket->tag); |
| 180 | // Add name |
| 181 | CryptUpdateDigest2B(&hmacState, &name->b); |
| 182 | // Add creation hash |
| 183 | CryptUpdateDigest2B(&hmacState, &creation->b); |
| 184 | // Compute HMAC |
| 185 | CryptCompleteHMAC2B(&hmacState, &ticket->digest.b); |
| 186 | return; |
| 187 | } |