Vadim Bendebury | c4b77e0 | 2015-05-27 15:29:50 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2015 The Chromium OS Authors. All rights reserved. |
| 3 | * Use of this source code is governed by a BSD-style license that can be |
| 4 | * found in the LICENSE file. |
| 5 | */ |
| 6 | |
| 7 | #ifndef __TPM2_OBJECT_SPT_FP_H |
| 8 | #define __TPM2_OBJECT_SPT_FP_H |
| 9 | |
Vadim Bendebury | f788ffb | 2015-06-05 12:57:27 -0700 | [diff] [blame] | 10 | BOOL AreAttributesForParent(OBJECT *parentObject // IN: parent handle |
Vadim Bendebury | fffe7e7 | 2015-05-29 23:05:11 -0700 | [diff] [blame] | 11 | ); |
Vadim Bendebury | f788ffb | 2015-06-05 12:57:27 -0700 | [diff] [blame] | 12 | TPM_RC CredentialToSecret( |
| 13 | TPM2B_ID_OBJECT *inIDObject, // IN: input credential blob |
| 14 | TPM2B_NAME *name, // IN: the name of the object |
| 15 | TPM2B_SEED *seed, // IN: an external seed. |
| 16 | TPM_HANDLE protector, // IN: The protector's handle |
| 17 | TPM2B_DIGEST *secret // OUT: secret information |
| 18 | ); |
| 19 | TPM_RC DuplicateToSensitive( |
| 20 | TPM2B_PRIVATE *inPrivate, // IN: input private structure |
| 21 | TPM2B_NAME *name, // IN: the name of the object |
| 22 | TPM_HANDLE parentHandle, // IN: The parent's handle |
| 23 | TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. |
| 24 | TPM2B_SEED *seed, // IN: an external seed may be provided. If external |
| 25 | // seed is provided with size of 0, no outer wrap is |
| 26 | // applied |
| 27 | TPMT_SYM_DEF_OBJECT *symDef, // IN: Symmetric key definition. If the |
| 28 | // symmetric key algorithm is NULL, no inner |
| 29 | // wrap is applied |
| 30 | TPM2B_DATA *innerSymKey, // IN: a symmetric key may be provided to |
| 31 | // decrypt the inner wrap of a duplication blob. |
| 32 | TPMT_SENSITIVE *sensitive // OUT: sensitive structure |
| 33 | ); |
Vadim Bendebury | bde479a | 2015-05-29 22:48:02 -0700 | [diff] [blame] | 34 | void FillInCreationData( |
Vadim Bendebury | f788ffb | 2015-06-05 12:57:27 -0700 | [diff] [blame] | 35 | TPMI_DH_OBJECT parentHandle, // IN: handle of parent |
| 36 | TPMI_ALG_HASH nameHashAlg, // IN: name hash algorithm |
| 37 | TPML_PCR_SELECTION *creationPCR, // IN: PCR selection |
| 38 | TPM2B_DATA *outsideData, // IN: outside data |
| 39 | TPM2B_CREATION_DATA *outCreation, // OUT: creation data for output |
| 40 | TPM2B_DIGEST *creationDigest // OUT: creation digest |
| 41 | ); |
| 42 | TPM2B_SEED *GetSeedForKDF( |
| 43 | TPM_HANDLE protectorHandle, // IN: the protector handle |
| 44 | TPM2B_SEED *seedIn // IN: the optional input seed |
| 45 | ); |
Vadim Bendebury | 5bb7b9f | 2015-05-29 23:06:15 -0700 | [diff] [blame] | 46 | TPM_RC PrivateToSensitive( |
Vadim Bendebury | f788ffb | 2015-06-05 12:57:27 -0700 | [diff] [blame] | 47 | TPM2B_PRIVATE *inPrivate, // IN: input private structure |
| 48 | TPM2B_NAME *name, // IN: the name of the object |
| 49 | TPM_HANDLE parentHandle, // IN: The parent's handle |
| 50 | TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. It is passed |
| 51 | // separately because we only pass name, rather than |
| 52 | // the whole public area of the object. This parameter |
| 53 | // is used in the following two cases: 1. primary |
| 54 | // objects. 2. duplication blob with inner wrap. In |
| 55 | // other cases, this parameter will be ignored |
| 56 | TPMT_SENSITIVE *sensitive // OUT: sensitive structure |
| 57 | ); |
Vadim Bendebury | b209ce1 | 2015-06-01 17:47:52 -0700 | [diff] [blame] | 58 | UINT16 ProduceOuterWrap( |
Vadim Bendebury | f788ffb | 2015-06-05 12:57:27 -0700 | [diff] [blame] | 59 | TPM_HANDLE protector, // IN: The handle of the object that provides |
| 60 | // protection. For object, it is parent handle. For |
| 61 | // credential, it is the handle of encrypt object. |
| 62 | TPM2B_NAME *name, // IN: the name of the object |
| 63 | TPM_ALG_ID hashAlg, // IN: hash algorithm for outer wrap |
| 64 | TPM2B_SEED *seed, // IN: an external seed may be provided for duplication |
| 65 | // blob. For non duplication blob, this parameter |
| 66 | // should be NULL |
| 67 | BOOL useIV, // IN: indicate if an IV is used |
| 68 | UINT16 dataSize, // IN: the size of sensitive data, excluding the leading |
| 69 | // integrity buffer size or the optional iv size |
| 70 | BYTE *outerBuffer // IN/OUT: outer buffer with sensitive data in it |
| 71 | ); |
Vadim Bendebury | bde479a | 2015-05-29 22:48:02 -0700 | [diff] [blame] | 72 | TPM_RC PublicAttributesValidation( |
Vadim Bendebury | f788ffb | 2015-06-05 12:57:27 -0700 | [diff] [blame] | 73 | BOOL load, // IN: TRUE if load checks, FALSE if TPM2_Create() |
| 74 | TPMI_DH_OBJECT parentHandle, // IN: input parent handle |
| 75 | TPMT_PUBLIC *publicArea // IN: public area of the object |
| 76 | ); |
Vadim Bendebury | 762a65d | 2015-05-29 23:07:01 -0700 | [diff] [blame] | 77 | TPM_RC SchemeChecks( |
Vadim Bendebury | f788ffb | 2015-06-05 12:57:27 -0700 | [diff] [blame] | 78 | BOOL load, // IN: TRUE if load checks, FALSE if TPM2_Create() |
| 79 | TPMI_DH_OBJECT parentHandle, // IN: input parent handle |
| 80 | TPMT_PUBLIC *publicArea // IN: public area of the object |
| 81 | ); |
Vadim Bendebury | 9d998c6 | 2015-05-29 23:07:44 -0700 | [diff] [blame] | 82 | void SecretToCredential( |
Vadim Bendebury | f788ffb | 2015-06-05 12:57:27 -0700 | [diff] [blame] | 83 | TPM2B_DIGEST *secret, // IN: secret information |
| 84 | TPM2B_NAME *name, // IN: the name of the object |
| 85 | TPM2B_SEED *seed, // IN: an external seed. |
| 86 | TPM_HANDLE protector, // IN: The protector's handle |
| 87 | TPM2B_ID_OBJECT *outIDObject // OUT: output credential |
| 88 | ); |
Vadim Bendebury | 30f6dee | 2015-05-29 22:51:10 -0700 | [diff] [blame] | 89 | void SensitiveToDuplicate( |
Vadim Bendebury | f788ffb | 2015-06-05 12:57:27 -0700 | [diff] [blame] | 90 | TPMT_SENSITIVE *sensitive, // IN: sensitive structure |
| 91 | TPM2B_NAME *name, // IN: the name of the object |
| 92 | TPM_HANDLE parentHandle, // IN: The new parent's handle |
| 93 | TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. It is passed |
| 94 | // separately because we only pass name, rather than |
| 95 | // the whole public area of the object. |
| 96 | TPM2B_SEED *seed, // IN: the external seed. If external seed is provided |
| 97 | // with size of 0, no outer wrap should be applied to |
| 98 | // duplication blob. |
| 99 | TPMT_SYM_DEF_OBJECT *symDef, // IN: Symmetric key definition. If the |
| 100 | // symmetric key algorithm is NULL, no inner |
| 101 | // wrap should be applied. |
| 102 | TPM2B_DATA *innerSymKey, // IN/OUT: a symmetric key may be provided to |
| 103 | // encrypt the inner wrap of a duplication blob. |
| 104 | // May be generated here if needed. |
| 105 | TPM2B_PRIVATE *outPrivate // OUT: output private structure |
| 106 | ); |
Vadim Bendebury | bde479a | 2015-05-29 22:48:02 -0700 | [diff] [blame] | 107 | void SensitiveToPrivate( |
Vadim Bendebury | f788ffb | 2015-06-05 12:57:27 -0700 | [diff] [blame] | 108 | TPMT_SENSITIVE *sensitive, // IN: sensitive structure |
| 109 | TPM2B_NAME *name, // IN: the name of the object |
| 110 | TPM_HANDLE parentHandle, // IN: The parent's handle |
| 111 | TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. This parameter |
| 112 | // is used when parentHandle is NULL, in which case |
| 113 | // the object is temporary. |
| 114 | TPM2B_PRIVATE *outPrivate // OUT: output private structure |
| 115 | ); |
Vadim Bendebury | b209ce1 | 2015-06-01 17:47:52 -0700 | [diff] [blame] | 116 | TPM_RC UnwrapOuter( |
Vadim Bendebury | f788ffb | 2015-06-05 12:57:27 -0700 | [diff] [blame] | 117 | TPM_HANDLE protector, // IN: The handle of the object that provides |
| 118 | // protection. For object, it is parent handle. For |
| 119 | // credential, it is the handle of encrypt object. |
| 120 | TPM2B_NAME *name, // IN: the name of the object |
| 121 | TPM_ALG_ID hashAlg, // IN: hash algorithm for outer wrap |
| 122 | TPM2B_SEED *seed, // IN: an external seed may be provided for duplication |
| 123 | // blob. For non duplication blob, this parameter |
| 124 | // should be NULL. |
| 125 | BOOL useIV, // IN: indicates if an IV is used |
| 126 | UINT16 dataSize, // IN: size of sensitive data in outerBuffer, including |
| 127 | // the leading integrity buffer size, and an optional iv |
| 128 | // area |
| 129 | BYTE *outerBuffer // IN/OUT: sensitive data |
| 130 | ); |
Vadim Bendebury | c4b77e0 | 2015-05-27 15:29:50 -0700 | [diff] [blame] | 131 | |
Vadim Bendebury | f788ffb | 2015-06-05 12:57:27 -0700 | [diff] [blame] | 132 | #endif // __TPM2_OBJECT_SPT_FP_H |