Import.c

// This file was extracted from the TCG Published
// Trusted Platform Module Library
// Part 3: Commands
// Family "2.0"
// Level 00 Revision 01.16
// October 30, 2014

#include "InternalRoutines.h"
#include "Import_fp.h"
#include "Object_spt_fp.h"
//
//
//    Error Returns                     Meaning
//
//    TPM_RC_ASYMMETRIC                 non-duplicable storage key represented by objectPublic and its
//                                      parent referenced by parentHandle have different public parameters
//    TPM_RC_ATTRIBUTES                 attributes FixedTPM and fixedParent of objectPublic are not both
//                                      CLEAR; or inSymSeed is nonempty and parentHandle does not
//                                      reference a decryption key; or objectPublic and parentHandle have
//                                      incompatible or inconsistent attributes; or encrytpedDuplication is
//                                      SET in objectPublic but the inner or outer wrapper is missing.
//
//    NOTE:           if the TPM provides parameter values, the parameter number will indicate symmetricKey (missing
//                    inner wrapper) or inSymSeed (missing outer wrapper).
//
//
//    TPM_RC_BINDING                    duplicate and objectPublic are not cryptographically
//                                      bound
//
//    TPM_RC_ECC_POINT                  inSymSeed is nonempty and ECC point in inSymSeed is not on the
//                                      curve
//    TPM_RC_HASH                       non-duplicable storage key represented by objectPublic and its
//                                      parent referenced by parentHandle have different name algorithm
//    TPM_RC_INSUFFICIENT               inSymSeed is nonempty and failed to retrieve ECC point from the
//                                      secret; or unmarshaling sensitive value from duplicate failed the
//                                      result of inSymSeed decryption
//    TPM_RC_INTEGRITY                  duplicate integrity is broken
//    TPM_RC_KDF                        objectPublic representing decrypting keyed hash object specifies
//                                      invalid KDF
//    TPM_RC_KEY                        inconsistent parameters of objectPublic; or inSymSeed is nonempty
//                                      and parentHandle does not reference a key of supported type; or
//                                      invalid key size in objectPublic representing an asymmetric key
//    TPM_RC_NO_RESULT                  inSymSeed is nonempty and multiplication resulted in ECC point at
//                                      infinity
//    TPM_RC_OBJECT_MEMORY              no available object slot
//    TPM_RC_SCHEME                     inconsistent attributes decrypt, sign, restricted and key's scheme ID
//                                      in objectPublic; or hash algorithm is inconsistent with the scheme ID
//                                      for keyed hash object
//    TPM_RC_SIZE                       authPolicy size does not match digest size of the name algorithm in
//                                      objectPublic; or symmetricAlg and encryptionKey have different
//                                      sizes; or inSymSeed is nonempty and it size is not consistent with the
//                                      type of parentHandle; or unmarshaling sensitive value from duplicate
//                                      failed
//    TPM_RC_SYMMETRIC                  objectPublic is either a storage key with no symmetric algorithm or a
//                                      non-storage key with symmetric algorithm different from
//                                      TPM_ALG_NULL
//    TPM_RC_TYPE                       unsupported type of objectPublic; or non-duplicable storage key
//                                      represented by objectPublic and its parent referenced by
//                                      parentHandle are of different types; or parentHandle is not a storage
//                                      key; or only the public portion of parentHandle is loaded; or
//                                  objectPublic and duplicate are of different types
//     TPM_RC_VALUE                 nonempty inSymSeed and its numeric value is greater than the
//                                  modulus of the key referenced by parentHandle or inSymSeed is
//                                  larger than the size of the digest produced by the name algorithm of
//                                  the symmetric key referenced by parentHandle
//
TPM_RC
TPM2_Import(
   Import_In         *in,            // IN: input parameter list
   Import_Out        *out            // OUT: output parameter list
   )
{

   TPM_RC                   result = TPM_RC_SUCCESS;
   OBJECT                   *parentObject;
   TPM2B_DATA               data;                   // symmetric key
   TPMT_SENSITIVE           sensitive;
   TPM2B_NAME               name;

   UINT16                   innerKeySize = 0;             // encrypt key size for inner
                                                          // wrapper

// Input Validation

   // FixedTPM and fixedParent must be CLEAR
   if(   in->objectPublic.t.publicArea.objectAttributes.fixedTPM == SET
      || in->objectPublic.t.publicArea.objectAttributes.fixedParent == SET)
       return TPM_RC_ATTRIBUTES + RC_Import_objectPublic;

   // Get parent pointer
   parentObject = ObjectGet(in->parentHandle);

   if(!AreAttributesForParent(parentObject))
       return TPM_RC_TYPE + RC_Import_parentHandle;

   if(in->symmetricAlg.algorithm != TPM_ALG_NULL)
   {
       // Get inner wrap key size
       innerKeySize = in->symmetricAlg.keyBits.sym;
       // Input symmetric key must match the size of algorithm.
       if(in->encryptionKey.t.size != (innerKeySize + 7) / 8)
           return TPM_RC_SIZE + RC_Import_encryptionKey;
   }
   else
   {
       // If input symmetric algorithm is NULL, input symmetric key size must
       // be 0 as well
       if(in->encryptionKey.t.size != 0)
           return TPM_RC_SIZE + RC_Import_encryptionKey;
       // If encryptedDuplication is SET, then the object must have an inner
       // wrapper
       if(in->objectPublic.t.publicArea.objectAttributes.encryptedDuplication)
           return TPM_RC_ATTRIBUTES + RC_Import_encryptionKey;
   }

   // See if there is an outer wrapper
   if(in->inSymSeed.t.size != 0)
   {
       // Decrypt input secret data via asymmetric decryption. TPM_RC_ATTRIBUTES,
       // TPM_RC_ECC_POINT, TPM_RC_INSUFFICIENT, TPM_RC_KEY, TPM_RC_NO_RESULT,
       // TPM_RC_SIZE, TPM_RC_VALUE may be returned at this point
       result = CryptSecretDecrypt(in->parentHandle, NULL, "DUPLICATE",
                                   &in->inSymSeed, &data);
       pAssert(result != TPM_RC_BINDING);
//
       if(result != TPM_RC_SUCCESS)
           return RcSafeAddToResult(result, RC_Import_inSymSeed);
   }
   else
   {
       // If encrytpedDuplication is set, then the object must have an outer
       // wrapper
       if(in->objectPublic.t.publicArea.objectAttributes.encryptedDuplication)
           return TPM_RC_ATTRIBUTES + RC_Import_inSymSeed;
       data.t.size = 0;
   }

   // Compute name of object
   ObjectComputeName(&(in->objectPublic.t.publicArea), &name);

   // Retrieve sensitive from private.
   // TPM_RC_INSUFFICIENT, TPM_RC_INTEGRITY, TPM_RC_SIZE may be returned here.
   result = DuplicateToSensitive(&in->duplicate, &name, in->parentHandle,
                                 in->objectPublic.t.publicArea.nameAlg,
                                 (TPM2B_SEED *) &data, &in->symmetricAlg,
                                 &in->encryptionKey, &sensitive);
   if(result != TPM_RC_SUCCESS)
       return RcSafeAddToResult(result, RC_Import_duplicate);

   // If the parent of this object has fixedTPM SET, then fully validate this
   // object so that validation can be skipped when it is loaded
   if(parentObject->publicArea.objectAttributes.fixedTPM == SET)
   {
       TPM_HANDLE       objectHandle;

       // Perform self check on input public area. A TPM_RC_SIZE, TPM_RC_SCHEME,
       // TPM_RC_VALUE, TPM_RC_SYMMETRIC, TPM_RC_TYPE, TPM_RC_HASH,
       // TPM_RC_ASYMMETRIC, TPM_RC_ATTRIBUTES or TPM_RC_KDF error may be returned
       // at this point
       result = PublicAttributesValidation(TRUE, in->parentHandle,
                                           &in->objectPublic.t.publicArea);
       if(result != TPM_RC_SUCCESS)
           return RcSafeAddToResult(result, RC_Import_objectPublic);

       // Create internal object. A TPM_RC_KEY_SIZE, TPM_RC_KEY or
       // TPM_RC_OBJECT_MEMORY error may be returned at this point
       result = ObjectLoad(TPM_RH_NULL, &in->objectPublic.t.publicArea,
                           &sensitive, NULL, in->parentHandle, FALSE,
                           &objectHandle);
       if(result != TPM_RC_SUCCESS)
           return result;

       // Don't need the object, just needed the checks to be performed so
       // flush the object
       ObjectFlush(objectHandle);
   }

// Command output

   // Prepare output private data from sensitive
   SensitiveToPrivate(&sensitive, &name, in->parentHandle,
                      in->objectPublic.t.publicArea.nameAlg,
                      &out->outPrivate);

   return TPM_RC_SUCCESS;
}