Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / tpm2 / refs/tags/rel/p/fp2/21.10.0-rel.2 / . / LoadExternal.c
blob: 508b3b3bcdbc2ba3c4b84c474a1ee04203416c7e [file] [log] [blame]
Vadim Bendebury56797522015-05-20 10:32:25 -0700[diff] [blame]1// This file was extracted from the TCG Published
2// Trusted Platform Module Library
3// Part 3: Commands
4// Family "2.0"
5// Level 00 Revision 01.16
6// October 30, 2014
7
8#include "InternalRoutines.h"
9#include "LoadExternal_fp.h"
10#include "Object_spt_fp.h"
11//
12//
13// Error Returns Meaning
14//
15// TPM_RC_ATTRIBUTES 'fixedParent" and fixedTPM must be CLEAR on on an external key if
16// both public and sensitive portions are loaded
17// TPM_RC_BINDING the inPublic and inPrivate structures are not cryptographically bound.
18// TPM_RC_HASH incorrect hash selection for signing key
19// TPM_RC_HIERARCHY hierarchy is turned off, or only NULL hierarchy is allowed when
20// loading public and private parts of an object
21// TPM_RC_KDF incorrect KDF selection for decrypting keyedHash object
22// TPM_RC_KEY the size of the object's unique field is not consistent with the indicated
23// size in the object's parameters
24// TPM_RC_OBJECT_MEMORY if there is no free slot for an object
25// TPM_RC_SCHEME the signing scheme is not valid for the key
26// TPM_RC_SIZE authPolicy is not zero and is not the size of a digest produced by the
27// object's nameAlg TPM_RH_NULL hierarchy
28// TPM_RC_SYMMETRIC symmetric algorithm not provided when required
29// TPM_RC_TYPE inPublic and inPrivate are not the same type
30//
31TPM_RC
32TPM2_LoadExternal(
33 LoadExternal_In *in, // IN: input parameter list
34 LoadExternal_Out *out // OUT: output parameter list
35 )
36{
37 TPM_RC result;
38 TPMT_SENSITIVE *sensitive;
39 BOOL skipChecks;
40
41// Input Validation
42
43 // If the target hierarchy is turned off, the object can not be loaded.
44 if(!HierarchyIsEnabled(in->hierarchy))
45 return TPM_RC_HIERARCHY + RC_LoadExternal_hierarchy;
46
47 // the size of authPolicy is either 0 or the digest size of nameAlg
48 if(in->inPublic.t.publicArea.authPolicy.t.size != 0
49 && in->inPublic.t.publicArea.authPolicy.t.size !=
50 CryptGetHashDigestSize(in->inPublic.t.publicArea.nameAlg))
51 return TPM_RC_SIZE + RC_LoadExternal_inPublic;
52
53 // For loading an object with both public and sensitive
54 if(in->inPrivate.t.size != 0)
55 {
56 // An external object can only be loaded at TPM_RH_NULL hierarchy
57 if(in->hierarchy != TPM_RH_NULL)
58 return TPM_RC_HIERARCHY + RC_LoadExternal_hierarchy;
59 // An external object with a sensitive area must have fixedTPM == CLEAR
60 // fixedParent == CLEAR, and must have restrict CLEAR so that it does not
61 // appear to be a key that was created by this TPM.
62 if( in->inPublic.t.publicArea.objectAttributes.fixedTPM != CLEAR
63 || in->inPublic.t.publicArea.objectAttributes.fixedParent != CLEAR
64 || in->inPublic.t.publicArea.objectAttributes.restricted != CLEAR
65 )
66 return TPM_RC_ATTRIBUTES + RC_LoadExternal_inPublic;
67 }
68
69 // Validate the scheme parameters
70 result = SchemeChecks(TRUE, TPM_RH_NULL, &in->inPublic.t.publicArea);
71 if(result != TPM_RC_SUCCESS)
72 return RcSafeAddToResult(result, RC_LoadExternal_inPublic);
73
74// Internal Data Update
75 // Need the name to compute the qualified name
76 ObjectComputeName(&in->inPublic.t.publicArea, &out->name);
77 skipChecks = (in->inPublic.t.publicArea.nameAlg == TPM_ALG_NULL);
78
79 // If a sensitive area was provided, load it
80 if(in->inPrivate.t.size != 0)
81 sensitive = &in->inPrivate.t.sensitiveArea;
82 else
83 sensitive = NULL;
84
85 // Create external object. A TPM_RC_BINDING, TPM_RC_KEY, TPM_RC_OBJECT_MEMORY
86 // or TPM_RC_TYPE error may be returned by ObjectLoad()
87 result = ObjectLoad(in->hierarchy, &in->inPublic.t.publicArea,
88 sensitive, &out->name, TPM_RH_NULL, skipChecks,
89 &out->objectHandle);
90 return result;
91}