Google Git
Sign in
android / platform / external / ms-tpm-20-ref / f666dda / . / TPMCmd / tpm / include / prototypes / Object_spt_fp.h
blob: 5c26cdf8c38764f53fde870d4ec4bf2290fe1d15 [file] [log] [blame]
/* Microsoft Reference Implementation for TPM 2.0
*
* The copyright in this software is being made available under the BSD License,
* included below. This software may be subject to other third party and
* contributor rights, including patent rights, and no such rights are granted
* under this license.
*
* Copyright (c) Microsoft Corporation
*
* All rights reserved.
*
* BSD License
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this list
* of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice, this
* list of conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS""
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*(Auto)
Automatically Generated by TpmPrototypes version 2.2 February 10, 2016
Date: Mar 23, 2017 Time: 03:31:51 PM
*/
#ifndef _OBJECT_SPT_FP_H_
#define _OBJECT_SPT_FP_H_
//*** AdjustAuthSize()
// This function will validate that the input authValue is no larger than the
// digestSize for the nameAlg. It will then pad with zeros to the size of the
// digest.
BOOL
AdjustAuthSize(
TPM2B_AUTH *auth, // IN/OUT: value to adjust
TPMI_ALG_HASH nameAlg // IN:
);
//*** AreAttributesForParent()
// This function is called by create, load, and import functions.
// Note: The 'isParent' attribute is SET when an object is loaded and it has
// attributes that are suitable for a parent object.
// return type: BOOL
// TRUE properties are those of a parent
// FALSE properties are not those of a parent
BOOL
ObjectIsParent(
OBJECT *parentObject // IN: parent handle
);
//*** CreateChecks()
// Attribute checks that are unique to creation.
// return type: TPM_RC
// TPM_RC_ATTRIBUTES sensitiveDataOrigin is not consistent with the
// object type
// other returns from PublicAttributesValidation()
TPM_RC
CreateChecks(
OBJECT *parentObject,
TPMT_PUBLIC *publicArea,
UINT16 sensitiveDataSize
);
//*** SchemeChecks
// This function is called by TPM2_LoadExternal() and PublicAttributesValidation().
// return type: validates the schemes in the public area of an object.
// This function TPM_RC
// TPM_RC_ASYMMETRIC non-duplicable storage key and its parent have different
// public parameters
// TPM_RC_HASH non-duplicable storage key and its parent have different
// name algorithm
// TPM_RC_KDF incorrect KDF specified for decrypting keyed hash object
// TPM_RC_KEY invalid key size values in an asymmetric key public area
// TPM_RCS_SCHEME inconsistent attributes 'decrypt', 'sign', 'restricted'
// and key's scheme ID; or hash algorithm is inconsistent
// with the scheme ID for keyed hash object
// TPM_RC_SYMMETRIC a storage key with no symmetric algorithm specified; or
// non-storage key with symmetric algorithm different from
// TPM_ALG_NULL
TPM_RC
SchemeChecks(
OBJECT *parentObject, // IN: parent (null if primary seed)
TPMT_PUBLIC *publicArea // IN: public area of the object
);
//*** PublicAttributesValidation()
// This function validates the values in the public area of an object.
// This function is used in the processing of TPM2_Create, TPM2_CreatePrimary,
// TPM2_CreateLoaded(), TPM2_Load(), TPM2_Import(), and TPM2_LoadExternal().
// For TPM2_Import() this is only used if the new parent has fixedTPM SET. For
// TPM2_LoadExternal(), this is not used for a public-only key
// return type: TPM_RC
// TPM_RC_ATTRIBUTES 'fixedTPM', 'fixedParent', or 'encryptedDuplication'
// attributes are inconsistent between themselves or with
// those of the parent object;
// inconsistent 'restricted', 'decrypt' and 'sign'
// attributes;
// attempt to inject sensitive data for an asymmetric key;
// attempt to create a symmetric cipher key that is not
// a decryption key
// TPM_RC_HASH nameAlg is TPM_ALG_NULL
// TPM_RC_SIZE 'authPolicy' size does not match digest size of the name
// algorithm in 'publicArea'
// other returns from SchemeChecks()
TPM_RC
PublicAttributesValidation(
OBJECT *parentObject, // IN: input parent object
TPMT_PUBLIC *publicArea // IN: public area of the object
);
//*** FillInCreationData()
// Fill in creation data for an object.
// return type: void
void
FillInCreationData(
TPMI_DH_OBJECT parentHandle, // IN: handle of parent
TPMI_ALG_HASH nameHashAlg, // IN: name hash algorithm
TPML_PCR_SELECTION *creationPCR, // IN: PCR selection
TPM2B_DATA *outsideData, // IN: outside data
TPM2B_CREATION_DATA *outCreation, // OUT: creation data for output
TPM2B_DIGEST *creationDigest // OUT: creation digest
);
//*** GetSeedForKDF()
// Get a seed for KDF. The KDF for encryption and HMAC key use the same seed.
const TPM2B *
GetSeedForKDF(
OBJECT *protector // IN: the protector handle
);
//*** ProduceOuterWrap()
// This function produce outer wrap for a buffer containing the sensitive data.
// It requires the sensitive data being marshaled to the outerBuffer, with the
// leading bytes reserved for integrity hash. If iv is used, iv space should
// be reserved at the beginning of the buffer. It assumes the sensitive data
// starts at address (outerBuffer + integrity size @).
// This function performs:
// 1. Add IV before sensitive area if required
// 2. encrypt sensitive data, if iv is required, encrypt by iv. otherwise,
// encrypted by a NULL iv
// 3. add HMAC integrity at the beginning of the buffer
// It returns the total size of blob with outer wrap
UINT16
ProduceOuterWrap(
OBJECT *protector, // IN: The handle of the object that provides
// protection. For object, it is parent
// handle. For credential, it is the handle
// of encrypt object.
TPM2B *name, // IN: the name of the object
TPM_ALG_ID hashAlg, // IN: hash algorithm for outer wrap
TPM2B *seed, // IN: an external seed may be provided for
// duplication blob. For non duplication
// blob, this parameter should be NULL
BOOL useIV, // IN: indicate if an IV is used
UINT16 dataSize, // IN: the size of sensitive data, excluding the
// leading integrity buffer size or the
// optional iv size
BYTE *outerBuffer // IN/OUT: outer buffer with sensitive data in
// it
);
//*** UnwrapOuter()
// This function remove the outer wrap of a blob containing sensitive data
// This function performs:
// 1. check integrity of outer blob
// 2. decrypt outer blob
//
// return type: TPM_RC
// TPM_RCS_INSUFFICIENT error during sensitive data unmarshaling
// TPM_RCS_INTEGRITY sensitive data integrity is broken
// TPM_RCS_SIZE error during sensitive data unmarshaling
// TPM_RCS_VALUE IV size for CFB does not match the encryption
// algorithm block size
TPM_RC
UnwrapOuter(
OBJECT *protector, // IN: The object that provides
// protection. For object, it is parent
// handle. For credential, it is the
// encrypt object.
TPM2B *name, // IN: the name of the object
TPM_ALG_ID hashAlg, // IN: hash algorithm for outer wrap
TPM2B *seed, // IN: an external seed may be provided for
// duplication blob. For non duplication
// blob, this parameter should be NULL.
BOOL useIV, // IN: indicates if an IV is used
UINT16 dataSize, // IN: size of sensitive data in outerBuffer,
// including the leading integrity buffer
// size, and an optional iv area
BYTE *outerBuffer // IN/OUT: sensitive data
);
//*** SensitiveToPrivate()
// This function prepare the private blob for off the chip storage
// The operations in this function:
// 1. marshal TPM2B_SENSITIVE structure into the buffer of TPM2B_PRIVATE
// 2. apply encryption to the sensitive area.
// 3. apply outer integrity computation.
void
SensitiveToPrivate(
TPMT_SENSITIVE *sensitive, // IN: sensitive structure
TPM2B *name, // IN: the name of the object
OBJECT *parent, // IN: The parent object
TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. This
// parameter is used when parentHandle is
// NULL, in which case the object is
// temporary.
TPM2B_PRIVATE *outPrivate // OUT: output private structure
);
//*** PrivateToSensitive()
// Unwrap a input private area. Check the integrity, decrypt and retrieve data
// to a sensitive structure.
// The operations in this function:
// 1. check the integrity HMAC of the input private area
// 2. decrypt the private buffer
// 3. unmarshal TPMT_SENSITIVE structure into the buffer of TPMT_SENSITIVE
// return type: TPM_RC
// TPM_RCS_INTEGRITY if the private area integrity is bad
// TPM_RC_SENSITIVE unmarshal errors while unmarshaling TPMS_ENCRYPT
// from input private
// TPM_RCS_SIZE error during sensitive data unmarshaling
// TPM_RCS_VALUE outer wrapper does not have an iV of the correct
// size
TPM_RC
PrivateToSensitive(
TPM2B *inPrivate, // IN: input private structure
TPM2B *name, // IN: the name of the object
OBJECT *parent, // IN: parent object
TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. It is
// passed separately because we only pass
// name, rather than the whole public area
// of the object. This parameter is used in
// the following two cases: 1. primary
// objects. 2. duplication blob with inner
// wrap. In other cases, this parameter
// will be ignored
TPMT_SENSITIVE *sensitive // OUT: sensitive structure
);
//*** SensitiveToDuplicate()
// This function prepare the duplication blob from the sensitive area.
// The operations in this function:
// 1. marshal TPMT_SENSITIVE structure into the buffer of TPM2B_PRIVATE
// 2. apply inner wrap to the sensitive area if required
// 3. apply outer wrap if required
void
SensitiveToDuplicate(
TPMT_SENSITIVE *sensitive, // IN: sensitive structure
TPM2B *name, // IN: the name of the object
OBJECT *parent, // IN: The new parent object
TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. It
// is passed separately because we
// only pass name, rather than the
// whole public area of the object.
TPM2B *seed, // IN: the external seed. If external
// seed is provided with size of 0,
// no outer wrap should be applied
// to duplication blob.
TPMT_SYM_DEF_OBJECT *symDef, // IN: Symmetric key definition. If the
// symmetric key algorithm is NULL,
// no inner wrap should be applied.
TPM2B_DATA *innerSymKey, // IN/OUT: a symmetric key may be
// provided to encrypt the inner
// wrap of a duplication blob. May
// be generated here if needed.
TPM2B_PRIVATE *outPrivate // OUT: output private structure
);
//*** DuplicateToSensitive()
// Unwrap a duplication blob. Check the integrity, decrypt and retrieve data
// to a sensitive structure.
// The operations in this function:
// 1. check the integrity HMAC of the input private area
// 2. decrypt the private buffer
// 3. unmarshal TPMT_SENSITIVE structure into the buffer of TPMT_SENSITIVE
//
// return type: TPM_RC
// TPM_RC_INSUFFICIENT unmarshaling sensitive data from 'inPrivate' failed
// TPM_RC_INTEGRITY 'inPrivate' data integrity is broken
// TPM_RC_SIZE unmarshaling sensitive data from 'inPrivate' failed
TPM_RC
DuplicateToSensitive(
TPM2B *inPrivate, // IN: input private structure
TPM2B *name, // IN: the name of the object
OBJECT *parent, // IN: the parent
TPM_ALG_ID nameAlg, // IN: hash algorithm in public area.
TPM2B *seed, // IN: an external seed may be provided.
// If external seed is provided with
// size of 0, no outer wrap is
// applied
TPMT_SYM_DEF_OBJECT *symDef, // IN: Symmetric key definition. If the
// symmetric key algorithm is NULL,
// no inner wrap is applied
TPM2B *innerSymKey, // IN: a symmetric key may be provided
// to decrypt the inner wrap of a
// duplication blob.
TPMT_SENSITIVE *sensitive // OUT: sensitive structure
);
//*** SecretToCredential()
// This function prepare the credential blob from a secret (a TPM2B_DIGEST)
// The operations in this function:
// 1. marshal TPM2B_DIGEST structure into the buffer of TPM2B_ID_OBJECT
// 2. encrypt the private buffer, excluding the leading integrity HMAC area
// 3. compute integrity HMAC and append to the beginning of the buffer.
// 4. Set the total size of TPM2B_ID_OBJECT buffer
void
SecretToCredential(
TPM2B_DIGEST *secret, // IN: secret information
TPM2B *name, // IN: the name of the object
TPM2B *seed, // IN: an external seed.
OBJECT *protector, // IN: the protector
TPM2B_ID_OBJECT *outIDObject // OUT: output credential
);
//*** CredentialToSecret()
// Unwrap a credential. Check the integrity, decrypt and retrieve data
// to a TPM2B_DIGEST structure.
// The operations in this function:
// 1. check the integrity HMAC of the input credential area
// 2. decrypt the credential buffer
// 3. unmarshal TPM2B_DIGEST structure into the buffer of TPM2B_DIGEST
//
// return type: TPM_RC
// TPM_RC_INSUFFICIENT error during credential unmarshaling
// TPM_RC_INTEGRITY credential integrity is broken
// TPM_RC_SIZE error during credential unmarshaling
// TPM_RC_VALUE IV size does not match the encryption algorithm
// block size
TPM_RC
CredentialToSecret(
TPM2B *inIDObject, // IN: input credential blob
TPM2B *name, // IN: the name of the object
TPM2B *seed, // IN: an external seed.
OBJECT *protector, // IN: the protector
TPM2B_DIGEST *secret // OUT: secret information
);
//*** MemoryRemoveTrailingZeros()
// This function is used to adjust the length of an authorization value.
// It adjusts the size of the TPM2B so that it does not include octets
// at the end of the buffer that contain zero.
// The function returns the number of non-zero octets in the buffer.
UINT16
MemoryRemoveTrailingZeros(
TPM2B_AUTH *auth // IN/OUT: value to adjust
);
//*** SetLabelAndContext()
// This function sets the label and context for a derived key. It is possible
// that 'label' or 'context' can end up being an Empty Buffer.
TPM_RC
SetLabelAndContext(
TPMS_DERIVE *labelContext, // IN/OUT: the recovered label and
// context
TPM2B_SENSITIVE_DATA *sensitive // IN: the sensitive data
);
//*** UnmarshalToPublic()
// Support function to unmarshal the template. This is used because the
// Input may be a TPMT_TEMPLATE and that structure does not have the same
// size as a TPMT_PUBlIC because of the difference between the 'unique' and
// 'seed' fields.
// If 'derive' is not NULL, then the 'seed' field is assumed to contain
// a 'label' and 'context' that are unmarshaled into 'derive'.
TPM_RC
UnmarshalToPublic(
TPMT_PUBLIC *tOut, // OUT: output
TPM2B_TEMPLATE *tIn, // IN:
BOOL derivation, // IN: indicates if this is for a derivation
TPMS_DERIVE *labelContext// OUT: label and context if derivation
);
//*** ObjectSetExternal()
// Set the external attributes for an object.
void
ObjectSetExternal(
OBJECT *object
);
#endif // _OBJECT_SPT_FP_H_