187 lines
6.5 KiB
C
187 lines
6.5 KiB
C
// This file was extracted from the TCG Published
|
|
// Trusted Platform Module Library
|
|
// Part 4: Supporting Routines
|
|
// Family "2.0"
|
|
// Level 00 Revision 01.16
|
|
// October 30, 2014
|
|
|
|
#include "InternalRoutines.h"
|
|
//
|
|
//
|
|
// 10.3.3 Functions
|
|
//
|
|
// 10.3.3.1 TicketIsSafe()
|
|
//
|
|
// This function indicates if producing a ticket is safe. It checks if the leading bytes of an input buffer is
|
|
// TPM_GENERATED_VALUE or its substring of canonical form. If so, it is not safe to produce ticket for an
|
|
// input buffer claiming to be TPM generated buffer
|
|
//
|
|
// Return Value Meaning
|
|
//
|
|
// TRUE It is safe to produce ticket
|
|
// FALSE It is not safe to produce ticket
|
|
//
|
|
BOOL
|
|
TicketIsSafe(
|
|
TPM2B *buffer
|
|
)
|
|
{
|
|
TPM_GENERATED valueToCompare = TPM_GENERATED_VALUE;
|
|
BYTE bufferToCompare[sizeof(valueToCompare)];
|
|
BYTE *marshalBuffer;
|
|
INT32 bufferSize;
|
|
// If the buffer size is less than the size of TPM_GENERATED_VALUE, assume
|
|
// it is not safe to generate a ticket
|
|
if(buffer->size < sizeof(valueToCompare))
|
|
return FALSE;
|
|
marshalBuffer = bufferToCompare;
|
|
bufferSize = sizeof(TPM_GENERATED);
|
|
TPM_GENERATED_Marshal(&valueToCompare, &marshalBuffer, &bufferSize);
|
|
if(MemoryEqual(buffer->buffer, bufferToCompare, sizeof(valueToCompare)))
|
|
return FALSE;
|
|
else
|
|
return TRUE;
|
|
}
|
|
//
|
|
//
|
|
// 10.3.3.2 TicketComputeVerified()
|
|
//
|
|
// This function creates a TPMT_TK_VERIFIED ticket.
|
|
//
|
|
void
|
|
TicketComputeVerified(
|
|
TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket
|
|
TPM2B_DIGEST *digest, // IN: digest
|
|
TPM2B_NAME *keyName, // IN: name of key that signed the value
|
|
TPMT_TK_VERIFIED *ticket // OUT: verified ticket
|
|
)
|
|
{
|
|
TPM2B_AUTH *proof;
|
|
HMAC_STATE hmacState;
|
|
// Fill in ticket fields
|
|
ticket->tag = TPM_ST_VERIFIED;
|
|
ticket->hierarchy = hierarchy;
|
|
// Use the proof value of the hierarchy
|
|
proof = HierarchyGetProof(hierarchy);
|
|
// Start HMAC
|
|
ticket->digest.t.size = CryptStartHMAC2B(CONTEXT_INTEGRITY_HASH_ALG,
|
|
&proof->b, &hmacState);
|
|
// add TPM_ST_VERIFIED
|
|
CryptUpdateDigestInt(&hmacState, sizeof(TPM_ST), &ticket->tag);
|
|
// add digest
|
|
CryptUpdateDigest2B(&hmacState, &digest->b);
|
|
// add key name
|
|
CryptUpdateDigest2B(&hmacState, &keyName->b);
|
|
// complete HMAC
|
|
CryptCompleteHMAC2B(&hmacState, &ticket->digest.b);
|
|
return;
|
|
}
|
|
//
|
|
//
|
|
// 10.3.3.3 TicketComputeAuth()
|
|
//
|
|
// This function creates a TPMT_TK_AUTH ticket.
|
|
//
|
|
void
|
|
TicketComputeAuth(
|
|
TPM_ST type, // IN: the type of ticket.
|
|
TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket
|
|
UINT64 timeout, // IN: timeout
|
|
TPM2B_DIGEST *cpHashA, // IN: input cpHashA
|
|
TPM2B_NONCE *policyRef, // IN: input policyRef
|
|
TPM2B_NAME *entityName, // IN: name of entity
|
|
TPMT_TK_AUTH *ticket // OUT: Created ticket
|
|
)
|
|
{
|
|
TPM2B_AUTH *proof;
|
|
HMAC_STATE hmacState;
|
|
// Get proper proof
|
|
proof = HierarchyGetProof(hierarchy);
|
|
// Fill in ticket fields
|
|
ticket->tag = type;
|
|
ticket->hierarchy = hierarchy;
|
|
// Start HMAC
|
|
ticket->digest.t.size = CryptStartHMAC2B(CONTEXT_INTEGRITY_HASH_ALG,
|
|
&proof->b, &hmacState);
|
|
// Adding TPM_ST_AUTH
|
|
CryptUpdateDigestInt(&hmacState, sizeof(UINT16), &ticket->tag);
|
|
// Adding timeout
|
|
CryptUpdateDigestInt(&hmacState, sizeof(UINT64), &timeout);
|
|
// Adding cpHash
|
|
CryptUpdateDigest2B(&hmacState, &cpHashA->b);
|
|
// Adding policyRef
|
|
CryptUpdateDigest2B(&hmacState, &policyRef->b);
|
|
// Adding keyName
|
|
CryptUpdateDigest2B(&hmacState, &entityName->b);
|
|
// Compute HMAC
|
|
CryptCompleteHMAC2B(&hmacState, &ticket->digest.b);
|
|
return;
|
|
}
|
|
//
|
|
//
|
|
// 10.3.3.4 TicketComputeHashCheck()
|
|
//
|
|
// This function creates a TPMT_TK_HASHCHECK ticket.
|
|
//
|
|
void
|
|
TicketComputeHashCheck(
|
|
TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket
|
|
TPM_ALG_ID hashAlg, // IN: the hash algorithm used to create
|
|
// 'digest'
|
|
TPM2B_DIGEST *digest, // IN: input digest
|
|
TPMT_TK_HASHCHECK *ticket // OUT: Created ticket
|
|
)
|
|
{
|
|
TPM2B_AUTH *proof;
|
|
HMAC_STATE hmacState;
|
|
// Get proper proof
|
|
proof = HierarchyGetProof(hierarchy);
|
|
// Fill in ticket fields
|
|
ticket->tag = TPM_ST_HASHCHECK;
|
|
ticket->hierarchy = hierarchy;
|
|
ticket->digest.t.size = CryptStartHMAC2B(CONTEXT_INTEGRITY_HASH_ALG,
|
|
&proof->b, &hmacState);
|
|
// Add TPM_ST_HASHCHECK
|
|
CryptUpdateDigestInt(&hmacState, sizeof(TPM_ST), &ticket->tag);
|
|
//
|
|
// Add hash algorithm
|
|
CryptUpdateDigestInt(&hmacState, sizeof(hashAlg), &hashAlg);
|
|
// Add digest
|
|
CryptUpdateDigest2B(&hmacState, &digest->b);
|
|
// Compute HMAC
|
|
CryptCompleteHMAC2B(&hmacState, &ticket->digest.b);
|
|
return;
|
|
}
|
|
//
|
|
//
|
|
// 10.3.3.5 TicketComputeCreation()
|
|
//
|
|
// This function creates a TPMT_TK_CREATION ticket.
|
|
//
|
|
void
|
|
TicketComputeCreation(
|
|
TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy for ticket
|
|
TPM2B_NAME *name, // IN: object name
|
|
TPM2B_DIGEST *creation, // IN: creation hash
|
|
TPMT_TK_CREATION *ticket // OUT: created ticket
|
|
)
|
|
{
|
|
TPM2B_AUTH *proof;
|
|
HMAC_STATE hmacState;
|
|
// Get proper proof
|
|
proof = HierarchyGetProof(hierarchy);
|
|
// Fill in ticket fields
|
|
ticket->tag = TPM_ST_CREATION;
|
|
ticket->hierarchy = hierarchy;
|
|
ticket->digest.t.size = CryptStartHMAC2B(CONTEXT_INTEGRITY_HASH_ALG,
|
|
&proof->b, &hmacState);
|
|
// Add TPM_ST_CREATION
|
|
CryptUpdateDigestInt(&hmacState, sizeof(TPM_ST), &ticket->tag);
|
|
// Add name
|
|
CryptUpdateDigest2B(&hmacState, &name->b);
|
|
// Add creation hash
|
|
CryptUpdateDigest2B(&hmacState, &creation->b);
|
|
// Compute HMAC
|
|
CryptCompleteHMAC2B(&hmacState, &ticket->digest.b);
|
|
return;
|
|
}
|