Lines Matching +full:case +full:- +full:sensitive
39 if(publicArea1->nameAlg != publicArea2->nameAlg) in EqualCryptSet()
42 if(publicArea1->type != publicArea2->type) in EqualCryptSet()
47 size1 = TPMU_PUBLIC_PARMS_Marshal(&publicArea1->parameters, &buffer, in EqualCryptSet()
48 &bufferSize, publicArea1->type); in EqualCryptSet()
51 size2 = TPMU_PUBLIC_PARMS_Marshal(&publicArea2->parameters, &buffer, in EqualCryptSet()
52 &bufferSize, publicArea2->type); in EqualCryptSet()
61 // Get the size of TPM2B_IV in canonical form that will be append to the start of the sensitive…
85 symAlg = protector->publicArea.parameters.asymDetail.symmetric.algorithm; in GetIV2BSize()
86 keyBits= protector->publicArea.parameters.asymDetail.symmetric.keyBits.sym; in GetIV2BSize()
96 // This function retrieves the symmetric protection key parameters for the sensitive data The p…
99 // requires encrypting or decrypting of the sensitive area of an object or a credential blob
122 symKey->t.size = CONTEXT_ENCRYPT_KEY_BYTES; in ComputeProtectionKeyParms()
129 symDef = &protector->publicArea.parameters.asymDetail.symmetric; in ComputeProtectionKeyParms()
130 *symAlg = symDef->algorithm; in ComputeProtectionKeyParms()
131 *keyBits= symDef->keyBits.sym; in ComputeProtectionKeyParms()
132 symKey->t.size = (*keyBits + 7) / 8; in ComputeProtectionKeyParms()
138 symKey->t.size * 8, symKey->t.buffer, NULL); in ComputeProtectionKeyParms()
145 // The sensitive area parameter is a buffer that holds a space for the integrity value and the…
146 // sensitive area. The caller should skip over the area set aside for the integrity value and …
147 … of the remainder of the object. The size field of sensitive is in unmarshaled form and the sensit…
162 UINT32 sensitiveSize, // IN: size of the marshaled sensitive data in ComputeOuterIntegrity()
163 BYTE *sensitiveData, // IN: sensitive area in ComputeOuterIntegrity()
178 integrity->t.size = CryptStartHMAC2B(hashAlg, &hmacKey.b, &hmacState); in ComputeOuterIntegrity()
179 // Adding the marshaled sensitive area to the integrity value in ComputeOuterIntegrity()
184 CryptCompleteHMAC2B(&hmacState, &integrity->b); in ComputeOuterIntegrity()
197 UINT16 dataSize, // IN: the size of sensitive data in ComputeInnerIntegrity()
198 BYTE *sensitiveData, // IN: sensitive data in ComputeInnerIntegrity()
204 integrity->t.size = CryptStartHash(hashAlg, &hashState); in ComputeInnerIntegrity()
205 // Adding the marshaled sensitive area to the integrity value in ComputeInnerIntegrity()
208 CryptUpdateDigest2B(&hashState, &name->b); in ComputeInnerIntegrity()
210 CryptCompleteHash2B(&hashState, &integrity->b); in ComputeInnerIntegrity()
218 // sensitive data being marshaled to the innerBuffer, with the leading bytes reserved for inte…
219 // assume the sensitive data starts at address (innerBuffer + integrity size). This function i…
226 UINT16 dataSize, // IN: the size of sensitive data, excluding the in ProduceInnerIntegrity()
228 BYTE *innerBuffer // IN/OUT: inner buffer with sensitive data in in ProduceInnerIntegrity()
233 BYTE *sensitiveData; // pointer to the sensitive data in ProduceInnerIntegrity()
238 // sensitiveData points to the beginning of sensitive data in innerBuffer in ProduceInnerIntegrity()
263 UINT16 dataSize, // IN: the size of sensitive data, including the in CheckInnerIntegrity()
265 BYTE *innerBuffer // IN/OUT: inner buffer with sensitive data in in CheckInnerIntegrity()
309 // the authorization is checked, both the public and sensitive in AreAttributesForParent()
311 pAssert(parentObject->attributes.publicOnly == CLEAR); in AreAttributesForParent()
312 if(ObjectDataIsStorage(&parentObject->publicArea)) in AreAttributesForParent()
326 // TPM_RC_ASYMMETRIC non-duplicable storage key and its parent have different pu…
328 // TPM_RC_ATTRIBUTES attempt to inject sensitive data for an asymmetric key; or …
330 // TPM_RC_HASH non-duplicable storage key and its parent have different na…
337 …TPM_RC_SYMMETRIC a storage key with no symmetric algorithm specified; or non-storage
339 // TPM_RC_TYPE unexpected object type; or non-duplicable storage key and i…
351 if(CryptIsAsymAlgorithm(publicArea->type)) in SchemeChecks()
354 keyScheme = &publicArea->parameters.asymDetail.scheme; in SchemeChecks()
357 if(!load && (publicArea->objectAttributes.sensitiveDataOrigin == CLEAR)) in SchemeChecks()
363 if( publicArea->objectAttributes.sign == SET in SchemeChecks()
364 && publicArea->objectAttributes.decrypt == SET in SchemeChecks()
365 && keyScheme->scheme != TPM_ALG_NULL) in SchemeChecks()
367 // A restrict sign key must have a non-NULL scheme in SchemeChecks()
368 if( publicArea->objectAttributes.restricted == SET in SchemeChecks()
369 && publicArea->objectAttributes.sign == SET in SchemeChecks()
370 && keyScheme->scheme == TPM_ALG_NULL) in SchemeChecks()
380 if( keyScheme->scheme != TPM_ALG_NULL in SchemeChecks()
381 && ( ( publicArea->objectAttributes.sign == SET in SchemeChecks()
382 && !CryptIsSignScheme(keyScheme->scheme) in SchemeChecks()
384 || ( publicArea->objectAttributes.decrypt == SET in SchemeChecks()
385 && !CryptIsDecryptScheme(keyScheme->scheme) in SchemeChecks()
392 if(publicArea->type == TPM_ALG_ECC) in SchemeChecks()
394 TPM_ECC_CURVE curveID = publicArea->parameters.eccDetail.curveID; in SchemeChecks()
400 if(curveScheme->scheme != TPM_ALG_NULL) in SchemeChecks()
402 if(keyScheme->scheme != curveScheme->scheme) in SchemeChecks()
405 if( curveScheme->details.anySig.hashAlg != TPM_ALG_NULL in SchemeChecks()
406 && ( keyScheme->details.anySig.hashAlg in SchemeChecks()
407 != curveScheme->details.anySig.hashAlg in SchemeChecks()
413 if(publicArea->parameters.eccDetail.kdf.scheme != TPM_ALG_NULL) in SchemeChecks()
418 if( publicArea->objectAttributes.restricted == SET in SchemeChecks()
419 && publicArea->objectAttributes.decrypt == SET) in SchemeChecks()
422 if( publicArea->parameters.asymDetail.symmetric.algorithm in SchemeChecks()
426 if(publicArea->parameters.asymDetail.scheme.scheme != TPM_ALG_NULL) in SchemeChecks()
431 && publicArea->objectAttributes.fixedParent == SET in SchemeChecks()
438 &(ObjectGet(parentHandle)->publicArea)); in SchemeChecks()
443 // Non-storage keys must have TPM_ALG_NULL for the symmetric algorithm in SchemeChecks()
444 if( publicArea->parameters.asymDetail.symmetric.algorithm in SchemeChecks()
450 else if(publicArea->type == TPM_ALG_KEYEDHASH) in SchemeChecks()
453 = &publicArea->parameters.keyedHashDetail.scheme; in SchemeChecks()
458 if( publicArea->objectAttributes.sign in SchemeChecks()
459 == publicArea->objectAttributes.decrypt) in SchemeChecks()
461 if(scheme->scheme != TPM_ALG_NULL) in SchemeChecks()
467 else if(publicArea->objectAttributes.decrypt) in SchemeChecks()
469 if( scheme->scheme != TPM_ALG_XOR in SchemeChecks()
470 || scheme->details.xor_.hashAlg == TPM_ALG_NULL) in SchemeChecks()
472 if(scheme->details.xor_.kdf == TPM_ALG_NULL) in SchemeChecks()
477 if( scheme->scheme != TPM_ALG_HMAC in SchemeChecks()
478 || scheme->details.hmac.hashAlg == TPM_ALG_NULL) in SchemeChecks()
483 else if (publicArea->type == TPM_ALG_SYMCIPHER) in SchemeChecks()
486 if( publicArea->objectAttributes.decrypt == CLEAR in SchemeChecks()
487 || publicArea->objectAttributes.sign == SET in SchemeChecks()
504 // TPM_RC_ASYMMETRIC non-duplicable storage key and its parent have different …
509 // sensitive data for an asymmetric key; attempt to create a…
511 // TPM_RC_HASH non-duplicable storage key and its parent have different …
520 …M_RC_SYMMETRIC a storage key with no symmetric algorithm specified; or non-storage
522 // TPM_RC_TYPE unexpected object type; or non-duplicable storage key and…
537 if( publicArea->authPolicy.t.size != 0 in PublicAttributesValidation()
538 && ( publicArea->authPolicy.t.size in PublicAttributesValidation()
539 != CryptGetHashDigestSize(publicArea->nameAlg) in PublicAttributesValidation()
546 || parentObject->publicArea.objectAttributes.fixedTPM == SET) in PublicAttributesValidation()
548 if( publicArea->objectAttributes.fixedParent in PublicAttributesValidation()
549 != publicArea->objectAttributes.fixedTPM in PublicAttributesValidation()
555 if(publicArea->objectAttributes.fixedTPM == SET) in PublicAttributesValidation()
559 if ( publicArea->objectAttributes.restricted == SET in PublicAttributesValidation()
560 && ( publicArea->objectAttributes.decrypt in PublicAttributesValidation()
561 == publicArea->objectAttributes.sign) in PublicAttributesValidation()
565 if( publicArea->objectAttributes.fixedTPM == SET in PublicAttributesValidation()
566 && publicArea->objectAttributes.encryptedDuplication == SET) in PublicAttributesValidation()
572 && parentObject->publicArea.objectAttributes.fixedTPM == CLEAR) in PublicAttributesValidation()
574 && ( publicArea->objectAttributes.encryptedDuplication in PublicAttributesValidation()
575 != parentObject->publicArea.objectAttributes.encryptedDuplication in PublicAttributesValidation()
605 &outCreation->t.creationData.pcrDigest); in FillInCreationData()
607 outCreation->t.creationData.pcrSelect = *creationPCR; in FillInCreationData()
609 outCreation->t.creationData.locality in FillInCreationData()
611 outCreation->t.creationData.parentNameAlg = TPM_ALG_NULL; in FillInCreationData()
616 BYTE *buffer = &outCreation->t.creationData.parentName.t.name[0]; in FillInCreationData()
618 outCreation->t.creationData.parentName.t.size = in FillInCreationData()
622 MemoryCopy2B(&outCreation->t.creationData.parentQualifiedName.b, in FillInCreationData()
623 &outCreation->t.creationData.parentName.b, in FillInCreationData()
624 sizeof(outCreation->t.creationData.parentQualifiedName.t.name)); in FillInCreationData()
630 outCreation->t.creationData.parentNameAlg = in FillInCreationData()
631 parentObject->publicArea.nameAlg; in FillInCreationData()
633 outCreation->t.creationData.parentName = parentObject->name; in FillInCreationData()
635 outCreation->t.creationData.parentQualifiedName = in FillInCreationData()
636 parentObject->qualifiedName; in FillInCreationData()
639 outCreation->t.creationData.outsideInfo = *outsideData; in FillInCreationData()
643 outCreation->t.size = TPMS_CREATION_DATA_Marshal(&outCreation->t.creationData, in FillInCreationData()
646 creationDigest->t.size = CryptStartHash(nameHashAlg, &hashState); in FillInCreationData()
647 CryptUpdateDigest(&hashState, outCreation->t.size, creationBuffer); in FillInCreationData()
648 CryptCompleteHash2B(&hashState, &creationDigest->b); in FillInCreationData()
666 // case, use nullProof as seed. in GetSeedForKDF()
680 return (TPM2B_SEED *) &protector->sensitive.seedValue; in GetSeedForKDF()
688 …function produce outer wrap for a buffer containing the sensitive data. It requires the sensitive …
690 // space should be reserved at the beginning of the buffer. It assumes the sensitive data star…
692 // a) Add IV before sensitive area if required
693 // b) encrypt sensitive data, if iv is required, encrypt by iv. otherwise, encrypted by a NULL…
708 UINT16 dataSize, // IN: the size of sensitive data, excluding the in ProduceOuterWrap()
711 BYTE *outerBuffer // IN/OUT: outer buffer with sensitive data in in ProduceOuterWrap()
721 BYTE *sensitiveData; // pointer to the sensitive data in ProduceOuterWrap()
726 // Compute the beginning of sensitive data. The outer integrity should in ProduceOuterWrap()
730 // If iv is used, adjust the pointer of sensitive data and add iv before it in ProduceOuterWrap()
736 ivRNG.t.size = ivSize - sizeof(UINT16); in ProduceOuterWrap()
742 // adjust sensitive data starting after IV area in ProduceOuterWrap()
770 // This function remove the outer wrap of a blob containing sensitive data This function perfo…
776 // TPM_RC_INSUFFICIENT error during sensitive data unmarshaling
777 // TPM_RC_INTEGRITY sensitive data integrity is broken
778 // TPM_RC_SIZE error during sensitive data unmarshaling
793 UINT16 dataSize, // IN: size of sensitive data in outerBuffer, in UnwrapOuter()
796 BYTE *outerBuffer // IN/OUT: sensitive data in UnwrapOuter()
805 BYTE *sensitiveData; // pointer to the sensitive data in UnwrapOuter()
853 // b) apply encryption to the sensitive area.
858 TPMT_SENSITIVE *sensitive, // IN: sensitive structure in SensitiveToPrivate() argument
863 // NULL, in which case the object is in SensitiveToPrivate()
870 BYTE *sensitiveData; // pointer to the sensitive data in SensitiveToPrivate()
875 pAssert(name != NULL && name->t.size != 0); in SensitiveToPrivate()
887 // Starting of sensitive data without wrappers in SensitiveToPrivate()
888 sensitiveData = outPrivate->t.buffer; in SensitiveToPrivate()
897 // Marshal sensitive area, leaving the leading 2 bytes for size in SensitiveToPrivate()
900 dataSize = TPMT_SENSITIVE_Marshal(sensitive, &buffer, &bufferSize); in SensitiveToPrivate()
908 sensitiveData = outPrivate->t.buffer + ivSize; in SensitiveToPrivate()
910 outPrivate->t.size = ProduceOuterWrap(parentHandle, name, hashAlg, NULL, in SensitiveToPrivate()
911 TRUE, dataSize, outPrivate->t.buffer); in SensitiveToPrivate()
918 // Unwrap a input private area. Check the integrity, decrypt and retrieve data to a sensitive …
944 TPMT_SENSITIVE *sensitive // OUT: sensitive structure in PrivateToSensitive() argument
950 BYTE *sensitiveData; // pointer to the sensitive data in PrivateToSensitive()
958 pAssert(name != NULL && name->t.size != 0); in PrivateToSensitive()
972 inPrivate->t.size, inPrivate->t.buffer); in PrivateToSensitive()
979 // The starting of sensitive data and data size without outer wrapper in PrivateToSensitive()
980 sensitiveData = inPrivate->t.buffer + integritySize + ivSize; in PrivateToSensitive()
981 dataSize = inPrivate->t.size - integritySize - ivSize; in PrivateToSensitive()
992 // Unmarshal sensitive buffer to sensitive structure in PrivateToSensitive()
993 result = TPMT_SENSITIVE_Unmarshal(sensitive, &buffer, &size); in PrivateToSensitive()
997 || parent->publicArea.objectAttributes.fixedTPM == CLEAR); in PrivateToSensitive()
1005 MemoryRemoveTrailingZeros(&(sensitive->authValue)); in PrivateToSensitive()
1015 // This function prepare the duplication blob from the sensitive area. The operations in this …
1017 // b) apply inner wrap to the sensitive area if required
1022 TPMT_SENSITIVE *sensitive, // IN: sensitive structure in SensitiveToDuplicate() argument
1045 BYTE *sensitiveData; // pointer to the sensitive data in SensitiveToDuplicate()
1052 pAssert(name != NULL && name->t.size != 0); in SensitiveToDuplicate()
1055 // Starting of sensitive data without wrappers in SensitiveToDuplicate()
1056 sensitiveData = outPrivate->t.buffer; in SensitiveToDuplicate()
1058 if(symDef->algorithm != TPM_ALG_NULL) in SensitiveToDuplicate()
1063 // Adjust sensitive data pointer in SensitiveToDuplicate()
1067 if(seed->t.size != 0) in SensitiveToDuplicate()
1072 // Adjust sensitive data pointer in SensitiveToDuplicate()
1075 // Marshal sensitive area, leaving the leading 2 bytes for size in SensitiveToDuplicate()
1078 dataSize = TPMT_SENSITIVE_Marshal(sensitive, &buffer, &bufferSize); in SensitiveToDuplicate()
1091 innerBuffer = outPrivate->t.buffer; in SensitiveToDuplicate()
1098 if(innerSymKey->t.size == 0) in SensitiveToDuplicate()
1100 innerSymKey->t.size = (symDef->keyBits.sym + 7) / 8; in SensitiveToDuplicate()
1101 CryptGenerateRandom(innerSymKey->t.size, innerSymKey->t.buffer); in SensitiveToDuplicate()
1108 pAssert(innerSymKey->t.size == (symDef->keyBits.sym + 7) / 8); in SensitiveToDuplicate()
1111 CryptSymmetricEncrypt(innerBuffer, symDef->algorithm, in SensitiveToDuplicate()
1112 symDef->keyBits.sym, TPM_ALG_CFB, in SensitiveToDuplicate()
1113 innerSymKey->t.buffer, NULL, dataSize, in SensitiveToDuplicate()
1118 innerSymKey->t.size = 0; in SensitiveToDuplicate()
1125 dataSize, outPrivate->t.buffer); in SensitiveToDuplicate()
1128 outPrivate->t.size = dataSize; in SensitiveToDuplicate()
1135 // Unwrap a duplication blob. Check the integrity, decrypt and retrieve data to a sensitive s…
1143 // TPM_RC_INSUFFICIENT unmarshaling sensitive data from inPrivate failed
1145 // TPM_RC_SIZE unmarshaling sensitive data from inPrivate failed
1163 TPMT_SENSITIVE *sensitive // OUT: sensitive structure in DuplicateToSensitive() argument
1169 BYTE *sensitiveData; // pointer to the sensitive data in DuplicateToSensitive()
1173 pAssert(name != NULL && name->t.size != 0); in DuplicateToSensitive()
1176 // Starting of sensitive data in DuplicateToSensitive()
1177 sensitiveData = inPrivate->t.buffer; in DuplicateToSensitive()
1178 dataSize = inPrivate->t.size; in DuplicateToSensitive()
1180 if(seed->t.size != 0) in DuplicateToSensitive()
1189 // Adjust sensitive data pointer and size in DuplicateToSensitive()
1191 dataSize -= sizeof(UINT16) + CryptGetHashDigestSize(outerHash); in DuplicateToSensitive()
1194 if(symDef->algorithm != TPM_ALG_NULL) in DuplicateToSensitive()
1198 pAssert(innerSymKey->t.size == (symDef->keyBits.sym + 7) / 8); in DuplicateToSensitive()
1200 CryptSymmetricDecrypt(sensitiveData, symDef->algorithm, in DuplicateToSensitive()
1201 symDef->keyBits.sym, TPM_ALG_CFB, in DuplicateToSensitive()
1202 innerSymKey->t.buffer, NULL, dataSize, in DuplicateToSensitive()
1210 // Adjust sensitive data pointer and size in DuplicateToSensitive()
1212 dataSize -= sizeof(UINT16) + CryptGetHashDigestSize(innerHash); in DuplicateToSensitive()
1224 // Unmarshal sensitive buffer to sensitive structure in DuplicateToSensitive()
1225 result = TPMT_SENSITIVE_Unmarshal(sensitive, &buffer, &size); in DuplicateToSensitive()
1234 MemoryRemoveTrailingZeros(&(sensitive->authValue)); in DuplicateToSensitive()
1259 BYTE *sensitiveData; // pointer to the sensitive data in SecretToCredential()
1266 sensitiveData = outIDObject->t.credential in SecretToCredential()
1273 outIDObject->t.size = ProduceOuterWrap(protector, in SecretToCredential()
1279 outIDObject->t.credential); in SecretToCredential()
1312 BYTE *sensitiveData; // pointer to the sensitive data in CredentialToSecret()
1318 inIDObject->t.size, inIDObject->t.credential); in CredentialToSecret()
1321 // Compute the beginning of sensitive data in CredentialToSecret()
1322 sensitiveData = inIDObject->t.credential in CredentialToSecret()
1324 dataSize = inIDObject->t.size in CredentialToSecret()
1325 - (sizeof(UINT16) + CryptGetHashDigestSize(outerHash)); in CredentialToSecret()