Lines Matching +full:case +full:- +full:sensitive
19 Copyright © TCG 2006-2014
68 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revis…
98 …8.2 Pre-processing ...........................................................................…
100 9 Start-up ....................................................................................…
118 Level 00 Revision 01.16 Copyright © TCG 2006-2014 …
169 October 30, 2014 Copyright © TCG 2006-2014 …
221 Level 00 Revision 01.16 Copyright © TCG 2006-2014 …
255 31 Non-volatile Storage .........................................................................…
272 October 30, 2014 Copyright © TCG 2006-2014 …
284 Level 00 Revision 01.16 Copyright © TCG 2006-2014 …
291 Table 4 — Command-Independent Response Codes ......................................................…
328 October 30, 2014 Copyright © TCG 2006-2014 …
371 Level 00 Revision 01.16 Copyright © TCG 2006-2014 …
414 October 30, 2014 Copyright © TCG 2006-2014 …
457 Level 00 Revision 01.16 Copyright © TCG 2006-2014 …
500 October 30, 2014 Copyright © TCG 2006-2014 …
538 Level 00 Revision 01.16 Copyright © TCG 2006-2014 …
590 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2…
626 … column to indicate that the command may flush many objects and re-enumeration of the loaded
643 October 30, 2014 Copyright © TCG 2006-2014 Level …
687 command or response is TPM_ST_SESSIONS, then a 32-bit value will be present in the
705 Level 00 Revision 01.16 Copyright © TCG 2006-2014 …
763 … This is a corner case exception to the rule that TPM2_Startup() must be the first command.
766 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revi…
802 … ii) the handle shall reference a persistent object that is currently in TPM non-volatile memory
825 Level 00 Revision 01.16 Copyright © TCG 2006-2014 …
882 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revi…
902 a) The public and sensitive portions of the object shall be present…
941 Level 00 Revision 01.16 Copyright © TCG 2006-2014 …
962 6) if policySession->commandLocality has been set, it shall match the locality of the command
993 unmarshaled into a command-specific structure with the structure defined by the command schematic.
997 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revis…
1000 Additionally, a response-specific output structure is assumed which will receive the values produce…
1008 parameters for use by the command-specific action code. No data movement need take place but it is
1029 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October …
1050 …TPM_RC_RESERVED a non-zero value was found in a reserved field of an attribute struc…
1071 audit data and will return a 10-octet response packet.
1083 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revi…
1104 Level 00 Revision 01.16 Copyright © TCG 2006-2014 Octobe…
1117 A special case exists when the command tag parameter is not an allowed value (TPM_ST_SESSIONS or
1118 TPM_ST_NO_SESSIONS). For this case, it is assumed that the system software is attempting to send a
1143 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 0…
1146 Table 4 — Command-Independent Response Codes
1169 … This response code indicates that the TPM is rate-limiting writes to the NV
1188 … need an object 'slot'. The most common case where this might be returned is
1211 Level 00 Revision 01.16 Copyright © TCG 2006-2014 Octo…
1232 … need a session 'slot'. The most common case where this might be returned is
1249 See TPM 2.0 Part 1, “Multi-tasking.”
1256 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Re…
1263 The actions code for each command makes assumptions about the behavior of various sub-systems.
1265 actions code is not written to anticipate all possible implementations of the sub-systems. Therefor…
1267 when the sub-system behavior changes.
1273 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, …
1286 8.2 Pre-processing
1321 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Rev…
1326 9 Start-up
1341 NOTE 1 If the TPM performs self-tests after receiving _TPM_Init() and the TPM enters Fail…
1345 The means of signaling _TPM_Init shall be defined in the platform-specific specifications that defi…
1358 Level 00 Revision 01.16 Copyright © TCG 2006-2014 Octob…
1394 29 // No H-CRTM, yet.
1404 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
1414 is necessary because of a system-wide reset. TPM2_Startup() is only valid after _TPM_Init. Addition…
1421 …E 2 _TPM_Hash_Start, _TPM_Hash_Data, and _TPM_Hash_End are not commands and a platform -
1426 A platform-specific specification may restrict the localities at which TPM2_Startup() may be receiv…
1441 previous state of the TPM including the static Root of Trust for Measurement (S-RTM) PCR and the
1459 Level 00 Revision 01.16 Copyright © TCG 2006-2014 Oc…
1476 platform-specific specification and the H-CRTM state (for exceptions, see TPM 2.0 Part 1, H-
1477 CRTM before TPM2_Startup() and TPM2_Startup without H-CRTM)
1494 If an H-CRTM Event Sequence is active, extend the PCR designated by the platform-specific
1497 the H-CRTM startup method is the same for this TPM2_Startup() as for the previous
1500 PCR that are specified in a platform-specific specification to be preserved on TPM Resume are
1502 platform-specific specification. For constraints, see TPM 2.0 Part 1, H-CRTM before
1503 TPM2_Startup() and TPM2_Startup without H-CRTM.
1511 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Re…
1524 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, …
1551 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
1565 TPM_RC_LOCALITY a Startup(STATE) does not have the same H-CRTM state as the
1585 18 // Indicate that the locality was 3 unless there was an H-CRTM
1616 49 // if this startup is a TPM Resume, then the H-CRTM states have to match.
1617 50 if(in->startupType == TPM_SU_STATE)
1620 …Level 00 Revision 01.16 Copyright © TCG 2006-2014 Octobe…
1633 61 if(in->startupType == TPM_SU_STATE)
1647 75 if( in->startupType == TPM_SU_CLEAR
1657 85 else if(in->startupType == TPM_SU_STATE && g_prevOrderlyState == TPM_SU_STATE)
1691 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
1725 148 // The H-CRTM state no longer matters
1737 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
1758 TPM-memory-resident session contexts;
1759 TPM-memory-resident transient objects; or
1760 TPM-memory-resident hash contexts created by TPM2_HashSequenceStart().
1773 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
1803 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
1817 TPM_RC_TYPE if PCR bank has been re-configured, a CLEAR StateSave() is
1836 20 if(g_pcrReConfig && in->shutdownType == TPM_SU_STATE)
1842 26 PCRStateSave(in->shutdownType);
1853 37 if(in->shutdownType == TPM_SU_STATE)
1859 43 else if(in->shutdownType == TPM_SU_CLEAR)
1866 50 if(in->shutdownType == TPM_SU_CLEAR)
1868 52 else if(in->shutdownType == TPM_SU_STATE)
1871 55 // Hack for the H-CRTM and Startup locality settings
1874 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision…
1891 70 // an issue. This must be the case, otherwise, it would be impossible to add
1902 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
1926 If a self-test fails at any time, the TPM will enter Failure mode. While in Failure mode, the TPM w…
1934 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision…
1946 a) return TPM_RC_TESTING and begin self-test of the required functions, or
1966 Level 00 Revision 01.16 Copyright © TCG 2006-2014 O…
1997 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
2023 12 return CryptSelfTest(in->fullTest);
2031 …Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30,…
2091 October 30, 2014 Copyright © TCG 2006-2014 Level 0…
2123 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October …
2152 16 result = CryptIncrementalSelfTest(&in->toTest, &out->toDoList);
2163 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revisi…
2171 This command returns manufacturer-specific information regarding the results of a self-test and an
2186 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 20…
2212 contains manufacturer-specific information
2219 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
2242 12 out->testResult = CryptGetTestResult(&out->outData);
2252 …Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30…
2296 proper type for tpmKey. The TPM shall return TPM_RC_HANDLE if the sensitive portion of tpmKey is not
2307 October 30, 2014 Copyright © TCG 2006-2014 Level 00…
2320 If bind references a transient object, then the TPM shall return TPM_RC_HANDLE if the sensitive por…
2339 … a saved context. That is, TPM2_Shutdown() is not required after this command in order to re-
2351 Level 00 Revision 01.16 Copyright © TCG 2006-2014 Oct…
2407 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
2451 19 if( in->nonceCaller.t.size < 16
2452 20 || in->nonceCaller.t.size > CryptGetHashDigestSize(in->authHash))
2456 24 if(in->tpmKey != TPM_RH_NULL)
2459 27 if(in->encryptedSalt.t.size == 0)
2463 31 tpmKey = ObjectGet(in->tpmKey);
2467 35 if(tpmKey->attributes.publicOnly)
2473 …Level 00 Revision 01.16 Copyright © TCG 2006-2014 Oct…
2477 40 if(tpmKey->publicArea.objectAttributes.decrypt != SET)
2482 45 result = CryptSecretDecrypt(in->tpmKey, &in->nonceCaller, "SECRET",
2483 46 &in->encryptedSalt, &salt);
2491 54 if(in->encryptedSalt.t.size != 0)
2496 59 // sensitive area is loaded so that the authValue can be accessed.
2497 60 if( HandleGetType(in->bind) == TPM_HT_TRANSIENT
2498 61 && ObjectGet(in->bind)->attributes.publicOnly == SET)
2503 66 if( in->symmetric.algorithm != TPM_ALG_NULL
2504 67 && in->symmetric.algorithm != TPM_ALG_XOR
2505 68 && in->symmetric.mode.sym != TPM_ALG_CFB)
2516 79 result = SessionCreate(in->sessionType, in->authHash,
2517 80 &in->nonceCaller, &in->symmetric,
2518 81 in->bind, &salt, &out->sessionHandle);
2526 89 session = SessionGet(out->sessionHandle);
2529 92 out->nonceTPM = session->nonceTPM;
2539 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
2558 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
2588 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
2608 14 session = SessionGet(in->sessionHandle);
2609 15 wasTrialSession = session->attributes.isTrialPolicy == SET;
2614 20 session->attributes.isTrialPolicy = wasTrialSession;
2624 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
2636 data (creationData), its public area (outPublic), and its encrypted sensitive area (outPrivate). Pr…
2643 sensitive area loaded.
2650 is indicated as being TPM-generated, the value is filled in by bits from the RNG if the command is
2655 The TPM will create new data for the sensitive area and compute a TPMT_PUBLIC.unique from the
2656 sensitive area based on the object type:
2658 …1) If inSensitive.sensitive.data is the Empty Buffer, a TPM-generated key value is placed in the n…
2659 object’s TPMT_SENSITIVE.sensitive.sym. The size of the key will be determined by
2661 … 2) If inSensitive.sensitive.data is not the Empty Buffer, the TPM will validate that the size of
2663 and copy the inSensitive.data to TPMT_SENSITIVE.sensitive.sym of the new object.
2664 3) A TPM-generated obfuscation value is placed in TPMT_SENSITIVE.sensitive.seedValue. The
2666 value prevents the public unique value from leaking information about the sensitive area.
2670 … unique ≔ HnameAlg(sensitive.seedValue.buffer || sensitive.any.buffer) (1)
2672 … 1) If inSensitive.sensitive.data is not the Empty Buffer, then the TPM shall return TPM_RC_VALUE.
2677 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revis…
2680 2) A TPM-generated private key value is created with the size determined by the parameters of
2682 3) If the key is a Storage Key, a TPM-generated TPMT_SENSITIVE.seedValue value is created;
2701 1) If inSensitive.sensitive.data is an Empty Buffer, and neither sign nor decrypt is SET in
2704 …2) If inSensitive.sensitive.data is not an Empty Buffer, the TPM will …
2705 inSensitive.sensitive.data to TPMT_SENSITIVE.sensitive,bits of the new object.
2707 …NOTE 3 The size of inSensitive.sensitive.data is limited to be no larger than the large…
2708 TPMT_SENSITIVE.sensitive.bits by MAX_SYM_DATA.
2710 …3) If inSensitive.sensitive.data is an Empty Buffer, a TPM-generated key value that is the size of…
2711 digest produced by the nameAlg in inPublic is placed in TPMT_SENSITIVE.sensitive.bits.
2712 4) A TPM-generated obfuscation value that is the size of the digest produced by the nameAlg of
2720 NOTE 4 The encryption key is derived from the symmetric seed in the sensitive area of th…
2736 Level 00 Revision 01.16 Copyright © TCG 2006-2014 Oc…
2746 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision…
2763 TPM2B_SENSITIVE_CREATE inSensitive the sensitive data
2790 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30…
2805 TPM_RC_ASYMMETRIC non-duplicable storage key and its parent have different public
2807 TPM_RC_ATTRIBUTES sensitiveDataOrigin is CLEAR when 'sensitive.data' is an Empty
2808 Buffer, or is SET when 'sensitive.data' is not empty; fixedTPM,
2811 … restricted, decrypt and sign attributes; attempt to inject sensitive data
2814 TPM_RC_HASH non-duplicable storage key and its parent have different name
2819 sensitive creation area; may also be returned if the TPM does not
2825 TPM_RC_SIZE size of public auth policy or sensitive auth value does not match
2826 digest size of the name algorithm sensitive data size for the keyed
2828 TPM_RC_SYMMETRIC a storage key with no symmetric algorithm specified; or non-storage
2830 TPM_RC_TYPE unknown object type; non-duplicable storage key and its parent have
2832 … decryption key in the storage hierarchy with both public and sensitive
2847 12 TPMT_SENSITIVE sensitive;
2852 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revisi…
2859 19 parentObject = ObjectGet(in->parentHandle);
2867 27 if( (in->inPublic.t.publicArea.objectAttributes.sensitiveDataOrigin == SET)
2868 28 != (in->inSensitive.t.sensitive.data.t.size == 0))
2875 35 result = PublicAttributesValidation(FALSE, in->parentHandle,
2876 36 &in->inPublic.t.publicArea);
2880 40 // Validate the sensitive area values
2881 41 if( MemoryRemoveTrailingZeros(&in->inSensitive.t.sensitive.userAuth)
2882 42 > CryptGetHashDigestSize(in->inPublic.t.publicArea.nameAlg))
2888 48 result = CryptCreateObject(in->parentHandle, &in->inPublic.t.publicArea,
2889 49 &in->inSensitive.t.sensitive, &sensitive);
2894 54 FillInCreationData(in->parentHandle, in->inPublic.t.publicArea.nameAlg,
2895 55 &in->creationPCR, &in->outsideInfo,
2896 56 &out->creationData, &out->creationHash);
2899 59 out->outPublic.t.publicArea = in->inPublic.t.publicArea;
2902 62 ObjectComputeName(&(out->outPublic.t.publicArea), &name);
2905 65 TicketComputeCreation(EntityGetHierarchy(in->parentHandle), &name,
2906 66 &out->creationHash, &out->creationTicket);
2908 68 // Prepare output private data from sensitive
2909 69 SensitiveToPrivate(&sensitive, &name, in->parentHandle,
2910 70 out->outPublic.t.publicArea.nameAlg,
2911 71 &out->outPrivate);
2921 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
2944 checked before the sensitive area is used, or unmarshaled.
2946 NOTE 3 Checking the integrity before the data is used prevents attacks on the sensitive …
2952 NOTE 4 The TPM-computed Name is provided as a convenience to the caller for those cases …
2958 For all objects, the size of the key in the sensitive area shall be consistent with the key size in…
2960 Before use, a loaded object shall be checked to validate that the public and sensitive portions are
2964 …or a symmetric object, the unique value in the public area shall be the digest of the sensitive key
2967 EXAMPLE 2 For a two-prime RSA key, the remainder when dividing the public modulus by the pr…
2977 October 30, 2014 Copyright © TCG 2006-2014 Level 00…
3017 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30,…
3056 12 TPMT_SENSITIVE sensitive;
3062 18 if(in->inPrivate.t.size == 0)
3065 21 parentObject = ObjectGet(in->parentHandle);
3074 30 if(parentObject->publicArea.objectAttributes.fixedTPM)
3079 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revisi…
3085 36 if(in->inPublic.t.publicArea.objectAttributes.fixedTPM == SET)
3092 43 result = PublicAttributesValidation(TRUE, in->parentHandle,
3093 44 &in->inPublic.t.publicArea);
3099 50 ObjectComputeName(&in->inPublic.t.publicArea, &out->name);
3101 52 // Retrieve sensitive data. PrivateToSensitive() may return TPM_RC_INTEGRITY or
3104 55 result = PrivateToSensitive(&in->inPrivate, &out->name, in->parentHandle,
3105 56 in->inPublic.t.publicArea.nameAlg,
3106 57 &sensitive);
3113 64 hierarchy = ObjectGetHierarchy(in->parentHandle);
3118 69 result = ObjectLoad(hierarchy, &in->inPublic.t.publicArea, &sensitive,
3119 70 &out->name, in->parentHandle, skipChecks,
3120 71 &out->objectHandle);
3133 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
3142 loading of a public area or both a public and sensitive area.
3145 …Typical use for loading both a public and sensitive area is to allow the TPM to be used as a crypto
3150 public and sensitive portions of the object are loaded, hierarchy is required to be TPM_RH_NULL.
3176 and sensitive areas, but the TPM will validate that the size of the key in the sensitive area is co…
3186 …sensitive portions cryptographically bound so that an attacker cannot mix pubic and sensitive area…
3191 NOTE 8 The TPM-computed Name is provided as a convenience to the caller for those cases wh…
3198 October 30, 2014 Copyright © TCG 2006-2014 Level 00 R…
3217 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 3…
3233 TPM2B_SENSITIVE inPrivate the sensitive portion of the object (optional)
3255 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
3271 both public and sensitive portions are loaded
3293 12 TPMT_SENSITIVE *sensitive;
3299 18 if(!HierarchyIsEnabled(in->hierarchy))
3303 22 if(in->inPublic.t.publicArea.authPolicy.t.size != 0
3304 23 && in->inPublic.t.publicArea.authPolicy.t.size !=
3305 24 CryptGetHashDigestSize(in->inPublic.t.publicArea.nameAlg))
3308 27 // For loading an object with both public and sensitive
3309 28 if(in->inPrivate.t.size != 0)
3312 31 if(in->hierarchy != TPM_RH_NULL)
3314 33 // An external object with a sensitive area must have fixedTPM == CLEAR
3319 …Level 00 Revision 01.16 Copyright © TCG 2006-2014 …
3322 36 if( in->inPublic.t.publicArea.objectAttributes.fixedTPM != CLEAR
3323 37 || in->inPublic.t.publicArea.objectAttributes.fixedParent != CLEAR
3324 38 || in->inPublic.t.publicArea.objectAttributes.restricted != CLEAR
3330 44 result = SchemeChecks(TRUE, TPM_RH_NULL, &in->inPublic.t.publicArea);
3336 50 ObjectComputeName(&in->inPublic.t.publicArea, &out->name);
3337 51 skipChecks = (in->inPublic.t.publicArea.nameAlg == TPM_ALG_NULL);
3339 53 // If a sensitive area was provided, load it
3340 54 if(in->inPrivate.t.size != 0)
3341 55 sensitive = &in->inPrivate.t.sensitiveArea;
3343 57 sensitive = NULL;
3347 61 result = ObjectLoad(in->hierarchy, &in->inPublic.t.publicArea,
3348 62 sensitive, &out->name, TPM_RH_NULL, skipChecks,
3349 63 &out->objectHandle);
3358 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
3378 Level 00 Revision 01.16 Copyright © TCG 2006-2014 Octo…
3414 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
3441 15 object = ObjectGet(in->objectHandle);
3450 24 out->outPublic.t.size = TPMT_PUBLIC_Marshal(&object->publicArea, NULL, NULL);
3453 27 out->outPublic.t.publicArea = object->publicArea;
3456 30 out->name.t.size = ObjectGetName(in->objectHandle, &out->name.t.name);
3459 33 ObjectGetQualifiedName(in->objectHandle, &out->qualifiedName);
3469 …Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, …
3496 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision …
3522 … keyHandle algorithm-dependent encrypted seed that
3542 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October …
3582 20 object = ObjectGet(in->keyHandle);
3585 23 activateObject = ObjectGet(in->activateHandle);
3588 26 if( !CryptIsAsymAlgorithm(object->publicArea.type)
3589 27 || object->publicArea.objectAttributes.decrypt == CLEAR
3590 28 || object->publicArea.objectAttributes.restricted == CLEAR)
3598 36 result = CryptSecretDecrypt(in->keyHandle, NULL,
3599 37 "IDENTITY", &in->secret, &data);
3608 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revisio…
3614 47 result = CredentialToSecret(&in->credentialBlob,
3615 48 &activateObject->name,
3617 50 in->keyHandle,
3618 51 &out->certInfo);
3630 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
3651 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01…
3667 … loaded public area, used to encrypt the sensitive area
3683 … handle algorithm-dependent data that wraps the key
3691 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30,…
3725 19 object = ObjectGet(in->handle);
3729 23 if( !CryptIsAsymAlgorithm(object->publicArea.type)
3730 24 || object->publicArea.objectAttributes.decrypt == CLEAR
3731 25 || object->publicArea.objectAttributes.restricted == CLEAR
3737 31 if(in->credential.t.size > CryptGetHashDigestSize(object->publicArea.nameAlg))
3744 38 out->secret.t.size = sizeof(out->secret.t.secret);
3745 39 result = CryptSecretEncrypt(in->handle, "IDENTITY", &data, &out->secret);
3750 44 SecretToCredential(&in->credential, &in->objectName, (TPM2B_SEED *) &data,
3751 45 in->handle, &out->credentialBlob);
3761 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revi…
3771 NOTE A random, TPM-generated, Sealed Data Object may be created by the TPM with TPM2_Cre…
3783 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, …
3817 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
3845 15 object = ObjectGet(in->itemHandle);
3848 18 if(object->publicArea.type != TPM_ALG_KEYEDHASH)
3850 20 if( object->publicArea.objectAttributes.decrypt == SET
3851 21 || object->publicArea.objectAttributes.sign == SET
3852 22 || object->publicArea.objectAttributes.restricted == SET)
3858 28 MemoryCopy2B(&out->outData.b, &object->sensitive.sensitive.bits.b,
3859 29 sizeof(out->outData.t.buffer));
3869 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
3877 This command is used to change the authorization secret for a TPM-resident object.
3878 If successful, a new private area for the TPM-resident object associated with objectHandle is retur…
3880 This command does not change the authorization of the TPM-resident object on which it operates.
3881 Therefore, the old authValue (of the TPM-resident object) is used when generating the response HMAC
3886 NOTE 2 The TPM-resident object may be persistent and changing the authorization value of th…
3888 change the TPM-resident object.
3890 …f a persistent key is being used as a Storage Root Key and the authorization of the key is a well -
3904 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Rev…
3940 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30,…
3966 11 TPMT_SENSITIVE sensitive;
3975 20 object = ObjectGet(in->objectHandle);
3982 27 if( MemoryRemoveTrailingZeros(&in->newAuth)
3983 28 > CryptGetHashDigestSize(object->publicArea.nameAlg))
3990 35 ObjectGetQualifiedName(in->parentHandle, &parentQN);
3991 36 ObjectComputeQualifiedName(&parentQN, object->publicArea.nameAlg,
3992 37 &object->name, &QNCompare);
3994 39 ObjectGetQualifiedName(in->objectHandle, &objectQN);
4000 45 // Copy internal sensitive area
4001 46 sensitive = object->sensitive;
4003 48 sensitive.authValue = in->newAuth;
4005 50 // Prepare output private data from sensitive
4006 51 SensitiveToPrivate(&sensitive, &object->name, in->parentHandle,
4007 52 object->publicArea.nameAlg,
4010 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision …
4013 53 &out->outPrivate);
4023 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
4038 … sensitive area could not be loaded in the TPM from which objectHandle is being duplicated.
4072 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Rev…
4110 …ATA encryptionKeyOut the Empty Buffer; otherwise, it shall contain the TPM-
4124 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30…
4157 12 TPMT_SENSITIVE sensitive;
4167 22 object = ObjectGet(in->objectHandle);
4170 25 if(object->publicArea.objectAttributes.fixedParent == SET)
4174 29 if(object->publicArea.nameAlg == TPM_ALG_NULL)
4178 33 if(in->newParentHandle != TPM_RH_NULL
4179 34 && !ObjectIsStorage(in->newParentHandle))
4184 39 if(object->publicArea.objectAttributes.encryptedDuplication == SET)
4186 41 if(in->symmetricAlg.algorithm == TPM_ALG_NULL)
4188 43 if(in->newParentHandle == TPM_RH_NULL)
4191 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision…
4197 47 if(in->symmetricAlg.algorithm == TPM_ALG_NULL)
4200 50 if(in->encryptionKeyIn.t.size != 0)
4206 56 innerKeySize = in->symmetricAlg.keyBits.sym;
4209 59 if(in->encryptionKeyIn.t.size != 0
4210 60 && in->encryptionKeyIn.t.size != (innerKeySize + 7) / 8)
4216 66 if(in->newParentHandle != TPM_RH_NULL)
4221 71 out->outSymSeed.t.size = sizeof(out->outSymSeed.t.secret);
4222 72 result = CryptSecretEncrypt(in->newParentHandle,
4223 73 "DUPLICATE", &data, &out->outSymSeed);
4232 82 out->outSymSeed.t.size = 0;
4235 85 // Copy sensitive area
4236 86 sensitive = object->sensitive;
4238 88 // Prepare output private data from sensitive
4239 89 SensitiveToDuplicate(&sensitive, &object->name, in->newParentHandle,
4240 90 object->publicArea.nameAlg, (TPM2B_SEED *) &data,
4241 91 &in->symmetricAlg, &in->encryptionKeyIn,
4242 92 &out->duplicate);
4244 94 out->encryptionKeyOut = in->encryptionKeyIn;
4254 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
4265 to the methods appropriate for newParent and the blob is re-encrypted and a new integrity value is
4266 computed. The re-encrypted blob is returned in outDuplicate and the symmetric key returned in
4278 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.…
4326 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, …
4351 key, or unmarshal the private buffer to sensitive
4369 21 if((in->inSymSeed.t.size == 0 && in->oldParent != TPM_RH_NULL)
4370 22 || (in->inSymSeed.t.size != 0 && in->oldParent == TPM_RH_NULL))
4373 25 if(in->oldParent != TPM_RH_NULL)
4376 28 oldParent = ObjectGet(in->oldParent);
4379 31 if(!ObjectIsStorage(in->oldParent))
4385 37 result = CryptSecretDecrypt(in->oldParent, NULL,
4386 38 "DUPLICATE", &in->inSymSeed, &data);
4392 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revisi…
4396 43 result = UnwrapOuter(in->oldParent, &in->name,
4397 44 oldParent->publicArea.nameAlg, (TPM2B_SEED *) &data,
4399 46 in->inDuplicate.t.size, in->inDuplicate.t.buffer);
4405 52 CryptGetHashDigestSize(oldParent->publicArea.nameAlg);
4406 53 privateBlob.t.size = in->inDuplicate.t.size - hashSize;
4407 54 MemoryCopy(privateBlob.t.buffer, in->inDuplicate.t.buffer + hashSize,
4413 60 privateBlob = in->inDuplicate;
4416 63 if(in->newParent != TPM_RH_NULL)
4419 66 newParent = ObjectGet(in->newParent);
4422 69 if(!ObjectIsStorage(in->newParent))
4428 75 out->outSymSeed.t.size = sizeof(out->outSymSeed.t.secret);
4429 76 result = CryptSecretEncrypt(in->newParent,
4430 77 "DUPLICATE", &data, &out->outSymSeed);
4436 83 CryptGetHashDigestSize(newParent->publicArea.nameAlg);
4437 84 out->outDuplicate.t.size = privateBlob.t.size;
4438 85 MemoryCopy(out->outDuplicate.t.buffer + hashSize, privateBlob.t.buffer,
4439 86 privateBlob.t.size, sizeof(out->outDuplicate.t.buffer));
4442 89 out->outDuplicate.t.size = ProduceOuterWrap(in->newParent, &in->name,
4443 90 newParent->publicArea.nameAlg,
4446 93 out->outDuplicate.t.size,
4447 94 out->outDuplicate.t.buffer);
4452 99 out->outSymSeed.t.size = 0;
4455 102 out->outDuplicate = privateBlob;
4463 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
4478 buffers (TPM_RC_ATTRIBUTES). Recovery of the sensitive data of the object occurs in the TPM in a
4479 multi--step process in the following order:
4480 a) If inSymSeed has a non-zero size:
4494 … Checking the integrity before the data is used prevents attacks on the sensitive area by
4501 c) Unmarshal the sensitive area
4503 NOTE 4 It is not necessary to validate that the sensitive area data is cryptographically…
4518 …So, it is sufficient to validate the object’s properties (attribute and public -private binding) on
4525 October 30, 2014 Copyright © TCG 2006-2014 Level …
4528 NOTE 5 The symmetric re-encryption is the normal integrity generation and symmetric encrypt…
4535 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October…
4584 the sensitive area encrypted with the symmetric key of
4592 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
4607 TPM_RC_ASYMMETRIC non-duplicable storage key represented by objectPublic and its
4624 TPM_RC_HASH non-duplicable storage key represented by objectPublic and its
4627 … secret; or unmarshaling sensitive value from duplicate failed the
4644 … type of parentHandle; or unmarshaling sensitive value from duplicate
4647 non-storage key with symmetric algorithm different from
4649 … TPM_RC_TYPE unsupported type of objectPublic; or non-duplicable storage key
4655 …Level 00 Revision 01.16 Copyright © TCG 2006-2014 Oct…
4674 15 TPMT_SENSITIVE sensitive;
4683 24 if( in->objectPublic.t.publicArea.objectAttributes.fixedTPM == SET
4684 25 || in->objectPublic.t.publicArea.objectAttributes.fixedParent == SET)
4688 29 parentObject = ObjectGet(in->parentHandle);
4693 34 if(in->symmetricAlg.algorithm != TPM_ALG_NULL)
4696 37 innerKeySize = in->symmetricAlg.keyBits.sym;
4698 39 if(in->encryptionKey.t.size != (innerKeySize + 7) / 8)
4705 46 if(in->encryptionKey.t.size != 0)
4709 50 if(in->objectPublic.t.publicArea.objectAttributes.encryptedDuplication)
4714 55 if(in->inSymSeed.t.size != 0)
4719 60 result = CryptSecretDecrypt(in->parentHandle, NULL, "DUPLICATE",
4720 61 &in->inSymSeed, &data);
4725 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision…
4735 70 if(in->objectPublic.t.publicArea.objectAttributes.encryptedDuplication)
4741 76 ObjectComputeName(&(in->objectPublic.t.publicArea), &name);
4743 78 // Retrieve sensitive from private.
4745 80 result = DuplicateToSensitive(&in->duplicate, &name, in->parentHandle,
4746 81 in->objectPublic.t.publicArea.nameAlg,
4747 82 (TPM2B_SEED *) &data, &in->symmetricAlg,
4748 83 &in->encryptionKey, &sensitive);
4754 89 if(parentObject->publicArea.objectAttributes.fixedTPM == SET)
4762 97 result = PublicAttributesValidation(TRUE, in->parentHandle,
4763 98 &in->objectPublic.t.publicArea);
4769 104 result = ObjectLoad(TPM_RH_NULL, &in->objectPublic.t.publicArea,
4770 105 &sensitive, NULL, in->parentHandle, FALSE,
4782 117 // Prepare output private data from sensitive
4783 118 SensitiveToPrivate(&sensitive, &name, in->parentHandle,
4784 119 in->objectPublic.t.publicArea.nameAlg,
4785 120 &out->outPrivate);
4795 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
4803 The commands in this clause provide low-level primitives for access to the asymmetric algorithms
4851 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revisi…
4883 the last octet in label is not zero. If a zero octet occurs before label.buffer[label.size-1], the …
4900 Level 00 Revision 01.16 Copyright © TCG 2006-2014 …
4946 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
4966 … the key referenced by keyHandle, or label is not a null-terminated
4982 18 rsaKey = ObjectGet(in->keyHandle);
4985 21 if(rsaKey->publicArea.type != TPM_ALG_RSA)
4989 25 if(rsaKey->publicArea.objectAttributes.decrypt != SET)
4993 29 if(in->label.t.size > 0)
4995 31 // label is present, so make sure that is it NULL-terminated
4996 32 if(in->label.t.buffer[in->label.t.size - 1] != 0)
4998 34 label = (char *)in->label.t.buffer;
5004 40 scheme = CryptSelectRSAScheme(in->keyHandle, &in->inScheme);
5011 47 out->outData.t.size = sizeof(out->outData.t.buffer);
5012 48 result = CryptEncryptRSA(&out->outData.t.size, out->outData.t.buffer, rsaKey,
5015 …Level 00 Revision 01.16 Copyright © TCG 2006-2014 Oc…
5018 49 scheme, in->message.t.size, in->message.t.buffer,
5029 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
5056 0), it shall be a NULL-terminated string or the TPM will return TPM_RC_VALUE.
5070 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, …
5113 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
5150 18 rsaKey = ObjectGet(in->keyHandle);
5153 21 if(rsaKey->publicArea.type != TPM_ALG_RSA)
5157 25 if( rsaKey->publicArea.objectAttributes.restricted == SET
5158 26 || rsaKey->publicArea.objectAttributes.decrypt == CLEAR)
5161 29 // NOTE: Proper operation of this command requires that the sensitive area
5163 31 // to use the sensitive area of the key. In order to check the authorization,
5164 32 // the sensitive area has to be loaded, even if authorization is with policy.
5166 34 // If label is present, make sure that it is a NULL-terminated string
5167 35 if(in->label.t.size > 0)
5169 37 // Present, so make sure that it is NULL-terminated
5170 38 if(in->label.t.buffer[in->label.t.size - 1] != 0)
5172 40 label = (char *)in->label.t.buffer;
5178 46 scheme = CryptSelectRSAScheme(in->keyHandle, &in->inScheme);
5181 …Level 00 Revision 01.16 Copyright © TCG 2006-2014 …
5191 54 out->message.t.size = sizeof(out->message.t.buffer);
5192 55 result = CryptDecryptRSA(&out->message.t.size, out->message.t.buffer, rsaKey,
5193 56 scheme, in->cipherText.t.size,
5194 57 in->cipherText.t.buffer,
5206 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
5216 keyHandle shall refer to a loaded ECC key. The sensitive portion of this key need not be loaded.
5230 Level 00 Revision 01.16 Copyright © TCG 2006-2014 Octob…
5266 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
5281 … TPM_RC_KEY keyHandle does not reference a non-restricted decryption ECC key
5290 12 TPM2B_ECC_PARAMETER sensitive;
5295 17 eccKey = ObjectGet(in->keyHandle);
5297 19 // Input key must be a non-restricted, decrypt ECC key
5298 20 if( eccKey->publicArea.type != TPM_ALG_ECC)
5301 23 if( eccKey->publicArea.objectAttributes.restricted == SET
5302 24 || eccKey->publicArea.objectAttributes.decrypt != SET
5310 32 CryptNewEccKey(eccKey->publicArea.parameters.eccDetail.curveID,
5311 33 &out->pubPoint.t.point, &sensitive);
5313 35 out->pubPoint.t.size = TPMS_ECC_POINT_Marshal(&out->pubPoint.t.point,
5317 39 result = CryptEccPointMultiply(&out->zPoint.t.point,
5318 40 eccKey->publicArea.parameters.eccDetail.curveID,
5319 41 &sensitive, &eccKey->publicArea.unique.ecc);
5331 53 out->zPoint.t.size = TPMS_ECC_POINT_Marshal(&out->zPoint.t.point,
5337 …Level 00 Revision 01.16 Copyright © TCG 2006-2014 October…
5348 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
5370 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30,…
5406 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
5438 16 eccKey = ObjectGet(in->keyHandle);
5440 18 // Input key must be a non-restricted, decrypt ECC key
5441 19 if( eccKey->publicArea.type != TPM_ALG_ECC)
5444 22 if( eccKey->publicArea.objectAttributes.restricted == SET
5445 23 || eccKey->publicArea.objectAttributes.decrypt != SET
5450 28 if( eccKey->publicArea.parameters.eccDetail.scheme.scheme != TPM_ALG_ECDH
5451 29 && eccKey->publicArea.parameters.eccDetail.scheme.scheme != TPM_ALG_NULL)
5457 35 result = CryptEccPointMultiply(&out->outPoint.t.point,
5458 36 eccKey->publicArea.parameters.eccDetail.curveID,
5459 37 &eccKey->sensitive.sensitive.ecc,
5460 38 &in->inPoint.t.point);
5464 42 out->outPoint.t.size = TPMS_ECC_POINT_Marshal(&out->outPoint.t.point,
5475 …Level 00 Revision 01.16 Copyright © TCG 2006-2014 Octo…
5483 This command returns the parameters of an ECC curve identified by its TCG-assigned curveID.
5512 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision …
5538 14 if(CryptEccGetParameters(in->curveID, &out->parameters))
5550 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
5560 This command supports two-phase key exchange protocols. The command is used in combination with
5569 The TPM will compute Z or Zs and Ze according to the selected scheme. If the scheme is not a two-ph…
5573 The two-phase key schemes that were assigned an algorithm ID as of the time of the publication of t…
5583 For TPM_ALG_ECDH outZ1 will be Zs and outZ2 will Ze as defined in 6.1.1.2 of SP800-56A.
5599 NOTE The Z values returned by the TPM are a full point and not just an x -coordinate.
5608 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Re…
5653 Level 00 Revision 01.16 Copyright © TCG 2006-2014 Octobe…
5687 17 eccKey = ObjectGet(in->keyA);
5690 20 if(eccKey->publicArea.type != TPM_ALG_ECC)
5694 24 if( eccKey->publicArea.objectAttributes.restricted == SET
5695 25 || eccKey->publicArea.objectAttributes.decrypt != SET
5701 31 scheme = eccKey->publicArea.parameters.asymDetail.scheme.scheme;
5704 34 if(scheme != in->inScheme)
5708 38 scheme = in->inScheme;
5713 43 if(!CryptEccIsPointOnCurve(eccKey->publicArea.parameters.eccDetail.curveID,
5714 44 &in->inQsB.t.point))
5717 47 if(!CryptEccIsPointOnCurve(eccKey->publicArea.parameters.eccDetail.curveID,
5718 48 &in->inQeB.t.point))
5722 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revi…
5727 51 if(!CryptGenerateR(&r, &in->counter,
5728 52 eccKey->publicArea.parameters.eccDetail.curveID,
5734 58 result = CryptEcc2PhaseKeyExchange(&out->outZ1.t.point,
5735 59 &out->outZ2.t.point,
5736 60 eccKey->publicArea.parameters.eccDetail.curveID,
5738 62 &eccKey->sensitive.sensitive.ecc,
5740 64 &in->inQsB.t.point,
5741 65 &in->inQeB.t.point);
5746 70 CryptEndCommit(in->counter);
5756 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
5764 The commands in this clause provide low-level primitives for access to the symmetric algorithms
5777 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.…
5795 TPM_ALG_OFB In Output Feedback (OFB), the output of the pseudo-random function (the block …
5829 Level 00 Revision 01.16 Copyright © TCG 2006-2014 …
5845 incremental results and return TPM_RC_SUCCESS rather than TPM_RC_CANCELED. In such case,
5852 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
5894 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 3…
5928 17 symKey = ObjectGet(in->keyHandle);
5931 20 if( symKey->publicArea.type != TPM_ALG_SYMCIPHER
5932 21 || symKey->attributes.publicOnly == SET)
5936 25 if( in->mode == TPM_ALG_NULL)
5937 26 in->mode = symKey->publicArea.parameters.symDetail.sym.mode.sym;
5941 30 if( symKey->publicArea.objectAttributes.restricted == SET
5942 31 && symKey->publicArea.parameters.symDetail.sym.mode.sym != in->mode)
5947 36 // TPM_ALG_NULL so setting in->mode to the mode of the key should have
5949 38 if(in->mode == TPM_ALG_NULL)
5955 44 keySize = symKey->publicArea.parameters.symDetail.sym.keyBits.sym;
5956 45 alg = symKey->publicArea.parameters.symDetail.sym.algorithm;
5958 47 if( (in->mode == TPM_ALG_ECB && in->ivIn.t.size != 0)
5959 48 || (in->mode != TPM_ALG_ECB && in->ivIn.t.size != blockSize))
5963 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Rev…
5969 53 if( (in->mode == TPM_ALG_CBC || in->mode == TPM_ALG_ECB)
5970 54 && (in->inData.t.size % blockSize) != 0)
5976 60 out->ivOut = in->ivIn;
5980 64 key = symKey->sensitive.sensitive.sym.t.buffer;
5983 67 out->outData.t.size = in->inData.t.size;
5984 68 if(in->decrypt == YES)
5987 71 CryptSymmetricDecrypt(out->outData.t.buffer,
5989 73 keySize, in->mode, key,
5990 74 &(out->ivOut),
5991 75 in->inData.t.size,
5992 76 in->inData.t.buffer);
5997 81 CryptSymmetricEncrypt(out->outData.t.buffer,
6000 84 in->mode, key,
6001 85 &(out->ivOut),
6002 86 in->inData.t.size,
6003 87 in->inData.t.buffer);
6014 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
6037 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Re…
6078 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30,…
6100 16 out->outHash.t.size = CryptStartHash(in->hashAlg, &hashState);
6102 18 CryptUpdateDigest2B(&hashState, &in->data.b);
6104 20 CryptCompleteHash2B(&hashState, &out->outHash.b);
6107 23 out->validation.tag = TPM_ST_HASHCHECK;
6108 24 out->validation.hierarchy = in->hierarchy;
6110 26 if(in->hierarchy == TPM_RH_NULL)
6113 29 out->validation.hierarchy = TPM_RH_NULL;
6114 30 out->validation.digest.t.size = 0;
6116 32 else if( in->data.t.size >= sizeof(TPM_GENERATED)
6117 33 && !TicketIsSafe(&in->data.b))
6120 36 out->validation.hierarchy = TPM_RH_NULL;
6121 37 out->validation.digest.t.size = 0;
6126 42 TicketComputeHashCheck(in->hierarchy, in->hashAlg,
6127 43 &out->outHash, &out->validation);
6138 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
6164 Level 00 Revision 01.16 Copyright © TCG 2006-2014 Octobe…
6200 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
6233 18 hmacObject = ObjectGet(in->handle);
6234 19 publicArea = &hmacObject->publicArea;
6237 22 if(publicArea->type != TPM_ALG_KEYEDHASH)
6241 26 if(publicArea->objectAttributes.restricted == SET)
6245 30 if(publicArea->objectAttributes.sign != SET)
6249 34 if(publicArea->parameters.keyedHashDetail.scheme.scheme == TPM_ALG_NULL)
6251 36 hashAlg = in->hashAlg;
6256 41 = publicArea->parameters.keyedHashDetail.scheme.details.hmac.hashAlg;
6258 43 if(in->hashAlg != TPM_ALG_NULL && in->hashAlg != hashAlg)
6269 …Level 00 Revision 01.16 Copyright © TCG 2006-2014 Oc…
6273 53 out->outHMAC.t.size = CryptStartHMAC2B(hashAlg,
6274 54 &hmacObject->sensitive.sensitive.bits.b,
6277 57 CryptUpdateDigest2B(&hmacState, &in->buffer.b);
6280 60 CryptCompleteHMAC2B(&hmacState, &out->outHMAC.b);
6290 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
6312 data returned by this command is TPM implementation-dependent.
6318 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 3…
6349 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
6369 14 if(in->bytesRequested > sizeof(TPMU_HA))
6370 15 out->randomBytes.t.size = sizeof(TPMU_HA);
6372 17 out->randomBytes.t.size = in->bytesRequested;
6374 19 CryptGenerateRandom(out->randomBytes.t.size, out->randomBytes.t.buffer);
6384 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
6394 NOTE The "additional information" is as defined in SP800 -90A.
6402 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 0…
6432 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 20…
6448 10 CryptStirRandom(in->inData.t.size, in->inData.t.buffer);
6458 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
6477 NOTE The structure of a sequence object is vendor -dependent.
6506 Level 00 Revision 01.16 Copyright © TCG 2006-2014 Oct…
6541 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
6574 17 hmacObject = ObjectGet(in->handle);
6575 18 publicArea = &hmacObject->publicArea;
6578 21 if(publicArea->type != TPM_ALG_KEYEDHASH)
6582 25 if(publicArea->objectAttributes.restricted == SET)
6586 29 if(publicArea->objectAttributes.sign != SET)
6590 33 if(publicArea->parameters.keyedHashDetail.scheme.scheme == TPM_ALG_NULL)
6592 35 hashAlg = in->hashAlg;
6597 40 = publicArea->parameters.keyedHashDetail.scheme.details.hmac.hashAlg;
6599 42 if(in->hashAlg != TPM_ALG_NULL && in->hashAlg != hashAlg)
6610 …Level 00 Revision 01.16 Copyright © TCG 2006-2014 …
6616 54 in->handle,
6617 55 &in->auth,
6618 56 &out->sequenceHandle);
6626 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
6646 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, …
6681 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
6705 12 if(in->hashAlg == TPM_ALG_NULL)
6708 15 return ObjectCreateEventSequence(&in->auth, &out->sequenceHandle);
6712 19 return ObjectCreateHashSequence(in->hashAlg, &in->auth, &out->sequenceHandle);
6720 …Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2…
6748 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revis…
6779 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 20…
6806 14 object = ObjectGet(in->sequenceHandle);
6814 22 if(object->attributes.eventSeq == SET)
6822 30 CryptUpdateDigest2B(&hashObject->state.hashState[i], &in->buffer.b);
6830 38 if(hashObject->attributes.hashSeq == SET)
6833 41 if(hashObject->attributes.firstBlock == CLEAR)
6836 44 hashObject->attributes.firstBlock = SET;
6841 49 if(TicketIsSafe(&in->buffer.b))
6842 50 hashObject->attributes.ticketSafe = SET;
6845 53 CryptUpdateDigest2B(&hashObject->state.hashState[0], &in->buffer.b);
6850 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01…
6853 56 else if(object->attributes.hmacSeq == SET)
6858 61 CryptUpdateDigest2B(&hashObject->state.hmacState, &in->buffer.b);
6870 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
6905 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Rev…
6944 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30…
6973 16 object = ObjectGet(in->sequenceHandle);
6976 19 if( object->attributes.hashSeq == CLEAR
6977 20 && object->attributes.hmacSeq == CLEAR)
6982 25 if(object->attributes.hashSeq == SET) // sequence object for hash
6988 31 TPM_ALG_ID hashAlg = hashObject->state.hashState[0].state.hashAlg;
6990 33 CryptUpdateDigest2B(&hashObject->state.hashState[0], &in->buffer.b);
6993 36 out->result.t.size
6995 38 CryptGetContextAlg(&hashObject->state.hashState[0]));
6997 40 CryptCompleteHash2B(&hashObject->state.hashState[0], &out->result.b);
7000 43 if(hashObject->attributes.firstBlock == CLEAR)
7004 47 if(TicketIsSafe(&in->buffer.b))
7005 48 hashObject->attributes.ticketSafe = SET;
7009 52 out->validation.tag = TPM_ST_HASHCHECK;
7010 53 out->validation.hierarchy = in->hierarchy;
7012 55 if(in->hierarchy == TPM_RH_NULL)
7015 … October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
7020 58 out->validation.digest.t.size = 0;
7022 60 else if(object->attributes.ticketSafe == CLEAR)
7025 63 out->validation.hierarchy = TPM_RH_NULL;
7026 64 out->validation.digest.t.size = 0;
7031 69 TicketComputeHashCheck(out->validation.hierarchy, hashAlg,
7032 70 &out->result, &out->validation);
7040 78 CryptUpdateDigest2B(&hashObject->state.hmacState, &in->buffer.b);
7042 80 out->result.t.size =
7044 82 CryptGetContextAlg(&hashObject->state.hmacState.hashState));
7045 83 CryptCompleteHMAC2B(&(hashObject->state.hmacState), &out->result.b);
7048 86 out->validation.tag = TPM_ST_HASHCHECK;
7049 87 out->validation.hierarchy = TPM_RH_NULL;
7050 88 out->validation.digest.t.size = 0;
7056 94 object->attributes.evict = SET;
7066 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
7088 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.…
7125 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October …
7156 18 hashObject = (HASH_OBJECT *)ObjectGet(in->sequenceHandle);
7159 21 if(hashObject->attributes.eventSeq != SET)
7163 25 if(in->pcrHandle != TPM_RH_NULL)
7166 28 if(!PCRIsExtendAllowed(in->pcrHandle))
7173 35 // state will have to change if this is a state-saved PCR regardless
7178 40 if(gp.orderlyState != SHUTDOWN_NONE && PCRIsStateSaved(in->pcrHandle))
7188 50 out->results.count = 0;
7195 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revi…
7199 56 CryptUpdateDigest2B(&hashObject->state.hashState[i], &in->buffer.b);
7201 58 out->results.digests[out->results.count].hashAlg = hashAlg;
7202 59 CryptCompleteHash(&hashObject->state.hashState[i],
7204 61 (BYTE *) &out->results.digests[out->results.count].digest);
7207 64 if(in->pcrHandle != TPM_RH_NULL)
7208 65 PCRExtend(in->pcrHandle, hashAlg,
7210 67 (BYTE *) &out->results.digests[out->results.count].digest);
7211 68 out->results.count++;
7217 74 hashObject->attributes.evict = SET;
7227 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
7261 number. These values may be considered privacy-sensitive, because they would aid in the correlation…
7269 which the bits are added is implementation-dependent.
7286 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Re…
7296 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
7306 certifying that the object is loaded, the TPM warrants that a public area with a given Name is self-
7307 consistent and associated with a valid sensitive area. If a relying party has a public area that ha…
7320 …has not validated that the public area is associated with a mat ched sensitive area, then the publ…
7333 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Rev…
7376 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October …
7411 18 result = FillInAttestInfo(in->signHandle,
7412 19 &in->inScheme,
7413 20 &in->qualifyingData,
7427 34 ObjectGetName(in->objectHandle,
7430 37 ObjectGetQualifiedName(in->objectHandle,
7437 44 result = SignAttestInfo(in->signHandle,
7438 45 &in->inScheme,
7440 47 &in->qualifyingData,
7441 48 &out->certifyInfo,
7442 49 &out->signature);
7445 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revisio…
7458 60 if(in->signHandle != TPM_RH_NULL)
7469 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
7500 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Rev…
7521 TPM2B_DATA qualifyingData user-provided qualifying data
7547 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 3…
7585 20 name.t.size = ObjectGetName(in->objectHandle, &name.t.name);
7586 21 // Re-compute ticket
7587 22 TicketComputeCreation(in->creationTicket.hierarchy, &name,
7588 23 &in->creationHash, &ticket);
7590 25 if(!Memory2BEqual(&ticket.digest.b, &in->creationTicket.digest.b))
7595 30 result = FillInAttestInfo(in->signHandle, &in->inScheme, &in->qualifyingData,
7611 46 certifyInfo.attested.creation.creationHash = in->creationHash;
7616 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revisio…
7622 52 result = SignAttestInfo(in->signHandle,
7623 53 &in->inScheme,
7625 55 &in->qualifyingData,
7626 56 &out->certifyInfo,
7627 57 &out->signature);
7638 68 if(in->signHandle != TPM_RH_NULL)
7649 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
7673 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Rev…
7712 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30…
7747 20 result = FillInAttestInfo(in->signHandle,
7748 21 &in->inScheme,
7749 22 &in->qualifyingData,
7766 39 hashAlg = in->inScheme.details.any.hashAlg;
7773 46 &in->PCRselect,
7778 51 quoted.attested.quote.pcrSelect = in->PCRselect;
7782 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision …
7792 60 result = SignAttestInfo(in->signHandle,
7793 61 &in->inScheme,
7795 63 &in->qualifyingData,
7796 64 &out->quoted,
7797 65 &out->signature);
7803 71 if(in->signHandle != TPM_RH_NULL)
7814 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
7847 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Rev…
7873 TPM2B_DATA qualifyingData user-provided qualifying data – may be zero-len…
7893 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 3…
7911 … default scheme requires explicit input scheme (split signing); or non-
7932 19 session = SessionGet(in->sessionHandle);
7935 22 if(session->attributes.isAudit == CLEAR)
7942 29 result = FillInAttestInfo(in->signHandle,
7943 30 &in->inScheme,
7944 31 &in->qualifyingData,
7959 46 auditInfo.attested.sessionAudit.sessionDigest = session->u2.auditDigest;
7962 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revisi…
7967 49 if(g_exclusiveAuditSession == in->sessionHandle)
7976 58 result = SignAttestInfo(in->signHandle,
7977 59 &in->inScheme,
7979 61 &in->qualifyingData,
7980 62 &out->auditInfo,
7981 63 &out->signature);
7987 69 if(in->signHandle != TPM_RH_NULL)
7998 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
8016 NOTE 2 The way that the TPM tracks that the digest is clear is vendor-dependent. The refer…
8030 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Rev…
8073 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October …
8091 … default scheme requires explicit input scheme (split signing); or non-
8110 18 result = FillInAttestInfo(in->signHandle,
8111 19 &in->inScheme,
8112 20 &in->qualifyingData,
8142 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revisi…
8145 48 result = SignAttestInfo(in->signHandle,
8146 49 &in->inScheme,
8148 51 &in->qualifyingData,
8149 52 &out->auditInfo,
8150 53 &out->signature);
8157 60 if(in->signHandle != TPM_RH_NULL)
8175 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
8196 … correlate the obfuscated values with the clear-text values. This command requires Endorsement
8206 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Rev…
8244 TPM2B_ATTEST timeInfo standard TPM-generated attestation block
8251 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 3…
8269 … default scheme requires explicit input scheme (split signing); or non-
8288 18 result = FillInAttestInfo(in->signHandle,
8289 19 &in->inScheme,
8290 20 &in->qualifyingData,
8317 47 result = SignAttestInfo(in->signHandle,
8320 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision…
8323 48 &in->inScheme,
8325 50 &in->qualifyingData,
8326 51 &out->timeInfo,
8327 52 &out->signature);
8333 58 if(in->signHandle != TPM_RH_NULL)
8344 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
8353 long as the seed of the hierarchy is unchanged and these keys may be used multiple times. Other TPM-
8354 generated keys are only useful for a single operation. Some of these single-use keys are used in the
8376 pseudo-random values for the ephemeral keys. Instead of keeping the full value of the key in memory…
8378 new pseudo-random value.
8379 Using the counter to generate pseudo-random private ephemeral keys greatly simplifies tracking of k…
8392 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revisi…
8418 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October …
8442 TPM2B_SENSITIVE_DATA s2 octet array used to derive x-coordinate of a base point
8462 UINT16 counter least-significant 16 bits of commitCount
8468 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
8508 22 eccKey = ObjectGet(in->signHandle);
8509 23 parms = & eccKey->publicArea.parameters.eccDetail;
8512 26 if(eccKey->publicArea.type != TPM_ALG_ECC)
8515 29 // This command may only be used with a sign-only key using an anonymous
8520 34 if(!CryptIsSchemeAnonymous(parms->scheme.scheme))
8524 38 if((in->s2.t.size == 0) != (in->y2.t.size == 0))
8529 43 p = (TPM2B *)CryptEccGetParameter('p', parms->curveID);
8535 …Level 00 Revision 01.16 Copyright © TCG 2006-2014 …
8544 52 if(!CryptGenerateR(&r, NULL, parms->curveID, &eccKey->name))
8548 56 if(in->s2.t.size != 0)
8553 61 MemoryCopy2B(&P2.y.b, &in->y2.b, sizeof(P2.y.t.buffer));
8557 65 P2.x.t.size = CryptHashBlock(eccKey->publicArea.nameAlg,
8558 66 in->s2.t.size,
8559 67 in->s2.t.buffer,
8560 68 p->size,
8572 80 if(!CryptEccIsPointOnCurve(parms->curveID, pP2))
8575 83 if(eccKey->attributes.publicOnly == SET)
8582 90 if(in->P1.t.size > 4)
8584 92 pP1 = &in->P1.t.point;
8585 93 if(!CryptEccIsPointOnCurve(parms->curveID, pP1))
8590 98 // The work is not done in-line because it does several point multiplies
8593 101 result = CryptCommitCompute(&out->K.t.point,
8594 102 &out->L.t.point,
8595 103 &out->E.t.point,
8596 104 parms->curveID,
8599 107 &eccKey->sensitive.sensitive.ecc,
8606 … October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
8609 112 out->K.t.size = TPMS_ECC_POINT_Marshal(&out->K.t.point, NULL, NULL);
8610 113 out->L.t.size = TPMS_ECC_POINT_Marshal(&out->L.t.point, NULL, NULL);
8611 114 out->E.t.size = TPMS_ECC_POINT_Marshal(&out->E.t.point, NULL, NULL);
8615 118 out->counter = CryptCommit();
8626 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
8635 TPM2_EC_Ephemeral() creates an ephemeral key for use in a two-phase key exchange protocol.
8643 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
8675 UINT16 counter least-significant 16 bits of commitCount
8681 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 3…
8709 17 in->curveID,
8713 21 CryptEccPointMultiply(&out->Q.t.point, in->curveID, &r, NULL);
8716 24 out->counter = CryptCommit();
8727 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.…
8748 NOTE 2 The sensitive area of the symmetric object is required to allow verification of the…
8755 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 3…
8791 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
8825 18 signObject = ObjectGet(in->keyHandle);
8828 21 if(signObject->publicArea.objectAttributes.sign != SET)
8833 26 result = CryptVerifySignature(in->keyHandle, &in->digest, &in->signature);
8839 32 hierarchy = ObjectGetHierarchy(in->keyHandle);
8841 34 || signObject->publicArea.nameAlg == TPM_ALG_NULL)
8845 38 out->validation.tag = TPM_ST_VERIFIED;
8846 39 out->validation.hierarchy = TPM_RH_NULL;
8847 40 out->validation.digest.t.size = 0;
8852 45 name.t.size = ObjectGetName(in->keyHandle, &name.t.name);
8854 47 TicketComputeVerified(hierarchy, &in->digest, &name, &out->validation);
8860 …Level 00 Revision 01.16 Copyright © TCG 2006-2014 Octo…
8870 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
8916 Level 00 Revision 01.16 Copyright © TCG 2006-2014 Octo…
8956 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
8991 17 signKey = ObjectGet(in->keyHandle);
8995 21 result = CryptSelectSignScheme(in->keyHandle, &in->inScheme);
9005 31 if( in->validation.digest.t.size != 0
9006 32 || signKey->publicArea.objectAttributes.restricted == SET)
9009 35 TicketComputeHashCheck(in->validation.hierarchy,
9010 36 in->inScheme.details.any.hashAlg,
9011 37 &in->digest, &ticket);
9013 39 if(!Memory2BEqual(&in->validation.digest.b, &ticket.digest.b))
9024 …Level 00 Revision 01.16 Copyright © TCG 2006-2014 Oc…
9027 48 if( in->digest.t.size
9028 49 != CryptGetHashDigestSize(in->inScheme.details.any.hashAlg))
9035 56 result = CryptSign(in->keyHandle, &in->inScheme, &in->digest, &out->signature);
9045 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
9075 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2…
9112 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revi…
9150 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2…
9179 23 if( in->auditAlg != TPM_ALG_NULL
9180 24 && in->auditAlg != gp.auditHashAlg)
9183 27 if(in->setList.count != 0 || in->clearList.count != 0)
9187 31 gp.auditHashAlg = in->auditAlg;
9201 45 for(i = 0; i < in->setList.count; i++)
9204 48 if(CommandAuditSet(in->setList.commandCodes[i]))
9208 52 for(i = 0; i < in->clearList.count; i++)
9210 54 if(CommandAuditClear(in->clearList.commandCodes[i]))
9221 … October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
9232 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
9240 In TPM 1.2, an Event was hashed using SHA-1 and then the 20-octet digest was extended to a PCR
9252 an authorization policy. The platform-specific specifications determine which PCR may be controlled…
9258 If a platform-specific specification indicates that PCR are grouped, then all the PCR in the group …
9261 modifies (Extends or resets) a PCR unless the platform-specific specification explicitly excludes t…
9267 A platform-specific specification may designate a set of PCR that are under control of the TCB. The…
9278 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revisi…
9302 data[alg].buffer the bank-specific data to be extended
9331 Level 00 Revision 01.16 Copyright © TCG 2006-2014 …
9362 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
9394 19 // data left over. In either case, it will cause an unmarshaling error and this
9398 23 if(in->pcrHandle == TPM_RH_NULL)
9402 27 if(!PCRIsExtendAllowed(in->pcrHandle))
9407 32 if(PCRIsStateSaved(in->pcrHandle) && gp.orderlyState != SHUTDOWN_NONE)
9417 42 for(i = 0; i < in->digests.count; i++)
9419 44 PCRExtend(in->pcrHandle, in->digests.digests[i].hashAlg,
9420 45 CryptGetHashDigestSize(in->digests.digests[i].hashAlg),
9421 46 (BYTE *) &in->digests.digests[i].digest);
9432 …Level 00 Revision 01.16 Copyright © TCG 2006-2014 Octo…
9466 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revisio…
9499 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
9530 18 if(in->pcrHandle != TPM_RH_NULL)
9533 21 if(!PCRIsExtendAllowed(in->pcrHandle))
9538 26 if(PCRIsStateSaved(in->pcrHandle) && gp.orderlyState != SHUTDOWN_NONE)
9548 36 out->digests.count = HASH_COUNT;
9554 42 out->digests.digests[i].hashAlg = hash;
9556 44 CryptUpdateDigest2B(&hashState, &in->eventData.b);
9558 46 (BYTE *) &out->digests.digests[i].digest);
9559 47 if(in->pcrHandle != TPM_RH_NULL)
9560 48 PCRExtend(in->pcrHandle, hash, size,
9561 49 (BYTE *) &out->digests.digests[i].digest);
9570 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision …
9598 Level 00 Revision 01.16 Copyright © TCG 2006-2014 Oct…
9634 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
9654 14 PCRRead(&in->pcrSelectionIn, &out->pcrValues, &out->pcrUpdateCounter);
9656 16 out->pcrSelectionOut = in->pcrSelectionIn;
9666 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
9697 with the D-RTM PCR allocated. If HCRTM_PCR is defined, the resulting allocation must have at least
9719 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revis…
9757 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30…
9773 TPM_RC_NV_RATE NV is in a rate-limiting mode
9797 26 result = PCRAllocate(&in->pcrAllocation, &out->maxPCR,
9798 27 &out->sizeNeeded, &out->sizeAvailable);
9803 32 out->allocationSuccess = (result == TPM_RC_SUCCESS);
9805 34 // if re-configuration succeeds, set the flag to indicate PCR configuration is
9807 36 if(out->allocationSuccess == YES)
9818 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision…
9828 A policy may only be associated with a PCR that has been defined by a platform-specific specificati…
9831 A platform-specific specification may group PCR so that they share a common policy. In such case, a
9836 PCR will be set to the default value defined in the platform-specific specification.
9856 Level 00 Revision 01.16 Copyright © TCG 2006-2014 Octob…
9889 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
9924 22 if(in->authPolicy.t.size != CryptGetHashDigestSize(in->hashAlg))
9928 26 if(!PCRBelongsPolicyGroup(in->pcrNum, &groupIndex))
9934 32 gp.pcrPolicies.hashAlg[groupIndex] = in->hashAlg;
9935 33 gp.pcrPolicies.policy[groupIndex] = in->authPolicy;
9948 …Level 00 Revision 01.16 Copyright © TCG 2006-2014 Oc…
9957 An authValue may only be associated with a PCR that has been defined by a platform-specific
9959 authorization for pcrNum, the TPM shall return TPM_RC_VALUE. A platform-specific specification may
9960 group PCR so that they share a common authorization value. In such case, a pcrNum that selects any …
9969 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
10003 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2…
10031 15 if(!PCRBelongsAuthGroup(in->pcrHandle, &groupIndex))
10035 19 // state clear data. If this is the case, Check if NV is available.
10048 32 gc.pcrAuthValues.auth[groupIndex] = in->auth;
10058 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.…
10075 NOTE 2 TPM_RC_LOCALITY is returned because the reset attributes are defined on a per -local…
10081 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October…
10110 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
10137 14 if(!PCRIsResetAllowed(in->pcrHandle))
10142 19 if(PCRIsStateSaved(in->pcrHandle) && gp.orderlyState != SHUTDOWN_NONE)
10153 30 PCRSetValue(in->pcrHandle, 0);
10157 34 PCRChanged(in->pcrHandle);
10167 …Level 00 Revision 01.16 Copyright © TCG 2006-2014 Octob…
10175 This indication from the TPM interface indicates the start of an H-CRTM measurement sequence. On
10176 receipt of this indication, the TPM will initialize an H-CRTM Event Sequence context.
10179 A platform-specific specification may allow this indication before TPM2_Startup().
10190 October 30, 2014 Copyright © TCG 2006-2014 Level 00 R…
10226 28 // slot numbers and handle numbers. To handle the general case, scan for
10259 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
10268 included in the H-CRTM Event Sequence sequence context created by the _TPM_Hash_Start indication.
10270 If no H-CRTM Event Sequence context exists, this indication is discarded and no other action is
10277 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
10308 22 pAssert(hashObject->attributes.eventSeq);
10316 30 hashObject->state.hashState[i].state.hashAlg))
10318 32 CryptUpdateDigest(&hashObject->state.hashState[i], dataSize, data);
10328 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
10336 This indication from the TPM interface indicates the end of the H-CRTM measurement. This indication…
10337 discarded and no other action performed if the TPM does not contain an H-CRTM Event Sequence
10340 NOTE 1 An H-CRTM Event Sequence context is created by _TPM_Hash_Start().
10342 If the H-CRTM Event Sequence occurs after TPM2_Startup(), the TPM will set all of the PCR designated
10343 in the platform-specific specifications as resettable by this event to the value indicated in the p…
10345 digest/digests into the designated D-RTM PCR (PCR[17]).
10349 …initial_value initialization value specified in the platform-specific specif…
10353 a platform-specific specification excludes modifications of PCR[DRTM] from causing an increment.
10354 A platform-specific specification may allow an H-CRTM Event Sequence before TPM2_Startup(). If so,
10355 _TPM_Hash_End will complete the digest, initialize PCR[0] with a digest-size value of 4, and then e…
10356 the H-CRTM Event Sequence data into PCR[0].
10368 October 30, 2014 Copyright © TCG 2006-2014 Level 00 R…
10418 42 // the hash, reset the H-CRTM register (PCR[0]) to 0...04, and then
10419 43 // extend the H-CRTM data
10425 49 hashObject->state.hashState[i].state.hashAlg))
10429 53 CryptCompleteHash2B(&hashObject->state.hashState[i], &digest.b);
10439 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
10455 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
10489 Level 00 Revision 01.16 Copyright © TCG 2006-2014 Octo…
10506 to be present if expiration is non-zero (TPM_RC_EXPIRED).
10510 is non-zero, then the TPM shall return TPM_RC_EXPIRED.
10541 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Rev…
10565 NOTE 3 PolicyUpdate() uses two hash operations because arg2 and arg3 are variable-sized…
10576 Level 00 Revision 01.16 Copyright © TCG 2006-2014 Oc…
10625 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revis…
10632 and the nonceTPM matches policySession->nonceTPM, then the TPM will return a ticket that includes a
10633 value indicating when the authorization expires. If expiration is non-negative, then the TPM will r…
10650 … timeout implementation-specific representation of the expiration time of
10670 Level 00 Revision 01.16 Copyright © TCG 2006-2014 Octo…
10698 NOTE 2 This parameter must be present if expiration is non-zero.
10701 …ration time limit on authorization set by authorizing object. This 32-bit
10730 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revi…
10744 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2…
10784 … If expiration is non-negative, a NULL Ticket is returned.
10796 … implementation-specific time value, used to indicate to
10803 TPMT_TK_AUTH policyTicket the command was non-zero; this ticket will use the
10810 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
10826 …EXPIRED expiration indicates a time in the past or expiration is non-zero but no
10828 TPM_RC_HANDLE authObject need to have sensitive portion loaded
10848 16 UINT32 expiration = (in->expiration < 0)
10849 17 ? -(in->expiration) : in->expiration;
10855 23 session = SessionGet(in->policySession); // the session structure
10858 26 if(session->attributes.isTrialPolicy == CLEAR)
10861 29 authTimeout = expiration * 1000 + session->startTime;
10864 32 &in->cpHashA, &in->nonceTPM,
10871 39 // Re-compute the digest being signed
10875 …Level 00 Revision 01.16 Copyright © TCG 2006-2014 Oc…
10886 49 // This 32-bit value is set to zero if the expiration
10896 59 authHash.t.size = CryptStartHash(CryptGetSignHashAlg(&in->auth),
10900 63 CryptUpdateDigest2B(&hashState, &in->nonceTPM.b);
10903 66 CryptUpdateDigestInt(&hashState, sizeof(UINT32), (BYTE*) &in->expiration);
10906 69 CryptUpdateDigest2B(&hashState, &in->cpHashA.b);
10909 72 CryptUpdateDigest2B(&hashState, &in->policyRef.b);
10916 79 result = CryptVerifySignature(in->authObject, &authHash, &in->auth);
10922 85 entityName.t.size = EntityGetName(in->authObject, &entityName.t.name);
10926 89 PolicyContextUpdate(TPM_CC_PolicySigned, &entityName, &in->policyRef,
10927 90 &in->cpHashA, authTimeout, session);
10931 94 // Create ticket and timeout buffer if in->expiration < 0 and this is not
10934 97 // when expiration is non-zero.
10935 98 if( in->expiration < 0
10936 99 && session->attributes.isTrialPolicy == CLEAR
10940 103 // TPM-specific.
10942 105 // array and it may not be aligned to accept a 64-bit value. The method
10943 106 // used has the side-effect of making the returned value a big-endian,
10946 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
10949 107 // 64-bit value that is byte aligned.
10950 108 out->timeout.t.size = sizeof(UINT64);
10951 109 UINT64_TO_BYTE_ARRAY(authTimeout, out->timeout.t.buffer);
10954 112 TicketComputeAuth(TPM_ST_AUTH_SIGNED, EntityGetHierarchy(in->authObject),
10955 113 authTimeout, &in->cpHashA, &in->policyRef, &entityName,
10956 114 &out->policyTicket);
10962 120 out->timeout.t.size = 0;
10965 123 out->policyTicket.tag = TPM_ST_AUTH_SIGNED;
10966 124 out->policyTicket.hierarchy = TPM_RH_NULL;
10967 125 out->policyTicket.digest.t.size = 0;
10978 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
10986 This command includes a secret-based authorization to a policy. The caller proves knowledge of the
11001 nonceTPM must be present if expiration is non-zero.
11019 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Re…
11056 … If expiration is non-negative, a NULL Ticket is returned.
11067 … implementation-specific time value used to indicate to
11072 the command was non-zero. See 23.2.5
11078 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October …
11111 14 UINT32 expiration = (in->expiration < 0)
11112 15 ? -(in->expiration) : in->expiration;
11118 21 session = SessionGet(in->policySession);
11121 24 if(session->attributes.isTrialPolicy == CLEAR)
11125 28 authTimeout = expiration * 1000 + session->startTime;
11128 31 &in->cpHashA, &in->nonceTPM,
11138 41 entityName.t.size = EntityGetName(in->authHandle, &entityName.t.name);
11142 45 PolicyContextUpdate(TPM_CC_PolicySecret, &entityName, &in->policyRef,
11143 46 &in->cpHashA, authTimeout, session);
11146 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revis…
11152 50 // Create ticket and timeout buffer if in->expiration < 0 and this is not
11155 53 // when expiration is non-zero.
11156 54 if( in->expiration < 0
11157 55 && session->attributes.isTrialPolicy == CLEAR
11161 59 // TPM-specific.
11163 61 // array and it may not be aligned to accept a 64-bit value. The method
11164 62 // used has the side-effect of making the returned value a big-endian,
11165 63 // 64-bit value that is byte aligned.
11166 64 out->timeout.t.size = sizeof(UINT64);
11167 65 UINT64_TO_BYTE_ARRAY(authTimeout, out->timeout.t.buffer);
11170 68 TicketComputeAuth(TPM_ST_AUTH_SECRET, EntityGetHierarchy(in->authHandle),
11171 69 authTimeout, &in->cpHashA, &in->policyRef,
11172 70 &entityName, &out->policyTicket);
11177 75 out->timeout.t.size = 0;
11180 78 out->policyTicket.tag = TPM_ST_AUTH_SECRET;
11181 79 out->policyTicket.hierarchy = TPM_RH_NULL;
11182 80 out->policyTicket.digest.t.size = 0;
11193 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
11218 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01…
11266 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October …
11300 19 session = SessionGet(in->policySession);
11308 27 if(session->attributes.isTrialPolicy)
11311 30 // Restore timeout data. The format of timeout buffer is TPM-specific.
11314 33 if(in->timeout.t.size != sizeof(UINT64))
11316 35 timeout = BYTE_ARRAY_TO_UINT64(in->timeout.t.buffer);
11320 39 &in->cpHashA, NULL,
11328 47 // Re-generate policy ticket by input parameters
11329 48 TicketComputeAuth(in->ticket.tag, in->ticket.hierarchy, timeout, &in->cpHashA,
11330 49 &in->policyRef, &in->authName, &ticketToCompare);
11335 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revis…
11338 52 if(!Memory2BEqual(&in->ticket.digest.b, &ticketToCompare.digest.b))
11345 59 if(in->ticket.tag == TPM_ST_AUTH_SIGNED)
11347 61 else if(in->ticket.tag == TPM_ST_AUTH_SECRET)
11355 69 PolicyContextUpdate(commandCode, &in->authName, &in->policyRef,
11356 70 &in->cpHashA, timeout, session);
11366 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
11406 October 30, 2014 Copyright © TCG 2006-2014 Level 00 R…
11439 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 3…
11468 16 session = SessionGet(in->policySession);
11471 19 for(i = 0; i < in->pHashList.count; i++)
11473 21 if( session->attributes.isTrialPolicy == SET
11474 22 || (Memory2BEqual(&session->u2.policyDigest.b,
11475 23 &in->pHashList.digests[i].b))
11483 31 session->u2.policyDigest.t.size = CryptStartHash(session->authHashAlg,
11486 34 MemorySet(session->u2.policyDigest.t.buffer, 0,
11487 35 session->u2.policyDigest.t.size);
11488 36 CryptUpdateDigest2B(&hashState, &session->u2.policyDigest.b);
11494 42 for(i = 0; i < in->pHashList.count; i++)
11497 45 CryptUpdateDigest2B(&hashState, &in->pHashList.digests[i].b);
11500 48 CryptCompleteHash2B(&hashState, &session->u2.policyDigest.b);
11510 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revisio…
11519 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
11579 October 30, 2014 Copyright © TCG 2006-2014 Level 00 …
11597 Level 00 Revision 01.16 Copyright © TCG 2006-2014 Octobe…
11633 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
11666 20 session = SessionGet(in->policySession);
11669 23 if(session->attributes.isTrialPolicy == CLEAR)
11672 26 if(session->pcrCounter != 0 && session->pcrCounter != gr.pcrCounter)
11676 30 PCRComputeCurrentDigest(session->authHashAlg, &in->pcrs, &pcrDigest);
11680 34 if(in->pcrDigest.t.size != 0)
11682 36 if(!Memory2BEqual(&in->pcrDigest.b, &pcrDigest.b))
11689 43 pcrDigest = in->pcrDigest;
11697 51 CryptStartHash(session->authHashAlg, &hashState);
11700 54 CryptUpdateDigest2B(&hashState, &session->u2.policyDigest.b);
11703 …Level 00 Revision 01.16 Copyright © TCG 2006-2014 Octob…
11712 61 pcrSize = TPML_PCR_SELECTION_Marshal(&in->pcrs, &buffer, NULL);
11719 68 CryptCompleteHash2B(&hashState, &session->u2.policyDigest.b);
11722 71 if(session->attributes.isTrialPolicy == CLEAR)
11724 73 session->pcrCounter = gr.pcrCounter;
11735 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
11764 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 3…
11798 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
11832 20 session = SessionGet(in->policySession);
11836 24 marshalSize = TPMA_LOCALITY_Marshal(&in->locality, &buffer, NULL);
11844 32 TPMA_LOCALITY_Marshal(&session->commandLocality, &buffer, NULL);
11868 …Level 00 Revision 01.16 Copyright © TCG 2006-2014 …
11890 73 CryptStartHash(session->authHashAlg, &hashState);
11893 76 CryptUpdateDigest2B(&hashState, &session->u2.policyDigest.b);
11902 85 CryptCompleteHash2B(&hashState, &session->u2.policyDigest.b);
11907 90 TPMA_LOCALITY_Unmarshal(&session->commandLocality, &buffer,
11918 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
11959 The signed arithmetic operations are performed using twos-compliment.
11967 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October …
12007 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
12038 14 BYTE nvBuffer[sizeof(in->operandB.t.buffer)];
12047 23 NvGetIndexInfo(in->nvIndex, &nvIndex);
12050 26 session = SessionGet(in->policySession);
12053 29 if(session->attributes.isTrialPolicy == CLEAR)
12058 34 result = NvReadAccessChecks(in->authHandle, in->nvIndex);
12062 38 if((nvIndex.publicArea.dataSize - in->offset) < in->operandB.t.size)
12068 44 NvGetIndexData(in->nvIndex, &nvIndex, in->offset,
12069 45 in->operandB.t.size, nvBuffer);
12071 47 switch(in->operation)
12075 …Level 00 Revision 01.16 Copyright © TCG 2006-2014 …
12078 49 case TPM_EO_EQ:
12080 51 if(CryptCompare(in->operandB.t.size, nvBuffer,
12081 52 in->operandB.t.size, in->operandB.t.buffer) != 0)
12084 55 case TPM_EO_NEQ:
12086 57 if(CryptCompare(in->operandB.t.size, nvBuffer,
12087 58 in->operandB.t.size, in->operandB.t.buffer) == 0)
12090 61 case TPM_EO_SIGNED_GT:
12092 63 if(CryptCompareSigned(in->operandB.t.size, nvBuffer,
12093 64 in->operandB.t.size, in->operandB.t.buffer) <= 0)
12096 67 case TPM_EO_UNSIGNED_GT:
12098 69 if(CryptCompare(in->operandB.t.size, nvBuffer,
12099 70 in->operandB.t.size, in->operandB.t.buffer) <= 0)
12102 73 case TPM_EO_SIGNED_LT:
12104 75 if(CryptCompareSigned(in->operandB.t.size, nvBuffer,
12105 76 in->operandB.t.size, in->operandB.t.buffer) >= 0)
12108 79 case TPM_EO_UNSIGNED_LT:
12110 81 if(CryptCompare(in->operandB.t.size, nvBuffer,
12111 82 in->operandB.t.size, in->operandB.t.buffer) >= 0)
12114 85 case TPM_EO_SIGNED_GE:
12116 87 if(CryptCompareSigned(in->operandB.t.size, nvBuffer,
12117 88 in->operandB.t.size, in->operandB.t.buffer) < 0)
12120 91 case TPM_EO_UNSIGNED_GE:
12122 93 if(CryptCompare(in->operandB.t.size, nvBuffer,
12123 94 in->operandB.t.size, in->operandB.t.buffer) < 0)
12126 97 case TPM_EO_SIGNED_LE:
12128 99 if(CryptCompareSigned(in->operandB.t.size, nvBuffer,
12129 100 in->operandB.t.size, in->operandB.t.buffer) > 0)
12132 103 case TPM_EO_UNSIGNED_LE:
12134 105 if(CryptCompare(in->operandB.t.size, nvBuffer,
12135 106 in->operandB.t.size, in->operandB.t.buffer) > 0)
12138 109 case TPM_EO_BITSET:
12142 113 for (i = 0; i < in->operandB.t.size; i++)
12143 114 if((nvBuffer[i] & in->operandB.t.buffer[i])
12146 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
12149 115 != in->operandB.t.buffer[i])
12153 119 case TPM_EO_BITCLEAR:
12157 123 for (i = 0; i < in->operandB.t.size; i++)
12158 124 if((nvBuffer[i] & in->operandB.t.buffer[i]) != 0)
12171 137 argHash.t.size = CryptStartHash(session->authHashAlg, &hashState);
12174 140 CryptUpdateDigest2B(&hashState, &in->operandB.b);
12177 143 CryptUpdateDigestInt(&hashState, sizeof(UINT16), &in->offset);
12180 146 CryptUpdateDigestInt(&hashState, sizeof(TPM_EO), &in->operation);
12187 153 CryptStartHash(session->authHashAlg, &hashState);
12190 156 CryptUpdateDigest2B(&hashState, &session->u2.policyDigest.b);
12199 165 nvName.t.size = EntityGetName(in->nvIndex, &nvName.t.name);
12203 169 CryptCompleteHash2B(&hashState, &session->u2.policyDigest.b);
12213 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
12246 The signed arithmetic operations are performed using twos-compliment. The indicated portion of the
12258 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision …
12296 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30,…
12331 21 // The time and clock vales are the first two 64-bit values in the clock
12332 22 if(in->offset < sizeof(UINT64) + sizeof(UINT64))
12342 32 session = SessionGet(in->policySession);
12345 35 if(session->attributes.isTrialPolicy == CLEAR)
12349 39 result = TimeGetRange(in->offset, in->operandB.t.size, &infoData);
12353 43 switch(in->operation)
12355 45 case TPM_EO_EQ:
12357 47 if(CryptCompare(in->operandB.t.size, infoData,
12358 48 in->operandB.t.size, in->operandB.t.buffer) != 0)
12361 51 case TPM_EO_NEQ:
12363 53 if(CryptCompare(in->operandB.t.size, infoData,
12366 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 0…
12369 54 in->operandB.t.size, in->operandB.t.buffer) == 0)
12372 57 case TPM_EO_SIGNED_GT:
12374 59 if(CryptCompareSigned(in->operandB.t.size, infoData,
12375 60 in->operandB.t.size, in->operandB.t.buffer) <= 0)
12378 63 case TPM_EO_UNSIGNED_GT:
12380 65 if(CryptCompare(in->operandB.t.size, infoData,
12381 66 in->operandB.t.size, in->operandB.t.buffer) <= 0)
12384 69 case TPM_EO_SIGNED_LT:
12386 71 if(CryptCompareSigned(in->operandB.t.size, infoData,
12387 72 in->operandB.t.size, in->operandB.t.buffer) >= 0)
12390 75 case TPM_EO_UNSIGNED_LT:
12392 77 if(CryptCompare(in->operandB.t.size, infoData,
12393 78 in->operandB.t.size, in->operandB.t.buffer) >= 0)
12396 81 case TPM_EO_SIGNED_GE:
12398 83 if(CryptCompareSigned(in->operandB.t.size, infoData,
12399 84 in->operandB.t.size, in->operandB.t.buffer) < 0)
12402 87 case TPM_EO_UNSIGNED_GE:
12404 89 if(CryptCompare(in->operandB.t.size, infoData,
12405 90 in->operandB.t.size, in->operandB.t.buffer) < 0)
12408 93 case TPM_EO_SIGNED_LE:
12410 95 if(CryptCompareSigned(in->operandB.t.size, infoData,
12411 96 in->operandB.t.size, in->operandB.t.buffer) > 0)
12414 99 case TPM_EO_UNSIGNED_LE:
12416 101 if(CryptCompare(in->operandB.t.size, infoData,
12417 102 in->operandB.t.size, in->operandB.t.buffer) > 0)
12420 105 case TPM_EO_BITSET:
12424 109 for (i = 0; i < in->operandB.t.size; i++)
12425 110 if( (infoData[i] & in->operandB.t.buffer[i])
12426 111 != in->operandB.t.buffer[i])
12430 115 case TPM_EO_BITCLEAR:
12434 119 for (i = 0; i < in->operandB.t.size; i++)
12437 … Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
12440 120 if((infoData[i] & in->operandB.t.buffer[i]) != 0)
12453 133 argHash.t.size = CryptStartHash(session->authHashAlg, &hashState);
12455 135 CryptUpdateDigest2B(&hashState, &in->operandB.b);
12457 137 CryptUpdateDigestInt(&hashState, sizeof(UINT16), &in->offset);
12459 139 CryptUpdateDigestInt(&hashState, sizeof(TPM_EO), &in->operation);
12465 145 CryptStartHash(session->authHashAlg, &hashState);
12468 148 CryptUpdateDigest2B(&hashState, &session->u2.policyDigest.b);
12477 157 CryptCompleteHash2B(&hashState, &session->u2.policyDigest.b);
12487 … October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
12520 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October…
12553 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
12581 16 session = SessionGet(in->policySession);
12583 18 if(session->commandCode != 0 && session->commandCode != in->code)
12585 20 if(!CommandIsImplemented(in->code))
12592 27 CryptStartHash(session->authHashAlg, &hashState);
12595 30 CryptUpdateDigest2B(&hashState, &session->u2.policyDigest.b);
12601 36 CryptUpdateDigestInt(&hashState, sizeof(TPM_CC), &in->code);
12604 39 CryptCompleteHash2B(&hashState, &session->u2.policyDigest.b);
12607 42 session->commandCode = in->code;
12617 …Level 00 Revision 01.16 Copyright © TCG 2006-2014 Octobe…
12636 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.…
12668 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30,…
12690 16 session = SessionGet(in->policySession);
12695 21 CryptStartHash(session->authHashAlg, &hashState);
12698 24 CryptUpdateDigest2B(&hashState, &session->u2.policyDigest.b);
12704 30 CryptCompleteHash2B(&hashState, &session->u2.policyDigest.b);
12707 33 session->attributes.isPPRequired = SET;
12717 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
12743 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 20…
12777 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
12807 16 session = SessionGet(in->policySession);
12811 20 if( in->cpHashA.t.size != 0
12812 21 && session->u1.cpHash.t.size != 0
12813 22 && !Memory2BEqual(&in->cpHashA.b, &session->u1.cpHash.b)
12818 27 if(in->cpHashA.t.size != CryptGetHashDigestSize(session->authHashAlg))
12826 35 CryptStartHash(session->authHashAlg, &hashState);
12829 38 CryptUpdateDigest2B(&hashState, &session->u2.policyDigest.b);
12835 44 CryptUpdateDigest2B(&hashState, &in->cpHashA.b);
12838 47 CryptCompleteHash2B(&hashState, &session->u2.policyDigest.b);
12841 50 session->u1.cpHash = in->cpHashA;
12842 51 session->attributes.iscpHashDefined = SET;
12847 …Level 00 Revision 01.16 Copyright © TCG 2006-2014 Octo…
12857 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
12895 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October …
12928 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
12958 16 session = SessionGet(in->policySession);
12962 20 if(in->nameHash.t.size != 0 && session->u1.cpHash.t.size != 0)
12966 24 if(in->nameHash.t.size != CryptGetHashDigestSize(session->authHashAlg))
12974 32 CryptStartHash(session->authHashAlg, &hashState);
12977 35 CryptUpdateDigest2B(&hashState, &session->u2.policyDigest.b);
12983 41 CryptUpdateDigest2B(&hashState, &in->nameHash.b);
12986 44 CryptCompleteHash2B(&hashState, &session->u2.policyDigest.b);
12989 47 session->attributes.iscpHashDefined = CLEAR;
12992 50 session->u1.cpHash = in->nameHash;
12998 …Level 00 Revision 01.16 Copyright © TCG 2006-2014 Octobe…
13007 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
13059 …the new parent. In that case, the authorizing entity would approve the policyDigest of equation (3…
13065 Level 00 Revision 01.16 Copyright © TCG 2006-2014 …
13102 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
13131 16 session = SessionGet(in->policySession);
13134 19 if(session->u1.cpHash.t.size != 0)
13138 23 if(session->commandCode != 0)
13144 29 session->u1.cpHash.t.size = CryptStartHash(session->authHashAlg, &hashState);
13147 32 CryptUpdateDigest2B(&hashState, &in->objectName.b);
13150 35 CryptUpdateDigest2B(&hashState, &in->newParentName.b);
13153 38 CryptCompleteHash2B(&hashState, &session->u1.cpHash.b);
13158 43 session->u2.policyDigest.t.size
13159 44 = CryptStartHash(session->authHashAlg, &hashState);
13162 47 CryptUpdateDigest2B(&hashState, &session->u2.policyDigest.b);
13168 53 if(in->includeObject == YES)
13169 54 CryptUpdateDigest2B(&hashState, &in->objectName.b);
13172 …Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30,…
13177 57 CryptUpdateDigest2B(&hashState, &in->newParentName.b);
13180 60 CryptUpdateDigestInt(&hashState, sizeof(TPMI_YES_NO), &in->includeObject);
13183 63 CryptCompleteHash2B(&hashState, &session->u2.policyDigest.b);
13186 66 session->attributes.iscpHashDefined = CLEAR;
13189 69 session->commandCode = TPM_CC_Duplicate;
13199 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
13241 Level 00 Revision 01.16 Copyright © TCG 2006-2014 Oc…
13279 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
13314 20 session = SessionGet(in->policySession);
13317 23 hashAlg = BYTE_ARRAY_TO_UINT16(in->keySign.t.name);
13325 31 if(digestSize != (in->keySign.t.size - 2))
13329 35 if(session->attributes.isTrialPolicy == CLEAR)
13333 39 if(!Memory2BEqual(&session->u2.policyDigest.b,
13334 40 &in->approvedPolicy.b))
13344 50 CryptUpdateDigest2B(&hashState, &in->approvedPolicy.b);
13348 …Level 00 Revision 01.16 Copyright © TCG 2006-2014 Octobe…
13352 53 CryptUpdateDigest2B(&hashState, &in->policyRef.b);
13357 58 // re-compute TPMT_TK_VERIFIED
13358 59 TicketComputeVerified(in->checkTicket.hierarchy, &authHash,
13359 60 &in->keySign, &ticket);
13362 63 if(!Memory2BEqual(&in->checkTicket.digest.b, &ticket.digest.b))
13369 70 MemorySet(session->u2.policyDigest.t.buffer, 0,
13370 71 session->u2.policyDigest.t.size);
13373 74 PolicyContextUpdate(TPM_CC_PolicyAuthorize, &in->keySign, &in->policyRef,
13385 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
13409 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30…
13441 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
13464 17 session = SessionGet(in->policySession);
13469 22 CryptStartHash(session->authHashAlg, &hashState);
13472 25 CryptUpdateDigest2B(&hashState, &session->u2.policyDigest.b);
13478 31 CryptCompleteHash2B(&hashState, &session->u2.policyDigest.b);
13481 34 session->attributes.isAuthValueNeeded = SET;
13482 35 session->attributes.isPasswordNeeded = CLEAR;
13492 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
13524 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Re…
13556 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30,…
13579 17 session = SessionGet(in->policySession);
13584 22 CryptStartHash(session->authHashAlg, &hashState);
13587 25 CryptUpdateDigest2B(&hashState, &session->u2.policyDigest.b);
13593 31 CryptCompleteHash2B(&hashState, &session->u2.policyDigest.b);
13596 34 session->attributes.isPasswordNeeded = SET;
13597 35 session->attributes.isAuthValueNeeded = CLEAR;
13607 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
13616 to perform the actions required to pre-compute the authPolicy for an object.
13622 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
13656 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
13677 15 session = SessionGet(in->policySession);
13679 17 out->policyDigest = session->u2.policyDigest;
13689 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
13709 NOTE 1 A typical use case is a simple policy for the first write during manufacturing prov…
13714 … written. It is possible to use this change in the NV Index to create a write-once Index.
13720 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Re…
13755 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30…
13784 16 session = SessionGet(in->policySession);
13788 20 if(session->attributes.checkNvWritten == SET)
13790 22 if(( (session->attributes.nvWrittenState == SET)
13791 23 != (in->writtenSet == YES)))
13798 30 session->attributes.checkNvWritten = SET;
13799 31 session->attributes.nvWrittenState = (in->writtenSet == YES);
13805 37 CryptStartHash(session->authHashAlg, &hashState);
13808 40 CryptUpdateDigest2B(&hashState, &session->u2.policyDigest.b);
13814 46 CryptUpdateDigestInt(&hashState, sizeof(TPMI_YES_NO), &in->writtenSet);
13817 49 CryptCompleteHash2B(&hashState, &session->u2.policyDigest.b);
13825 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revi…
13832 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
13845 The command will create and load a Primary Object. The sensitive area is not returned.
13847 NOTE 1: Since the sensitive data is not returned, the key cannot be reloaded. It can eith…
13875 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision…
13895 …M2B_SENSITIVE_CREATE inSensitive the sensitive data, see TPM 2.0 Part 1 Sensitive…
13926 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30…
13942 TPM_RC_ATTRIBUTES sensitiveDataOrigin is CLEAR when 'sensitive.data' is an Empty
13943 Buffer, or is SET when 'sensitive.data' is not empty; fixedTPM,
13946 … restricted, decrypt and sign attributes; attempt to inject sensitive data
13954 … TPM_RC_SIZE size of public auth policy or sensitive auth value does not match
13955 … digest size of the name algorithm sensitive data size for the keyed
13957 … TPM_RC_SYMMETRIC a storage key with no symmetric algorithm specified; or non-storage
13969 14 TPMT_SENSITIVE sensitive;
13974 19 if( (in->inPublic.t.publicArea.objectAttributes.sensitiveDataOrigin == SET)
13975 20 != (in->inSensitive.t.sensitive.data.t.size == 0 ))
13982 27 result = PublicAttributesValidation(FALSE, in->primaryHandle,
13983 28 &in->inPublic.t.publicArea);
13987 32 // Validate the sensitive area values
13988 33 if( MemoryRemoveTrailingZeros(&in->inSensitive.t.sensitive.userAuth)
13989 34 > CryptGetHashDigestSize(in->inPublic.t.publicArea.nameAlg))
13993 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Rev…
14005 44 result = CryptCreateObject(in->primaryHandle, &in->inPublic.t.publicArea,
14006 45 &in->inSensitive.t.sensitive,&sensitive);
14011 50 FillInCreationData(in->primaryHandle, in->inPublic.t.publicArea.nameAlg,
14012 51 &in->creationPCR, &in->outsideInfo, &out->creationData,
14013 52 &out->creationHash);
14016 55 out->outPublic = in->inPublic;
14019 58 ObjectComputeName(&(out->outPublic.t.publicArea), &out->name);
14022 61 TicketComputeCreation(EntityGetHierarchy(in->primaryHandle), &out->name,
14023 62 &out->creationHash, &out->creationTicket);
14027 66 result = ObjectLoad(in->primaryHandle, &in->inPublic.t.publicArea, &sensitive,
14028 67 &out->name, in->primaryHandle, TRUE, &out->objectHandle);
14038 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
14072 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision …
14115 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, …
14137 10 BOOL select = (in->state == YES);
14141 14 switch(in->enable)
14146 19 case TPM_RH_PLATFORM:
14147 20 case TPM_RH_PLATFORM_NV:
14148 21 if(in->authHandle != TPM_RH_PLATFORM)
14155 28 case TPM_RH_OWNER:
14156 29 if( in->authHandle != TPM_RH_PLATFORM
14157 30 && in->authHandle != TPM_RH_OWNER)
14159 32 if( gc.shEnable == FALSE && in->state == YES
14160 33 && in->authHandle != TPM_RH_PLATFORM)
14168 41 case TPM_RH_ENDORSEMENT:
14169 42 if( in->authHandle != TPM_RH_PLATFORM
14170 43 && in->authHandle != TPM_RH_ENDORSEMENT)
14172 45 if( gc.ehEnable == FALSE && in->state == YES
14173 46 && in->authHandle != TPM_RH_PLATFORM)
14186 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revisio…
14197 65 switch(in->enable)
14199 67 case TPM_RH_OWNER:
14202 70 case TPM_RH_ENDORSEMENT:
14205 73 case TPM_RH_PLATFORM:
14208 76 case TPM_RH_PLATFORM_NV:
14231 99 if(select == CLEAR && in->enable != TPM_RH_PLATFORM_NV)
14233 101 ObjectFlushHierarchy(in->enable);
14247 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
14268 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.…
14311 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 3…
14338 15 if(in->authPolicy.t.size != CryptGetHashDigestSize(in->hashAlg))
14352 29 switch(in->authHandle)
14354 31 case TPM_RH_OWNER:
14355 32 gp.ownerAlg = in->hashAlg;
14356 33 gp.ownerPolicy = in->authPolicy;
14360 37 case TPM_RH_ENDORSEMENT:
14361 38 gp.endorsementAlg = in->hashAlg;
14362 39 gp.endorsementPolicy = in->authPolicy;
14366 43 case TPM_RH_PLATFORM:
14367 44 gc.platformAlg = in->hashAlg;
14368 45 gc.platformPolicy = in->authPolicy;
14372 49 case TPM_RH_LOCKOUT:
14373 50 gp.lockoutAlg = in->hashAlg;
14374 51 gp.lockoutPolicy = in->authPolicy;
14382 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revisio…
14397 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
14428 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revisi…
14457 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
14506 43 // Re-initialize PCR policies
14525 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
14538 NOTE In the reference implementation, ehProof is a non-volatile value from the RNG. It i…
14540 ehProof can be generated on an as-needed basis or made a non-volatile value.
14548 Level 00 Revision 01.16 Copyright © TCG 2006-2014 Octo…
14577 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
14647 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
14684 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revis…
14713 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
14784 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
14830 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
14852 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision…
14886 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 20…
14918 20 if(in->auth == TPM_RH_LOCKOUT && in->disable == NO)
14923 25 if(in->disable == YES)
14939 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
14964 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October…
14997 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
15031 22 if( MemoryRemoveTrailingZeros(&in->newAuth)
15036 27 switch(in->authHandle)
15038 29 case TPM_RH_OWNER:
15039 30 gp.ownerAuth = in->newAuth;
15042 33 case TPM_RH_ENDORSEMENT:
15043 34 gp.endorsementAuth = in->newAuth;
15046 37 case TPM_RH_PLATFORM:
15047 38 gc.platformAuth = in->newAuth;
15051 42 case TPM_RH_LOCKOUT:
15052 43 gp.lockoutAuth = in->newAuth;
15068 …Level 00 Revision 01.16 Copyright © TCG 2006-2014 Oct…
15089 occur, the authorization failure counter will be decremented by one. This property is called “self-…
15090 Self-healing shall not cause the count of failed attempts to decrement below zero.
15091 The count of failed attempts, the lockout interval, and self-healing interval are settable using
15110 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revisio…
15139 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
15181 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
15208 Level 00 Revision 01.16 Copyright © TCG 2006-2014 Octob…
15250 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
15276 20 gp.maxTries = in->newMaxTries;
15277 21 gp.recoveryTime = in->newRecoveryTime;
15278 22 gp.lockoutRecovery = in->lockoutRecovery;
15297 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
15334 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision…
15371 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2…
15399 22 for(i = 0; i < in->setList.count; i++)
15403 26 if(CommandIsImplemented(in->setList.commandCodes[i]))
15404 27 PhysicalPresenceCommandSet(in->setList.commandCodes[i]);
15407 30 for(i = 0; i < in->clearList.count; i++)
15412 35 if(CommandIsImplemented(in->clearList.commandCodes[i]))
15413 36 PhysicalPresenceCommandClear(in->clearList.commandCodes[i]);
15426 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
15435 algorithmSet setting is a vendor-dependent value.
15451 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October …
15468 a TPM vendor-dependent value indicating the
15484 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
15508 18 gp.algorithmSet = in->algorithmSet;
15521 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
15560 The system may attempt to abandon the firmware upgrade by using a zero-length buffer in
15570 when the power interruption occurred. In such case, the TPM firmware may be reset to one of two oth…
15580 October 30, 2014 Copyright © TCG 2006-2014 Level 00 R…
15583 NOTE 2 The TPM is required to accept the previous firmware as either a vendor-provided u…
15587 data block in a TPM vendor-specific manner), the TPM will complete the upgrade process. If the TPM …
15610 … A platform manufacturer may provide a means to change preserved data to accommodate a case
15617 Level 00 Revision 01.16 Copyright © TCG 2006-2014 O…
15633 NOTE A loaded key is used rather than a hard -coded key to reduce the amount of memory n…
15634 key data in case more than one vendor key is needed.
15640 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revis…
15678 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30…
15703 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
15712 fuData is vendor-specific. This command is only possible following a successful
15723 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
15758 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
15785 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
15795 would be the first block given to the TPM in case of a failure recovery. If the TPM2_FirmwareRead
15812 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revis…
15845 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30,…
15872 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
15908 Level 00 Revision 01.16 Copyright © TCG 2006-2014 Octob…
15940 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
15976 23 // the update of state reset data. If this is the case, check if NV is
15992 39 out->context.savedHandle = in->saveHandle;
15996 43 fingerprintSize = sizeof(out->context.sequence);
16003 50 switch(HandleGetType(in->saveHandle))
16005 52 case TPM_HT_TRANSIENT:
16007 54 OBJECT *object = ObjectGet(in->saveHandle);
16010 …Level 00 Revision 01.16 Copyright © TCG 2006-2014 October …
16014 56 (OBJECT *)(out->context.contextBlob.t.buffer
16020 62 out->context.contextBlob.t.size = integritySize +
16023 65 pAssert(out->context.contextBlob.t.size
16024 66 < sizeof(out->context.contextBlob.t.buffer));
16037 79 out->context.sequence = gr.objectContextID;
16043 85 out->context.savedHandle = 0x80000001;
16046 88 else if(object->attributes.stClear == SET)
16048 90 out->context.savedHandle = 0x80000002;
16052 94 out->context.savedHandle = 0x80000000;
16056 98 out->context.hierarchy = ObjectDataGetHierarchy(object);
16060 102 case TPM_HT_HMAC_SESSION:
16061 103 case TPM_HT_POLICY_SESSION:
16063 105 SESSION *session = SessionGet(in->saveHandle);
16069 111 out->context.contextBlob.t.size = integritySize +
16073 115 pAssert(out->context.contextBlob.t.size
16074 116 < sizeof(out->context.contextBlob.t.buffer));
16081 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
16085 122 MemoryCopy(out->context.contextBlob.t.buffer
16088 125 sizeof(out->context.contextBlob.t.buffer)
16089 126 - integritySize - fingerprintSize);
16094 131 // SessionContextSave() will flush the in-memory context
16096 133 result = SessionContextSave(out->context.savedHandle, &contextID);
16100 137 out->context.sequence = contextID;
16103 140 out->context.hierarchy = TPM_RH_NULL;
16116 153 MemoryCopy(out->context.contextBlob.t.buffer + integritySize,
16117 154 &out->context.sequence, sizeof(out->context.sequence),
16118 155 sizeof(out->context.contextBlob.t.buffer) - integritySize);
16121 158 ComputeContextProtectionKey(&out->context, &symKey, &iv);
16124 161 CryptSymmetricEncrypt(out->context.contextBlob.t.buffer + integritySize,
16127 164 out->context.contextBlob.t.size - integritySize,
16128 165 out->context.contextBlob.t.buffer + integritySize);
16133 170 ComputeContextIntegrity(&out->context, &integrity);
16136 173 buffer = out->context.contextBlob.t.buffer;
16151 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
16176 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revis…
16208 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 20…
16255 28 handleType = HandleGetType(in->context.savedHandle);
16263 36 buffer = in->context.contextBlob.t.buffer;
16264 37 size = (INT32) in->context.contextBlob.t.size;
16275 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revis…
16280 47 ComputeContextIntegrity(&in->context, &integrityToCompare);
16287 54 ComputeContextProtectionKey(&in->context, &symKey, &iv);
16290 57 CryptSymmetricDecrypt(in->context.contextBlob.t.buffer + integritySize,
16293 60 in->context.contextBlob.t.size - integritySize,
16294 61 in->context.contextBlob.t.buffer + integritySize);
16297 64 MemoryCopy(&fingerprint, in->context.contextBlob.t.buffer + integritySize,
16300 67 if(fingerprint != in->context.sequence)
16306 73 case TPM_HT_TRANSIENT:
16309 76 OBJECT *outObject = (OBJECT *)(in->context.contextBlob.t.buffer
16313 80 in->context.savedHandle = TRANSIENT_FIRST;
16317 84 if(!HierarchyIsEnabled(in->context.hierarchy))
16322 89 result = ObjectContextLoad(outObject, &out->loadedHandle);
16329 96 SequenceDataImportExport(ObjectGet(out->loadedHandle),
16334 101 case TPM_HT_POLICY_SESSION:
16335 102 case TPM_HT_HMAC_SESSION:
16338 105 SESSION *session = (SESSION *)(in->context.contextBlob.t.buffer
16342 109 // the update of state reset data. If this is the case, check if NV is
16346 … Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
16360 122 if(!SessionIsSaved(in->context.savedHandle))
16365 127 result = SessionContextLoad(session, &in->context.savedHandle);
16369 131 out->loadedHandle = in->context.savedHandle;
16392 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
16420 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October …
16450 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
16474 12 switch(HandleGetType(in->flushHandle))
16476 14 case TPM_HT_TRANSIENT:
16477 15 if(!ObjectIsPresent(in->flushHandle))
16480 18 ObjectFlush(in->flushHandle);
16482 20 case TPM_HT_HMAC_SESSION:
16483 21 case TPM_HT_POLICY_SESSION:
16484 22 if( !SessionIsLoaded(in->flushHandle)
16485 23 && !SessionIsSaved(in->flushHandle)
16491 29 if(in->flushHandle == g_exclusiveAuditSession)
16495 33 SessionFlush(in->flushHandle);
16512 …Level 00 Revision 01.16 Copyright © TCG 2006-2014 Octo…
16558 … This requirement anticipates that a TPM may be implemented suc h that all TPM memory is non-
16559 … volatile and not subject to endurance issues. In such case, there is no movement of an object
16568 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revi…
16586 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October…
16624 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
16665 21 evictObject = ObjectGet(in->objectHandle);
16668 24 if( evictObject->attributes.temporary == SET
16669 25 || evictObject->attributes.stClear == SET
16670 26 || evictObject->attributes.publicOnly == SET
16676 32 if( evictObject->attributes.evict == SET
16677 33 && evictObject->evictHandle != in->persistentHandle
16682 38 if(in->auth == TPM_RH_PLATFORM)
16685 41 if(evictObject->attributes.evict == CLEAR)
16691 …Level 00 Revision 01.16 Copyright © TCG 2006-2014 Oct…
16694 45 if(evictObject->attributes.ppsHierarchy == CLEAR)
16698 49 if(!NvIsPlatformPersistentHandle(in->persistentHandle))
16703 54 else if(in->auth == TPM_RH_OWNER)
16706 57 if(evictObject->attributes.ppsHierarchy == SET)
16710 61 if( evictObject->attributes.evict == CLEAR
16711 62 && !NvIsOwnerPersistentHandle(in->persistentHandle)
16725 76 if(evictObject->attributes.evict == CLEAR)
16730 81 result = NvAddEvictObject(in->persistentHandle, evictObject);
16736 87 NvDeleteEntity(evictObject->evictHandle);
16748 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
16764 … privacy sensitive. The values may be read without authorization because the TCB will not disclose
16773 Level 00 Revision 01.16 Copyright © TCG 2006-2014 Octobe…
16800 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
16817 11 out->currentTime.time = g_time;
16818 12 TimeFillInfo(&out->currentTime.clockInfo);
16828 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
16847 If the value of Clock after the update makes the volatile and non-volatile versions of
16849 the non-volatile version of TPMS_CLOCK_INFO.clock before returning.
16856 October 30, 2014 Copyright © TCG 2006-2014 Level 00 R…
16888 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30,…
16910 9 #define CLOCK_UPDATE_MASK ((1ULL << NV_CLOCK_UPDATE_INTERVAL)- 1)
16917 16 if(in->newTime > 0xFFFF000000000000ULL
16918 17 || in->newTime < go.clock)
16925 24 go.clock = in->newTime; // set the new value
16927 26 if((in->newTime & CLOCK_UPDATE_MASK) > (clockNow & CLOCK_UPDATE_MASK))
16944 … October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
16964 EXAMPLE 2 If the frequency tolerance of the TPM's input clock is +/-10 percent, then the TPM …
16970 The interpretation of “fine” and “coarse” adjustments is implementation-specific.
16983 Level 00 Revision 01.16 Copyright © TCG 2006-2014 Octo…
17015 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
17031 10 TimeSetAdjustRate(in->rateAdjust);
17041 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
17104 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Re…
17152 TPM_CAP_VENDOR_PROPERTY manufacturer specific manufacturer-specific values
17160 Level 00 Revision 01.16 Copyright © TCG 2006-2014 Oc…
17168 most-significant octet (MSO) of the property). Any of the defined handle types is allowed
17188 vendor specific commands are implemented, the vendor-specific command attribute with the
17189 lowest commandIndex, is returned after the non-vendor-specific (base) command.
17203 … the property is a 32-bit value. The properties are returned in groups. Each property group is on a
17204 256-value boundary (that is, the boundary occurs when the TPM_PT is evenly divisible by 256).
17220 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revi…
17228 If no next capability exists, the TPM will return a zero-length list and moreData will have a value…
17234 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30…
17269 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
17297 13 out->capabilityData.capability = in->capability;
17299 15 switch(in->capability)
17301 17 case TPM_CAP_ALGS:
17302 18 out->moreData = AlgorithmCapGetImplemented((TPM_ALG_ID) in->property,
17303 19 in->propertyCount, &out->capabilityData.data.algorithms);
17305 21 case TPM_CAP_HANDLES:
17306 22 switch(HandleGetType((TPM_HANDLE) in->property))
17308 24 case TPM_HT_TRANSIENT:
17310 26 out->moreData = ObjectCapGetLoaded((TPM_HANDLE) in->property,
17311 27 in->propertyCount,
17312 28 &out->capabilityData.data.handles);
17314 30 case TPM_HT_PERSISTENT:
17316 32 out->moreData = NvCapGetPersistent((TPM_HANDLE) in->property,
17317 33 in->propertyCount,
17318 34 &out->capabilityData.data.handles);
17320 36 case TPM_HT_NV_INDEX:
17322 38 out->moreData = NvCapGetIndex((TPM_HANDLE) in->property,
17323 39 in->propertyCount,
17324 40 &out->capabilityData.data.handles);
17326 42 case TPM_HT_LOADED_SESSION:
17328 44 out->moreData = SessionCapGetLoaded((TPM_HANDLE) in->property,
17329 45 in->propertyCount,
17330 46 &out->capabilityData.data.handles);
17332 48 case TPM_HT_ACTIVE_SESSION:
17334 50 out->moreData = SessionCapGetSaved((TPM_HANDLE) in->property,
17335 51 in->propertyCount,
17336 52 &out->capabilityData.data.handles);
17339 …Level 00 Revision 01.16 Copyright © TCG 2006-2014 Oc…
17343 54 case TPM_HT_PCR:
17345 56 out->moreData = PCRCapGetHandles((TPM_HANDLE) in->property,
17346 57 in->propertyCount,
17347 58 &out->capabilityData.data.handles);
17349 60 case TPM_HT_PERMANENT:
17351 62 out->moreData = PermanentCapGetHandles(
17352 63 (TPM_HANDLE) in->property,
17353 64 in->propertyCount,
17354 65 &out->capabilityData.data.handles);
17362 73 case TPM_CAP_COMMANDS:
17363 74 out->moreData = CommandCapGetCCList((TPM_CC) in->property,
17364 75 in->propertyCount,
17365 76 &out->capabilityData.data.command);
17367 78 case TPM_CAP_PP_COMMANDS:
17368 79 out->moreData = PhysicalPresenceCapGetCCList((TPM_CC) in->property,
17369 80 in->propertyCount, &out->capabilityData.data.ppCommands);
17371 82 case TPM_CAP_AUDIT_COMMANDS:
17372 83 out->moreData = CommandAuditCapGetCCList((TPM_CC) in->property,
17373 84 in->propertyCount,
17374 85 &out->capabilityData.data.auditCommands);
17376 87 case TPM_CAP_PCRS:
17378 89 if(in->property != 0)
17380 91 out->moreData = PCRCapGetAllocation(in->propertyCount,
17381 92 &out->capabilityData.data.assignedPCR);
17383 94 case TPM_CAP_PCR_PROPERTIES:
17384 95 out->moreData = PCRCapGetProperties((TPM_PT_PCR) in->property,
17385 96 in->propertyCount,
17386 97 &out->capabilityData.data.pcrProperties);
17388 99 case TPM_CAP_TPM_PROPERTIES:
17389 100 out->moreData = TPMCapGetProperties((TPM_PT) in->property,
17390 101 in->propertyCount,
17391 102 &out->capabilityData.data.tpmProperties);
17394 105 case TPM_CAP_ECC_CURVES:
17395 106 out->moreData = CryptCapGetECCCurve((TPM_ECC_CURVE ) in->property,
17396 107 in->propertyCount,
17397 108 &out->capabilityData.data.eccCurves);
17400 111 case TPM_CAP_VENDOR_PROPERTY:
17410 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
17421 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
17438 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.…
17468 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 20…
17496 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
17500 31 Non-volatile Storage
17508 An Index may have an Index-specific authValue and authPolicy. The authValue may be used to authorize
17542 …de in the “Detailed Actions” clause of each command is written to interface with an implementation-
17552 Level 00 Revision 01.16 Copyright © TCG 2006-2014 Octob…
17560 When an NV counter is created, the TPM shall initialize the 8-octet counter value with a number tha…
17565 occasionally update the non-volatile version of the counter. An orderly shutdown is one occasion to
17566 update the non-volatile count. If the difference between the volatile and non-volatile version of t…
17567 becomes as large as MAX_ORDERLY_COUNT, this shall be another occasion for updating the non-
17573 non-volatile counter and set that as the current count.
17580 …counter is the sum of both the volatile and non-volatile parts. If so, then the TPM may initialize…
17584 … highest value. In this search, the TPM would use the sum of the non -volatile and RAM portions of
17592 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Re…
17648 Level 00 Revision 01.16 Copyright © TCG 2006-2014 Oct…
17661 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision…
17694 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 20…
17713 …TPM_RC_SIZE 'auth->size' or 'publicInfo->authPolicy.size' is larger than the dig…
17714 size of 'publicInfo->nameAlg', or 'publicInfo->dataSize' is not
17715 consistent with 'publicInfo->attributes'.
17726 13 nameSize = CryptGetHashDigestSize(in->publicInfo.t.nvPublic.nameAlg);
17739 26 if(in->authHandle == TPM_RH_PLATFORM && gc.phEnableNV == CLEAR)
17742 29 attributes = in->publicInfo.t.nvPublic.attributes;
17747 34 && (in->publicInfo.t.nvPublic.dataSize != 8))
17751 38 if( in->publicInfo.t.nvPublic.authPolicy.t.size != 0
17752 39 && in->publicInfo.t.nvPublic.authPolicy.t.size != nameSize)
17756 43 MemoryRemoveTrailingZeros(&in->auth);
17757 44 if(in->auth.t.size > nameSize)
17762 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revi…
17825 107 if( ( in->publicInfo.t.nvPublic.attributes.TPMA_NV_PLATFORMCREATE == SET
17826 108 && in->authHandle == TPM_RH_OWNER
17828 110 || ( in->publicInfo.t.nvPublic.attributes.TPMA_NV_PLATFORMCREATE == CLEAR
17829 111 && in->authHandle == TPM_RH_PLATFORM
17833 … Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
17841 118 if( in->publicInfo.t.nvPublic.attributes.TPMA_NV_POLICY_DELETE == SET
17842 119 && TPM_RH_PLATFORM != in->authHandle
17848 125 if( in->publicInfo.t.nvPublic.attributes.TPMA_NV_EXTEND == SET
17849 126 && in->publicInfo.t.nvPublic.dataSize != nameSize
17854 131 if(NvIsUndefinedIndex(in->publicInfo.t.nvPublic.nvIndex))
17859 136 result = NvDefineIndex(&in->publicInfo.t.nvPublic, &in->auth);
17872 … October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
17895 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 3…
17927 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
17963 21 NvGetIndexInfo(in->nvIndex, &nvIndex);
17971 29 if( in->authHandle == TPM_RH_OWNER
17978 36 NvDeleteEntity(in->nvIndex);
17988 …Level 00 Revision 01.16 Copyright © TCG 2006-2014 Octob…
17996 This command allows removal of a platform-created NV Index that has TPMA_NV_POLICY_DELETE
18015 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01…
18047 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
18082 22 NvGetIndexInfo(in->nvIndex, &nvIndex);
18091 31 NvDeleteEntity(in->nvIndex);
18101 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01…
18110 not privacy-sensitive and no authorization is required to read this data.
18116 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
18150 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
18171 15 NvGetIndexInfo(in->nvIndex, &nvIndex);
18174 18 out->nvPublic.t.nvPublic = nvIndex.publicArea;
18177 21 out->nvName.t.size = NvGetName(in->nvIndex, &out->nvName.t.name);
18187 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
18226 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revisio…
18261 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, …
18296 16 NvGetIndexInfo(in->nvIndex, &nvIndex);
18300 20 result = NvWriteAccessChecks(in->authHandle, in->nvIndex);
18312 32 if((in->data.t.size + in->offset) > nvIndex.publicArea.dataSize)
18318 38 && in->data.t.size < nvIndex.publicArea.dataSize)
18326 46 return NvWriteIndexData(in->nvIndex, &nvIndex, in->offset,
18327 47 in->data.t.size, in->data.t.buffer);
18330 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Rev…
18341 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
18358 If TPMA_NV_ORDERLY is SET, and the difference between the volatile and non-volatile versions of this
18359 field is greater than MAX_ORDERLY_COUNT, then the non-volatile version of the counter is updated.
18362 … TPM_NV_COUNTER both SET, then in the Event of a non-orderly shutdown, the non-volatile value
18367 … past the maximum allowed value (MAX_ORDERLY_COUNT), the non-volatile version of the count is
18374 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revisio…
18406 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2…
18438 18 result = NvWriteAccessChecks(in->authHandle, in->nvIndex);
18443 23 NvGetIndexInfo(in->nvIndex, &nvIndex);
18456 36 NvGetIntIndexData(in->nvIndex, &nvIndex, &countValue);
18476 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.…
18484 58 return NvWriteIndexData(in->nvIndex, &nvIndex, 0, 8, &countValue);
18493 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
18531 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revisi…
18565 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, …
18602 21 result = NvWriteAccessChecks(in->authHandle, in->nvIndex);
18607 26 NvGetIndexInfo(in->nvIndex, &nvIndex);
18613 32 // If the Index is not-orderly, or if this is the first write, NV will
18634 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revis…
18637 51 NvGetIndexData(in->nvIndex, &nvIndex, 0,
18651 65 CryptUpdateDigest2B(&hashState, &in->data.b);
18658 72 return NvWriteIndexData(in->nvIndex, &nvIndex, 0,
18667 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
18689 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.…
18723 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30,…
18759 20 result = NvWriteAccessChecks(in->authHandle, in->nvIndex);
18764 25 NvGetIndexInfo(in->nvIndex, &nvIndex);
18775 36 NvGetIntIndexData(in->nvIndex, &nvIndex, &oldValue);
18778 39 newValue = oldValue | in->bits;
18780 41 // If the Index is not-orderly and it has changed, or if this is the first
18792 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Rev…
18801 57 result = NvWriteIndexData(in->nvIndex, &nvIndex, 0, 8, &newValue);
18812 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
18836 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
18869 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2…
18902 17 result = NvWriteAccessChecks(in->authHandle, in->nvIndex);
18913 28 NvGetIndexInfo(in->nvIndex, &nvIndex);
18916 31 // can not be write-locked
18936 51 NvWriteIndexInfo(in->nvIndex, &nvIndex);
18939 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Rev…
18951 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
18973 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision…
19002 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
19042 … October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
19056 NOTE If authorization sessions are present, they are checked before the read -lock status…
19069 Level 00 Revision 01.16 Copyright © TCG 2006-2014 Octobe…
19111 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16
19145 17 NvGetIndexInfo(in->nvIndex, &nvIndex);
19150 22 result = NvReadAccessChecks(in->authHandle, in->nvIndex);
19155 27 if((in->size + in->offset) > nvIndex.publicArea.dataSize)
19161 33 out->data.t.size = in->size;
19163 35 NvGetIndexData(in->nvIndex, &nvIndex, in->offset, in->size, out->data.t.buffer);
19173 …Level 00 Revision 01.16 Copyright © TCG 2006-2014 Oc…
19199 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Re…
19234 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2…
19273 24 result = NvReadAccessChecks(in->authHandle, in->nvIndex);
19287 38 NvGetIndexInfo(in->nvIndex, &nvIndex);
19289 40 // if TPMA_NV_READ_STCLEAR is not set, the index can not be read-locked
19298 49 NvWriteIndexInfo(in->nvIndex, &nvIndex);
19304 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Rev…
19313 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
19329 approval while other commands may use policy that is not command -dependent.
19341 October 30, 2014 Copyright © TCG 2006-2014 Level 00 R…
19373 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014
19405 19 NvGetIndexInfo(in->nvIndex, &nvIndex);
19409 23 MemoryRemoveTrailingZeros(&(in->newAuth));
19412 26 if(in->newAuth.t.size > CryptGetHashDigestSize(nvIndex.publicArea.nameAlg))
19417 31 nvIndex.authValue = in->newAuth;
19419 33 NvWriteIndexInfo(in->nvIndex, &nvIndex);
19429 …October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revisio…
19451 Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, …
19476 TPM2B_DATA qualifyingData user-provided qualifying data
19502 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 0…
19538 17 // the reporting of clock info. If this is the case, check if NV is
19553 32 NvGetIndexInfo(in->nvIndex, &nvIndex);
19557 36 result = NvReadAccessChecks(in->authHandle, in->nvIndex);
19563 42 if((in->size + in->offset) > nvIndex.publicArea.dataSize)
19569 …Level 00 Revision 01.16 Copyright © TCG 2006-2014 Oc…
19576 50 result = FillInAttestInfo(in->signHandle,
19577 51 &in->inScheme,
19578 52 &in->qualifyingData,
19593 67 NvGetName(in->nvIndex, &certifyInfo.attested.nv.indexName.t.name);
19596 70 certifyInfo.attested.nv.nvContents.t.size = in->size;
19599 73 certifyInfo.attested.nv.offset = in->offset;
19602 76 NvGetIndexData(in->nvIndex, &nvIndex,
19603 77 in->offset, in->size,
19612 86 result = SignAttestInfo(in->signHandle,
19613 87 &in->inScheme,
19615 89 &in->qualifyingData,
19616 90 &out->certifyInfo,
19617 91 &out->signature);
19623 97 if(in->signHandle != TPM_RH_NULL)
19634 October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16