Lines Matching refs:sensitive
1375 a) The public and sensitive portions
4184 data (creationData), its public area (outPublic), and its encrypted sensitive area (outPrivate). Pr…
4191 sensitive area loaded.
4196 The sensitive parameter may be encrypted using parameter encryption.
4203 The TPM will create new data for the sensitive area and compute a TPMT_PUBLIC.unique from the
4204 sensitive area based on the object type:
4207 TPMT_SENSITIVE.sensitive.sym. The size of the key will be determined by
4211 inSensitive.data to TPMT_SENSITIVE.sensitive.sym of the new object.
4212 3) A TPM-generated obfuscation value is placed in TPMT_SENSITIVE.sensitive.seedValue. The
4214 value prevents the public unique value from leaking information about the sensitive area.
4219 unique ≔ HnameAlg(sensitive.seedValue.buffer || sensitive.any.buffer)
4224 1) If sensitive.data is not the Empty Buffer, then the TPM shall return TPM_RC_VALUE.
4260 TPMT_SENSITIVE.sensitive of the new object.
4264 TPMT_SENSITIVE.sensitive.bits.data by MAX_SYM_DATA.
4277 produced by the nameAlg in inPublic is placed in TPMT_SENSITIVE.sensitive.any.buffer.
4287 The encryption key is derived from the symmetric seed in the sensitive area of the parent.
4352 the sensitive data
4455 sensitiveDataOrigin is CLEAR when 'sensitive. data' is an Empty
4456 Buffer, or is SET when 'sensitive. data' is not empty; fixedTPM,
4459 restricted, decrypt and sign attributes; attempt to inject sensitive data
4479 sensitive creation area; may also be returned if the TPM does not
4494 size of public auth policy or sensitive auth value does not match
4495 digest size of the name algorithm sensitive data size for the keyed
4507 decryption key in the storage hierarchy with both public and sensitive
4555 sensitive;
4641 != (in->inSensitive.t.sensitive.data.t.size == 0))
4651 // Validate the sensitive area values
4652 if( MemoryRemoveTrailingZeros(&in->inSensitive.t.sensitive.userAuth)
4658 &in->inSensitive.t.sensitive, &sensitive);
4672 // Prepare output private data from sensitive
4673 SensitiveToPrivate(&sensitive, &name, in->parentHandle,
4714 checked before the sensitive area is used, or unmarshaled.
4717 Checking the integrity before the data is used prevents attacks o n the sensitive area by fuzzing t…
4732 For all objects, the size of the key in the sensitive area shall be consistent with the key size in…
4734 Before use, a loaded object shall be checked to validate that the public and sensitive portions are
4739 For a symmetric object, the unique value in the public area shall be the digest of the sensitive key
4967 sensitive;
5062 // Retrieve sensitive data. PrivateToSensitive() may return TPM_RC_INTEGRITY or
5067 &sensitive);
5076 result = ObjectLoad(hierarchy, &in->inPublic.t.publicArea, &sensitive,
5103 loading of a public area or both a public and sensitive area.
5107 Typical use for loading both a public and sensitive area is to allow the TPM to be used as a crypto
5112 public and sensitive portions of the object are loaded, hierarchy is required to be TPM_RH_NULL.
5143 and sensitive areas, but the TPM will validate that the size of the key in the sensitive area is co…
5155 sensitive portions cryptographically bound so that an attacker cannot mix pubic and sensitive areas.
5229 the sensitive portion of the object (optional)
5301 both public and sensitive portions are loaded
5394 *sensitive;
5409 // For loading an object with both public and sensitive
5415 // An external object with a sensitive area must have fixedTPM == CLEAR
5479 // If a sensitive area was provided, load it
5481 sensitive = &in->inPrivate.t.sensitiveArea;
5483 sensitive = NULL;
5487 sensitive, &out->name, TPM_RH_NULL, skipChecks,
6076 loaded public area, used to encrypt the sensitive area
6434 MemoryCopy2B(&out->outData.b, &object->sensitive.sensitive.bits.b,
6671 sensitive;
6697 // Copy internal sensitive area
6698 sensitive = object->sensitive;
6700 sensitive.authValue = in->newAuth;
6701 // Prepare output private data from sensitive
6702 SensitiveToPrivate(&sensitive, &object->name, in->parentHandle,
6755 sensitive area could not be loaded in the TPM from which objectHandle is being duplicated.
7025 sensitive;
7160 // Copy sensitive area
7161 sensitive = object->sensitive;
7162 // Prepare output private data from sensitive
7163 SensitiveToDuplicate(&sensitive, &object->name, in->newParentHandle,
7396 key, or unmarshal the private buffer to sensitive
7625 Recovery of the sensitive data of the object occurs in the TPM in a three-step process in the follo…
7666 It is not necessary to validate that the sensitive area data is cryptographically bound to the publ…
7683 checked before the sensitive area is used, or unmarshaled.
7688 Checking the integrity before the data is used prevents attacks on the sensitive area by fuzzing the
7823 the sensitive area encrypted with the symmetric key of
7877 secret; or unmarshaling sensitive value from duplicate failed the
7915 RSA key referenced by parentHandle; or unmarshaling sensitive
8039 sensitive;
8153 // Retrieve sensitive from private.
8158 &in->encryptionKey, &sensitive);
8178 &sensitive, NULL, in->parentHandle, FALSE,
8187 // Prepare output private data from sensitive
8188 SensitiveToPrivate(&sensitive, &name, in->parentHandle,
8904 NOTE: Proper operation of this command requires that the sensitive area
8906 to use the sensitive area of the key. In order to check the authorization,
8907 the sensitive area has to be loaded, even if authorization is with policy.
8985 keyHandle shall refer to a loaded ECC key. The sensitive portion of this key need not be loaded.
9167 sensitive;
9184 &out->pubPoint.t.point, &sensitive);
9190 &sensitive, &eccKey->publicArea.unique.ecc);
9415 &eccKey->sensitive.sensitive.ecc,
9922 &eccKey->sensitive.sensitive.ecc,
10376 key = symKey->sensitive.sensitive.sym.t.buffer;
10924 &hmacObject->sensitive.sensitive.bits.b,
12770 number. These values may be considered privacy-sensitive, because they would aid in the correlation…
12832 …ic area with a given Name is selfconsistent and associated with a valid sensitive area. If a relyi…
12847 has not validated that the public area is associated with a matched sensitive area, then the public
15413 &eccKey->sensitive.sensitive.ecc,
15641 The sensitive area of the symmetric object is required to allow verification of the symmetric
15838 // If it doesn't have a sensitive area loaded
19261 authObject need to have sensitive portion loaded
24972 The command will create and load a Primary Object. The sensitive area is not returned.
24975 Since the sensitive data is not returned, the key cannot be reloaded.
25052 the sensitive data, see Part 1 Sensitive Values
25164 sensitiveDataOrigin is CLEAR when 'sensitive. data' is an Empty
25165 Buffer, or is SET when 'sensitive. data' is not empty; fixedTPM,
25168 restricted, decrypt and sign attributes; attempt to inject sensitive data
25188 size of public auth policy or sensitive auth value does not match
25189 digest size of the name algorithm sensitive data size for the keyed
25249 sensitive;
25256 != (in->inSensitive.t.sensitive.data.t.size == 0 ))
25266 // Validate the sensitive area values
25267 if( MemoryRemoveTrailingZeros(&in->inSensitive.t.sensitive.userAuth)
25327 &in->inSensitive.t.sensitive,&sensitive);
25343 result = ObjectLoad(in->primaryHandle, &in->inPublic.t.publicArea, &sensitive,
30292 privacy sensitive. The values may be read without authorization because the TCB will not disclose
32747 not privacy-sensitive and no authorization is required to read this data.