Lines Matching refs:sensitive
1375 a) The public and sensitive portions
4186 data (creationData), its public area (outPublic), and its encrypted sensitive area (outPrivate). Pr…
4193 sensitive area loaded.
4198 The sensitive parameter may be encrypted using parameter encryption.
4205 The TPM will create new data for the sensitive area and compute a TPMT_PUBLIC.unique from the
4206 sensitive area based on the object type:
4209 TPMT_SENSITIVE.sensitive.sym. The size of the key will be determined by
4213 inSensitive.data to TPMT_SENSITIVE.sensitive.sym of the new object.
4214 3) A TPM-generated obfuscation value is placed in TPMT_SENSITIVE.sensitive.seedValue. The
4216 value prevents the public unique value from leaking information about the sensitive area.
4221 unique ≔ HnameAlg(sensitive.seedValue.buffer || sensitive.any.buffer)
4226 1) If sensitive.data is not the Empty Buffer, then the TPM shall return TPM_RC_VALUE.
4262 TPMT_SENSITIVE.sensitive of the new object.
4266 TPMT_SENSITIVE.sensitive.bits.data by MAX_SYM_DATA.
4279 produced by the nameAlg in inPublic is placed in TPMT_SENSITIVE.sensitive.any.buffer.
4289 The encryption key is derived from the symmetric seed in the sensitive area of the parent.
4354 the sensitive data
4457 sensitiveDataOrigin is CLEAR when 'sensitive. data' is an Empty
4458 Buffer, or is SET when 'sensitive. data' is not empty; fixedTPM,
4461 restricted, decrypt and sign attributes; attempt to inject sensitive data
4481 sensitive creation area; may also be returned if the TPM does not
4496 size of public auth policy or sensitive auth value does not match
4497 digest size of the name algorithm sensitive data size for the keyed
4509 decryption key in the storage hierarchy with both public and sensitive
4557 sensitive;
4643 != (in->inSensitive.t.sensitive.data.t.size == 0))
4653 // Validate the sensitive area values
4654 if( MemoryRemoveTrailingZeros(&in->inSensitive.t.sensitive.userAuth)
4660 &in->inSensitive.t.sensitive, &sensitive);
4674 // Prepare output private data from sensitive
4675 SensitiveToPrivate(&sensitive, &name, in->parentHandle,
4716 checked before the sensitive area is used, or unmarshaled.
4719 Checking the integrity before the data is used prevents attacks o n the sensitive area by fuzzing t…
4734 For all objects, the size of the key in the sensitive area shall be consistent with the key size in…
4736 Before use, a loaded object shall be checked to validate that the public and sensitive portions are
4741 For a symmetric object, the unique value in the public area shall be the digest of the sensitive key
4969 sensitive;
5064 // Retrieve sensitive data. PrivateToSensitive() may return TPM_RC_INTEGRITY or
5069 &sensitive);
5078 result = ObjectLoad(hierarchy, &in->inPublic.t.publicArea, &sensitive,
5105 loading of a public area or both a public and sensitive area.
5109 Typical use for loading both a public and sensitive area is to allow the TPM to be used as a crypto
5114 public and sensitive portions of the object are loaded, hierarchy is required to be TPM_RH_NULL.
5145 and sensitive areas, but the TPM will validate that the size of the key in the sensitive area is co…
5157 sensitive portions cryptographically bound so that an attacker cannot mix pubic and sensitive areas.
5231 the sensitive portion of the object (optional)
5303 both public and sensitive portions are loaded
5396 *sensitive;
5411 // For loading an object with both public and sensitive
5417 // An external object with a sensitive area must have fixedTPM == CLEAR
5481 // If a sensitive area was provided, load it
5483 sensitive = &in->inPrivate.t.sensitiveArea;
5485 sensitive = NULL;
5489 sensitive, &out->name, TPM_RH_NULL, skipChecks,
6078 loaded public area, used to encrypt the sensitive area
6438 MemoryCopy2B(&out->outData.b, &object->sensitive.sensitive.bits.b,
6675 sensitive;
6701 // Copy internal sensitive area
6702 sensitive = object->sensitive;
6704 sensitive.authValue = in->newAuth;
6705 // Prepare output private data from sensitive
6706 SensitiveToPrivate(&sensitive, &object->name, in->parentHandle,
6759 sensitive area could not be loaded in the TPM from which objectHandle is being duplicated.
7031 sensitive;
7166 // Copy sensitive area
7167 sensitive = object->sensitive;
7168 // Prepare output private data from sensitive
7169 SensitiveToDuplicate(&sensitive, &object->name, in->newParentHandle,
7406 key, or unmarshal the private buffer to sensitive
7635 Recovery of the sensitive data of the object occurs in the TPM in a three-step process in the follo…
7676 It is not necessary to validate that the sensitive area data is cryptographically bound to the publ…
7693 checked before the sensitive area is used, or unmarshaled.
7698 Checking the integrity before the data is used prevents attacks on the sensitive area by fuzzing the
7834 the sensitive area encrypted with the symmetric key of
7888 secret; or unmarshaling sensitive value from duplicate failed the
7926 RSA key referenced by parentHandle; or unmarshaling sensitive
8050 sensitive;
8164 // Retrieve sensitive from private.
8169 &in->encryptionKey, &sensitive);
8189 &sensitive, NULL, in->parentHandle, FALSE,
8198 // Prepare output private data from sensitive
8199 SensitiveToPrivate(&sensitive, &name, in->parentHandle,
8915 NOTE: Proper operation of this command requires that the sensitive area
8917 to use the sensitive area of the key. In order to check the authorization,
8918 the sensitive area has to be loaded, even if authorization is with policy.
8996 keyHandle shall refer to a loaded ECC key. The sensitive portion of this key need not be loaded.
9178 sensitive;
9195 &out->pubPoint.t.point, &sensitive);
9201 &sensitive, &eccKey->publicArea.unique.ecc);
9426 &eccKey->sensitive.sensitive.ecc,
9933 &eccKey->sensitive.sensitive.ecc,
10387 key = symKey->sensitive.sensitive.sym.t.buffer;
10935 &hmacObject->sensitive.sensitive.bits.b,
12781 number. These values may be considered privacy-sensitive, because they would aid in the correlation…
12843 …ic area with a given Name is selfconsistent and associated with a valid sensitive area. If a relyi…
12858 has not validated that the public area is associated with a matched sensitive area, then the public
15424 &eccKey->sensitive.sensitive.ecc,
15652 The sensitive area of the symmetric object is required to allow verification of the symmetric
15849 // If it doesn't have a sensitive area loaded
19272 authObject need to have sensitive portion loaded
24983 The command will create and load a Primary Object. The sensitive area is not returned.
24986 Since the sensitive data is not returned, the key cannot be reloaded.
25063 the sensitive data, see Part 1 Sensitive Values
25175 sensitiveDataOrigin is CLEAR when 'sensitive. data' is an Empty
25176 Buffer, or is SET when 'sensitive. data' is not empty; fixedTPM,
25179 restricted, decrypt and sign attributes; attempt to inject sensitive data
25199 size of public auth policy or sensitive auth value does not match
25200 digest size of the name algorithm sensitive data size for the keyed
25260 sensitive;
25267 != (in->inSensitive.t.sensitive.data.t.size == 0 ))
25277 // Validate the sensitive area values
25278 if( MemoryRemoveTrailingZeros(&in->inSensitive.t.sensitive.userAuth)
25338 &in->inSensitive.t.sensitive,&sensitive);
25354 result = ObjectLoad(in->primaryHandle, &in->inPublic.t.publicArea, &sensitive,
30303 privacy sensitive. The values may be read without authorization because the TCB will not disclose
32756 not privacy-sensitive and no authorization is required to read this data.