1 // This file was extracted from the TCG Published
2 // Trusted Platform Module Library
3 // Part 4: Supporting Routines
4 // Family "2.0"
5 // Level 00 Revision 01.16
6 // October 30, 2014
7 
8 #include "InternalRoutines.h"
9 #include "Context_spt_fp.h"
10 //
11 //
12 //            Functions
13 //
14 //              ComputeContextProtectionKey()
15 //
16 //      This function retrieves the symmetric protection key for context encryption It is used by
17 //      TPM2_ConextSave() and TPM2_ContextLoad() to create the symmetric encryption key and iv
18 //
19 void
ComputeContextProtectionKey(TPMS_CONTEXT * contextBlob,TPM2B_SYM_KEY * symKey,TPM2B_IV * iv)20 ComputeContextProtectionKey(
21      TPMS_CONTEXT      *contextBlob,    // IN: context blob
22      TPM2B_SYM_KEY     *symKey,         // OUT: the symmetric key
23      TPM2B_IV          *iv              // OUT: the IV.
24      )
25 {
26      UINT16             symKeyBits;     // number of bits in the parent's
27                                         //   symmetric key
28      TPM2B_AUTH        *proof = NULL;   // the proof value to use. Is null for
29                                         //   everything but a primary object in
30                                         //   the Endorsement Hierarchy
31      BYTE               kdfResult[sizeof(TPMU_HA) * 2];// Value produced by the KDF
32      TPM2B_DATA         sequence2B, handle2B;
33      // Get proof value
34      proof = HierarchyGetProof(contextBlob->hierarchy);
35      // Get sequence value in 2B format
36      sequence2B.t.size = sizeof(contextBlob->sequence);
37      MemoryCopy(sequence2B.t.buffer, &contextBlob->sequence,
38                 sizeof(contextBlob->sequence),
39                 sizeof(sequence2B.t.buffer));
40      // Get handle value in 2B format
41      handle2B.t.size = sizeof(contextBlob->savedHandle);
42      MemoryCopy(handle2B.t.buffer, &contextBlob->savedHandle,
43                 sizeof(contextBlob->savedHandle),
44                 sizeof(handle2B.t.buffer));
45      // Get the symmetric encryption key size
46      symKey->t.size = CONTEXT_ENCRYPT_KEY_BYTES;
47 //
48    symKeyBits = CONTEXT_ENCRYPT_KEY_BITS;
49    // Get the size of the IV for the algorithm
50    iv->t.size = CryptGetSymmetricBlockSize(CONTEXT_ENCRYPT_ALG, symKeyBits);
51    // KDFa to generate symmetric key and IV value
52    KDFa(CONTEXT_INTEGRITY_HASH_ALG, &proof->b, "CONTEXT", &sequence2B.b,
53         &handle2B.b, (symKey->t.size + iv->t.size) * 8, kdfResult, NULL);
54    // Copy part of the returned value as the key
55    MemoryCopy(symKey->t.buffer, kdfResult, symKey->t.size,
56               sizeof(symKey->t.buffer));
57    // Copy the rest as the IV
58    MemoryCopy(iv->t.buffer, &kdfResult[symKey->t.size], iv->t.size,
59               sizeof(iv->t.buffer));
60    return;
61 }
62 //
63 //
64 //         ComputeContextIntegrity()
65 //
66 //     Generate the integrity hash for a context It is used by TPM2_ContextSave() to create an integrity hash
67 //     and by TPM2_ContextLoad() to compare an integrity hash
68 //
69 void
ComputeContextIntegrity(TPMS_CONTEXT * contextBlob,TPM2B_DIGEST * integrity)70 ComputeContextIntegrity(
71    TPMS_CONTEXT       *contextBlob,      // IN: context blob
72    TPM2B_DIGEST       *integrity         // OUT: integrity
73    )
74 {
75    HMAC_STATE              hmacState;
76    TPM2B_AUTH              *proof;
77    UINT16                  integritySize;
78    // Get proof value
79    proof = HierarchyGetProof(contextBlob->hierarchy);
80    // Start HMAC
81    integrity->t.size = CryptStartHMAC2B(CONTEXT_INTEGRITY_HASH_ALG,
82                                         &proof->b, &hmacState);
83    // Compute integrity size at the beginning of context blob
84    integritySize = sizeof(integrity->t.size) + integrity->t.size;
85    // Adding total reset counter so that the context cannot be
86    // used after a TPM Reset
87    CryptUpdateDigestInt(&hmacState, sizeof(gp.totalResetCount),
88                         &gp.totalResetCount);
89    // If this is a ST_CLEAR object, add the clear count
90    // so that this contest cannot be loaded after a TPM Restart
91    if(contextBlob->savedHandle == 0x80000002)
92        CryptUpdateDigestInt(&hmacState, sizeof(gr.clearCount), &gr.clearCount);
93    // Adding sequence number to the HMAC to make sure that it doesn't
94    // get changed
95    CryptUpdateDigestInt(&hmacState, sizeof(contextBlob->sequence),
96                         &contextBlob->sequence);
97    // Protect the handle
98    CryptUpdateDigestInt(&hmacState, sizeof(contextBlob->savedHandle),
99                          &contextBlob->savedHandle);
100    // Adding sensitive contextData, skip the leading integrity area
101      CryptUpdateDigest(&hmacState, contextBlob->contextBlob.t.size - integritySize,
102                        contextBlob->contextBlob.t.buffer + integritySize);
103      // Complete HMAC
104      CryptCompleteHMAC2B(&hmacState, &integrity->b);
105      return;
106 }
107 //
108 //
109 //           SequenceDataImportExport()
110 //
111 //      This function is used scan through the sequence object and either modify the hash state data for
112 //      LIB_EXPORT or to import it into the internal format
113 //
114 void
SequenceDataImportExport(OBJECT * object,OBJECT * exportObject,IMPORT_EXPORT direction)115 SequenceDataImportExport(
116      OBJECT           *object,          // IN: the object containing the sequence data
117      OBJECT           *exportObject,    // IN/OUT: the object structure that will get
118                                         //     the exported hash state
119      IMPORT_EXPORT     direction
120      )
121 {
122      int                      count = 1;
123      HASH_OBJECT             *internalFmt = (HASH_OBJECT *)object;
124      HASH_OBJECT             *externalFmt = (HASH_OBJECT *)exportObject;
125      if(object->attributes.eventSeq)
126          count = HASH_COUNT;
127      for(; count; count--)
128          CryptHashStateImportExport(&internalFmt->state.hashState[count - 1],
129                               externalFmt->state.hashState, direction);
130 }
131