external/tpm2/GetSessionAuditDigest.c

// This file was extracted from the TCG Published
// Trusted Platform Module Library
// Part 3: Commands
// Family "2.0"
// Level 00 Revision 01.16
// October 30, 2014

#include "InternalRoutines.h"
#include "Attest_spt_fp.h"
#include "GetSessionAuditDigest_fp.h"
//
//
//     Error Returns                 Meaning
//
//     TPM_RC_KEY                    key referenced by signHandle is not a signing key
//     TPM_RC_SCHEME                 inScheme is incompatible with signHandle type; or both scheme and
//                                   key's default scheme are empty; or scheme is empty while key's
//                                   default scheme requires explicit input scheme (split signing); or non-
//                                   empty default key scheme differs from scheme
//     TPM_RC_TYPE                   sessionHandle does not reference an audit session
//     TPM_RC_VALUE                  digest generated for the given scheme is greater than the modulus of
//                                   signHandle (for an RSA key); invalid commit status or failed to
//                                   generate r value (for an ECC key)
//
TPM_RC
TPM2_GetSessionAuditDigest(
   GetSessionAuditDigest_In      *in,                // IN: input parameter list
   GetSessionAuditDigest_Out     *out                // OUT: output parameter list
   )
{
   TPM_RC                  result;
   SESSION                *session;
   TPMS_ATTEST             auditInfo;

// Input Validation

   // SessionAuditDigest specific input validation
   // Get session pointer
   session = SessionGet(in->sessionHandle);

   // session must be an audit session
   if(session->attributes.isAudit == CLEAR)
       return TPM_RC_TYPE + RC_GetSessionAuditDigest_sessionHandle;

// Command Output

   // Filling in attest information
   // Common fields
   result = FillInAttestInfo(in->signHandle,
                             &in->inScheme,
                             &in->qualifyingData,
                             &auditInfo);
   if(result != TPM_RC_SUCCESS)
   {
       if(result == TPM_RC_KEY)
           return TPM_RC_KEY + RC_GetSessionAuditDigest_signHandle;
       else
           return RcSafeAddToResult(result, RC_GetSessionAuditDigest_inScheme);
   }

   // SessionAuditDigest specific fields
   // Attestation type
   auditInfo.type = TPM_ST_ATTEST_SESSION_AUDIT;

   // Copy digest
   auditInfo.attested.sessionAudit.sessionDigest = session->u2.auditDigest;

   // Exclusive audit session
   if(g_exclusiveAuditSession == in->sessionHandle)
       auditInfo.attested.sessionAudit.exclusiveSession = TRUE;
   else
       auditInfo.attested.sessionAudit.exclusiveSession = FALSE;

   // Sign attestation structure. A NULL signature will be returned if
   // signHandle is TPM_RH_NULL. A TPM_RC_NV_UNAVAILABLE, TPM_RC_NV_RATE,
   // TPM_RC_VALUE, TPM_RC_SCHEME or TPM_RC_ATTRIBUTES error may be returned at
   // this point
   result = SignAttestInfo(in->signHandle,
                           &in->inScheme,
                           &auditInfo,
                           &in->qualifyingData,
                           &out->auditInfo,
                           &out->signature);
   if(result != TPM_RC_SUCCESS)
       return result;

   // orderly state should be cleared because of the reporting of clock info
   // if signing happens
   if(in->signHandle != TPM_RH_NULL)
       g_clearOrderly = TRUE;

   return TPM_RC_SUCCESS;
}