1 // This file was extracted from the TCG Published
2 // Trusted Platform Module Library
3 // Part 3: Commands
4 // Family "2.0"
5 // Level 00 Revision 01.16
6 // October 30, 2014
7 
8 #include "InternalRoutines.h"
9 #include "ObjectChangeAuth_fp.h"
10 #include "Object_spt_fp.h"
11 //
12 //
13 //     Error Returns               Meaning
14 //
15 //     TPM_RC_SIZE                 newAuth is larger than the size of the digest of the Name algorithm of
16 //                                 objectHandle
17 //     TPM_RC_TYPE                 the key referenced by parentHandle is not the parent of the object
18 //                                 referenced by objectHandle; or objectHandle is a sequence object.
19 //
20 TPM_RC
TPM2_ObjectChangeAuth(ObjectChangeAuth_In * in,ObjectChangeAuth_Out * out)21 TPM2_ObjectChangeAuth(
22    ObjectChangeAuth_In    *in,                // IN: input parameter list
23    ObjectChangeAuth_Out   *out                // OUT: output parameter list
24    )
25 {
26    TPMT_SENSITIVE          sensitive;
27 
28    OBJECT                 *object;
29    TPM2B_NAME              objectQN, QNCompare;
30    TPM2B_NAME              parentQN;
31 
32 // Input Validation
33 
34    // Get object pointer
35    object = ObjectGet(in->objectHandle);
36 
37    // Can not change auth on sequence object
38    if(ObjectIsSequence(object))
39        return TPM_RC_TYPE + RC_ObjectChangeAuth_objectHandle;
40 
41    // Make sure that the auth value is consistent with the nameAlg
42    if( MemoryRemoveTrailingZeros(&in->newAuth)
43            > CryptGetHashDigestSize(object->publicArea.nameAlg))
44        return TPM_RC_SIZE + RC_ObjectChangeAuth_newAuth;
45 
46    // Check parent for object
47    // parent handle must be the parent of object handle. In this
48    // implementation we verify this by checking the QN of object. Other
49    // implementation may choose different method to verify this attribute.
50    ObjectGetQualifiedName(in->parentHandle, &parentQN);
51    ObjectComputeQualifiedName(&parentQN, object->publicArea.nameAlg,
52                               &object->name, &QNCompare);
53 
54    ObjectGetQualifiedName(in->objectHandle, &objectQN);
55    if(!Memory2BEqual(&objectQN.b, &QNCompare.b))
56        return TPM_RC_TYPE + RC_ObjectChangeAuth_parentHandle;
57 
58 // Command Output
59 
60    // Copy internal sensitive area
61    sensitive = object->sensitive;
62    // Copy authValue
63    sensitive.authValue = in->newAuth;
64 
65    // Prepare output private data from sensitive
66    SensitiveToPrivate(&sensitive, &object->name, in->parentHandle,
67                       object->publicArea.nameAlg,
68                        &out->outPrivate);
69 
70    return TPM_RC_SUCCESS;
71 }
72