1 // This file was extracted from the TCG Published
2 // Trusted Platform Module Library
3 // Part 3: Commands
4 // Family "2.0"
5 // Level 00 Revision 01.16
6 // October 30, 2014
7 
8 #include "InternalRoutines.h"
9 #include "VerifySignature_fp.h"
10 //
11 //
12 //     Error Returns                     Meaning
13 //
14 //     TPM_RC_ATTRIBUTES                 keyHandle does not reference a signing key
15 //     TPM_RC_SIGNATURE                  signature is not genuine
16 //     TPM_RC_SCHEME                     CryptVerifySignature()
17 //     TPM_RC_HANDLE                     the input handle is references an HMAC key but the private portion is
18 //                                       not loaded
19 //
20 TPM_RC
TPM2_VerifySignature(VerifySignature_In * in,VerifySignature_Out * out)21 TPM2_VerifySignature(
22    VerifySignature_In        *in,                   // IN: input parameter list
23    VerifySignature_Out       *out                   // OUT: output parameter list
24    )
25 {
26    TPM_RC                     result;
27    TPM2B_NAME                 name;
28    OBJECT                    *signObject;
29    TPMI_RH_HIERARCHY          hierarchy;
30 
31 // Input Validation
32 
33    // Get sign object pointer
34    signObject = ObjectGet(in->keyHandle);
35 
36    // The object to validate the signature must be a signing key.
37    if(signObject->publicArea.objectAttributes.sign != SET)
38        return TPM_RC_ATTRIBUTES + RC_VerifySignature_keyHandle;
39 
40    // Validate Signature. TPM_RC_SCHEME, TPM_RC_HANDLE or TPM_RC_SIGNATURE
41    // error may be returned by CryptCVerifySignatrue()
42    result = CryptVerifySignature(in->keyHandle, &in->digest, &in->signature);
43    if(result != TPM_RC_SUCCESS)
44        return RcSafeAddToResult(result, RC_VerifySignature_signature);
45 
46 // Command Output
47 
48    hierarchy = ObjectGetHierarchy(in->keyHandle);
49    if(   hierarchy == TPM_RH_NULL
50       || signObject->publicArea.nameAlg == TPM_ALG_NULL)
51    {
52        // produce empty ticket if hierarchy is TPM_RH_NULL or nameAlg is
53        // TPM_ALG_NULL
54        out->validation.tag = TPM_ST_VERIFIED;
55        out->validation.hierarchy = TPM_RH_NULL;
56        out->validation.digest.t.size = 0;
57    }
58    else
59    {
60        // Get object name that verifies the signature
61        name.t.size = ObjectGetName(in->keyHandle, &name.t.name);
62        // Compute ticket
63        TicketComputeVerified(hierarchy, &in->digest, &name, &out->validation);
64    }
65 
66    return TPM_RC_SUCCESS;
67 }
68