1 /* 2 * Copyright 2015 The Chromium OS Authors. All rights reserved. 3 * Use of this source code is governed by a BSD-style license that can be 4 * found in the LICENSE file. 5 */ 6 7 #ifndef __TPM2_OBJECT_SPT_FP_H 8 #define __TPM2_OBJECT_SPT_FP_H 9 10 BOOL AreAttributesForParent(OBJECT *parentObject // IN: parent handle 11 ); 12 TPM_RC CredentialToSecret( 13 TPM2B_ID_OBJECT *inIDObject, // IN: input credential blob 14 TPM2B_NAME *name, // IN: the name of the object 15 TPM2B_SEED *seed, // IN: an external seed. 16 TPM_HANDLE protector, // IN: The protector's handle 17 TPM2B_DIGEST *secret // OUT: secret information 18 ); 19 TPM_RC DuplicateToSensitive( 20 TPM2B_PRIVATE *inPrivate, // IN: input private structure 21 TPM2B_NAME *name, // IN: the name of the object 22 TPM_HANDLE parentHandle, // IN: The parent's handle 23 TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. 24 TPM2B_SEED *seed, // IN: an external seed may be provided. If external 25 // seed is provided with size of 0, no outer wrap is 26 // applied 27 TPMT_SYM_DEF_OBJECT *symDef, // IN: Symmetric key definition. If the 28 // symmetric key algorithm is NULL, no inner 29 // wrap is applied 30 TPM2B_DATA *innerSymKey, // IN: a symmetric key may be provided to 31 // decrypt the inner wrap of a duplication blob. 32 TPMT_SENSITIVE *sensitive // OUT: sensitive structure 33 ); 34 void FillInCreationData( 35 TPMI_DH_OBJECT parentHandle, // IN: handle of parent 36 TPMI_ALG_HASH nameHashAlg, // IN: name hash algorithm 37 TPML_PCR_SELECTION *creationPCR, // IN: PCR selection 38 TPM2B_DATA *outsideData, // IN: outside data 39 TPM2B_CREATION_DATA *outCreation, // OUT: creation data for output 40 TPM2B_DIGEST *creationDigest // OUT: creation digest 41 ); 42 TPM2B_SEED *GetSeedForKDF( 43 TPM_HANDLE protectorHandle, // IN: the protector handle 44 TPM2B_SEED *seedIn // IN: the optional input seed 45 ); 46 TPM_RC PrivateToSensitive( 47 TPM2B_PRIVATE *inPrivate, // IN: input private structure 48 TPM2B_NAME *name, // IN: the name of the object 49 TPM_HANDLE parentHandle, // IN: The parent's handle 50 TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. It is passed 51 // separately because we only pass name, rather than 52 // the whole public area of the object. This parameter 53 // is used in the following two cases: 1. primary 54 // objects. 2. duplication blob with inner wrap. In 55 // other cases, this parameter will be ignored 56 TPMT_SENSITIVE *sensitive // OUT: sensitive structure 57 ); 58 UINT16 ProduceOuterWrap( 59 TPM_HANDLE protector, // IN: The handle of the object that provides 60 // protection. For object, it is parent handle. For 61 // credential, it is the handle of encrypt object. 62 TPM2B_NAME *name, // IN: the name of the object 63 TPM_ALG_ID hashAlg, // IN: hash algorithm for outer wrap 64 TPM2B_SEED *seed, // IN: an external seed may be provided for duplication 65 // blob. For non duplication blob, this parameter 66 // should be NULL 67 BOOL useIV, // IN: indicate if an IV is used 68 UINT16 dataSize, // IN: the size of sensitive data, excluding the leading 69 // integrity buffer size or the optional iv size 70 BYTE *outerBuffer // IN/OUT: outer buffer with sensitive data in it 71 ); 72 TPM_RC PublicAttributesValidation( 73 BOOL load, // IN: TRUE if load checks, FALSE if TPM2_Create() 74 TPMI_DH_OBJECT parentHandle, // IN: input parent handle 75 TPMT_PUBLIC *publicArea // IN: public area of the object 76 ); 77 TPM_RC SchemeChecks( 78 BOOL load, // IN: TRUE if load checks, FALSE if TPM2_Create() 79 TPMI_DH_OBJECT parentHandle, // IN: input parent handle 80 TPMT_PUBLIC *publicArea // IN: public area of the object 81 ); 82 void SecretToCredential( 83 TPM2B_DIGEST *secret, // IN: secret information 84 TPM2B_NAME *name, // IN: the name of the object 85 TPM2B_SEED *seed, // IN: an external seed. 86 TPM_HANDLE protector, // IN: The protector's handle 87 TPM2B_ID_OBJECT *outIDObject // OUT: output credential 88 ); 89 void SensitiveToDuplicate( 90 TPMT_SENSITIVE *sensitive, // IN: sensitive structure 91 TPM2B_NAME *name, // IN: the name of the object 92 TPM_HANDLE parentHandle, // IN: The new parent's handle 93 TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. It is passed 94 // separately because we only pass name, rather than 95 // the whole public area of the object. 96 TPM2B_SEED *seed, // IN: the external seed. If external seed is provided 97 // with size of 0, no outer wrap should be applied to 98 // duplication blob. 99 TPMT_SYM_DEF_OBJECT *symDef, // IN: Symmetric key definition. If the 100 // symmetric key algorithm is NULL, no inner 101 // wrap should be applied. 102 TPM2B_DATA *innerSymKey, // IN/OUT: a symmetric key may be provided to 103 // encrypt the inner wrap of a duplication blob. 104 // May be generated here if needed. 105 TPM2B_PRIVATE *outPrivate // OUT: output private structure 106 ); 107 void SensitiveToPrivate( 108 TPMT_SENSITIVE *sensitive, // IN: sensitive structure 109 TPM2B_NAME *name, // IN: the name of the object 110 TPM_HANDLE parentHandle, // IN: The parent's handle 111 TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. This parameter 112 // is used when parentHandle is NULL, in which case 113 // the object is temporary. 114 TPM2B_PRIVATE *outPrivate // OUT: output private structure 115 ); 116 TPM_RC UnwrapOuter( 117 TPM_HANDLE protector, // IN: The handle of the object that provides 118 // protection. For object, it is parent handle. For 119 // credential, it is the handle of encrypt object. 120 TPM2B_NAME *name, // IN: the name of the object 121 TPM_ALG_ID hashAlg, // IN: hash algorithm for outer wrap 122 TPM2B_SEED *seed, // IN: an external seed may be provided for duplication 123 // blob. For non duplication blob, this parameter 124 // should be NULL. 125 BOOL useIV, // IN: indicates if an IV is used 126 UINT16 dataSize, // IN: size of sensitive data in outerBuffer, including 127 // the leading integrity buffer size, and an optional iv 128 // area 129 BYTE *outerBuffer // IN/OUT: sensitive data 130 ); 131 132 #endif // __TPM2_OBJECT_SPT_FP_H 133