Home | History | Annotate | Download | only in tpm2
      1 // This file was extracted from the TCG Published
      2 // Trusted Platform Module Library
      3 // Part 3: Commands
      4 // Family "2.0"
      5 // Level 00 Revision 01.16
      6 // October 30, 2014
      7 
      8 #include "InternalRoutines.h"
      9 #include "Attest_spt_fp.h"
     10 #include "GetSessionAuditDigest_fp.h"
     11 //
     12 //
     13 //     Error Returns                 Meaning
     14 //
     15 //     TPM_RC_KEY                    key referenced by signHandle is not a signing key
     16 //     TPM_RC_SCHEME                 inScheme is incompatible with signHandle type; or both scheme and
     17 //                                   key's default scheme are empty; or scheme is empty while key's
     18 //                                   default scheme requires explicit input scheme (split signing); or non-
     19 //                                   empty default key scheme differs from scheme
     20 //     TPM_RC_TYPE                   sessionHandle does not reference an audit session
     21 //     TPM_RC_VALUE                  digest generated for the given scheme is greater than the modulus of
     22 //                                   signHandle (for an RSA key); invalid commit status or failed to
     23 //                                   generate r value (for an ECC key)
     24 //
     25 TPM_RC
     26 TPM2_GetSessionAuditDigest(
     27    GetSessionAuditDigest_In      *in,                // IN: input parameter list
     28    GetSessionAuditDigest_Out     *out                // OUT: output parameter list
     29    )
     30 {
     31    TPM_RC                  result;
     32    SESSION                *session;
     33    TPMS_ATTEST             auditInfo;
     34 
     35 // Input Validation
     36 
     37    // SessionAuditDigest specific input validation
     38    // Get session pointer
     39    session = SessionGet(in->sessionHandle);
     40 
     41    // session must be an audit session
     42    if(session->attributes.isAudit == CLEAR)
     43        return TPM_RC_TYPE + RC_GetSessionAuditDigest_sessionHandle;
     44 
     45 // Command Output
     46 
     47    // Filling in attest information
     48    // Common fields
     49    result = FillInAttestInfo(in->signHandle,
     50                              &in->inScheme,
     51                              &in->qualifyingData,
     52                              &auditInfo);
     53    if(result != TPM_RC_SUCCESS)
     54    {
     55        if(result == TPM_RC_KEY)
     56            return TPM_RC_KEY + RC_GetSessionAuditDigest_signHandle;
     57        else
     58            return RcSafeAddToResult(result, RC_GetSessionAuditDigest_inScheme);
     59    }
     60 
     61    // SessionAuditDigest specific fields
     62    // Attestation type
     63    auditInfo.type = TPM_ST_ATTEST_SESSION_AUDIT;
     64 
     65    // Copy digest
     66    auditInfo.attested.sessionAudit.sessionDigest = session->u2.auditDigest;
     67 
     68    // Exclusive audit session
     69    if(g_exclusiveAuditSession == in->sessionHandle)
     70        auditInfo.attested.sessionAudit.exclusiveSession = TRUE;
     71    else
     72        auditInfo.attested.sessionAudit.exclusiveSession = FALSE;
     73 
     74    // Sign attestation structure. A NULL signature will be returned if
     75    // signHandle is TPM_RH_NULL. A TPM_RC_NV_UNAVAILABLE, TPM_RC_NV_RATE,
     76    // TPM_RC_VALUE, TPM_RC_SCHEME or TPM_RC_ATTRIBUTES error may be returned at
     77    // this point
     78    result = SignAttestInfo(in->signHandle,
     79                            &in->inScheme,
     80                            &auditInfo,
     81                            &in->qualifyingData,
     82                            &out->auditInfo,
     83                            &out->signature);
     84    if(result != TPM_RC_SUCCESS)
     85        return result;
     86 
     87    // orderly state should be cleared because of the reporting of clock info
     88    // if signing happens
     89    if(in->signHandle != TPM_RH_NULL)
     90        g_clearOrderly = TRUE;
     91 
     92    return TPM_RC_SUCCESS;
     93 }
     94