xref: /external/tpm2/Context_spt.c

// This file was extracted from the TCG Published
// Trusted Platform Module Library
// Part 4: Supporting Routines
// Family "2.0"
// Level 00 Revision 01.16
// October 30, 2014

#include "InternalRoutines.h"
#include "Context_spt_fp.h"
//
//
//            Functions
//
//              ComputeContextProtectionKey()
//
//      This function retrieves the symmetric protection key for context encryption It is used by
//      TPM2_ConextSave() and TPM2_ContextLoad() to create the symmetric encryption key and iv
//
void
ComputeContextProtectionKey(
     TPMS_CONTEXT      *contextBlob,    // IN: context blob
     TPM2B_SYM_KEY     *symKey,         // OUT: the symmetric key
     TPM2B_IV          *iv              // OUT: the IV.
     )
{
     UINT16             symKeyBits;     // number of bits in the parent's
                                        //   symmetric key
     TPM2B_AUTH        *proof = NULL;   // the proof value to use. Is null for
                                        //   everything but a primary object in
                                        //   the Endorsement Hierarchy
     BYTE               kdfResult[sizeof(TPMU_HA) * 2];// Value produced by the KDF
     TPM2B_DATA         sequence2B, handle2B;
     // Get proof value
     proof = HierarchyGetProof(contextBlob->hierarchy);
     // Get sequence value in 2B format
     sequence2B.t.size = sizeof(contextBlob->sequence);
     MemoryCopy(sequence2B.t.buffer, &contextBlob->sequence,
                sizeof(contextBlob->sequence),
                sizeof(sequence2B.t.buffer));
     // Get handle value in 2B format
     handle2B.t.size = sizeof(contextBlob->savedHandle);
     MemoryCopy(handle2B.t.buffer, &contextBlob->savedHandle,
                sizeof(contextBlob->savedHandle),
                sizeof(handle2B.t.buffer));
     // Get the symmetric encryption key size
     symKey->t.size = CONTEXT_ENCRYPT_KEY_BYTES;
//
   symKeyBits = CONTEXT_ENCRYPT_KEY_BITS;
   // Get the size of the IV for the algorithm
   iv->t.size = CryptGetSymmetricBlockSize(CONTEXT_ENCRYPT_ALG, symKeyBits);
   // KDFa to generate symmetric key and IV value
   KDFa(CONTEXT_INTEGRITY_HASH_ALG, &proof->b, "CONTEXT", &sequence2B.b,
        &handle2B.b, (symKey->t.size + iv->t.size) * 8, kdfResult, NULL);
   // Copy part of the returned value as the key
   MemoryCopy(symKey->t.buffer, kdfResult, symKey->t.size,
              sizeof(symKey->t.buffer));
   // Copy the rest as the IV
   MemoryCopy(iv->t.buffer, &kdfResult[symKey->t.size], iv->t.size,
              sizeof(iv->t.buffer));
   return;
}
//
//
//         ComputeContextIntegrity()
//
//     Generate the integrity hash for a context It is used by TPM2_ContextSave() to create an integrity hash
//     and by TPM2_ContextLoad() to compare an integrity hash
//
void
ComputeContextIntegrity(
   TPMS_CONTEXT       *contextBlob,      // IN: context blob
   TPM2B_DIGEST       *integrity         // OUT: integrity
   )
{
   HMAC_STATE              hmacState;
   TPM2B_AUTH              *proof;
   UINT16                  integritySize;
   // Get proof value
   proof = HierarchyGetProof(contextBlob->hierarchy);
   // Start HMAC
   integrity->t.size = CryptStartHMAC2B(CONTEXT_INTEGRITY_HASH_ALG,
                                        &proof->b, &hmacState);
   // Compute integrity size at the beginning of context blob
   integritySize = sizeof(integrity->t.size) + integrity->t.size;
   // Adding total reset counter so that the context cannot be
   // used after a TPM Reset
   CryptUpdateDigestInt(&hmacState, sizeof(gp.totalResetCount),
                        &gp.totalResetCount);
   // If this is a ST_CLEAR object, add the clear count
   // so that this contest cannot be loaded after a TPM Restart
   if(contextBlob->savedHandle == 0x80000002)
       CryptUpdateDigestInt(&hmacState, sizeof(gr.clearCount), &gr.clearCount);
   // Adding sequence number to the HMAC to make sure that it doesn't
   // get changed
   CryptUpdateDigestInt(&hmacState, sizeof(contextBlob->sequence),
                        &contextBlob->sequence);
   // Protect the handle
   CryptUpdateDigestInt(&hmacState, sizeof(contextBlob->savedHandle),
                         &contextBlob->savedHandle);
   // Adding sensitive contextData, skip the leading integrity area
     CryptUpdateDigest(&hmacState, contextBlob->contextBlob.t.size - integritySize,
                       contextBlob->contextBlob.t.buffer + integritySize);
     // Complete HMAC
     CryptCompleteHMAC2B(&hmacState, &integrity->b);
     return;
}
//
//
//           SequenceDataImportExport()
//
//      This function is used scan through the sequence object and either modify the hash state data for
//      LIB_EXPORT or to import it into the internal format
//
void
SequenceDataImportExport(
     OBJECT           *object,          // IN: the object containing the sequence data
     OBJECT           *exportObject,    // IN/OUT: the object structure that will get
                                        //     the exported hash state
     IMPORT_EXPORT     direction
     )
{
     int                      count = 1;
     HASH_OBJECT             *internalFmt = (HASH_OBJECT *)object;
     HASH_OBJECT             *externalFmt = (HASH_OBJECT *)exportObject;
     if(object->attributes.eventSeq)
         count = HASH_COUNT;
     for(; count; count--)
         CryptHashStateImportExport(&internalFmt->state.hashState[count - 1],
                              externalFmt->state.hashState, direction);
}