Home | History | Annotate | Download | only in tpm2 
      1 // This file was extracted from the TCG Published
      2 // Trusted Platform Module Library
      3 // Part 3: Commands
      4 // Family "2.0"
      5 // Level 00 Revision 01.16
      6 // October 30, 2014
      7 
      8 #include "InternalRoutines.h"
      9 #include "VerifySignature_fp.h"
     10 //
     11 //
     12 //     Error Returns                     Meaning
     13 //
     14 //     TPM_RC_ATTRIBUTES                 keyHandle does not reference a signing key
     15 //     TPM_RC_SIGNATURE                  signature is not genuine
     16 //     TPM_RC_SCHEME                     CryptVerifySignature()
     17 //     TPM_RC_HANDLE                     the input handle is references an HMAC key but the private portion is
     18 //                                       not loaded
     19 //
     20 TPM_RC
     21 TPM2_VerifySignature(
     22    VerifySignature_In        *in,                   // IN: input parameter list
     23    VerifySignature_Out       *out                   // OUT: output parameter list
     24    )
     25 {
     26    TPM_RC                     result;
     27    TPM2B_NAME                 name;
     28    OBJECT                    *signObject;
     29    TPMI_RH_HIERARCHY          hierarchy;
     30 
     31 // Input Validation
     32 
     33    // Get sign object pointer
     34    signObject = ObjectGet(in->keyHandle);
     35 
     36    // The object to validate the signature must be a signing key.
     37    if(signObject->publicArea.objectAttributes.sign != SET)
     38        return TPM_RC_ATTRIBUTES + RC_VerifySignature_keyHandle;
     39 
     40    // Validate Signature. TPM_RC_SCHEME, TPM_RC_HANDLE or TPM_RC_SIGNATURE
     41    // error may be returned by CryptCVerifySignatrue()
     42    result = CryptVerifySignature(in->keyHandle, &in->digest, &in->signature);
     43    if(result != TPM_RC_SUCCESS)
     44        return RcSafeAddToResult(result, RC_VerifySignature_signature);
     45 
     46 // Command Output
     47 
     48    hierarchy = ObjectGetHierarchy(in->keyHandle);
     49    if(   hierarchy == TPM_RH_NULL
     50       || signObject->publicArea.nameAlg == TPM_ALG_NULL)
     51    {
     52        // produce empty ticket if hierarchy is TPM_RH_NULL or nameAlg is
     53        // TPM_ALG_NULL
     54        out->validation.tag = TPM_ST_VERIFIED;
     55        out->validation.hierarchy = TPM_RH_NULL;
     56        out->validation.digest.t.size = 0;
     57    }
     58    else
     59    {
     60        // Get object name that verifies the signature
     61        name.t.size = ObjectGetName(in->keyHandle, &name.t.name);
     62        // Compute ticket
     63        TicketComputeVerified(hierarchy, &in->digest, &name, &out->validation);
     64    }
     65 
     66    return TPM_RC_SUCCESS;
     67 }
     68