Home | History | Annotate | Download | only in tpm2 
      1 // This file was extracted from the TCG Published
      2 // Trusted Platform Module Library
      3 // Part 3: Commands
      4 // Family "2.0"
      5 // Level 00 Revision 01.16
      6 // October 30, 2014
      7 
      8 #include "InternalRoutines.h"
      9 #include "ObjectChangeAuth_fp.h"
     10 #include "Object_spt_fp.h"
     11 //
     12 //
     13 //     Error Returns               Meaning
     14 //
     15 //     TPM_RC_SIZE                 newAuth is larger than the size of the digest of the Name algorithm of
     16 //                                 objectHandle
     17 //     TPM_RC_TYPE                 the key referenced by parentHandle is not the parent of the object
     18 //                                 referenced by objectHandle; or objectHandle is a sequence object.
     19 //
     20 TPM_RC
     21 TPM2_ObjectChangeAuth(
     22    ObjectChangeAuth_In    *in,                // IN: input parameter list
     23    ObjectChangeAuth_Out   *out                // OUT: output parameter list
     24    )
     25 {
     26    TPMT_SENSITIVE          sensitive;
     27 
     28    OBJECT                 *object;
     29    TPM2B_NAME              objectQN, QNCompare;
     30    TPM2B_NAME              parentQN;
     31 
     32 // Input Validation
     33 
     34    // Get object pointer
     35    object = ObjectGet(in->objectHandle);
     36 
     37    // Can not change auth on sequence object
     38    if(ObjectIsSequence(object))
     39        return TPM_RC_TYPE + RC_ObjectChangeAuth_objectHandle;
     40 
     41    // Make sure that the auth value is consistent with the nameAlg
     42    if( MemoryRemoveTrailingZeros(&in->newAuth)
     43            > CryptGetHashDigestSize(object->publicArea.nameAlg))
     44        return TPM_RC_SIZE + RC_ObjectChangeAuth_newAuth;
     45 
     46    // Check parent for object
     47    // parent handle must be the parent of object handle. In this
     48    // implementation we verify this by checking the QN of object. Other
     49    // implementation may choose different method to verify this attribute.
     50    ObjectGetQualifiedName(in->parentHandle, &parentQN);
     51    ObjectComputeQualifiedName(&parentQN, object->publicArea.nameAlg,
     52                               &object->name, &QNCompare);
     53 
     54    ObjectGetQualifiedName(in->objectHandle, &objectQN);
     55    if(!Memory2BEqual(&objectQN.b, &QNCompare.b))
     56        return TPM_RC_TYPE + RC_ObjectChangeAuth_parentHandle;
     57 
     58 // Command Output
     59 
     60    // Copy internal sensitive area
     61    sensitive = object->sensitive;
     62    // Copy authValue
     63    sensitive.authValue = in->newAuth;
     64 
     65    // Prepare output private data from sensitive
     66    SensitiveToPrivate(&sensitive, &object->name, in->parentHandle,
     67                       object->publicArea.nameAlg,
     68                        &out->outPrivate);
     69 
     70    return TPM_RC_SUCCESS;
     71 }
     72