Lines Matching +full:case +full:- +full:sensitive
63 digestSize = CryptHmacStart2B(&hmacState, signature->signature.any.hashAlg, in CryptHmacSign()
64 &signKey->sensitive.sensitive.bits.b); in CryptHmacSign()
65 CryptDigestUpdate2B(&hmacState.hashState, &hashData->b); in CryptHmacSign()
67 (BYTE *)&signature->signature.hmac.digest); in CryptHmacSign()
88 &signKey->publicArea.parameters.keyedHashDetail.scheme; in CryptHMACVerifySignature()
90 if((signature->sigAlg != TPM_ALG_HMAC) in CryptHMACVerifySignature()
91 || (signature->signature.hmac.hashAlg == TPM_ALG_NULL)) in CryptHMACVerifySignature()
98 if((keyScheme->scheme != TPM_ALG_NULL) in CryptHMACVerifySignature()
99 && ((keyScheme->scheme != signature->sigAlg) in CryptHMACVerifySignature()
100 || (keyScheme->details.hmac.hashAlg in CryptHMACVerifySignature()
101 != signature->signature.any.hashAlg))) in CryptHMACVerifySignature()
103 test.sigAlg = signature->sigAlg; in CryptHMACVerifySignature()
104 test.signature.hmac.hashAlg = signature->signature.hmac.hashAlg; in CryptHMACVerifySignature()
110 &signature->signature.hmac.digest, in CryptHMACVerifySignature()
111 CryptHashGetDigestSize(signature->signature.any.hashAlg))) in CryptHMACVerifySignature()
121 // TPM_RC_SIZE sensitive data size is larger than allowed for
127 TPMT_SENSITIVE *sensitive, // OUT: sensitive area in CryptGenerateKeyedHash() argument
128 TPMS_SENSITIVE_CREATE *sensitiveCreate, // IN: sensitive creation data in CryptGenerateKeyedHash()
136 scheme = &publicArea->parameters.keyedHashDetail.scheme; in CryptGenerateKeyedHash()
138 if(publicArea->type != TPM_ALG_KEYEDHASH) in CryptGenerateKeyedHash()
142 if(scheme->scheme == TPM_ALG_NULL) in CryptGenerateKeyedHash()
143 hashAlg = publicArea->nameAlg; in CryptGenerateKeyedHash()
144 else if(scheme->scheme == TPM_ALG_XOR) in CryptGenerateKeyedHash()
145 hashAlg = scheme->details.xor.hashAlg; in CryptGenerateKeyedHash()
147 hashAlg = scheme->details.hmac.hashAlg; in CryptGenerateKeyedHash()
156 if(sensitiveCreate->data.t.size != 0) in CryptGenerateKeyedHash()
158 if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, decrypt) in CryptGenerateKeyedHash()
159 || IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign)) in CryptGenerateKeyedHash()
161 if(sensitiveCreate->data.t.size > CryptHashGetBlockSize(hashAlg)) in CryptGenerateKeyedHash()
163 #if 0 // May make this a FIPS-mode requirement in CryptGenerateKeyedHash()
164 if(sensitiveCreate->data.t.size < (digestSize / 2)) in CryptGenerateKeyedHash()
170 MemoryCopy2B(&sensitive->sensitive.bits.b, &sensitiveCreate->data.b, in CryptGenerateKeyedHash()
171 sizeof(sensitive->sensitive.bits.t.buffer)); in CryptGenerateKeyedHash()
177 sensitive->sensitive.bits.t.size = in CryptGenerateKeyedHash()
178 DRBG_Generate(rand, sensitive->sensitive.bits.t.buffer, digestSize); in CryptGenerateKeyedHash()
179 if(sensitive->sensitive.bits.t.size == 0) in CryptGenerateKeyedHash()
188 // like U-Prove.
307 // in the sensitive creation area
313 TPMT_SENSITIVE *sensitive, // OUT: sensitive area in CryptGenerateKeySymmetric() argument
314 TPMS_SENSITIVE_CREATE *sensitiveCreate, // IN: sensitive creation data in CryptGenerateKeySymmetric()
318 UINT16 keyBits = publicArea->parameters.symDetail.sym.keyBits.sym; in CryptGenerateKeySymmetric()
325 if(sensitiveCreate->data.t.size != 0) in CryptGenerateKeySymmetric()
327 result = CryptSymKeyValidate(&publicArea->parameters.symDetail.sym, in CryptGenerateKeySymmetric()
328 (TPM2B_SYM_KEY *)&sensitiveCreate->data); in CryptGenerateKeySymmetric()
330 MemoryCopy2B(&sensitive->sensitive.sym.b, &sensitiveCreate->data.b, in CryptGenerateKeySymmetric()
331 sizeof(sensitive->sensitive.sym.t.buffer)); in CryptGenerateKeySymmetric()
334 else if(publicArea->parameters.symDetail.sym.algorithm == TPM_ALG_TDES) in CryptGenerateKeySymmetric()
336 result = CryptGenerateKeyDes(publicArea, sensitive, rand); in CryptGenerateKeySymmetric()
341 sensitive->sensitive.sym.t.size = in CryptGenerateKeySymmetric()
342 DRBG_Generate(rand, sensitive->sensitive.sym.t.buffer, in CryptGenerateKeySymmetric()
346 else if(sensitive->sensitive.sym.t.size == 0) in CryptGenerateKeySymmetric()
379 for(; remainBytes > 0; remainBytes -= hLen) in CryptXORObfuscation()
387 for(i = hLen < remainBytes ? hLen : remainBytes; i > 0; i--) in CryptXORObfuscation()
477 //** Algorithm-Independent Functions
497 case TPM_ALG_RSA: in CryptIsAsymAlgorithm()
500 case TPM_ALG_ECC: in CryptIsAsymAlgorithm()
525 const TPM2B *label, // IN: a null-terminated string as L in CryptSecretEncrypt()
537 data->t.size = CryptHashGetDigestSize(encryptKey->publicArea.nameAlg); in CryptSecretEncrypt()
540 scheme.details.anySig.hashAlg = encryptKey->publicArea.nameAlg; in CryptSecretEncrypt()
542 if(!IS_ATTRIBUTE(encryptKey->publicArea.objectAttributes, TPMA_OBJECT, decrypt)) in CryptSecretEncrypt()
544 switch(encryptKey->publicArea.type) in CryptSecretEncrypt()
547 case TPM_ALG_RSA: in CryptSecretEncrypt()
550 CryptRandomGenerate(data->t.size, data->t.buffer); in CryptSecretEncrypt()
553 result = CryptRsaEncrypt((TPM2B_PUBLIC_KEY_RSA *)secret, &data->b, in CryptSecretEncrypt()
560 case TPM_ALG_ECC: in CryptSecretEncrypt()
565 BYTE *buffer = secret->t.secret; in CryptSecretEncrypt()
570 encryptKey->publicArea.parameters.eccDetail.curveID, in CryptSecretEncrypt()
571 &encryptKey->publicArea.unique.ecc)) in CryptSecretEncrypt()
580 encryptKey->publicArea.parameters.eccDetail.curveID); in CryptSecretEncrypt()
583 secret->t.size = TPMS_ECC_POINT_Marshal(&eccPublic, &buffer, NULL); in CryptSecretEncrypt()
591 encryptKey->publicArea.parameters.eccDetail.curveID, in CryptSecretEncrypt()
592 &encryptKey->publicArea.unique.ecc, &eccPrivate, in CryptSecretEncrypt()
605 // Use a null-terminated string containing "SECRET" in CryptSecretEncrypt()
611 CryptKDFe(encryptKey->publicArea.nameAlg, &eccSecret.x.b, in CryptSecretEncrypt()
613 &encryptKey->publicArea.unique.ecc.x.b, in CryptSecretEncrypt()
614 data->t.size * 8, data->t.buffer); in CryptSecretEncrypt()
663 switch(decryptKey->publicArea.type) in CryptSecretDecrypt()
666 case TPM_ALG_RSA: in CryptSecretDecrypt()
670 = &decryptKey->publicArea.parameters.rsaDetail.scheme; in CryptSecretDecrypt()
680 scheme.details.oaep.hashAlg = decryptKey->publicArea.nameAlg; in CryptSecretDecrypt()
686 // limit on the size. In this case, it is the size of the digest of the in CryptSecretDecrypt()
695 data->t.size = sizeof(data->t.buffer); in CryptSecretDecrypt()
698 result = CryptRsaDecrypt(&data->b, &secret->b, in CryptSecretDecrypt()
700 if((result == TPM_RC_SUCCESS) && (data->t.size > digestSize)) in CryptSecretDecrypt()
706 case TPM_ALG_ECC: in CryptSecretDecrypt()
710 BYTE *buffer = secret->t.secret; in CryptSecretDecrypt()
711 INT32 size = secret->t.size; in CryptSecretDecrypt()
718 decryptKey->publicArea.parameters.eccDetail.curveID, in CryptSecretDecrypt()
719 &eccPublic, &decryptKey->sensitive.sensitive.ecc, in CryptSecretDecrypt()
725 data->t.size = in CryptSecretDecrypt()
726 CryptHashGetDigestSize(decryptKey->publicArea.nameAlg); in CryptSecretDecrypt()
731 // HashID -- the nameAlg of the decrypt key in CryptSecretDecrypt()
732 // Z -- the x coordinate (Px) of the product (P) of the point in CryptSecretDecrypt()
735 // Use -- a null-terminated string containing "SECRET" in CryptSecretDecrypt()
736 // PartyUInfo -- the x coordinate of the point in the secret in CryptSecretDecrypt()
738 // PartyVInfo -- the x coordinate of the public key (Qs,V ) in CryptSecretDecrypt()
739 // bits -- the number of bits in the digest of HashID in CryptSecretDecrypt()
741 CryptKDFe(decryptKey->publicArea.nameAlg, &eccSecret.x.b, label, in CryptSecretDecrypt()
743 &decryptKey->publicArea.unique.ecc.x.b, in CryptSecretDecrypt()
744 data->t.size * 8, data->t.buffer); in CryptSecretDecrypt()
753 case TPM_ALG_KEYEDHASH: in CryptSecretDecrypt()
755 if(secret->t.size > in CryptSecretDecrypt()
756 CryptHashGetDigestSize(decryptKey->publicArea.nameAlg)) in CryptSecretDecrypt()
769 // nullNonce a zero-length nonce in CryptSecretDecrypt()
771 CryptXORObfuscation(decryptKey->publicArea.nameAlg, in CryptSecretDecrypt()
772 &decryptKey->sensitive.sensitive.bits.b, in CryptSecretDecrypt()
773 &nonceCaller->b, NULL, in CryptSecretDecrypt()
774 secret->t.size, secret->t.secret); in CryptSecretDecrypt()
776 MemoryCopy2B(&data->b, &secret->b, sizeof(data->t.buffer)); in CryptSecretDecrypt()
779 case TPM_ALG_SYMCIPHER: in CryptSecretDecrypt()
784 if(secret->t.size > in CryptSecretDecrypt()
785 CryptHashGetDigestSize(decryptKey->publicArea.nameAlg)) in CryptSecretDecrypt()
789 symDef = &decryptKey->publicArea.parameters.symDetail.sym; in CryptSecretDecrypt()
790 iv.t.size = CryptGetSymmetricBlockSize(symDef->algorithm, in CryptSecretDecrypt()
791 symDef->keyBits.sym); in CryptSecretDecrypt()
794 if(nonceCaller->t.size >= iv.t.size) in CryptSecretDecrypt()
796 MemoryCopy(iv.t.buffer, nonceCaller->t.buffer, iv.t.size); in CryptSecretDecrypt()
800 if(nonceCaller->t.size > sizeof(iv.t.buffer)) in CryptSecretDecrypt()
802 MemoryCopy(iv.b.buffer, nonceCaller->t.buffer, in CryptSecretDecrypt()
803 nonceCaller->t.size); in CryptSecretDecrypt()
806 if(secret->t.size > data->t.size) in CryptSecretDecrypt()
808 data->t.size = secret->t.size; in CryptSecretDecrypt()
810 CryptSymmetricDecrypt(data->t.buffer, symDef->algorithm, in CryptSecretDecrypt()
811 symDef->keyBits.sym, in CryptSecretDecrypt()
812 decryptKey->sensitive.sensitive.sym.t.buffer, in CryptSecretDecrypt()
813 &iv, TPM_ALG_CFB, secret->t.size, in CryptSecretDecrypt()
814 secret->t.secret); in CryptSecretDecrypt()
826 // This function does in-place encryption of a response parameter.
839 TPM2B_TYPE(TEMP_KEY, (sizeof(extraKey->t.buffer) in CryptParameterEncryption()
840 + sizeof(session->sessionKey.t.buffer))); in CryptParameterEncryption()
868 MemoryCopy2B(&key.b, &session->sessionKey.b, sizeof(key.t.buffer)); in CryptParameterEncryption()
869 MemoryConcat2B(&key.b, &extraKey->b, sizeof(key.t.buffer)); in CryptParameterEncryption()
871 if(session->symmetric.algorithm == TPM_ALG_XOR) in CryptParameterEncryption()
875 CryptXORObfuscation(session->authHashAlg, &(key.b), in CryptParameterEncryption()
876 &(session->nonceTPM.b), in CryptParameterEncryption()
879 ParmEncryptSym(session->symmetric.algorithm, session->authHashAlg, in CryptParameterEncryption()
880 session->symmetric.keyBits.aes, &(key.b), in CryptParameterEncryption()
881 nonceCaller, &(session->nonceTPM.b), in CryptParameterEncryption()
887 // This function does in-place decryption of a command parameter.
906 TPM2B_TYPE(HMAC_KEY, (sizeof(extraKey->t.buffer) in CryptParameterDecryption()
907 + sizeof(session->sessionKey.t.buffer))); in CryptParameterDecryption()
935 MemoryCopy2B(&key.b, &session->sessionKey.b, sizeof(key.t.buffer)); in CryptParameterDecryption()
936 MemoryConcat2B(&key.b, &extraKey->b, sizeof(key.t.buffer)); in CryptParameterDecryption()
938 if(session->symmetric.algorithm == TPM_ALG_XOR) in CryptParameterDecryption()
942 CryptXORObfuscation(session->authHashAlg, &key.b, nonceCaller, in CryptParameterDecryption()
943 &(session->nonceTPM.b), cipherSize, buffer); in CryptParameterDecryption()
946 ParmDecryptSym(session->symmetric.algorithm, session->authHashAlg, in CryptParameterDecryption()
947 session->symmetric.keyBits.sym, in CryptParameterDecryption()
948 &key.b, nonceCaller, &session->nonceTPM.b, in CryptParameterDecryption()
959 TPMT_SENSITIVE *sensitive, // IN: the associated sensitive area in CryptComputeSymmetricUnique() argument
965 if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted) in CryptComputeSymmetricUnique()
966 && IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, decrypt)) in CryptComputeSymmetricUnique()
968 // Unique field is HMAC(sensitive->seedValue, sensitive->sensitive) in CryptComputeSymmetricUnique()
970 unique->b.size = CryptHmacStart2B(&hmacState, publicArea->nameAlg, in CryptComputeSymmetricUnique()
971 &sensitive->seedValue.b); in CryptComputeSymmetricUnique()
973 &sensitive->sensitive.any.b); in CryptComputeSymmetricUnique()
974 CryptHmacEnd2B(&hmacState, &unique->b); in CryptComputeSymmetricUnique()
979 // Unique := Hash(sensitive->seedValue || sensitive->sensitive) in CryptComputeSymmetricUnique()
980 unique->t.size = CryptHashStart(&hashState, publicArea->nameAlg); in CryptComputeSymmetricUnique()
981 CryptDigestUpdate2B(&hashState, &sensitive->seedValue.b); in CryptComputeSymmetricUnique()
982 CryptDigestUpdate2B(&hashState, &sensitive->sensitive.any.b); in CryptComputeSymmetricUnique()
983 CryptHashEnd2B(&hashState, &unique->b); in CryptComputeSymmetricUnique()
998 // 'publicArea', 'sensitive', and 'sensitiveCreate' are the only required parameters
1001 // This is the case for both Primary Objects and Derived Objects.
1005 // simplest case, TPM2_CreatePrimary() will use 'seed', 'label' and 'context' with
1016 // in the sensitive creation area for a symmetric key
1019 // TPM_RC_SIZE sensitive data size is larger than allowed for the
1027 TPMS_SENSITIVE_CREATE *sensitiveCreate, // IN: sensitive creation in CryptCreateObject()
1032 TPMT_PUBLIC *publicArea = &object->publicArea; in CryptCreateObject()
1033 TPMT_SENSITIVE *sensitive = &object->sensitive; in CryptCreateObject() local
1036 // Set the sensitive type for the object in CryptCreateObject()
1037 sensitive->sensitiveType = publicArea->type; in CryptCreateObject()
1040 sensitive->authValue = sensitiveCreate->userAuth; in CryptCreateObject()
1044 if(IS_ATTRIBUTE(publicArea->objectAttributes, in CryptCreateObject()
1046 sensitiveCreate->data.t.size = 0; in CryptCreateObject()
1049 // sensitive value for symmetric object in CryptCreateObject()
1050 switch(publicArea->type) in CryptCreateObject()
1054 case TPM_ALG_RSA: in CryptCreateObject()
1057 result = CryptRsaGenerateKey(publicArea, sensitive, rand); in CryptCreateObject()
1063 case TPM_ALG_ECC: in CryptCreateObject()
1064 result = CryptEccGenerateKey(publicArea, sensitive, rand); in CryptCreateObject()
1067 case TPM_ALG_SYMCIPHER: in CryptCreateObject()
1068 result = CryptGenerateKeySymmetric(publicArea, sensitive, in CryptCreateObject()
1071 case TPM_ALG_KEYEDHASH: in CryptCreateObject()
1072 result = CryptGenerateKeyedHash(publicArea, sensitive, in CryptCreateObject()
1081 // Create the sensitive seed value in CryptCreateObject()
1085 if(object->attributes.primary && object->attributes.epsHierarchy) in CryptCreateObject()
1091 sensitive->seedValue.t.size = in CryptCreateObject()
1092 DRBG_Generate(rand, sensitive->seedValue.t.buffer, in CryptCreateObject()
1093 CryptHashGetDigestSize(publicArea->nameAlg)); in CryptCreateObject()
1096 else if(sensitive->seedValue.t.size == 0) in CryptCreateObject()
1099 if(publicArea->type == TPM_ALG_SYMCIPHER in CryptCreateObject()
1100 || publicArea->type == TPM_ALG_KEYEDHASH) in CryptCreateObject()
1102 CryptComputeSymmetricUnique(publicArea, sensitive, &publicArea->unique.sym); in CryptCreateObject()
1108 if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign) in CryptCreateObject()
1109 || !IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted)) in CryptCreateObject()
1110 memset(&sensitive->seedValue, 0, sizeof(sensitive->seedValue)); in CryptCreateObject()
1113 PublicMarshalAndComputeName(publicArea, &object->name); in CryptCreateObject()
1126 if(auth->sigAlg == TPM_ALG_NULL) in CryptGetSignHashAlg()
1130 switch(auth->sigAlg) in CryptGetSignHashAlg()
1137 case TPM_ALG_RSASSA: in CryptGetSignHashAlg()
1138 return auth->signature.rsassa.hash; in CryptGetSignHashAlg()
1139 case TPM_ALG_RSAPSS: in CryptGetSignHashAlg()
1140 return auth->signature.rsapss.hash; in CryptGetSignHashAlg()
1148 case TPM_ALG_ECDSA: in CryptGetSignHashAlg()
1152 case TPM_ALG_SM2: in CryptGetSignHashAlg()
1155 case TPM_ALG_ECSCHNORR: in CryptGetSignHashAlg()
1158 return auth->signature.ecdsa.hash; in CryptGetSignHashAlg()
1162 case TPM_ALG_ECDAA: in CryptGetSignHashAlg()
1168 case TPM_ALG_HMAC: in CryptGetSignHashAlg()
1169 return auth->signature.hmac.hashAlg; in CryptGetSignHashAlg()
1189 case TPM_ALG_ECDAA: in CryptIsSplitSign()
1212 case TPM_ALG_RSA: in CryptIsAsymSignScheme()
1218 case TPM_ALG_RSASSA: in CryptIsAsymSignScheme()
1219 case TPM_ALG_RSAPSS: in CryptIsAsymSignScheme()
1230 case TPM_ALG_ECC: in CryptIsAsymSignScheme()
1234 case TPM_ALG_ECDSA: in CryptIsAsymSignScheme()
1236 case TPM_ALG_ECDAA: in CryptIsAsymSignScheme()
1239 case TPM_ALG_ECSCHNORR: in CryptIsAsymSignScheme()
1242 case TPM_ALG_SM2: in CryptIsAsymSignScheme()
1271 case TPM_ALG_RSA: in CryptIsAsymDecryptScheme()
1274 case TPM_ALG_RSAES: in CryptIsAsymDecryptScheme()
1275 case TPM_ALG_OAEP: in CryptIsAsymDecryptScheme()
1286 case TPM_ALG_ECC: in CryptIsAsymDecryptScheme()
1292 case TPM_ALG_ECDH: in CryptIsAsymDecryptScheme()
1294 case TPM_ALG_SM2: in CryptIsAsymDecryptScheme()
1297 case TPM_ALG_ECMQV: in CryptIsAsymDecryptScheme()
1320 // In the case that both object and input scheme has a non-NULL scheme
1323 // This function should not be called if 'signObject->publicArea.type' ==
1331 // non-empty default key scheme differs from 'scheme'
1347 scheme->scheme = TPM_ALG_NULL; in CryptSelectSignScheme()
1348 scheme->details.any.hashAlg = TPM_ALG_NULL; in CryptSelectSignScheme()
1353 publicArea = &signObject->publicArea; in CryptSelectSignScheme()
1357 if(publicArea->type == TPM_ALG_SYMCIPHER) in CryptSelectSignScheme()
1360 if(CryptIsAsymAlgorithm(publicArea->type)) in CryptSelectSignScheme()
1362 (TPMT_SIG_SCHEME *)&publicArea->parameters.asymDetail.scheme; in CryptSelectSignScheme()
1365 (TPMT_SIG_SCHEME *)&publicArea->parameters.keyedHashDetail.scheme; in CryptSelectSignScheme()
1369 if(objectScheme->scheme == TPM_ALG_NULL) in CryptSelectSignScheme()
1372 OK = (scheme->scheme != TPM_ALG_NULL); in CryptSelectSignScheme()
1376 else if(scheme->scheme == TPM_ALG_NULL) in CryptSelectSignScheme()
1382 OK = !CryptIsSplitSign(objectScheme->scheme); in CryptSelectSignScheme()
1398 OK = (objectScheme->scheme == scheme->scheme) in CryptSelectSignScheme()
1399 && (objectScheme->details.any.hashAlg in CryptSelectSignScheme()
1400 == scheme->details.any.hashAlg); in CryptSelectSignScheme()
1433 signature->sigAlg = signScheme->scheme; in CryptSign()
1437 if((signature->sigAlg == TPM_ALG_NULL) || (signKey == NULL)) in CryptSign()
1443 signature->signature.any.hashAlg = signScheme->details.any.hashAlg; in CryptSign()
1446 switch(signKey->publicArea.type) in CryptSign()
1449 case TPM_ALG_RSA: in CryptSign()
1454 case TPM_ALG_ECC: in CryptSign()
1462 case TPM_ALG_KEYEDHASH: in CryptSign()
1494 // will assert. It will never return a non-valid value. This makes it save in CryptValidateSignature()
1498 TPMT_PUBLIC *publicArea = &signObject->publicArea; in CryptValidateSignature()
1502 // a NULL signature, but just in case in CryptValidateSignature()
1503 if(signature->sigAlg == TPM_ALG_NULL) in CryptValidateSignature()
1506 switch(publicArea->type) in CryptValidateSignature()
1509 case TPM_ALG_RSA: in CryptValidateSignature()
1519 case TPM_ALG_ECC: in CryptValidateSignature()
1524 case TPM_ALG_KEYEDHASH: in CryptValidateSignature()
1525 if(signObject->attributes.publicOnly) in CryptValidateSignature()
1537 // This function returns the results of a self-test function.
1547 outData->t.size = 0; in CryptGetTestResult()
1554 // key, it is verified to be on the specified curve. For a key with a sensitive
1556 // If the nameAlg of the key is TPM_ALG_NULL, then the size of the sensitive area
1558 // For an RSA key, the reason for loading the sensitive area is to use it. The
1567 // TPM_RC_TYPE the types of the sensitive and private parts do not match
1571 TPMT_SENSITIVE *sensitive, in CryptValidateKeys() argument
1578 UINT16 digestSize = CryptHashGetDigestSize(publicArea->nameAlg); in CryptValidateKeys()
1579 TPMU_PUBLIC_PARMS *params = &publicArea->parameters; in CryptValidateKeys()
1580 TPMU_PUBLIC_ID *unique = &publicArea->unique; in CryptValidateKeys()
1582 if(sensitive != NULL) in CryptValidateKeys()
1584 // Make sure that the types of the public and sensitive are compatible in CryptValidateKeys()
1585 if(publicArea->type != sensitive->sensitiveType) in CryptValidateKeys()
1590 // was made during unmarshaling of the sensitive area in CryptValidateKeys()
1591 if((sensitive->authValue.t.size) > digestSize && (digestSize > 0)) in CryptValidateKeys()
1594 switch(publicArea->type) in CryptValidateKeys()
1597 case TPM_ALG_RSA: in CryptValidateKeys()
1598 keySizeInBytes = BITS_TO_BYTES(params->rsaDetail.keyBits); in CryptValidateKeys()
1600 // Regardless of whether there is a sensitive area, the public modulus in CryptValidateKeys()
1607 if((unique->rsa.t.size != keySizeInBytes) in CryptValidateKeys()
1608 || (unique->rsa.t.buffer[0] < 0x80)) in CryptValidateKeys()
1610 if(params->rsaDetail.exponent != 0 in CryptValidateKeys()
1611 && params->rsaDetail.exponent < 7) in CryptValidateKeys()
1613 if(sensitive != NULL) in CryptValidateKeys()
1615 // If there is a sensitive area, it has to be the correct size in CryptValidateKeys()
1617 if(((sensitive->sensitive.rsa.t.size * 2) != keySizeInBytes) in CryptValidateKeys()
1618 || (sensitive->sensitive.rsa.t.buffer[0] < 0x80)) in CryptValidateKeys()
1624 case TPM_ALG_ECC: in CryptValidateKeys()
1627 curveId = params->eccDetail.curveID; in CryptValidateKeys()
1629 if(sensitive == NULL) in CryptValidateKeys()
1632 if(unique->ecc.x.t.size != keySizeInBytes in CryptValidateKeys()
1633 || unique->ecc.y.t.size != keySizeInBytes) in CryptValidateKeys()
1635 if(publicArea->nameAlg != TPM_ALG_NULL) in CryptValidateKeys()
1637 if(!CryptEccIsPointOnCurve(curveId, &unique->ecc)) in CryptValidateKeys()
1645 if(!CryptEccIsValidPrivateKey(&sensitive->sensitive.ecc, in CryptValidateKeys()
1648 if(publicArea->nameAlg != TPM_ALG_NULL) in CryptValidateKeys()
1654 &sensitive->sensitive.ecc, in CryptValidateKeys()
1665 AdjustNumberB(&toCompare.x.b, unique->ecc.x.t.size); in CryptValidateKeys()
1666 AdjustNumberB(&toCompare.y.b, unique->ecc.y.t.size); in CryptValidateKeys()
1667 if(!MemoryEqual2B(&unique->ecc.x.b, &toCompare.x.b) in CryptValidateKeys()
1668 || !MemoryEqual2B(&unique->ecc.y.b, &toCompare.y.b)) in CryptValidateKeys()
1679 // and if there is also a sensitive area, validate the binding in CryptValidateKeys()
1681 // For consistency, if the object is public-only just make sure that in CryptValidateKeys()
1683 if(sensitive == NULL) in CryptValidateKeys()
1685 if(unique->sym.t.size != digestSize) in CryptValidateKeys()
1690 // Make sure that the key size in the sensitive area is consistent. in CryptValidateKeys()
1691 if(publicArea->type == TPM_ALG_SYMCIPHER) in CryptValidateKeys()
1693 result = CryptSymKeyValidate(¶ms->symDetail.sym, in CryptValidateKeys()
1694 &sensitive->sensitive.sym); in CryptValidateKeys()
1702 // 128 bytes. The worst case value is limited by the in CryptValidateKeys()
1708 scheme = ¶ms->keyedHashDetail.scheme; in CryptValidateKeys()
1709 if(scheme->scheme == TPM_ALG_XOR) in CryptValidateKeys()
1711 maxSize = CryptHashGetBlockSize(scheme->details.xor.hashAlg); in CryptValidateKeys()
1713 else if(scheme->scheme == TPM_ALG_HMAC) in CryptValidateKeys()
1715 maxSize = CryptHashGetBlockSize(scheme->details.hmac.hashAlg); in CryptValidateKeys()
1717 else if(scheme->scheme == TPM_ALG_NULL) in CryptValidateKeys()
1724 if(sensitive->sensitive.bits.t.size > maxSize) in CryptValidateKeys()
1728 if(publicArea->nameAlg != TPM_ALG_NULL) in CryptValidateKeys()
1731 if(sensitive->seedValue.t.size != digestSize) in CryptValidateKeys()
1734 CryptComputeSymmetricUnique(publicArea, sensitive, &compare); in CryptValidateKeys()
1735 if(!MemoryEqual2B(&unique->sym.b, &compare.b)) in CryptValidateKeys()
1743 if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted) in CryptValidateKeys()
1744 && IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, decrypt) in CryptValidateKeys()
1745 && sensitive != NULL in CryptValidateKeys()
1746 && publicArea->nameAlg != TPM_ALG_NULL) in CryptValidateKeys()
1748 if((sensitive->seedValue.t.size < (digestSize / 2)) in CryptValidateKeys()
1749 || (sensitive->seedValue.t.size > digestSize)) in CryptValidateKeys()
1769 switch(publicArea->type) in CryptSelectMac()
1771 case TPM_ALG_KEYEDHASH: in CryptSelectMac()
1775 scheme = &publicArea->parameters.keyedHashDetail.scheme; in CryptSelectMac()
1777 if(scheme->scheme != TPM_ALG_NULL) in CryptSelectMac()
1778 macAlg = scheme->details.hmac.hashAlg; in CryptSelectMac()
1781 case TPM_ALG_SYMCIPHER: in CryptSelectMac()
1784 scheme = &publicArea->parameters.symDetail.sym; in CryptSelectMac()
1786 if(scheme->algorithm != TPM_ALG_NULL) in CryptSelectMac()
1787 macAlg = scheme->mode.sym; in CryptSelectMac()
1809 if(!CryptMacIsValidForKey(publicArea->type, *inMac, FALSE)) in CryptSelectMac()
1825 case TPM_ALG_KEYEDHASH: in CryptMacIsValidForKey()
1828 case TPM_ALG_SYMCIPHER: in CryptMacIsValidForKey()
1849 case TPM_ALG_CMAC: in CryptSmacIsValidAlg()
1853 case TPM_ALG_NULL: in CryptSmacIsValidAlg()
1874 case TPM_ALG_CTR: in CryptSymModeIsValid()
1877 case TPM_ALG_OFB: in CryptSymModeIsValid()
1880 case TPM_ALG_CBC: in CryptSymModeIsValid()
1883 case TPM_ALG_CFB: in CryptSymModeIsValid()
1886 case TPM_ALG_ECB: in CryptSymModeIsValid()
1889 case TPM_ALG_NULL: in CryptSymModeIsValid()