• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* Microsoft Reference Implementation for TPM 2.0
2  *
3  *  The copyright in this software is being made available under the BSD License,
4  *  included below. This software may be subject to other third party and
5  *  contributor rights, including patent rights, and no such rights are granted
6  *  under this license.
7  *
8  *  Copyright (c) Microsoft Corporation
9  *
10  *  All rights reserved.
11  *
12  *  BSD License
13  *
14  *  Redistribution and use in source and binary forms, with or without modification,
15  *  are permitted provided that the following conditions are met:
16  *
17  *  Redistributions of source code must retain the above copyright notice, this list
18  *  of conditions and the following disclaimer.
19  *
20  *  Redistributions in binary form must reproduce the above copyright notice, this
21  *  list of conditions and the following disclaimer in the documentation and/or
22  *  other materials provided with the distribution.
23  *
24  *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS""
25  *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26  *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
27  *  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
28  *  ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
29  *  (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
30  *  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
31  *  ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
32  *  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33  *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34  */
35 #include "Tpm.h"
36 #include "CreatePrimary_fp.h"
37 
38 #if CC_CreatePrimary  // Conditional expansion of this file
39 
40 /*(See part 3 specification)
41 // Creates a primary or temporary object from a primary seed.
42 */
43 //  Return Type: TPM_RC
44 //      TPM_RC_ATTRIBUTES       sensitiveDataOrigin is CLEAR when sensitive.data is an
45 //                              Empty Buffer 'fixedTPM', 'fixedParent', or
46 //                              'encryptedDuplication' attributes are inconsistent
47 //                              between themselves or with those of the parent object;
48 //                              inconsistent 'restricted', 'decrypt' and 'sign'
49 //                              attributes
50 //                              attempt to inject sensitive data for an asymmetric
51 //                              key;
52 //      TPM_RC_KDF              incorrect KDF specified for decrypting keyed hash
53 //                              object
54 //      TPM_RC_KEY              a provided symmetric key value is not allowed
55 //      TPM_RC_OBJECT_MEMORY    there is no free slot for the object
56 //      TPM_RC_SCHEME           inconsistent attributes 'decrypt', 'sign',
57 //                              'restricted' and key's scheme ID; or hash algorithm is
58 //                              inconsistent with the scheme ID for keyed hash object
59 //      TPM_RC_SIZE             size of public authorization policy or sensitive
60 //                              authorization value does not match digest size of the
61 //                              name algorithm; or sensitive data size for the keyed
62 //                              hash object is larger than is allowed for the scheme
63 //      TPM_RC_SYMMETRIC        a storage key with no symmetric algorithm specified;
64 //                              or non-storage key with symmetric algorithm different
65 //                              from TPM_ALG_NULL
66 //      TPM_RC_TYPE             unknown object type
67 TPM_RC
TPM2_CreatePrimary(CreatePrimary_In * in,CreatePrimary_Out * out)68 TPM2_CreatePrimary(
69     CreatePrimary_In    *in,            // IN: input parameter list
70     CreatePrimary_Out   *out            // OUT: output parameter list
71     )
72 {
73     TPM_RC               result = TPM_RC_SUCCESS;
74     TPMT_PUBLIC         *publicArea;
75     DRBG_STATE           rand;
76     OBJECT              *newObject;
77     TPM2B_NAME           name;
78 
79 // Input Validation
80     // Will need a place to put the result
81     newObject = FindEmptyObjectSlot(&out->objectHandle);
82     if(newObject == NULL)
83         return TPM_RC_OBJECT_MEMORY;
84     // Get the address of the public area in the new object
85     // (this is just to save typing)
86     publicArea = &newObject->publicArea;
87 
88     *publicArea = in->inPublic.publicArea;
89 
90     // Check attributes in input public area. CreateChecks() checks the things that
91     // are unique to creation and then validates the attributes and values that are
92     // common to create and load.
93     result = CreateChecks(NULL, publicArea,
94                           in->inSensitive.sensitive.data.t.size);
95     if(result != TPM_RC_SUCCESS)
96         return RcSafeAddToResult(result, RC_CreatePrimary_inPublic);
97     // Validate the sensitive area values
98     if(!AdjustAuthSize(&in->inSensitive.sensitive.userAuth,
99                        publicArea->nameAlg))
100         return TPM_RCS_SIZE + RC_CreatePrimary_inSensitive;
101 // Command output
102     // Compute the name using out->name as a scratch area (this is not the value
103     // that ultimately will be returned, then instantiate the state that will be
104     // used as a random number generator during the object creation.
105     // The caller does not know the seed values so the actual name does not have
106     // to be over the input, it can be over the unmarshaled structure.
107     result = DRBG_InstantiateSeeded(&rand,
108                            &HierarchyGetPrimarySeed(in->primaryHandle)->b,
109                            PRIMARY_OBJECT_CREATION,
110                            (TPM2B *)PublicMarshalAndComputeName(publicArea, &name),
111                            &in->inSensitive.sensitive.data.b);
112     if(result == TPM_RC_SUCCESS)
113     {
114         newObject->attributes.primary = SET;
115         if(in->primaryHandle == TPM_RH_ENDORSEMENT)
116             newObject->attributes.epsHierarchy = SET;
117 
118         // Create the primary object.
119         result = CryptCreateObject(newObject, &in->inSensitive.sensitive,
120             (RAND_STATE *)&rand);
121     }
122     if(result != TPM_RC_SUCCESS)
123         return result;
124 
125     // Set the publicArea and name from the computed values
126     out->outPublic.publicArea = newObject->publicArea;
127     out->name = newObject->name;
128 
129     // Fill in creation data
130     FillInCreationData(in->primaryHandle, publicArea->nameAlg,
131                        &in->creationPCR, &in->outsideInfo, &out->creationData,
132                        &out->creationHash);
133 
134     // Compute creation ticket
135     TicketComputeCreation(EntityGetHierarchy(in->primaryHandle), &out->name,
136                           &out->creationHash, &out->creationTicket);
137 
138     // Set the remaining attributes for a loaded object
139     ObjectSetLoadedAttributes(newObject, in->primaryHandle);
140     return result;
141 }
142 
143 #endif // CC_CreatePrimary