Lines Matching +full:case +full:- +full:sensitive
39 if(publicArea1->nameAlg != publicArea2->nameAlg) in EqualCryptSet()
42 if(publicArea1->type != publicArea2->type) in EqualCryptSet()
47 size1 = TPMU_PUBLIC_PARMS_Marshal(&publicArea1->parameters, &buffer, in EqualCryptSet()
48 &bufferSize, publicArea1->type); in EqualCryptSet()
51 size2 = TPMU_PUBLIC_PARMS_Marshal(&publicArea2->parameters, &buffer, in EqualCryptSet()
52 &bufferSize, publicArea2->type); in EqualCryptSet()
61 // Get the size of TPM2B_IV in canonical form that will be append to the start of the sensitive…
85 symAlg = protector->publicArea.parameters.asymDetail.symmetric.algorithm; in GetIV2BSize()
86 keyBits= protector->publicArea.parameters.asymDetail.symmetric.keyBits.sym; in GetIV2BSize()
96 // This function retrieves the symmetric protection key parameters for the sensitive data The p…
99 // requires encrypting or decrypting of the sensitive area of an object or a credential blob
122 symKey->t.size = CONTEXT_ENCRYPT_KEY_BYTES; in ComputeProtectionKeyParms()
129 symDef = &protector->publicArea.parameters.asymDetail.symmetric; in ComputeProtectionKeyParms()
130 *symAlg = symDef->algorithm; in ComputeProtectionKeyParms()
131 *keyBits= symDef->keyBits.sym; in ComputeProtectionKeyParms()
132 symKey->t.size = (*keyBits + 7) / 8; in ComputeProtectionKeyParms()
138 symKey->t.size * 8, symKey->t.buffer, NULL); in ComputeProtectionKeyParms()
145 // The sensitive area parameter is a buffer that holds a space for the integrity value and the…
146 // sensitive area. The caller should skip over the area set aside for the integrity value and …
147 … of the remainder of the object. The size field of sensitive is in unmarshaled form and the sensit…
162 UINT32 sensitiveSize, // IN: size of the marshaled sensitive data in ComputeOuterIntegrity()
163 BYTE *sensitiveData, // IN: sensitive area in ComputeOuterIntegrity()
178 integrity->t.size = CryptStartHMAC2B(hashAlg, &hmacKey.b, &hmacState); in ComputeOuterIntegrity()
179 // Adding the marshaled sensitive area to the integrity value in ComputeOuterIntegrity()
184 CryptCompleteHMAC2B(&hmacState, &integrity->b); in ComputeOuterIntegrity()
197 UINT16 dataSize, // IN: the size of sensitive data in ComputeInnerIntegrity()
198 BYTE *sensitiveData, // IN: sensitive data in ComputeInnerIntegrity()
204 integrity->t.size = CryptStartHash(hashAlg, &hashState); in ComputeInnerIntegrity()
205 // Adding the marshaled sensitive area to the integrity value in ComputeInnerIntegrity()
208 CryptUpdateDigest2B(&hashState, &name->b); in ComputeInnerIntegrity()
210 CryptCompleteHash2B(&hashState, &integrity->b); in ComputeInnerIntegrity()
218 // sensitive data being marshaled to the innerBuffer, with the leading bytes reserved for inte…
219 // assume the sensitive data starts at address (innerBuffer + integrity size). This function i…
226 UINT16 dataSize, // IN: the size of sensitive data, excluding the in ProduceInnerIntegrity()
228 BYTE *innerBuffer // IN/OUT: inner buffer with sensitive data in in ProduceInnerIntegrity()
233 BYTE *sensitiveData; // pointer to the sensitive data in ProduceInnerIntegrity()
238 // sensitiveData points to the beginning of sensitive data in innerBuffer in ProduceInnerIntegrity()
263 UINT16 dataSize, // IN: the size of sensitive data, including the in CheckInnerIntegrity()
265 BYTE *innerBuffer // IN/OUT: inner buffer with sensitive data in in CheckInnerIntegrity()
309 // the authorization is checked, both the public and sensitive in AreAttributesForParent()
311 pAssert(parentObject->attributes.publicOnly == CLEAR); in AreAttributesForParent()
312 if(ObjectDataIsStorage(&parentObject->publicArea)) in AreAttributesForParent()
326 // TPM_RC_ASYMMETRIC non-duplicable storage key and its parent have different pu…
328 // TPM_RC_ATTRIBUTES attempt to inject sensitive data for an asymmetric key; or …
330 // TPM_RC_HASH non-duplicable storage key and its parent have different na…
337 …TPM_RC_SYMMETRIC a storage key with no symmetric algorithm specified; or non-storage
339 // TPM_RC_TYPE unexpected object type; or non-duplicable storage key and i…
351 if(CryptIsAsymAlgorithm(publicArea->type)) in SchemeChecks()
354 keyScheme = &publicArea->parameters.asymDetail.scheme; in SchemeChecks()
357 if(!load && (publicArea->objectAttributes.sensitiveDataOrigin == CLEAR)) in SchemeChecks()
363 if( publicArea->objectAttributes.sign == SET in SchemeChecks()
364 && publicArea->objectAttributes.decrypt == SET in SchemeChecks()
365 && keyScheme->scheme != TPM_ALG_NULL) in SchemeChecks()
367 // A restrict sign key must have a non-NULL scheme in SchemeChecks()
368 if( publicArea->objectAttributes.restricted == SET in SchemeChecks()
369 && publicArea->objectAttributes.sign == SET in SchemeChecks()
370 && keyScheme->scheme == TPM_ALG_NULL) in SchemeChecks()
380 if( keyScheme->scheme != TPM_ALG_NULL in SchemeChecks()
381 && ( ( publicArea->objectAttributes.sign == SET in SchemeChecks()
382 && !CryptIsSignScheme(keyScheme->scheme) in SchemeChecks()
384 || ( publicArea->objectAttributes.decrypt == SET in SchemeChecks()
385 && !CryptIsDecryptScheme(keyScheme->scheme) in SchemeChecks()
392 if(publicArea->type == TPM_ALG_ECC) in SchemeChecks()
394 TPM_ECC_CURVE curveID = publicArea->parameters.eccDetail.curveID; in SchemeChecks()
400 if(curveScheme->scheme != TPM_ALG_NULL) in SchemeChecks()
402 if(keyScheme->scheme != curveScheme->scheme) in SchemeChecks()
405 if( curveScheme->details.anySig.hashAlg != TPM_ALG_NULL in SchemeChecks()
406 && ( keyScheme->details.anySig.hashAlg in SchemeChecks()
407 != curveScheme->details.anySig.hashAlg in SchemeChecks()
413 if(publicArea->parameters.eccDetail.kdf.scheme != TPM_ALG_NULL) in SchemeChecks()
418 if( publicArea->objectAttributes.restricted == SET in SchemeChecks()
419 && publicArea->objectAttributes.decrypt == SET) in SchemeChecks()
422 if( publicArea->parameters.asymDetail.symmetric.algorithm in SchemeChecks()
426 if(publicArea->parameters.asymDetail.scheme.scheme != TPM_ALG_NULL) in SchemeChecks()
431 && publicArea->objectAttributes.fixedParent == SET in SchemeChecks()
438 &(ObjectGet(parentHandle)->publicArea)); in SchemeChecks()
443 // Non-storage keys must have TPM_ALG_NULL for the symmetric algorithm in SchemeChecks()
444 if( publicArea->parameters.asymDetail.symmetric.algorithm in SchemeChecks()
450 else if(publicArea->type == TPM_ALG_KEYEDHASH) in SchemeChecks()
453 = &publicArea->parameters.keyedHashDetail.scheme; in SchemeChecks()
458 if( publicArea->objectAttributes.sign in SchemeChecks()
459 == publicArea->objectAttributes.decrypt) in SchemeChecks()
461 if(scheme->scheme != TPM_ALG_NULL) in SchemeChecks()
467 else if(publicArea->objectAttributes.decrypt) in SchemeChecks()
469 if( scheme->scheme != TPM_ALG_XOR in SchemeChecks()
470 || scheme->details.xor_.hashAlg == TPM_ALG_NULL) in SchemeChecks()
472 if(scheme->details.xor_.kdf == TPM_ALG_NULL) in SchemeChecks()
477 if( scheme->scheme != TPM_ALG_HMAC in SchemeChecks()
478 || scheme->details.hmac.hashAlg == TPM_ALG_NULL) in SchemeChecks()
483 else if (publicArea->type == TPM_ALG_SYMCIPHER) in SchemeChecks()
486 if( publicArea->objectAttributes.decrypt == CLEAR in SchemeChecks()
487 || publicArea->objectAttributes.sign == SET in SchemeChecks()
504 // TPM_RC_ASYMMETRIC non-duplicable storage key and its parent have different …
509 // sensitive data for an asymmetric key; attempt to create a…
511 // TPM_RC_HASH non-duplicable storage key and its parent have different …
520 …M_RC_SYMMETRIC a storage key with no symmetric algorithm specified; or non-storage
522 // TPM_RC_TYPE unexpected object type; or non-duplicable storage key and…
536 if (publicArea->nameAlg == TPM_ALG_NULL) in PublicAttributesValidation()
539 if( publicArea->authPolicy.t.size != 0 in PublicAttributesValidation()
540 && ( publicArea->authPolicy.t.size in PublicAttributesValidation()
541 != CryptGetHashDigestSize(publicArea->nameAlg) in PublicAttributesValidation()
548 || parentObject->publicArea.objectAttributes.fixedTPM == SET) in PublicAttributesValidation()
550 if( publicArea->objectAttributes.fixedParent in PublicAttributesValidation()
551 != publicArea->objectAttributes.fixedTPM in PublicAttributesValidation()
557 if(publicArea->objectAttributes.fixedTPM == SET) in PublicAttributesValidation()
561 if ( publicArea->objectAttributes.restricted == SET in PublicAttributesValidation()
562 && ( publicArea->objectAttributes.decrypt in PublicAttributesValidation()
563 == publicArea->objectAttributes.sign) in PublicAttributesValidation()
567 if( publicArea->objectAttributes.fixedTPM == SET in PublicAttributesValidation()
568 && publicArea->objectAttributes.encryptedDuplication == SET) in PublicAttributesValidation()
574 && parentObject->publicArea.objectAttributes.fixedTPM == CLEAR) in PublicAttributesValidation()
576 && ( publicArea->objectAttributes.encryptedDuplication in PublicAttributesValidation()
577 != parentObject->publicArea.objectAttributes.encryptedDuplication in PublicAttributesValidation()
607 &outCreation->t.creationData.pcrDigest); in FillInCreationData()
609 outCreation->t.creationData.pcrSelect = *creationPCR; in FillInCreationData()
611 outCreation->t.creationData.locality in FillInCreationData()
613 outCreation->t.creationData.parentNameAlg = TPM_ALG_NULL; in FillInCreationData()
618 BYTE *buffer = &outCreation->t.creationData.parentName.t.name[0]; in FillInCreationData()
620 outCreation->t.creationData.parentName.t.size = in FillInCreationData()
624 MemoryCopy2B(&outCreation->t.creationData.parentQualifiedName.b, in FillInCreationData()
625 &outCreation->t.creationData.parentName.b, in FillInCreationData()
626 sizeof(outCreation->t.creationData.parentQualifiedName.t.name)); in FillInCreationData()
632 outCreation->t.creationData.parentNameAlg = in FillInCreationData()
633 parentObject->publicArea.nameAlg; in FillInCreationData()
635 outCreation->t.creationData.parentName = parentObject->name; in FillInCreationData()
637 outCreation->t.creationData.parentQualifiedName = in FillInCreationData()
638 parentObject->qualifiedName; in FillInCreationData()
641 outCreation->t.creationData.outsideInfo = *outsideData; in FillInCreationData()
645 outCreation->t.size = TPMS_CREATION_DATA_Marshal(&outCreation->t.creationData, in FillInCreationData()
648 creationDigest->t.size = CryptStartHash(nameHashAlg, &hashState); in FillInCreationData()
649 CryptUpdateDigest(&hashState, outCreation->t.size, creationBuffer); in FillInCreationData()
650 CryptCompleteHash2B(&hashState, &creationDigest->b); in FillInCreationData()
668 // case, use nullProof as seed. in GetSeedForKDF()
682 return (TPM2B_SEED *) &protector->sensitive.seedValue; in GetSeedForKDF()
690 …function produce outer wrap for a buffer containing the sensitive data. It requires the sensitive …
692 // space should be reserved at the beginning of the buffer. It assumes the sensitive data star…
694 // a) Add IV before sensitive area if required
695 // b) encrypt sensitive data, if iv is required, encrypt by iv. otherwise, encrypted by a NULL…
710 UINT16 dataSize, // IN: the size of sensitive data, excluding the in ProduceOuterWrap()
713 BYTE *outerBuffer // IN/OUT: outer buffer with sensitive data in in ProduceOuterWrap()
723 BYTE *sensitiveData; // pointer to the sensitive data in ProduceOuterWrap()
728 // Compute the beginning of sensitive data. The outer integrity should in ProduceOuterWrap()
732 // If iv is used, adjust the pointer of sensitive data and add iv before it in ProduceOuterWrap()
738 ivRNG.t.size = ivSize - sizeof(UINT16); in ProduceOuterWrap()
744 // adjust sensitive data starting after IV area in ProduceOuterWrap()
772 // This function remove the outer wrap of a blob containing sensitive data This function perfo…
778 // TPM_RC_INSUFFICIENT error during sensitive data unmarshaling
779 // TPM_RC_INTEGRITY sensitive data integrity is broken
780 // TPM_RC_SIZE error during sensitive data unmarshaling
795 UINT16 dataSize, // IN: size of sensitive data in outerBuffer, in UnwrapOuter()
798 BYTE *outerBuffer // IN/OUT: sensitive data in UnwrapOuter()
807 BYTE *sensitiveData; // pointer to the sensitive data in UnwrapOuter()
855 // b) apply encryption to the sensitive area.
860 TPMT_SENSITIVE *sensitive, // IN: sensitive structure in SensitiveToPrivate() argument
865 // NULL, in which case the object is in SensitiveToPrivate()
872 BYTE *sensitiveData; // pointer to the sensitive data in SensitiveToPrivate()
877 pAssert(name != NULL && name->t.size != 0); in SensitiveToPrivate()
889 // Starting of sensitive data without wrappers in SensitiveToPrivate()
890 sensitiveData = outPrivate->t.buffer; in SensitiveToPrivate()
899 // Marshal sensitive area, leaving the leading 2 bytes for size in SensitiveToPrivate()
902 dataSize = TPMT_SENSITIVE_Marshal(sensitive, &buffer, &bufferSize); in SensitiveToPrivate()
910 sensitiveData = outPrivate->t.buffer + ivSize; in SensitiveToPrivate()
912 outPrivate->t.size = ProduceOuterWrap(parentHandle, name, hashAlg, NULL, in SensitiveToPrivate()
913 TRUE, dataSize, outPrivate->t.buffer); in SensitiveToPrivate()
920 // Unwrap a input private area. Check the integrity, decrypt and retrieve data to a sensitive …
946 TPMT_SENSITIVE *sensitive // OUT: sensitive structure in PrivateToSensitive() argument
952 BYTE *sensitiveData; // pointer to the sensitive data in PrivateToSensitive()
960 pAssert(name != NULL && name->t.size != 0); in PrivateToSensitive()
974 inPrivate->t.size, inPrivate->t.buffer); in PrivateToSensitive()
981 // The starting of sensitive data and data size without outer wrapper in PrivateToSensitive()
982 sensitiveData = inPrivate->t.buffer + integritySize + ivSize; in PrivateToSensitive()
983 dataSize = inPrivate->t.size - integritySize - ivSize; in PrivateToSensitive()
994 // Unmarshal sensitive buffer to sensitive structure in PrivateToSensitive()
995 result = TPMT_SENSITIVE_Unmarshal(sensitive, &buffer, &size); in PrivateToSensitive()
999 || parent->publicArea.objectAttributes.fixedTPM == CLEAR); in PrivateToSensitive()
1007 MemoryRemoveTrailingZeros(&(sensitive->authValue)); in PrivateToSensitive()
1017 // This function prepare the duplication blob from the sensitive area. The operations in this …
1019 // b) apply inner wrap to the sensitive area if required
1024 TPMT_SENSITIVE *sensitive, // IN: sensitive structure in SensitiveToDuplicate() argument
1047 BYTE *sensitiveData; // pointer to the sensitive data in SensitiveToDuplicate()
1054 pAssert(name != NULL && name->t.size != 0); in SensitiveToDuplicate()
1057 // Starting of sensitive data without wrappers in SensitiveToDuplicate()
1058 sensitiveData = outPrivate->t.buffer; in SensitiveToDuplicate()
1060 if(symDef->algorithm != TPM_ALG_NULL) in SensitiveToDuplicate()
1065 // Adjust sensitive data pointer in SensitiveToDuplicate()
1069 if(seed->t.size != 0) in SensitiveToDuplicate()
1074 // Adjust sensitive data pointer in SensitiveToDuplicate()
1077 // Marshal sensitive area, leaving the leading 2 bytes for size in SensitiveToDuplicate()
1080 dataSize = TPMT_SENSITIVE_Marshal(sensitive, &buffer, &bufferSize); in SensitiveToDuplicate()
1093 innerBuffer = outPrivate->t.buffer; in SensitiveToDuplicate()
1100 if(innerSymKey->t.size == 0) in SensitiveToDuplicate()
1102 innerSymKey->t.size = (symDef->keyBits.sym + 7) / 8; in SensitiveToDuplicate()
1103 CryptGenerateRandom(innerSymKey->t.size, innerSymKey->t.buffer); in SensitiveToDuplicate()
1110 pAssert(innerSymKey->t.size == (symDef->keyBits.sym + 7) / 8); in SensitiveToDuplicate()
1113 CryptSymmetricEncrypt(innerBuffer, symDef->algorithm, in SensitiveToDuplicate()
1114 symDef->keyBits.sym, TPM_ALG_CFB, in SensitiveToDuplicate()
1115 innerSymKey->t.buffer, NULL, dataSize, in SensitiveToDuplicate()
1120 innerSymKey->t.size = 0; in SensitiveToDuplicate()
1127 dataSize, outPrivate->t.buffer); in SensitiveToDuplicate()
1130 outPrivate->t.size = dataSize; in SensitiveToDuplicate()
1137 // Unwrap a duplication blob. Check the integrity, decrypt and retrieve data to a sensitive s…
1145 // TPM_RC_INSUFFICIENT unmarshaling sensitive data from inPrivate failed
1147 // TPM_RC_SIZE unmarshaling sensitive data from inPrivate failed
1165 TPMT_SENSITIVE *sensitive // OUT: sensitive structure in DuplicateToSensitive() argument
1171 BYTE *sensitiveData; // pointer to the sensitive data in DuplicateToSensitive()
1175 pAssert(name != NULL && name->t.size != 0); in DuplicateToSensitive()
1178 // Starting of sensitive data in DuplicateToSensitive()
1179 sensitiveData = inPrivate->t.buffer; in DuplicateToSensitive()
1180 dataSize = inPrivate->t.size; in DuplicateToSensitive()
1182 if(seed->t.size != 0) in DuplicateToSensitive()
1191 // Adjust sensitive data pointer and size in DuplicateToSensitive()
1193 dataSize -= sizeof(UINT16) + CryptGetHashDigestSize(outerHash); in DuplicateToSensitive()
1196 if(symDef->algorithm != TPM_ALG_NULL) in DuplicateToSensitive()
1200 pAssert(innerSymKey->t.size == (symDef->keyBits.sym + 7) / 8); in DuplicateToSensitive()
1202 CryptSymmetricDecrypt(sensitiveData, symDef->algorithm, in DuplicateToSensitive()
1203 symDef->keyBits.sym, TPM_ALG_CFB, in DuplicateToSensitive()
1204 innerSymKey->t.buffer, NULL, dataSize, in DuplicateToSensitive()
1212 // Adjust sensitive data pointer and size in DuplicateToSensitive()
1214 dataSize -= sizeof(UINT16) + CryptGetHashDigestSize(innerHash); in DuplicateToSensitive()
1226 // Unmarshal sensitive buffer to sensitive structure in DuplicateToSensitive()
1227 result = TPMT_SENSITIVE_Unmarshal(sensitive, &buffer, &size); in DuplicateToSensitive()
1236 MemoryRemoveTrailingZeros(&(sensitive->authValue)); in DuplicateToSensitive()
1261 BYTE *sensitiveData; // pointer to the sensitive data in SecretToCredential()
1268 sensitiveData = outIDObject->t.credential in SecretToCredential()
1275 outIDObject->t.size = ProduceOuterWrap(protector, in SecretToCredential()
1281 outIDObject->t.credential); in SecretToCredential()
1314 BYTE *sensitiveData; // pointer to the sensitive data in CredentialToSecret()
1320 inIDObject->t.size, inIDObject->t.credential); in CredentialToSecret()
1323 // Compute the beginning of sensitive data in CredentialToSecret()
1324 sensitiveData = inIDObject->t.credential in CredentialToSecret()
1326 dataSize = inIDObject->t.size in CredentialToSecret()
1327 - (sizeof(UINT16) + CryptGetHashDigestSize(outerHash)); in CredentialToSecret()