// This file was extracted from the TCG Published
// Trusted Platform Module Library
// Part 3: Commands
// Family "2.0"
// Level 00 Revision 01.16
// October 30, 2014
#include "InternalRoutines.h"
#include "Attest_spt_fp.h"
#include "GetSessionAuditDigest_fp.h"
//
//
// Error Returns Meaning
//
// TPM_RC_KEY key referenced by signHandle is not a signing key
// TPM_RC_SCHEME inScheme is incompatible with signHandle type; or both scheme and
// key's default scheme are empty; or scheme is empty while key's
// default scheme requires explicit input scheme (split signing); or non-
// empty default key scheme differs from scheme
// TPM_RC_TYPE sessionHandle does not reference an audit session
// TPM_RC_VALUE digest generated for the given scheme is greater than the modulus of
// signHandle (for an RSA key); invalid commit status or failed to
// generate r value (for an ECC key)
//
TPM_RC
TPM2_GetSessionAuditDigest(
GetSessionAuditDigest_In *in, // IN: input parameter list
GetSessionAuditDigest_Out *out // OUT: output parameter list
)
{
TPM_RC result;
SESSION *session;
TPMS_ATTEST auditInfo;
// Input Validation
// SessionAuditDigest specific input validation
// Get session pointer
session = SessionGet(in->sessionHandle);
// session must be an audit session
if(session->attributes.isAudit == CLEAR)
return TPM_RC_TYPE + RC_GetSessionAuditDigest_sessionHandle;
// Command Output
// Filling in attest information
// Common fields
result = FillInAttestInfo(in->signHandle,
&in->inScheme,
&in->qualifyingData,
&auditInfo);
if(result != TPM_RC_SUCCESS)
{
if(result == TPM_RC_KEY)
return TPM_RC_KEY + RC_GetSessionAuditDigest_signHandle;
else
return RcSafeAddToResult(result, RC_GetSessionAuditDigest_inScheme);
}
// SessionAuditDigest specific fields
// Attestation type
auditInfo.type = TPM_ST_ATTEST_SESSION_AUDIT;
// Copy digest
auditInfo.attested.sessionAudit.sessionDigest = session->u2.auditDigest;
// Exclusive audit session
if(g_exclusiveAuditSession == in->sessionHandle)
auditInfo.attested.sessionAudit.exclusiveSession = TRUE;
else
auditInfo.attested.sessionAudit.exclusiveSession = FALSE;
// Sign attestation structure. A NULL signature will be returned if
// signHandle is TPM_RH_NULL. A TPM_RC_NV_UNAVAILABLE, TPM_RC_NV_RATE,
// TPM_RC_VALUE, TPM_RC_SCHEME or TPM_RC_ATTRIBUTES error may be returned at
// this point
result = SignAttestInfo(in->signHandle,
&in->inScheme,
&auditInfo,
&in->qualifyingData,
&out->auditInfo,
&out->signature);
if(result != TPM_RC_SUCCESS)
return result;
// orderly state should be cleared because of the reporting of clock info
// if signing happens
if(in->signHandle != TPM_RH_NULL)
g_clearOrderly = TRUE;
return TPM_RC_SUCCESS;
}