// This file was extracted from the TCG Published
// Trusted Platform Module Library
// Part 4: Supporting Routines
// Family "2.0"
// Level 00 Revision 01.16
// October 30, 2014
#include "InternalRoutines.h"
//
//
// 10.3.3 Functions
//
// 10.3.3.1 TicketIsSafe()
//
// This function indicates if producing a ticket is safe. It checks if the leading bytes of an input buffer is
// TPM_GENERATED_VALUE or its substring of canonical form. If so, it is not safe to produce ticket for an
// input buffer claiming to be TPM generated buffer
//
// Return Value Meaning
//
// TRUE It is safe to produce ticket
// FALSE It is not safe to produce ticket
//
BOOL
TicketIsSafe(
TPM2B *buffer
)
{
TPM_GENERATED valueToCompare = TPM_GENERATED_VALUE;
BYTE bufferToCompare[sizeof(valueToCompare)];
BYTE *marshalBuffer;
INT32 bufferSize;
// If the buffer size is less than the size of TPM_GENERATED_VALUE, assume
// it is not safe to generate a ticket
if(buffer->size < sizeof(valueToCompare))
return FALSE;
marshalBuffer = bufferToCompare;
bufferSize = sizeof(TPM_GENERATED);
TPM_GENERATED_Marshal(&valueToCompare, &marshalBuffer, &bufferSize);
if(MemoryEqual(buffer->buffer, bufferToCompare, sizeof(valueToCompare)))
return FALSE;
else
return TRUE;
}
//
//
// 10.3.3.2 TicketComputeVerified()
//
// This function creates a TPMT_TK_VERIFIED ticket.
//
void
TicketComputeVerified(
TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket
TPM2B_DIGEST *digest, // IN: digest
TPM2B_NAME *keyName, // IN: name of key that signed the value
TPMT_TK_VERIFIED *ticket // OUT: verified ticket
)
{
TPM2B_AUTH *proof;
HMAC_STATE hmacState;
// Fill in ticket fields
ticket->tag = TPM_ST_VERIFIED;
ticket->hierarchy = hierarchy;
// Use the proof value of the hierarchy
proof = HierarchyGetProof(hierarchy);
// Start HMAC
ticket->digest.t.size = CryptStartHMAC2B(CONTEXT_INTEGRITY_HASH_ALG,
&proof->b, &hmacState);
// add TPM_ST_VERIFIED
CryptUpdateDigestInt(&hmacState, sizeof(TPM_ST), &ticket->tag);
// add digest
CryptUpdateDigest2B(&hmacState, &digest->b);
// add key name
CryptUpdateDigest2B(&hmacState, &keyName->b);
// complete HMAC
CryptCompleteHMAC2B(&hmacState, &ticket->digest.b);
return;
}
//
//
// 10.3.3.3 TicketComputeAuth()
//
// This function creates a TPMT_TK_AUTH ticket.
//
void
TicketComputeAuth(
TPM_ST type, // IN: the type of ticket.
TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket
UINT64 timeout, // IN: timeout
TPM2B_DIGEST *cpHashA, // IN: input cpHashA
TPM2B_NONCE *policyRef, // IN: input policyRef
TPM2B_NAME *entityName, // IN: name of entity
TPMT_TK_AUTH *ticket // OUT: Created ticket
)
{
TPM2B_AUTH *proof;
HMAC_STATE hmacState;
// Get proper proof
proof = HierarchyGetProof(hierarchy);
// Fill in ticket fields
ticket->tag = type;
ticket->hierarchy = hierarchy;
// Start HMAC
ticket->digest.t.size = CryptStartHMAC2B(CONTEXT_INTEGRITY_HASH_ALG,
&proof->b, &hmacState);
// Adding TPM_ST_AUTH
CryptUpdateDigestInt(&hmacState, sizeof(UINT16), &ticket->tag);
// Adding timeout
CryptUpdateDigestInt(&hmacState, sizeof(UINT64), &timeout);
// Adding cpHash
CryptUpdateDigest2B(&hmacState, &cpHashA->b);
// Adding policyRef
CryptUpdateDigest2B(&hmacState, &policyRef->b);
// Adding keyName
CryptUpdateDigest2B(&hmacState, &entityName->b);
// Compute HMAC
CryptCompleteHMAC2B(&hmacState, &ticket->digest.b);
return;
}
//
//
// 10.3.3.4 TicketComputeHashCheck()
//
// This function creates a TPMT_TK_HASHCHECK ticket.
//
void
TicketComputeHashCheck(
TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket
TPM_ALG_ID hashAlg, // IN: the hash algorithm used to create
// 'digest'
TPM2B_DIGEST *digest, // IN: input digest
TPMT_TK_HASHCHECK *ticket // OUT: Created ticket
)
{
TPM2B_AUTH *proof;
HMAC_STATE hmacState;
// Get proper proof
proof = HierarchyGetProof(hierarchy);
// Fill in ticket fields
ticket->tag = TPM_ST_HASHCHECK;
ticket->hierarchy = hierarchy;
ticket->digest.t.size = CryptStartHMAC2B(CONTEXT_INTEGRITY_HASH_ALG,
&proof->b, &hmacState);
// Add TPM_ST_HASHCHECK
CryptUpdateDigestInt(&hmacState, sizeof(TPM_ST), &ticket->tag);
//
// Add hash algorithm
CryptUpdateDigestInt(&hmacState, sizeof(hashAlg), &hashAlg);
// Add digest
CryptUpdateDigest2B(&hmacState, &digest->b);
// Compute HMAC
CryptCompleteHMAC2B(&hmacState, &ticket->digest.b);
return;
}
//
//
// 10.3.3.5 TicketComputeCreation()
//
// This function creates a TPMT_TK_CREATION ticket.
//
void
TicketComputeCreation(
TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy for ticket
TPM2B_NAME *name, // IN: object name
TPM2B_DIGEST *creation, // IN: creation hash
TPMT_TK_CREATION *ticket // OUT: created ticket
)
{
TPM2B_AUTH *proof;
HMAC_STATE hmacState;
// Get proper proof
proof = HierarchyGetProof(hierarchy);
// Fill in ticket fields
ticket->tag = TPM_ST_CREATION;
ticket->hierarchy = hierarchy;
ticket->digest.t.size = CryptStartHMAC2B(CONTEXT_INTEGRITY_HASH_ALG,
&proof->b, &hmacState);
// Add TPM_ST_CREATION
CryptUpdateDigestInt(&hmacState, sizeof(TPM_ST), &ticket->tag);
// Add name
CryptUpdateDigest2B(&hmacState, &name->b);
// Add creation hash
CryptUpdateDigest2B(&hmacState, &creation->b);
// Compute HMAC
CryptCompleteHMAC2B(&hmacState, &ticket->digest.b);
return;
}