Coverage Report

Created: 2025-07-11 06:15

/src/tpm2/Context_spt.c
Line
Count
Source (jump to first uncovered line)
1
// This file was extracted from the TCG Published
2
// Trusted Platform Module Library
3
// Part 4: Supporting Routines
4
// Family "2.0"
5
// Level 00 Revision 01.16
6
// October 30, 2014
7
8
#include "InternalRoutines.h"
9
#include "Context_spt_fp.h"
10
//
11
//
12
//            Functions
13
//
14
//              ComputeContextProtectionKey()
15
//
16
//      This function retrieves the symmetric protection key for context encryption It is used by
17
//      TPM2_ConextSave() and TPM2_ContextLoad() to create the symmetric encryption key and iv
18
//
19
void
20
ComputeContextProtectionKey(
21
     TPMS_CONTEXT      *contextBlob,    // IN: context blob
22
     TPM2B_SYM_KEY     *symKey,         // OUT: the symmetric key
23
     TPM2B_IV          *iv              // OUT: the IV.
24
     )
25
0
{
26
0
     UINT16             symKeyBits;     // number of bits in the parent's
27
                                        //   symmetric key
28
0
     TPM2B_AUTH        *proof = NULL;   // the proof value to use. Is null for
29
                                        //   everything but a primary object in
30
                                        //   the Endorsement Hierarchy
31
0
     BYTE               kdfResult[sizeof(TPMU_HA) * 2];// Value produced by the KDF
32
0
     TPM2B_DATA         sequence2B, handle2B;
33
     // Get proof value
34
0
     proof = HierarchyGetProof(contextBlob->hierarchy);
35
     // Get sequence value in 2B format
36
0
     sequence2B.t.size = sizeof(contextBlob->sequence);
37
0
     MemoryCopy(sequence2B.t.buffer, &contextBlob->sequence,
38
0
                sizeof(contextBlob->sequence),
39
0
                sizeof(sequence2B.t.buffer));
40
     // Get handle value in 2B format
41
0
     handle2B.t.size = sizeof(contextBlob->savedHandle);
42
0
     MemoryCopy(handle2B.t.buffer, &contextBlob->savedHandle,
43
0
                sizeof(contextBlob->savedHandle),
44
0
                sizeof(handle2B.t.buffer));
45
     // Get the symmetric encryption key size
46
0
     symKey->t.size = CONTEXT_ENCRYPT_KEY_BYTES;
47
//
48
0
   symKeyBits = CONTEXT_ENCRYPT_KEY_BITS;
49
   // Get the size of the IV for the algorithm
50
0
   iv->t.size = CryptGetSymmetricBlockSize(CONTEXT_ENCRYPT_ALG, symKeyBits);
51
   // KDFa to generate symmetric key and IV value
52
0
   KDFa(CONTEXT_INTEGRITY_HASH_ALG, &proof->b, "CONTEXT", &sequence2B.b,
53
0
        &handle2B.b, (symKey->t.size + iv->t.size) * 8, kdfResult, NULL);
54
   // Copy part of the returned value as the key
55
0
   MemoryCopy(symKey->t.buffer, kdfResult, symKey->t.size,
56
0
              sizeof(symKey->t.buffer));
57
   // Copy the rest as the IV
58
0
   MemoryCopy(iv->t.buffer, &kdfResult[symKey->t.size], iv->t.size,
59
0
              sizeof(iv->t.buffer));
60
0
   return;
61
0
}
62
//
63
//
64
//         ComputeContextIntegrity()
65
//
66
//     Generate the integrity hash for a context It is used by TPM2_ContextSave() to create an integrity hash
67
//     and by TPM2_ContextLoad() to compare an integrity hash
68
//
69
void
70
ComputeContextIntegrity(
71
   TPMS_CONTEXT       *contextBlob,      // IN: context blob
72
   TPM2B_DIGEST       *integrity         // OUT: integrity
73
   )
74
0
{
75
0
   HMAC_STATE              hmacState;
76
0
   TPM2B_AUTH              *proof;
77
0
   UINT16                  integritySize;
78
   // Get proof value
79
0
   proof = HierarchyGetProof(contextBlob->hierarchy);
80
   // Start HMAC
81
0
   integrity->t.size = CryptStartHMAC2B(CONTEXT_INTEGRITY_HASH_ALG,
82
0
                                        &proof->b, &hmacState);
83
   // Compute integrity size at the beginning of context blob
84
0
   integritySize = sizeof(integrity->t.size) + integrity->t.size;
85
   // Adding total reset counter so that the context cannot be
86
   // used after a TPM Reset
87
0
   CryptUpdateDigestInt(&hmacState, sizeof(gp.totalResetCount),
88
0
                        &gp.totalResetCount);
89
   // If this is a ST_CLEAR object, add the clear count
90
   // so that this contest cannot be loaded after a TPM Restart
91
0
   if(contextBlob->savedHandle == 0x80000002)
92
0
       CryptUpdateDigestInt(&hmacState, sizeof(gr.clearCount), &gr.clearCount);
93
   // Adding sequence number to the HMAC to make sure that it doesn't
94
   // get changed
95
0
   CryptUpdateDigestInt(&hmacState, sizeof(contextBlob->sequence),
96
0
                        &contextBlob->sequence);
97
   // Protect the handle
98
0
   CryptUpdateDigestInt(&hmacState, sizeof(contextBlob->savedHandle),
99
0
                         &contextBlob->savedHandle);
100
   // Adding sensitive contextData, skip the leading integrity area
101
0
     CryptUpdateDigest(&hmacState, contextBlob->contextBlob.t.size - integritySize,
102
0
                       contextBlob->contextBlob.t.buffer + integritySize);
103
     // Complete HMAC
104
0
     CryptCompleteHMAC2B(&hmacState, &integrity->b);
105
0
     return;
106
0
}
107
//
108
//
109
//           SequenceDataImportExport()
110
//
111
//      This function is used scan through the sequence object and either modify the hash state data for
112
//      LIB_EXPORT or to import it into the internal format
113
//
114
void
115
SequenceDataImportExport(
116
     OBJECT           *object,          // IN: the object containing the sequence data
117
     OBJECT           *exportObject,    // IN/OUT: the object structure that will get
118
                                        //     the exported hash state
119
     IMPORT_EXPORT     direction
120
     )
121
0
{
122
0
     int                      count = 1;
123
0
     HASH_OBJECT             *internalFmt = (HASH_OBJECT *)object;
124
0
     HASH_OBJECT             *externalFmt = (HASH_OBJECT *)exportObject;
125
0
     if(object->attributes.eventSeq)
126
0
         count = HASH_COUNT;
127
0
     for(; count; count--)
128
0
         CryptHashStateImportExport(&internalFmt->state.hashState[count - 1],
129
0
                              externalFmt->state.hashState, direction);
130
0
}