/src/tpm2/HierarchyChangeAuth.c

Source
// This file was extracted from the TCG Published
// Trusted Platform Module Library
// Part 3: Commands
// Family "2.0"
// Level 00 Revision 01.16
// October 30, 2014

#include "InternalRoutines.h"
#include "HierarchyChangeAuth_fp.h"
#include "Object_spt_fp.h"
//
//
//     Error Returns                     Meaning
//
//     TPM_RC_SIZE                       newAuth size is greater than that of integrity hash digest
//
TPM_RC
TPM2_HierarchyChangeAuth(
   HierarchyChangeAuth_In    *in                    // IN: input parameter list
   )
{
   TPM_RC       result;

   // The command needs NV update. Check if NV is available.
   // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at
   // this point
   result = NvIsAvailable();
   if(result != TPM_RC_SUCCESS) return result;

   // Make sure the the auth value is a reasonable size (not larger than
   // the size of the digest produced by the integrity hash. The integrity
   // hash is assumed to produce the longest digest of any hash implemented
   // on the TPM.
   if( MemoryRemoveTrailingZeros(&in->newAuth)
           > CryptGetHashDigestSize(CONTEXT_INTEGRITY_HASH_ALG))
       return TPM_RC_SIZE + RC_HierarchyChangeAuth_newAuth;

   // Set hierarchy authValue
   switch(in->authHandle)
   {
   case TPM_RH_OWNER:
       gp.ownerAuth = in->newAuth;
       NvWriteReserved(NV_OWNER_AUTH, &gp.ownerAuth);
       break;
   case TPM_RH_ENDORSEMENT:
       gp.endorsementAuth = in->newAuth;
       NvWriteReserved(NV_ENDORSEMENT_AUTH, &gp.endorsementAuth);
       break;
   case TPM_RH_PLATFORM:
       gc.platformAuth = in->newAuth;
       // orderly state should be cleared
       g_clearOrderly = TRUE;
       break;
   case TPM_RH_LOCKOUT:
       gp.lockoutAuth = in->newAuth;
       NvWriteReserved(NV_LOCKOUT_AUTH, &gp.lockoutAuth);
       break;
   default:
       pAssert(FALSE);
       break;
   }

   return TPM_RC_SUCCESS;
}

Coverage Report

Created: 2025-10-10 06:20

Line	Count	Source
1		// This file was extracted from the TCG Published
2		// Trusted Platform Module Library
3		// Part 3: Commands
4		// Family "2.0"
5		// Level 00 Revision 01.16
6		// October 30, 2014
7
8		#include "InternalRoutines.h"
9		#include "HierarchyChangeAuth_fp.h"
10		#include "Object_spt_fp.h"
11		//
12		//
13		// Error Returns Meaning
14		//
15		// TPM_RC_SIZE newAuth size is greater than that of integrity hash digest
16		//
17		TPM_RC
18		TPM2_HierarchyChangeAuth(
19		HierarchyChangeAuth_In *in // IN: input parameter list
20		)
21	5	{
22	5	TPM_RC result;
23
24		// The command needs NV update. Check if NV is available.
25		// A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at
26		// this point
27	5	result = NvIsAvailable();
28	5	if(result != TPM_RC_SUCCESS) return result;
29
30		// Make sure the the auth value is a reasonable size (not larger than
31		// the size of the digest produced by the integrity hash. The integrity
32		// hash is assumed to produce the longest digest of any hash implemented
33		// on the TPM.
34	5	if( MemoryRemoveTrailingZeros(&in->newAuth)
35	5	> CryptGetHashDigestSize(CONTEXT_INTEGRITY_HASH_ALG))
36	3	return TPM_RC_SIZE + RC_HierarchyChangeAuth_newAuth;
37
38		// Set hierarchy authValue
39	2	switch(in->authHandle)
40	2	{
41	1	case TPM_RH_OWNER:
42	1	gp.ownerAuth = in->newAuth;
43	1	NvWriteReserved(NV_OWNER_AUTH, &gp.ownerAuth);
44	1	break;
45	0	case TPM_RH_ENDORSEMENT:
46	0	gp.endorsementAuth = in->newAuth;
47	0	NvWriteReserved(NV_ENDORSEMENT_AUTH, &gp.endorsementAuth);
48	0	break;
49	0	case TPM_RH_PLATFORM:
50	0	gc.platformAuth = in->newAuth;
51		// orderly state should be cleared
52	0	g_clearOrderly = TRUE;
53	0	break;
54	1	case TPM_RH_LOCKOUT:
55	1	gp.lockoutAuth = in->newAuth;
56	1	NvWriteReserved(NV_LOCKOUT_AUTH, &gp.lockoutAuth);
57	1	break;
58	0	default:
59	0	pAssert(FALSE);
60	0	break;
61	2	}
62
63	2	return TPM_RC_SUCCESS;
64	2	}