/* * Copyright 2015 The Chromium OS Authors. All rights reserved. * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ #ifndef __TPM2_OBJECT_SPT_FP_H #define __TPM2_OBJECT_SPT_FP_H BOOL AreAttributesForParent(OBJECT *parentObject // IN: parent handle ); TPM_RC CredentialToSecret( TPM2B_ID_OBJECT *inIDObject, // IN: input credential blob TPM2B_NAME *name, // IN: the name of the object TPM2B_SEED *seed, // IN: an external seed. TPM_HANDLE protector, // IN: The protector's handle TPM2B_DIGEST *secret // OUT: secret information ); TPM_RC DuplicateToSensitive( TPM2B_PRIVATE *inPrivate, // IN: input private structure TPM2B_NAME *name, // IN: the name of the object TPM_HANDLE parentHandle, // IN: The parent's handle TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. TPM2B_SEED *seed, // IN: an external seed may be provided. If external // seed is provided with size of 0, no outer wrap is // applied TPMT_SYM_DEF_OBJECT *symDef, // IN: Symmetric key definition. If the // symmetric key algorithm is NULL, no inner // wrap is applied TPM2B_DATA *innerSymKey, // IN: a symmetric key may be provided to // decrypt the inner wrap of a duplication blob. TPMT_SENSITIVE *sensitive // OUT: sensitive structure ); void FillInCreationData( TPMI_DH_OBJECT parentHandle, // IN: handle of parent TPMI_ALG_HASH nameHashAlg, // IN: name hash algorithm TPML_PCR_SELECTION *creationPCR, // IN: PCR selection TPM2B_DATA *outsideData, // IN: outside data TPM2B_CREATION_DATA *outCreation, // OUT: creation data for output TPM2B_DIGEST *creationDigest // OUT: creation digest ); TPM2B_SEED *GetSeedForKDF( TPM_HANDLE protectorHandle, // IN: the protector handle TPM2B_SEED *seedIn // IN: the optional input seed ); TPM_RC PrivateToSensitive( TPM2B_PRIVATE *inPrivate, // IN: input private structure TPM2B_NAME *name, // IN: the name of the object TPM_HANDLE parentHandle, // IN: The parent's handle TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. It is passed // separately because we only pass name, rather than // the whole public area of the object. This parameter // is used in the following two cases: 1. primary // objects. 2. duplication blob with inner wrap. In // other cases, this parameter will be ignored TPMT_SENSITIVE *sensitive // OUT: sensitive structure ); UINT16 ProduceOuterWrap( TPM_HANDLE protector, // IN: The handle of the object that provides // protection. For object, it is parent handle. For // credential, it is the handle of encrypt object. TPM2B_NAME *name, // IN: the name of the object TPM_ALG_ID hashAlg, // IN: hash algorithm for outer wrap TPM2B_SEED *seed, // IN: an external seed may be provided for duplication // blob. For non duplication blob, this parameter // should be NULL BOOL useIV, // IN: indicate if an IV is used UINT16 dataSize, // IN: the size of sensitive data, excluding the leading // integrity buffer size or the optional iv size BYTE *outerBuffer // IN/OUT: outer buffer with sensitive data in it ); TPM_RC PublicAttributesValidation( BOOL load, // IN: TRUE if load checks, FALSE if TPM2_Create() TPMI_DH_OBJECT parentHandle, // IN: input parent handle TPMT_PUBLIC *publicArea // IN: public area of the object ); TPM_RC SchemeChecks( BOOL load, // IN: TRUE if load checks, FALSE if TPM2_Create() TPMI_DH_OBJECT parentHandle, // IN: input parent handle TPMT_PUBLIC *publicArea // IN: public area of the object ); void SecretToCredential( TPM2B_DIGEST *secret, // IN: secret information TPM2B_NAME *name, // IN: the name of the object TPM2B_SEED *seed, // IN: an external seed. TPM_HANDLE protector, // IN: The protector's handle TPM2B_ID_OBJECT *outIDObject // OUT: output credential ); void SensitiveToDuplicate( TPMT_SENSITIVE *sensitive, // IN: sensitive structure TPM2B_NAME *name, // IN: the name of the object TPM_HANDLE parentHandle, // IN: The new parent's handle TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. It is passed // separately because we only pass name, rather than // the whole public area of the object. TPM2B_SEED *seed, // IN: the external seed. If external seed is provided // with size of 0, no outer wrap should be applied to // duplication blob. TPMT_SYM_DEF_OBJECT *symDef, // IN: Symmetric key definition. If the // symmetric key algorithm is NULL, no inner // wrap should be applied. TPM2B_DATA *innerSymKey, // IN/OUT: a symmetric key may be provided to // encrypt the inner wrap of a duplication blob. // May be generated here if needed. TPM2B_PRIVATE *outPrivate // OUT: output private structure ); void SensitiveToPrivate( TPMT_SENSITIVE *sensitive, // IN: sensitive structure TPM2B_NAME *name, // IN: the name of the object TPM_HANDLE parentHandle, // IN: The parent's handle TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. This parameter // is used when parentHandle is NULL, in which case // the object is temporary. TPM2B_PRIVATE *outPrivate // OUT: output private structure ); TPM_RC UnwrapOuter( TPM_HANDLE protector, // IN: The handle of the object that provides // protection. For object, it is parent handle. For // credential, it is the handle of encrypt object. TPM2B_NAME *name, // IN: the name of the object TPM_ALG_ID hashAlg, // IN: hash algorithm for outer wrap TPM2B_SEED *seed, // IN: an external seed may be provided for duplication // blob. For non duplication blob, this parameter // should be NULL. BOOL useIV, // IN: indicates if an IV is used UINT16 dataSize, // IN: size of sensitive data in outerBuffer, including // the leading integrity buffer size, and an optional iv // area BYTE *outerBuffer // IN/OUT: sensitive data ); #endif // __TPM2_OBJECT_SPT_FP_H