| // This file was extracted from the TCG Published |
| // Trusted Platform Module Library |
| // Part 3: Commands |
| // Family "2.0" |
| // Level 00 Revision 01.16 |
| // October 30, 2014 |
| |
| #include "InternalRoutines.h" |
| #include "Policy_spt_fp.h" |
| #include "PolicySigned_fp.h" |
| // |
| // |
| // Error Returns Meaning |
| // |
| // TPM_RC_CPHASH cpHash was previously set to a different value |
| // TPM_RC_EXPIRED expiration indicates a time in the past or expiration is non-zero but no |
| // nonceTPM is present |
| // TPM_RC_HANDLE authObject need to have sensitive portion loaded |
| // TPM_RC_KEY authObject is not a signing scheme |
| // TPM_RC_NONCE nonceTPM is not the nonce associated with the policySession |
| // TPM_RC_SCHEME the signing scheme of auth is not supported by the TPM |
| // TPM_RC_SIGNATURE the signature is not genuine |
| // TPM_RC_SIZE input cpHash has wrong size |
| // TPM_RC_VALUE input policyID or expiration does not match the internal data in policy |
| // session |
| // |
| TPM_RC |
| TPM2_PolicySigned( |
| PolicySigned_In *in, // IN: input parameter list |
| PolicySigned_Out *out // OUT: output parameter list |
| ) |
| { |
| TPM_RC result = TPM_RC_SUCCESS; |
| SESSION *session; |
| TPM2B_NAME entityName; |
| TPM2B_DIGEST authHash; |
| HASH_STATE hashState; |
| UINT32 expiration = (in->expiration < 0) |
| ? -(in->expiration) : in->expiration; |
| UINT64 authTimeout = 0; |
| |
| // Input Validation |
| |
| // Set up local pointers |
| session = SessionGet(in->policySession); // the session structure |
| |
| // Only do input validation if this is not a trial policy session |
| if(session->attributes.isTrialPolicy == CLEAR) |
| { |
| if(expiration != 0) |
| authTimeout = expiration * 1000 + session->startTime; |
| |
| result = PolicyParameterChecks(session, authTimeout, |
| &in->cpHashA, &in->nonceTPM, |
| RC_PolicySigned_nonceTPM, |
| RC_PolicySigned_cpHashA, |
| RC_PolicySigned_expiration); |
| if(result != TPM_RC_SUCCESS) |
| return result; |
| |
| // Re-compute the digest being signed |
| /*(See part 3 specification) |
| // The digest is computed as: |
| // aHash := hash ( nonceTPM | expiration | cpHashA | policyRef) |
| // where: |
| // hash() the hash associated with the signed auth |
| // nonceTPM the nonceTPM value from the TPM2_StartAuthSession . |
| // response If the authorization is not limited to this |
| // session, the size of this value is zero. |
| // expiration time limit on authorization set by authorizing object. |
| // This 32-bit value is set to zero if the expiration |
| // time is not being set. |
| // cpHashA hash of the command parameters for the command being |
| // approved using the hash algorithm of the PSAP session. |
| // Set to NULLauth if the authorization is not limited |
| // to a specific command. |
| // policyRef hash of an opaque value determined by the authorizing |
| // object. Set to the NULLdigest if no hash is present. |
| */ |
| // Start hash |
| authHash.t.size = CryptStartHash(CryptGetSignHashAlg(&in->auth), |
| &hashState); |
| |
| // add nonceTPM |
| CryptUpdateDigest2B(&hashState, &in->nonceTPM.b); |
| |
| // add expiration |
| CryptUpdateDigestInt(&hashState, sizeof(UINT32), (BYTE*) &in->expiration); |
| |
| // add cpHashA |
| CryptUpdateDigest2B(&hashState, &in->cpHashA.b); |
| |
| // add policyRef |
| CryptUpdateDigest2B(&hashState, &in->policyRef.b); |
| |
| // Complete digest |
| CryptCompleteHash2B(&hashState, &authHash.b); |
| |
| // Validate Signature. A TPM_RC_SCHEME, TPM_RC_HANDLE or TPM_RC_SIGNATURE |
| // error may be returned at this point |
| result = CryptVerifySignature(in->authObject, &authHash, &in->auth); |
| if(result != TPM_RC_SUCCESS) |
| return RcSafeAddToResult(result, RC_PolicySigned_auth); |
| } |
| // Internal Data Update |
| // Need the Name of the signing entity |
| entityName.t.size = EntityGetName(in->authObject, &entityName.t.name); |
| |
| // Update policy with input policyRef and name of auth key |
| // These values are updated even if the session is a trial session |
| PolicyContextUpdate(TPM_CC_PolicySigned, &entityName, &in->policyRef, |
| &in->cpHashA, authTimeout, session); |
| |
| // Command Output |
| |
| // Create ticket and timeout buffer if in->expiration < 0 and this is not |
| // a trial session. |
| // NOTE: PolicyParameterChecks() makes sure that nonceTPM is present |
| // when expiration is non-zero. |
| if( in->expiration < 0 |
| && session->attributes.isTrialPolicy == CLEAR |
| ) |
| { |
| // Generate timeout buffer. The format of output timeout buffer is |
| // TPM-specific. |
| // Note: can't do a direct copy because the output buffer is a byte |
| // array and it may not be aligned to accept a 64-bit value. The method |
| // used has the side-effect of making the returned value a big-endian, |
| // 64-bit value that is byte aligned. |
| out->timeout.t.size = sizeof(UINT64); |
| UINT64_TO_BYTE_ARRAY(authTimeout, out->timeout.t.buffer); |
| |
| // Compute policy ticket |
| TicketComputeAuth(TPM_ST_AUTH_SIGNED, EntityGetHierarchy(in->authObject), |
| authTimeout, &in->cpHashA, &in->policyRef, &entityName, |
| &out->policyTicket); |
| } |
| else |
| { |
| // Generate a null ticket. |
| // timeout buffer is null |
| out->timeout.t.size = 0; |
| |
| // auth ticket is null |
| out->policyTicket.tag = TPM_ST_AUTH_SIGNED; |
| out->policyTicket.hierarchy = TPM_RH_NULL; |
| out->policyTicket.digest.t.size = 0; |
| } |
| |
| return TPM_RC_SUCCESS; |
| } |