Vadim Bendebury | 5679752 | 2015-05-20 10:32:25 -0700 | [diff] [blame] | 1 | // This file was extracted from the TCG Published |
| 2 | // Trusted Platform Module Library |
| 3 | // Part 3: Commands |
| 4 | // Family "2.0" |
| 5 | // Level 00 Revision 01.16 |
| 6 | // October 30, 2014 |
| 7 | |
| 8 | #include "InternalRoutines.h" |
| 9 | #include "Policy_spt_fp.h" |
| 10 | #include "PolicySigned_fp.h" |
| 11 | // |
| 12 | // |
| 13 | // Error Returns Meaning |
| 14 | // |
| 15 | // TPM_RC_CPHASH cpHash was previously set to a different value |
| 16 | // TPM_RC_EXPIRED expiration indicates a time in the past or expiration is non-zero but no |
| 17 | // nonceTPM is present |
| 18 | // TPM_RC_HANDLE authObject need to have sensitive portion loaded |
| 19 | // TPM_RC_KEY authObject is not a signing scheme |
| 20 | // TPM_RC_NONCE nonceTPM is not the nonce associated with the policySession |
| 21 | // TPM_RC_SCHEME the signing scheme of auth is not supported by the TPM |
| 22 | // TPM_RC_SIGNATURE the signature is not genuine |
| 23 | // TPM_RC_SIZE input cpHash has wrong size |
| 24 | // TPM_RC_VALUE input policyID or expiration does not match the internal data in policy |
| 25 | // session |
| 26 | // |
| 27 | TPM_RC |
| 28 | TPM2_PolicySigned( |
| 29 | PolicySigned_In *in, // IN: input parameter list |
| 30 | PolicySigned_Out *out // OUT: output parameter list |
| 31 | ) |
| 32 | { |
| 33 | TPM_RC result = TPM_RC_SUCCESS; |
| 34 | SESSION *session; |
| 35 | TPM2B_NAME entityName; |
| 36 | TPM2B_DIGEST authHash; |
| 37 | HASH_STATE hashState; |
| 38 | UINT32 expiration = (in->expiration < 0) |
| 39 | ? -(in->expiration) : in->expiration; |
| 40 | UINT64 authTimeout = 0; |
| 41 | |
| 42 | // Input Validation |
| 43 | |
| 44 | // Set up local pointers |
| 45 | session = SessionGet(in->policySession); // the session structure |
| 46 | |
| 47 | // Only do input validation if this is not a trial policy session |
| 48 | if(session->attributes.isTrialPolicy == CLEAR) |
| 49 | { |
| 50 | if(expiration != 0) |
| 51 | authTimeout = expiration * 1000 + session->startTime; |
| 52 | |
| 53 | result = PolicyParameterChecks(session, authTimeout, |
| 54 | &in->cpHashA, &in->nonceTPM, |
| 55 | RC_PolicySigned_nonceTPM, |
| 56 | RC_PolicySigned_cpHashA, |
| 57 | RC_PolicySigned_expiration); |
| 58 | if(result != TPM_RC_SUCCESS) |
| 59 | return result; |
| 60 | |
| 61 | // Re-compute the digest being signed |
| 62 | /*(See part 3 specification) |
| 63 | // The digest is computed as: |
| 64 | // aHash := hash ( nonceTPM | expiration | cpHashA | policyRef) |
| 65 | // where: |
| 66 | // hash() the hash associated with the signed auth |
| 67 | // nonceTPM the nonceTPM value from the TPM2_StartAuthSession . |
| 68 | // response If the authorization is not limited to this |
| 69 | // session, the size of this value is zero. |
| 70 | // expiration time limit on authorization set by authorizing object. |
| 71 | // This 32-bit value is set to zero if the expiration |
| 72 | // time is not being set. |
| 73 | // cpHashA hash of the command parameters for the command being |
| 74 | // approved using the hash algorithm of the PSAP session. |
| 75 | // Set to NULLauth if the authorization is not limited |
| 76 | // to a specific command. |
| 77 | // policyRef hash of an opaque value determined by the authorizing |
| 78 | // object. Set to the NULLdigest if no hash is present. |
| 79 | */ |
| 80 | // Start hash |
| 81 | authHash.t.size = CryptStartHash(CryptGetSignHashAlg(&in->auth), |
| 82 | &hashState); |
| 83 | |
| 84 | // add nonceTPM |
| 85 | CryptUpdateDigest2B(&hashState, &in->nonceTPM.b); |
| 86 | |
| 87 | // add expiration |
| 88 | CryptUpdateDigestInt(&hashState, sizeof(UINT32), (BYTE*) &in->expiration); |
| 89 | |
| 90 | // add cpHashA |
| 91 | CryptUpdateDigest2B(&hashState, &in->cpHashA.b); |
| 92 | |
| 93 | // add policyRef |
| 94 | CryptUpdateDigest2B(&hashState, &in->policyRef.b); |
| 95 | |
| 96 | // Complete digest |
| 97 | CryptCompleteHash2B(&hashState, &authHash.b); |
| 98 | |
| 99 | // Validate Signature. A TPM_RC_SCHEME, TPM_RC_HANDLE or TPM_RC_SIGNATURE |
| 100 | // error may be returned at this point |
| 101 | result = CryptVerifySignature(in->authObject, &authHash, &in->auth); |
| 102 | if(result != TPM_RC_SUCCESS) |
| 103 | return RcSafeAddToResult(result, RC_PolicySigned_auth); |
| 104 | } |
| 105 | // Internal Data Update |
| 106 | // Need the Name of the signing entity |
Vadim Bendebury | deb59d2 | 2015-06-01 16:37:29 -0700 | [diff] [blame] | 107 | entityName.t.size = EntityGetName(in->authObject, &entityName.t.buffer); |
Vadim Bendebury | 5679752 | 2015-05-20 10:32:25 -0700 | [diff] [blame] | 108 | |
| 109 | // Update policy with input policyRef and name of auth key |
| 110 | // These values are updated even if the session is a trial session |
| 111 | PolicyContextUpdate(TPM_CC_PolicySigned, &entityName, &in->policyRef, |
| 112 | &in->cpHashA, authTimeout, session); |
| 113 | |
| 114 | // Command Output |
| 115 | |
| 116 | // Create ticket and timeout buffer if in->expiration < 0 and this is not |
| 117 | // a trial session. |
| 118 | // NOTE: PolicyParameterChecks() makes sure that nonceTPM is present |
| 119 | // when expiration is non-zero. |
| 120 | if( in->expiration < 0 |
| 121 | && session->attributes.isTrialPolicy == CLEAR |
| 122 | ) |
| 123 | { |
| 124 | // Generate timeout buffer. The format of output timeout buffer is |
| 125 | // TPM-specific. |
| 126 | // Note: can't do a direct copy because the output buffer is a byte |
| 127 | // array and it may not be aligned to accept a 64-bit value. The method |
| 128 | // used has the side-effect of making the returned value a big-endian, |
| 129 | // 64-bit value that is byte aligned. |
| 130 | out->timeout.t.size = sizeof(UINT64); |
Vadim Bendebury | deb59d2 | 2015-06-01 16:37:29 -0700 | [diff] [blame] | 131 | (void)UINT64_TO_BYTE_ARRAY(authTimeout, out->timeout.t.buffer); |
Vadim Bendebury | 5679752 | 2015-05-20 10:32:25 -0700 | [diff] [blame] | 132 | |
| 133 | // Compute policy ticket |
| 134 | TicketComputeAuth(TPM_ST_AUTH_SIGNED, EntityGetHierarchy(in->authObject), |
| 135 | authTimeout, &in->cpHashA, &in->policyRef, &entityName, |
| 136 | &out->policyTicket); |
| 137 | } |
| 138 | else |
| 139 | { |
| 140 | // Generate a null ticket. |
| 141 | // timeout buffer is null |
| 142 | out->timeout.t.size = 0; |
| 143 | |
| 144 | // auth ticket is null |
| 145 | out->policyTicket.tag = TPM_ST_AUTH_SIGNED; |
| 146 | out->policyTicket.hierarchy = TPM_RH_NULL; |
| 147 | out->policyTicket.digest.t.size = 0; |
| 148 | } |
| 149 | |
| 150 | return TPM_RC_SUCCESS; |
| 151 | } |